chore: cleanup and doc updates

Author: bryantbiggs

README.md

@@ -6,13 +6,9 @@ This Terraform module is part of [serverless.tf framework](https://serverless.tf
 
 ## Supported Features
 
-- Support many of features of HTTP API Gateway, but rather limited support for WebSocket API Gateway
+- Nearly all features of HTTP API Gateway
 - Conditional creation for many types of resources
 
-## Feature Roadmap
-
-- Some features are still missing (especially for WebSocket support)
-
 ## Usage
 
 ### HTTP API Gateway
@@ -36,8 +32,8 @@ module "api_gateway" {
   domain_name_certificate_arn = "arn:aws:acm:eu-west-1:052235179155:certificate/2b3a7ed9-05e1-4f9e-952b-27744ba06da6"
 
   # Access logs
-  default_stage_access_log_destination_arn = "arn:aws:logs:eu-west-1:835367859851:log-group:debug-apigateway"
-  default_stage_access_log_format          = "$context.identity.sourceIp - - [$context.requestTime] \"$context.httpMethod $context.routeKey $context.protocol\" $context.status $context.responseLength $context.requestId $context.integrationErrorMessage"
+  stage_access_log_destination_arn = "arn:aws:logs:eu-west-1:835367859851:log-group:debug-apigateway"
+  stage_access_log_format          = "$context.identity.sourceIp - - [$context.requestTime] \"$context.httpMethod $context.routeKey $context.protocol\" $context.status $context.responseLength $context.requestId $context.integrationErrorMessage"
 
   # Routes and integrations
   integrations = {
@@ -68,12 +64,12 @@ module "api_gateway" {
 
   create = false # to disable all resources
 
-  create_api_gateway               = false  # to control creation of API Gateway
-  create_api_domain_name           = false  # to control creation of API Gateway Domain Name
-  create_default_stage             = false  # to control creation of "$default" stage
-  create_default_stage_api_mapping = false  # to control creation of "$default" stage and API mapping
-  create_routes_and_integrations   = false  # to control creation of routes and integrations
-  create_vpc_link                  = false  # to control creation of VPC link
+  create_api_gateway             = false  # to control creation of API Gateway
+  create_api_domain_name         = false  # to control creation of API Gateway Domain Name
+  create_stage                   = false  # to control creation of "$default" stage
+  create_stage_api_mapping       = false  # to control creation of "$default" stage and API mapping
+  create_routes_and_integrations = false  # to control creation of routes and integrations
+  create_vpc_link                = false  # to control creation of VPC link
 
