From 33e3a286199a9e4f6768abc4c3fa004ff02f18b8 Mon Sep 17 00:00:00 2001 From: Carlo D'Ambrosio Date: Thu, 14 May 2026 11:31:50 +0200 Subject: [PATCH 1/2] feat: enabled api-gateway logging --- main.tf | 21 +++++++++++++++++++++ variables.tf | 6 ++++++ 2 files changed, 27 insertions(+) diff --git a/main.tf b/main.tf index e5d45fc..13f8cfd 100644 --- a/main.tf +++ b/main.tf @@ -59,6 +59,26 @@ resource "aws_api_gateway_stage" "stage" { rest_api_id = aws_api_gateway_rest_api.api[each.key].id deployment_id = aws_api_gateway_deployment.placeholder[each.key].id + dynamic "access_log_settings" { + for_each = var.access_log_destination_arn != null ? [1] : [] + content { + destination_arn = var.access_log_destination_arn + format = jsonencode({ + requestId = "$context.requestId" + ip = "$context.identity.sourceIp" + requestTime = "$context.requestTime" + httpMethod = "$context.httpMethod" + resourcePath = "$context.resourcePath" + status = "$context.status" + responseLength = "$context.responseLength" + latency = "$context.responseLatency" + integrationLatency = "$context.integration.latency" + errorMessage = "$context.error.message" + apiKey = "$context.identity.apiKey" + }) + } + } + tags = module.this.tags } @@ -70,6 +90,7 @@ resource "aws_api_gateway_method_settings" "settings" { settings { metrics_enabled = local.enable_metrics + logging_level = var.access_log_destination_arn != null ? "INFO" : "OFF" throttling_rate_limit = var.stage_throttle_rate_limit throttling_burst_limit = var.stage_throttle_burst_limit } diff --git a/variables.tf b/variables.tf index 4cd68b5..48a080f 100644 --- a/variables.tf +++ b/variables.tf @@ -91,4 +91,10 @@ variable "cors_configuration" { }) description = "CORS configuration for the API Gateway" default = null +} + +variable "access_log_destination_arn" { + type = string + description = "CloudWatch Log Group ARN for API Gateway access logging. Enables access logs when set." + default = null } \ No newline at end of file From e551470180973248f5a50578ea405233e463d01b Mon Sep 17 00:00:00 2001 From: Carlo D'Ambrosio Date: Mon, 15 Jun 2026 14:22:02 +0200 Subject: [PATCH 2/2] feat: make ssm parameters optional --- ssm.tf | 6 +++--- variables.tf | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ssm.tf b/ssm.tf index bafcf26..3812ba6 100644 --- a/ssm.tf +++ b/ssm.tf @@ -3,7 +3,7 @@ locals { } resource "aws_ssm_parameter" "rest_api_id" { - for_each = toset(local.stages) + for_each = var.enable_ssm_parameters ? toset(local.stages) : [] name = "${local.ssm_prefix}/${each.key}/restApiId" type = "String" value = aws_api_gateway_rest_api.api[each.key].id @@ -12,7 +12,7 @@ resource "aws_ssm_parameter" "rest_api_id" { } resource "aws_ssm_parameter" "rest_api_root_resource_id" { - for_each = toset(local.stages) + for_each = var.enable_ssm_parameters ? toset(local.stages) : [] name = "${local.ssm_prefix}/${each.key}/restApiRootResourceId" type = "String" value = aws_api_gateway_rest_api.api[each.key].root_resource_id @@ -21,7 +21,7 @@ resource "aws_ssm_parameter" "rest_api_root_resource_id" { } resource "aws_ssm_parameter" "rest_api_key" { - for_each = var.create_usage_plan ? toset(local.stages) : [] + for_each = var.enable_ssm_parameters && var.create_usage_plan ? toset(local.stages) : [] name = "${local.ssm_prefix}/${each.key}/restApiKey" type = "String" value = aws_api_gateway_api_key.default[each.key].name diff --git a/variables.tf b/variables.tf index 48a080f..d87de7f 100644 --- a/variables.tf +++ b/variables.tf @@ -10,6 +10,12 @@ variable "ssm_prefix" { default = null } +variable "enable_ssm_parameters" { + type = bool + description = "Whether to create SSM parameters for API resource references" + default = true +} + variable "endpoint_type" { type = string description = "API Gateway endpoint type (e.g., 'REGIONAL', 'EDGE', 'PRIVATE')"