Add API Gateway authorizer IAM role and module configuration

ministryofjustice · Dec 17, 2024 · bb60c7a · bb60c7a
1 parent 4d97907
commit bb60c7a
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 0 deletions.
diff --git a/terraform/environments/electronic-monitoring-data/lambdas_iam.tf b/terraform/environments/electronic-monitoring-data/lambdas_iam.tf
@@ -442,3 +442,12 @@ resource "aws_iam_role_policy" "calculate_checksum" {
   role   = aws_iam_role.calculate_checksum.id
   policy = data.aws_iam_policy_document.calculate_checksum.json
 }
+
+# -----------------------------------------------------------------------------------
+# API Gateway authorizer
+# -----------------------------------------------------------------------------------
+
+resource "aws_iam_role" "api_gateway_authorizer" {
+  name               = "api_gateway_authorizer"
+  assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json
+}
diff --git a/terraform/environments/electronic-monitoring-data/lambdas_main.tf b/terraform/environments/electronic-monitoring-data/lambdas_main.tf
@@ -192,3 +192,27 @@ module "calculate_checksum" {
 
 }
 
+
+#-----------------------------------------------------------------------------------
+# API Gateway authorizer
+#-----------------------------------------------------------------------------------
+
+module "api_gateway_authorizer" {
+  source                  = "./modules/lambdas"
+  is_image                = true
+  function_name           = "api_gateway_authorizer"
+  role_name               = aws_iam_role.api_gateway_authorizer.name
+  role_arn                = aws_iam_role.api_gateway_authorizer.arn
+  handler                 = "api_gateway_authorizer.handler"
+  memory_size             = 4096
+  timeout                 = 900
+  security_group_ids      = [aws_security_group.lambda_generic.id]
+  subnet_ids              = data.aws_subnets.shared-public.ids
+  core_shared_services_id = local.environment_management.account_ids["core-shared-services-production"]
+  production_dev          = local.is-production ? "prod" : "dev"
+  environment_variables = {
+    environment_name = local.is-production ? "prod" : local.is-preproduction ? "preprod" : local.is-test ? "test" : "dev"
+  }
+}
+
+