API Gateway: aws_api_gateway_method_settings does not work for non-root resourcesΒ #9738
Closed as not planned
Closed as not planned
Description
Description
Setting aws_api_gateway_method_settings does not work for nested resources, i.e. to override a specific stage:
resource aws_api_gateway_method_settings GET_tenant_tenant-name_enrollment_codes {
rest_api_id = aws_api_gateway_rest_api.api.id
stage_name = aws_api_gateway_stage.v1.stage_name
method_path = "${aws_api_gateway_resource.tenant_tenant-name_enrollment_codes.path/${aws_api_gateway_method.GET_tenant_tenant-name_enrollment_codes.http_method}"
settings {
caching_enabled = true
cache_ttl_in_seconds = 60
require_authorization_for_cache_control = true
unauthorized_cache_control_header_strategy = "FAIL_WITH_403"
}
}
When browsing the stage method settings within the AWS API Gateway console, I realized that my custom settings were not showing up, but through the CLI I saw that my settings were there:
aws apigateway get-stage --api-id <apiId> --stage-name <stage>
{
"deploymentId": "umb0bo",
"stageName": "v1",
"cacheClusterEnabled": true,
"cacheClusterSize": "0.5",
"cacheClusterStatus": "AVAILABLE",
"methodSettings": {
"/tenant/{tenant-name}/enrollment_codes/GET": {
"metricsEnabled": false,
"loggingLevel": "OFF",
"dataTraceEnabled": false,
"throttlingBurstLimit": 5000,
"throttlingRateLimit": 10000.0,
"cachingEnabled": true,
"cacheTtlInSeconds": 300,
"cacheDataEncrypted": true,
"requireAuthorizationForCacheControl": true,
"unauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER"
}
},
"variables": {
"function": "API"
},
"tracingEnabled": false,
"tags": {
"Stage": "Dev"
},
"createdDate": 1565638052,
"lastUpdatedDate": 1565640455
}
I applied the same configuration via the portal and realized that the slashes in the path are being escaped with "~1", because the slash is used to separate the path from the method...
{
"deploymentId": "umb0bo",
"stageName": "v1",
"cacheClusterEnabled": true,
"cacheClusterSize": "0.5",
"cacheClusterStatus": "AVAILABLE",
"methodSettings": {
"~1tenant~1{tenant-name}~1enrollment_codes/GET": {
"metricsEnabled": false,
"loggingLevel": "OFF",
"dataTraceEnabled": false,
"throttlingBurstLimit": 5000,
"throttlingRateLimit": 10000.0,
"cachingEnabled": true,
"cacheTtlInSeconds": 300,
"cacheDataEncrypted": true,
"requireAuthorizationForCacheControl": true,
"unauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER"
}
},
"variables": {
"function": "API"
},
"tracingEnabled": false,
"tags": {
"Stage": "Dev"
},
"createdDate": 1565638052,
"lastUpdatedDate": 1565640455
}
This has been my workaround thus far: replace the slash with
resource aws_api_gateway_method_settings GET_tenant_tenant-name_enrollment_codes {
rest_api_id = aws_api_gateway_rest_api.centrify.id
stage_name = aws_api_gateway_stage.v1.stage_name
method_path = "${replace(aws_api_gateway_resource.tenant_tenant-name_enrollment_codes.path, "/", "~1")}/${aws_api_gateway_method.GET_tenant_tenant-name_enrollment_codes.http_method}"
settings {
caching_enabled = true
cache_ttl_in_seconds = 60
require_authorization_for_cache_control = true
unauthorized_cache_control_header_strategy = "FAIL_WITH_403"
}
}