@digitraffic/common 2024.1.24-3 → 2024.1.30-1

package/src/aws/infra/stack/subscription.mts

@@ -1,58 +0,0 @@
-import { CfnSubscriptionFilter } from "aws-cdk-lib/aws-logs";
-import { Function as AWSFunction } from "aws-cdk-lib/aws-lambda";
-import { DigitrafficStack } from "./stack.mjs";
-import { Construct } from "constructs";
-import { MonitoredFunction } from "./monitoredfunction.mjs";
-
-/**
- * Creates a subscription filter that subscribes to a Lambda Log Group and delivers the logs to another destination.
- * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html
- * @param lambda The Lambda function, needed to create a dependency
- * @param lambdaName The Lambda name from which the Log Group name is derived
- * @param logDestinationArn Destination for streamed logs
- * @param stack CloudFormation stack
- */
-export function createSubscription(
-    lambda: AWSFunction,
-    lambdaName: string,
-    logDestinationArn: string | undefined,
-    stack: Construct
-): CfnSubscriptionFilter | undefined {
-    if (logDestinationArn == undefined) {
-        return undefined;
-    }
-    const filter = new CfnSubscriptionFilter(
-        stack,
-        `${lambdaName}LogsSubscription`,
-        {
-            logGroupName: `/aws/lambda/${lambdaName}`,
-            filterPattern: "",
-            destinationArn: logDestinationArn,
-        }
-    );
-
-    filter.node.addDependency(lambda);
-
-    return filter;
-}
-
-export class DigitrafficLogSubscriptions {
-    constructor(stack: DigitrafficStack, ...lambdas: MonitoredFunction[]) {
-        const destinationArn = stack.configuration.logsDestinationArn;
-        if (destinationArn !== undefined) {
-            lambdas.forEach((lambda) => {
-                const filter = new CfnSubscriptionFilter(
-                    stack,
-                    `${lambda.givenName}LogsSubscription`,
-                    {
-                        logGroupName: `/aws/lambda/${lambda.givenName}`,
-                        filterPattern: "",
-                        destinationArn,
-                    }
-                );
-
-                filter.node.addDependency(lambda);
-            });
-        }
-    }
-}

package/src/aws/infra/stacks/db-dns-stack.mts

@@ -1,77 +0,0 @@
-import { Duration, RemovalPolicy, Stack } from "aws-cdk-lib";
-import { type Construct } from "constructs";
-import {
-    PrivateHostedZone,
-    RecordSet,
-    RecordTarget,
-    RecordType,
-} from "aws-cdk-lib/aws-route53";
-import { InfraStackConfiguration } from "./intra-stack-configuration.mjs";
-import { importVpc } from "../import-util.mjs";
-import { getParameterValue } from "../stack/parameters.mjs";
-
-const DEFAULT_RECORD_TTL = Duration.seconds(30);
-
-/**
- * Creates a dns local zone and creates records for cluster endpoints and proxy endpoints.
- *
- * Please note, that created PrivateHostedZone has RETAIN removalPolicy, so if you want to delete this stack,
- * you must remove the zone by hand after.
- */
-export class DbDnsStack extends Stack {
-    constructor(scope: Construct, id: string, isc: InfraStackConfiguration) {
-        super(scope, id, {
-            env: isc.env,
-        });
-
-        this.createDnsRecords(isc);
-    }
-
-    createDnsRecords(isc: InfraStackConfiguration) {
-        const vpc = importVpc(this, isc.environmentName);
-        const zone = new PrivateHostedZone(this, "DNSHostedZone", {
-            zoneName: isc.environmentName + ".local",
-            vpc,
-        });
-
-        zone.applyRemovalPolicy(RemovalPolicy.RETAIN);
-
-        const clusterReaderEndpoint = getParameterValue(this, "cluster.reader");
-        const clusterWriterEndpoint = getParameterValue(this, "cluster.writer");
-
-        const proxyReaderEndpoint = getParameterValue(this, "proxy.reader");
-        const proxyWriterEndpoint = getParameterValue(this, "proxy.writer");
-
-        new RecordSet(this, "ReaderRecord", {
-            recordType: RecordType.CNAME,
-            recordName: `db-ro.${isc.environmentName}.local`,
-            target: RecordTarget.fromValues(clusterReaderEndpoint),
-            ttl: DEFAULT_RECORD_TTL,
-            zone,
-        });
-
-        new RecordSet(this, "WriterRecord", {
-            recordType: RecordType.CNAME,
-            recordName: `db.${isc.environmentName}.local`,
-            target: RecordTarget.fromValues(clusterWriterEndpoint),
-            ttl: DEFAULT_RECORD_TTL,
-            zone,
-        });
-
-        new RecordSet(this, "ProxyReaderRecord", {
-            recordType: RecordType.CNAME,
-            recordName: `proxy-ro.${isc.environmentName}.local`,
-            target: RecordTarget.fromValues(proxyReaderEndpoint),
-            ttl: DEFAULT_RECORD_TTL,
-            zone,
-        });
-
-        new RecordSet(this, "ProxyWriterRecord", {
-            recordType: RecordType.CNAME,
-            recordName: `proxy.${isc.environmentName}.local`,
-            target: RecordTarget.fromValues(proxyWriterEndpoint),
-            ttl: DEFAULT_RECORD_TTL,
-            zone,
-        });
-    }
-}

