Terraform-provider-aws: Error creating API Gateway Method Response: Invalid Resource identifier specified

Hi @andru-estes 👋 Sorry you are running into trouble.

The error you are seeing:

NotFoundException: Invalid Resource identifier specified

Is being returned by the API Gateway service; Terraform is just passing it through. This seems to suggest that API Gateway cannot find the specified API Gateway resource (e.g. aws_api_gateway_resource in Terraform, or put another way, API Gateway's container object for a specific API Gateway "path"). For troubleshooting purposes, does AWS CLI aws apigateway put-method-response and the same credentials as Terraform work?

@bflad thanks for the quick response.

I ran that AWS CLI command and it did indeed work:

I verified in the console after running the command.

It is strange because it seems that terraform did successfully interpolate the value from within the code during the plan phase, but then it receives that original error once I apply.

Please let me know what else you want me to try, in anything.

@andru-estes does it only happen when the API Gateway resource (resource ID) is brand new? e.g. created in the same Terraform apply

@bflad No, I had actually created the API Gateway resource beforehand and then came back around and added the method response in the next go around.

Seeing the same issue. A bit about our setup: we're defining an api gateway w/ lambda linking to the {proxy+} catch-all resource in a separate module.

here are my debug logs . (TF_LOG=debug for the curious)

2018-12-18T11:51:40.767-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4: -----------------------------------------------------
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4: 2018/12/18 11:51:40 [DEBUG] [aws-sdk-go] DEBUG: Response apigateway/CreateResource Details:
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4: ---[ RESPONSE ]--------------------------------------
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4: HTTP/2.0 404 Not Found
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4: Content-Length: 52
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4: Content-Type: application/json
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4: Date: Tue, 18 Dec 2018 19:51:40 GMT
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4: X-Amz-Apigw-Id: [An_ID]
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4: X-Amzn-Errortype: NotFoundException
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4: X-Amzn-Requestid: [a UUID]
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4:
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4:
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4: -----------------------------------------------------
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4: 2018/12/18 11:51:40 [DEBUG] [aws-sdk-go] {"message":"Invalid Resource identifier specified"}
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4: 2018/12/18 11:51:40 [DEBUG] [aws-sdk-go] DEBUG: Validate Response apigateway/CreateResource failed, not retrying, error NotFoundException: Invalid Resource identifier specified
2018-12-18T11:51:40.980-0800 [DEBUG] plugin.terraform-provider-aws_v1.52.0_x4:  status code: 404, request id: [a UUID]
2018/12/18 11:51:40 [ERROR] root: eval: *terraform.EvalApplyPost, err: 1 error(s) occurred:

* aws_api_gateway_resource.lists: Error creating API Gateway Resource: NotFoundException: Invalid Resource identifier specified
        status code: 404, request id: [a UUID]
2018/12/18 11:51:40 [ERROR] root: eval: *terraform.EvalSequence, err: 1 error(s) occurred:

* aws_api_gateway_resource.lists: Error creating API Gateway Resource: NotFoundException: Invalid Resource identifier specified
        status code: 404, request id: [a UUID]

and main.tf:

resource "aws_api_gateway_resource" "lists" {
  rest_api_id = "${module.apigwmod.rest_api_id}"
  parent_id   = "${module.apigwmod.rest_api_id}" # Parent is the gw, therefore this is a top level resource
  path_part   = "lists"
}

@bflad What more can we do to resolve this issue?

Hi @MaerF0x0 👋 Admittedly I'm not an expert with API Gateway, but did you mean to reference the REST API ID instead of the root resource ID of the REST API in your configuration? https://www.terraform.io/docs/providers/aws/r/api_gateway_rest_api.html#root_resource_id

Your module will need two outputs (one for the REST API ID and one for the root / resource ID of the REST API) or you can use the aws_api_gateway_resource / aws_api_gateway_rest_api data sources to fetch the required resource ID.

By example, here's how we link a resource under the root in our acceptance testing:

resource "aws_api_gateway_rest_api" "test" {
  name = "test"
}

resource "aws_api_gateway_resource" "test" {
  rest_api_id = "${aws_api_gateway_rest_api.test.id}"
  parent_id = "${aws_api_gateway_rest_api.test.root_resource_id}"
  path_part = "test"
}

Hope this helps.

I'm getting the same message, starting afresh as well as attempting to re-apply after the message.

resource "aws_api_gateway_rest_api" "foo-api" {
  name        = "next-foo-api-${var.aws_environment}"
  description = "foo"
  endpoint_configuration {
    types = [ "EDGE", ]
  }
}

resource "aws_api_gateway_resource" "foo-health-check" {
  rest_api_id = "${aws_api_gateway_rest_api.foo-api.id}"
  parent_id   = "${aws_api_gateway_rest_api.foo-api.root_resource_id}"
  path_part   = "health-check"
}

resource "aws_api_gateway_integration" "health-check" {     <---- Message below points here
  rest_api_id             = "${aws_api_gateway_rest_api.foo-api.id}"
  resource_id             = "${aws_api_gateway_resource.foo-health-check.id}"
  content_handling        = "CONVERT_TO_TEXT"
  http_method             = "GET"
  integration_http_method = "POST"
  type                    = "AWS_PROXY"
  uri                     = "${var.private_api_uri}"
}

