AWS AppSync Terraform module
Upstream version 4.1.0
0 controls from Registry requirements
Terraform Module Source
registry.compliance.tf/terraform-aws-modules/appsync/aws50 unique
| Name | Type | Default | Description |
|---|---|---|---|
| Optional | |||
additional_authentication_provider | any | {} | One or more additional authentication providers for the GraphqlApi. |
api_keys | map(string) | {} | Map of API keys to create |
authentication_type | string | "API_KEY" | The authentication type to use by GraphQL API |
cache_at_rest_encryption_enabled | bool | false | At-rest encryption flag for cache. |
cache_transit_encryption_enabled | bool | false | Transit encryption flag when connecting to cache. |
cache_ttl | number | 1 | TTL in seconds for cache entries |
cache_type | string | "SMALL" | The cache instance type. |
caching_behavior | string | "FULL_REQUEST_CACHING" | Caching behavior. |
caching_enabled | bool | false | Whether caching with Elasticache is enabled. |
certificate_arn | string | "" | The Amazon Resource Name (ARN) of the certificate. |
create_graphql_api | bool | true | Whether to create GraphQL API |
create_logs_role | bool | true | Whether to create service role for Cloudwatch logs |
datasources | any | {} | Map of datasources to create |
direct_lambda_request_template | string | "{ "version" : "2017-02-28", "operation": "Invoke", "payload": { "arguments": $util.toJson($ctx.arguments), "identity": $util.toJson($ctx.identity), "source": $util.toJson($ctx.source), "request": $util.toJson($ctx.request), "prev": $util.toJson($ctx.prev), "info": { "selectionSetList": $util.toJson($ctx.info.selectionSetList), "selectionSetGraphQL": $util.toJson($ctx.info.selectionSetGraphQL), "parentTypeName": $util.toJson($ctx.info.parentTypeName), "fieldName": $util.toJson($ctx.info.fieldName), "variables": $util.toJson($ctx.info.variables) }, "stash": $util.toJson($ctx.stash) } } " | VTL request template for the direct lambda integrations |
direct_lambda_response_template | string | "$util.toJson($ctx.result) " | VTL response template for the direct lambda integrations |
domain_name | string | "" | The domain name that AppSync gets associated with. |
domain_name_association_enabled | bool | false | Whether to enable domain name association on GraphQL API |
domain_name_description | string | null | A description of the Domain Name. |
dynamodb_allowed_actions | list(string) | [...] | List of allowed IAM actions for datasources type AMAZON_DYNAMODB |
elasticsearch_allowed_actions | list(string) | [...] | List of allowed IAM actions for datasources type AMAZON_ELASTICSEARCH |
enhanced_metrics_config | map(string) | {} | Nested argument containing Lambda Ehanced metrics configuration. |
eventbridge_allowed_actions | list(string) | ["events:PutEvents"] | List of allowed IAM actions for datasources type AMAZON_EVENTBRIDGE |
functions | any | {} | Map of functions to create |
graphql_api_tags | map(string) | {} | Map of tags to add to GraphQL API |
iam_permissions_boundary | string | null | ARN for iam permissions boundary |
introspection_config | string | null | Whether to enable or disable introspection of the GraphQL API. |
lambda_allowed_actions | list(string) | ["lambda:invokeFunction"] | List of allowed IAM actions for datasources type AWS_LAMBDA |
lambda_authorizer_config | map(string) | {} | Nested argument containing Lambda authorizer configuration. |
log_cloudwatch_logs_role_arn | string | null | Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account. |
log_exclude_verbose_content | bool | false | Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. |
log_field_log_level | string | null | Field logging level. Valid values: ALL, ERROR, NONE. |
logging_enabled | bool | false | Whether to enable Cloudwatch logging on GraphQL API |
logs_role_description | string | null | Description for the IAM role to create for Cloudwatch logs |
logs_role_name | string | null | Name of IAM role to create for Cloudwatch logs |
logs_role_tags | map(string) | {} | Map of tags to add to Cloudwatch logs IAM role |
name | string | "" | Name of GraphQL API |
openid_connect_config | map(string) | {} | Nested argument containing OpenID Connect configuration. |
opensearchservice_allowed_actions | list(string) | [...] | List of allowed IAM actions for datasources type AMAZON_OPENSEARCH_SERVICE |
query_depth_limit | number | null | The maximum depth a query can have in a single request. |
region | string | null | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration |
relational_database_allowed_actions | list(string) | [...] | List of allowed IAM actions for datasources type RELATIONAL_DATABASE |
resolver_caching_ttl | number | 60 | Default caching TTL for resolvers when caching is enabled |
resolver_count_limit | number | null | The maximum number of resolvers that can be invoked in a single request. |
resolvers | any | {} | Map of resolvers to create |
schema | string | "" | The schema definition, in GraphQL schema language format. Terraform cannot perform drift detection of this configuration. |
secrets_manager_allowed_actions | list(string) | [...] | List of allowed IAM actions for secrets manager datasources type RELATIONAL_DATABASE |
tags | map(string) | {} | Map of tags to add to all GraphQL resources created by this module |
user_pool_config | map(string) | {} | The Amazon Cognito User Pool configuration. |
visibility | string | null | The API visibility. Valid values: GLOBAL, PRIVATE. |
xray_enabled | bool | false | Whether tracing with X-ray is enabled. |