Add support for HTTP and WebSocket API Types

[tehnrd]

Fixes #312 #207 #223

Description of Issue Fixed
This PR adds support for both HTTP and Websocket API Types for the AWS API Gateway. For these types, domain names must use the ApiGatewayV2 AWS API.

This PR essentially bulkifies the entire process of defining and creating domains. Instead of config values being defined on variables in the index.ts file an array of DomainConfigs is created. Then for all operations it will process all of the domain configs. This allows the mixing of different API types and domains in one serverless.yml file.

It is backward compatible with the current customdomain configuration format. It is also structured in a way that will easily scale should AWS add new API types in the future.

This can be tested by adding the following branch to your dependencies.

"dependencies": {
  "serverless-domain-manager": "tehnrd/serverless-domain-manager#http-ws-support-BETA"
},

Changes proposed in this pull request:

• Static global vars have been moved to Globals.ts to allow easy access across multiple files
• Domain configuration options have been removed from index.ts. A new class DomainConfig.ts is created from the plugin configuration. These are placed into an array of domains in index.ts.
• Methods that process many domain configurations at once like createDomains() have been bulkified to process all DomainConfigs in the domains array.
• Methods that process one domain at a time like createCustomDomain() now take an argument of a DomainConfig.
• The configuration is backward compatible but still supports new API types with apiType option. This works well for projects that have a single service per serverless.yml file

   custom:
       customDomain:
           domainName: serverless.foo.com
           stage: ci
           basePath: api
           certificateName: '*.foo.com'
           createRoute53Record: true
           endpointType: 'regional'
           securityPolicy: tls_1_2
           apiType: rest

• A new configuration format is also added that allows defining multiple API types along with corrresponding domain configurations.

  custom:
      customDomain:
          rest:
              domainName: rest.serverless.foo.com
              stage: ci
              basePath: api
              certificateName: '*.foo.com'
              createRoute53Record: true
              endpointType: 'regional'
              securityPolicy: tls_1_2
          http:
              domainName: http.serverless.foo.com
              stage: ci
              basePath: api
              certificateName: '*.foo.com'
              createRoute53Record: true
              endpointType: 'regional'
              securityPolicy: tls_1_2
          websocket:
              domainName: ws.serverless.foo.com
              stage: ci
              basePath: api
              certificateName: '*.foo.com'
              createRoute53Record: true
              endpointType: 'regional'
              securityPolicy: tls_1_2

Unit tests have been updated and a few new ones have been added. I also performed some functional testing and everything appears to be working. I was unable to get the integration tests to run but will try to work on that while this PR is pending review.

I understand this is a massive PR and a huge refactor but I would love to see this get some attention as it was a decent effort. Even being backward compatible it might be worth a 4.x release given potential impact and the number of people that have become dependent on this very popular package.

P.S. Can do normal online PR review, but I actually live and work near DUMBO and could do in-person walkthrough of the changes if that makes sense.

[lee-reinhardt]

Thanks for implementing this! I've tried it out today and can verify it works for the HTTP API type.

Something I've noticed is that subsequent runs of sls deploy will fail with this error:

Serverless Domain Manager: Error: dev.api.example.com:  ConflictException: ApiMapping key already exists for this domain name
Serverless Domain Manager: Error: dev.api.example.com:  Error: Error: Unable to create basepath mapping.

Ideally it would recognize this situation and proceed as normal. I worked around this in my local testing by doing:

        // Make API call
        try {
          yield this.apigatewayV2.createApiMapping(params).promise();
          this.serverless.cli.log("Created basepath mapping.");
        } catch (err) {
          if (err.code === "ConflictException") {
            this.serverless.cli.log(
              "Basepath already exists",
              "Serverless Domain Manager"
            );
            return;
          }

          this.logIfDebug(err, domain.givenDomainName);
          throw new Error(`Error: Unable to create basepath mapping.\n`);
        }

I have no idea if that is reasonable for all cases or not, but it worked for my situation.

