AWS API Gateway v2 (HTTP/Websocket) Terraform module

Upstream version 6.1.0

0 controls from Registry requirements

Terraform Module Source

registry.compliance.tf/terraform-aws-modules/apigateway-v2/aws

Compliance Inputs Outputs Resources Diff (0)README

43 unique

Name	Type	Default	Description
Optional
api_key_selection_expression	string	null	An API key selection expression. Valid values: `$context.authorizer.usageIdentifierKey`, `$request.header.x-api-key`. Defaults to `$request.header.x-api-key`. Applicable for WebSocket APIs
api_mapping_key	string	null	The [API mapping key](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-mapping-template-reference.html)
api_version	string	null	A version identifier for the API. Must be between 1 and 64 characters in length
authorizers	map({...})	{}	Map of API gateway authorizers to create
body	string	null	An OpenAPI specification that defines the set of routes and integrations to create as part of the HTTP APIs. Supported only for HTTP APIs
cors_configuration	object({...})	null	The cross-origin resource sharing (CORS) configuration. Applicable for HTTP APIs
create	bool	true	Controls if resources should be created
create_certificate	bool	true	Whether to create a certificate for the domain. Since certificate validate only works on public domains, this will be ignore if `private_zone` is set to `true`
create_domain_name	bool	true	Whether to create API domain name resource
create_domain_records	bool	true	Whether to create Route53 records for the domain name
create_routes_and_integrations	bool	true	Whether to create routes and integrations resources
create_stage	bool	true	Whether to create default stage
credentials_arn	string	null	Part of quick create. Specifies any credentials required for the integration. Applicable for HTTP APIs
deploy_stage	bool	true	Whether to deploy the stage. `HTTP` APIs are auto-deployed by default
description	string	null	The description of the API. Must be less than or equal to 1024 characters in length
disable_execute_api_endpoint	bool	null	Whether clients can invoke the API by using the default execute-api endpoint. By default, clients can invoke the API with the default `{api_id}.execute-api.{region}.amazonaws.com endpoint`. To require that clients use a custom domain name to invoke the API, disable the default endpoint
domain_name	string	""	The domain name to use for API gateway
domain_name_certificate_arn	string	null	The ARN of an AWS-managed certificate that will be used by the endpoint for the domain name. AWS Certificate Manager is the only supported source
domain_name_ownership_verification_certificate_arn	string	null	ARN of the AWS-issued certificate used to validate custom domain ownership (when certificate_arn is issued via an ACM Private CA or mutual_tls_authentication is configured with an ACM-imported certificate.)
fail_on_warnings	bool	null	Whether warnings should return an error while API Gateway is creating or updating the resource using an OpenAPI specification. Defaults to `false`. Applicable for HTTP APIs
hosted_zone_name	string	null	Optional domain name of the Hosted Zone where the domain should be created
ip_address_type	string	null	The IP address types that can invoke the API. Valid values: ipv4, dualstack. Use ipv4 to allow only IPv4 addresses to invoke your API, or use dualstack to allow both IPv4 and IPv6 addresses to invoke your API. Defaults to ipv4.
mutual_tls_authentication	map(string)	{}	The mutual TLS authentication configuration for the domain name
name	string	""	The name of the API. Must be less than or equal to 128 characters in length
private_zone	bool	false	Indicates the hosted zone being looked up is private. Certificate validation will fail if this is set to true.
protocol_type	string	"HTTP"	The API protocol. Valid values: `HTTP`, `WEBSOCKET`
region	string	null	Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration
route_key	string	null	Part of quick create. Specifies any route key. Applicable for HTTP APIs
route_selection_expression	string	null	The route selection expression for the API. Defaults to `$request.method $request.path`
routes	map({...})	{}	Map of API gateway routes with integrations
stage_access_log_settings	object({...})	{}	Settings for logging access in this stage. Use the aws_api_gateway_account resource to configure [permissions for CloudWatch Logging](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#set-up-access-logging-permissions)
stage_client_certificate_id	string	null	The identifier of a client certificate for the stage. Use the `aws_api_gateway_client_certificate` resource to configure a client certificate. Supported only for WebSocket APIs
stage_default_route_settings	object({...})	{}	The default route settings for the stage
stage_description	string	null	The description for the stage. Must be less than or equal to 1024 characters in length
stage_name	string	"$default"	The name of the stage. Must be between 1 and 128 characters in length
stage_tags	map(string)	{}	A mapping of tags to assign to the stage resource
stage_variables	map(string)	{}	A map that defines the stage variables for the stage
subdomain_record_types	list(string)	["A","AAAA"]	A list of record types to create for the subdomain(s)
subdomains	list(string)	[]	An optional list of subdomains to use for API gateway
tags	map(string)	{}	A mapping of tags to assign to API gateway resources
target	string	null	Part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP_PROXY or AWS_PROXY, respectively. Applicable for HTTP APIs
vpc_link_tags	map(string)	{}	A map of tags to add to the VPC Links created
vpc_links	map({...})	{}	Map of VPC Link definitions to create