feat: implement UsagePlan and ApiKey support in L2 constructs for aws-apigatewayv2 (WebSocketApi)

[maramure]

Issue # (if applicable)

Closes #28756.

Reason for this change

Couldn't create UsagePlans and ApiKeys for WebSocketApi (apigatewayv2) using L2 constructs, cause these 2 features were supported only by RestApi (apigatewayv1).

Description of changes

HttpApi(apigatewayv2) doesn't permit creating UsagePlans or ApiKeys in any way, so bringing these functionalities from apigatewayv1 to apigatewayv2 is possible only for WebSocketApi.

• Added UsagePlan and ApiKey files in aws-apigatewayv2/lib/websocket folder
• Implemented needed interfaces, classes and methods very similar to what was written for RestApi (apigatewayv1)
• Included explicit dependency management between components for proper CloudFormation deployment order
• Added new JSDoc in order to be able to build the project

Describe any new or updated permissions being added

N/A

Description of how you validated changes

• Tested manually by deploying a stack containing and linking the new features
• Wrote unit and integration tests

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

(This review is outdated)

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[gasolima]

What's the reasons for adding routes('$connect', 'sendMessage')?

[maramure]

They were written just to test if addRoute method works. But because I want to test only the usage plan and the routes don't have an impact on this, I deleted them from the integ test.

[gasolima]

since we're testing UsagePlan, can we remove all the optional props in other constructor. That will make the code easier to read/understand

[maramure]

Yes, I kept only the mandatory properties for both WebSocketStages.

[gasolima]

can we add all the optional parameter? since we want to cover as much branches as possible

[maramure]

Yes, I added both the mandatory and optional parameters for ApiKey and UsagePlan, because these are the 2 new added features.

[gasolima]

Looking at other constructors in apigwv2, i see service: 'execute-api',. Why are we going with apigateway here? also same comment on line 181

[maramure]

Looking here
I saw that 'execute-api' is used only for the endpoints, while the other resources use 'apigateway' no matter if they are apigateway v1 or v2.

[gasolima]

why are we going with empty string account? instead of removing the account prop

[maramure]

For a resource's ARN we need the account field empty (as I have seen here). If we would delete the account property, the account would be written by default.

[gasolima]

What's the point of having let here? also since it's used one time isn't it better to have

const resource = new CfnUsagePlanKey(this, `${prefix}:${Names.nodeUniqueId(apiKey.node)}`, {`

[maramure]

let is used only if that variable could take more values depending on some conditions. Actually you are right, we don't need let in this case because to the id we assign only one string, no matter what. I modified that part as you suggested.

[gasolima]

can we have

const resource = new CfnUsagePlan(this, 'Resource', {

[maramure]

Yes, actually this is the good way of writing. Same explanation as in the previous comment.

[gasolima]

This function never returns Token, right? can we remove it?

[maramure]

Yes, this function never return Token, but it is possible to return undefined. I replaced Token with undefined and I adjusted the code so that if the props are undefined, the function would also return undefined.

[gasolima]

this check not needed, since it's checked in the if L283
the same comment on L291

[maramure]

Yes, they are not necessary. I removed the checks for limit, offset and period.
For example, this is enough: limit: props.quota.limit, because if the limit is undefined it will return undefined which is the desired outcome.

[gasolima]

Why are we adding deprecated field?

[maramure]

I have kept the deprecated field apiKey only because it is kept in apigatewayv1 too. Now, I removed it from the WebSocket's UsagePlan because is not needed.

Why the apiKey property was not useful:

• It only allowed adding a single API key to the UsagePlan
• Internally, it just called the addApiKey() method anyway
• The addApiKey() method provides the same functionality with more flexibility

The better approach:

• Use only the addApiKey() method directly, which allows adding multiple keys
• Keys can be added after UsagePlan creation, providing more control
• This eliminates the deprecated property while maintaining full functionality

[gasolima]

suggestion: isn't it better to wrap this function with one condition

  private createStage(apiStage: UsagePlanPerApiStage): CfnUsagePlan.ApiStageProperty {
    if(apiStage.stage){
       return {
         stage: apiStage.stage.stageName.toString(),
         apiId: apiStage.stage.api.apiId
       }
    }
  } 

[maramure]

Yes, is much clear in this way. Also, I added the fact that if apiStage.stage is undefined, the method would explicitly return undefined.

[gasolima]

this condition && apiStages.length > 0 is useless, can we remove it?

[maramure]

It is somehow useful for maintaining the CDK standards.

Without the apiStages.length > 0 condition:

• When a user creates a UsagePlan with an empty apiStages array (apiStages: [])
• The CloudFormation Template explicitly shows: "ApiStages": []

With the apiStages.length > 0 condition:

• Empty arrays are treated as undefined
• The ApiStages property is omitted entirely from the CloudFormation Template
• This follows CDK's standard practice of omitting optional properties when they have no meaningful values

[gasolima]

can we pass also throttle and apiStages? to check that we're propagating them correctly

[maramure]

Yes, this would be a better approach. I added throttle and apiStages too.

[gasolima]

non null assertion operator should be avoided unless it's needed

[maramure]

Yes, I modified the code such that all the cases are covered (props are undefined or not) and return ret! is not needed anymore.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 596eb12
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[kumsmrit]

The PROPERTY_INJECTION_ID should be more specific to avoid conflicts with other similar constructs. Consider changing to:'aws-cdk-lib.aws-apigatewayv2.websocket.ApiKey or aws-cdk-lib.aws-apigatewayv2.WebSocketApiKey. Applicable for other constructs also.

[maramure]

Yes, this implementation follows CDK patterns. I used aws-cdk-lib.aws-apigatewayv2.websocket.ApiKey because it aligns with existing CDK conventions to having clear names for the properties. The alternative approach would have required renaming classes, which would have been an unnecessary refactoring effort.

[kumsmrit]

Based on the Design guidelines, we should add the @attribute tag for this resource property.

[maramure]

Thank you for the resource you attached. I didn't know this information. I added @attribute tag now.

[kumsmrit]

Typo: automically should be automatically.

[maramure]

Corrected it

[kumsmrit]

Consider adding a RateLimitedApiKey test case as well to the integration test.

[maramure]

Good idea. I added the creation of a new WebsocketStage and a RateLimitedApiKey. It is not needed to do a UsagePlan too, because it is automatically created when a RateLimitedApiKey is created.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

This pull request has been removed from the queue for the following reason: pull request branch update failed.

The pull request can't be updated.

You should update or rebase your pull request manually. If you do, this pull request will automatically be requeued once the queue conditions match again.
If you think this was a flaky issue, you can requeue the pull request, without updating it, by posting a @mergifyio requeue comment.

Pull request has been modified.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.