@bitblit/ratchet-epsilon-deployment 4.0.99-alpha → 4.0.103-alpha
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/{dist/types → lib}/build/ratchet-epsilon-deployment-info.d.ts +1 -1
- package/{dist/types → lib}/deployment/cdk/epsilon-api-stack.d.ts +1 -1
- package/{dist/es → lib}/deployment/cdk/epsilon-api-stack.js +6 -3
- package/{dist/types → lib}/deployment/cdk/epsilon-stack-util.d.ts +1 -1
- package/{dist/es → lib}/deployment/cdk/epsilon-stack-util.js +21 -21
- package/{dist/types → lib}/deployment/cdk/epsilon-website-stack-props.d.ts +1 -1
- package/{dist/types → lib}/deployment/cdk/epsilon-website-stack.d.ts +1 -1
- package/{dist/es → lib}/deployment/cdk/epsilon-website-stack.js +3 -2
- package/lib/deployment/cdk/epsilon-website-stack.spec.js +8 -0
- package/lib/deployment/cdk/simple-additional-s3-website-mapping.js +1 -0
- package/lib/index.d.ts +1 -0
- package/lib/index.js +1 -0
- package/package.json +10 -12
- package/dist/cjs/build/ratchet-epsilon-deployment-info.js +0 -18
- package/dist/cjs/deployment/cdk/epsilon-api-stack-props.js +0 -2
- package/dist/cjs/deployment/cdk/epsilon-api-stack.js +0 -182
- package/dist/cjs/deployment/cdk/epsilon-stack-util.js +0 -71
- package/dist/cjs/deployment/cdk/epsilon-website-stack-props.js +0 -8
- package/dist/cjs/deployment/cdk/epsilon-website-stack.js +0 -157
- package/dist/cjs/deployment/cdk/simple-additional-s3-website-mapping.js +0 -2
- package/dist/cjs/index.js +0 -10
- package/dist/es/index.js +0 -7
- package/dist/tsconfig.cjs.tsbuildinfo +0 -1
- package/dist/tsconfig.es.tsbuildinfo +0 -1
- package/dist/tsconfig.types.tsbuildinfo +0 -1
- package/dist/types/index.d.ts +0 -10
- /package/{dist/es → lib}/build/ratchet-epsilon-deployment-info.js +0 -0
- /package/{dist/types → lib}/deployment/cdk/epsilon-api-stack-props.d.ts +0 -0
- /package/{dist/es → lib}/deployment/cdk/epsilon-api-stack-props.js +0 -0
- /package/{dist/es → lib}/deployment/cdk/epsilon-website-stack-props.js +0 -0
- /package/{dist/es/deployment/cdk/simple-additional-s3-website-mapping.js → lib/deployment/cdk/epsilon-website-stack.spec.d.ts} +0 -0
- /package/{dist/types → lib}/deployment/cdk/simple-additional-s3-website-mapping.d.ts +0 -0
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { BuildInformation } from '@bitblit/ratchet-common';
|
|
1
|
+
import { BuildInformation } from '@bitblit/ratchet-common/lib/build/build-information.js';
|
|
2
2
|
export declare class RatchetEpsilonDeploymentInfo {
|
|
3
3
|
private constructor();
|
|
4
4
|
static buildInformation(): BuildInformation;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Stack } from 'aws-cdk-lib';
|
|
2
2
|
import { Construct } from 'constructs';
|
|
3
|
-
import { EpsilonApiStackProps } from './epsilon-api-stack-props';
|
|
3
|
+
import { EpsilonApiStackProps } from './epsilon-api-stack-props.js';
|
|
4
4
|
export declare class EpsilonApiStack extends Stack {
|
|
5
5
|
private webHandler;
|
|
6
6
|
private backgroundHandler;
|
|
@@ -8,10 +8,13 @@ import { LambdaSubscription } from 'aws-cdk-lib/aws-sns-subscriptions';
|
|
|
8
8
|
import { Rule, Schedule } from 'aws-cdk-lib/aws-events';
|
|
9
9
|
import { LambdaFunction } from 'aws-cdk-lib/aws-events-targets';
|
|
10
10
|
import { DockerImageAsset } from 'aws-cdk-lib/aws-ecr-assets';
|
|
11
|
-
import { StringRatchet } from '@bitblit/ratchet-common';
|
|
12
|
-
import { EpsilonStackUtil } from './epsilon-stack-util';
|
|
13
|
-
import { RatchetEpsilonDeploymentInfo } from '../../build/ratchet-epsilon-deployment-info';
|
|
11
|
+
import { StringRatchet } from '@bitblit/ratchet-common/lib/lang/string-ratchet.js';
|
|
12
|
+
import { EpsilonStackUtil } from './epsilon-stack-util.js';
|
|
13
|
+
import { RatchetEpsilonDeploymentInfo } from '../../build/ratchet-epsilon-deployment-info.js';
|
|
14
14
|
export class EpsilonApiStack extends Stack {
|
|
15
|
+
webHandler;
|
|
16
|
+
backgroundHandler;
|
|
17
|
+
apiDomain;
|
|
15
18
|
constructor(scope, id, props) {
|
|
16
19
|
super(scope, id, props);
|
|
17
20
|
const dockerImageAsset = new DockerImageAsset(this, id + 'DockerImage', {
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { PolicyStatement } from 'aws-cdk-lib/aws-iam';
|
|
2
2
|
import { Topic } from 'aws-cdk-lib/aws-sns';
|
|
3
3
|
import { Queue } from 'aws-cdk-lib/aws-sqs';
|
|
4
|
-
import { EpsilonApiStackProps } from './epsilon-api-stack-props';
|
|
4
|
+
import { EpsilonApiStackProps } from './epsilon-api-stack-props.js';
|
|
5
5
|
export declare class EpsilonStackUtil {
|
|
6
6
|
private constructor();
|
|
7
7
|
static toEnvironmentVariables(input: Record<string, any>[]): any[];
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { StringRatchet } from '@bitblit/ratchet-common';
|
|
1
|
+
import { StringRatchet } from '@bitblit/ratchet-common/lib/lang/string-ratchet.js';
|
|
2
2
|
import { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';
