@sylvesterllc/aws-constructs 1.0.31 → 1.0.34

package/src/resources/gateway/CreateApiAndAttachLambdas.ts

@@ -0,0 +1,137 @@
+import { Construct } from "constructs";
+import { BaseResource } from "../base/baseResource";
+import { ITable } from "aws-cdk-lib/aws-dynamodb";
+import { AppConfig } from "../../config/AppConfig";
+import { ApiLambdaResult } from "../../interfaces/ApiLambdaResult";
+import { TsgAuthorizerType } from "../../config/types/TsgAuthorizerType";
+import { IRestApi, RequestAuthorizer, TokenAuthorizer } from "aws-cdk-lib/aws-apigateway";
+import { TsgJwtTokenAuthorizer } from "../lambda-authorizer/TsgJwtTokenAuthorizer";
+import { RemovalPolicy } from "aws-cdk-lib";
+import { TsgRequestAuthorizer } from "../lambda-authorizer/TsgRequestAuthorizer";
+import { CreateLambda } from "../lambda/createLambda";
+import { TsgLambdaProps } from "../../config/types/TsgLambdaProps";
+import { LayerVersion } from "aws-cdk-lib/aws-lambda";
+import { NodejsFunction } from "aws-cdk-lib/aws-lambda-nodejs";
+import { TsgLambdaProp } from "../../config/types";
+import { Routes } from "../helpers/createRoutes";
+
+export class CreateApiAndAttachLambdas extends BaseResource<ApiLambdaResult>{
+
+    protected readonly requireDynamoTableRefs: boolean;
+    protected readonly requireAuthorizer: boolean;
+    protected readonly authorizer?: TsgAuthorizerType;
+
+    constructor(scope: Construct,
+        protected readonly config: AppConfig,
+        private readonly gatewayApi: IRestApi,
+        private readonly layers?: LayerVersion[],
+        private readonly tables?: ITable[]) {
+        super(scope, config);
+
+        this.requireDynamoTableRefs = (this.config.RESOURCES.DYNAMO?.TABLE_REFS?.length ?? 0 > 0) ? true : false;
+        this.requireAuthorizer = (this.config.RESOURCES.AUTHORIZER && this.config.RESOURCES.AUTHORIZER.type) ? true : false;
+
+        if (this.requireAuthorizer) {
+            this.authorizer = this.config.RESOURCES.AUTHORIZER?.type;
+        } else {
+            throw new Error(`You must provide an authorizer type if a Authorizer is required`);
+        }
+
+
+        this.onInit();
+    }
+
+    protected createResource(scope: Construct): any[] | null {
+
+        return null;
+    }
+
+    protected createOutput<T>(scope: Construct, createdAssets: T[]): void {
+        return;
+    }
+
+    private onInit() {
+
+        let authorizer: TokenAuthorizer | RequestAuthorizer | undefined = undefined;
+
+        // Create Authorizer
+        if (this.requireAuthorizer) {
+            authorizer = this.createAuthorizer()
+        }
+
+        // Create Lambdas
+        const lambdas = new CreateLambda(this.scope, this.config, this.layers);
+        
+        // Give Access to Lambdds to All DynamoDb Tables
+        if (this.tables) {
+            this.assignAccessToTables(this.tables, lambdas.Lambdas);
+        }
+
+        // Create Routes on API Gateway for Lambdas from config
+        this.AddRoutes(this.config, this.gatewayApi, lambdas.Lambdas, authorizer);
+
+        return lambdas.Lambdas;
+    }
+
+    private createAuthorizer() {
+
+        let authorizer: TokenAuthorizer | RequestAuthorizer | undefined = undefined;
+
+        if (this.requireAuthorizer && this.authorizer === TsgAuthorizerType.TOKEN_AUTHORIZER) {
+
+            authorizer = new TsgJwtTokenAuthorizer(this.scope,
+                this.config).JwtAuthorizer;
+
+            authorizer._attachToApi(this.gatewayApi);
+            authorizer.applyRemovalPolicy(RemovalPolicy.DESTROY);
+
+            return authorizer;
+
+        } else {
+            authorizer = new TsgRequestAuthorizer(this.scope,
+                this.config).RequestAuthorizer as RequestAuthorizer;
+
+            authorizer._attachToApi(this.gatewayApi);
+            authorizer.applyRemovalPolicy(RemovalPolicy.DESTROY);
+
+            return authorizer;
+        }
+    }
+
+    private assignAccessToTables(tables: ITable[], lambdas: NodejsFunction[]) {
+
+        if (tables) {
+            lambdas.forEach((lambda: NodejsFunction) => {
+
+                tables.forEach((table: ITable) => {
+
+                    table.grantReadWriteData(lambda);
+
+                });
+            });
+        }
+    }
+
+    private AddRoutes(config: AppConfig,
+        gateway: IRestApi,
+        lambdas: NodejsFunction[],
+        authorizer?: TokenAuthorizer|RequestAuthorizer) {
+
+        config.RESOURCES.LAMBDA?.forEach((prop: TsgLambdaProp) => {
+
+            const lambdaId = CreateLambda.getIdForLambda(prop, this.config);
+
+            if (!lambdaId) {
+                throw new Error(`Can't find lambda`);
+            }
+            const lambdaNode = lambdas.find(x => x.node.id === lambdaId);
+
+            if (!lambdaNode) {
+                throw new Error("Can't find the Lambda Integration");
+            }
+
+            Routes.createResource(prop, gateway, lambdaNode, authorizer);
+
+        });
+    }
+}

