aws-api-gateway - MOCK AWS API 网关中的客户端证书
问题描述
我正在使用 Terraform 创建一个 MOCK AWS API 网关,我可以使用下面的 .tf 文件来完成。我需要与 API 一起创建客户端证书并在阶段使用它(将其连接到 API)。任何想法我需要使用什么 Terraform 资源?此外,这是私有子网中的 API。
resource "aws_vpc" "test" {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "APIGW-Example"
}
}
data "aws_security_group" "test" {
vpc_id = aws_vpc.test.id
name = "default"
}
data "aws_availability_zones" "available" {}
resource "aws_subnet" "test" {
vpc_id = aws_vpc.test.id
cidr_block = aws_vpc.test.cidr_block
availability_zone = data.aws_availability_zones.available.names[0]
tags = {
Name = "APIGW-Example"
}
}
data "aws_vpc_endpoint_service" "test" {
service = "execute-api"
}
resource "aws_vpc_endpoint" "test" {
vpc_id = aws_vpc.test.id
service_name = data.aws_vpc_endpoint_service.test.service_name
vpc_endpoint_type = "Interface"
private_dns_enabled = true
subnet_ids = [aws_subnet.test.id]
security_group_ids = [data.aws_security_group.test.id]
}
resource "aws_api_gateway_rest_api" "MyDemoAPI" {
name = "MyDemoAPI"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"*"
]
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"*"
],
"Condition" : {
"StringNotEquals": {
"aws:SourceVpce": "${aws_vpc_endpoint.test.id}"
}
}
}
]
}
EOF
endpoint_configuration {
types = ["PRIVATE"]
vpc_endpoint_ids = [aws_vpc_endpoint.test.id]
}
}
resource "aws_api_gateway_resource" "MyDemoResource" {
rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
parent_id = "${aws_api_gateway_rest_api.MyDemoAPI.root_resource_id}"
path_part = "test"
}
resource "aws_api_gateway_method" "MyDemoMethod" {
rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
resource_id = "${aws_api_gateway_resource.MyDemoResource.id}"
http_method = "GET"
authorization = "NONE"
}
resource "aws_api_gateway_integration" "MyDemoIntegration" {
rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
resource_id = "${aws_api_gateway_resource.MyDemoResource.id}"
http_method = "${aws_api_gateway_method.MyDemoMethod.http_method}"
type = "MOCK"
request_templates = {
"application/json" = "{\"statusCode\": 200}"
}
}
resource "aws_api_gateway_integration_response" "MyDemoIntegrationResponse" {
rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
resource_id = "${aws_api_gateway_resource.MyDemoResource.id}"
http_method = "${aws_api_gateway_method.MyDemoMethod.http_method}"
status_code = "200"
response_templates = {
"application/json" = ""
}
}
resource "aws_api_gateway_method_response" "ok" {
depends_on = [aws_api_gateway_method.MyDemoMethod, aws_api_gateway_integration.MyDemoIntegration, aws_api_gateway_integration_response.MyDemoIntegrationResponse]
rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
resource_id = "${aws_api_gateway_resource.MyDemoResource.id}"
http_method = "${aws_api_gateway_method.MyDemoMethod.http_method}"
status_code = "200"
response_models = {
"application/json" = "Empty"
}
}
resource "aws_api_gateway_deployment" "MyDemoDeployment" {
depends_on = [
aws_api_gateway_integration.MyDemoIntegration,
aws_api_gateway_method.MyDemoMethod
]
rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
stage_name = "test"
stage_description = "Deployed at ${timestamp()}"
variables = {
"answer" = "42"
}
lifecycle {
create_before_destroy = true
}
}
解决方案
推荐阅读
- c++ - Bjarne Stroustrup 书 - std_lib_facilities.h - 不起作用(未知类型名称)
- amazon-web-services - SOA 记录更改为使用 AWS 路由 53
- docker - Nginx with let's encrypt 在另一个 nginx 前面
- sql - 选择最近的行,其中 2 列包含相同的值
- react-native - React-native 如何在 Listview 中使用 radioButton
- c++ - 从 argv 创建参数字符串
- javascript - 从具有多个数组的状态中获取所有对象
- qt4 - QSS 样式表未完全应用于 QListWidget
- git - 私有 GIT 存储库是否可用于 Microsoft TFS?
- android - 如何将片段附加到上下文(以编程方式)?