Connecting Cognito, API GW in Terraform

Question

Hey I have Swagger file with an API I want to run on API Gateway and use Cognito User Pool to secure it, but I don't understand how I can link the Swagger (which is just a yaml file) to Terraform? Please help.

Accepted Answer

On the route in the Swagger definition, you can use the CognitoAuthorizer defined as a security scheme.
In the CognitoAuthorizer you define the auth type (user pool), where the token is sent (header) and what Cognito resource to use (cognito_user_pool_arn, to be set by terraform)
There you can provide an ARN for the Cognito user pool by supplying the variable value in terraform as seen below.

**Swagger**
```
/hello:
  get:
    security:
      - CognitoAuthorizer: ["my-custom-scope"]

components:
  securitySchemes:
    CognitoAuthorizer:
      type: apiKey
      name: Authorization
      in: header
      x-amazon-apigateway-authtype: cognito_user_pools
      x-amazon-apigateway-authorizer:
        providerARNs:
          - "${cognito_user_pool_arn}"
        type: cognito_user_pools
```

**Terraform**

```
resource "aws_cognito_user_pool" "example" {
  name = "my-user-pool"
}

resource "aws_api_gateway_rest_api" "api" {
  name        = "my-api"
  body        = templatefile("swagger.yaml", {cognito_user_pool_arn = "${aws_cognito_user_pool.example.arn}"})
}
```

Connecting Cognito, API GW in Terraform

相關內容