naftulikay/base_path.tf Secret

## base_path.tf
# api.naftuli.wtf - Hosting Resources - API Gateway - Base Path Mappings

resource "aws_api_gateway_base_path_mapping" "prod_v1" {
  domain_name = "${aws_api_gateway_domain_name.default.domain_name}"
  api_id      = "${aws_api_gateway_rest_api.default.id}"
  stage_name  = "${var.stage_prod_v1_name}"
  base_path   = "v1"

  depends_on = ["aws_api_gateway_stage.prod_v1"]
}

resource "aws_api_gateway_base_path_mapping" "stable" {
  domain_name = "${aws_api_gateway_domain_name.default.domain_name}"
  api_id      = "${aws_api_gateway_rest_api.default.id}"
  stage_name  = "${var.stage_develop_name}"
  base_path   = "latest"

  depends_on = ["aws_api_gateway_stage.stable"]
}

resource "aws_api_gateway_base_path_mapping" "unstable" {
  domain_name = "${aws_api_gateway_domain_name.default.domain_name}"
  api_id      = "${aws_api_gateway_rest_api.default.id}"
  stage_name  = "${var.stage_unstable_name}"
  base_path   = "glhf"

  depends_on = ["aws_api_gateway_stage.unstable"]
}

## cloudwatch-assume-policy.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowRoleAssumptionFromAPIGateway",
      "Effect": "Allow",
      "Principal": {
        "Service": "apigateway.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

## cloudwatch-policy.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowCloudWatchLogging",
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams",
        "logs:PutLogEvents",
        "logs:GetLogEvents",
        "logs:FilterLogEvents"
      ],
      "Resource": "*"
    }
  ]
}

## deployments.tf
# api.naftuli.wtf - Hosting Resources - API Gateway - Deployments

resource "aws_api_gateway_deployment" "prod_v1" {
  rest_api_id = "${aws_api_gateway_rest_api.default.id}"
  stage_name  = "${var.stage_prod_v1_name}"

  depends_on = ["aws_api_gateway_method.status"]
}

resource "aws_api_gateway_deployment" "stable" {
  rest_api_id = "${aws_api_gateway_rest_api.default.id}"
  stage_name  = "${var.stage_develop_name}"

  depends_on = ["aws_api_gateway_method.status"]
}

resource "aws_api_gateway_deployment" "unstable" {
  rest_api_id = "${aws_api_gateway_rest_api.default.id}"
  stage_name  = "${var.stage_unstable_name}"

  depends_on = ["aws_api_gateway_method.status"]
}

## dns.tf
# api.naftuli.wtf - Hosting Resources - DNS

resource "aws_route53_record" "default" {
  name    = "api"
  type    = "A"
  zone_id = "${var.hosted_zone_id}"

  alias {
    name                   = "${aws_api_gateway_domain_name.default.cloudfront_domain_name}"
    zone_id                = "${aws_api_gateway_domain_name.default.cloudfront_zone_id}"
    evaluate_target_health = true
  }
}

## iam.tf
# api.naftuli.wtf - Hosting Resources - IAM

resource "aws_iam_role" "cloudwatch" {
  name = "api_gateway_cloudwatch_role"
  assume_role_policy = "${file("${path.module}/policies/cloudwatch-assume-policy.json.tpl")}"
}

resource "aws_iam_policy" "cloudwatch" {
  name        = "api_gateway_cloudwatch_policy"
  path        = "/"
  description = "Allow writing logs to CloudWatch."
  policy = "${file("${path.module}/policies/cloudwatch.json.tpl")}"
}

resource "aws_iam_role_policy_attachment" "cloudwatch" {
    role       = "${aws_iam_role.cloudwatch.name}"
    policy_arn = "${aws_iam_policy.cloudwatch.arn}"
}

## main.tf
# api.naftuli.wtf - Hosting Resources - API Gateway

resource "aws_api_gateway_account" "defaults" {
  cloudwatch_role_arn = "${aws_iam_role.cloudwatch.arn}"
}

resource "aws_api_gateway_domain_name" "default" {
  domain_name     = "api.naftuli.wtf"
  certificate_arn = "${var.certificate_arn}"
}

resource "aws_api_gateway_rest_api" "default" {
  name        = "api.naftuli.wtf"
  description = "Lambda-hosted, serverless API for generic purposes."
}

