From 1b7543f18eca7d0edb94932061d1865caf45447d Mon Sep 17 00:00:00 2001
From: "Miroslav Chomut (CZ)" <Miroslav.Chomut@absa.africa>
Date: Tue, 1 Oct 2024 14:01:09 +0200
Subject: [PATCH] #17 coupling to vpce

---
 terraform/api_gateway.tf | 6 ++++++
 terraform/variables.tf   | 1 +
 2 files changed, 7 insertions(+)

diff --git a/terraform/api_gateway.tf b/terraform/api_gateway.tf
index fa5d4b5..029aae5 100644
--- a/terraform/api_gateway.tf
+++ b/terraform/api_gateway.tf
@@ -4,6 +4,7 @@ resource "aws_api_gateway_rest_api" "event_gate_api" {
   tags = {"BuiltBy" = "Terraform"}
   endpoint_configuration {
     types = ["PRIVATE"]
+    vpc_endpoint_ids = [var.vpc_endpoint]
   }
   policy = jsonencode({
     Version = "2012-10-17",
@@ -13,6 +14,11 @@ resource "aws_api_gateway_rest_api" "event_gate_api" {
         Action = "execute-api:Invoke",
         Resource = "*",
         Principal = "*"
+		Condition = {
+          StringEquals = {
+            "aws:sourceVpce" = var.vpc_endpoint
+          }
+        }
       }
     ]
   })
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 0cbb4c0..a8e8010 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -1,5 +1,6 @@
 variable "aws_region" {}
 variable "vpc_id" {}
+variable "vpc_endpoint" {}
 variable "resource_prefix" {}
 variable "lambda_role_arn" {}
 variable "lambda_vpc_subnet_ids" {}