[tehnrd]

@lee-reinhardt That issue should be fixed now, but you may need to manually delete the existing mappings.

The problem was API mappings were being created with V2 of the AWS API but then attempting to update with V1 on subsequent deploys. I also added unit tests.

Thanks for jumping on this and doing a little testing, really appreciate it!

[zainzafar]

When can we expect this to be merged?

[cbschuld]

Curious; does anyone know if we are able to install @tehnrd 's PR directly via NPM. I installed it with

npm install "TehNrd/serverless-domain-manager" --save-dev

but I end up with the error:

Serverless plugin "serverless-domain-manager" not found. Make sure it's installed and listed in the "plugins" section of your serverless config file.

Bummer!

Also, super excited to see this PR pushed into a new release

[tehnrd]

@cbschuld Unfortunately, that is not going to work because Amplify does not keep the compiled distribution files in the repository. They seem to have some sort of separate NPM publishing process not included in this repo.

Here is something you can do for testing, but it isn't really scalable.

• pull down TehNrd/serverless-domain-manager, can also directly clone/checkout this branch, https://github.com/TehNrd/serverless-domain-manager/tree/http-ws-support
• Switch to the 'https-ws-support` branch on local project
• In the project directory run commands npm install then npm run build
• In the serverless project that you want to test this in, add the following to the plugins:

plugins:
  - /Users/jason/Documents/Projects/serverless-domain-manager/dist/index.js

The full path will be different for you, but you can easily get it by opening the project in VSCode or similar, right click on the /dist/index.js file and "Copy Path"

[cbschuld]

@tehnrd - awesome; thank you! This will get my by while I wait for this PR to be eaten.

[cbschuld]

@tehnrd - I am bumping into a few things - unsure if I am missing something and being stupid or if it is underscoring something else

converted customDomain to:

  customDomain:
    domainName: ${self:custom.domains.${self:custom.stage}}
    stage: ${self:custom.stage}
    basePath: ""
    certificateName: "*.DOMAIN.COM"
    createRoute53Record: true
    endpointType: 'regional'
    securityPolicy: tls_1_2
    apiType: http

It will not deploy with error:

  Error: Error: Failed to find CloudFormation resources for dev-api.DOMAIN.COM

      at ServerlessCustomDomain.<anonymous> (/projects/serverless-domain-manager/dist/index.js:559:23)
      at Generator.throw (<anonymous>)
      at rejected (/projects/serverless-domain-manager/dist/index.js:5:65)
      at processTicksAndRejections (internal/process/task_queues.js:97:5)

While in debug mode I am seeing this:

Serverless: [AWS cloudformation 400 0.266s 0 retries] describeStackResource({
  LogicalResourceId: 'ApiGatewayRestApi',
  StackName: 'api-DOMAIN-COM-dev'
})
Serverless Domain Manager: ValidationError: Resource ApiGatewayRestApi does not exist for stack api-DOMAIN-COM-dev

any help is both appreciated & awesome! Thx!

[tehnrd]

@cbschuld Looks like you pulled down and ran build on the master branch which is currently the released version and with no support for http/ws.

If you pull down the whole repo you'll need to switch to the http-ws-support branch and then do npm run build (I accidentally omitted this in instructions above, I've updated the post now to be more clear)

Can also clone/pull this branch directly, https://github.com/TehNrd/serverless-domain-manager/tree/http-ws-support

If you find any problems/issues/bugs in testing, let me know!

[cbschuld]

@tehnrd - [ shakes head in shame ] - thank you - that was it; apologies; was in the wrong branch - I'll push ahead

[cbschuld]

@tehnrd - apologies, I keep bumping into issues ; I was hoping I could be a good test case for the updates and I feel like the whiny dev w/o enough context to help.

Here is the error I am seeing:

Serverless: [AWS cloudformation 400 0.256s 0 retries] describeStackResource({ LogicalResourceId: 'HttpApi', StackName: 'api-DOMAIN-COM-dev' })
Serverless Domain Manager: Error: dev-api.DOMAIN-COM:  ValidationError: Resource HttpApi does not exist for stack api-DOMAIN-COM-dev

I checked the stack and the resource is definitely not there.