package/src/aws/infra/stacks/db-proxy-stack.mts

@@ -1,134 +0,0 @@
-import {
-    CfnDBProxyEndpoint,
-    DatabaseCluster,
-    DatabaseClusterEngine,
-    DatabaseProxy,
-    ProxyTarget,
-} from "aws-cdk-lib/aws-rds";
-import { ISecret, Secret } from "aws-cdk-lib/aws-secretsmanager";
-import { IVpc, SecurityGroup } from "aws-cdk-lib/aws-ec2";
-import { InfraStackConfiguration } from "./intra-stack-configuration.mjs";
-import { DbStack } from "./db-stack.mjs";
-import { exportValue, importVpc } from "../import-util.mjs";
-import { createParameter } from "../stack/parameters.mjs";
-import { Stack, Duration } from "aws-cdk-lib/core";
-import { Construct } from "constructs/lib/construct.js";
-
-export interface ProxyConfiguration {
-    readonly secretArn: string;
-    readonly name?: string;
-    readonly securityGroupId: string;
-    readonly clusterIdentifier: string;
-}
-
-/**
- * A stack that creates a Database proxy.
- */
-export class DbProxyStack extends Stack {
-    readonly isc: InfraStackConfiguration;
-
-    public static PROXY_READER_EXPORT_NAME = "db-reader-endpoint";
-    public static PROXY_WRITER_EXPORT_NAME = "db-writer-endpoint";
-
-    constructor(
-        scope: Construct,
-        id: string,
-        isc: InfraStackConfiguration,
-        configuration: ProxyConfiguration
-    ) {
-        super(scope, id, {
-            env: isc.env,
-        });
-
-        this.isc = isc;
-
-        if (configuration.clusterIdentifier === "") {
-            throw new Error("Empty cluster identifier!");
-        }
-
-        const vpc = importVpc(this, isc.environmentName);
-        const secret = Secret.fromSecretAttributes(this, "proxy-secret", {
-            secretCompleteArn: configuration.secretArn,
-        });
-
-        const proxy = this.createProxy(vpc, secret, configuration);
-        const readerEndpoint = this.createProxyEndpoints(
-            vpc,
-            proxy,
-            configuration.securityGroupId
-        );
-
-        createParameter(this, "proxy.reader", readerEndpoint.attrEndpoint);
-        createParameter(this, "proxy.writer", proxy.endpoint);
-
-        this.setOutputs(proxy);
-    }
-
-    setOutputs(proxy: DatabaseProxy) {
-        // if only one instance, then there is no reader-endpoint
-        exportValue(
-            this,
-            this.isc.environmentName,
-            DbProxyStack.PROXY_READER_EXPORT_NAME,
-            proxy.endpoint
-        );
-        exportValue(
-            this,
-            this.isc.environmentName,
-            DbProxyStack.PROXY_WRITER_EXPORT_NAME,
-            proxy.endpoint
-        );
-    }
-
-    createProxy(vpc: IVpc, secret: ISecret, configuration: ProxyConfiguration) {
-        const proxyId = `${this.isc.environmentName}-proxy`;
-        const securityGroup = SecurityGroup.fromSecurityGroupId(
-            this,
-            "securitygroup",
-            configuration.securityGroupId
-        );
-
-        const cluster = DatabaseCluster.fromDatabaseClusterAttributes(
-            this,
-            "db-cluster",
-            {
-                clusterIdentifier: configuration.clusterIdentifier,
-                engine: DatabaseClusterEngine.AURORA_POSTGRESQL,
-                port: DbStack.CLUSTER_PORT,
-            }
-        );
-
-        // CDK tries to allow connections between proxy and cluster
-        // this does not work on cluster references
-        cluster.connections.allowDefaultPortFrom = () => {
-            /* nothing */
-        };
-
-        return new DatabaseProxy(this, proxyId, {
-            dbProxyName: configuration.name ?? "AuroraProxy",
-            securityGroups: [securityGroup],
-            proxyTarget: ProxyTarget.fromCluster(cluster),
-            idleClientTimeout: Duration.seconds(1800),
-            maxConnectionsPercent: 50,
-            maxIdleConnectionsPercent: 25,
-            borrowTimeout: Duration.seconds(120),
-            requireTLS: false,
-            secrets: [secret],
-            vpc: vpc,
-        });
-    }
-
-    createProxyEndpoints(
-        vpc: IVpc,
-        proxy: DatabaseProxy,
-        securityGroupId: string
-    ) {
-        return new CfnDBProxyEndpoint(this, "ReaderEndpoint", {
-            dbProxyEndpointName: "ReaderEndpoint",
-            dbProxyName: proxy.dbProxyName,
-            vpcSubnetIds: vpc.privateSubnets.map((sub) => sub.subnetId),
-            vpcSecurityGroupIds: [securityGroupId],
-            targetRole: "READ_ONLY",
-        });
-    }
-}

