Add extension guides to terraform provider (#590)

API Gateway Throttle
S3 Server Side Encryption
S3 Replicate

---------

Co-authored-by: Jye Cusch <[email protected]>
Co-authored-by: David Moore <[email protected]>
Co-authored-by: Elisse Lockhart <[email protected]>

Author: 4 people

dictionary.txt

@@ -198,6 +198,9 @@ transpiling
 ARN
 HTTPS
 monorepos
+decrypts
+deploytf
+href
 
 ^.+[-:_]\w+$
 [a-z]+([A-Z0-9]|[A-Z0-9]\w+)

public/images/guides/api-gateway-throttle/throttle.png

@@ -571,6 +571,24 @@ const fullNav: FullNav = {
       ],
     },
   ],
+  ['guides/terraform']: [
+    {
+      links: [
+        {
+          title: 'AWS S3 Server-side Encryption',
+          href: '/guides/terraform/s3-encryption',
+        },
+        {
+          title: 'AWS S3 Replication',
+          href: '/guides/terraform/s3-replicate',
+        },
+        {
+          title: 'AWS API Gateway Throttle',
+          href: '/guides/terraform/api-gateway-throttle',
+        },
+      ],
+    },
+  ],
   ['guides/deploying']: [
     {
       links: [
@@ -631,6 +649,11 @@ const fullNav: FullNav = {
           href: '/guides/deploying',
           icon: BoltIcon,
         },
+        {
+          title: 'Terraform Guides',
+          href: '/guides/terraform',
+          icon: SiTerraform,
+        },
         {
           title: 'Examples',
           href: '/guides/examples',

public/images/guides/s3-encryption/encrypt.png

@@ -1,5 +1,5 @@
 import { FaNodeJs, FaPython, FaJava } from 'react-icons/fa'
-import { SiDart } from 'react-icons/si'
+import { SiDart, SiTerraform } from 'react-icons/si'
 import { BiLogoGoLang } from 'react-icons/bi'
 
 # Nitric Guides
@@ -56,7 +56,14 @@ import { BiLogoGoLang } from 'react-icons/bi'
     pattern={2}
   />
 </GuidesGrid>
-
+<GuidesGrid title="Extend your Provider">
+  <Guide
+    customIcon={SiTerraform}
+    href="/guides/terraform"
+    name="Terraform Guides"
+    description="Learn about using and extending the Nitric Terraform Providers."
+  />
+</GuidesGrid>
 <GuidesGrid title="Resources">
   <Guide
     href="/guides/examples"

public/images/guides/s3-replicate/replication.png

@@ -0,0 +1,30 @@
+import { SiTerraform } from 'react-icons/si'
+
+export const description = 'How to work with the Terraform Providers'
+
+# Terraform Guides
+
+<GuidesGrid title="Recommended Terraform Guides">
+    <Guide
+    customIcon={SiTerraform}
+    href="/guides/terraform/s3-encryption"
+    name="AWS S3 Server-side Encryption"
+    description="Extend the Nitric AWS S3 Terraform provider to add server-side encryption"
+
+/>
+
+  <Guide
+    customIcon={SiTerraform}
+    href="/guides/terraform/s3-replicate"
+    name="AWS S3 Replication"
+    description="Extend the Nitric AWS S3 Terraform provider to replicate S3 buckets"
+
+/>
+
+  <Guide
+    customIcon={SiTerraform}
+    href="/guides/terraform/api-gateway-throttle"
+    name="AWS API Gateway Throttle"
+    description="Extend the Nitric AWS Terraform provider to set API Gateway throttling limits"
+/>
+</GuidesGrid>

src/nav.config.ts

@@ -0,0 +1,109 @@
+export const description =
+  'Extend the Nitric AWS Terraform provider to set API Gateway throttling limits'
+
+# Add Throttle Limits to API Gateway
+
+Throttling helps prevent your backend services from being overwhelmed by too many requests at once. This is particularly important if your backend services have limited capacity and can only handle a certain number of requests per second.
+
+Without throttling, a single client could potentially consume all available resources, leaving others with degraded service or no service at all.
+
+## What we'll be doing
+
+1. Review the existing module
+2. Configure throttle limits
+
+## Review the existing module
+
+Start by cloning the [Nitric repository](https://github.com/nitrictech/nitric), then examine how the Terrraform provider [provisions an API Gateway](https://github.com/nitrictech/nitric/tree/main/cloud/aws/deploytf/.nitric/modules/api).
+
+```bash
+git clone https://github.com/nitrictech/nitric
+cd nitric
+```
+
+The AWS API module in the default Terraform provider performs the following tasks:
+
+1. Defines an HTTP API Gateway with specified name, protocol, and API specification.
+2. Sets up a "$default" deployment stage with automatic deployment enabled.
+3. Allows the API Gateway to invoke specified Lambda functions.
+4. Looks up existing certificates for specified domains.
+5. Configures custom domain names for the API Gateway using the retrieved certificates.
+
+To begin our customization, we will start adding configuration to the existing module.
+
+## Configure throttle limits
+
+Update `aws_apigatewayv2_stage.stage` in `aws/deploytf/.nitric/modules/bucket/main.tf` to add `default_route_settings` which include throttling limits:
+
+```hcl {{ tag: 'aws/deploytf/.nitric/modules/bucket/main.tf' }}
+resource "aws_apigatewayv2_stage" "stage" {
+  api_id      = aws_apigatewayv2_api.api_gateway.id
+  name        = "$default"
+  auto_deploy = true
+
+  default_route_settings {
+    throttling_burst_limit = 1000
+    throttling_rate_limit  = 500
+  }
+}
+```
+
+<Note>
+  Full documentation can be found on the [Terraform
+  registry](https://registry.terraform.io/providers/hashicorp/aws/2.70.2/docs/resources/apigatewayv2_stage#throttling_burst_limit).
+</Note>
+
+## Build and use your updated provider
+
+The Nitric project includes a make file that will build and install your provider as `nitric/[email protected]` by default.
+
+Navigate to `nitric/cloud/aws` and run `make install` to build and install the modified provider binary.
+
+```bash
+cd nitric/cloud/aws
+
+make install
+```
+
+The provider can then be used directly in your project's stack file as follows.
+
+```yaml
+# The nitric provider to use
+provider: nitric/[email protected]
+
+# The target aws region to deploy to
+region: us-east-2
+```
+
+<Note>
+  If you don't have a stack file use `nitric stack new` to create one.
+</Note>
+
+Because the [Terraform providers](/reference/providers/terraform) are in preview, you'll also need to enable `beta-providers` in your Nitric project by adding the following to your project's nitric.yaml file:
+
+```yaml {{ tag: 'nitric.yaml' }}
+preview:
+  - beta-providers
+```
+
+You can generate the Terraform project as usual by running the `nitric up` command:
+
+```bash
+nitric up
+```
+
+To deploy the application using Terraform, you can navigate into your Terraform stack directory and use the standard Terraform commands:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+Finally, log into the [AWS console](https://us-east-1.console.aws.amazon.com/apigateway/main/apis?region=us-east-2) to verify the configuration was applied.
+
+<img
+  src="/docs/images/guides/api-gateway-throttle/throttle.png"
+  className="rounded"
+  alt="aws console api gateway throttle settings"
+/>