|
|
3
3
|
export class EpsilonStackUtil {
|
|
4
4
|
constructor() { }
|
|
@@ -44,24 +44,24 @@ export class EpsilonStackUtil {
|
|
|
44
44
|
]);
|
|
45
45
|
return rval;
|
|
46
46
|
}
|
|
47
|
+
static ALLOW_ECS = new PolicyStatement({
|
|
48
|
+
effect: Effect.ALLOW,
|
|
49
|
+
actions: ['ecs:*'],
|
|
50
|
+
resources: ['*'],
|
|
51
|
+
});
|
|
52
|
+
static ALLOW_ECR = new PolicyStatement({
|
|
53
|
+
effect: Effect.ALLOW,
|
|
54
|
+
actions: ['ecr:BatchCheckLayerAvailability', 'ecr:BatchGetImage', 'ecr:GetDownloadUrlForLayer', 'ecr:GetAuthorizationToken'],
|
|
55
|
+
resources: ['*'],
|
|
56
|
+
});
|
|
57
|
+
static ALLOW_RESTRICTED_LOGS = new PolicyStatement({
|
|
58
|
+
effect: Effect.ALLOW,
|
|
59
|
+
actions: ['logs:CreateLogStream', 'logs:PutLogEvents', 'logs:DescribeLogStreams', 'logs:CreateLogGroup'],
|
|
60
|
+
resources: ['*'],
|
|
61
|
+
});
|
|
62
|
+
static ECS_POLICY_STATEMENTS = [
|
|
63
|
+
EpsilonStackUtil.ALLOW_ECS,
|
|
64
|
+
EpsilonStackUtil.ALLOW_ECR,
|
|
65
|
+
EpsilonStackUtil.ALLOW_RESTRICTED_LOGS,
|
|
66
|
+
];
|
|
47
67
|
}
|
|
48
|
-
EpsilonStackUtil.ALLOW_ECS = new PolicyStatement({
|
|
49
|
-
effect: Effect.ALLOW,
|
|
50
|
-
actions: ['ecs:*'],
|
|
51
|
-
resources: ['*'],
|
|
52
|
-
});
|
|
53
|
-
EpsilonStackUtil.ALLOW_ECR = new PolicyStatement({
|
|
54
|
-
effect: Effect.ALLOW,
|
|
55
|
-
actions: ['ecr:BatchCheckLayerAvailability', 'ecr:BatchGetImage', 'ecr:GetDownloadUrlForLayer', 'ecr:GetAuthorizationToken'],
|
|
56
|
-
resources: ['*'],
|
|
57
|
-
});
|
|
58
|
-
EpsilonStackUtil.ALLOW_RESTRICTED_LOGS = new PolicyStatement({
|
|
59
|
-
effect: Effect.ALLOW,
|
|
60
|
-
actions: ['logs:CreateLogStream', 'logs:PutLogEvents', 'logs:DescribeLogStreams', 'logs:CreateLogGroup'],
|
|
61
|
-
resources: ['*'],
|
|
62
|
-
});
|
|
63
|
-
EpsilonStackUtil.ECS_POLICY_STATEMENTS = [
|
|
64
|
-
EpsilonStackUtil.ALLOW_ECS,
|
|
65
|
-
EpsilonStackUtil.ALLOW_ECR,
|
|
66
|
-
EpsilonStackUtil.ALLOW_RESTRICTED_LOGS,
|
|
67
|
-
];
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { StackProps } from 'aws-cdk-lib';
|
|
2
|
-
import { SimpleAdditionalS3WebsiteMapping } from './simple-additional-s3-website-mapping';
|
|
2
|
+
import { SimpleAdditionalS3WebsiteMapping } from './simple-additional-s3-website-mapping.js';
|
|
3
3
|
export interface EpsilonWebsiteStackProps extends StackProps {
|
|
4
4
|
targetBucketName: string;
|
|
5
5
|
cloudFrontHttpsCertificateArn: string;
|
|
@@ -2,7 +2,7 @@ import { Bucket } from 'aws-cdk-lib/aws-s3';
|
|
|
2
2
|
import { Stack } from 'aws-cdk-lib';
|
|
3
3
|
import { Construct } from 'constructs';
|
|
4
4
|
import { SourceConfiguration } from 'aws-cdk-lib/aws-cloudfront';
|
|
5
|
-
import { EpsilonWebsiteStackProps } from './epsilon-website-stack-props';
|
|
5
|
+
import { EpsilonWebsiteStackProps } from './epsilon-website-stack-props.js';
|
|
6
6
|
export declare class EpsilonWebsiteStack extends Stack {
|
|
7
7
|
constructor(scope: Construct, id: string, props?: EpsilonWebsiteStackProps);
|
|
8
8
|
static extractApexDomain(domainName: string): string;
|
|
@@ -5,8 +5,9 @@ import { CloudFrontAllowedCachedMethods, CloudFrontAllowedMethods, CloudFrontWeb
|
|
|
5
5
|
import { HostedZone, RecordSet, RecordType } from 'aws-cdk-lib/aws-route53';
|
|
6
6
|
import { CloudFrontTarget } from 'aws-cdk-lib/aws-route53-targets';
|
|
7
7
|
import { BucketDeployment, Source } from 'aws-cdk-lib/aws-s3-deployment';
|
|
8
|
-
import { EpsilonWebsiteStackPropsRoute53Handling } from './epsilon-website-stack-props';
|
|
9
|
-
import {
|
|
8
|
+
import { EpsilonWebsiteStackPropsRoute53Handling } from './epsilon-website-stack-props.js';
|
|
9
|
+
import { StringRatchet } from '@bitblit/ratchet-common/lib/lang/string-ratchet.js';
|
|
10
|
+
import { ErrorRatchet } from '@bitblit/ratchet-common/lib/lang/error-ratchet.js';
|
|
10
11
|
export class EpsilonWebsiteStack extends Stack {
|
|
11
12
|
constructor(scope, id, props) {
|
|
12
13
|
super(scope, id, props);
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { EpsilonWebsiteStack } from './epsilon-website-stack.js';
|
|
2
|
+
describe('#epsilonWebsiteStack', function () {
|
|
3
|
+
it('should extract apex domains', async () => {
|
|
4
|
+
expect(EpsilonWebsiteStack.extractApexDomain('a.b.test.com')).toEqual('test.com');
|
|
5
|
+
expect(EpsilonWebsiteStack.extractApexDomain('www.test.com')).toEqual('test.com');
|
|
6
|
+
expect(EpsilonWebsiteStack.extractApexDomain('test.com')).toEqual('test.com');
|
|
7
|
+
}, 500);
|
|
8
|
+
});
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
package/lib/index.d.ts
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
package/lib/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
package/package.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@bitblit/ratchet-epsilon-deployment",
|
|
3
|
-
"version": "4.0.