package/src/aws/infra/stacks/db-stack.mts

@@ -1,292 +0,0 @@
-import {
-    InstanceType,
-    IVpc,
-    SecurityGroup,
-    SubnetType,
-  type ISecurityGroup,
-} from "aws-cdk-lib/aws-ec2";
-import {
-    AuroraPostgresEngineVersion,
-    CfnDBInstance,
-    Credentials,
-    DatabaseCluster,
-    DatabaseClusterEngine,
-    DatabaseClusterFromSnapshot,
-    DatabaseClusterProps,
-    InstanceUpdateBehaviour,
-    IParameterGroup,
-    ParameterGroup,
-} from "aws-cdk-lib/aws-rds";
-import { Construct } from "constructs/lib/construct.js";
-import { Secret } from "aws-cdk-lib/aws-secretsmanager";
-import { InfraStackConfiguration } from "./intra-stack-configuration.mjs";
-import { exportValue, importVpc } from "../import-util.mjs";
-import { Duration, RemovalPolicy, Stack } from "aws-cdk-lib/core";
-import { createParameter } from "../stack/parameters.mjs";
-
-export interface DbConfiguration {
-    readonly cluster?: ClusterConfiguration;
-    readonly clusterImport?: ClusterImportConfiguration;
-
-    readonly customParameterGroups: AuroraPostgresEngineVersion[];
-    readonly workmem?: number; // default 524288, 512MiB
-
-    /** superuser username and password are fetched from this secret, using keys
-     * db.superuser and db.superuser.password
-     */
-    readonly secretArn: string;
-
-    /** If this is not specified, import default vpc */
-    readonly vpc?: IVpc;
-}
-
-export interface ClusterConfiguration {
-    readonly securityGroupId: string;
-    readonly dbInstanceType: InstanceType;
-    readonly snapshotIdentifier?: string;
-    readonly instances: number;
-    readonly dbVersion: AuroraPostgresEngineVersion;
-    readonly storageEncrypted?: boolean; /// default true
-}
-
-export interface ClusterImportConfiguration {
-    readonly clusterReadEndpoint: string;
-    readonly clusterWriteEndpoint: string;
-}
-
-/**
- * Stack that creates DatabaseCluster.
- *
- * Please not, that created Cluster has RETAIL removalPolicy, so if you want to delete the stack,
- * you must first deploy without parameter group, then delete stack and manually delete cluster.
- *
- * You should deploy once with cluster and then without.  This way you can create the cluster with this
- * stack, but cluster is not part of the stack after that.
- */
-
-export class DbStack extends Stack {
-    public static CLUSTER_PORT = 5432;
-
-    public static CLUSTER_IDENTIFIER_EXPORT_NAME = "db-cluster";
-    public static CLUSTER_READ_ENDPOINT_EXPORT_NAME =
-        "db-cluster-reader-endpoint";
-    public static CLUSTER_WRITE_ENDPOINT_EXPORT_NAME =
-        "db-cluster-writer-endpoint";
-
-    public clusterIdentifier = "";
-
-    constructor(
-        scope: Construct,
-        id: string,
-        isc: InfraStackConfiguration,
-        configuration: DbConfiguration
-    ) {
-        super(scope, id, {
-            env: isc.env,
-        });
-
-        const parameterGroups = this.createParameterGroups(
-            configuration.customParameterGroups,
-            configuration.workmem ?? 524288
-        );
-
-        if (
-            (configuration.cluster && configuration.clusterImport) ||
-            (!configuration.cluster && !configuration.clusterImport)
-        ) {
-            throw new Error("Configure either cluster or clusterImport");
-        }
-