## resources.tf
# api.naftuli.wtf - Hosting Resources - API Gateway - Resources

# default resource/method/integration for simply reporting request status
resource "aws_api_gateway_resource" "status" {
  rest_api_id = "${aws_api_gateway_rest_api.default.id}"
  parent_id   = "${aws_api_gateway_rest_api.default.root_resource_id}"
  path_part   = "status.json"
}

resource "aws_api_gateway_method" "status" {
  rest_api_id   = "${aws_api_gateway_rest_api.default.id}"
  resource_id   = "${aws_api_gateway_resource.status.id}"
  http_method   = "GET"
  authorization = "NONE"
}

resource "aws_api_gateway_method_response" "200" {
  rest_api_id = "${aws_api_gateway_rest_api.default.id}"
  resource_id = "${aws_api_gateway_resource.status.id}"
  http_method = "${aws_api_gateway_method.status.http_method}"
  status_code = "200"
}

resource "aws_api_gateway_integration" "status" {
  rest_api_id          = "${aws_api_gateway_rest_api.default.id}"
  resource_id          = "${aws_api_gateway_resource.status.id}"
  http_method          = "${aws_api_gateway_method.status.http_method}"
  type                 = "MOCK"
  passthrough_behavior = "WHEN_NO_MATCH"

  request_templates {
    "application/json" = "${file("${path.module}/files/status.json")}"
  }
}

resource "aws_api_gateway_integration_response" "status" {
  rest_api_id = "${aws_api_gateway_rest_api.default.id}"
  resource_id = "${aws_api_gateway_resource.status.id}"
  http_method = "${aws_api_gateway_method.status.http_method}"
  status_code = "${aws_api_gateway_method_response.200.status_code}"

  response_templates {
    "application/json" = "${file("${path.module}/files/status.json")}"
  }
}

## stages.tf
# api.naftuli.wtf - Hosting Resources - API Gateway - Stages

resource "aws_api_gateway_stage" "prod_v1" {
  stage_name    = "${var.stage_prod_v1_name}"
  rest_api_id   = "${aws_api_gateway_rest_api.default.id}"
  deployment_id = "${aws_api_gateway_deployment.prod_v1.id}"
}

resource "aws_api_gateway_stage" "stable" {
  stage_name    = "${var.stage_develop_name}"
  rest_api_id   = "${aws_api_gateway_rest_api.default.id}"
  deployment_id = "${aws_api_gateway_deployment.stable.id}"
}

resource "aws_api_gateway_stage" "unstable" {
  stage_name    = "${var.stage_unstable_name}"
  rest_api_id   = "${aws_api_gateway_rest_api.default.id}"
  deployment_id = "${aws_api_gateway_deployment.unstable.id}"
}
	# api.naftuli.wtf - Hosting Resources - API Gateway - Base Path Mappings

	resource "aws_api_gateway_base_path_mapping" "prod_v1" {
	domain_name = "${aws_api_gateway_domain_name.default.domain_name}"
	api_id = "${aws_api_gateway_rest_api.default.id}"
	stage_name = "${var.stage_prod_v1_name}"
	base_path = "v1"

	depends_on = ["aws_api_gateway_stage.prod_v1"]
	}

	resource "aws_api_gateway_base_path_mapping" "stable" {
	domain_name = "${aws_api_gateway_domain_name.default.domain_name}"
	api_id = "${aws_api_gateway_rest_api.default.id}"
	stage_name = "${var.stage_develop_name}"
	base_path = "latest"

	depends_on = ["aws_api_gateway_stage.stable"]
	}

	resource "aws_api_gateway_base_path_mapping" "unstable" {
	domain_name = "${aws_api_gateway_domain_name.default.domain_name}"
	api_id = "${aws_api_gateway_rest_api.default.id}"
	stage_name = "${var.stage_unstable_name}"
	base_path = "glhf"

	depends_on = ["aws_api_gateway_stage.unstable"]
	}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "AllowRoleAssumptionFromAPIGateway",
	"Effect": "Allow",
	"Principal": {
	"Service": "apigateway.amazonaws.com"
	},
	"Action": "sts:AssumeRole"
	}
	]
	}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "AllowCloudWatchLogging",
	"Effect": "Allow",
	"Action": [
	"logs:CreateLogGroup",
	"logs:CreateLogStream",
	"logs:DescribeLogGroups",
	"logs:DescribeLogStreams",
	"logs:PutLogEvents",
	"logs:GetLogEvents",
	"logs:FilterLogEvents"
	],
	"Resource": "*"
	}
	]
	}
	# api.naftuli.wtf - Hosting Resources - API Gateway - Deployments

	resource "aws_api_gateway_deployment" "prod_v1" {
	rest_api_id = "${aws_api_gateway_rest_api.default.id}"
	stage_name = "${var.stage_prod_v1_name}"

	depends_on = ["aws_api_gateway_method.status"]
	}

	resource "aws_api_gateway_deployment" "stable" {
	rest_api_id = "${aws_api_gateway_rest_api.default.id}"
	stage_name = "${var.stage_develop_name}"