|
|
3
|
+
"version": "4.0.103-alpha",
|
|
4
4
|
"description": "Epsilon CDK extensions to simplify deployment",
|
|
5
5
|
"sideEffects": false,
|
|
6
|
-
"
|
|
7
|
-
"module": "
|
|
8
|
-
"types": "./dist/types/index.d.ts",
|
|
6
|
+
"type": "module",
|
|
7
|
+
"module": "index.js",
|
|
9
8
|
"files": [
|
|
10
|
-
"
|
|
9
|
+
"lib/*",
|
|
10
|
+
"bin/*"
|
|
11
11
|
],
|
|
12
12
|
"contributors": [
|
|
13
13
|
"Christopher Weiss <bitblit@gmail.com>",
|
|
@@ -28,15 +28,13 @@
|
|
|
28
28
|
"config": {},
|
|
29
29
|
"scripts": {
|
|
30
30
|
"watch": "tsc-watch",
|
|
31
|
-
"clean": "shx rm -Rf
|
|
32
|
-
"test": "jest",
|
|
31
|
+
"clean": "shx rm -Rf lib",
|
|
32
|
+
"test": "cross-env NODE_OPTIONS=--experimental-vm-modules jest",
|
|
33
33
|
"lint": "eslint src/**/*.ts",
|
|
34
34
|
"lint-fix": "eslint --fix src/**/*.ts",
|
|
35
|
-
"
|
|
36
|
-
"
|
|
37
|
-
"build
|
|
38
|
-
"build:es": "tsc -p tsconfig.es.json",
|
|
39
|
-
"build:types": "tsc -p tsconfig.types.json"
|
|
35
|
+
"__generate-barrels": "barrelsby -q --delete -d src -e .*\\.spec\\.ts",
|
|
36
|
+
"__build": "yarn run generate-barrels && tsc",
|
|
37
|
+
"build": "tsc"
|
|
40
38
|
},
|
|
41
39
|
"repository": {
|
|
42
40
|
"type": "git",
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.RatchetEpsilonDeploymentInfo = void 0;
|
|
4
|
-
class RatchetEpsilonDeploymentInfo {
|
|
5
|
-
constructor() { }
|
|
6
|
-
static buildInformation() {
|
|
7
|
-
const val = {
|
|
8
|
-
version: 'LOCAL-SNAPSHOT',
|
|
9
|
-
hash: 'LOCAL-HASH',
|
|
10
|
-
branch: 'LOCAL-BRANCH',
|
|
11
|
-
tag: 'LOCAL-TAG',
|
|
12
|
-
timeBuiltISO: 'LOCAL-TIME-ISO',
|
|
13
|
-
notes: 'LOCAL-NOTES',
|
|
14
|
-
};
|
|
15
|
-
return val;
|
|
16
|
-
}
|
|
17
|
-
}
|
|
18
|
-
exports.RatchetEpsilonDeploymentInfo = RatchetEpsilonDeploymentInfo;
|
|
@@ -1,182 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.EpsilonApiStack = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const aws_batch_1 = require("aws-cdk-lib/aws-batch");
|
|
6
|
-
const aws_lambda_1 = require("aws-cdk-lib/aws-lambda");
|
|
7
|
-
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
8
|
-
const aws_sns_1 = require("aws-cdk-lib/aws-sns");
|
|
9
|
-
const aws_sqs_1 = require("aws-cdk-lib/aws-sqs");
|
|
10
|
-
const aws_sns_subscriptions_1 = require("aws-cdk-lib/aws-sns-subscriptions");
|
|
11
|
-
const aws_events_1 = require("aws-cdk-lib/aws-events");
|
|
12
|
-
const aws_events_targets_1 = require("aws-cdk-lib/aws-events-targets");
|
|
13
|
-
const aws_ecr_assets_1 = require("aws-cdk-lib/aws-ecr-assets");
|
|
14
|
-
const ratchet_common_1 = require("@bitblit/ratchet-common");
|
|
15
|
-
const epsilon_stack_util_1 = require("./epsilon-stack-util");
|
|
16
|
-
const ratchet_epsilon_deployment_info_1 = require("../../build/ratchet-epsilon-deployment-info");
|
|
17
|
-
class EpsilonApiStack extends aws_cdk_lib_1.Stack {
|
|
18
|
-
constructor(scope, id, props) {
|
|
19
|
-
super(scope, id, props);
|
|
20
|
-
const dockerImageAsset = new aws_ecr_assets_1.DockerImageAsset(this, id + 'DockerImage', {
|
|
21
|
-
directory: props.dockerFileFolder,
|
|
22
|
-
file: props.dockerFileName,
|
|
23
|
-
});
|
|
24
|
-
const dockerImageCode = aws_lambda_1.DockerImageCode.fromImageAsset(props.dockerFileFolder, { file: props.dockerFileName });
|
|
25
|
-
const notificationTopic = new aws_sns_1.Topic(this, id + 'WorkNotificationTopic');
|
|
26
|
-
const workQueue = new aws_sqs_1.Queue(this, id + 'WorkQueue', {
|
|
27
|
-
fifo: true,
|
|
28
|
-
retentionPeriod: aws_cdk_lib_1.Duration.hours(8),
|
|
29
|
-
visibilityTimeout: aws_cdk_lib_1.Duration.minutes(5),
|
|
30
|
-
contentBasedDeduplication: true,
|
|
31
|
-
...props,
|
|
32
|
-
});
|
|
33
|
-
const interApiGenericEventTopic = new aws_sns_1.Topic(this, id + 'InterApiTopic');
|
|
34
|
-
const epsilonEnv = {
|
|
35
|
-
EPSILON_AWS_REGION: ratchet_common_1.StringRatchet.safeString(aws_cdk_lib_1.Stack.of(this).region),
|
|
36
|
-
EPSILON_AWS_AVAILABILITY_ZONES: ratchet_common_1.StringRatchet.safeString(JSON.stringify(aws_cdk_lib_1.Stack.of(this).availabilityZones)),
|
|
37
|
-
EPSILON_BACKGROUND_SQS_QUEUE_URL: ratchet_common_1.StringRatchet.safeString(workQueue.queueUrl),
|
|
38
|
-
EPSILON_BACKGROUND_SNS_TOPIC_ARN: ratchet_common_1.StringRatchet.safeString(notificationTopic.topicArn),
|
|
39
|
-
EPSILON_INTER_API_EVENT_TOPIC_ARN: ratchet_common_1.StringRatchet.safeString(interApiGenericEventTopic.topicArn),
|
|
40
|
-
EPSILON_LIB_BUILD_HASH: ratchet_common_1.StringRatchet.safeString(ratchet_epsilon_deployment_info_1.RatchetEpsilonDeploymentInfo.buildInformation().hash),
|
|
41
|
-
EPSILON_LIB_BUILD_TIME: ratchet_common_1.StringRatchet.safeString(ratchet_epsilon_deployment_info_1.RatchetEpsilonDeploymentInfo.buildInformation().timeBuiltISO),
|
|
42
|
-
EPSILON_LIB_BUILD_BRANCH_OR_TAG: ratchet_common_1.StringRatchet.safeString(ratchet_epsilon_deployment_info_1.RatchetEpsilonDeploymentInfo.buildInformation().branch || ratchet_epsilon_deployment_info_1.RatchetEpsilonDeploymentInfo.buildInformation().tag),
|
|
43
|
-
EPSILON_LIB_BUILD_VERSION: ratchet_common_1.StringRatchet.safeString(ratchet_epsilon_deployment_info_1.RatchetEpsilonDeploymentInfo.buildInformation().version),
|
|
44
|
-
};
|
|
45
|
-
const env = Object.assign({}, props.extraEnvironmentalVars || {}, epsilonEnv);
|
|
46
|
-
const ecsRole = new aws_iam_1.Role(this, id + 'AwsEcsRole', {
|
|
47
|
-
assumedBy: new aws_iam_1.ServicePrincipal('ec2.amazonaws.com'),
|
|
48
|
-
inlinePolicies: {
|
|
49
|
-
root: new aws_iam_1.PolicyDocument({
|
|
50
|
-
statements: epsilon_stack_util_1.EpsilonStackUtil.ECS_POLICY_STATEMENTS,
|
|
51
|
-
}),
|
|
52
|
-
},
|
|
53
|
-
});
|
|
54
|
-
const ecsInstanceProfile = new aws_iam_1.CfnInstanceProfile(this, id + 'EcsInstanceProfile', {
|
|
55
|
-
path: '/',
|
|
56
|
-
roles: [ecsRole.roleName],
|
|
57
|
-
});
|
|
58
|
-
const jobRole = new aws_iam_1.Role(this, id + 'AwsBatchRole', {
|
|
59
|
-
assumedBy: new aws_iam_1.ServicePrincipal('ecs-tasks.amazonaws.com'),
|
|
60
|
-
managedPolicies: [aws_iam_1.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaVPCAccessExecutionRole')],
|
|
61
|
-
inlinePolicies: {
|
|
62
|
-
root: new aws_iam_1.PolicyDocument({
|
|
63
|
-
statements: epsilon_stack_util_1.EpsilonStackUtil.createDefaultPolicyStatementList(props, workQueue, notificationTopic, interApiGenericEventTopic),
|
|
64
|
-
}),
|
|
65
|
-
},
|
|
66
|
-
});
|
|
67
|
-
const compEnvProps = {
|
|
68
|
-
replaceComputeEnvironment: false,
|
|
69
|
-
computeResources: {
|
|
70
|
-
minvCpus: 0,
|
|
71
|
-
maxvCpus: 16,
|
|
72
|
-
instanceTypes: ['optimal'],
|
|
73
|
-
instanceRole: ecsInstanceProfile.attrArn,
|
|
74
|
-
ec2KeyPair: props.batchInstancesEc2KeyPairName,
|
|
75
|
-
type: 'EC2',
|
|
76
|
-
subnets: props.vpcSubnetIds.map((s) => 'subnet-' + s),
|
|
77
|
-
securityGroupIds: props.lambdaSecurityGroupIds.map((s) => 'sg-' + s),
|
|
78
|
-
allocationStrategy: 'BEST_FIT',
|
|
79
|
-
},
|
|
80
|
-
serviceRole: 'arn:aws:iam::' + props.env.account + ':role/AWSBatchServiceRole',
|
|
81
|
-
type: 'MANAGED',
|
|
82
|
-
state: 'ENABLED',
|
|
83
|
-
};
|
|
84
|
-
const compEnv = new aws_batch_1.CfnComputeEnvironment(this, id + 'ComputeEnv', compEnvProps);
|
|
85
|
-
const batchJobQueueProps = {
|
|
86
|
-
state: 'ENABLED',
|
|
87
|
-
priority: 1,
|
|
88
|
-
computeEnvironmentOrder: [
|
|
89
|
-
{
|
|
90
|
-
computeEnvironment: compEnv.attrComputeEnvironmentArn,
|
|
91
|
-
order: 1,
|
|
92
|
-
},
|
|
93
|
-
],
|
|
94
|
-
tags: {
|
|
95
|
-
tagsKey: id,
|
|
96
|
-
},
|
|
97
|
-
};
|
|
98
|
-
const batchJobQueue = new aws_batch_1.CfnJobQueue(this, id + 'BatchJobQueue', batchJobQueueProps);
|
|
99
|
-
const batchEnvVars = epsilon_stack_util_1.EpsilonStackUtil.toEnvironmentVariables([
|
|
100
|
-
env,
|
|
101
|
-
props.extraEnvironmentalVars || {},
|
|
102
|
-
{
|
|
103
|
-
EPSILON_RUNNING_IN_AWS_BATCH: true,
|
|
104
|
-
},
|
|
105
|
-
]);
|
|
106
|
-
const jobProps = {
|
|
107
|
-
type: 'container',
|
|
108
|
-
platformCapabilities: ['EC2'],
|
|
109
|
-
containerProperties: {
|
|
110
|
-
mountPoints: [],
|
|
111
|
-
volumes: [],
|
|
112
|
-
memory: 4294,
|
|
113
|
-
privileged: false,
|
|
114
|
-
jobRoleArn: jobRole.roleArn,
|
|
115
|
-
readonlyRootFilesystem: false,
|
|
116
|
-
vcpus: 1,
|
|
117
|
-
image: dockerImageAsset.imageUri,
|
|
118
|
-
command: ['Ref::taskName', 'Ref::taskData', 'Ref::traceId', 'Ref::traceDepth'],
|
|
119
|
-
environment: batchEnvVars,
|
|
120
|
-
},
|
|
121
|
-
};
|
|
122
|
-
const jobDef = new aws_batch_1.CfnJobDefinition(this, id + 'JobDefinition', jobProps);
|
|
123
|
-
const lambdaRole = new aws_iam_1.Role(this, 'customRole', {
|
|
124
|
-
roleName: id + 'LambdaCustomRole',
|
|
125
|
-
assumedBy: new aws_iam_1.ServicePrincipal('lambda.amazonaws.com'),
|
|
126
|
-
managedPolicies: [aws_iam_1.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaVPCAccessExecutionRole')],
|
|
127
|
-
inlinePolicies: {
|
|
128
|
-
root: new aws_iam_1.PolicyDocument({
|
|
129
|
-
statements: epsilon_stack_util_1.EpsilonStackUtil.createDefaultPolicyStatementList(props, workQueue, notificationTopic, interApiGenericEventTopic),
|
|
130
|
-
}),
|
|
131
|
-
},
|
|
132
|
-
});
|
|
133
|
-
env['EPSILON_AWS_BATCH_JOB_DEFINITION_ARN'] = jobDef.ref;
|
|
134
|
-
env['EPSILON_AWS_BATCH_JOB_QUEUE_ARN'] = batchJobQueue.ref;
|
|
135
|
-
this.webHandler = new aws_lambda_1.DockerImageFunction(this, id + 'Web', {
|
|
136
|
-
retryAttempts: 2,
|
|
137
|
-
memorySize: props.webMemorySizeMb || 128,
|
|
138
|
-
ephemeralStorageSize: aws_cdk_lib_1.Size.mebibytes(512),
|
|
139
|
-
timeout: aws_cdk_lib_1.Duration.seconds(props.webTimeoutSeconds || 20),
|
|
140
|
-
code: dockerImageCode,
|
|
141
|
-
role: lambdaRole,
|
|
142
|
-
environment: env,
|
|
143
|
-
});
|
|
144
|
-
if ((props === null || props === void 0 ? void 0 : props.webLambdaPingMinutes) && props.webLambdaPingMinutes > 0) {
|
|
145
|
-
const rule = new aws_events_1.Rule(this, id + 'WebKeepaliveRule', {
|
|
146
|
-
schedule: aws_events_1.Schedule.rate(aws_cdk_lib_1.Duration.minutes(Math.ceil(props.webLambdaPingMinutes))),
|
|
147
|
-
});
|
|
148
|
-
rule.addTarget(new aws_events_targets_1.LambdaFunction(this.webHandler));
|
|
149
|
-
}
|
|
150
|
-
const fnUrl = this.webHandler.addFunctionUrl({
|
|
151
|
-
authType: aws_lambda_1.FunctionUrlAuthType.NONE,
|
|
152
|
-
cors: {
|
|
153
|
-
allowedOrigins: ['*'],
|
|
154
|
-
allowedHeaders: ['Content-Type', 'X-Amz-Date', 'Authorization', 'X-Api-Key'],
|
|
155
|
-
allowedMethods: [aws_lambda_1.HttpMethod.ALL],
|
|
156
|
-
allowCredentials: true,
|
|
157
|
-
},
|
|
158
|
-
});
|
|
159
|
-
this.backgroundHandler = new aws_lambda_1.DockerImageFunction(this, id + 'Background', {
|
|
160
|
-
retryAttempts: 2,
|
|
161
|
-
memorySize: props.backgroundMemorySizeMb || 3000,
|
|
162
|
-
ephemeralStorageSize: aws_cdk_lib_1.Size.mebibytes(512),
|
|
163
|
-
timeout: aws_cdk_lib_1.Duration.seconds(props.backgroundTimeoutSeconds || 900),
|
|
164
|
-
code: dockerImageCode,
|
|
165
|
-
role: lambdaRole,
|
|
166
|
-
environment: env,
|
|
167
|
-
});
|
|
168
|
-
notificationTopic.addSubscription(new aws_sns_subscriptions_1.LambdaSubscription(this.backgroundHandler));
|
|
169
|
-
interApiGenericEventTopic.addSubscription(new aws_sns_subscriptions_1.LambdaSubscription(this.backgroundHandler));
|
|
170
|
-
const rule = new aws_events_1.Rule(this, id + 'CronRule', {
|
|
171
|
-
schedule: aws_events_1.Schedule.rate(aws_cdk_lib_1.Duration.minutes(1)),
|
|
172
|
-
});
|
|
173
|
-