-        // create cluster if this is wanted, should do it only once
-        if (configuration.cluster) {
-            const cluster = this.createAuroraCluster(
-                isc,
-                configuration,
-                configuration.cluster,
-                parameterGroups
-            );
-
-            exportValue(
-                this,
-                isc.environmentName,
-                DbStack.CLUSTER_IDENTIFIER_EXPORT_NAME,
-                cluster.clusterIdentifier
-            );
-
-            exportValue(
-                this,
-                isc.environmentName,
-                DbStack.CLUSTER_WRITE_ENDPOINT_EXPORT_NAME,
-                cluster.clusterEndpoint.hostname
-            );
-
-            exportValue(
-                this,
-                isc.environmentName,
-                DbStack.CLUSTER_READ_ENDPOINT_EXPORT_NAME,
-                cluster.clusterReadEndpoint.hostname
-            );
-
-            createParameter(
-                this,
-                "cluster.reader",
-                cluster.clusterReadEndpoint.hostname
-            );
-            createParameter(
-                this,
-                "cluster.writer",
-                cluster.clusterEndpoint.hostname
-            );
-            createParameter(
-                this,
-                "cluster.identifier",
-                cluster.clusterIdentifier
-            );
-
-            this.clusterIdentifier = cluster.clusterIdentifier;
-        }
-
-        if (configuration.clusterImport) {
-            createParameter(
-                this,
-                "cluster.reader",
-                configuration.clusterImport.clusterReadEndpoint
-            );
-            createParameter(
-                this,
-                "cluster.writer",
-                configuration.clusterImport.clusterWriteEndpoint
-            );
-        }
-    }
-
-    createParameterGroups(
-        customVersions: AuroraPostgresEngineVersion[],
-        workmem: number
-    ): IParameterGroup[] {
-        return customVersions.map((version: AuroraPostgresEngineVersion) => {
-            const pg = new ParameterGroup(
-                this,
-                `parameter-group-${version.auroraPostgresMajorVersion}`,
-                {
-                    engine: DatabaseClusterEngine.auroraPostgres({
-                        version,
-                    }),
-                    parameters: {
-                        "pg_stat_statements.track": "ALL",
-                        random_page_cost: "1",
-                        work_mem: workmem.toString(),
-                    },
-                }
-            );
-
-            // create both cluster parameter group and instance parameter group
-            pg.bindToCluster({});
-            pg.bindToInstance({});
-
-            return pg;
-        });
-    }
-
-    createClusterParameters(
-        secretArn: string,
-        clusterConfiguration: ClusterConfiguration,
-        instanceName: string,
-        vpc: IVpc,
-        securityGroup: ISecurityGroup,
-        parameterGroup: IParameterGroup
-    ): DatabaseClusterProps {
-        const secret = Secret.fromSecretCompleteArn(
-            this,
-            "DBSecret",
-            secretArn
-        );
-
-        return {
-            engine: DatabaseClusterEngine.auroraPostgres({
-                version: clusterConfiguration.dbVersion,
