The core::gethttprequest function
The core::gethttprequest function makes a GET request to the given URL with optional header content and returns the statusCode, status, and body.
Signature
core::gethttprequest(url, headers)
Arguments
| Argument | Required | Type | Description |
|---|---|---|---|
url | Yes | String | The URL to make the HTTP GET request to. |
headers | No | Map | Optional headers to send with the request. |
Return value
Returns an object with the following attributes:
| Attribute | Type | Description |
|---|---|---|
statusCode | Number | The HTTP status code of the response (For example: 200, 404, 500). |
status | String | The HTTP status text (For example: "200 OK", "404 Not Found"). |
body | String | The response body as a string. |
Examples
Basic HTTP request
locals {
response = core::gethttprequest("https://api.example.com/health", {})
}
resource_policy "aws_instance" "api_health_check" {
enforce {
condition = local.response.statusCode == 200
error_message = "External API health check failed with status: ${local.response.statusCode}"
}
}
Request with headers
input "api_key" {
type = string
description = "API key for external validation service"
sensitive = true
}
locals {
validation_response = core::gethttprequest(
"https://api.example.com/validate",
{
headers = {
"Authorization" = "Bearer ${input.api_key}"
"Content-Type" = "application/json"
}
}
)
}
resource_policy "aws_instance" "external_validation" {
enforce {
condition = local.validation_response.statusCode == 200
error_message = "External validation failed with status: ${local.validation_response.statusCode}"
info_message = "Validation response: ${local.validation_response.body}"
}
}
Parse JSON response
locals {
api_response = core::gethttprequest("https://api.example.com/config", {})
config = core::jsondecode(local.api_response.body)
}
resource_policy "aws_instance" "instance_type_from_api" {
enforce {
condition = core::contains(local.config.allowed_instance_types, attrs.instance_type)
error_message = "Instance type ${attrs.instance_type} is not in the approved list from API."
}
}
Check multiple endpoints
locals {
endpoints = [
"https://api1.example.com/health",
"https://api2.example.com/health",
"https://api3.example.com/health"
]
health_checks = [
for endpoint in local.endpoints :
core::gethttprequest(endpoint, {})
]
all_healthy = core::alltrue([
for check in local.health_checks :
check.statusCode == 200
])
}
resource_policy "aws_instance" "multi_endpoint_check" {
enforce {
condition = local.all_healthy
error_message = "Not all required endpoints are healthy."
}
}
Conditional request based on resource attributes
resource_policy "aws_instance" "conditional_validation" {
locals {
should_validate = attrs.tags.environment == "production"
validation_result = local.should_validate ? core::gethttprequest(
"https://api.example.com/validate-instance",
{
headers = {
"X-Instance-Type" = attrs.instance_type
}
}
) : { statusCode = 200 }
}
enforce {
condition = local.validation_result.statusCode == 200
error_message = "Production instance validation failed: ${local.validation_result.status}"
}
}
Use response body in condition
locals {
compliance_check = core::gethttprequest(
"https://compliance.example.com/check",
{
headers = {
"X-Resource-Type" = "aws_s3_bucket"
}
}
)
compliance_data = core::jsondecode(local.compliance_check.body)
}
resource_policy "aws_s3_bucket" "compliance_validation" {
enforce {
condition = local.compliance_check.statusCode == 200
error_message = "Compliance API is unavailable."
}
enforce {
condition = local.compliance_data.encryption_required == attrs.server_side_encryption_configuration != null
error_message = "S3 bucket encryption does not meet compliance requirements."
}
}
Error handling with try
locals {
api_result = core::try(
core::gethttprequest("https://api.example.com/validate", {}),
{ statusCode = 0, status = "Request failed", body = "" }
)
}
resource_policy "aws_instance" "safe_api_check" {
enforce {
condition = local.api_result.statusCode == 200 || local.api_result.statusCode == 0
error_message = "API validation failed unexpectedly: ${local.api_result.status}"
}
}
Security considerations
- Store sensitive data like API keys in input variables marked as
sensitive = true - Use HTTPS URLs to ensure encrypted communication
- Be cautious about logging response bodies that may contain sensitive information
- Consider using
info_messagesparingly to avoid exposing sensitive data in policy output
Related functions
core::jsondecode- Parse JSON response bodies.core::yamldecode- Parse YAML response bodies.