fix: Websocket example is working; I hate javascript

Author: bryantbiggs

README.md

@@ -125,6 +125,7 @@ module "api_gateway" {
 | [aws_apigatewayv2_api.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_api) | resource |
 | [aws_apigatewayv2_api_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_api_mapping) | resource |
 | [aws_apigatewayv2_authorizer.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_authorizer) | resource |
+| [aws_apigatewayv2_deployment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_deployment) | resource |
 | [aws_apigatewayv2_domain_name.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_domain_name) | resource |
 | [aws_apigatewayv2_integration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_integration) | resource |
 | [aws_apigatewayv2_integration_response.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_integration_response) | resource |
@@ -152,9 +153,10 @@ module "api_gateway" {
 | <a name="input_create_routes_and_integrations"></a> [create\_routes\_and\_integrations](#input\_create\_routes\_and\_integrations) | Whether to create routes and integrations resources | `bool` | `true` | no |
 | <a name="input_create_stage"></a> [create\_stage](#input\_create\_stage) | Whether to create default stage | `bool` | `true` | no |
 | <a name="input_credentials_arn"></a> [credentials\_arn](#input\_credentials\_arn) | Part of quick create. Specifies any credentials required for the integration. Applicable for HTTP APIs | `string` | `null` | no |
+| <a name="input_deploy_stage"></a> [deploy\_stage](#input\_deploy\_stage) | Whether to deploy the stage | `bool` | `true` | no |
 | <a name="input_description"></a> [description](#input\_description) | The description of the API. Must be less than or equal to 1024 characters in length | `string` | `null` | no |
 | <a name="input_disable_execute_api_endpoint"></a> [disable\_execute\_api\_endpoint](#input\_disable\_execute\_api\_endpoint) | Whether clients can invoke the API by using the default execute-api endpoint. By default, clients can invoke the API with the default `{api_id}.execute-api.{region}.amazonaws.com endpoint`. To require that clients use a custom domain name to invoke the API, disable the default endpoint | `bool` | `null` | no |
-| <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name to use for API gateway | `string` | `null` | no |
+| <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name to use for API gateway | `string` | `""` | no |
 | <a name="input_domain_name_certificate_arn"></a> [domain\_name\_certificate\_arn](#input\_domain\_name\_certificate\_arn) | The ARN of an AWS-managed certificate that will be used by the endpoint for the domain name. AWS Certificate Manager is the only supported source | `string` | `null` | no |
 | <a name="input_domain_name_ownership_verification_certificate_arn"></a> [domain\_name\_ownership\_verification\_certificate\_arn](#input\_domain\_name\_ownership\_verification\_certificate\_arn) | ARN of the AWS-issued certificate used to validate custom domain ownership (when certificate\_arn is issued via an ACM Private CA or mutual\_tls\_authentication is configured with an ACM-imported certificate.) | `string` | `null` | no |
 | <a name="input_fail_on_warnings"></a> [fail\_on\_warnings](#input\_fail\_on\_warnings) | Whether warnings should return an error while API Gateway is creating or updating the resource using an OpenAPI specification. Defaults to `false`. Applicable for HTTP APIs | `bool` | `null` | no |

examples/complete-http/README.md

@@ -64,6 +64,8 @@ Note that this example may create resources which cost money. Run `terraform des
 | <a name="output_domain_name_hosted_zone_id"></a> [domain\_name\_hosted\_zone\_id](#output\_domain\_name\_hosted\_zone\_id) | The Amazon Route 53 Hosted Zone ID of the endpoint |
 | <a name="output_domain_name_id"></a> [domain\_name\_id](#output\_domain\_name\_id) | The domain name identifier |
 | <a name="output_domain_name_target_domain_name"></a> [domain\_name\_target\_domain\_name](#output\_domain\_name\_target\_domain\_name) | The target domain name |
+| <a name="output_integrations"></a> [integrations](#output\_integrations) | Map of the integrations created and their attributes |
+| <a name="output_routes"></a> [routes](#output\_routes) | Map of the routes created and their attributes |
 | <a name="output_stage_access_logs_cloudwatch_log_group_arn"></a> [stage\_access\_logs\_cloudwatch\_log\_group\_arn](#output\_stage\_access\_logs\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created |
 | <a name="output_stage_access_logs_cloudwatch_log_group_name"></a> [stage\_access\_logs\_cloudwatch\_log\_group\_name](#output\_stage\_access\_logs\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created |
 | <a name="output_stage_arn"></a> [stage\_arn](#output\_stage\_arn) | The stage ARN |

examples/complete-http/main.tf

@@ -34,7 +34,6 @@ module "api_gateway" {
   description      = "My awesome HTTP API Gateway"
   fail_on_warnings = false
   name             = local.name
-  protocol_type    = "HTTP"
 
