Unreported breaking change due to change in APIGateway API

[jufemaiz]

Bug Report

Error Description

Changes merged in for v4.0.0 change the underlying APIGateway API from v1 to v2.

• serverless-domain-manager/index.ts

  Line 190 in 58fc87a

  this.apigateway = new this.serverless.providers.aws.sdk.APIGateway(credentials);

• https://github.com/amplify-education/serverless-domain-manager/blame/257664190acf6e5148cf083149823e68c6d587e1/DomainConfig.ts#L26
• https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html

This breaks deploys for anyone whose API Gateway Domain Names are TLS1.0 and REGIONAL (not sure if breaks others).

Command Run

sls deploy

Console Output

Serverless Domain Manager: Error: <DOMAIN>:  BadRequestException: Only REGIONAL domain names with a security policy of TLS 1.2 can be managed through the API Gateway V2 API. For TLS 1.0 domain names, please use the API Gateway V1 API to upgrade your security policy to TLS 1.2. Currently, only REST APIs can be attached to a domain name with a security policy of TLS 1.0.
--
  | Serverless Domain Manager: Error: <DOMAIN>:  Error: Error: <DOMAIN>: Unable to update basepath mapping.

Domain Manager Configuration
Replace this with your own serverless.yml file (anonymized, of course) to help us better resolve your issue.

custom:
  customDomain:
    enabled: true
    basePath: ''
    createRoute53Record: false
    domainName: ${ssm:/SERVICE/domain~true, ''}
    endpointType: 'regional'
    stage: ${self:custom.stage}

API Gateway and Route53 records managed in Terraform.

Versions

Your Environment Information ---------------------------
--
  | Operating System:          linux
  | Node Version:              12.16.3
  | Framework Version:         1.70.1
  | Plugin Version:            3.6.11
  | SDK Version:               2.3.0
  | Components Version:        2.30.10

• Domain Manager version(s): v4.0.0
• Lambda Code: go

Possible Solution

• CHANGELOG.md update to inform of breaking changes

Additional context/Screenshots

N/A

[jufemaiz]

It would also be exceptionally useful to tag releases

[tehnrd]

4.x was a big change and while we aimed for backward compatibility the reason for the major release was that we weren't entirely sure we covered all scenarios...and this was on of them.

I personally did not test TLS 1.0/1.1 as it was End of Life back in March. I would guess it unlikely for TLS 1.0 support to be added to 4.x but could be noted in the readme.

I also swear this project used to have the Release section populated and Tags. I'm wondering it if was removed, accidentally or on purpose.

[aoskotsky-amplify]

Thanks for finding this.

Looks like this might actually affect a decent amount of people so created a fix #348. Let me know if it fixes the issue for you.

We have't tagged releases before but it's a good idea to setup at some point. We use travis for builds. Feel free to send a PR to update the .travis.yml file to add tags for releases.

[jufemaiz]

We've upgraded our infra to pick up TLS1.2 so it's a little moot for us. But I can regress one of them to test it out if you like?