   # ... omitted
 }
@@ -87,6 +83,7 @@ module "api_gateway" {
 
 - [Complete HTTP](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/tree/master/examples/complete-http) - Create API Gateway, authorizer, domain name, stage and other resources in various combinations
 - [HTTP with VPC Link](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/tree/master/examples/vpc-link-http) - Create API Gateway with VPC link and integration with resources in VPC (eg. ALB)
+- [Websocket](https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/tree/master/examples/websocket) - Create Websocket API
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
@@ -173,13 +170,13 @@ No modules.
 | <a name="output_apigatewayv2_domain_name_id"></a> [apigatewayv2\_domain\_name\_id](#output\_apigatewayv2\_domain\_name\_id) | The domain name identifier |
 | <a name="output_apigatewayv2_domain_name_target_domain_name"></a> [apigatewayv2\_domain\_name\_target\_domain\_name](#output\_apigatewayv2\_domain\_name\_target\_domain\_name) | The target domain name |
 | <a name="output_apigatewayv2_route"></a> [apigatewayv2\_route](#output\_apigatewayv2\_route) | Map containing the routes created and their attributes |
+| <a name="output_apigatewayv2_stage_arn"></a> [apigatewayv2\_stage\_arn](#output\_apigatewayv2\_stage\_arn) | The stage ARN |
+| <a name="output_apigatewayv2_stage_domain_name"></a> [apigatewayv2\_stage\_domain\_name](#output\_apigatewayv2\_stage\_domain\_name) | Domain name of the stage (useful for CloudFront distribution) |
+| <a name="output_apigatewayv2_stage_execution_arn"></a> [apigatewayv2\_stage\_execution\_arn](#output\_apigatewayv2\_stage\_execution\_arn) | The ARN prefix to be used in an aws\_lambda\_permission's source\_arn attribute or in an aws\_iam\_policy to authorize access to the @connections API. |
+| <a name="output_apigatewayv2_stage_id"></a> [apigatewayv2\_stage\_id](#output\_apigatewayv2\_stage\_id) | The stage identifier |
+| <a name="output_apigatewayv2_stage_invoke_url"></a> [apigatewayv2\_stage\_invoke\_url](#output\_apigatewayv2\_stage\_invoke\_url) | The URL to invoke the API pointing to the stage |
 | <a name="output_apigatewayv2_vpc_link_arn"></a> [apigatewayv2\_vpc\_link\_arn](#output\_apigatewayv2\_vpc\_link\_arn) | The map of VPC Link ARNs |
 | <a name="output_apigatewayv2_vpc_link_id"></a> [apigatewayv2\_vpc\_link\_id](#output\_apigatewayv2\_vpc\_link\_id) | The map of VPC Link identifiers |
-| <a name="output_default_apigatewayv2_stage_arn"></a> [default\_apigatewayv2\_stage\_arn](#output\_default\_apigatewayv2\_stage\_arn) | The default stage ARN |
-| <a name="output_default_apigatewayv2_stage_domain_name"></a> [default\_apigatewayv2\_stage\_domain\_name](#output\_default\_apigatewayv2\_stage\_domain\_name) | Domain name of the stage (useful for CloudFront distribution) |
-| <a name="output_default_apigatewayv2_stage_execution_arn"></a> [default\_apigatewayv2\_stage\_execution\_arn](#output\_default\_apigatewayv2\_stage\_execution\_arn) | The ARN prefix to be used in an aws\_lambda\_permission's source\_arn attribute or in an aws\_iam\_policy to authorize access to the @connections API. |
-| <a name="output_default_apigatewayv2_stage_id"></a> [default\_apigatewayv2\_stage\_id](#output\_default\_apigatewayv2\_stage\_id) | The default stage identifier |
-| <a name="output_default_apigatewayv2_stage_invoke_url"></a> [default\_apigatewayv2\_stage\_invoke\_url](#output\_default\_apigatewayv2\_stage\_invoke\_url) | The URL to invoke the API pointing to the stage |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Authors

examples/complete-http/README.md

@@ -30,10 +30,10 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.35 |
-| <a name="provider_null"></a> [null](#provider\_null) | >= 2.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
-| <a name="provider_tls"></a> [tls](#provider\_tls) | >= 3.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 3.61.0 |
+| <a name="provider_null"></a> [null](#provider\_null) | 3.1.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.1.0 |
+| <a name="provider_tls"></a> [tls](#provider\_tls) | 3.1.0 |
 
 ## Modules
 

examples/complete-http/main.tf

@@ -40,8 +40,8 @@ module "api_gateway" {
   domain_name                 = var.domain_name
   domain_name_certificate_arn = module.acm.acm_certificate_arn
 
-  default_stage_access_log_destination_arn = aws_cloudwatch_log_group.logs.arn
-  default_stage_access_log_format          = "$context.identity.sourceIp - - [$context.requestTime] \"$context.httpMethod $context.routeKey $context.protocol\" $context.status $context.responseLength $context.requestId $context.integrationErrorMessage"
+  stage_access_log_destination_arn = aws_cloudwatch_log_group.logs.arn
+  stage_access_log_format          = "$context.identity.sourceIp - - [$context.requestTime] \"$context.httpMethod $context.routeKey $context.protocol\" $context.status $context.responseLength $context.requestId $context.integrationErrorMessage"
 
   default_route_settings = {
     detailed_metrics_enabled = true

examples/complete-http/versions.tf

@@ -2,9 +2,21 @@ terraform {
   required_version = ">= 0.13.1"
 
   required_providers {
-    aws    = ">= 3.35"
-    random = ">= 2.0"
-    null   = ">= 2.0"
-    tls    = ">= 3.1"
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.35"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.0"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 2.0"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 3.1"
+    }
   }
 }

examples/vpc-link-http/README.md

@@ -29,8 +29,8 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="provider_null"></a> [null](#provider\_null) | >= 2.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
+| <a name="provider_null"></a> [null](#provider\_null) | 3.1.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.1.0 |
 
 ## Modules
 

examples/vpc-link-http/versions.tf

@@ -2,8 +2,17 @@ terraform {
   required_version = ">= 0.13.1"
 
   required_providers {
-    aws    = ">= 3.35"
-    random = ">= 2.0"
-    null   = ">= 2.0"
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.35"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.0"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 2.0"
+    }
   }
 }

examples/websocket/README.md

@@ -1,7 +1,7 @@
-# Websocket AWS API Gateway examples
-
-Configuration in this directory creates AWS API Gateway with Domain Name, ACM Certificate, and integrates it with Lambda and Step Function and shows the variety of supported features.
+# AWS Websocket API example
 
+Configuration in this directory creates an AWS Websocket API.
+This example is based off of https://github.com/aws-samples/simple-websockets-chat-app
 
 ## Usage
 
@@ -15,13 +15,40 @@ $ terraform apply
 
 Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
 
+## Testing the chat API
+
+To test the WebSocket API, you can use [wscat](https://github.com/websockets/wscat), an open-source command line tool.
+
+1. [Install NPM](https://www.npmjs.com/get-npm).
+2. Install wscat:
+
+```bash
+$ npm install -g wscat
+```
+
+3. On the console, connect to your published API endpoint by executing the following command:
+
+```bash
+$ wscat -c wss://{YOUR-API-ID}.execute-api.{YOUR-REGION}.amazonaws.com/{STAGE}
+```
+
+4. To test the sendMessage function, send a JSON message like the following example. The Lambda function sends it back using the callback URL:
+
+```bash
+$ wscat -c wss://{YOUR-API-ID}.execute-api.{YOUR-REGION}.amazonaws.com/{STAGE}
+connected (press CTRL+C to quit)
+> {"action":"sendmessage", "data":"hello world"}
+< hello world
+```
+
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 
 ## Providers
 
@@ -58,5 +85,21 @@ No inputs.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_wss"></a> [wss](#output\_wss) | n/a |
+| <a name="output_apigatewayv2_api_api_endpoint"></a> [apigatewayv2\_api\_api\_endpoint](#output\_apigatewayv2\_api\_api\_endpoint) | The URI of the API |
+| <a name="output_apigatewayv2_api_arn"></a> [apigatewayv2\_api\_arn](#output\_apigatewayv2\_api\_arn) | The ARN of the API |
+| <a name="output_apigatewayv2_api_execution_arn"></a> [apigatewayv2\_api\_execution\_arn](#output\_apigatewayv2\_api\_execution\_arn) | The ARN prefix to be used in an aws\_lambda\_permission's source\_arn attribute or in an aws\_iam\_policy to authorize access to the @connections API. |
+| <a name="output_apigatewayv2_api_id"></a> [apigatewayv2\_api\_id](#output\_apigatewayv2\_api\_id) | The API identifier |
+| <a name="output_apigatewayv2_api_mapping_id"></a> [apigatewayv2\_api\_mapping\_id](#output\_apigatewayv2\_api\_mapping\_id) | The API mapping identifier |
+| <a name="output_apigatewayv2_domain_name_api_mapping_selection_expression"></a> [apigatewayv2\_domain\_name\_api\_mapping\_selection\_expression](#output\_apigatewayv2\_domain\_name\_api\_mapping\_selection\_expression) | The API mapping selection expression for the domain name |
+| <a name="output_apigatewayv2_domain_name_arn"></a> [apigatewayv2\_domain\_name\_arn](#output\_apigatewayv2\_domain\_name\_arn) | The ARN of the domain name |
+| <a name="output_apigatewayv2_domain_name_configuration"></a> [apigatewayv2\_domain\_name\_configuration](#output\_apigatewayv2\_domain\_name\_configuration) | The domain name configuration |
+| <a name="output_apigatewayv2_domain_name_hosted_zone_id"></a> [apigatewayv2\_domain\_name\_hosted\_zone\_id](#output\_apigatewayv2\_domain\_name\_hosted\_zone\_id) | The Amazon Route 53 Hosted Zone ID of the endpoint |
+| <a name="output_apigatewayv2_domain_name_id"></a> [apigatewayv2\_domain\_name\_id](#output\_apigatewayv2\_domain\_name\_id) | The domain name identifier |
+| <a name="output_apigatewayv2_domain_name_target_domain_name"></a> [apigatewayv2\_domain\_name\_target\_domain\_name](#output\_apigatewayv2\_domain\_name\_target\_domain\_name) | The target domain name |
+| <a name="output_apigatewayv2_route"></a> [apigatewayv2\_route](#output\_apigatewayv2\_route) | Map containing the routes created and their attributes |
+| <a name="output_apigatewayv2_stage_arn"></a> [apigatewayv2\_stage\_arn](#output\_apigatewayv2\_stage\_arn) | The default stage ARN |
+| <a name="output_apigatewayv2_stage_domain_name"></a> [apigatewayv2\_stage\_domain\_name](#output\_apigatewayv2\_stage\_domain\_name) | Domain name of the stage (useful for CloudFront distribution) |
+| <a name="output_apigatewayv2_stage_execution_arn"></a> [apigatewayv2\_stage\_execution\_arn](#output\_apigatewayv2\_stage\_execution\_arn) | The ARN prefix to be used in an aws\_lambda\_permission's source\_arn attribute or in an aws\_iam\_policy to authorize access to the @connections API. |
+| <a name="output_apigatewayv2_stage_id"></a> [apigatewayv2\_stage\_id](#output\_apigatewayv2\_stage\_id) | The default stage identifier |
+| <a name="output_apigatewayv2_stage_invoke_url"></a> [apigatewayv2\_stage\_invoke\_url](#output\_apigatewayv2\_stage\_invoke\_url) | The URL to invoke the API pointing to the stage |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/websocket/main.tf