The messages look like this:
Error: Error creating API Gateway Integration: NotFoundException: Invalid Method identifier specified status code: 404, request id: xxxxxx-xxxxxxx-xxxxxx-xxxxxx on apigateway.tf line 25, in resource "aws_api_gateway_integration" "health-check": 25: resource "aws_api_gateway_integration" "health-check" {

My versions:

Terraform v0.12.10
+ provider.aws v2.33.0

I'm also receiving this error from the following:

Error: Error creating API Gateway Integration Response: NotFoundException: Invalid Integration identifier specified
status code: 404, request id: 101441ef-0226-44ad-8bf9-3c6a98976063                                                                                                                                                                                                                                                                          on .terraform\modules\api\aws-apigateway-to-sqs\main.tf line 55,
 in resource "aws_api_gateway_integration_response" "response_method_integration":                            55: resource "aws_api_gateway_integration_response" "response_method_integration" {
--

```
resource "aws_api_gateway_rest_api" "api" {
name = var.name
endpoint_configuration {
types = [var.endpoint_type]
}
policy = var.policy
}

resource "aws_api_gateway_resource" "proxy" {
depends_on = [aws_api_gateway_rest_api.api]
rest_api_id = aws_api_gateway_rest_api.api.id
parent_id = aws_api_gateway_rest_api.api.root_resource_id
path_part = "default"
}

resource "aws_api_gateway_method" "request_method" {
rest_api_id = aws_api_gateway_rest_api.api.id
resource_id = aws_api_gateway_resource.proxy.id
http_method = var.method
authorization = "AWS_IAM"
}

resource "aws_api_gateway_integration" "request_method_integration" {
rest_api_id = aws_api_gateway_rest_api.api.id
resource_id = aws_api_gateway_resource.proxy.id
http_method = aws_api_gateway_method.request_method.http_method
integration_http_method = "POST"
type = "AWS"
uri = "arn:aws:apigateway:${data.aws_region.current.name}:sqs:action/SendMessage"
credentials = var.iam_send_message_arn
request_parameters = {
"integration.request.querystring.Action": "'SendMessage'"
"integration.request.querystring.MessageAttribute.1.Value.DataType": "'String'"
"integration.request.querystring.MessageAttribute.1.Value.StringValue": "method.request.body.userid"
"integration.request.querystring.MessageAttribute.1.Name": "'userid'"
"integration.request.querystring.MessageBody": "method.request.body.message"

}
passthrough_behavior = "WHEN_NO_TEMPLATES"
}

resource "aws_api_gateway_integration_response" "response_method_integration" {
rest_api_id = "${aws_api_gateway_rest_api.api.id}"
resource_id = "${aws_api_gateway_resource.proxy.id}"
http_method = "${aws_api_gateway_method.request_method.http_method}"
status_code = "${aws_api_gateway_method_response.method_response.status_code}"
}

resource "aws_api_gateway_method_response" "method_response" {
rest_api_id = "${aws_api_gateway_rest_api.api.id}"
resource_id = "${aws_api_gateway_resource.proxy.id}"
http_method = "${aws_api_gateway_method.request_method.http_method}"
status_code = "200"
}

````

Seemed to resolve by switching the aws_api_gateway_method_response before the aws_api_gateway_integration_response like so:

resource "aws_api_gateway_method_response" "response_method" {
  rest_api_id = aws_api_gateway_rest_api.api.id
  resource_id = aws_api_gateway_resource.proxy.id
  http_method = aws_api_gateway_integration.request_method_integration.http_method
  status_code = "200"

  response_models = {
    "application/json" = "Empty"
  }
}

resource "aws_api_gateway_integration_response" "response_method_integration" {
  rest_api_id = aws_api_gateway_rest_api.api.id
  resource_id = aws_api_gateway_resource.proxy.id
  http_method = aws_api_gateway_method_response.response_method.http_method
  status_code = aws_api_gateway_method_response.response_method.status_code

  response_templates = {
    "application/json" = ""
  }
}

@StevenR152

I had the same problem as you this morning because the modules were not launched in the right order by terraform.

My aws_api_gateway_integration_response was created before the aws_api_gateway_integration.

I resolve the problem by adding a "_depends_on_" in the aws_api_gateway_integration_response.

For you, you can add :

depends_on = [aws_api_gateway_integration.request_method_integration]

Inside the aws_api_gateway_integration_response block.

I think it is the same problem for all of you, use depends_on, It's written in the documentation : https://www.terraform.io/docs/providers/aws/r/api_gateway_integration_response.html

This worked for me. I got the answer from: https://www.terraform.io/docs/providers/aws/r/lambda_permission.html
Section: Specify Lambda permissions for API Gateway REST API
Notice:
source_arn = "${aws_api_gateway_rest_api.offload_orders_api.execution_arn}/*/*/*"

Before this I had to go via the API Gateway Console and manually reselect the target Lambda Fx and confirm with OK to give the Gateway permissions to call it.

My entire aws_lambda_permission resource:

# Permission for API Gateway to call Lambda order processor
resource "aws_lambda_permission" "apigw_processor_fx_permission" {
  statement_id  = "AllowExecutionFromAPIGateway"
  action        = "lambda:InvokeFunction"
  function_name = "orders_processor_lambda_gs1"
  principal     = "apigateway.amazonaws.com"

  # More: http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html
  source_arn = "${aws_api_gateway_rest_api.offload_orders_api.execution_arn}/*/*/*"
}