-            }),
-            instances: clusterConfiguration.instances,
-            instanceUpdateBehaviour: InstanceUpdateBehaviour.ROLLING,
-            instanceIdentifierBase: instanceName + "-",
-            cloudwatchLogsExports: ["postgresql"],
-            backup: {
-                retention: Duration.days(35),
-                preferredWindow: "01:00-02:00",
-            },
-            preferredMaintenanceWindow: "mon:03:00-mon:04:00",
-            deletionProtection: true,
-            removalPolicy: RemovalPolicy.RETAIN,
-            port: DbStack.CLUSTER_PORT,
-            instanceProps: {
-                autoMinorVersionUpgrade: true,
-                allowMajorVersionUpgrade: false,
-                enablePerformanceInsights: true,
-                vpc,
-                securityGroups: [securityGroup],
-                vpcSubnets: {
-                    subnetType: SubnetType.PRIVATE_WITH_EGRESS,
-                },
-                instanceType: clusterConfiguration.dbInstanceType,
-                parameterGroup,
-            },
-            credentials: Credentials.fromPassword(
-                secret.secretValueFromJson("db.superuser").unsafeUnwrap(),
-                secret.secretValueFromJson("db.superuser.password")
-            ),
-            parameterGroup,
-            //            storageEncrypted: clusterConfiguration.storageEncrypted ?? true,
-            monitoringInterval: Duration.seconds(30),
-        };
-    }
-
-    createAuroraCluster(
-        isc: InfraStackConfiguration,
-        configuration: DbConfiguration,
-        clusterConfiguration: ClusterConfiguration,
-        parameterGroups: IParameterGroup[]
-    ): DatabaseCluster {
-        const instanceName = isc.environmentName + "-db";
-        const securityGroup = SecurityGroup.fromSecurityGroupId(
-            this,
-            "securitygroup",
-            clusterConfiguration.securityGroupId
-        );
-        const vpc = configuration.vpc
-            ? configuration.vpc
-            : importVpc(this, isc.environmentName);
-
-        const parameters = this.createClusterParameters(
-            configuration.secretArn,
-            clusterConfiguration,
-            instanceName,
-            vpc,
-            securityGroup,
-            parameterGroups[0]
-        );
-
-        // create cluster from the snapshot or from the scratch
-        const cluster = clusterConfiguration.snapshotIdentifier
-            ? new DatabaseClusterFromSnapshot(this, instanceName, {
-                  ...parameters,
-                  ...{
-                      snapshotIdentifier:
-                          clusterConfiguration.snapshotIdentifier,
-                  },
-              })
-            : new DatabaseCluster(this, instanceName, parameters);
-
-        // this workaround should prevent stack failing on version upgrade
-        const cfnInstances = cluster.node.children.filter(
-            (child): child is CfnDBInstance => child instanceof CfnDBInstance
-        );
-        if (cfnInstances.length === 0) {
-            throw new Error(
-                "Couldn't pull CfnDBInstances from the L1 constructs!"
-            );
-        }
-        cfnInstances.forEach((cfnInstance) => delete cfnInstance.engineVersion);
-
-        return cluster;
-    }
-}

