Skip to content

API Gateway: aws_api_gateway_method_settings does not work for non-root resourcesΒ #9738

Closed as not planned
@SizZiKe

Description

Description

Setting aws_api_gateway_method_settings does not work for nested resources, i.e. to override a specific stage:

resource aws_api_gateway_method_settings GET_tenant_tenant-name_enrollment_codes {
  rest_api_id = aws_api_gateway_rest_api.api.id
  stage_name = aws_api_gateway_stage.v1.stage_name
  method_path = "${aws_api_gateway_resource.tenant_tenant-name_enrollment_codes.path/${aws_api_gateway_method.GET_tenant_tenant-name_enrollment_codes.http_method}"
  settings {
    caching_enabled = true
    cache_ttl_in_seconds = 60
    require_authorization_for_cache_control  = true
    unauthorized_cache_control_header_strategy = "FAIL_WITH_403"
  }
}

When browsing the stage method settings within the AWS API Gateway console, I realized that my custom settings were not showing up, but through the CLI I saw that my settings were there:

aws apigateway get-stage --api-id <apiId> --stage-name <stage>
{
    "deploymentId": "umb0bo",
    "stageName": "v1",
    "cacheClusterEnabled": true,
    "cacheClusterSize": "0.5",
    "cacheClusterStatus": "AVAILABLE",
    "methodSettings": {
        "/tenant/{tenant-name}/enrollment_codes/GET": {
            "metricsEnabled": false,
            "loggingLevel": "OFF",
            "dataTraceEnabled": false,
            "throttlingBurstLimit": 5000,
            "throttlingRateLimit": 10000.0,
            "cachingEnabled": true,
            "cacheTtlInSeconds": 300,
            "cacheDataEncrypted": true,
            "requireAuthorizationForCacheControl": true,
            "unauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER"
        }
    },
    "variables": {
        "function": "API"
    },
    "tracingEnabled": false,
    "tags": {
        "Stage": "Dev"
    },
    "createdDate": 1565638052,
    "lastUpdatedDate": 1565640455
}

I applied the same configuration via the portal and realized that the slashes in the path are being escaped with "~1", because the slash is used to separate the path from the method...

{
    "deploymentId": "umb0bo",
    "stageName": "v1",
    "cacheClusterEnabled": true,
    "cacheClusterSize": "0.5",
    "cacheClusterStatus": "AVAILABLE",
    "methodSettings": {
        "~1tenant~1{tenant-name}~1enrollment_codes/GET": {
            "metricsEnabled": false,
            "loggingLevel": "OFF",
            "dataTraceEnabled": false,
            "throttlingBurstLimit": 5000,
            "throttlingRateLimit": 10000.0,
            "cachingEnabled": true,
            "cacheTtlInSeconds": 300,
            "cacheDataEncrypted": true,
            "requireAuthorizationForCacheControl": true,
            "unauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER"
        }
    },
    "variables": {
        "function": "API"
    },
    "tracingEnabled": false,
    "tags": {
        "Stage": "Dev"
    },
    "createdDate": 1565638052,
    "lastUpdatedDate": 1565640455
}

This has been my workaround thus far: replace the slash with

resource aws_api_gateway_method_settings GET_tenant_tenant-name_enrollment_codes {
  rest_api_id = aws_api_gateway_rest_api.centrify.id
  stage_name = aws_api_gateway_stage.v1.stage_name
  method_path = "${replace(aws_api_gateway_resource.tenant_tenant-name_enrollment_codes.path, "/", "~1")}/${aws_api_gateway_method.GET_tenant_tenant-name_enrollment_codes.http_method}"
  settings {
    caching_enabled = true
    cache_ttl_in_seconds = 60
    require_authorization_for_cache_control  = true
    unauthorized_cache_control_header_strategy = "FAIL_WITH_403"
  }
}

Metadata

Assignees

No one assigned

    Labels

    service/apigatewayIssues and PRs that pertain to the apigateway service.staleOld or inactive issues managed by automation, if no further action taken these will get closed.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions