feat!: Updates to support websocket API Gateway

[bryantbiggs]

Description

Additional changes

• Minimum supported Terraform AWS provider raised to v5.37.0 to support recent bug fixes in the provider
• Default values for api_key_selection_expression, route_selection_expression variables set to null (still matches prior value v4.x version but is set as null now)
• The input data structure for routes (was integrations) has been updated and now uses optional inputs

Added

• Support for creating a websocket API endpoint
• Support for creating Route53 alias records for custom domain names w/ support for multiple sub-domains using a wildcard API Gateway custom domain name
• Support for creating ACM certificate for custom domain
• Support for automatically deploying the stage when updates have been made (for Websocket, HTTP is always auto-deployed by the API)

Modified

• Stage access log group settings are now embedded into the stage_access_log_settings variable
• API mapping is created automatically when using a custom domain
• Default values of 500 and 1000 have been set for throttling_burst_limit and throttling_rate_limit respectively to ensure users do not face errors when deploying APIs for the first time and not configuring these
• Default values for the log group name ("/aws/apigateway/${var.name}/${var.stage_name}") and retention period (30) have been provided for the stage access logs log group

Removed

• None

See UPGRADE-5.0.md for full list of changes and notes on upgrade path

Motivation and Context

• updates for websocket support

Closes #7
Closes #8
Closes #42
Closes #46
Closes #61

Breaking Changes

• Yes

How Has This Been Tested?

• I have updated at least one of the examples/* to demonstrate and validate my change(s)
• I have tested and validated these changes using one or more of the provided examples/* projects
• I have executed pre-commit run -a on my pull request

[antonbabenko]

Looks pretty good, just minor comments to be consistent in examples.

[lllama]

Not sure if this affects #46 at all. That PR had a working example of a websockets API. I can update if needed.

[antonbabenko]

@lllama Thanks for the WebSocket example in #46!

I think it will be great if @bryantbiggs merges your example into this PR and update it to follow the rest of the examples we have.

[antonbabenko]

Looks almost perfect. Could you also describe breaking changes and upgrade path in UPGRADE.md as we do in other modules already?

[choudharyac09]

Can We merge this pull request?

[bryantbiggs]

Can We merge this pull request?

Its being worked on, its currently in draft mode

[choudharyac09]

@antonbabenko Can you please review the pull request?

[antonbabenko]

@antonbabenko Can you please review the pull request?

Yes, as soon as I can. Probably, tomorrow.

[antonbabenko]

Looks good, a few comments here and there. I didn't run examples though.

[antonbabenko]

I ran it on my real project and found a few minor things here and there. LGTM after that :)

[antonbabenko]

Maybe this can be used instead of external curl - https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http ?

This data source supports ca_cert_pem, but not key. It may be enough for this case.

[bryantbiggs]

I was unable to get that data source to work without the key. This isn't required to run the example, but rather a helpful reminder of the syntax to call the API using the cert/key - and curl/jq are usually quite common on machines these days

[antonbabenko]

Suggested change

	default = "*.terraform-aws-modules.modules.tf"
	default = "terraform-aws-modules.modules.tf"

Can we have it without a wildcard in the default_name? The description does not match the value :)

[bryantbiggs]

Reverted in 6154fc6

I also added a small section that demonstrates the use of wildcard custom domains and mapping subdomains to that wildcard domain in the readme

[antonbabenko]

Please revert this output. Such a striped domain name is needed for Cloudfront.

[bryantbiggs]

re-added in 6154fc6

[antonbabenko]

These throttling_burst_limit and throttling_rate_limit defaults are being used instead of the one specified in stage_default_route_settings.

I think we should not have these defaults here and just use the settings in stage_default_route_settings. WDYT?

[bryantbiggs]

yes, I would normally agree and normally not like to have to set arbitrary numbers either as a default value. However, when testing I kept getting errors only to discover that things were set to 0, and there are various upstream issues both in Terraform and other projects:

• [Bug]: Empty aws_apigatewayv2_stage.default_route_settings.throttling_burst_limit results in 0, not "not configured" hashicorp/terraform-provider-aws#27674
• [Bug]: Removal of the Default route throttling for an API GatewayV2 sets the limits to 0 hashicorp/terraform-provider-aws#30373

so its really a matter of - do we set nothing, and its up to users to set something if they get 429s due to a limit of 0, or do we set something so it works out of the box, but there is a cap that again would require users to set a value that suits their use case? I am ok either way, I don't know what the right way is - either set something (across the board) or set nothing (null - again, across the board)

[antonbabenko]

Thanks for pointing out the issues. I've encountered this problem in the past, but I didn't realize the reason.

Can we not have a default number here (null) but then use coalesce() in the code to get the provided value (if specified) or the value from stage_default_route_settings? This way, it will be closer to the expected behavior.

[bryantbiggs]

good point - updated to coalesce these with the stage default route settings and removed defaults from the route section of the variable in 6154fc6

[antonbabenko]

Awesome! Thank you for taking into account all my comments. I am active user of this module myself :)

[antonbabenko]

This PR is included in version 5.0.0 🎉

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.