   # Authorizer(s)
   authorizers = {
@@ -135,21 +134,28 @@ module "api_gateway" {
     create_log_group            = true
     log_group_retention_in_days = 7
     format = jsonencode({
-      "requestId" : "$context.requestId",
-      "extendedRequestId" : "$context.extendedRequestId",
-      "ip" : "$context.identity.sourceIp",
-      "caller" : "$context.identity.caller",
-      "user" : "$context.identity.user",
-      "requestTime" : "$context.requestTime",
-      "httpMethod" : "$context.httpMethod",
-      "resourcePath" : "$context.resourcePath",
-      "status" : "$context.status",
-      "protocol" : "$context.protocol",
-      "responseLength" : "$context.responseLength",
-      "domainName" : "$context.domainName",
-      "errorMessage" : "$context.error.message",
-      "errorResponseType" : "$context.error.responseType",
-      "integrationErrorMessage" : "$context.integrationErrorMessage",
+      context = {
+        domainName              = "$context.domainName"
+        integrationErrorMessage = "$context.integrationErrorMessage"
+        protocol                = "$context.protocol"
+        requestId               = "$context.requestId"
+        requestTime             = "$context.requestTime"
+        responseLength          = "$context.responseLength"
+        routeKey                = "$context.routeKey"
+        stage                   = "$context.stage"
+        status                  = "$context.status"
+        error = {
+          message      = "$context.error.message"
+          responseType = "$context.error.responseType"
+        }
+        identity = {
+          sourceIP = "$context.identity.sourceIp"
+        }
+        integration = {
+          error             = "$context.integration.error"
+          integrationStatus = "$context.integration.integrationStatus"
+        }
+      }
     })
   }
 
@@ -180,7 +186,6 @@ module "step_function" {
   role_name = "${local.name}-step-function"
   trusted_entities = [
     "apigateway.amazonaws.com",
-    "lambda.amazonaws.com",
   ]
 
   attach_policies_for_integrations = true
@@ -220,9 +225,9 @@ module "lambda_function" {
   description   = "My awesome lambda function"
   handler       = "lambda.handler"
   runtime       = "python3.12"
-
-  publish     = true
-  source_path = "lambda.py"
+  architectures = ["arm64"]
+  publish       = true
+  source_path   = "lambda.py"
 
   cloudwatch_logs_retention_in_days = 7
 

examples/complete-http/outputs.tf

@@ -78,19 +78,19 @@ output "acm_certificate_arn" {
 # Integration(s)
 ################################################################################
 
-# output "integrations" {
-#   description = "Map of the integrations created and their attributes"
-#   value       = module.api_gateway.integrations
-# }
+output "integrations" {
+  description = "Map of the integrations created and their attributes"
+  value       = module.api_gateway.integrations
+}
 
 ################################################################################
 # Route(s)
 ################################################################################
 
-# output "routes" {
-#   description = "Map of the routes created and their attributes"
-#   value       = module.api_gateway.routes
-# }
+output "routes" {
+  description = "Map of the routes created and their attributes"
+  value       = module.api_gateway.routes
+}
 
 ################################################################################
 # Stage

examples/vpc-link-http/README.md

@@ -21,35 +21,28 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.37 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
-| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.37 |
-| <a name="provider_null"></a> [null](#provider\_null) | >= 2.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_alb"></a> [alb](#module\_alb) | terraform-aws-modules/alb/aws | ~> 9.0 |
-| <a name="module_alb_security_group"></a> [alb\_security\_group](#module\_alb\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.0 |
 | <a name="module_api_gateway"></a> [api\_gateway](#module\_api\_gateway) | ../../ | n/a |
 | <a name="module_api_gateway_security_group"></a> [api\_gateway\_security\_group](#module\_api\_gateway\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.0 |
-| <a name="module_lambda_function"></a> [lambda\_function](#module\_lambda\_function) | terraform-aws-modules/lambda/aws | ~> 4.0 |
+| <a name="module_lambda_function"></a> [lambda\_function](#module\_lambda\_function) | terraform-aws-modules/lambda/aws | ~> 7.0 |
 | <a name="module_lambda_security_group"></a> [lambda\_security\_group](#module\_lambda\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.0 |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [null_resource.download_package](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
 | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 
 ## Inputs
@@ -60,6 +53,7 @@ No inputs.
 
