feat(webhook): Enable authorizer assignment to webhook (#4000)

We want to add a lambda authenticator to webhook API endpoint to restrict requests by source IP address. To achieve this, the following two options are possible: 1. add attributes to pass authorizer resource information to this module, 2. or simply ignores changes related to authorizer of `aws_apigatewayv2_route` resource, However, 1. requires all informations to create `aws_apigatewayv2_authorizer` and `aws_lambda_permission`, this is little bit need consideration. Option 2. is, of cource, needs resouce update by hand, however, the very simple to achieve by ignoring attribute changes. This PR aims to implement option 2. --------- Co-authored-by: Niek Palm <[email protected]>
philips-labs · Aug 1, 2024 · b78ccde · b78ccde
1 parent 221958b
commit b78ccde
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/modules/webhook/main.tf b/modules/webhook/main.tf
@@ -14,6 +14,16 @@ resource "aws_apigatewayv2_route" "webhook" {
   api_id    = aws_apigatewayv2_api.webhook.id
   route_key = "POST /${local.webhook_endpoint}"
   target    = "integrations/${aws_apigatewayv2_integration.webhook.id}"
+
+  lifecycle {
+    ignore_changes = [
+      # Ignore authorization related attributes to enable authenticator assignment to API route.
+      # NOTE: We consider the ignores as a system intenral. Future changes will not trigger a breakig change.
+      authorizer_id,
+      authorization_type,
+      authorization_scopes,
+    ]
+  }
 }
 
 resource "aws_apigatewayv2_stage" "webhook" {