
Terraform module, which creates simple RestAPI invoking lambda function on Amazon API Gateway.

MIT License



It is necessary to grant write permission to CloudWatchLogs to the APIGateway account for each region in the IAM Role in advance.


data "aws_iam_role" "ApigatewayCloudwatchLogsWrite" {
  name = "ApigatewayCloudwatchLogsWrite"
resource "aws_api_gateway_account" "account" {
  cloudwatch_role_arn = data.aws_iam_role.ApigatewayCloudwatchLogsWrite.arn

A Lambda alias must be created with the same name as the API Gateway stage. e.g.

  • Lambda Alias : dev
  • API Gateway Stage : dev

Please set the variable "is_first_deploy" true when the first deployment.

e.g. the first deployment.

module "rest_api" {
  source  = "tomoki171923/restapi/aws"
  api_name = "your_rest_api_name"
  methods = [
      name          = "GET"
      path          = "get-item"
      lambda_function_name = "your_lambda_function_name_to_invoke_from_api"
  stage_name = "deployment_stage_name"
  oas30 = templatefile("./sample-oas30-apigateway.yaml",
      integration_url = "arn:aws:apigateway:${data.aws_region.current.name}:lambda:path/2015-03-31/functions/${data.aws_lambda_function.this.arn}:$${stageVariables.LambdaAlias}/invocations"
  is_first_deploy = true

Please set the variable "is first deploy" false from the second time onwards.

e.g. from the second time onwards.

module "rest_api" {
  source  = "tomoki171923/restapi/aws"
  api_name = "your_rest_api_name"
  methods = [
      name          = "GET"
      path          = "get-item"
      lambda_function_name = "your_lambda_function_name_to_invoke_from_api"
  stage_name = "deployment_stage_name"
  oas30 = templatefile("./sample-oas30-apigateway.yaml",
      integration_url = "arn:aws:apigateway:${data.aws_region.current.name}:lambda:path/2015-03-31/functions/${data.aws_lambda_function.this.arn}:$${stageVariables.LambdaAlias}/invocations"
  is_first_deploy = false



Name Version
terraform >= 1.0
aws ~> 4.11


Name Version
aws ~> 4.11


Name Description Type Default Required
api_name The REST API's name on Amazon API Gateway string "" yes
endpoint_type The REST API's endpoint type on Amazon API Gateway string "REGIONAL" no
methods REST API's methods. name: api method name, path: api method path, lambda_function_name: aws lambda function name. list(object({ name = string path = string lambda_function_name = string})) [] yes
stages REST API's stages. name: stage name, description: deployment description, logging_level: cloudwatch logging level, log_retention: cloudwatch log retention in days. list(object({ name = string description = string logging_level = string log_retention = number})) [ { name = "dev", description = "development deployment", log_retention = "INFO", log_retention = 7, }, { name = "st", description = "staging deployment", log_retention = "INFO", log_retention = 30, }, { name = "pro", description = "production deployment", log_retention = "INFO", log_retention = 60, }, ] no
stage_name The target stage name to update. string "" yes
oas30 OpenAPI 3 + API Gateway Extensions (JSON syntax) string "" yes
custom_domain_names_edge Custom Domain Names (Edge Optimized with ACM Certificate). zone_id: Hosted zone ID, domain_name: custom domain name, certificate_arn: acm certificate arn, stage_name: Name of a specific deployment stage to expose at the given path, base_path: Path segment that must be prepended to the path when accessing the API via this mappin. list(object({ zone_id = string domain_name = string certificate_arn = string stage_name = string base_path = string})) null no


Name Description
rest_api REST API's Attributes. See official for details.
deployments Attributes of deployments. See official for details.
stages Attributes of stages. See official for details.
methods Attributes of API Methods. See official for details.
lambda_permissions Attributes of Lambda Permission. See official for details.
log_groups Attributes of CloudWatch LogGroups. See official for details.
custom_domain_edge Attributes of Custom domain settings. See api_gateway_domain_name, aws_api_gateway_base_path_mapping and aws_route53_record for details.


Module managed by tomoki171923.


MIT Licensed. See LICENSE for full details.

