terraform-aws-modules
diff --git a/‎.pre-commit-config.yaml
Lines changed: 1 addition & 1 deletion b/‎.pre-commit-config.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md
Lines changed: 23 additions & 3 deletions b/‎README.md
Lines changed: 23 additions & 3 deletions
diff --git a/‎examples/complete-http/README.md
Lines changed: 2 additions & 1 deletion b/‎examples/complete-http/README.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎examples/complete-http/main.tf
Lines changed: 6 additions & 3 deletions b/‎examples/complete-http/main.tf
Lines changed: 6 additions & 3 deletions
diff --git a/‎examples/complete-http/outputs.tf
Lines changed: 6 additions & 1 deletion b/‎examples/complete-http/outputs.tf
Lines changed: 6 additions & 1 deletion
diff --git a/‎examples/complete-http/variables.tf
Lines changed: 1 addition & 1 deletion b/‎examples/complete-http/variables.tf
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/vpc-link-http/README.md
Lines changed: 1 addition & 0 deletions b/‎examples/vpc-link-http/README.md
Lines changed: 1 addition & 0 deletions
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.89.1
+    rev: v1.90.0
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each
 
@@ -101,6 +101,25 @@ module "api_gateway" {
 }
 ```
 
+## Multiple Subdomains
+
+API Gateway v2 supports wildcard custom domains which allow users to map multiple subdomains to the same API Gateway. This is useful when you have multiple customers and you want to provide them with a custom domain for their API endpoint and possibly use that for header based routing/rules.
+
+```hcl
+module "api_gateway" {
+  source = "terraform-aws-modules/apigateway-v2/aws"
+
+  ...
+  domain_name = "*.mydomain.com"
+  subdomains  = ["customer1", "customer2"]
+  ...
+}
+```
+
+This will create records that allow users to access the API Gateway using the following subdomains:
+- `customer1.mydomain.com`
+- `customer2.mydomain.com`
+
 ## Conditional Creation
 
 The following values are provided to toggle on/off creation of the associated resources as desired:
@@ -183,7 +202,7 @@ module "api_gateway" {
 | <a name="input_api_key_selection_expression"></a> [api\_key\_selection\_expression](#input\_api\_key\_selection\_expression) | An API key selection expression. Valid values: `$context.authorizer.usageIdentifierKey`, `$request.header.x-api-key`. Defaults to `$request.header.x-api-key`. Applicable for WebSocket APIs | `string` | `null` | no |
 | <a name="input_api_mapping_key"></a> [api\_mapping\_key](#input\_api\_mapping\_key) | The [API mapping key](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-mapping-template-reference.html) | `string` | `null` | no |
 | <a name="input_api_version"></a> [api\_version](#input\_api\_version) | A version identifier for the API. Must be between 1 and 64 characters in length | `string` | `null` | no |
-| <a name="input_authorizers"></a> [authorizers](#input\_authorizers) | Map of API gateway authorizers to create | <pre>map(object({<br>    authorizer_credentials_arn        = optional(string)<br>    authorizer_payload_format_version = optional(string)<br>    authorizer_result_ttl_in_seconds  = optional(number)<br>    authorizer_type                   = optional(string, "REQUEST")<br>    authorizer_uri                    = optional(string)<br>    enable_simple_responses           = optional(bool)<br>    identity_sources                  = optional(list(string))<br>    jwt_configuration = optional(object({<br>      audience = optional(list(string))<br>      issuer   = optional(string)<br>    }), {})<br>    name = optional(string)<br>  }))</pre> | `{}` | no |
+| <a name="input_authorizers"></a> [authorizers](#input\_authorizers) | Map of API gateway authorizers to create | <pre>map(object({<br>    authorizer_credentials_arn        = optional(string)<br>    authorizer_payload_format_version = optional(string)<br>    authorizer_result_ttl_in_seconds  = optional(number)<br>    authorizer_type                   = optional(string, "REQUEST")<br>    authorizer_uri                    = optional(string)<br>    enable_simple_responses           = optional(bool)<br>    identity_sources                  = optional(list(string))<br>    jwt_configuration = optional(object({<br>      audience = optional(list(string))<br>      issuer   = optional(string)<br>    }))<br>    name = optional(string)<br>  }))</pre> | `{}` | no |
