@byaga/cdk-patterns 0.6.1 → 0.7.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@byaga/cdk-patterns",
-  "version": "0.6.1",
+  "version": "0.7.0",
   "description": "Collection of common patterns used when making AWS CloudFormation templates using CDK",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
@@ -15,9 +15,11 @@
   "author": "VeryFineHat",
   "license": "MIT",
   "dependencies": {
+    "@types/fs-extra": "^11.0.2",
     "aws-cdk": "^2.92.0",
     "aws-cdk-lib": "^2.92.0",
-    "constructs": "^10.2.69"
+    "constructs": "^10.2.69",
+    "fs-extra": "^11.1.1"
   },
   "devDependencies": {
     "@types/node": "^20.5.0",

package/src/ApiCertificate.ts

@@ -1,31 +1,31 @@
 import {Certificate, CertificateValidation} from "aws-cdk-lib/aws-certificatemanager";
 import {HostedZone, IHostedZone} from "aws-cdk-lib/aws-route53";
-import {CfnOutput} from "aws-cdk-lib";
-import IDeployStack from "./IDeployStack";
+import {Output} from "./Output";
+import DeployStack from "./DeployStack";
 import IDomainConfig from "./IDomainConfig";
 
 export class ApiCertificate extends Certificate {
     hostedZone: IHostedZone
     domain: string
 
-    constructor(stack: IDeployStack, id: string, domain: IDomainConfig) {
+    constructor(stack: DeployStack, id: string, domain: IDomainConfig) {
         const certDomain = [domain.domainName]
         if (domain.subdomain) certDomain.splice(0, 0, domain.subdomain)
         const domainName = certDomain.join('.')
 
+        console.log('Getting Hosted Zone', domain.hostedZone.name)
         const hostedZone: IHostedZone = HostedZone.fromHostedZoneAttributes(stack, stack.genId(id, 'hosted-zone'), {
             hostedZoneId: domain.hostedZone.id,
             zoneName: domain.hostedZone.name
         })
+        console.log('Defining Certificate For', domainName)
         super(stack, stack.genId(id), {
             domainName,
             validation: CertificateValidation.fromDns(hostedZone)
         });
 
         this.domain = domainName
-        new CfnOutput(this, stack.genId(id, "certificate-output"), {
-            value: this.certificateArn ,
-            exportName: stack.genName(id)})
+        new Output(stack, id, this.certificateArn)
         this.hostedZone = hostedZone
     }
 }

package/src/{IDeployStack.ts → DeployStack.ts}

@@ -2,17 +2,17 @@ import {Stack} from 'aws-cdk-lib';
 import IStackArguments from './IStackArguments'
 import {IConstruct} from "constructs";
 
-export class IDeployStack extends Stack {
+export class DeployStack extends Stack {
     registry: { [t: string]: { [n: string]: any } } = {}
     stage: string
     name: string
 
     genName(...name: string[]): string {
-        return IDeployStack.genStackResourceName(this.name, this.stage, name.filter(n => !!n).join('-'))
+        return DeployStack.genStackResourceName(this.name, this.stage, name.filter(n => !!n).join('-'))
     }
 
     genId(...name: string[]): string {
-        return IDeployStack.genStackResourceId(this.name, this.stage, name.filter(n => !!n).join('-'))
+        return DeployStack.genStackResourceId(this.name, this.stage, name.filter(n => !!n).join('-'))
     }
 
     static genStackResourceName(stackName: string, resource: string, stage = 'develop') {
@@ -53,4 +53,4 @@ export class IDeployStack extends Stack {
         return instance;
     }
 }
-export default IDeployStack
+export default DeployStack

package/src/Output.ts

@@ -0,0 +1,11 @@
+import {CfnOutput} from 'aws-cdk-lib/core';
+import {DeployStack} from './DeployStack';
+
+export class Output extends CfnOutput {
+    constructor(stack: DeployStack, name: string, value: string) {
+        super(stack, stack.genId(name, 'output'), {
+            value,
+            exportName: stack.genName(name)
+        })
+    }
+}

package/src/Role.ts

@@ -1,6 +1,7 @@
 import {FederatedPrincipal, IPrincipal, Role as CdkRole} from "aws-cdk-lib/aws-iam";
-import {CfnOutput, Duration} from "aws-cdk-lib";
-import {IDeployStack} from "./IDeployStack";
+import {Duration} from "aws-cdk-lib";
+import {Output} from './Output'
+import {DeployStack} from "./DeployStack";
 import {IManagedPolicy} from "aws-cdk-lib/aws-iam/lib/managed-policy";
 import {PolicyDocument} from "aws-cdk-lib/aws-iam/lib/policy-document";
 
