feat: API & Domain Association (#27)

svenlito · antonbabenko · web-flow · commit 487991160784 · 2022-02-14T15:18:25.000+01:00
Co-authored-by: Anton Babenko &lt;anton@antonbabenko.com&gt;
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.62.3
+    rev: v1.64.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
diff --git a/README.md b/README.md
@@ -132,6 +132,8 @@ No modules.
 | [aws_appsync_api_cache.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appsync_api_cache) | resource |
 | [aws_appsync_api_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appsync_api_key) | resource |
 | [aws_appsync_datasource.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appsync_datasource) | resource |
+| [aws_appsync_domain_name.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appsync_domain_name) | resource |
+| [aws_appsync_domain_name_api_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appsync_domain_name_api_association) | resource |
 | [aws_appsync_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appsync_function) | resource |
 | [aws_appsync_graphql_api.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appsync_graphql_api) | resource |
 | [aws_appsync_resolver.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appsync_resolver) | resource |
@@ -156,11 +158,15 @@ No modules.
 | <a name="input_cache_type"></a> [cache\_type](#input\_cache\_type) | The cache instance type. | `string` | `"SMALL"` | no |
 | <a name="input_caching_behavior"></a> [caching\_behavior](#input\_caching\_behavior) | Caching behavior. | `string` | `"FULL_REQUEST_CACHING"` | no |
 | <a name="input_caching_enabled"></a> [caching\_enabled](#input\_caching\_enabled) | Whether caching with Elasticache is enabled. | `bool` | `false` | no |
+| <a name="input_certificate_arn"></a> [certificate\_arn](#input\_certificate\_arn) | The Amazon Resource Name (ARN) of the certificate. | `string` | `""` | no |
 | <a name="input_create_graphql_api"></a> [create\_graphql\_api](#input\_create\_graphql\_api) | Whether to create GraphQL API | `bool` | `true` | no |
 | <a name="input_create_logs_role"></a> [create\_logs\_role](#input\_create\_logs\_role) | Whether to create service role for Cloudwatch logs | `bool` | `true` | no |
 | <a name="input_datasources"></a> [datasources](#input\_datasources) | Map of datasources to create | `any` | `{}` | no |
 | <a name="input_direct_lambda_request_template"></a> [direct\_lambda\_request\_template](#input\_direct\_lambda\_request\_template) | VTL request template for the direct lambda integrations | `string` | `"{\n  \"version\" : \"2017-02-28\",\n  \"operation\": \"Invoke\",\n  \"payload\": {\n    \"arguments\": $util.toJson($ctx.arguments),\n    \"identity\": $util.toJson($ctx.identity),\n    \"source\": $util.toJson($ctx.source),\n    \"request\": $util.toJson($ctx.request),\n    \"prev\": $util.toJson($ctx.prev),\n    \"info\": {\n        \"selectionSetList\": $util.toJson($ctx.info.selectionSetList),\n        \"selectionSetGraphQL\": $util.toJson($ctx.info.selectionSetGraphQL),\n        \"parentTypeName\": $util.toJson($ctx.info.parentTypeName),\n        \"fieldName\": $util.toJson($ctx.info.fieldName),\n        \"variables\": $util.toJson($ctx.info.variables)\n    },\n    \"stash\": $util.toJson($ctx.stash)\n  }\n}\n"` | no |