package/src/aws/infra/stacks/intra-stack-configuration.mts

@@ -1,6 +0,0 @@
-import { Environment } from "aws-cdk-lib/core";
-
-export interface InfraStackConfiguration {
-    readonly env: Environment;
-    readonly environmentName: string;
-}

package/src/aws/infra/stacks/network-stack.mts

@@ -1,76 +0,0 @@
-import { IpAddresses, IVpc, SubnetType, Vpc } from "aws-cdk-lib/aws-ec2";
-import { InfraStackConfiguration } from "./intra-stack-configuration.mjs";
-import { exportValue } from "../import-util.mjs";
-import { Stack } from "aws-cdk-lib/core";
-import { Construct } from "constructs/lib/construct.js";
-
-export interface NetworkConfiguration {
-    readonly vpcName: string;
-    readonly cidr: string;
-}
-
-export class NetworkStack extends Stack {
-    readonly vpc: IVpc;
-
-    constructor(
-        scope: Construct,
-        id: string,
-        isc: InfraStackConfiguration,
-        configuration: NetworkConfiguration
-    ) {
-        super(scope, id, {
-            env: isc.env,
-        });
-
-        this.vpc = this.createVpc(configuration);
-        exportValue(this, isc.environmentName, "VPCID", this.vpc.vpcId);
-        exportValue(
-            this,
-            isc.environmentName,
-            "digitrafficpublicASubnet",
-            this.vpc.publicSubnets[0].subnetId
-        );
-        exportValue(
-            this,
-            isc.environmentName,
-            "digitrafficpublicBSubnet",
-            this.vpc.publicSubnets[1].subnetId
-        );
-        exportValue(
-            this,
-            isc.environmentName,
-            "digitrafficprivateASubnet",
-            this.vpc.privateSubnets[0].subnetId
-        );
-        exportValue(
-            this,
-            isc.environmentName,
-            "digitrafficprivateBSubnet",
-            this.vpc.privateSubnets[1].subnetId
-        );
-    }
-
-    createVpc(configuration: NetworkConfiguration): Vpc {
-        return new Vpc(this, "DigitrafficVPC", {
-            vpcName: configuration.vpcName,
-            availabilityZones: Stack.of(this)
-                .availabilityZones.sort()
-                .slice(0, 2), // take two first azs
-            enableDnsHostnames: true,
-            enableDnsSupport: true,
-            ipAddresses: IpAddresses.cidr(configuration.cidr),
-            subnetConfiguration: [
-                {
-                    name: "public",
-                    cidrMask: 24,
-                    subnetType: SubnetType.PUBLIC,
-                },
-                {
-                    name: "private",
-                    cidrMask: 24,
-                    subnetType: SubnetType.PRIVATE_WITH_EGRESS,
-                },
-            ],
-        });
-    }
-}

package/src/aws/infra/usage-plans.mts

@@ -1,50 +0,0 @@
-import { IApiKey, RestApi } from "aws-cdk-lib/aws-apigateway";
-
-/**
- * Creates an usage plan for a REST API with a single API key
- * @param api The REST API
- * @param apiKeyId Id for the API key, this is a surrogate id for CDK, not displayed anywhere
- * @param apiKeyName Name for the API key, this is displayed in the AWS Console
- * @deprecated Creates randomized API key names, use createDefaultUsagePlan instead
- */
-export function createUsagePlan(
-    api: RestApi,
-    apiKeyId: string,
-    apiKeyName: string
-): IApiKey {
-    const apiKey = api.addApiKey(apiKeyId);
-    const plan = api.addUsagePlan(apiKeyName, {
-        name: apiKeyName,
-    });
-    plan.addApiStage({
-        stage: api.deploymentStage,
-    });
-    plan.addApiKey(apiKey);
-
-    return apiKey;
-}
-
-/**
- * Creates a default usage plan for a REST API with a single API key
- * @param api The REST API
- * @param apiName Name of the api. Will generate key: apiName + ' API Key' and plan: apiName + ' API Usage Plan'
- * @param value Optional value for the API key
- */
-export function createDefaultUsagePlan(
-    api: RestApi,
-    apiName: string,
-    value?: string
-): IApiKey {
-    const apiKeyName = apiName + " API Key";
-    const usagePlanName = apiName + " API Usage Plan";
-    const apiKey = api.addApiKey(apiKeyName, { apiKeyName: apiKeyName, value });
-    const plan = api.addUsagePlan(usagePlanName, {
-        name: usagePlanName,
-    });
-    plan.addApiStage({
-        stage: api.deploymentStage,
-    });
-    plan.addApiKey(apiKey);
-
-    return apiKey;
-}