rule.addTarget(new aws_events_targets_1.LambdaFunction(this.backgroundHandler));
|
|
174
|
-
this.apiDomain = aws_cdk_lib_1.Lazy.uncachedString({
|
|
175
|
-
produce: (context) => {
|
|
176
|
-
const resolved = context.resolve(fnUrl.url);
|
|
177
|
-
return { 'Fn::Select': [2, { 'Fn::Split': ['/', resolved] }] };
|
|
178
|
-
},
|
|
179
|
-
});
|
|
180
|
-
}
|
|
181
|
-
}
|
|
182
|
-
exports.EpsilonApiStack = EpsilonApiStack;
|
|
@@ -1,71 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.EpsilonStackUtil = void 0;
|
|
4
|
-
const ratchet_common_1 = require("@bitblit/ratchet-common");
|
|
5
|
-
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
6
|
-
class EpsilonStackUtil {
|
|
7
|
-
constructor() { }
|
|
8
|
-
static toEnvironmentVariables(input) {
|
|
9
|
-
const rval = [];
|
|
10
|
-
input.forEach((inval) => {
|
|
11
|
-
Object.keys(inval).forEach((k) => {
|
|
12
|
-
rval.push({
|
|
13
|
-
name: k,
|
|
14
|
-
value: ratchet_common_1.StringRatchet.safeString(inval[k]),
|
|
15
|
-
});
|
|
16
|
-
});
|
|
17
|
-
});
|
|
18
|
-
return rval;
|
|
19
|
-
}
|
|
20
|
-
static createDefaultPolicyStatementList(props, backgroundLambdaSqs, backgroundLambdaSns, interApiSns) {
|
|
21
|
-
const rval = (props.additionalPolicyStatements || []).concat([
|
|
22
|
-
new aws_iam_1.PolicyStatement({
|
|
23
|
-
effect: aws_iam_1.Effect.ALLOW,
|
|
24
|
-
actions: ['logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents'],
|
|
25
|
-
resources: ['arn:aws:logs:*:*:*'],
|
|
26
|
-
}),
|
|
27
|
-
new aws_iam_1.PolicyStatement({
|
|
28
|
-
effect: aws_iam_1.Effect.ALLOW,
|
|
29
|
-
actions: ['ses:SendEmail', 'ses:SendRawEmail'],
|
|
30
|
-
resources: ['arn:aws:ses:*'],
|
|
31
|
-
}),
|
|
32
|
-
new aws_iam_1.PolicyStatement({
|
|
33
|
-
effect: aws_iam_1.Effect.ALLOW,
|
|
34
|
-
actions: ['sqs:*'],
|
|
35
|
-
resources: [backgroundLambdaSqs.queueArn],
|
|
36
|
-
}),
|
|
37
|
-
new aws_iam_1.PolicyStatement({
|
|
38
|
-
effect: aws_iam_1.Effect.ALLOW,
|
|
39
|
-
actions: ['sns:*'],
|
|
40
|
-
resources: [backgroundLambdaSns.topicArn, interApiSns.topicArn],
|
|
41
|
-
}),
|
|
42
|
-
new aws_iam_1.PolicyStatement({
|
|
43
|
-
effect: aws_iam_1.Effect.ALLOW,
|
|
44
|
-
actions: ['batch:*'],
|
|
45
|
-
resources: ['*'],
|
|
46
|
-
}),
|
|
47
|
-
]);
|
|
48
|
-
return rval;
|
|
49
|
-
}
|
|
50
|
-
}
|
|
51
|
-
exports.EpsilonStackUtil = EpsilonStackUtil;
|
|
52
|
-
EpsilonStackUtil.ALLOW_ECS = new aws_iam_1.PolicyStatement({
|
|
53
|
-
effect: aws_iam_1.Effect.ALLOW,
|
|
54
|
-
actions: ['ecs:*'],
|
|
55
|
-
resources: ['*'],
|
|
56
|
-
});
|
|
57
|
-
EpsilonStackUtil.ALLOW_ECR = new aws_iam_1.PolicyStatement({
|
|
58
|
-
effect: aws_iam_1.Effect.ALLOW,
|
|
59
|
-
actions: ['ecr:BatchCheckLayerAvailability', 'ecr:BatchGetImage', 'ecr:GetDownloadUrlForLayer', 'ecr:GetAuthorizationToken'],
|
|
60
|
-
resources: ['*'],
|
|
61
|
-
});
|
|
62
|
-
EpsilonStackUtil.ALLOW_RESTRICTED_LOGS = new aws_iam_1.PolicyStatement({
|
|
63
|
-
effect: aws_iam_1.Effect.ALLOW,
|
|
64
|
-
actions: ['logs:CreateLogStream', 'logs:PutLogEvents', 'logs:DescribeLogStreams', 'logs:CreateLogGroup'],
|
|
65
|
-
resources: ['*'],
|
|
66
|
-
});
|
|
67
|
-
EpsilonStackUtil.ECS_POLICY_STATEMENTS = [
|
|
68
|
-
EpsilonStackUtil.ALLOW_ECS,
|
|
69
|
-
EpsilonStackUtil.ALLOW_ECR,
|
|
70
|
-
EpsilonStackUtil.ALLOW_RESTRICTED_LOGS,
|
|
71
|
-
];
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.EpsilonWebsiteStackPropsRoute53Handling = void 0;
|
|
4
|
-
var EpsilonWebsiteStackPropsRoute53Handling;
|
|
5
|
-
(function (EpsilonWebsiteStackPropsRoute53Handling) {
|
|
6
|
-
EpsilonWebsiteStackPropsRoute53Handling["Update"] = "Update";
|
|
7
|
-
EpsilonWebsiteStackPropsRoute53Handling["DoNotUpdate"] = "DoNotUpdate";
|
|
8
|
-
})(EpsilonWebsiteStackPropsRoute53Handling = exports.EpsilonWebsiteStackPropsRoute53Handling || (exports.EpsilonWebsiteStackPropsRoute53Handling = {}));