@@ -18,6 +18,7 @@ locals {
   region = "eu-west-1"
 
   dynamodb_table_name = local.name
+  dynamodb_table_arn  = "arn:aws:dynamodb:${local.region}:${data.aws_caller_identity.current.account_id}:table/${local.dynamodb_table_name}" # hack to avoid race condition
   dynamodb_crud_permissions = {
     effect = "Allow",
     actions = [
@@ -33,8 +34,8 @@ locals {
       "dynamodb:ConditionCheckItem",
     ],
     resources = [
-      module.dynamodb_table.dynamodb_table_arn,
-      "${module.dynamodb_table.dynamodb_table_arn}/index/*"
+      local.dynamodb_table_arn,
+      "${local.dynamodb_table_arn}/index/*"
     ]
   }
 
@@ -84,10 +85,6 @@ resource "aws_iam_role" "cloudwatch" {
   tags = local.tags
 }
 
-########################
-# Websocket API Gateway
-########################
-
 module "connect_lambda_function" {
   source  = "terraform-aws-modules/lambda/aws"
   version = "~> 2"
@@ -107,8 +104,8 @@ module "connect_lambda_function" {
 
   allowed_triggers = {
     AllowExecutionFromAPIGateway = {
-      service   = "apigateway"
-      principal = "apigateway.amazonaws.com"
+      service    = "apigateway"
+      source_arn = "${module.api_gateway.apigatewayv2_api_execution_arn}/*/*"
     }
   }
 
@@ -120,7 +117,6 @@ module "connect_lambda_function" {
   tags = local.tags
 }
 
-
 module "disconnect_lambda_function" {
   source  = "terraform-aws-modules/lambda/aws"
   version = "~> 2"
@@ -140,8 +136,8 @@ module "disconnect_lambda_function" {
 
   allowed_triggers = {
     AllowExecutionFromAPIGateway = {
-      service   = "apigateway"
-      principal = "apigateway.amazonaws.com"
+      service    = "apigateway"
+      source_arn = "${module.api_gateway.apigatewayv2_api_execution_arn}/*/*"
     }
   }
 
@@ -153,7 +149,6 @@ module "disconnect_lambda_function" {
   tags = local.tags
 }
 
-
 module "send_message_lambda_function" {
   source  = "terraform-aws-modules/lambda/aws"
   version = "~> 2"
@@ -173,8 +168,8 @@ module "send_message_lambda_function" {
 
   allowed_triggers = {
     AllowExecutionFromAPIGateway = {
-      service   = "apigateway"
-      principal = "apigateway.amazonaws.com"
+      service    = "apigateway"
+      source_arn = "${module.api_gateway.apigatewayv2_api_execution_arn}/*/*"
     }
   }
 
@@ -208,6 +203,10 @@ module "dynamodb_table" {
   tags = local.tags
 }
 
+########################
+# Websocket API Gateway
+########################
+
 module "api_gateway" {
   source = "../../"
 
@@ -229,7 +228,6 @@ module "api_gateway" {
   stage_access_log_format = jsonencode({
     context = {
       domainName              = "$context.domainName"
-      httpMethod              = "$context.httpMethod"
       integrationErrorMessage = "$context.integrationErrorMessage"
       protocol                = "$context.protocol"
       requestId               = "$context.requestId"
@@ -282,7 +280,3 @@ module "api_gateway" {
 
   tags = local.tags
 }
-
-output "wss" {
-  value = "wscat -c ${module.api_gateway.default_apigatewayv2_stage_invoke_url}"
-}