feat: added rest api policy and make api private

clouddrove · May 19, 2023 · 5f5472e · 5f5472e
1 parent 0d510b6
commit 5f5472e
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/_example/basic/example.tf b/_example/basic/example.tf
@@ -12,6 +12,9 @@ module "api-gateway" {
   # Api Gateway Resource
   path_parts = ["mytestresource"]
 
+  ##endpoint_configuration
+  types = ["PRIVATE"]
+
   # Api Gateway Method
   method_enabled = true
   http_methods   = ["GET"]

diff --git a/main.tf b/main.tf
@@ -33,10 +33,34 @@ resource "aws_api_gateway_rest_api" "default" {
     types            = var.types
     vpc_endpoint_ids = length(var.vpc_endpoint_ids) > 0 && var.vpc_endpoint_ids[0] != "" ? var.vpc_endpoint_ids : null
   }
-  policy = var.api_policy
   tags   = var.tags
 }
 
+data "aws_iam_policy_document" "test" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+
+    actions   = ["execute-api:Invoke"]
+    resources = [join("", aws_api_gateway_rest_api.default.*.execution_arn)]
+
+    condition {
+      test     = "IpAddress"
+      variable = "aws:SourceIp"
+      values   = ["123.123.123.123/32"]
+    }
+  }
+}
+
+resource "aws_api_gateway_rest_api_policy" "test" {
+  rest_api_id = join("", aws_api_gateway_rest_api.default.*.id)
+  policy      = data.aws_iam_policy_document.test.json
+}
+
 # Module      : Api Gateway Resource
 # Description : Terraform module to create Api Gateway resource on AWS.
 resource "aws_api_gateway_resource" "default" {