 | <a name="input_direct_lambda_response_template"></a> [direct\_lambda\_response\_template](#input\_direct\_lambda\_response\_template) | VTL response template for the direct lambda integrations | `string` | `"$util.toJson($ctx.result)\n"` | no |
+| <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name that AppSync gets associated with. | `string` | `""` | no |
+| <a name="input_domain_name_association_enabled"></a> [domain\_name\_association\_enabled](#input\_domain\_name\_association\_enabled) | Whether to enable domain name association on GraphQL API | `bool` | `false` | no |
+| <a name="input_domain_name_description"></a> [domain\_name\_description](#input\_domain\_name\_description) | A description of the Domain Name. | `string` | `null` | no |
 | <a name="input_dynamodb_allowed_actions"></a> [dynamodb\_allowed\_actions](#input\_dynamodb\_allowed\_actions) | List of allowed IAM actions for datasources type AMAZON\_DYNAMODB | `list(string)` | <pre>[<br>  "dynamodb:GetItem",<br>  "dynamodb:PutItem",<br>  "dynamodb:DeleteItem",<br>  "dynamodb:UpdateItem",<br>  "dynamodb:Query",<br>  "dynamodb:Scan",<br>  "dynamodb:BatchGetItem",<br>  "dynamodb:BatchWriteItem"<br>]</pre> | no |
 | <a name="input_elasticsearch_allowed_actions"></a> [elasticsearch\_allowed\_actions](#input\_elasticsearch\_allowed\_actions) | List of allowed IAM actions for datasources type AMAZON\_ELASTICSEARCH | `list(string)` | <pre>[<br>  "es:ESHttpDelete",<br>  "es:ESHttpHead",<br>  "es:ESHttpGet",<br>  "es:ESHttpPost",<br>  "es:ESHttpPut"<br>]</pre> | no |
 | <a name="input_functions"></a> [functions](#input\_functions) | Map of functions to create | `any` | `{}` | no |
@@ -190,6 +196,9 @@ No modules.
 | <a name="output_appsync_api_key_id"></a> [appsync\_api\_key\_id](#output\_appsync\_api\_key\_id) | Map of API Key ID (Formatted as ApiId:Key) |
 | <a name="output_appsync_api_key_key"></a> [appsync\_api\_key\_key](#output\_appsync\_api\_key\_key) | Map of API Keys |
 | <a name="output_appsync_datasource_arn"></a> [appsync\_datasource\_arn](#output\_appsync\_datasource\_arn) | Map of ARNs of datasources |
+| <a name="output_appsync_domain_hosted_zone_id"></a> [appsync\_domain\_hosted\_zone\_id](#output\_appsync\_domain\_hosted\_zone\_id) | The ID of your Amazon Route 53 hosted zone. |
+| <a name="output_appsync_domain_id"></a> [appsync\_domain\_id](#output\_appsync\_domain\_id) | The Appsync Domain Name. |
+| <a name="output_appsync_domain_name"></a> [appsync\_domain\_name](#output\_appsync\_domain\_name) | The domain name that AppSync provides. |
 | <a name="output_appsync_function_arn"></a> [appsync\_function\_arn](#output\_appsync\_function\_arn) | Map of ARNs of functions |
 | <a name="output_appsync_function_function_id"></a> [appsync\_function\_function\_id](#output\_appsync\_function\_function\_id) | Map of function IDs of functions |
 | <a name="output_appsync_function_id"></a> [appsync\_function\_id](#output\_appsync\_function\_id) | Map of IDs of functions |
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -35,6 +35,7 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_acm"></a> [acm](#module\_acm) | terraform-aws-modules/acm/aws | ~> 3 |
 | <a name="module_appsync"></a> [appsync](#module\_appsync) | ../../ | n/a |
 | <a name="module_disabled"></a> [disabled](#module\_disabled) | ../../ | n/a |
 
