将Terraform模块用于多个区域性API网关

时间:2018-09-02 07:19:34

标签: amazon-web-services terraform terraform-provider-aws

我正在使用terraform创建具有4个区域api网关的AWS基础结构,该网关在该区域具有相应的dynamodb。

我想创建一个包含(API + dynamo)且具有可配置区域特定值的模块。 terraform可能吗?否则,我将不得不创建4个单独的API + 4个单独的dynamodb资源。

任何链接或文档也将有所帮助。

当前正在为区域API网关和相应的dynamodb工作。

    variable "access_key" {}
variable "secret_key" {}

provider "aws" {
  access_key = "${var.access_key}"
  secret_key = "${var.secret_key}"
  alias  = "us-east-1"
  region = "us-east-1"
}

provider "aws" {
  access_key = "${var.access_key}"
  secret_key = "${var.secret_key}"
  alias  = "us-west-2"
  region = "us-west-2"
}

resource "aws_dynamodb_table" "us-east-1" {
  provider = "aws.us-east-1"

  hash_key         = "test_tf"
  name             = "test_tf"
  stream_enabled   = true
  stream_view_type = "NEW_AND_OLD_IMAGES"
  read_capacity    = 1
  write_capacity   = 1

  attribute {
    name = "test_tf"
    type = "S"
  }

}

resource "aws_dynamodb_table" "us-west-2" {
  provider = "aws.us-west-2"

  hash_key         = "test_tf"
  name             = "test_tf"
  stream_enabled   = true
  stream_view_type = "NEW_AND_OLD_IMAGES"
  read_capacity    = 1
  write_capacity   = 1

  attribute {
    name = "test_tf"
    type = "S"
  }
}

resource "aws_dynamodb_global_table" "test_tf" {
  depends_on = ["aws_dynamodb_table.us-east-1", "aws_dynamodb_table.us-west-2"]
  provider   = "aws.us-east-1"

  name = "test_tf"

  replica {
    region_name = "us-east-1"
  }

  replica {
    region_name = "us-west-2"
  }
}

resource "aws_api_gateway_rest_api" "test-us-east-1" {
  name        = "test-us-east-1"

  endpoint_configuration {
    types = ["REGIONAL"]
  }
}

resource "aws_api_gateway_resource" "sample_test" {
  rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
  parent_id   = "${aws_api_gateway_rest_api.test-us-east-1.root_resource_id}"
  path_part   = "{testid}"
}

resource "aws_api_gateway_method" "sample_get" {
  rest_api_id   = "${aws_api_gateway_rest_api.test-us-east-1.id}"
  resource_id   = "${aws_api_gateway_resource.sample_test.id}"
  http_method   = "GET"
  authorization = "NONE"
}

resource "aws_api_gateway_deployment" "Deployment" {
  depends_on  = ["aws_api_gateway_method.sample_get"]
  rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
  stage_name  = "test"
}

resource "aws_api_gateway_integration" "test" {
  rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
  resource_id = "${aws_api_gateway_resource.sample_test.id}"
  http_method = "${aws_api_gateway_method.sample_get.http_method}"
  integration_http_method = "POST"
  type        = "AWS"
  uri         = "arn:aws:apigateway:us-east-1:dynamodb:action/GetItem"
  credentials = "${aws_iam_role.apiGatewayDynamoDbAccessRole.arn}"
  passthrough_behavior = "WHEN_NO_TEMPLATES"

  request_templates = {
    "application/json" = <<EOF
    {     
      "TableName": "test_tf",     
      "Key": 
      {         
        "test_tf": 
          {             
            "S": "$input.params('testid')"         
            }     
        } 
    }
    EOF
  }
}


resource "aws_iam_policy" "api_dbaccess_policy" {
  name = "api_dbaccess_policy"
  policy = "${file("api-dynamodb-policy.json")}"

  depends_on = [ 
    "aws_dynamodb_table.us-east-1"
  ]
}
resource "aws_iam_role" "apiGatewayDynamoDbAccessRole" {
  name = "apiGatewayDynamoDbAccessRole"
  assume_role_policy = "${file("assume-role-policy.json")}"
  depends_on = [ 
    "aws_dynamodb_table.us-east-1"
  ]
}
resource "aws_iam_policy_attachment" "api-dbaccess-policy-attach" {
  name       = "api-dbaccess-policy-attachment"
  roles      = ["${aws_iam_role.apiGatewayDynamoDbAccessRole.name}"]
  policy_arn = "${aws_iam_policy.api_dbaccess_policy.arn}"
}

resource "aws_api_gateway_method_response" "200" {
  rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
  resource_id = "${aws_api_gateway_resource.sample_test.id}"
  http_method = "${aws_api_gateway_method.sample_get.http_method}"
  status_code = "200"
}

resource "aws_api_gateway_integration_response" "us-east-1-response" {
  rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
  resource_id = "${aws_api_gateway_resource.sample_test.id}"
  http_method = "${aws_api_gateway_method.sample_get.http_method}"
  status_code = "${aws_api_gateway_method_response.200.status_code}"

  response_templates = {
      "application/json" = <<EOF
      {     
        #set($sampletest = $input.path('Item.test_tf.S'))
        "test": #if ($sampletest && $sampletest != '')
                      true
                    #else
                      false
                    #end       
      }
      EOF
  }
}

1 个答案:

答案 0 :(得分:1)

是的,这在Terraform中是可能的。

在根模块中,定义4个AWS提供程序,为每个提供程序提供别名:

provider "aws" {
  alias  = "oregon"
  region = "us-west-2"
}

provider "aws" {
  alias  = "virginia"
  region = "us-east-1"
}

然后,在实例化模块时,无需依赖提供程序继承,而是通过别名显式传递提供程序:

module "api_gateway" {
  source    = "./api_gateway"
  providers = {
    aws = "aws.oregon"
  }
}

冲洗每个区域并重复4次。

您可以在此处找到文档:https://www.terraform.io/docs/modules/usage.html