 | <a name="input_body"></a> [body](#input\_body) | An OpenAPI specification that defines the set of routes and integrations to create as part of the HTTP APIs. Supported only for HTTP APIs | `string` | `null` | no |
 | <a name="input_cors_configuration"></a> [cors\_configuration](#input\_cors\_configuration) | The cross-origin resource sharing (CORS) configuration. Applicable for HTTP APIs | <pre>object({<br>    allow_credentials = optional(bool)<br>    allow_headers     = optional(list(string))<br>    allow_methods     = optional(list(string))<br>    allow_origins     = optional(list(string))<br>    expose_headers    = optional(list(string), [])<br>    max_age           = optional(number)<br>  })</pre> | `{}` | no |
 | <a name="input_create"></a> [create](#input\_create) | Controls if resources should be created | `bool` | `true` | no |
@@ -205,10 +224,10 @@ module "api_gateway" {
 | <a name="input_protocol_type"></a> [protocol\_type](#input\_protocol\_type) | The API protocol. Valid values: `HTTP`, `WEBSOCKET` | `string` | `"HTTP"` | no |
 | <a name="input_route_key"></a> [route\_key](#input\_route\_key) | Part of quick create. Specifies any route key. Applicable for HTTP APIs | `string` | `null` | no |
 | <a name="input_route_selection_expression"></a> [route\_selection\_expression](#input\_route\_selection\_expression) | The route selection expression for the API. Defaults to `$request.method $request.path` | `string` | `null` | no |
-| <a name="input_routes"></a> [routes](#input\_routes) | Map of API gateway routes with integrations | <pre>map(object({<br>    # Route<br>    authorizer_key             = optional(string)<br>    api_key_required           = optional(bool)<br>    authorization_scopes       = optional(list(string), [])<br>    authorization_type         = optional(string)<br>    authorizer_id              = optional(string)<br>    model_selection_expression = optional(string)<br>    operation_name             = optional(string)<br>    request_models             = optional(map(string), {})<br>    request_parameter = optional(object({<br>      request_parameter_key = optional(string)<br>      required              = optional(bool, false)<br>    }), {})<br>    route_response_selection_expression = optional(string)<br><br>    # Route settings<br>    data_trace_enabled       = optional(bool, false)<br>    detailed_metrics_enabled = optional(bool, false)<br>    logging_level            = optional(string)<br>    throttling_burst_limit   = optional(number, 500)<br>    throttling_rate_limit    = optional(number, 1000)<br><br>    # Stage - Route response<br>    route_response = optional(object({<br>      create                     = optional(bool, false)<br>      model_selection_expression = optional(string)<br>      response_models            = optional(map(string))<br>      route_response_key         = optional(string, "$default")<br>    }), {})<br><br>    # Integration<br>    integration = object({<br>      connection_id             = optional(string)<br>      vpc_link_key              = optional(string)<br>      connection_type           = optional(string)<br>      content_handling_strategy = optional(string)<br>      credentials_arn           = optional(string)<br>      description               = optional(string)<br>      method                    = optional(string)<br>      subtype                   = optional(string)<br>      type                      = optional(string, "AWS_PROXY")<br>      uri                       = optional(string)<br>      passthrough_behavior      = optional(string)<br>      payload_format_version    = optional(string)<br>      request_parameters        = optional(map(string), {})<br>      request_templates         = optional(map(string), {})<br>      response_parameters = optional(list(object({<br>        mappings    = map(string)<br>        status_code = string<br>      })))<br>      template_selection_expression = optional(string)<br>      timeout_milliseconds          = optional(number)<br>      tls_config = optional(object({<br>        server_name_to_verify = optional(string)<br>      }), {})<br><br>      # Integration Response<br>      response = optional(object({<br>        content_handling_strategy     = optional(string)<br>        integration_response_key      = optional(string)<br>        response_templates            = optional(map(string))<br>        template_selection_expression = optional(string)<br>      }), {})<br>    })<br>  }))</pre> | `{}` | no |