package/src/resources/helpers/createRoutes.ts

@@ -1,4 +1,4 @@
-import { AuthorizationType, IRestApi, LambdaIntegration, Resource, TokenAuthorizer } from "aws-cdk-lib/aws-apigateway";
+import { AuthorizationType, IRestApi, LambdaIntegration, RequestAuthorizer, Resource, TokenAuthorizer } from "aws-cdk-lib/aws-apigateway";
 import { NodejsFunction } from "aws-cdk-lib/aws-lambda-nodejs";
 import { TsgLambdaProp } from "../../config/types";
 
@@ -12,7 +12,7 @@ export class Routes {
         prop: TsgLambdaProp,
         api: IRestApi,
         lambdaNode: NodejsFunction,
-        authorizer?: TokenAuthorizer) {
+        authorizer?: TokenAuthorizer|RequestAuthorizer): void {
 
         const routeMap: Map<string, Resource> = new Map();
 
@@ -27,7 +27,7 @@ export class Routes {
             if (!prop.apiGateway.useRouteOverride) {
                 //  First we create the root resource if it doesn't exist.
                 //  Note:  this now uses the bundle version as the first segment in the path.
-                activeRoutePath = `v${(prop.apiGateway.version) ? prop.apiGateway.version : 1}`;
+                activeRoutePath = `v${(prop.apiGateway?.version) ? prop.apiGateway.version : 1}`;
                 activeResource = Routes.routeMap.get(activeRoutePath) || api.root.addResource(activeRoutePath);
                 Routes.routeMap.set(activeRoutePath, activeResource);
             }

package/src/resources/lambda/createLambda.ts

@@ -7,34 +7,37 @@ import { NodejsFunction, NodejsFunctionProps, SourceMapMode } from "aws-cdk-lib/
 import { Construct } from "constructs";
 import * as path from 'path';
 import { AppConfig } from "../../config/AppConfig";
-import { TsgLambdaProp } from "../../config/types";
+import { LogDuration, TsgLambdaProp } from "../../config/types";
 
 import { TsgLambdaProps } from "../../config/types/TsgLambdaProps";
 import { CreateLambdaFunctionInput } from "../../interfaces/CreateLambdaFunctionInput";
 import { BaseResource } from "../base/baseResource";
+import { RetentionDays } from "aws-cdk-lib/aws-logs";
 
 
 export class CreateLambda extends BaseResource<NodejsFunction> {
 
     public Lambdas: NodejsFunction[] = [];
-    
+    public LambdaRecords: Record<string, NodejsFunction> = {};
 
-    constructor(private props: TsgLambdaProps, config: AppConfig) {
-        super(props.scope, config);
+    constructor(scope: Construct, config: AppConfig, private layers?: LayerVersion[]) {
+        super(scope, config);
 
-        const resources = this.createResource(props.scope);
+        const resources = this.createResource(scope);
 
         this.Lambdas = [...resources];
 
         this.createAlarmsForLambdas(this.Lambdas);
-        
-        this.createOutput(props.scope, resources);
+
+        this.LambdaRecords = this.createRecordForLambda(this.Lambdas);
+
+        this.createOutput(scope, resources);
     }
 
     protected createResource(scope: Construct): NodejsFunction[] {
 
-        const result = this.createLambdas(this.props);
-        
+        const result = this.createLambdas(this.config);
+
         return result;
     }
 
@@ -48,17 +51,17 @@ export class CreateLambda extends BaseResource<NodejsFunction> {
         });
     }
 
-    private createLambdas(props: TsgLambdaProps): NodejsFunction[] {
-        
-        const createdLambdas: NodejsFunction[] = this.createLambdaFunctions(this.scope, props.role, props.layers);
+    private createLambdas(config: AppConfig): NodejsFunction[] {
+
+        const createdLambdas: NodejsFunction[] = this.createLambdaFunctions(this.scope, undefined, this.layers);
 
         return createdLambdas;
     }
 
-    private createLambdaFunctions(scope: Construct, role?: IRole, layers?: LayerVersion[]) {
-        
-        const createdLambdas = this.props.prop.RESOURCES.LAMBDA.map((config:TsgLambdaProp) => {
-            
+    private createLambdaFunctions(scope: Construct, role?: IRole, layers?: LayerVersion[]) {        
+
+        const createdLambdas = this.config.RESOURCES.LAMBDA.map((config: TsgLambdaProp) => {
+
             let lambdaProps = this.createLambdaProps(config, role, layers);
 
             const lambdaId = CreateLambda.getIdForLambda(config, this.config);
@@ -68,13 +71,6 @@ export class CreateLambda extends BaseResource<NodejsFunction> {
                 console.log(`found Lambda for : ${fctn.node.id}`);
             }
 
-            
-            //  If we have managed policies, we add them.
-            if (config.managedPolicies && config.managedPolicies?.length > 0) {
-                
-                this.assignManagedPolicies(fctn, config.managedPolicies);
-            }
-
             return fctn;
         });
 
@@ -84,9 +80,9 @@ export class CreateLambda extends BaseResource<NodejsFunction> {
     private createLambdaProps(prop: TsgLambdaProp, role?: IRole, layers?: LayerVersion[], props?: TsgLambdaProps) {
 
         return this.createLambdaFunctionProps({
-            prop, 
+            prop,
             role,
-            layers, 
+            layers,
             props
         });
     }
@@ -94,17 +90,18 @@ export class CreateLambda extends BaseResource<NodejsFunction> {
     private createLambdaFunctionProps(props: CreateLambdaFunctionInput) {
         const { prop, role, layers } = props;
 
-        console.log(`function Name: ${this.props.appConfig.AppPrefix}-${prop.name}`);
+        console.log(`function Name: ${this.config.AppPrefix}-${prop.name}`);
 
         const lambdaProp: NodejsFunctionProps = {
             entry: path.join(prop.codePath),
-            functionName: `${this.props.appConfig.AppPrefix}-${prop.name}`,
+            functionName: `${this.config.AppPrefix}-${prop.name}`,
             handler: prop.handler,
+            logRetention: (!prop.logDuration) ? RetentionDays.FIVE_DAYS : getDayToSaveLogs(prop.logDuration),
             runtime: prop.runtime || this.config.GLOBALS.stackRuntime,
             timeout: prop.duration || Duration.minutes(2),
             memorySize: prop.memory || 512,
             environment: {
-                "VERBOSE_LOGGING": "true",                
+                "VERBOSE_LOGGING": "true",
                 ...prop.environment
             },
             bundling: {
@@ -119,40 +116,29 @@ export class CreateLambda extends BaseResource<NodejsFunction> {
 
         }
 
-        
+
         return lambdaProp;
     };
 
-    private assignManagedPolicies(lambda: NodejsFunction, managedPolicyNames: string[]) {
-
-        managedPolicyNames.forEach((managedPolicyName: string) => {
-
-            let policy = ManagedPolicy.fromAwsManagedPolicyName(managedPolicyName);
-
-            lambda.role?.addManagedPolicy(policy);
-        });
-
-    }
-
-    private createAlarmsForLambdas(lambdas: NodejsFunction[]) {        
+    private createAlarmsForLambdas(lambdas: NodejsFunction[]) {
 
         lambdas.forEach((lambda, idx) => {
 
             const errorMetric = lambda.metricErrors({
                 period: Duration.minutes(3),
-                
+
             });
 
             const durationMetric = lambda.metricDuration({
-                period: Duration.minutes(3),                
+                period: Duration.minutes(3),
             });
 
             const invocationMetric = lambda.metricInvocations({
-                period: Duration.minutes(3),                
+                period: Duration.minutes(3),
             });
 
-            new Alarm(this.props.scope, `${this.config.AppPrefix}-${idx}-error-alarm`, {
-                metric: errorMetric, 
+            new Alarm(this.scope, `${this.config.AppPrefix}-${idx}-error-alarm`, {
+                metric: errorMetric,
                 threshold: 5,
                 comparisonOperator: ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
                 evaluationPeriods: 3,
@@ -160,8 +146,8 @@ export class CreateLambda extends BaseResource<NodejsFunction> {
                 alarmName: `${this.config.AppPrefix}-${idx}-error-alarm`
             });
 
-            new Alarm(this.props.scope, `${this.config.AppPrefix}-${idx}-duration-alarm`, {
-                metric: durationMetric, 
+            new Alarm(this.scope, `${this.config.AppPrefix}-${idx}-duration-alarm`, {
+                metric: durationMetric,
                 threshold: 1,
                 comparisonOperator: ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
                 evaluationPeriods: 3,
@@ -169,21 +155,63 @@ export class CreateLambda extends BaseResource<NodejsFunction> {
                 alarmName: `${this.config.AppPrefix}-${idx}-duration-alarm`
             });
 
-            const invocationAlarm = new Alarm(this.props.scope, `${this.config.AppPrefix}-${idx}-invocation-alarm`, {
-                metric: errorMetric, 
+            const invocationAlarm = new Alarm(this.scope, `${this.config.AppPrefix}-${idx}-invocation-alarm`, {
+                metric: errorMetric,
                 threshold: 1000,
                 comparisonOperator: ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
                 evaluationPeriods: 3,
                 alarmDescription: `${this.config.AppPrefix}-${idx} errors over 3 min period`,
                 alarmName: `${this.config.AppPrefix}-${idx}-invocation-Metric-alarm`
             });
-
-            // const alarmAction: IAlarmAction = {};
-            // invocationAlarm.addAlarmAction(alarmAction);
         });
     }
 
