This gist contains code from the file api_gateway.tf which is part of the blog-photo-location-map repository.

blog-photo-location-map-api_gateway-07.tf

# Allow API Gateway to invoke the upload-photo lambda function
resource "aws_lambda_permission" "apigw_invoke_upload_photo_lambda" {
  statement_id  = "AllowAPIGatewayInvoke"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.upload_photo_lambda.function_name
  principal     = "apigateway.amazonaws.com"
  source_arn    = "${aws_api_gateway_rest_api.photo_location_map.execution_arn}/*/*"
}

# create the resource for uploading photo
resource "aws_api_gateway_resource" "upload_photo" {
  rest_api_id = aws_api_gateway_rest_api.photo_location_map.id
  parent_id   = aws_api_gateway_rest_api.photo_location_map.root_resource_id
  path_part   = local.api_gateway_upload_photo_path
}

# Create the method on the upload photo resource that uses POST method
resource "aws_api_gateway_method" "upload_photo_post" {
  rest_api_id   = aws_api_gateway_rest_api.photo_location_map.id
  resource_id   = aws_api_gateway_resource.upload_photo.id
  http_method   = "POST"
  authorization = "NONE"
}

# Set up the integration between API Gateway and the upload photo Lambda function
resource "aws_api_gateway_integration" "upload_photo" {
  rest_api_id             = aws_api_gateway_rest_api.photo_location_map.id
  resource_id             = aws_api_gateway_resource.upload_photo.id
  http_method             = aws_api_gateway_method.upload_photo_post.http_method
  integration_http_method = "POST"
  type                    = "AWS_PROXY"
  uri                     = aws_lambda_function.upload_photo_lambda.invoke_arn
}

# Create CORS for upload-photo using OPTIONS method
resource "aws_api_gateway_method" "upload_photo_options" {
  rest_api_id   = aws_api_gateway_rest_api.photo_location_map.id
  resource_id   = aws_api_gateway_resource.upload_photo.id
  http_method   = "OPTIONS"
  authorization = "NONE"
}

# Set up a MOCK integration for the OPTIONS method.
resource "aws_api_gateway_integration" "upload_photo_options_integration" {
  rest_api_id = aws_api_gateway_rest_api.photo_location_map.id
  resource_id = aws_api_gateway_resource.upload_photo.id
  http_method = aws_api_gateway_method.upload_photo_options.http_method

  type = "MOCK"
  request_templates = {
    "application/json" = "{\"statusCode\": 200}"
  }
}

# Define the method response for OPTIONS, including CORS headers.
resource "aws_api_gateway_method_response" "upload_photo_options_method_response" {
  rest_api_id = aws_api_gateway_rest_api.photo_location_map.id
  resource_id = aws_api_gateway_resource.upload_photo.id
  http_method = aws_api_gateway_method.upload_photo_options.http_method
  status_code = "200"

  response_parameters = {
    "method.response.header.Access-Control-Allow-Headers" = true
    "method.response.header.Access-Control-Allow-Methods" = true
    "method.response.header.Access-Control-Allow-Origin"  = true
  }
}

# Configure the integration response for OPTIONS to set the CORS headers.
resource "aws_api_gateway_integration_response" "upload_photo_options_integration_response" {
  rest_api_id = aws_api_gateway_rest_api.photo_location_map.id
  resource_id = aws_api_gateway_resource.upload_photo.id
  http_method = aws_api_gateway_method.upload_photo_options.http_method
  status_code = aws_api_gateway_method_response.upload_photo_options_method_response.status_code

  response_parameters = {
    "method.response.header.Access-Control-Allow-Headers" = "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'"
    "method.response.header.Access-Control-Allow-Methods" = "'GET,POST,OPTIONS,PUT,PATCH,DELETE'"
    "method.response.header.Access-Control-Allow-Origin"  = "'*'"
  }
}