feat: rate limiting configuration (#5)

Author: skunxicat

main.tf

@@ -7,6 +7,7 @@ locals {
 resource "aws_api_gateway_rest_api" "api" {
   for_each = toset(local.stages)
   name     = "${module.this.id}-${each.key}"
+  description = var.description
 
   endpoint_configuration {
     types = [
@@ -63,20 +64,22 @@ resource "aws_api_gateway_stage" "stage" {
   tags = module.this.tags
 }
 
-
 resource "aws_api_gateway_method_settings" "settings" {
   for_each    = toset(local.stages)
   rest_api_id = aws_api_gateway_rest_api.api[each.key].id
   stage_name  = aws_api_gateway_stage.stage[each.key].stage_name
   method_path = "*/*"
 
   settings {
-    metrics_enabled = local.enable_metrics
+    metrics_enabled        = local.enable_metrics
+    throttling_rate_limit  = var.stage_throttle_rate_limit
+    throttling_burst_limit = var.stage_throttle_burst_limit
   }
 }
 
+# API Keys (conditional)
 resource "aws_api_gateway_api_key" "default" {
-  for_each = toset(local.stages)
+  for_each = var.create_usage_plan ? toset(local.stages) : []
   name = join("-", [
     module.this.id,
     "key",
@@ -86,7 +89,9 @@ resource "aws_api_gateway_api_key" "default" {
   tags = module.this.tags
 }
 
+# Usage Plan (conditional)
 resource "aws_api_gateway_usage_plan" "default" {
+  count = var.create_usage_plan ? 1 : 0
   name = "${module.this.id}-default-plan"
 
   dynamic "api_stages" {
@@ -96,15 +101,32 @@ resource "aws_api_gateway_usage_plan" "default" {
       stage  = api_stages.value
     }
   }
+
+  dynamic "throttle_settings" {
+    for_each = var.throttle_rate_limit != null ? [1] : []
+    content {
+      rate_limit  = var.throttle_rate_limit
+      burst_limit = var.throttle_burst_limit
+    }
+  }
+
+  dynamic "quota_settings" {
+    for_each = var.quota_limit != null ? [1] : []
+    content {
+      limit  = var.quota_limit
+      period = var.quota_period
+    }
+  }
 
   depends_on = [aws_api_gateway_stage.stage]
 
   tags = module.this.tags
 }
 
+# Link API Keys to Usage Plan (conditional)
 resource "aws_api_gateway_usage_plan_key" "default" {
-  for_each = toset(local.stages)
+  for_each = var.create_usage_plan ? toset(local.stages) : []
   key_id        = aws_api_gateway_api_key.default[each.key].id
   key_type      = "API_KEY"
-  usage_plan_id = aws_api_gateway_usage_plan.default.id
+  usage_plan_id = aws_api_gateway_usage_plan.default[0].id
 }

variables.tf

@@ -20,4 +20,75 @@ variable "enable_metrics" {
   type        = bool
   description = "Enable API Gateway metrics"
   default     = true
+}
+
+variable "stage_throttle_rate_limit" {
+  type        = number
+  description = "API Gateway stage throttle rate limit (requests per second)"
+  default     = null
+}
+
+variable "stage_throttle_burst_limit" {
+  type        = number
+  description = "API Gateway stage throttle burst limit"
+  default     = null
+}
+
+variable "throttle_rate_limit" {
+  type        = number
+  description = "API Gateway usage plan throttle rate limit (requests per second)"
+  default     = null
+}
+
+variable "throttle_burst_limit" {
+  type        = number
+  description = "API Gateway usage plan throttle burst limit"
+  default     = null
+}
+
+variable "quota_limit" {
+  type        = number
+  description = "API Gateway usage plan quota limit (requests per period)"
+  default     = null
+}
+
+variable "quota_period" {
+  type        = string
+  description = "API Gateway usage plan quota period (DAY, WEEK, MONTH)"
+  default     = "DAY"
+  validation {
+    condition     = contains(["DAY", "WEEK", "MONTH"], var.quota_period)
+    error_message = "Quota period must be DAY, WEEK, or MONTH."
+  }
+}
+
+variable "create_usage_plan" {
+  description = "Whether to create usage plan and API keys"
+  type        = bool
+  default     = true
+}
+
+variable "api_key_required" {
+  description = "Whether to require an API key for API Gateway methods"
+  type        = bool
+  default     = false
+}
+
+variable "description" {
+  type        = string
+  description = "Description for the API Gateway"
+  default     = null
+}
+
+variable "cors_configuration" {
+  type = object({
+    allow_credentials = bool
+    allow_headers     = list(string)
+    allow_methods     = list(string)
+    allow_origins     = list(string)
+    expose_headers    = list(string)
+    max_age          = number
+  })
+  description = "CORS configuration for the API Gateway"
+  default     = null
 }