	depends_on = ["aws_api_gateway_method.status"]
	}

	resource "aws_api_gateway_deployment" "unstable" {
	rest_api_id = "${aws_api_gateway_rest_api.default.id}"
	stage_name = "${var.stage_unstable_name}"

	depends_on = ["aws_api_gateway_method.status"]
	}
	# api.naftuli.wtf - Hosting Resources - DNS

	resource "aws_route53_record" "default" {
	name = "api"
	type = "A"
	zone_id = "${var.hosted_zone_id}"

	alias {
	name = "${aws_api_gateway_domain_name.default.cloudfront_domain_name}"
	zone_id = "${aws_api_gateway_domain_name.default.cloudfront_zone_id}"
	evaluate_target_health = true
	}
	}
	# api.naftuli.wtf - Hosting Resources - IAM

	resource "aws_iam_role" "cloudwatch" {
	name = "api_gateway_cloudwatch_role"
	assume_role_policy = "${file("${path.module}/policies/cloudwatch-assume-policy.json.tpl")}"
	}

	resource "aws_iam_policy" "cloudwatch" {
	name = "api_gateway_cloudwatch_policy"
	path = "/"
	description = "Allow writing logs to CloudWatch."
	policy = "${file("${path.module}/policies/cloudwatch.json.tpl")}"
	}

	resource "aws_iam_role_policy_attachment" "cloudwatch" {
	role = "${aws_iam_role.cloudwatch.name}"
	policy_arn = "${aws_iam_policy.cloudwatch.arn}"
	}
	# api.naftuli.wtf - Hosting Resources - API Gateway

	resource "aws_api_gateway_account" "defaults" {
	cloudwatch_role_arn = "${aws_iam_role.cloudwatch.arn}"
	}

	resource "aws_api_gateway_domain_name" "default" {
	domain_name = "api.naftuli.wtf"
	certificate_arn = "${var.certificate_arn}"
	}

	resource "aws_api_gateway_rest_api" "default" {
	name = "api.naftuli.wtf"
	description = "Lambda-hosted, serverless API for generic purposes."
	}
	# api.naftuli.wtf - Hosting Resources - API Gateway - Resources

	# default resource/method/integration for simply reporting request status
	resource "aws_api_gateway_resource" "status" {
	rest_api_id = "${aws_api_gateway_rest_api.default.id}"
	parent_id = "${aws_api_gateway_rest_api.default.root_resource_id}"
	path_part = "status.json"
	}

	resource "aws_api_gateway_method" "status" {
	rest_api_id = "${aws_api_gateway_rest_api.default.id}"
	resource_id = "${aws_api_gateway_resource.status.id}"
	http_method = "GET"
	authorization = "NONE"
	}

	resource "aws_api_gateway_method_response" "200" {
	rest_api_id = "${aws_api_gateway_rest_api.default.id}"
	resource_id = "${aws_api_gateway_resource.status.id}"
	http_method = "${aws_api_gateway_method.status.http_method}"
	status_code = "200"
	}

	resource "aws_api_gateway_integration" "status" {
	rest_api_id = "${aws_api_gateway_rest_api.default.id}"
	resource_id = "${aws_api_gateway_resource.status.id}"
	http_method = "${aws_api_gateway_method.status.http_method}"
	type = "MOCK"
	passthrough_behavior = "WHEN_NO_MATCH"

	request_templates {
	"application/json" = "${file("${path.module}/files/status.json")}"
	}
	}

	resource "aws_api_gateway_integration_response" "status" {
	rest_api_id = "${aws_api_gateway_rest_api.default.id}"
	resource_id = "${aws_api_gateway_resource.status.id}"
	http_method = "${aws_api_gateway_method.status.http_method}"
	status_code = "${aws_api_gateway_method_response.200.status_code}"

	response_templates {
	"application/json" = "${file("${path.module}/files/status.json")}"
	}
	}
	# api.naftuli.wtf - Hosting Resources - API Gateway - Stages

	resource "aws_api_gateway_stage" "prod_v1" {
	stage_name = "${var.stage_prod_v1_name}"
	rest_api_id = "${aws_api_gateway_rest_api.default.id}"
	deployment_id = "${aws_api_gateway_deployment.prod_v1.id}"
	}

	resource "aws_api_gateway_stage" "stable" {
	stage_name = "${var.stage_develop_name}"
	rest_api_id = "${aws_api_gateway_rest_api.default.id}"
	deployment_id = "${aws_api_gateway_deployment.stable.id}"
	}

	resource "aws_api_gateway_stage" "unstable" {
	stage_name = "${var.stage_unstable_name}"
	rest_api_id = "${aws_api_gateway_rest_api.default.id}"
	deployment_id = "${aws_api_gateway_deployment.unstable.id}"
	}