Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose execution ARN from aws_api_gateway_rest_api resource #3967

Closed
mewa opened this issue Mar 28, 2018 · 4 comments
Closed

Expose execution ARN from aws_api_gateway_rest_api resource #3967

mewa opened this issue Mar 28, 2018 · 4 comments
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/apigateway Issues and PRs that pertain to the apigateway service.
Milestone
v1.19.0

Comments

@mewa
Copy link
Contributor

mewa commented Mar 28, 2018

Hi,

Currently, in order to create for example a Lambda permission for API Gateway one has to create an aws_api_gateway_deployment resource and obtain the execution_arn attribute.

resource "aws_lambda_permission" "lambda_permission" {
  statement_id  = "AllowAPIGatewayInvoke"
  action        = "lambda:InvokeFunction"
  function_name = "example_lambda"
  principal     = "apigateway.amazonaws.com"

  source_arn = "${aws_api_gateway_deployment.example_deployment.execution_arn}/*/*"
}

However, this approach couples the deployment (stage) with specific permission.

Alternatively one could use a block like this

  source_arn = "${replace(aws_api_gateway_deployment.example_deployment.execution_arn, format("/%s$/", aws_api_gateway_deployment.example_deployment.stage_name), "*")}/*/*"

to calculate the ARN not restricted to specific stage, or even create the ARN by hand according to the specification.

But either way we end up with messy expressions and/or permission coupled to the deployment.

I feel that the aws_api_gateway_rest_api resource should expose execution_arn in a fashion similar to aws_api_gateway_deployment.
@mewa mewa mentioned this issue Mar 28, 2018
Merged
@bflad bflad added enhancement Requests to existing resources that expand the functionality or scope. service/apigateway Issues and PRs that pertain to the apigateway service. labels Mar 29, 2018
@tdmalone
Copy link
Contributor

tdmalone commented Apr 14, 2018
edited
Loading

I'd also love to see the arn exposed - which I think is different to the execution ARN (should I lodge a separate issue?) Currently the id is exposed, but to build the arn you need to do something like:

"arn:aws:apigateway:${data.aws_region.current.name}::/restapis/${aws_api_gateway_rest_api.api.id}"

@bflad bflad added this to the v1.19.0 milestone May 11, 2018
@bflad
Copy link
Contributor

bflad commented May 11, 2018

Support for this has been merged in via #3968 and will release with v1.19.0 of the AWS provider, likely middle of next week.

@tdmalone yes please 😄 Should be a very similar PR to this one

@bflad bflad closed this as completed May 11, 2018
@bflad
Copy link
Contributor

bflad commented May 17, 2018

This has been released in version 1.19.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@ghost
Copy link

ghost commented Apr 6, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 6, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/apigateway Issues and PRs that pertain to the apigateway service.
Projects
None yet
Milestone
v1.19.0
Development

No branches or pull requests
3 participants
@bflad @tdmalone @mewa