|
|
@@ -1,157 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.EpsilonWebsiteStack = void 0;
|
|
4
|
-
const tslib_1 = require("tslib");
|
|
5
|
-
const aws_s3_1 = require("aws-cdk-lib/aws-s3");
|
|
6
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
7
|
-
const path_1 = tslib_1.__importDefault(require("path"));
|
|
8
|
-
const aws_cloudfront_1 = require("aws-cdk-lib/aws-cloudfront");
|
|
9
|
-
const aws_route53_1 = require("aws-cdk-lib/aws-route53");
|
|
10
|
-
const aws_route53_targets_1 = require("aws-cdk-lib/aws-route53-targets");
|
|
11
|
-
const aws_s3_deployment_1 = require("aws-cdk-lib/aws-s3-deployment");
|
|
12
|
-
const epsilon_website_stack_props_1 = require("./epsilon-website-stack-props");
|
|
13
|
-
const ratchet_common_1 = require("@bitblit/ratchet-common");
|
|
14
|
-
class EpsilonWebsiteStack extends aws_cdk_lib_1.Stack {
|
|
15
|
-
constructor(scope, id, props) {
|
|
16
|
-
var _a;
|
|
17
|
-
super(scope, id, props);
|
|
18
|
-
const originAccessId = new aws_cloudfront_1.OriginAccessIdentity(this, id + 'OriginAccessId');
|
|
19
|
-
const websiteBucket = new aws_s3_1.Bucket(this, id + 'DeployBucket', {
|
|
20
|
-
bucketName: props.targetBucketName,
|
|
21
|
-
versioned: false,
|
|
22
|
-
publicReadAccess: false,
|
|
23
|
-
encryption: aws_s3_1.BucketEncryption.S3_MANAGED,
|
|
24
|
-
});
|
|
25
|
-
const extraBucketAndSource = (props.simpleAdditionalMappings || []).map((eb) => {
|
|
26
|
-
const nextBucket = new aws_s3_1.Bucket(this, eb.bucketName + 'DeployBucket', {
|
|
27
|
-
bucketName: eb.bucketName,
|
|
28
|
-
versioned: false,
|
|
29
|
-
publicReadAccess: false,
|
|
30
|
-
encryption: aws_s3_1.BucketEncryption.S3_MANAGED,
|
|
31
|
-
});
|
|
32
|
-
const nextBS = {
|
|
33
|
-
bucket: nextBucket,
|
|
34
|
-
sourceConfig: {
|
|
35
|
-
s3OriginSource: {
|
|
36
|
-
s3BucketSource: nextBucket,
|
|
37
|
-
originAccessIdentity: originAccessId,
|
|
38
|
-
},
|
|
39
|
-
behaviors: [
|
|
40
|
-
{
|
|
41
|
-
pathPattern: eb.pathPattern,
|
|
42
|
-
isDefaultBehavior: false,
|
|
43
|
-
compress: true,
|
|
44
|
-
defaultTtl: aws_cdk_lib_1.Duration.seconds(1),
|
|
45
|
-
minTtl: aws_cdk_lib_1.Duration.seconds(1),
|
|
46
|
-
maxTtl: aws_cdk_lib_1.Duration.seconds(1),
|
|
47
|
-
forwardedValues: {
|
|
48
|
-
queryString: false,
|
|
49
|
-
},
|
|
50
|
-
},
|
|
51
|
-
],
|
|
52
|
-
},
|
|
53
|
-
};
|
|
54
|
-
return nextBS;
|
|
55
|
-
});
|
|
56
|
-
const assetSource = {
|
|
57
|
-
s3OriginSource: {
|
|
58
|
-
s3BucketSource: websiteBucket,
|
|
59
|
-
originAccessIdentity: originAccessId,
|
|
60
|
-
},
|
|
61
|
-
behaviors: [
|
|
62
|
-
{
|
|
63
|
-
isDefaultBehavior: true,
|
|
64
|
-
compress: true,
|
|
65
|
-
defaultTtl: aws_cdk_lib_1.Duration.seconds(1),
|
|
66
|
-
minTtl: aws_cdk_lib_1.Duration.seconds(1),
|
|
67
|
-
maxTtl: aws_cdk_lib_1.Duration.seconds(1),
|
|
68
|
-
forwardedValues: {
|
|
69
|
-
queryString: false,
|
|
70
|
-
},
|
|
71
|
-
},
|
|
72
|
-
],
|
|
73
|
-
};
|
|
74
|
-
const apiSource = {
|
|
75
|
-
customOriginSource: {
|
|
76
|
-
domainName: props.apiDomainName,
|
|
77
|
-
originProtocolPolicy: aws_cloudfront_1.OriginProtocolPolicy.HTTPS_ONLY,
|
|
78
|
-
},
|
|
79
|
-
behaviors: [
|
|
80
|
-
{
|
|
81
|
-
compress: true,
|
|
82
|
-
forwardedValues: {
|
|
83
|
-
queryString: true,
|
|
84
|
-
cookies: {
|
|
85
|
-
forward: 'whitelist',
|
|
86
|
-
whitelistedNames: ['idToken'],
|
|
87
|
-
},
|
|
88
|
-
headers: ['Accept', 'Referer', 'Authorization', 'Content-Type'],
|
|
89
|
-
},
|
|
90
|
-
pathPattern: 'graphql',
|
|
91
|
-
defaultTtl: aws_cdk_lib_1.Duration.seconds(0),
|
|
92
|
-
maxTtl: aws_cdk_lib_1.Duration.seconds(0),
|
|
93
|
-
minTtl: aws_cdk_lib_1.Duration.seconds(0),
|
|
94
|
-
allowedMethods: aws_cloudfront_1.CloudFrontAllowedMethods.ALL,
|
|
95
|
-
cachedMethods: aws_cloudfront_1.CloudFrontAllowedCachedMethods.GET_HEAD,
