Configuring API Gateway

Finally, we need to trigger the function with API Gateway:

  1. Create a movies resource on the REST API and expose a GET method on it. If the incoming requests match the resource defined, it will call the Lambda function defined earlier:
resource "aws_api_gateway_rest_api" "api" {
  name = "MoviesAPI"
}

resource "aws_api_gateway_resource" "proxy" {
  rest_api_id = "${aws_api_gateway_rest_api.api.id}"
  parent_id = "${aws_api_gateway_rest_api.api.root_resource_id}"
  path_part = "movies"
}

resource "aws_api_gateway_method" "proxy" {
  rest_api_id = "${aws_api_gateway_rest_api.api.id}"
  resource_id = "${aws_api_gateway_resource.proxy.id}"
  http_method = "GET"
  authorization = "NONE"
}

resource "aws_api_gateway_integration" "lambda" {
  rest_api_id = "${aws_api_gateway_rest_api.api.id}"
  resource_id = "${aws_api_gateway_method.proxy.resource_id}"
  http_method = "${aws_api_gateway_method.proxy.http_method}"

  integration_http_method = "POST"
  type = "AWS_PROXY"
  uri = "${aws_lambda_function.findall.invoke_arn}"
}
  1. Issue the following commands to install the AWS plugin, generate an execution plan, and apply the changes:
terraform init
terraform plan
terraform apply

  1. It should take a few seconds to create the whole infrastructure. After the creation steps are complete, the Lambda function should be created and properly configured, as shown in the following screenshot:

  1. The same goes for API Gateway, a new REST API should be defined with a GET method on /movies resource, shown as follows:

  1. In DynamoDB Console, a new table should be created with a movie item, as shown in the next screenshot:

  1. In order to invoke our API Gateway, we need to deploy it. Create a deployment stage, let's call it staging:
resource "aws_api_gateway_deployment" "staging" {
  depends_on = ["aws_api_gateway_integration.lambda"]

  rest_api_id = "${aws_api_gateway_rest_api.api.id}"
  stage_name = "staging"
}
  1. We will use Terraform's output feature to expose the API URL; create an outputs.tf file with the following content:
output "API Invocation URL" {
  value = "${aws_api_gateway_deployment.staging.invoke_url}"
}

  1. Run terraform apply again to create these new objects, it will detect the changes and ask you to confirm it should perform the actions, shown as follows:

  1. The API Gateway URL will be displayed in the Outputs section; copy it to the clipboard:

  1. If you point your favorite browser to the API Invocation URL, an error message should be displayed, as shown in the next screenshot:

  1. We will fix that, by granting execution permission to API Gateway to invoke the Lambda function. Update the main.tf file to create a aws_lambda_permission resource:
resource "aws_lambda_permission" "apigw" {
  statement_id = "AllowAPIGatewayInvoke"
  action = "lambda:InvokeFunction"
  function_name = "${aws_lambda_function.findall.arn}"
  principal = "apigateway.amazonaws.com"

  source_arn = "${aws_api_gateway_deployment.staging.execution_arn}/*/*"
}
  1. Apply the latest changes with the terraform apply command. On the Lambda Console, the API Gateway trigger should be displayed, shown as follows:

  1. Load the URL given in the output from your run in your favorite web browser. If everything has worked, you will see the movie stored in the DynamoDB table in a JSON format, as shown in the next screenshot:

Terraform stores the state of the infrastructure in a state file (.tfstate). The state contains resource IDs and all the resource attributes. If you're using Terraform to create a RDS instance, the database credentials will be in plaintext in the state file. Hence, you should keep your file in a remote backend, such as S3 bucket.