-    public static getIdForLambda(lambdaProp: TsgLambdaProp, appConfig: AppConfig) {       
+    public static getIdForLambda(lambdaProp: TsgLambdaProp, appConfig: AppConfig) {
         return `${appConfig.AppPrefix}-${lambdaProp.name}`.toLowerCase();
     }
-}
+    
+    private createRecordForLambda(lambdas: NodejsFunction[]) {
+
+        const names = this.config.RESOURCES.LAMBDA.map((lambda) => {
+            return lambda.name;
+        });
+
+        const lambdaNames = [...names] as const;
+
+        type LambdaName = typeof lambdaNames[number];
+    
+
+        const lambdaRecord: Record<LambdaName, NodejsFunction> = {} as Record<LambdaName, NodejsFunction>;
+
+        lambdas.forEach((lambda, idx) => {
+            lambdaRecord[lambdaNames[idx]  as LambdaName] = lambdas[idx];
+        });
+        
+        return lambdaRecord;
+    }
+}
+
+function getDayToSaveLogs(saveLogDuration: LogDuration): RetentionDays {
+
+    switch (saveLogDuration) {
+        case LogDuration.ONE_DAY:
+            return RetentionDays.ONE_DAY;
+
+        case LogDuration.ONE_WEEK:
+            return RetentionDays.ONE_WEEK;
+
+        case LogDuration.ONE_MONTH:
+            return RetentionDays.ONE_MONTH;
+
+        case LogDuration.ONE_YEAR:
+            return RetentionDays.ONE_YEAR;
+
+        case LogDuration.FIVE_YEARS:
+            return RetentionDays.FIVE_YEARS;
+
+        case LogDuration.FOREVER:
+            return RetentionDays.INFINITE;
+        default:
+            return RetentionDays.FIVE_DAYS;
+    }
+}

package/src/resources/{helpers/createAuthorizer.ts → lambda-authorizer/TsgJwtTokenAuthorizer.ts}

@@ -11,13 +11,13 @@ import { MicroserviceProps } from "../../interfaces/MicroserviceProps";
 import { BaseResource } from "../base/baseResource";
 import { CreateLambda } from "../lambda/createLambda";
 
-export class CreateAuthorizer extends BaseResource<TokenAuthorizer> {
+export class TsgJwtTokenAuthorizer extends BaseResource<TokenAuthorizer> {
 
     get JwtAuthorizer() {
         return this.createdResources[0];
     }
 
-    constructor(scope: Construct, props: AppConfig, protected authProps: TsgLambdaProp) {
+    constructor(scope: Construct, props: AppConfig) {
 
         super(scope, props);
 
@@ -30,7 +30,7 @@ export class CreateAuthorizer extends BaseResource<TokenAuthorizer> {
     }
 
     protected createResource(scope: Construct): TokenAuthorizer[] | null {
-        return [this.createLambdaAuthorizer(scope, this.authProps)];
+        return [this.createLambdaAuthorizer(scope, this.config.RESOURCES.AUTHORIZER!)];
     }
 
     private createLambdaAuthorizer(scope: Construct, lambdaConfig: TsgLambdaProp) {

package/src/resources/lambda-authorizer/TsgRequestAuthorizer.ts

@@ -0,0 +1,36 @@
+import { RequestAuthorizer } from "aws-cdk-lib/aws-apigateway";
+import { Construct } from "constructs";
+import { AppConfig } from "../../config/AppConfig";
+import { BaseResource } from "../base/baseResource";
+
+import { CfnOutput } from "aws-cdk-lib";
+import { createAuthorizer } from "./createAuthorizerHelpers";
+import { LayerVersion } from "aws-cdk-lib/aws-lambda";
+
+
+export class TsgRequestAuthorizer extends BaseResource<RequestAuthorizer> {
+
+    get RequestAuthorizer() {
+        return this.createdResources[0];
+    }
+
+    constructor(scope: Construct, config: AppConfig, private layers?: LayerVersion[]) {
+        super(scope, config);
+    }
+
+    protected createResource(scope: Construct): RequestAuthorizer[] | null {
+        const authorizer = createAuthorizer(scope, this.config, this.layers);
+        return [authorizer];
+    }
+
+    protected createOutput<T>(scope: Construct, createdAssets: T[]): void {
+        createdAssets.forEach((asset) => {
+            if (asset instanceof RequestAuthorizer) {
+                // Output the ARN of the authorizer
+                new CfnOutput(scope, "RequestAuthorizerArn", {
+                    value: `${asset.authorizationType}:${asset.authorizerArn}`
+                });
+            }
+        });
+    }
+}

