(apigatewayv2-integrations): Reusing WebSocketLambdaIntegration doesn't create roles properly

[IsaiahJTurner]

Describe the bug

I just had the same problem. The issue in my case was because API Gateway did not have permission to call the Lambda function in order to process a message arriving from the websocket. The 'internal server error' in this case is API Gateway saying it had some problem when it tried to invoke the Lambda function to handle the websocket message.

I was using CDK to deploy the infrastructure, and I created one WebSocketLambdaIntegration for the connect, disconnect and default websocket handlers, but this doesn't work. You have to create separate WebSocketLambdaIntegration instances even if you are calling the same Lambda function for all websocket events, otherwise CDK does not set the correct permissions.

I could see this was the problem because 1) I was using the same Lambda function for the connect, disconnect and default routes, and 2) in CloudWatch Logs I was only seeing log messages for one of these routes, in this case the 'connect' one. When I sent a message over the websocket, I was not seeing the expected log messages from the Lambda that was supposed to be handling incoming websocket messages. When I disconnected from the websocket, I did not see the expected log messages from the 'disconnect' handler.

This was because CDK had only given Lambda invoke permission to specific routes on the API Gateway websocket stage, and it had only authorised the 'connect' route, not the others.

Fixing the CDK stack so that it correctly assigned permissions, allowing API Gateway to invoke my Lambda for all websocket routes, fixed the problem.

https://stackoverflow.com/a/72716478/1767028

It seems this bug has been addressed in a similar way for a HttpApi here: #18716 (comment)

Expected Behavior

This code works:

const webSocketLambdaIntegration = new WebSocketLambdaIntegration('WebSocketConnectIntegration', socketFunction)
    const webSocketMockIntegration = new WebSocketMockIntegration(`WebSocketMockIntegration`)
    const authorizer = new WebSocketLambdaAuthorizer('Authorizer', socketFunction)
    const webSocketApi = new apigateway.WebSocketApi(this, `WebSocketAPI`, {
      routeSelectionExpression: `$request.body.action`,
      connectRouteOptions: {
        integration: webSocketLambdaIntegration,
        authorizer,
      },
      disconnectRouteOptions: {
        integration: webSocketLambdaIntegration,
      },
      defaultRouteOptions: {
        integration: webSocketMockIntegration,
      },
    })

Current Behavior

Only this code works:

const webSocketMockIntegration = new WebSocketMockIntegration(`WebSocketMockIntegration`)
    const authorizer = new WebSocketLambdaAuthorizer('Authorizer', socketFunction)
    const webSocketApi = new apigateway.WebSocketApi(this, `WebSocketAPI`, {
      routeSelectionExpression: `$request.body.action`,
      connectRouteOptions: {
        integration: new WebSocketLambdaIntegration('WebSocketConnectIntegration', socketFunction),
        authorizer,
      },
      disconnectRouteOptions: {
        integration: new WebSocketLambdaIntegration('WebSocketDisconnectIntegration', socketFunction),
      },
      defaultRouteOptions: {
        integration: new WebSocketLambdaIntegration('WebSocketDefaultIntegration', socketFunction),,
      },
    })

Reproduction Steps

Use code above.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

1

Framework Version

No response

Node.js Version

16

OS

multiple

Language

Typescript

Language Version

No response

Other information

No response

[indrora]

CDKv1 has been placed into maintenance mode; please verify that this issue still happens on CDKv2.

[github-actions]

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.