@@ -43,7 +44,10 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Type |
 |------|------|
 | [aws_cognito_user_pool.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool) | resource |
+| [aws_route53_record.api](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_zone.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
 | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
+| [aws_route53_zone.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
 
 ## Inputs
 
@@ -56,6 +60,9 @@ No inputs.
 | <a name="output_appsync_api_key_id"></a> [appsync\_api\_key\_id](#output\_appsync\_api\_key\_id) | Map of API Key ID (Formatted as ApiId:Key) |
 | <a name="output_appsync_api_key_key"></a> [appsync\_api\_key\_key](#output\_appsync\_api\_key\_key) | Map of API Keys |
 | <a name="output_appsync_datasource_arn"></a> [appsync\_datasource\_arn](#output\_appsync\_datasource\_arn) | Map of ARNs of datasources |
+| <a name="output_appsync_domain_hosted_zone_id"></a> [appsync\_domain\_hosted\_zone\_id](#output\_appsync\_domain\_hosted\_zone\_id) | The ID of your Amazon Route 53 hosted zone |
+| <a name="output_appsync_domain_id"></a> [appsync\_domain\_id](#output\_appsync\_domain\_id) | The Appsync Domain name |
+| <a name="output_appsync_domain_name"></a> [appsync\_domain\_name](#output\_appsync\_domain\_name) | The domain name AppSync provides |
 | <a name="output_appsync_graphql_api_arn"></a> [appsync\_graphql\_api\_arn](#output\_appsync\_graphql\_api\_arn) | ARN of GraphQL API |
 | <a name="output_appsync_graphql_api_fqdns"></a> [appsync\_graphql\_api\_fqdns](#output\_appsync\_graphql\_api\_fqdns) | Map of FQDNs associated with the API (no protocol and path) |
 | <a name="output_appsync_graphql_api_id"></a> [appsync\_graphql\_api\_id](#output\_appsync\_graphql\_api\_id) | ID of GraphQL API |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -11,14 +11,88 @@ provider "aws" {
   skip_requesting_account_id = false
 }
 
+provider "aws" {
+  region = "us-east-1"
+  alias  = "us-east-1"
+
+  # Make it faster by skipping something
+  skip_get_ec2_platforms      = true
+  skip_metadata_api_check     = true
+  skip_region_validation      = true
+  skip_credentials_validation = true
+
+  # skip_requesting_account_id should be disabled to generate valid ARN in apigatewayv2_api_execution_arn
+  skip_requesting_account_id = false
+}
+
+locals {
+  # Use existing (via data source) or create new zone (will fail validation, if zone is not reachable)
+  use_existing_route53_zone = true
+
+  domain = "terraform-aws-modules.modules.tf"
+
+  # Removing trailing dot from domain - just to be sure :)
+  domain_name = trimsuffix(local.domain, ".")
+}
+
+data "aws_route53_zone" "this" {
+  count = local.use_existing_route53_zone ? 1 : 0
+
+  name         = local.domain_name
+  private_zone = false
+}
+
+resource "aws_route53_zone" "this" {
+  count = !local.use_existing_route53_zone ? 1 : 0
+  name  = local.domain_name
+}
+
+resource "aws_route53_record" "api" {
+  zone_id = data.aws_route53_zone.this[0].zone_id
+  name    = "api.${local.domain}"
+  type    = "CNAME"
+  ttl     = "300"
+  records = [module.appsync.appsync_domain_name]
+}
+
+module "acm" {
+  source  = "terraform-aws-modules/acm/aws"
+  version = "~> 3"
+
+  domain_name = local.domain_name
+  zone_id     = coalescelist(data.aws_route53_zone.this.*.zone_id, aws_route53_zone.this.*.zone_id)[0]
+
+  subject_alternative_names = [
+    "*.alerts.${local.domain_name}",
+    "new.sub.${local.domain_name}",
+    "*.${local.domain_name}",
+    "alerts.${local.domain_name}",
+  ]
+
+  wait_for_validation = true
+
+  tags = {
+    Name = local.domain_name
+  }
+
+  providers = {
+    aws = aws.us-east-1
+  }
+}
+
 module "appsync" {
   source = "../../"
 
   name = random_pet.this.id
 
   schema = file("schema.graphql")
 
-  caching_enabled = true
+  domain_name_association_enabled = true
+  caching_enabled                 = true
+
+  domain_name             = "api.${local.domain}"
+  domain_name_description = "My ${random_pet.this.id} AppSync Domain"
+  certificate_arn         = module.acm.acm_certificate_arn
 
   caching_behavior                 = "PER_RESOLVER_CACHING"
   cache_type                       = "SMALL"
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
@@ -14,6 +14,22 @@ output "appsync_graphql_api_uris" {
   value       = module.appsync.appsync_graphql_api_uris
 }
 
+#Domain
+output "appsync_domain_id" {
+  description = "The Appsync Domain name"
+  value       = module.appsync.appsync_domain_id
+}
+
+output "appsync_domain_name" {
+  description = "The domain name AppSync provides"
+  value       = module.appsync.appsync_domain_name
+}
+
+output "appsync_domain_hosted_zone_id" {
+  description = "The ID of your Amazon Route 53 hosted zone"
+  value       = module.appsync.appsync_domain_hosted_zone_id
+}
+
 # API Key
 output "appsync_api_key_id" {
   description = "Map of API Key ID (Formatted as ApiId:Key)"
diff --git a/main.tf b/main.tf
@@ -88,6 +88,22 @@ resource "aws_appsync_graphql_api" "this" {
   tags = merge({ Name = var.name }, var.graphql_api_tags)
 }
 
