feat: example of apigateway rest api

2026-03-15 13:02:59 +08:00
parent 4c3754e79f
commit c0c08b1584
8 changed files with 282 additions and 0 deletions
@@ -0,0 +1,90 @@
+# Lambda function and role
+
+module "LambdaRole" {
+  source                  = "../modules/security_identity_compliance/iam-role-v2"
+  role-name               = "AWSLambdaBasicExecutionRole-HashWebApp"
+  description             = "Lambda execution role for HashWebApp"
+  create-instance-profile = false
+  trusted-entity          = "lambda.amazonaws.com"
+  policies = {
+    AWSLambdaBasicExecutionRole = {
+      description = "AWSLambdaBasicExecutionRole for HashWebApp"
+      policy = jsonencode(
+        {
+          "Version" : "2012-10-17",
+          "Statement" : [
+            {
+              "Effect" : "Allow",
+              "Action" : "logs:CreateLogGroup",
+              "Resource" : "arn:aws:logs:${var.aws-region}:${data.aws_caller_identity.this.account_id}:*"
+            },
+            {
+              "Effect" : "Allow",
+              "Action" : [
+                "logs:CreateLogStream",
+                "logs:PutLogEvents"
+              ],
+              "Resource" : [
+                "arn:aws:logs:${var.aws-region}:${data.aws_caller_identity.this.account_id}:log-group:/aws/lambda/HashWebApp:*"
+              ]
+            }
+          ]
+        }
+      )
+    }
+  }
+}
+
+data "archive_file" "HashWebApp" {
+  type        = "zip"
+  source_file = "${path.module}/function.py"
+  output_path = "${path.module}/function.zip"
+}
+
+resource "aws_lambda_function" "HashWebApp" {
+  filename      = data.archive_file.HashWebApp.output_path
+  function_name = "HashWebApp"
+  role          = module.LambdaRole.role-arn
+  handler       = "function.lambda_handler"
+  code_sha256   = data.archive_file.HashWebApp.output_base64sha256
+  architectures = ["arm64"]
+
+  runtime = "python3.14"
+}
+
+resource "aws_lambda_permission" "HashWebApp" {
+  statement_id  = "AllowExecutionFromApiGateway"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.HashWebApp.function_name
+  principal     = "apigateway.amazonaws.com"
+  source_arn    = "${aws_api_gateway_rest_api.HashWebApp.execution_arn}/*/*/*"
+}
+
+# rest api
+resource "aws_api_gateway_rest_api" "HashWebApp" {
+  body = file("${path.module}/restapi-oas30.json")
+
+  name = "HashWebApp"
+
+  endpoint_configuration {
+    types = ["REGIONAL"]
+  }
+}
+
+resource "aws_api_gateway_deployment" "HashWebApp" {
+  rest_api_id = aws_api_gateway_rest_api.HashWebApp.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.HashWebApp.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "test" {
+  deployment_id = aws_api_gateway_deployment.HashWebApp.id
+  rest_api_id   = aws_api_gateway_rest_api.HashWebApp.id
+  stage_name    = "test"
+}