Search code examples
amazon-web-servicesterraformaws-api-gatewayamazon-route53

What are all the things that I need to connect an existing known-good API gateway endpoint to a Route53 subdomain with Terraform?


Here's the code I have so far, hopefully I got everything relevant. The API gateway is deployed and working and has been for a while now. Our app is currently pointing at the xxxyyyzz12.execute-api.us-west-2.amazonaws.com endpoint and working fine. But I need to route it to the subdomain ui-backend.app-name-here-dev.company.services.

data "aws_acm_certificate" "app_name_dev_wildcard_cert" {
  domain   = "*.app-name-here-dev.company.services"
  statuses = ["ISSUED"]
}

// pull in the existing zone (defined by devops) via a data block
data "aws_route53_zone" "myapp_zone" {
  name = local.domain
}

resource "aws_route53_record" "ui_backend" {
  name    = aws_apigatewayv2_domain_name.ui_backend_api_gateway.domain_name
  type    = "A"
  zone_id = data.aws_route53_zone.myapp_zone.zone_id

  alias {
    name                   = aws_apigatewayv2_domain_name.ui_backend_api_gateway.domain_name_configuration[0].target_domain_name
    zone_id                = aws_apigatewayv2_domain_name.ui_backend_api_gateway.domain_name_configuration[0].hosted_zone_id
    evaluate_target_health = false
  }
}

resource "aws_apigatewayv2_domain_name" "ui_backend_api_gateway" {
  domain_name = "${local.subdomain}.${local.domain}"
  domain_name_configuration {
    certificate_arn = data.aws_acm_certificate.app_name_dev_wildcard_cert.arn
    endpoint_type   = "REGIONAL"
    security_policy = "TLS_1_2"
  }
}

locals {
  // trimmed
  domain    = "app-name-here${var.envToZoneName[var.environment]}.company.services"
  subdomain = var.deploymentNameModifier == "" ? "ui-backend" : "ui-backend-${var.deploymentNameModifier}"
}

But when I try to use the curl (the one that works for xxxyyyzz12.execute-api.us-west-2.amazonaws.com) I'm getting a 403. I added a x-apigw-api-id: 153utdsv9h header but it didn't help. I must be missing a resource.


Solution

  • Well, 16 hrs have gone by with no answers/comments. Here's the thing that was missing:

    resource "aws_apigatewayv2_api_mapping" "ui_backend_to_subdomain" {
      api_id      = aws_apigatewayv2_api.ui_backend_gateway.id
      domain_name = aws_apigatewayv2_domain_name.ui_backend_api_gateway.domain_name
      stage       = aws_apigatewayv2_stage.ui_backend.id
    }