Here is additional context on the error:

service: api-DOMAIN-COM
stage: dev
region: us-west-2
stack: api-DOMAIN-COM-dev
resources: 6
api keys:
  None
endpoints:
  None
functions:
  test: api-DOMAIN-COM-dev-test
layers:
  None
Serverless: [AWS cloudformation 400 0.256s 0 retries] describeStackResource({ LogicalResourceId: 'HttpApi', StackName: 'api-DOMAIN-COM-dev' })
Serverless Domain Manager: Error: dev-api.DOMAIN.COM:  ValidationError: Resource HttpApi does not exist for stack api-DOMAIN-COM-dev
Serverless Domain Manager: Error: dev-api.DOMAIN.COM:  Error: Error: Failed to find CloudFormation resources for dev-api.DOMAIN.COM


  Error --------------------------------------------------

  Error: Error: Unable to setup base domain mappings for dev-api.DOMAIN.COM
      at ServerlessCustomDomain.<anonymous> (/private/var/www/serverless-domain-manager/dist/index.js:137:27)
      at Generator.throw (<anonymous>)
      at rejected (/private/var/www/serverless-domain-manager/dist/index.js:5:65)
      at processTicksAndRejections (internal/process/task_queues.js:97:5)

again, I am in hopes I am just not thinking crisply around this challenge

[tehnrd]

No stress on issues, happy to find and fix!

Was this for an existing domain that was already created or a new one?

Did you run sls create_domain?

[cbschuld]

@tehnrd - yeah; domain is definitely created. Also, I removed everything and started from a clean slate and ended up w/ the same error. Here is the call from create_domain for sanity:

Serverless: Load command output:get
Serverless: Load command output:list
Serverless: Load command param
Serverless: Load command param:get
Serverless: Load command param:list
Serverless: Load command dev
Serverless: Invoke create_domain
Serverless: [AWS apigateway 200 0.369s 0 retries] getDomainName({ domainName: 'dev-api.DOMAIN.COM' })
Serverless: Custom domain dev-api.DOMAIN.COM already exists.

[cbschuld]

No stress on issues, happy to find and them and fix!

Well, that is a more valid error message as it is on the right branch. 🤔

Was this for an existing domain that was already created or a new one?

Did you run sls create_domain?

Existing domain.

[tehnrd]

An existing domain might be the issue. How long ago and how was it created?

Older domains will not work as they are created with AWS APIGateway API (v1) that is not compatible with HTTP APIs as the Domains needed to be created with AWS ApiGatewayV2 API. AWS doesn't make this obvious at all as there is no way to see in the console what API version was used to create a domain. Even their APIs don't tell you what version a Domain Name was created with!

If it was created and used with an older REST API, it won't be usable with the new HTTP APIs.

Let me know if this was the issue and maybe I can think of a creative way to solve this.

[cbschuld]

@tehnrd - copy that. It was definitely created with the previous version. The domain's route53 record is pretty packed though so re-creating will bit a bit of a pain. I suspect I won't be the only one looking to convert REST subdomains over to HTTP either. Bummer. I am contemplating blowing away the domain just for pure testing reasons.

[tehnrd]

Ya, it's definitely an issue, but possibly more of an AWS issue. Let me think about the best way to handle it. My first thought is there probably isn't a good way as this needs to be done in a controlled manner due to all the Route 53 and DNS propagation stuff that needs to happen. It would be pretty bad if a deploy swapped out DNS stuff unexpectedly.

EDIT: Hmmmm, it looks like AWS recently updated the API Gateway console for Custom Domains. It still doesn't show what version a domain was created with, but I was able to create a domain mapping to an HTTP API with an older Domain created with APIGateway (v1). I swore it threw an error before but is now working. I'll investigate tonight.