|
|
96
|
-
},
|
|
97
|
-
],
|
|
98
|
-
};
|
|
99
|
-
const distributionProps = {
|
|
100
|
-
httpVersion: aws_cloudfront_1.HttpVersion.HTTP2,
|
|
101
|
-
defaultRootObject: 'index.html',
|
|
102
|
-
originConfigs: [assetSource, apiSource, ...extraBucketAndSource.map((s) => s.sourceConfig)],
|
|
103
|
-
errorConfigurations: [
|
|
104
|
-
{
|
|
105
|
-
errorCode: 404,
|
|
106
|
-
errorCachingMinTtl: 300,
|
|
107
|
-
responseCode: 200,
|
|
108
|
-
responsePagePath: '/index.html',
|
|
109
|
-
},
|
|
110
|
-
{
|
|
111
|
-
errorCode: 403,
|
|
112
|
-
errorCachingMinTtl: 300,
|
|
113
|
-
responseCode: 200,
|
|
114
|
-
responsePagePath: '/index.html',
|
|
115
|
-
},
|
|
116
|
-
],
|
|
117
|
-
priceClass: aws_cloudfront_1.PriceClass.PRICE_CLASS_ALL,
|
|
118
|
-
viewerProtocolPolicy: aws_cloudfront_1.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
|
|
119
|
-
viewerCertificate: {
|
|
120
|
-
aliases: props.cloudFrontDomainNames,
|
|
121
|
-
props: {
|
|
122
|
-
acmCertificateArn: props.cloudFrontHttpsCertificateArn,
|
|
123
|
-
sslSupportMethod: 'sni-only',
|
|
124
|
-
},
|
|
125
|
-
},
|
|
126
|
-
};
|
|
127
|
-
const cloudfrontDistro = new aws_cloudfront_1.CloudFrontWebDistribution(this, id + 'CloudfrontDistro', distributionProps);
|
|
128
|
-
if ((props === null || props === void 0 ? void 0 : props.route53Handling) === epsilon_website_stack_props_1.EpsilonWebsiteStackPropsRoute53Handling.Update) {
|
|
129
|
-
if ((_a = props === null || props === void 0 ? void 0 : props.cloudFrontDomainNames) === null || _a === void 0 ? void 0 : _a.length) {
|
|
130
|
-
for (let i = 0; i < props.cloudFrontDomainNames.length; i++) {
|
|
131
|
-
const domain = new aws_route53_1.RecordSet(this, id + 'DomainName-' + props.cloudFrontDomainNames[i], {
|
|
132
|
-
recordType: aws_route53_1.RecordType.A,
|
|
133
|
-
recordName: props.cloudFrontDomainNames[i],
|
|
134
|
-
target: {
|
|
135
|
-
aliasTarget: new aws_route53_targets_1.CloudFrontTarget(cloudfrontDistro),
|
|
136
|
-
},
|
|
137
|
-
zone: aws_route53_1.HostedZone.fromLookup(this, id, { domainName: EpsilonWebsiteStack.extractApexDomain(props.cloudFrontDomainNames[i]) }),
|
|
138
|
-
});
|
|
139
|
-
}
|
|
140
|
-
}
|
|
141
|
-
}
|
|
142
|
-
new aws_s3_deployment_1.BucketDeployment(this, id + 'SiteDeploy', {
|
|
143
|
-
sources: props.pathsToAssets.map((inPath) => aws_s3_deployment_1.Source.asset(path_1.default.resolve(inPath))),
|
|
144
|
-
destinationBucket: websiteBucket,
|
|
145
|
-
distribution: cloudfrontDistro,
|
|
146
|
-
distributionPaths: ['/*'],
|
|
147
|
-
});
|
|
148
|
-
}
|
|
149
|
-
static extractApexDomain(domainName) {
|
|
150
|
-
const pieces = ratchet_common_1.StringRatchet.trimToEmpty(domainName).split('.');
|
|
151
|
-
if (pieces.length < 2) {
|
|
152
|
-
ratchet_common_1.ErrorRatchet.throwFormattedErr('Not a valid domain name : %s', domainName);
|
|
153
|
-
}
|
|
154
|
-
return pieces[pieces.length - 2] + '.' + pieces[pieces.length - 1];
|
|
155
|
-
}
|
|
156
|
-
}
|
|
157
|
-
exports.EpsilonWebsiteStack = EpsilonWebsiteStack;
|
package/dist/cjs/index.js
DELETED
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
const tslib_1 = require("tslib");
|
|
4
|
-
tslib_1.__exportStar(require("./build/ratchet-epsilon-deployment-info"), exports);
|
|
5
|
-
tslib_1.__exportStar(require("./deployment/cdk/epsilon-api-stack-props"), exports);
|
|
6
|
-
tslib_1.__exportStar(require("./deployment/cdk/epsilon-api-stack"), exports);
|
|
7
|
-
tslib_1.__exportStar(require("./deployment/cdk/epsilon-stack-util"), exports);
|
|
8
|
-
tslib_1.__exportStar(require("./deployment/cdk/epsilon-website-stack-props"), exports);
|
|
9
|
-
tslib_1.__exportStar(require("./deployment/cdk/epsilon-website-stack"), exports);
|
|
10
|
-
tslib_1.__exportStar(require("./deployment/cdk/simple-additional-s3-website-mapping"), exports);
|