Search code examples
amazon-web-servicesaws-lambdaterraformaws-api-gateway

Terraform API Gateway Not Showing Up As Trigger For Lambda

I followed the instructions here for setting up a gateway and a lambda but it does not work. The symptoms appear to be the same as described here but the fixes suggested there did not work.

My infrastructure definition is as follows:

resource "aws_apigatewayv2_api" "lambda_api" {
    name          = "${upper(var.project)}-${upper(var.environment)}-${var.gateway_name}"
    protocol_type = "HTTP"
}

resource "aws_apigatewayv2_stage" "lambda_default" {
    name        = "$default"
    api_id      = aws_apigatewayv2_api.lambda_api.id
    auto_deploy = true
}

resource "aws_apigatewayv2_integration" "gateway_to_lambda" {
    api_id                 = aws_apigatewayv2_api.lambda_api.id
    integration_type       = "AWS_PROXY"
    connection_type        = "INTERNET"
    integration_method     = "POST"
    integration_uri        = aws_lambda_function.executable.arn
    payload_format_version = "2.0"
}

resource "aws_apigatewayv2_route" "route" {
    api_id    = aws_apigatewayv2_api.lambda_api.id
    route_key = "GET /profile"
    target    = "integrations/${aws_apigatewayv2_integration.gateway_to_lambda.id}"
}

resource "aws_lambda_permission" "execution_lambda_from_gateway" {
    statement_id  = "AllowExecutionFromAPIGateway"
    action        = "lambda:InvokeFunction"
    function_name = aws_lambda_function.executable.function_name
    principal     = "apigateway.amazonaws.com"

    source_arn = "${aws_apigatewayv2_api.lambda_api.arn}/*/*"
}

On the gateway side it looks like things are created correctly: I have an integration that connects my path 'profile' to the lambda: enter image description here

However, when I look on the lambda the trigger is missing: enter image description here

When I try to hit the endpoint I get an "internal server error" message.

When I manually add the trigger in my lambda then it works but not under the 'profile' route key that I specified.

What am I missing here to correctly route my /profile in the API Gateway to my lambda?

Solution

  • Based on the comments. The solution was to modify the permissions (remove source_arn):

    resource "aws_lambda_permission" "execution_lambda_from_gateway" {
    statement_id  = "AllowExecutionFromAPIGateway"
    action        = "lambda:InvokeFunction"
    function_name = aws_lambda_function.executable.function_name
    principal     = "apigateway.amazonaws.com"
}