[cbschuld]

@tehnrd - resetting everything back to zero I am noticing that the v2 version * may * not be dealing with edge vs regional certificates in us-east-1 vs let's say us-west-2 for certificates. Obviously the provider is this.serverless.providers.aws.sdk.ApiGatewayV2 Which may end up impeding the creation of the HttpApi downstream. I am still digging but not finding a root cause (yet).

I have yet to get it to create a domain correctly.

[tehnrd]

Edge vs Regional certificate? Are there different types of certs? Or do you mean certs stored in two different regions?

FWIW, Domains that use an HTTP API can only be Regional, not Edge. (not sure if that is related)

[tehnrd]

@cbschuld Should be fixed now, but let me know.

Route 53 is one of my weaker areas of AWS knowledge and the issue was that I/code was not handling the new response object correctly for domains created with ApiGatewatV2 and it was setting the DomainInfo.domainName incorrectly. It was falling back to the givenName from the customDomain serverless.yml file when it should have been using the ApiGatewayDomainName property in the response.

Thanks for testing, catching this, and jumping on Zoom to dig into details!

[tehnrd]

I started to look into how this could support migration from an older REST API to an HTTP API as an older domain even created with APIGateway (v1) should still be able to create base path mappings to HTTP APIS if it is a Regional Domain.

Investigating this I discovered an issue (easily fixable) with the current implementation. It assumes if setting up a REST API, use APIGateway (V1) and if HTTP or WebSocket API use ApiGatewayV2. Unfortunately, It's not quite this simple as Domains can be of the type Edge Optimized or Regional, but the REST APIs can also be configured Regional/Edge/Private. This creates a little matrix of possibilities of 1) is the combination even valid/allowed, and 2) if the combination is valid what APIGateway API version should be used for configuration, v1 or v2.

I think this table handles all the scenarios but I need to perform actual testing. Not sure about Private REST APIs.

If it is correct, I will add upfront validation to throw an error the customDomain config is invalid. If it is valid a different method will determine what ApiGateway API version to use.

		Domain Type
		EDGE	REGIONAL
Api Type	REST Edge	Y v1	N
	REST Regional	N	Y v2
	REST Private	-	-
	WS	N	Y v2
	HTTP	N	Y v2

[tehnrd]

do you want to merge this first or get

Not going to make any changes (unless someone finds a bug), I decided to hold off.

I or @ConradKurth can do different PR to address #327. While I think it would be easy to add, it is technically a different feature, so a separate clean commit would be good in case a revert is needed. And would also make viewing the changes to support multiple domains easier to see rather than burying them in this.

Edit: and I realize this PR is a bit of a beast, so let me know if I can clarify or need to change anything and I'll jump on it.

[ConradKurth]

@tehnrd I agree, lets get this in and then we address the other PR

[aoskotsky-amplify]

Left small minor comments. Thanks a lot for all of this work! Really appreciate it. Sorry again for the long delay. Let me know if you have any comments/questions and we can try to get this merged.

[aoskotsky-amplify]

If this is only used for logging errors then maybe this could be called logErrorIfDebug

[tehnrd]

It can, totally up to the Amplify team. I can rename it but I will wait for confirmation from you.

This was an already existing method I just added the domain argument to so the user would know which domain was failing on a multi API deployment.

[aoskotsky-amplify]

I was referring to the fact that the message now always includes the word Error so we could make the function name show that. It's a nitpick so leaving it as is for now is fine too

[tehnrd]

Ah, gotcha. I checked master it is only using for errors, but I'm inclined to keep it as is for now as it could theoretically be used for other messages.

And there isn't a dedicated serverless.cli method specifically for errors:

...so probably best if this is handled in its own separate commit.

[aoskotsky-amplify]

Is this comment still accurate? This seems to decide which API to use based on endpoint type and not API type

[aoskotsky-amplify]

Also, why can't EDGE domains/rest APIs be created using the v2 API?

[claygorman]

seems like it can https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/ApiGatewayV2.html#createDomainName-property

but API cannot https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/ApiGatewayV2.html#createApi-property

[tehnrd]

@aoskotsky-amplify @claygorman That inline comment is incorrect and should say if creating an EDGE API (only REST can be EDGE, so it's a little confusing, but if REST is regional it can use the v2 API), but...

