Manages an Amazon API Gateway Version 2 domain name. More information can be found in the Amazon API Gateway Developer Guide.
resource "aws_apigatewayv2_domain_name" "example" {
domain_name = "ws-api.example.com"
domain_name_configuration {
certificate_arn = aws_acm_certificate.example.arn
endpoint_type = "REGIONAL"
security_policy = "TLS_1_2"
}
}
resource "aws_apigatewayv2_domain_name" "example" {
domain_name = "http-api.example.com"
domain_name_configuration {
certificate_arn = aws_acm_certificate.example.arn
endpoint_type = "REGIONAL"
security_policy = "TLS_1_2"
}
}
resource "aws_route53_record" "example" {
name = aws_apigatewayv2_domain_name.example.domain_name
type = "A"
zone_id = aws_route53_zone.example.zone_id
alias {
name = aws_apigatewayv2_domain_name.example.domain_name_configuration[0].target_domain_name
zone_id = aws_apigatewayv2_domain_name.example.domain_name_configuration[0].hosted_zone_id
evaluate_target_health = false
}
}
This resource supports the following arguments:
domain_name
- (Required) Domain name. Must be between 1 and 512 characters in length.domain_name_configuration
- (Required) Domain name configuration. See below.mutual_tls_authentication
- (Optional) Mutual TLS authentication configuration for the domain name.tags
- (Optional) Map of tags to assign to the domain name. If configured with a provider default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.domain_name_configuration
certificate_arn
- (Required) ARN of an AWS-managed certificate that will be used by the endpoint for the domain name. AWS Certificate Manager is the only supported source. Use the aws_acm_certificate
resource to configure an ACM certificate.endpoint_type
- (Required) Endpoint type. Valid values: REGIONAL
.hosted_zone_id
- (Computed) Amazon Route 53 Hosted Zone ID of the endpoint.ownership_verification_certificate_arn
- (Optional) ARN of the AWS-issued certificate used to validate custom domain ownership (when certificate_arn
is issued via an ACM Private CA or mutual_tls_authentication
is configured with an ACM-imported certificate.)security_policy
- (Required) Transport Layer Security (TLS) version of the security policy for the domain name. Valid values: TLS_1_2
.target_domain_name
- (Computed) Target domain name.mutual_tls_authentication
truststore_uri
- (Required) Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, s3://bucket-name/key-name
. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version.truststore_version
- (Optional) Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.This resource exports the following attributes in addition to the arguments above:
api_mapping_selection_expression
- API mapping selection expression for the domain name.arn
- ARN of the domain name.id
- Domain name identifier.tags_all
- Map of tags assigned to the resource, including those inherited from the provider default_tags
configuration block.create
- (Default 10m
)update
- (Default 60m
)In Terraform v1.5.0 and later, use an import
block to import aws_apigatewayv2_domain_name
using the domain name. For example:
import {
to = aws_apigatewayv2_domain_name.example
id = "ws-api.example.com"
}
Using terraform import
, import aws_apigatewayv2_domain_name
using the domain name. For example:
% terraform import aws_apigatewayv2_domain_name.example ws-api.example.com