+| <a name="input_routes"></a> [routes](#input\_routes) | Map of API gateway routes with integrations | <pre>map(object({<br>    # Route<br>    authorizer_key             = optional(string)<br>    api_key_required           = optional(bool)<br>    authorization_scopes       = optional(list(string), [])<br>    authorization_type         = optional(string)<br>    authorizer_id              = optional(string)<br>    model_selection_expression = optional(string)<br>    operation_name             = optional(string)<br>    request_models             = optional(map(string), {})<br>    request_parameter = optional(object({<br>      request_parameter_key = optional(string)<br>      required              = optional(bool, false)<br>    }), {})<br>    route_response_selection_expression = optional(string)<br><br>    # Route settings<br>    data_trace_enabled       = optional(bool)<br>    detailed_metrics_enabled = optional(bool)<br>    logging_level            = optional(string)<br>    throttling_burst_limit   = optional(number)<br>    throttling_rate_limit    = optional(number)<br><br>    # Stage - Route response<br>    route_response = optional(object({<br>      create                     = optional(bool, false)<br>      model_selection_expression = optional(string)<br>      response_models            = optional(map(string))<br>      route_response_key         = optional(string, "$default")<br>    }), {})<br><br>    # Integration<br>    integration = object({<br>      connection_id             = optional(string)<br>      vpc_link_key              = optional(string)<br>      connection_type           = optional(string)<br>      content_handling_strategy = optional(string)<br>      credentials_arn           = optional(string)<br>      description               = optional(string)<br>      method                    = optional(string)<br>      subtype                   = optional(string)<br>      type                      = optional(string, "AWS_PROXY")<br>      uri                       = optional(string)<br>      passthrough_behavior      = optional(string)<br>      payload_format_version    = optional(string)<br>      request_parameters        = optional(map(string), {})<br>      request_templates         = optional(map(string), {})<br>      response_parameters = optional(list(object({<br>        mappings    = map(string)<br>        status_code = string<br>      })))<br>      template_selection_expression = optional(string)<br>      timeout_milliseconds          = optional(number)<br>      tls_config = optional(object({<br>        server_name_to_verify = optional(string)<br>      }))<br><br>      # Integration Response<br>      response = optional(object({<br>        content_handling_strategy     = optional(string)<br>        integration_response_key      = optional(string)<br>        response_templates            = optional(map(string))<br>        template_selection_expression = optional(string)<br>      }), {})<br>    })<br>  }))</pre> | `{}` | no |
 | <a name="input_stage_access_log_settings"></a> [stage\_access\_log\_settings](#input\_stage\_access\_log\_settings) | Settings for logging access in this stage. Use the aws\_api\_gateway\_account resource to configure [permissions for CloudWatch Logging](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#set-up-access-logging-permissions) | <pre>object({<br>    create_log_group            = optional(bool, true)<br>    destination_arn             = optional(string)<br>    format                      = optional(string)<br>    log_group_name              = optional(string)<br>    log_group_retention_in_days = optional(number, 30)<br>    log_group_kms_key_id        = optional(string)<br>    log_group_skip_destroy      = optional(bool)<br>    log_group_class             = optional(string)<br>    log_group_tags              = optional(map(string), {})<br>  })</pre> | `{}` | no |
