Menu
In the AWS Console, one has the ability to create an API Gateway Authorizer with a true/false value for "Automatically grant API Gateway 
However, I don't see this flag exposed via the AWS provider in Terraform for the aws_apigatewayv2_authorizer resource.
Is there a way to set this via Terraform?
500
I had the same issue with the hashicorp/[email protected] provider. To solve it, I had to create a IAM role and assign the role in the authorizer as authorizer_credentials_arn
data "aws_iam_policy_document" "apig_lambda_policy" {
statement {
actions = [
"lambda:InvokeFunction",
]
effect = "Allow"
resources = [aws_lambda_function.authorizer_lambda.arn]
sid = "ApiGatewayInvokeLambda"
}
}
data "aws_iam_policy_document" "apig_lambda_role_assume" {
statement {
actions = [
"sts:AssumeRole",
]
effect = "Allow"
principals {
type = "Service"
identifiers = ["apigateway.amazonaws.com"]
}
}
}
resource "aws_iam_role" "apig_lambda_role" {
name = "apigateway-authorize-lambda-role"
assume_role_policy = data.aws_iam_policy_document.apig_lambda_role_assume.json
}
resource "aws_iam_policy" "apig_lambda" {
name = "apig-lambda-policy"
policy = data.aws_iam_policy_document.apig_lambda_policy.json
}
resource "aws_iam_role_policy_attachment" "apig_lambda_role_to_policy" {
role = aws_iam_role.apig_lambda_role.name
policy_arn = aws_iam_policy.apig_lambda.arn
}
resource "aws_apigatewayv2_authorizer" "auth" {
api_id = aws_apigatewayv2_api.api.id
authorizer_type = "REQUEST"
authorizer_uri = aws_lambda_function.authorizer_lambda.invoke_arn
authorizer_credentials_arn = aws_iam_role.apig_lambda_role.arn
authorizer_payload_format_version = "2.0"
authorizer_result_ttl_in_seconds = 1
enable_simple_responses = true
identity_sources = ["$request.header.Authorization"]
name = "lambda-authorizer"
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
