Merge branch 'serverless/main'

Author: MohamadSoufan

apigw-websocket-api-sns-terraform/README.md

@@ -0,0 +1,90 @@
+# API WebSocket to SNS with request validation
+
+This pattern creates a WebSocket API to send notification via SNS topic with request validation.
+
+Learn more about this pattern at Serverless Land Patterns: 
+
+Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.
+
+## Requirements
+
+* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
+* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
+* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* [Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli?in=terraform/aws-get-started) installed
+
+## Deployment Instructions
+
+1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository:
+    ```
+    git clone https://github.com/aws-samples/serverless-patterns
+    ```
+2. Change directory to the pattern directory:
+    ```
+    cd serverless-patterns/apigw-websocket-api-sns-terraform
+    ```
+3. From the command line, initialize terraform to download and install the providers defined in the configuration:
+    ```
+    terraform init
+    ```
+4. From the command line, apply the configuration in the main.tf file:
+    ```
+    terraform apply
+    ```
+5. During the prompts:
+    * Enter yes
+6. Note the outputs from the deployment process, these contain the resource names and/or ARNs which are used for testing.
+
+## How it works
+
+This sample project demonstrates how to use WebSocket API to integrate with Amazon Simple Notification service (SNS) to send notifications. This pattern also implements data validation in WebSocket API using model in API Gateway. This template does not implement Authentication in WebSocket API to keep it simple. However, it is recommended to implement Authentication on WebSocket API.
+This pattern is utilizing native AWS Integration between WebSocket API Gateway and SNS. Request template is used in WebSocket integration to map the input to SNS payload.
+This pattern is also a workaround to invoke AWS services in WebSocket API which requires Content-Type header to be application/x-www-form-urlencoded. By default, WebSocket APIs do not support overriding headers from AWS console and supports application/json in Content-Type header.
+
+## Testing
+
+Once the application is deployed, retrieve the `websocket_URI` value from outputs from terraform apply. To test the Websocket API, you can use [wscat](https://github.com/websockets/wscat) which is an open-source command line tool.
+
+1. wscat -c < YOUR WEBSOCKET URL >
+
+2. Send a payload to the API in the correct format of the Model, otherwise you will receive a 'Forbidden' exception. The model in the template expects the request in below format:
+```
+{"action":"sendOrder","Name":"Jon","SirName":"Doe","Number":"123"}
+```
+3. A successful invocation to Amazon SNS would return the message ID like below:
+```
+{"PublishResponse":{"PublishResult":{"MessageId":"10e10111-a2bf-3a33-b44b-5b55dbde5555","SequenceNumber":null},"ResponseMetadata":{"RequestId":"bd11111e-2222-3c33-4444-055c5550c55e"}}}
+```
+
+
+## Cleanup
+ 
+1. Change directory to the pattern directory:
+    ```
+    cd serverless-patterns/apigw-websocket-api-sns-terraform
+    ```
+2. Delete the resource
+    ```
+    terraform destroy -target aws_apigatewayv2_route.send_order
+    terraform destroy
+    ```
+3. During the prompts:
+    * Enter yes
+
+4.  Delete all the resources
+    ```
+    terraform destroy
+    ```
+    During the prompts:
+    * Enter yes
+
+5. Confirm all created resources has been deleted
+    ```
+    terraform show
+    ```
+
+
+----
+Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+SPDX-License-Identifier: MIT-0

