AWS API Gateway Deployment

aws_api_gateway_deployment (Terraform)

The Deployment in API Gateway can be configured in Terraform with the resource name aws_api_gateway_deployment. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

simweijie/equeue-terraform-apigateway

resource "aws_api_gateway_deployment" "api_gateway_deployment_20210316_1" {
  rest_api_id = aws_api_gateway_rest_api.api_gateway.id
}

resource "aws_api_gateway_deployment" "api_gateway_deployment_20210316_2" {
  rest_api_id = aws_api_gateway_rest_api.api_gateway.id

Paridhi-Mohindra/terraform-aws-api-gw-cookiecutter-template

resource "aws_api_gateway_deployment" "aplha_deployment" {
  depends_on = [aws_api_gateway_integration.accounts_integration, aws_api_gateway_integration.confirmation_integration, aws_api_gateway_integration.events_integration, aws_api_gateway_integration.notifications_integration, aws_api_gateway_integration.payment_integration]

  rest_api_id = aws_api_gateway_rest_api.main.id
  stage_name  = "alpha"

Paridhi-Mohindra/1-aws

resource "aws_api_gateway_deployment" "aplha_deployment" {
  depends_on = [aws_api_gateway_integration.accounts_integration, aws_api_gateway_integration.confirmation_integration, aws_api_gateway_integration.events_integration, aws_api_gateway_integration.notifications_integration, aws_api_gateway_integration.payment_integration]

  rest_api_id = aws_api_gateway_rest_api.main.id
  stage_name  = "alpha"

mlabouardy/pipeline-as-code-with-jenkins

resource "aws_api_gateway_deployment" "test" {
   depends_on = [
     module.GetMovies,
     module.GetOneMovie,
     module.GetFavorites,
     module.PostFavorites

kemoosabee/lambda_function

resource "aws_api_gateway_deployment" "sum" {
   depends_on = [
     aws_api_gateway_integration.sum,
     aws_api_gateway_integration.sum_lambda_root,

   ]

Parameters

• created_date optional computed - string
• description optional - string
• execution_arn optional computed - string
• id optional computed - string
• invoke_url optional computed - string
• rest_api_id required - string
• stage_description optional - string
• stage_name optional - string
• triggers optional - map from string to string
• variables optional - map from string to string

Explanation in Terraform Registry

Manages an API Gateway REST Deployment. A deployment is a snapshot of the REST API configuration. The deployment can then be published to callable endpoints via the aws_api_gateway_stage resource and optionally managed further with the aws_api_gateway_base_path_mapping resource, aws_api_gateway_domain_name resource, and aws_api_method_settings resource. For more information, see the API Gateway Developer Guide. To properly capture all REST API configuration in a deployment, this resource must have dependencies on all prior Terraform resources that manage resources/paths, methods, integrations, etc.

• For REST APIs that are configured via OpenAPI specification (aws_api_gateway_rest_api resource body argument), no special dependency setup is needed beyond referencing the id attribute of that resource unless additional Terraform resources have further customized the REST API.
• When the REST API configuration involves other Terraform resources (aws_api_gateway_integration resource, etc.), the dependency setup can be done with implicit resource references in the triggers argument or explicit resource references using the resource depends_on meta-argument. The triggers argument should be preferred over depends_on, since depends_on can only capture dependency ordering and will not cause the resource to recreate (redeploy the REST API) with upstream configuration changes. !> WARNING: It is recommended to use the aws_api_gateway_stage resource instead of managing an API Gateway Stage via the stage_name argument of this resource. When this resource is recreated (REST API redeployment) with the stage_name configured, the stage is deleted and recreated. This will cause a temporary service interruption, increase Terraform plan differences, and can require a second Terraform apply to recreate any downstream stage configuration such as associated aws_api_method_settings resources.

  NOTE: It is recommended to enable the resource lifecycle configuration block create_before_destroy argument in this resource configuration to properly order redeployments in Terraform. Without enabling create_before_destroy, API Gateway can return errors such as BadRequestException: Active stages pointing to this deployment must be moved or deleted on recreation.

Tips: Best Practices for The Other AWS API Gateway Resources

In addition to the aws_api_gateway_method_settings, AWS API Gateway has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

aws_api_gateway_method_settings

Ensure that API Gateway stage-level cache is encrypted

It is better to enable the stage-level cache encryption which reduces the risk of data leakage.

aws_api_gateway_domain_name

Ensure to use modern TLS protocols

It is better to adopt TLS v1.2+.

aws_api_gateway_stage

Ensure to enable access logging of your API Gateway stage (v1)

It is better to enable the access logging of your API Gateway stage (v1).

aws_api_gateway_method

Ensure that your API Gateway method blocks unwanted access

It is better that the API Gateway method does not allow public access.