 | Name | Description |
 |------|-------------|
+| <a name="output_acm_certificate_arn"></a> [acm\_certificate\_arn](#output\_acm\_certificate\_arn) | The ARN of the certificate |
 | <a name="output_api_arn"></a> [api\_arn](#output\_api\_arn) | The ARN of the API |
 | <a name="output_api_endpoint"></a> [api\_endpoint](#output\_api\_endpoint) | URI of the API, of the form `https://{api-id}.execute-api.{region}.amazonaws.com` for HTTP APIs and `wss://{api-id}.execute-api.{region}.amazonaws.com` for WebSocket APIs |
 | <a name="output_api_execution_arn"></a> [api\_execution\_arn](#output\_api\_execution\_arn) | The ARN prefix to be used in an `aws_lambda_permission`'s `source_arn` attribute or in an `aws_iam_policy` to authorize access to the `@connections` API |
@@ -73,6 +67,8 @@ No inputs.
 | <a name="output_domain_name_target_domain_name"></a> [domain\_name\_target\_domain\_name](#output\_domain\_name\_target\_domain\_name) | The target domain name |
 | <a name="output_integrations"></a> [integrations](#output\_integrations) | Map of the integrations created and their attributes |
 | <a name="output_routes"></a> [routes](#output\_routes) | Map of the routes created and their attributes |
+| <a name="output_stage_access_logs_cloudwatch_log_group_arn"></a> [stage\_access\_logs\_cloudwatch\_log\_group\_arn](#output\_stage\_access\_logs\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created |
+| <a name="output_stage_access_logs_cloudwatch_log_group_name"></a> [stage\_access\_logs\_cloudwatch\_log\_group\_name](#output\_stage\_access\_logs\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created |
 | <a name="output_stage_arn"></a> [stage\_arn](#output\_stage\_arn) | The stage ARN |
 | <a name="output_stage_execution_arn"></a> [stage\_execution\_arn](#output\_stage\_execution\_arn) | The ARN prefix to be used in an aws\_lambda\_permission's source\_arn attribute or in an aws\_iam\_policy to authorize access to the @connections API |
 | <a name="output_stage_id"></a> [stage\_id](#output\_stage\_id) | The stage identifier |

examples/vpc-link-http/lambda.py

@@ -0,0 +1,6 @@
+import json
+
+def handler(event, context):
+    print(json.dumps(event))
+
+    return event

examples/vpc-link-http/main.tf

@@ -11,9 +11,6 @@ locals {
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
 
-  package_url = "https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-lambda/master/examples/fixtures/python3.8-zip/existing_package.zip"
-  downloaded  = "downloaded_package_${md5(local.package_url)}.zip"
-
   tags = {
     Example    = local.name
     GithubRepo = "terraform-aws-apigateway-v2"
@@ -28,16 +25,17 @@ locals {
 module "api_gateway" {
   source = "../../"
 
-  name          = local.name
-  description   = "HTTP API Gateway with VPC links"
-  protocol_type = "HTTP"
-
+  # API
   cors_configuration = {
     allow_headers = ["content-type", "x-amz-date", "authorization", "x-api-key", "x-amz-security-token", "x-amz-user-agent"]
     allow_methods = ["*"]
     allow_origins = ["*"]
   }
 
+  description = "HTTP API Gateway with VPC links"
+  name        = local.name
+
+  # Routes & Integration(s)
   integrations = {
     "ANY /" = {
       lambda_arn             = module.lambda_function.lambda_function_arn
@@ -58,6 +56,7 @@ module "api_gateway" {
     }
   }
 
+  # VPC Link
   vpc_links = {
     my-vpc = {
       name               = local.name
@@ -84,15 +83,10 @@ module "vpc" {
   private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
   public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
 