@@ -137,7 +138,7 @@ interface IRoleProps {
 }
 
 export class Role extends CdkRole {
-    constructor(stack: IDeployStack, id: string, props: IRoleProps) {
+    constructor(stack: DeployStack, id: string, props: IRoleProps) {
         console.log('Defining Role', stack.genId(id))
         if (!props.assumedBy) {
             props.assumedBy = new FederatedPrincipal(
@@ -159,9 +160,6 @@ export class Role extends CdkRole {
             roleName: stack.genName(props.roleName || id),
             assumedBy: props.assumedBy
         })
-        new CfnOutput(stack, stack.genId(id, 'arn-output'), {
-            value: this.roleArn,
-            exportName: stack.genName(id, 'arn')
-        })
+        new Output(stack, `${id}-arn`, this.roleArn)
     }
 }

package/src/StaticWebSite.ts

@@ -0,0 +1,99 @@
+import {RemovalPolicy} from "aws-cdk-lib/core";
+import {Output} from './Output'
+import {DeployStack} from "./DeployStack";
+import {execSync} from "child_process";
+import * as fs from 'fs-extra'
+import * as path from 'path'
+import {Bucket} from "aws-cdk-lib/aws-s3"
+import {BucketDeployment, Source} from "aws-cdk-lib/aws-s3-deployment"
+import ApiCertificate from "./ApiCertificate";
+import {
+    CloudFrontAllowedMethods,
+    CloudFrontWebDistribution,
+    OriginAccessIdentity,
+    SSLMethod,
+    ViewerCertificate,
+    ViewerProtocolPolicy
+} from "aws-cdk-lib/aws-cloudfront"
+import IDomainConfig from "./IDomainConfig";
+import {PolicyStatement} from "aws-cdk-lib/aws-iam";
+import {ARecord, RecordTarget} from "aws-cdk-lib/aws-route53";
+import {CloudFrontTarget} from "aws-cdk-lib/aws-route53-targets";
+
+interface StaticWebSiteConfig {
+    srcDir?: string,
+    domain: IDomainConfig,
+    env: NodeJS.ProcessEnv
+}
+
+export class StaticWebSite {
+    constructor(stack: DeployStack, id: string, props: StaticWebSiteConfig) {
+        console.log('Deploying Static Web Site', id)
+        const srcDir = path.resolve("../src/", props.srcDir || '')
+        const buildDir = path.resolve("../dist/", props.srcDir || '')
+
+        console.log('Installing Prod Dependencies', id)
+        execSync('npm i --production --quiet', {
+            cwd: srcDir
+        })
+        console.log('Building UI Source', id)
+        execSync('npm run export', {
+            cwd: srcDir,
+            //env: props.env
+        })
+        fs.copySync(path.resolve(srcDir, "./out"), buildDir);
+
+        console.log('Creating HTTPS Certificate', id + '-certificate')
+        const certificate = new ApiCertificate(stack, id + '-certificate', props.domain);
+        console.log('Deploying Site Content Bucket', stack.genId(id, "content-bucket"))
+        const s3BucketSource = new Bucket(stack, stack.genId(id, "content-bucket"), {
+            bucketName: certificate.domain,
+            websiteIndexDocument: "index.html",
+            websiteErrorDocument: "error.html",
+            publicReadAccess: true,
+            removalPolicy: RemovalPolicy.DESTROY,
+            autoDeleteObjects: true
+        });
+        new Output(stack, `${id}-content-bucket`, s3BucketSource.bucketName);
+
+        const cloudFrontPolicy = new PolicyStatement({
+            actions: ['s3:GetBucket*', 's3:GetObject*', 's3:List*'],
+            resources: [s3BucketSource.bucketArn, s3BucketSource.bucketArn + '/*'],
+        })
+
+        new BucketDeployment(stack, stack.genId(id, 'bucket-deployment'), {
+            sources: [Source.asset(buildDir)],
+            destinationBucket: s3BucketSource
+        })
+        const originAccessIdentity = new OriginAccessIdentity(stack, "WebsiteOAI");
+         cloudFrontPolicy.addArnPrincipal(originAccessIdentity.cloudFrontOriginAccessIdentityS3CanonicalUserId)
+
+        const distro = new CloudFrontWebDistribution(stack, stack.genId(id, 'cloudfront-web-distribution'), {
+            enabled: true,
+            //priceClass:
+             originConfigs: [{
+                 s3OriginSource: {
+                     s3BucketSource,
+                     originAccessIdentity
+                 },
+                 behaviors: [{
+                     allowedMethods: CloudFrontAllowedMethods.GET_HEAD_OPTIONS,
+                     isDefaultBehavior: true
+                 }]
+             }],
+            viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+            viewerCertificate: ViewerCertificate.fromAcmCertificate(certificate, {
+                aliases: [certificate.domain],
+                sslMethod: SSLMethod.SNI
+            })
+        })
+        new Output(stack, `${id}-base-url`, "https://" + certificate.domain);
+
+        console.log('Setting Route53 A-Name Record', props.domain.domainName)
+         new ARecord(stack, stack.genId('alias'), {
+             zone: certificate.hostedZone,
+             recordName: certificate.domain,
+             target: RecordTarget.fromAlias(new CloudFrontTarget(distro))
+         })
+    }
+}

package/src/index.ts

@@ -1,6 +1,8 @@
 export {ApiCertificate} from "./ApiCertificate";
-export {IDeployStack} from "./IDeployStack";
+export {DeployStack} from "./DeployStack";
 export {IDomainConfig} from "./IDomainConfig";
 export {IHostedZoneConfig} from "./IHostedZoneConfig";
 export {IStackArguments} from "./IStackArguments";
 export {Role} from "./Role";
+export {StaticWebSite} from "./StaticWebSite";
+export {Output} from "./Output";