apigw-websocket-api-sns-terraform/example-pattern.json

@@ -0,0 +1,62 @@
+{
+  "title": "API WebSocket to SNS with request validation",
+  "description": "Create a WebSocket API to send notification via SNS topic with request validation",
+  "language": "",
+  "level": "200",
+  "framework": "Terraform",
+  "introBox": {
+    "headline": "How it works",
+    "text": [
+      "This sample project demonstrates how to use WebSocket API to integrate with Amazon Simple Notification service (SNS) to send notifications. This pattern also implements data validation in WebSocket API using model in API Gateway.",
+      "This pattern is utilizing native AWS Integration between WebSocket API Gateway and SNS. Request template is used in WebSocket integration to map the input to SNS payload.",
+      "This pattern is also a workaround to invoke AWS services in WebSocket API which requires Content-Type header to be application/x-www-form-urlencoded. By default, WebSocket APIs do not support overriding headers from AWS console by default",
+      "This pattern deploys one API Gateway and one SNS topic."
+    ]
+  },
+  "gitHub": {
+    "template": {
+      "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/apigw-websocket-api-sns-terraform",
+      "templateURL": "serverless-patterns/apigw-websocket-api-sns-terraform",
+      "projectFolder": "apigw-websocket-api-sns-terraform",
+      "templateFile": "apigw-websocket-api-sns-terraform/main.tf"
+    }
+  },
+  "resources": {
+    "bullets": [
+      {
+        "text": "Request validation in WebSocket API",
+        "link": "https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-request-validation.html"
+      },
+      {
+        "text": "Mapping template in WebSocket API",
+        "link": "https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-data-transformations.html"
+      }
+    ]
+  },
+  "deploy": {
+    "text": [
+      "terraform init",
+      "terraform apply"
+    ]
+  },
+  "testing": {
+    "text": [
+      "See the GitHub repo for detailed testing instructions."
+    ]
+  },
+  "cleanup": {
+    "text": [
+      "terraform destroy -target aws_apigatewayv2_route.send_order",
+      "terraform destroy",
+      "terraform show"
+    ]
+  },
+  "authors": [
+    {
+      "name": "Dushyant Pal",
+      "image": "https://drive.google.com/file/d/1nHLKNYGM4UaYa9sewd9lTQLEJpoZfDem/view",
+      "bio": "Cloud Engineer, Serverless team at AWS Sydney, Australia",
+      "linkedIn": "https://www.linkedin.com/in/dushyant-pal-b331996"
+    }
+  ]
+}

