This template creates an AWS API Gateway and associates it with a WAFv2 Web ACL to protect the API.

Terraform Template

resource "aws_api_gateway_deployment" "example" {

  lifecycle {
    create_before_destroy = true
  }
  rest_api_id = aws_api_gateway_rest_api.example.id

  triggers = {
    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.example.body))
  }
}

resource "aws_api_gateway_rest_api" "example" {
  body = jsonencode({
 openapi = "3.0.1"
 info = {
 title = "example"
 version = "1.0"
 }
 paths = {
 "/path1" = {
 get = {
 x-amazon-apigateway-integration = {
 httpMethod = "GET"
 payloadFormatVersion = "1.0"
 type = "HTTP_PROXY"
 uri = "https://ip-ranges.amazonaws.com/ip-ranges.json"
 }
 }
 }
 }
 })
  name = "example"
}

resource "aws_api_gateway_stage" "example" {
  deployment_id = aws_api_gateway_deployment.example.id
  rest_api_id = aws_api_gateway_rest_api.example.id
  stage_name = "example"
}

resource "aws_wafv2_web_acl" "example" {
  name = "web-acl-association-example"
  scope = "REGIONAL"

  visibility_config {
    cloudwatch_metrics_enabled = false
    metric_name = "friendly-metric-name"
    sampled_requests_enabled = false
  }
}

resource "aws_wafv2_web_acl_association" "example" {
  resource_arn = aws_api_gateway_stage.example.arn
  web_acl_arn = aws_wafv2_web_acl.example.arn
}