fix: Fixed apigateway trigger to use source_arn (#94)

README.md

@@ -277,8 +277,8 @@ module "lambda_function" {
 
   allowed_triggers = {
     APIGatewayAny = {
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*"
     },
     APIGatewayDevPost = {
       service    = "apigateway"
@@ -292,8 +292,6 @@ module "lambda_function" {
 }
 ```
 
-Note: `service = "apigateway" with arn` is a short form to allow invocations of a Lambda Function from any stage, any method, any resource of an API Gateway.
-
 ## Conditional creation
 
 Sometimes you need to have a way to create resources conditionally but Terraform does not allow usage of `count` inside `module` block, so the solution is to specify `create` arguments.

examples/alias/main.tf

@@ -31,8 +31,8 @@ module "lambda_function" {
 
   allowed_triggers = {
     APIGatewayAny = {
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*"
     }
   }
 
@@ -62,8 +62,8 @@ module "alias_no_refresh" {
 
   allowed_triggers = {
     AnotherAPIGatewayAny = { # keys should be unique
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse/*/*/*"
     }
   }
 
@@ -94,8 +94,8 @@ module "alias_existing" {
 
   allowed_triggers = {
     ThirdAPIGatewayAny = {
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*"
     }
   }
 

examples/complete/main.tf

@@ -43,8 +43,8 @@ module "lambda_function" {
 
   allowed_triggers = {
     APIGatewayAny = {
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*"
     },
     APIGatewayDevPost = {
       service    = "apigateway"

examples/deploy/main.tf

@@ -26,8 +26,8 @@ module "lambda_function" {
 
   allowed_triggers = {
     APIGatewayAny = {
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:aqnku8akd0/*/*/*"
     }
   }
 }

main.tf

@@ -186,7 +186,7 @@ resource "aws_lambda_permission" "current_version_triggers" {
   statement_id       = lookup(each.value, "statement_id", each.key)
   action             = lookup(each.value, "action", "lambda:InvokeFunction")
   principal          = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", "")))
-  source_arn         = lookup(each.value, "source_arn", lookup(each.value, "service", null) == "apigateway" ? "${lookup(each.value, "arn", "")}/*/*/*" : null)
+  source_arn         = lookup(each.value, "source_arn", null)
   source_account     = lookup(each.value, "source_account", null)
   event_source_token = lookup(each.value, "event_source_token", null)
 }
@@ -200,7 +200,7 @@ resource "aws_lambda_permission" "unqualified_alias_triggers" {
   statement_id       = lookup(each.value, "statement_id", each.key)
   action             = lookup(each.value, "action", "lambda:InvokeFunction")
   principal          = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", "")))
-  source_arn         = lookup(each.value, "source_arn", lookup(each.value, "service", null) == "apigateway" ? "${lookup(each.value, "arn", "")}/*/*/*" : null)
+  source_arn         = lookup(each.value, "source_arn", null)
   source_account     = lookup(each.value, "source_account", null)
   event_source_token = lookup(each.value, "event_source_token", null)
 }

modules/alias/README.md

@@ -34,8 +34,8 @@ module "alias_no_refresh" {
 
   allowed_triggers = {
     AnotherAPIGatewayAny = {
-      service = "apigateway"
-      arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:135367859851:abcdedfgse/*/*/*"
     }
   }
 }
@@ -76,8 +76,8 @@ module "alias_existing" {
 
   allowed_triggers = {
     AnotherAwesomeAPIGateway = {
-      service = "apigateway"
-      arn     = "arn:aws:execute-api:eu-west-1:999967859851:aqnku8akd0"
+      service    = "apigateway"
+      source_arn = "arn:aws:execute-api:eu-west-1:999967859851:aqnku8akd0/*/*/*"
     }
   }
 }

modules/alias/main.tf

@@ -90,7 +90,7 @@ resource "aws_lambda_permission" "version_triggers" {
   statement_id       = lookup(each.value, "statement_id", each.key)
   action             = lookup(each.value, "action", "lambda:InvokeFunction")
   principal          = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", "")))
-  source_arn         = lookup(each.value, "source_arn", lookup(each.value, "service", null) == "apigateway" ? "${lookup(each.value, "arn", "")}/*/*/*" : null)
+  source_arn         = lookup(each.value, "source_arn", null)
   source_account     = lookup(each.value, "source_account", null)
   event_source_token = lookup(each.value, "event_source_token", null)
 }
@@ -104,7 +104,7 @@ resource "aws_lambda_permission" "qualified_alias_triggers" {
   statement_id       = lookup(each.value, "statement_id", each.key)
   action             = lookup(each.value, "action", "lambda:InvokeFunction")
   principal          = lookup(each.value, "principal", format("%s.amazonaws.com", lookup(each.value, "service", "")))
-  source_arn         = lookup(each.value, "source_arn", lookup(each.value, "service", null) == "apigateway" ? "${lookup(each.value, "arn", "")}/*/*/*" : null)
+  source_arn         = lookup(each.value, "source_arn", null)
   source_account     = lookup(each.value, "source_account", null)
   event_source_token = lookup(each.value, "event_source_token", null)
 }