community / community.aws / 3.4.0 / module / aws_api_gateway_domain Manage AWS API Gateway custom domains | "added in version" 3.3.0 of community.aws" Authors: Stefan Horning (@stefanhorning)community.aws.aws_api_gateway_domain (3.4.0) — module
Install with ansible-galaxy collection install community.aws:==3.4.0
collections: - name: community.aws version: 3.4.0
Manages API Gateway custom domains for API GW Rest APIs.
AWS API Gateway custom domain setups use CloudFront behind the scenes. So you will get a CloudFront distribution as a result, configured to be aliased with your domain.
- name: Setup endpoint for a custom domain for your API Gateway HTTP API community.aws.aws_api_gateway_domain: domain_name: myapi.foobar.com certificate_arn: 'arn:aws:acm:us-east-1:1231123123:certificate/8bd89412-abc123-xxxxx' security_policy: TLS_1_2 endpoint_type: EDGE domain_mappings: - { rest_api_id: abc123, stage: production } state: present register: api_gw_domain_result
- name: Create a DNS record for your custom domain on route 53 (using route53 module) community.aws.route53: record: myapi.foobar.com value: "{{ api_gw_domain_result.response.domain.distribution_domain_name }}" type: A alias: true zone: foobar.com alias_hosted_zone_id: "{{ api_gw_domain_result.response.domain.distribution_hosted_zone_id }}" command: create
state: choices: - present - absent default: present description: - Create or delete custom domain setup. type: str region: aliases: - aws_region - ec2_region description: - The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region) type: str ec2_url: aliases: - aws_endpoint_url - endpoint_url description: - URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used. type: str profile: aliases: - aws_profile description: - Using I(profile) will override I(aws_access_key), I(aws_secret_key) and I(security_token) and support for passing them at the same time as I(profile) has been deprecated. - I(aws_access_key), I(aws_secret_key) and I(security_token) will be made mutually exclusive with I(profile) after 2022-06-01. type: str aws_config: description: - A dictionary to modify the botocore configuration. - Parameters can be found at U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config). - Only the 'user_agent' key is used for boto modules. See U(http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto) for more boto configuration. type: dict domain_name: description: - Domain name you want to use for your API GW deployment. required: true type: str aws_ca_bundle: description: - The location of a CA Bundle to use when validating SSL certificates. - Not used by boto 2 based modules. - 'Note: The CA Bundle is read ''module'' side and may need to be explicitly copied from the controller if not run locally.' type: path endpoint_type: choices: - EDGE - REGIONAL - PRIVATE default: EDGE description: - API endpoint configuration for domain. Use EDGE for edge-optimized endpoint, or use C(REGIONAL) or C(PRIVATE). type: str aws_access_key: aliases: - ec2_access_key - access_key description: - C(AWS access key). If not set then the value of the C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY) or C(EC2_ACCESS_KEY) environment variable is used. - If I(profile) is set this parameter is ignored. - Passing the I(aws_access_key) and I(profile) options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01. type: str aws_secret_key: aliases: - ec2_secret_key - secret_key description: - C(AWS secret key). If not set then the value of the C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY), or C(EC2_SECRET_KEY) environment variable is used. - If I(profile) is set this parameter is ignored. - Passing the I(aws_secret_key) and I(profile) options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01. type: str security_token: aliases: - aws_security_token - access_token description: - C(AWS STS security token). If not set then the value of the C(AWS_SECURITY_TOKEN) or C(EC2_SECURITY_TOKEN) environment variable is used. - If I(profile) is set this parameter is ignored. - Passing the I(security_token) and I(profile) options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01. type: str validate_certs: default: true description: - When set to "no", SSL certificates will not be validated for communication with the AWS APIs. type: bool certificate_arn: description: - AWS Certificate Manger (ACM) TLS certificate ARN. required: true type: str domain_mappings: description: - Map your domain base paths to your API GW REST APIs, that you previously created. Use provided ID of the API setup and the release stage. - 'domain_mappings should be a list of dictionaries containing three keys: base_path, rest_api_id and stage.' - 'Example: I([{ base_path: v1, rest_api_id: abc123, stage: production }])' - if you want base path to be just I(/) omit the param completely or set it to empty string. elements: dict required: true type: list security_policy: choices: - TLS_1_0 - TLS_1_2 default: TLS_1_2 description: - Set allowed TLS versions through AWS defined policies. Currently only C(TLS_1_0) and C(TLS_1_2) are available. type: str debug_botocore_endpoint_logs: default: 'no' description: - Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used. type: bool
response: description: The data returned by create_domain_name (or update and delete) and create_base_path_mapping methods by boto3. returned: success sample: domain: certificate_arn: arn:aws:acm:xxxxxx distribution_domain_name: xxxx.cloudfront.net distribution_hosted_zone_id: ABC123123 domain_name: mydomain.com domain_name_status: AVAILABLE endpoint_configuration: types: - EDGE security_policy: TLS_1_2 tags: {} path_mappings: - base_path: (empty) rest_api_id: abcd123 stage: production type: dict