+# API Association & Domain Name
+resource "aws_appsync_domain_name" "this" {
+  count = var.create_graphql_api && var.domain_name_association_enabled ? 1 : 0
+
+  domain_name     = var.domain_name
+  description     = var.domain_name_description
+  certificate_arn = var.certificate_arn
+}
+
+resource "aws_appsync_domain_name_api_association" "this" {
+  count = var.create_graphql_api && var.domain_name_association_enabled ? 1 : 0
+
+  api_id      = aws_appsync_graphql_api.this[0].id
+  domain_name = aws_appsync_domain_name.this[0].domain_name
+}
+
 # API Cache
 resource "aws_appsync_api_cache" "example" {
   count = var.create_graphql_api && var.caching_enabled ? 1 : 0
diff --git a/outputs.tf b/outputs.tf
@@ -1,17 +1,17 @@
 # GraphQL API
 output "appsync_graphql_api_id" {
   description = "ID of GraphQL API"
-  value       = element(concat(aws_appsync_graphql_api.this.*.id, [""]), 0)
+  value       = try(aws_appsync_graphql_api.this[0].id, null)
 }
 
 output "appsync_graphql_api_arn" {
   description = "ARN of GraphQL API"
-  value       = element(concat(aws_appsync_graphql_api.this.*.arn, [""]), 0)
+  value       = try(aws_appsync_graphql_api.this[0].arn, null)
 }
 
 output "appsync_graphql_api_uris" {
   description = "Map of URIs associated with the API"
-  value       = element(concat(aws_appsync_graphql_api.this.*.uris, [""]), 0)
+  value       = try(aws_appsync_graphql_api.this.*.uris, null)
 }
 
 # API Key
@@ -53,6 +53,22 @@ output "appsync_function_function_id" {
   value       = { for k, v in aws_appsync_function.this : k => v.function_id }
 }
 
+# Domain
+output "appsync_domain_id" {
+  description = "The Appsync Domain Name."
+  value       = try(aws_appsync_domain_name.this[0].id, null)
+}
+
+output "appsync_domain_name" {
+  description = "The domain name that AppSync provides."
+  value       = try(aws_appsync_domain_name.this[0].appsync_domain_name, null)
+}
+
+output "appsync_domain_hosted_zone_id" {
+  description = "The ID of your Amazon Route 53 hosted zone."
+  value       = try(aws_appsync_domain_name.this[0].hosted_zone_id, null)
+}
+
 # Extra
 output "appsync_graphql_api_fqdns" {
   description = "Map of FQDNs associated with the API (no protocol and path)"
diff --git a/variables.tf b/variables.tf
@@ -10,6 +10,11 @@ variable "logging_enabled" {
   default     = false
 }
 
+variable "domain_name_association_enabled" {
+  description = "Whether to enable domain name association on GraphQL API"
+  type        = bool
+  default     = false
+}
 variable "caching_enabled" {
   description = "Whether caching with Elasticache is enabled."
   type        = bool
@@ -112,6 +117,25 @@ variable "tags" {
   default     = {}
 }
 
+# API Association & Domain Name
+variable "domain_name" {
+  description = "The domain name that AppSync gets associated with."
+  type        = string
+  default     = ""
+}
+
+variable "domain_name_description" {
+  description = "A description of the Domain Name."
+  type        = string
+  default     = null
+}
+
+variable "certificate_arn" {
+  description = "The Amazon Resource Name (ARN) of the certificate."
+  type        = string
+  default     = ""
+}
+
 # API Cache
 variable "caching_behavior" {
   description = "Caching behavior."
@@ -179,6 +203,7 @@ variable "api_keys" {
   default     = {}
 }
 
+
 # IAM service roles
 variable "lambda_allowed_actions" {
   description = "List of allowed IAM actions for datasources type AWS_LAMBDA"