src/pages/guides.mdx

@@ -0,0 +1,113 @@
+export const description =
+  'Extend the Nitric AWS S3 Terraform provider to add server-side encryption'
+
+# Add server-side encryption
+
+Server-side encryption (SSE) in Amazon S3 automatically encrypts data when it is written to the storage service and decrypts it when accessed, providing robust data protection, compliance with regulatory requirements, and ease of management.
+
+<Note>
+  Server-side encryption with Amazon S3 managed keys (SSE-S3) is free. Other
+  encryption options may incur costs. Amazon offers pricing details on their
+  [pricing page](https://aws.amazon.com/s3/pricing/).
+</Note>
+
+## What we'll be doing
+
+1. Review the existing module
+2. Configure server-side encryption (SSE)
+
+## Review the existing module
+
+Start by cloning the [Nitric repository](https://github.com/nitrictech/nitric), then examine how the Terrraform provider [provisions an S3 bucket](https://github.com/nitrictech/nitric/tree/main/cloud/aws/deploytf/.nitric/modules/bucket).
+
+```bash
+git clone https://github.com/nitrictech/nitric
+cd nitric
+```
+
+The AWS S3 module in the default Terraform provider performs the following tasks:
+
+1. Creates a unique ID for the S3 bucket to ensure unique naming.
+2. Provisions an S3 bucket with a unique name using the generated ID.
+3. Tags the bucket for identification.
+4. Grants S3 permission to invoke specified Lambda functions.
+5. Configures S3 bucket notifications to trigger Lambda functions based on specified events using dynamic blocks.
+
+To begin our customization, we will start adding configuration to this module.
+
+## Add server-side encryption (SSE)
+
+Add the following at the end of `aws/deploytf/.nitric/modules/bucket/main.tf`:
+
+```hcl {{ tag: 'aws/deploytf/.nitric/modules/bucket/main.tf' }}
+# AWS S3 bucket server-side encryption configuration
+resource "aws_s3_bucket_server_side_encryption_configuration" "bucket_encryption" {
+  bucket = aws_s3_bucket.bucket.bucket
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}
+```
+
+<Note>
+  Full documentation can be found on the [Terraform
+  registry](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration).
+</Note>
+
+## Build and use your modified provider
+
+The Nitric project includes a make file that will build and install your provider as `nitric/[email protected]` by default.
+
+Navigate to `nitric/cloud/aws` and run `make install` to build and install the modified provider binary.
+
+```bash
+cd nitric/cloud/aws
+
+make install
+```
+
+The provider can then be used directly in your project's stack file as follows.
+
+```yaml
+# The nitric provider to use
+provider: nitric/[email protected]
+
+# The target aws region to deploy to
+region: us-east-2
+```
+
+<Note>
+  If you don't have a stack file use `nitric stack new` to create one.
+</Note>
+
+Because the [Terraform providers](/reference/providers/terraform) are in preview, you'll also need to enable `beta-providers` in your Nitric project by adding the following to your project's nitric.yaml file:
+
+```yaml {{ tag: 'nitric.yaml' }}
+preview:
+  - beta-providers
+```
+
+You can generate the Terraform project as usual by running the `nitric up` command:
+
+```bash
+nitric up
+```
+
+To deploy the application using Terraform, you can navigate into your Terraform stack directory and use the standard Terraform commands:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+Finally, log into the [AWS console](https://us-east-1.console.aws.amazon.com/s3/buckets?region=us-east-2) to verify the encryption configuration was applied.
+
+<img
+  src="/docs/images/guides/s3-encryption/encrypt.png"
+  className="rounded"
+  alt="aws console s3 management for replication."
+/>