AWS API Gateway 资源 ID 与 Terraform 的映射

Question

我有一个AWS API Gateway 的模块，它是由Terraform 创建的，网关创建没有任何问题，但是当我尝试创建嵌套的api gateway resource 时，资源占用了错误的ID，它假设采用父 ID，但它以某种方式采用不同父级的 ID，似乎按字母顺序排列。

---

这里是它自己的代码：

resource "aws_api_gateway_resource" "parent" {
   for_each    = { for key, value in var.restapi.resource : key => value }
   path_part   = lookup(each.value, "path", null)
   parent_id   = element([ for key, value in aws_api_gateway_rest_api.managed : value.root_resource_id ], each.key)
   rest_api_id = element([ for key, value in aws_api_gateway_rest_api.managed : value.id ], each.key)
}


resource "aws_api_gateway_resource" "childs" {
   for_each    = { for key, value in var.restapi.resource.childs : key => value }
   depends_on  = [ aws_api_gateway_resource.parent ]
   path_part   = lookup(each.value, "path", null)
   parent_id   = element([ for key, value in aws_api_gateway_resource.managed : value.id ], each.key)
   rest_api_id = element([ for key, value in aws_api_gateway_rest_api.managed : value.id ], each.key)
}

---

aws_api_gateway_resource. childs 中的问题是parent_id，正如我上面提到的，它需要错误的父级ID，这里是terraform plan 结果：

# module.restapi.aws_api_gateway_resource.parent["1"] will be created
+ resource "aws_api_gateway_resource" "parent" {
    + id          = (known after apply)
    + parent_id   = "j3pt41ko7f"
    + path        = (known after apply)
    + path_part   = "saml-store"
    + rest_api_id = "mtu4b34wn4"
  }

# module.restapi.aws_api_gateway_resource.childs["1"] will be created
+ resource "aws_api_gateway_resource" "childs" {
    + id          = (known after apply)
    + parent_id   = (known after apply)
    + path        = (known after apply)
    + path_part   = "saml-store/enable"
    + rest_api_id = "mtu4b34wn4"
  }

# module.restapi.aws_api_gateway_resource.childs["2"] will be created
+ resource "aws_api_gateway_resource" "childs" {
    + id          = (known after apply)
    + parent_id   = "b72571"
    + path        = (known after apply)
    + path_part   = "block/disable"
    + rest_api_id = "mtu4b34wn4"
  }

---

module.restapi.aws_api_gateway_resource.childs["2"] 取错了ID，应该取与module.restapi.aws_api_gateway_resource.childs["1"] 相同的ID，这是未知的，只有在apply 之后才能知道，所以module.restapi.aws_api_gateway_resource.childs["2"] 的path_part 必须是“saml-store/enable”而不是“block/disable”，我该如何解决这个问题？

Answer 1

我建议你使用data声明Data Source: aws_api_gateway_resource，这里你可以根据你的代码准确指定path，这将是解决方案，最后它会返回确切的id

data "aws_api_gateway_resource" "my_resource" {
  rest_api_id = "your_rest_api_id"
  path        = "/endpoint/path"
}

Answer 2

您的子资源中似乎存在复制粘贴问题（您引用的是托管而不是父资源）：

resource "aws_api_gateway_resource" "childs" {
   for_each    = { for key, value in var.restapi.resource.childs : key => value }
   depends_on  = [ aws_api_gateway_resource.parent ]
   path_part   = lookup(each.value, "path", null)
   parent_id   = element([ for key, value in aws_api_gateway_resource.managed : value.id ], each.key)
   rest_api_id = element([ for key, value in aws_api_gateway_rest_api.managed : value.id ], each.key)
}

你应该把它改成：

resource "aws_api_gateway_resource" "childs" {
   for_each    = { for key, value in var.restapi.resource.childs : key => value }
   depends_on  = [ aws_api_gateway_resource.parent ]
   path_part   = lookup(each.value, "path", null)
   parent_id   = element([ for key, value in aws_api_gateway_resource.parent : value.id ], each.key)
   rest_api_id = element([ for key, value in aws_api_gateway_rest_api.managed : value.id ], each.key)
}