使用 Terraform 将现有 known-good API 网关端点连接到 Route53 子域需要什么?
What are all the things that I need to connect an existing known-good API gateway endpoint to a Route53 subdomain with Terraform?
这是我目前的代码,希望我得到了所有相关的东西。 API 网关已部署并正常工作,已经有一段时间了。我们的应用程序当前指向 xxxyyyzz12.execute-api.us-west-2.amazonaws.com
端点并且工作正常。但我需要将其路由到子域 ui-backend.app-name-here-dev.company.services
.
data "aws_acm_certificate" "app_name_dev_wildcard_cert" {
domain = "*.app-name-here-dev.company.services"
statuses = ["ISSUED"]
}
// pull in the existing zone (defined by devops) via a data block
data "aws_route53_zone" "myapp_zone" {
name = local.domain
}
resource "aws_route53_record" "ui_backend" {
name = aws_apigatewayv2_domain_name.ui_backend_api_gateway.domain_name
type = "A"
zone_id = data.aws_route53_zone.myapp_zone.zone_id
alias {
name = aws_apigatewayv2_domain_name.ui_backend_api_gateway.domain_name_configuration[0].target_domain_name
zone_id = aws_apigatewayv2_domain_name.ui_backend_api_gateway.domain_name_configuration[0].hosted_zone_id
evaluate_target_health = false
}
}
resource "aws_apigatewayv2_domain_name" "ui_backend_api_gateway" {
domain_name = "${local.subdomain}.${local.domain}"
domain_name_configuration {
certificate_arn = data.aws_acm_certificate.app_name_dev_wildcard_cert.arn
endpoint_type = "REGIONAL"
security_policy = "TLS_1_2"
}
}
locals {
// trimmed
domain = "app-name-here${var.envToZoneName[var.environment]}.company.services"
subdomain = var.deploymentNameModifier == "" ? "ui-backend" : "ui-backend-${var.deploymentNameModifier}"
}
但是当我尝试使用 curl(适用于 xxxyyyzz12.execute-api.us-west-2.amazonaws.com
的那个)时,我收到了 403。我添加了 x-apigw-api-id: 153utdsv9h
header 但它没有帮助。我一定是缺少资源。
好吧,16 个小时过去了,没有 answers/comments。这是缺少的东西:
resource "aws_apigatewayv2_api_mapping" "ui_backend_to_subdomain" {
api_id = aws_apigatewayv2_api.ui_backend_gateway.id
domain_name = aws_apigatewayv2_domain_name.ui_backend_api_gateway.domain_name
stage = aws_apigatewayv2_stage.ui_backend.id
}
这是我目前的代码,希望我得到了所有相关的东西。 API 网关已部署并正常工作,已经有一段时间了。我们的应用程序当前指向 xxxyyyzz12.execute-api.us-west-2.amazonaws.com
端点并且工作正常。但我需要将其路由到子域 ui-backend.app-name-here-dev.company.services
.
data "aws_acm_certificate" "app_name_dev_wildcard_cert" {
domain = "*.app-name-here-dev.company.services"
statuses = ["ISSUED"]
}
// pull in the existing zone (defined by devops) via a data block
data "aws_route53_zone" "myapp_zone" {
name = local.domain
}
resource "aws_route53_record" "ui_backend" {
name = aws_apigatewayv2_domain_name.ui_backend_api_gateway.domain_name
type = "A"
zone_id = data.aws_route53_zone.myapp_zone.zone_id
alias {
name = aws_apigatewayv2_domain_name.ui_backend_api_gateway.domain_name_configuration[0].target_domain_name
zone_id = aws_apigatewayv2_domain_name.ui_backend_api_gateway.domain_name_configuration[0].hosted_zone_id
evaluate_target_health = false
}
}
resource "aws_apigatewayv2_domain_name" "ui_backend_api_gateway" {
domain_name = "${local.subdomain}.${local.domain}"
domain_name_configuration {
certificate_arn = data.aws_acm_certificate.app_name_dev_wildcard_cert.arn
endpoint_type = "REGIONAL"
security_policy = "TLS_1_2"
}
}
locals {
// trimmed
domain = "app-name-here${var.envToZoneName[var.environment]}.company.services"
subdomain = var.deploymentNameModifier == "" ? "ui-backend" : "ui-backend-${var.deploymentNameModifier}"
}
但是当我尝试使用 curl(适用于 xxxyyyzz12.execute-api.us-west-2.amazonaws.com
的那个)时,我收到了 403。我添加了 x-apigw-api-id: 153utdsv9h
header 但它没有帮助。我一定是缺少资源。
好吧,16 个小时过去了,没有 answers/comments。这是缺少的东西:
resource "aws_apigatewayv2_api_mapping" "ui_backend_to_subdomain" {
api_id = aws_apigatewayv2_api.ui_backend_gateway.id
domain_name = aws_apigatewayv2_domain_name.ui_backend_api_gateway.domain_name
stage = aws_apigatewayv2_stage.ui_backend.id
}