1 minute read

It’s the same as to create a REST API. Provision API Gateway endpoint and connect the endpoint to a lambda that hosts GraphQL server.

# API Gateway
resource "aws_api_gateway_rest_api" "graphql_server" {
  name        = "${var.component}-${var.environment}"
  description = "API Gateway for GraphQL Server"

  endpoint_configuration {
    types = ["REGIONAL"]
  }
}

resource "aws_api_gateway_resource" "graphql_server" {
  rest_api_id = aws_api_gateway_rest_api.graphql_server.id
  parent_id   = aws_api_gateway_rest_api.graphql_server.root_resource_id
  path_part   = "graphql"
}

resource "aws_api_gateway_method" "graphql_method" {
  rest_api_id   = aws_api_gateway_rest_api.graphql_server.id
  resource_id   = aws_api_gateway_resource.graphql_server.id
  http_method   = "ANY"
  authorization = "NONE"
}

resource "aws_api_gateway_integration" "graphql_integration" {
  rest_api_id = aws_api_gateway_rest_api.graphql_server.id
  resource_id = aws_api_gateway_resource.graphql_server.id
  http_method = aws_api_gateway_method.graphql_method.http_method

  integration_http_method = "POST"
  type                    = "AWS_PROXY"
  uri                     = aws_lambda_function.graphql_server.invoke_arn

  depends_on = [
    aws_api_gateway_method.graphql_method
  ]
}

resource "aws_api_gateway_deployment" "graphql_server_stage_deployment" {
  rest_api_id = aws_api_gateway_rest_api.graphql_server.id
  stage_name  = "dev"

  depends_on = [
    aws_api_gateway_integration.graphql_integration,
    aws_api_gateway_method.graphql_method
  ]

  variables = {
    "timestamp" = timestamp()
  }

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_lambda_permission" "graphql_server_invoke_permission" {
  statement_id  = "AllowExecutionFromAPIGateway"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.graphql_server.arn
  principal     = "apigateway.amazonaws.com"
  source_arn    = "${aws_api_gateway_rest_api.graphql_server.execution_arn}/*/*/*"
}
resource "aws_cloudwatch_log_group" "graphql_server" {
  name = "/aws/lambda/${aws_lambda_function.graphql_server.function_name}"

  retention_in_days = 14
}
data "archive_file" "graphql_server" {
  type        = "zip"
  source_dir  = "../dist/graphql-server"
  output_path = "../dist/graphql-server.zip"
}

resource "aws_lambda_function" "graphql_server" {
  function_name = "${var.component}_${var.environment}_graphql_server"
  filename      = data.archive_file.graphql_server.output_path

  runtime = "nodejs16.x"
  handler = "index.handler"

  source_code_hash = data.archive_file.graphql_server.output_base64sha256
  role             = aws_iam_role.iam_lambda_role.arn

  environment {
    variables = {
      run_env                 = var.environment
    }
  }
}
data "aws_iam_policy_document" "iam_lambda_log_policy_document" {
  statement {
    actions = [
      "logs:CreateLogGroup",
      "logs:CreateLogStream",
      "logs:PutLogEvents"
    ]
    resources = [
      "${aws_cloudwatch_log_group.graphql_server.arn}:*"
    ]
  }
}

resource "aws_iam_policy" "iam_lambda_log_policy" {
  name   = "${var.component}_${var.environment}_iam_lambda_log_policy"
  policy = data.aws_iam_policy_document.iam_lambda_log_policy_document.json
}

resource "aws_iam_role_policy_attachment" "lambda_logs" {
  role       = aws_iam_role.iam_lambda_role.name
  policy_arn = aws_iam_policy.iam_lambda_log_policy.arn
}

Comments