package/src/resources/lambda-authorizer/createAuthorizerHelpers.ts

@@ -0,0 +1,69 @@
+import { Duration } from "aws-cdk-lib";
+import { IdentitySource, RequestAuthorizer } from "aws-cdk-lib/aws-apigateway";
+import { IFunction, LayerVersion, Runtime } from "aws-cdk-lib/aws-lambda";
+import { Construct } from "constructs";
+import { AppConfig } from "../../config/AppConfig";
+import { NodejsFunction, NodejsFunctionProps, SourceMapMode } from "aws-cdk-lib/aws-lambda-nodejs";
+import path = require("path");
+import { RetentionDays } from "aws-cdk-lib/aws-logs";
+
+export const createAuthorizer = (scope: Construct, config: AppConfig, layers?: LayerVersion[]) => {
+
+    const lambda = createLambdaForAuthorizer(scope, config);
+
+    const lambdaAuthroizer = new RequestAuthorizer(
+        scope,
+        `lambdaAuthorizer`,
+        {
+            handler: lambda,
+            identitySources: [IdentitySource.header(config.RESOURCES.AUTHORIZER?.headerName!)],
+            authorizerName: `${config.AppPrefix}-authorizer`,
+            resultsCacheTtl: Duration.seconds(0),
+        }
+    );
+
+    return lambdaAuthroizer;
+};
+
+const createLambdaForAuthorizer = (scope: Construct, config: AppConfig, layers?: LayerVersion[]) => {
+
+    const props = createLambdaProps(config, layers);
+
+    const lambda = new NodejsFunction(
+        scope,
+        `${config.AppPrefix}-authorizer`,
+        props
+    );
+
+    return lambda;
+ };
+
+const createLambdaProps = (appConfig: AppConfig, layers?: LayerVersion[]) => {
+
+
+    const prop = appConfig.RESOURCES.AUTHORIZER!;
+
+    const lambdaProp: NodejsFunctionProps = {
+        entry: path.join(prop.codePath),
+        functionName: `${appConfig.AppPrefix}-${prop.name}`,
+        handler: prop.handler,
+        logRetention: (!prop.logDuration) ? RetentionDays.FIVE_DAYS : RetentionDays.ONE_MONTH,
+        runtime: prop.runtime || appConfig.GLOBALS.stackRuntime,
+        timeout: prop.duration || Duration.minutes(2),
+        memorySize: prop.memory || 512,
+        environment: {
+            "VERBOSE_LOGGING": "true",
+            ...prop.environment
+        },
+        bundling: {
+            minify: false,
+            target: 'esNext',
+            sourceMap: true,
+            sourceMapMode: SourceMapMode.EXTERNAL,
+            environment: prop.environment || prop.environment,
+        },
+        layers
+    }
+
+    return lambdaProp;
+};

package/dist/resources/gateway/createMicroServiceBundle.d.ts

@@ -1,14 +0,0 @@
-import { ServiceBundleConfig } from "../../config/ServiceBundleConfig";
-export declare class CreateMicroServiceBundle {
-    private serviceBundleConfig;
-    protected readonly requireDynamoTableRefs: boolean;
-    protected readonly requireAuthorizer: boolean;
-    constructor(serviceBundleConfig: ServiceBundleConfig);
-    private onInit;
-    private AssignAccessToTables;
-    private AssignAccessToTableRefs;
-    private AssignReadWriteAccessToTableInRegion;
-    private AssignReadWriteAccessToTable;
-    private AddRoutes;
-    private AssignAccessToSecretManager;
-}