...the AWS docs are wrong, and not yet updated. I opened a case with AWS Support about this issue exactly.

v2 API cannot create EDGE domain names.

#319 (comment)

[tehnrd]

I think we are good to resolve this one? @aoskotsky-amplify

[tehnrd]

Thanks @aoskotsky-amplify, I'll give those a look this evening.

Do you have a preference for the process of implementing/fixing feedback?

1. Make changes and force push to update
   or
2. Make a new commit to easily see the changes, and then squash those into one commit before merge.

(embarrassed about all those typos and just installed VSCode spellchecker!)

[aoskotsky-amplify]

@tehnrd I think option 2 makes sense. Just send a new commit(s) with the changes. Thanks again!

[tehnrd]

@aoskotsky-amplify I fixed and resolved the simple changes.

I left open the others that are a little more complex or need more discussion and will let Amplify mark as Resolved when appropriate.

[aoskotsky-amplify]

Found a couple of more typos and one question. Let me know what you think. I'll try to get this merged as soon as possible.

I ran the integration tests locally (I had to make a bunch of changes to get them working again that are unrelated to this PR which I'll commit in a future PR) Looks like they all pass against this PR which is great.

[aoskotsky-amplify]

This is actually changing some of the old behavior. This used to log an error without throwing an exception. I ran into this by accident by running delete_domain and remove out of order. For example:

sls create_domain
sls deploy
sls delete_domain
sls remove

The sls remove command above started throwing errors and I wasn't able to remove the API until running sls create_domain and sls_deploy again.

[tehnrd]

Hmm...ya...I'm looking at that and can't recall a good reason why. I think I was just following the same approach used in other try/catch blocks and may have been a copy/paste error.

I removed the throw and added a log.

[aoskotsky-amplify]

I was referring to the fact that the message now always includes the word Error so we could make the function name show that. It's a nitpick so leaving it as is for now is fine too

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities (and 0 Security Hotspots to review)
0 Code Smells

No Coverage information
0.0% Duplication

[tehnrd]

@aoskotsky-amplify I think I addressed the issues found. Let me know when you want this squashed down to one commit before any merging (or other issues to fix)

[aoskotsky-amplify]

Looks good. Thank you for all of the work and the patience! This will be released in a upcoming build.

[tehnrd]

No prob, happy to help!

You beat me to it! I was going to smash those commits into one for a little cleaner history, but not a big deal. You can do it on master if you want before anyone else starts working off of it.

[aoskotsky-amplify]

I think it's fine having the longer history. Thanks. Working on updating the package version and change log now.

[reganjohnson]

Hey @tehnrd hoping you can help me here. Getting this error when deploying - have tried to delete the domain, mappings, etc, and recreate using SLS.

`Serverless: [AWS cloudformation 400 0.168s 0 retries] describeStackResource({ LogicalResourceId: 'HttpApi', StackName: 'api' })
Serverless Domain Manager: Error: api.domain.com: ValidationError: Resource HttpApi does not exist for stack api
Serverless Domain Manager: Error: api.domain.com: Error: Error: Failed to find CloudFormation resources for api.domain.com

Error --------------------------------------------------

Error: Error: Unable to setup base domain mappings for api.domain.com
at ServerlessCustomDomain. (node_modules/serverless-domain-manager/dist/index.js:142:27)
at Generator.throw ()
at rejected (node_modules/serverless-domain-manager/dist/index.js:5:65)
at runMicrotasks ()
at processTicksAndRejections (internal/process/task_queues.js:97:5)`

Any advice where to go next?

[tehnrd]

@reganjohnson You using 4.x? https://www.npmjs.com/package/serverless-domain-manager

What does your config look like?