 | <a name="input_stage_client_certificate_id"></a> [stage\_client\_certificate\_id](#input\_stage\_client\_certificate\_id) | The identifier of a client certificate for the stage. Use the `aws_api_gateway_client_certificate` resource to configure a client certificate. Supported only for WebSocket APIs | `string` | `null` | no |
-| <a name="input_stage_default_route_settings"></a> [stage\_default\_route\_settings](#input\_stage\_default\_route\_settings) | The default route settings for the stage | <pre>object({<br>    data_trace_enabled       = optional(bool, false)<br>    detailed_metrics_enabled = optional(bool, false)<br>    logging_level            = optional(string)<br>    throttling_burst_limit   = optional(number, 500)<br>    throttling_rate_limit    = optional(number, 1000)<br>  })</pre> | `{}` | no |
+| <a name="input_stage_default_route_settings"></a> [stage\_default\_route\_settings](#input\_stage\_default\_route\_settings) | The default route settings for the stage | <pre>object({<br>    data_trace_enabled       = optional(bool, true)<br>    detailed_metrics_enabled = optional(bool, true)<br>    logging_level            = optional(string)<br>    throttling_burst_limit   = optional(number, 500)<br>    throttling_rate_limit    = optional(number, 1000)<br>  })</pre> | `{}` | no |
 | <a name="input_stage_description"></a> [stage\_description](#input\_stage\_description) | The description for the stage. Must be less than or equal to 1024 characters in length | `string` | `null` | no |
 | <a name="input_stage_name"></a> [stage\_name](#input\_stage\_name) | The name of the stage. Must be between 1 and 128 characters in length | `string` | `"$default"` | no |
 | <a name="input_stage_tags"></a> [stage\_tags](#input\_stage\_tags) | A mapping of tags to assign to the stage resource | `map(string)` | `{}` | no |
@@ -241,6 +260,7 @@ module "api_gateway" {
 | <a name="output_stage_access_logs_cloudwatch_log_group_arn"></a> [stage\_access\_logs\_cloudwatch\_log\_group\_arn](#output\_stage\_access\_logs\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created |
 | <a name="output_stage_access_logs_cloudwatch_log_group_name"></a> [stage\_access\_logs\_cloudwatch\_log\_group\_name](#output\_stage\_access\_logs\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created |
 | <a name="output_stage_arn"></a> [stage\_arn](#output\_stage\_arn) | The stage ARN |
+| <a name="output_stage_domain_name"></a> [stage\_domain\_name](#output\_stage\_domain\_name) | Domain name of the stage (useful for CloudFront distribution) |
 | <a name="output_stage_execution_arn"></a> [stage\_execution\_arn](#output\_stage\_execution\_arn) | The ARN prefix to be used in an aws\_lambda\_permission's source\_arn attribute or in an aws\_iam\_policy to authorize access to the @connections API |
 | <a name="output_stage_id"></a> [stage\_id](#output\_stage\_id) | The stage identifier |
 | <a name="output_stage_invoke_url"></a> [stage\_invoke\_url](#output\_stage\_invoke\_url) | The URL to invoke the API pointing to the stage |
 
@@ -61,7 +61,7 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | Custom domain name to use on API Gateway endpoint | `string` | `"*.terraform-aws-modules.modules.tf"` | no |
+| <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | Custom domain name to use on API Gateway endpoint | `string` | `"terraform-aws-modules.modules.tf"` | no |
 
 ## Outputs
 
@@ -84,6 +84,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | <a name="output_stage_access_logs_cloudwatch_log_group_arn"></a> [stage\_access\_logs\_cloudwatch\_log\_group\_arn](#output\_stage\_access\_logs\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created |
 | <a name="output_stage_access_logs_cloudwatch_log_group_name"></a> [stage\_access\_logs\_cloudwatch\_log\_group\_name](#output\_stage\_access\_logs\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created |
 | <a name="output_stage_arn"></a> [stage\_arn](#output\_stage\_arn) | The stage ARN |
+| <a name="output_stage_domain_name"></a> [stage\_domain\_name](#output\_stage\_domain\_name) | Domain name of the stage (useful for CloudFront distribution) |