apigw-websocket-api-sns-terraform/main.tf

@@ -0,0 +1,210 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.1.0"
+    }
+    archive = {
+      source  = "hashicorp/archive"
+      version = "~> 2.2.0"
+    }
+  }
+
+  required_version = ">= 0.14.9"
+}
+
+provider "aws" {
+  region = "eu-west-1"
+}
+data "aws_region" "current" {}
+
+locals {
+  stack_name = "template"
+}
+
+variable "api_stage_name" {
+  description = "Name of WebSocket API stage"
+  type        = string
+  default     = "production"
+}
+
+resource "aws_sns_topic" "sns_topic" {
+  display_name = "${local.stack_name}-SNSTopic"
+}
+
+resource "aws_apigatewayv2_api" "web_socket_api" {
+  name                       = "${local.stack_name}-WebSocketApi"
+  protocol_type              = "WEBSOCKET"
+  route_selection_expression = "$request.body.action"
+}
+
+
+resource "aws_apigatewayv2_stage" "MyApiGatewayStage" {
+  api_id      = aws_apigatewayv2_api.web_socket_api.id
+  name        = var.api_stage_name
+  auto_deploy = true
+}
+
+resource "aws_apigatewayv2_route" "connect_route" {
+  api_id                              = aws_apigatewayv2_api.web_socket_api.id
+  route_key                           = "$connect"
+  authorization_type                  = "NONE"
+  route_response_selection_expression = "$default"
+  operation_name                      = "ConnectRoute"
+  target                              = join("/", ["integrations", aws_apigatewayv2_integration.connect_route_integration.id])
+}
+
+resource "aws_apigatewayv2_integration" "connect_route_integration" {
+  api_id           = aws_apigatewayv2_api.web_socket_api.id
+  integration_type = "MOCK"
+  request_templates = {
+    200 = "{\"statusCode\":200}"
+  }
+  template_selection_expression = "200"
+  passthrough_behavior          = "WHEN_NO_MATCH"
+}
+
+resource "aws_apigatewayv2_route_response" "connect_route_response" {
+  route_id           = aws_apigatewayv2_route.connect_route.id
+  api_id             = aws_apigatewayv2_api.web_socket_api.id
+  route_response_key = "$default"
+}
+
+resource "aws_apigatewayv2_integration_response" "connect_route_integration_response" {
+  api_id                        = aws_apigatewayv2_api.web_socket_api.id
+  integration_id                = aws_apigatewayv2_integration.connect_route_integration.id
+  integration_response_key      = "/200/"
+  template_selection_expression = "\\$default"
+  response_templates = {
+    200 = "{\"statusCode\":, \"message\":\"order initiated\"}"
+  }
+}
+
+resource "aws_iam_role" "apigw_sns_demo_functionrole" {
+  #name               = "apigw_sns_demo_functionrole"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "apigateway.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+# Custom policy
+resource "aws_iam_policy" "apigw_sns_demo_policy" {
+  name        = "apigw-sns-demo-policy"
+  path        = "/"
+  description = "Policy for APIGW to SNS demo"
+  policy      = <<EOF
+{
+  "Version" : "2012-10-17",
+  "Statement" : [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "sns:Publish"
+      ],
+      "Resource": "${aws_sns_topic.sns_topic.arn}"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "apigw_policy_attachment" {
+  role       = aws_iam_role.apigw_sns_demo_functionrole.name
+  policy_arn = aws_iam_policy.apigw_sns_demo_policy.arn
+}
+
+
+resource "aws_apigatewayv2_route" "disconnect_route" {
+  api_id         = aws_apigatewayv2_api.web_socket_api.id
+  route_key      = "$disconnect"
+  operation_name = "DisconnectRoute"
+  target         = join("/", ["integrations", aws_apigatewayv2_integration.disconnect_route_integration.id])
+}
+
+resource "aws_apigatewayv2_integration" "disconnect_route_integration" {
+  api_id           = aws_apigatewayv2_api.web_socket_api.id
+  integration_type = "MOCK"
+  request_templates = {
+    200 = "{\"statusCode\":200}"
+  }
+  template_selection_expression = "200"
+  passthrough_behavior          = "WHEN_NO_MATCH"
+}
+
+resource "aws_apigatewayv2_integration_response" "disconnect_route_integration_response" {
+  api_id                        = aws_apigatewayv2_api.web_socket_api.id
+  integration_id                = aws_apigatewayv2_integration.disconnect_route_integration.id
+  integration_response_key      = "/200/"
+  template_selection_expression = "\\$default"
+}
+
+
+resource "aws_apigatewayv2_integration" "send_order_route_integration" {
+  api_id                    = aws_apigatewayv2_api.web_socket_api.id
+  integration_type          = "AWS"
+  integration_uri           = "arn:aws:apigateway:${data.aws_region.current.name}:sns:action/Publish"
+  credentials_arn           = aws_iam_role.apigw_sns_demo_functionrole.arn
+  integration_method        = "POST"
+  content_handling_strategy = "CONVERT_TO_TEXT"
+  request_parameters = {
+    "integration.request.header.Content-Type" = "'application/x-www-form-urlencoded'"
+  }
+  request_templates = {
+    "$default" = "Action=Publish&TopicArn=$util.urlEncode(\"${aws_sns_topic.sns_topic.id}\")&Message=$input.json('$')"
+  }
+  template_selection_expression = "$request.body.action"
+}
+
+resource "aws_apigatewayv2_model" "food_order_model" {
+  api_id       = aws_apigatewayv2_api.web_socket_api.id
+  content_type = "application/json"
+  description  = "this model helps us to ensure that all the required parameters are passed on to the SNS topic"
+  name         = "orderModel"
+  schema       = "{\"$schema\":\"http://json-schema.org/draft-04/schema#\",\"title\":\"orderInputModel\",\"type\":\"object\",\"properties\":{\"Number\":{\"type\":\"string\"},\"SirName\":{\"type\":\"string\"},\"Name\":{\"type\":\"string\"}},\"required\":[\"Name\",\"SirName\",\"Number\"]}"
+}
+
+resource "aws_apigatewayv2_route" "send_order" {
+  api_id                     = aws_apigatewayv2_api.web_socket_api.id
+  route_key                  = "sendOrder"
+  authorization_type         = "NONE"
+  model_selection_expression = "$request.body.action"
+  request_models = {
+    sendOrder = "orderModel"
+  }
+  target = join("/", ["integrations", aws_apigatewayv2_integration.send_order_route_integration.id])
+}
+
+resource "aws_apigatewayv2_route_response" "send_order_route_response" {
+  route_id           = aws_apigatewayv2_route.send_order.id
+  api_id             = aws_apigatewayv2_api.web_socket_api.id
+  route_response_key = "$default"
+}
+
+resource "aws_apigatewayv2_integration_response" "send_order_route_integration_response" {
+  api_id                   = aws_apigatewayv2_api.web_socket_api.id
+  integration_id           = aws_apigatewayv2_integration.send_order_route_integration.id
+  integration_response_key = "$default"
+}
+
+
+
+output "api_endpoint" {
+  description = "API Gateway endpoint URL"
+  value       = "wss://${aws_apigatewayv2_api.web_socket_api.id}.execute-api.${data.aws_region.current.name}.amazonaws.com/${var.api_stage_name}"
+}