[reganjohnson]

@tehnrd Yes to 4.0

service: api

provider:
  name: aws
  region: us-east-1
  stage: dev
  runtime: provided
  tags:
    Environment: dev
  httpApi:
    cors: true
  logs:
    httpApi: true
  vpc:
    securityGroupIds:
      - sg-f123456
    subnetIds:
      - subnet-01111111111
      - subnet-01111111112
      - subnet-01111111113
  iamRoleStatements:
    - Effect: Allow
      Action:
        - sqs:SendMessage
        - sqs:ReceiveMessage
        - sqs:GetQueueAttributes
      Resource: arn:aws:sqs:us-east-1:123456789:sqs-dev
  environment:
    ENV_VAR_1: value

plugins:
  - ./vendor/bref/bref
  - serverless-domain-manager

custom:
  customDomain:
    domainName: api.domain.com
    basePath: ''
    stage: dev
    apiType: http
    createRoute53Record: false
    endpointType: regional
    securityPolicy: tls_1_2
    certificateArn: arn:aws:acm:us-east-1:123456789:certificate/uuid

package:
  exclude:
    - node_modules/**
    - etc...

functions:
  api:
    handler: public/index.php
    timeout: 10
    memorySize: 1024
    layers:
      - ${bref:layer.php-74-fpm}
    events:
      - httpApi: '*'

  queue-listener:
    handler: public/worker.php
    timeout: 120
    reservedConcurrency: 10
    events:
      - sqs: arn:aws:sqs:us-east-1:123456789:sqs-dev
        batchSize: 1
    layers:
      - ${bref:layer.php-74}

[tehnrd]

Try dropping the stage option. It technically isn't required for HTTP apis. It should inherit the stage used with sls deploy

If there is specific need for it, let me know as I'm curious.

Related to #334

[reganjohnson]

Try dropping the stage option. It technically isn't required for HTTP apis. It should inherit the stage used with sls deploy

If there is specific need for it, let me know as I'm curious.

Related to #334

No need for the stage on the new httpApi - was using it for the REST setup I migrated from.

This appears to have worked! Thank you much for the quick reply.

[yasso1am]

Hi there, it appears this PR accomplished exactly what I need, however in practice I am unable to receive a Cloudfront distribution link through the process of running sls create_domain and sls deploy.

I am attempting to deploy an Api Gateway V2, as in an http api vs rest api. From my reading, it appears I can only do this with regional endpoint types, since edge-optimized are not supported. I created my certificate in the correct region, and validated successfully through DNS validation. I am NOT using Route53, but instead using Cloudflare. As such, I have set createRoute53Record to false.

Here is the relevant part of my serverless.yml file.

custom:
  customDomain:
    domainName: dev.domain.com
    basePath: api
    apiType: http
    createRoute53Record: false
    endpointType: regional
    autoDomain: true
    securityPolicy: tls_1_2

When I run sls create_domain, it does create a custom domain in my api gateway, however there is no console output. All of the documentation/tutorials I follow says I should receive something. When I run this command with the --verbose flag I receive the following:

sls create_domain --verbose
Running "serverless" from node_modules
'dev.domain.com' does not exist.
Searching for a certificate with the 'dev.domain.com' domain
Custom domain 'dev.domain.com' was created.
                 New domains may take up to 40 minutes to be initialized.
Creating/updating route53 record for 'dev.domain.com'.
Skipping creation of Route53 record.

So I believe this has worked successfully, however when I then run sls deploy, the output in the Serverless Domain Manager: section is not providing me a Target Domain of a Cloudfront distribution, but instead of the api gateway custom domain. It looks like this:

Serverless Domain Manager:
 Domain Name: dev.domain.com
 Target Domain: d-randomId.execute-api.us-west-2.amazonaws.com
 Hosted Zone Id: Z2OJLYMUO9EFXC

It is my understanding that I should be receiving a Cloudfront distribution url in the Target Domain section of this output, which I can use to configure my DNS in Cloudflare as an Alias/CNAME to point to it. Why is this not happening? It appears to me that @reganjohnson is not creating a route53 record either, so I don't think this should be my issue, what gives?

[adminy]

same here, target domain for rest seems to work fine, but for http api target domain is not the same as endpoints listed after sls deploy.