-  tags = local.tags
-}
+  enable_nat_gateway = true
+  single_nat_gateway = true
 
-################################
-# Supporting resources
-################################
-
-resource "random_pet" "this" {
-  length = 2
+  tags = local.tags
 }
 
 module "api_gateway_security_group" {
@@ -111,7 +105,6 @@ module "api_gateway_security_group" {
   tags = local.tags
 }
 
-
 module "alb" {
   source  = "terraform-aws-modules/alb/aws"
   version = "~> 9.0"
@@ -121,6 +114,7 @@ module "alb" {
   vpc_id  = module.vpc.vpc_id
   subnets = module.vpc.public_subnets
 
+  # Disable for example
   enable_deletion_protection = false
 
   security_group_ingress_rules = {
@@ -140,49 +134,34 @@ module "alb" {
     }
   }
 
-  tags = local.tags
-}
-
-module "alb_security_group" {
-  source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 5.0"
-
-  name        = "${local.name}-alb"
-  description = "ALB for example usage"
-  vpc_id      = module.vpc.vpc_id
-
-  ingress_cidr_blocks = ["0.0.0.0/0"]
-  ingress_rules       = ["http-80-tcp"]
-
-  egress_rules = ["all-all"]
-
-  tags = local.tags
-}
-
-
-resource "null_resource" "download_package" {
-  triggers = {
-    downloaded = local.downloaded
+  listeners = {
+    default = {
+      port     = 80
+      protocol = "HTTP"
+      fixed_response = {
+        content_type = "text/plain"
+        message_body = "Hello, World!"
+        status_code  = "200"
+      }
+    }
   }
 
-  provisioner "local-exec" {
-    command = "curl -L -o ${local.downloaded} ${local.package_url}"
-  }
+  tags = local.tags
 }
 
 module "lambda_function" {
   source  = "terraform-aws-modules/lambda/aws"
-  version = "~> 4.0"
+  version = "~> 7.0"
 
   function_name = local.name
   description   = "My awesome lambda function"
-  handler       = "index.lambda_handler"
-  runtime       = "python3.8"
-
-  publish = true
+  handler       = "lambda.handler"
+  runtime       = "python3.12"
+  architectures = ["arm64"]
+  publish       = true
+  source_path   = "lambda.py"
 
-  create_package         = false
-  local_existing_package = local.downloaded
+  cloudwatch_logs_retention_in_days = 7
 
   attach_network_policy  = true
   vpc_subnet_ids         = module.vpc.private_subnets
@@ -191,7 +170,7 @@ module "lambda_function" {
   allowed_triggers = {
     AllowExecutionFromAPIGateway = {
       service    = "apigateway"
-      source_arn = "${module.api_gateway.api_execution_arn}/*/*/*"
+      source_arn = "${module.api_gateway.api_execution_arn}/*/*"
     }
   }
 

examples/vpc-link-http/outputs.tf

@@ -65,6 +65,15 @@ output "domain_name_hosted_zone_id" {
   value       = module.api_gateway.domain_name_hosted_zone_id
 }
 
+################################################################################
+# Domain - Certificate
+################################################################################
+
+output "acm_certificate_arn" {
+  description = "The ARN of the certificate"
+  value       = module.api_gateway.acm_certificate_arn
+}
+
 ################################################################################
 # Integration(s)
 ################################################################################
@@ -107,6 +116,20 @@ output "stage_invoke_url" {
   value       = module.api_gateway.stage_invoke_url
 }
 
+################################################################################
+# Stage Access Logs - Log Group
+################################################################################
+
+output "stage_access_logs_cloudwatch_log_group_name" {
+  description = "Name of cloudwatch log group created"
+  value       = module.api_gateway.stage_access_logs_cloudwatch_log_group_name
+}
+
+output "stage_access_logs_cloudwatch_log_group_arn" {
+  description = "Arn of cloudwatch log group created"
+  value       = module.api_gateway.stage_access_logs_cloudwatch_log_group_arn
+}
+
 ################################################################################
 # VPC Link
 ################################################################################

examples/vpc-link-http/versions.tf

@@ -6,13 +6,5 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 5.37"
     }
-    random = {
-      source  = "hashicorp/random"
-      version = ">= 2.0"
-    }
-    null = {
-      source  = "hashicorp/null"
-      version = ">= 2.0"
-    }
   }
 }