AWS AppSync Terraform module
Terraform module which creates AWS AppSync resources and connects them together.
This Terraform module is part of serverless.tf framework, which aims to simplify all operations when working with the serverless in Terraform.
Usage
Complete AppSync with datasources and resolvers
module "appsync" {
source = "terraform-aws-modules/appsync/aws"
name = "dev-appsync"
schema = file("schema.graphql")
visibility = "GLOBAL"
api_keys = {
default = null # such key will expire in 7 days
}
additional_authentication_provider = {
iam = {
authentication_type = "AWS_IAM"
}
openid_connect_1 = {
authentication_type = "OPENID_CONNECT"
openid_connect_config = {
issuer = "https://www.issuer1.com/"
client_id = "client_id1"
}
}
}
datasources = {
registry_terraform_io = {
type = "HTTP"
endpoint = "https://registry.terraform.io"
}
lambda_create_zip = {
type = "AWS_LAMBDA"
function_arn = "arn:aws:lambda:eu-west-1:135367859850:function:index_1"
}
dynamodb1 = {
type = "AMAZON_DYNAMODB"
table_name = "my-table"
region = "eu-west-1"
}
elasticsearch1 = {
type = "AMAZON_ELASTICSEARCH"
endpoint = "https://search-my-domain.eu-west-1.es.amazonaws.com"
region = "eu-west-1"
}
opensearchservice1 = {
type = "AMAZON_OPENSEARCH_SERVICE"
endpoint = "https://opensearch-my-domain.eu-west-1.es.amazonaws.com"
region = "eu-west-1"
}
eventbridge1 = {
type = "AMAZON_EVENTBRIDGE"
event_bus_arn = "arn:aws:events:us-west-1:135367859850:event-bus/eventbridge1"
}
rds1 = {
type = "RELATIONAL_DATABASE"
cluster_arn = "arn:aws:rds:us-west-1:135367859850:cluster:rds1"
secret_arn = "arn:aws:secretsmanager:us-west-1:135367859850:secret:rds-secret1"
database_name = "mydb"
schema = "myschema"
}
}
resolvers = {
"Query.getZip" = {
data_source = "lambda_create_zip"
direct_lambda = true
}
"Query.getModuleFromRegistry" = {
data_source = "registry_terraform_io"
request_template = file("vtl-templates/request.Query.getModuleFromRegistry.vtl")
response_template = file("vtl-templates/response.Query.getModuleFromRegistry.vtl")
}
}
}
Conditional creation
Sometimes you need to have a way to create resources conditionally but Terraform 0.12 does not allow usage of count inside module block, so the solution is to specify create_graphql_api argument.
module "appsync" {
source = "terraform-aws-modules/appsync/aws"
create_graphql_api = false # to disable all resources
# ... omitted
}
Relationship between Data-Source and Resolver resources
datasources define keys which can be referenced in resolvers. For initial configuration and parameters updates Terraform is able to understand the order of resources correctly.
In order to change name of keys in both places (eg from lambda-old to lambda-new), you will need to change key in both variables, and then run Terraform with partial configuration (using -target) to handle the migration in the aws_appsync_resolver resource (eg, Post.id):
# Create new resources and update resolver
$ terraform apply -target="module.appsync.aws_appsync_resolver.this[\"Post.id\"]" -target="module.appsync.aws_appsync_datasource.this[\"lambda-new\"]" -target="module.appsync.aws_iam_role.service_role[\"lambda-new\"]" -target="module.appsync.aws_iam_role_policy.this[\"lambda-new\"]"
# Delete orphan resources ("lambda-old")
$ terraform apply
Examples
- Complete - Create AppSync with datasources, resolvers, and authorization providers in various combinations.
Authors
Module managed by Anton Babenko. Check out serverless.tf to learn more about doing serverless with Terraform.
Please reach out to Betajob if you are looking for commercial support for your Terraform, AWS, or serverless project.
License
Apache 2 Licensed. See LICENSE for full details.