File tree Expand file tree Collapse file tree 2 files changed +51
-1
lines changed Expand file tree Collapse file tree 2 files changed +51
-1
lines changed Original file line number Diff line number Diff line change 6
6
include_dns_record = var. include_dns_record == null ? true : var. include_dns_record
7
7
enable_auto_deploy = var. enable_auto_deploy == null ? true : var. enable_auto_deploy
8
8
9
+ sanitised_name = replace (var. name , " $" , " " )
10
+
9
11
default_tags = local. include_default_tags == true ? {
10
12
Component = var.component
11
13
DeploymentIdentifier = var.deployment_identifier
Original file line number Diff line number Diff line change 1
1
resource "aws_cloudwatch_log_group" "access_logs" {
2
- name = " /${ var . component } /${ var . deployment_identifier } /api-gateway/${ var . name } "
2
+ name = " /${ var . component } /${ var . deployment_identifier } /api-gateway/${ local . sanitised_name } "
3
+ }
4
+
5
+ data "aws_iam_policy_document" "api_gateway_assume_role_policy" {
6
+ statement {
7
+ actions = [" sts:AssumeRole" ]
8
+
9
+ principals {
10
+ identifiers = [
11
+ " apigateway.amazonaws.com"
12
+ ]
13
+ type = " Service"
14
+ }
15
+
16
+ effect = " Allow"
17
+ }
18
+ }
19
+
20
+ data "aws_iam_policy_document" "api_gateway_logging_policy" {
21
+ statement {
22
+ effect = " Allow"
23
+ actions = [
24
+ " logs:CreateLogGroup" ,
25
+ " logs:CreateLogStream" ,
26
+ " logs:DescribeLogGroups" ,
27
+ " logs:DescribeLogStreams" ,
28
+ " logs:PutLogEvents" ,
29
+ " logs:GetLogEvents" ,
30
+ " logs:FilterLogEvents"
31
+ ]
32
+ resources = [
33
+ " *"
34
+ ]
35
+ }
36
+ }
37
+
38
+ resource "aws_iam_role" "api_gateway_logging_role" {
39
+ name = " api-gateway-logging-role-${ var . component } -${ var . deployment_identifier } -${ local . sanitised_name } "
40
+ assume_role_policy = data. aws_iam_policy_document . api_gateway_assume_role_policy . json
41
+ }
42
+
43
+ resource "aws_iam_role_policy" "api_gateway_logging_role_policy" {
44
+ name = " api-gateway-logging-policy-${ var . component } -${ var . deployment_identifier } -${ local . sanitised_name } "
45
+ role = aws_iam_role. api_gateway_logging_role . name
46
+ policy = data. aws_iam_policy_document . api_gateway_logging_policy . json
47
+ }
48
+
49
+ resource "aws_api_gateway_account" "api_gateway_account" {
50
+ cloudwatch_role_arn = aws_iam_role. api_gateway_logging_role . arn
3
51
}
You can’t perform that action at this time.
0 commit comments