 | <a name="output_stage_execution_arn"></a> [stage\_execution\_arn](#output\_stage\_execution\_arn) | The ARN prefix to be used in an aws\_lambda\_permission's source\_arn attribute or in an aws\_iam\_policy to authorize access to the @connections API |
 | <a name="output_stage_id"></a> [stage\_id](#output\_stage\_id) | The stage identifier |
 | <a name="output_stage_invoke_url"></a> [stage\_invoke\_url](#output\_stage\_invoke\_url) | The URL to invoke the API pointing to the stage |
 
@@ -37,7 +37,7 @@ module "api_gateway" {
 
   # Authorizer(s)
   authorizers = {
-    "cognito" = {
+    cognito = {
       authorizer_type  = "JWT"
       identity_sources = ["$request.header.Authorization"]
       name             = "cognito"
@@ -50,7 +50,6 @@ module "api_gateway" {
 
   # Domain Name
   domain_name           = var.domain_name
-  subdomains            = ["customer1", "customer2"]
   create_domain_records = true
   create_certificate    = true
 
@@ -62,6 +61,8 @@ module "api_gateway" {
   # Routes & Integration(s)
   routes = {
     "ANY /" = {
+      detailed_metrics_enabled = false
+
       integration = {
         uri                    = module.lambda_function.lambda_function_arn
         payload_format_version = "2.0"
@@ -83,7 +84,8 @@ module "api_gateway" {
     }
 
     "GET /some-route-with-authorizer" = {
-      authorizer_key = "cognito"
+      authorization_type = "JWT"
+      authorizer_key     = "cognito"
 
       integration = {
         uri                    = module.lambda_function.lambda_function_arn
@@ -310,6 +312,7 @@ module "s3_bucket" {
 
   tags = local.tags
 }
+
 resource "aws_s3_object" "this" {
   bucket                 = module.s3_bucket.s3_bucket_id
   key                    = "truststore.pem"
 
@@ -1,6 +1,6 @@
 output "test_curl_command" {
   description = "Curl command to test API endpoint using mTLS"
-  value       = "curl --key ./my-key.key --cert ./my-cert.pem https://customer1.${replace(var.domain_name, "*.", "")} | jq"
+  value       = "curl --key ./my-key.key --cert ./my-cert.pem https://${var.domain_name} | jq"
 }
 
 ################################################################################
@@ -106,6 +106,11 @@ output "stage_id" {
   value       = module.api_gateway.stage_id
 }
 
+output "stage_domain_name" {
+  description = "Domain name of the stage (useful for CloudFront distribution)"
+  value       = module.api_gateway.stage_domain_name
+}
+
 output "stage_arn" {
   description = "The stage ARN"
   value       = module.api_gateway.stage_arn
 
@@ -1,5 +1,5 @@
 variable "domain_name" {
   description = "Custom domain name to use on API Gateway endpoint"
   type        = string
-  default     = "*.terraform-aws-modules.modules.tf"
+  default     = "terraform-aws-modules.modules.tf"
 }
@@ -73,6 +73,7 @@ No inputs.
 | <a name="output_stage_access_logs_cloudwatch_log_group_arn"></a> [stage\_access\_logs\_cloudwatch\_log\_group\_arn](#output\_stage\_access\_logs\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created |
 | <a name="output_stage_access_logs_cloudwatch_log_group_name"></a> [stage\_access\_logs\_cloudwatch\_log\_group\_name](#output\_stage\_access\_logs\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created |
 | <a name="output_stage_arn"></a> [stage\_arn](#output\_stage\_arn) | The stage ARN |
+| <a name="output_stage_domain_name"></a> [stage\_domain\_name](#output\_stage\_domain\_name) | Domain name of the stage (useful for CloudFront distribution) |
 | <a name="output_stage_execution_arn"></a> [stage\_execution\_arn](#output\_stage\_execution\_arn) | The ARN prefix to be used in an aws\_lambda\_permission's source\_arn attribute or in an aws\_iam\_policy to authorize access to the @connections API |
 | <a name="output_stage_id"></a> [stage\_id](#output\_stage\_id) | The stage identifier |
 | <a name="output_stage_invoke_url"></a> [stage\_invoke\_url](#output\_stage\_invoke\_url) | The URL to invoke the API pointing to the stage |
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`variable "domain_name" {`
`2`	`2`	`description = "Custom domain name to use on API Gateway endpoint"`
`3`	`3`	`type = string`
`4`		`- default = "*.terraform-aws-modules.modules.tf"`
	`4`	`+ default = "terraform-aws-modules.modules.tf"`
`5`	`5`	`}`