Terraform Api Gateway Lambda Integration trigger problem

1
votes

If I manually add an Integration Request of type Lambda function, an Api Gateway trigger is automatically added to the lambda function.

If I do it via Terraform, everything looks correct but when I go look at the Lambda function it has no trigger.

If I then manually update the Integration Request (change to Mock and back to Lambda Function) the trigger is added to the Lambda function? Everything works after that.

What am I missing?

resource "aws_api_gateway_integration" "integration" {
  count = var.lambda_definition.apigateway ? 1 : 0
  rest_api_id = "${data.terraform_remote_state.apigateway.outputs.apigateway_id}"
  resource_id = aws_api_gateway_resource.api_proxy_resource[count.index].id
  http_method = "${aws_api_gateway_method.method[count.index].http_method}"
  integration_http_method = "ANY"
  type                    = "AWS_PROXY"
  uri                     = aws_lambda_function.lambda.invoke_arn
}
2
amazon-web-servicesaws-lambdaterraformaws-api-gateway

2 Answers

4
votes

Since you've not mentioned whether you specified proper permissions for your function, my guess is that you are missing aws_lambda_permission. This will explicitly give permissions for the api to invoke your function.

The resource would be (example only):

resource "aws_lambda_permission" "allow_api" {
  statement_id  = "AllowAPIgatewayInvokation"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.lambda.invoke_arn
  principal     = "apigateway.amazonaws.com"
}

When you do it manually in console, the AWS setups all these permissions in the background.

3
votes

Make sure that integration_http_method is set to POST and not to ANY as in your sample:

  integration_http_method = "POST"

See AWS Docs - midway - red box that says '! Important':

For Lambda integrations, you must use the HTTP method of POST for the integration request, according to the specification of the Lambda service action for function invocations. The IAM role of apigAwsProxyRole must have policies allowing the apigateway service to invoke Lambda functions. For more information about IAM permissions, see API Gateway permissions model for invoking an API.