eoapi-cdk 5.0.0

package/lib/ingestor-api/index.js

@@ -0,0 +1,147 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.StacIngestor = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_lambda_python_alpha_1 = require("@aws-cdk/aws-lambda-python-alpha");
+const constructs_1 = require("constructs");
+class StacIngestor extends constructs_1.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.table = this.buildTable();
+        const env = {
+            DYNAMODB_TABLE: this.table.tableName,
+            ROOT_PATH: `/${props.stage}`,
+            NO_PYDANTIC_SSM_SETTINGS: "1",
+            STAC_URL: props.stacUrl,
+            DATA_ACCESS_ROLE: props.dataAccessRole.roleArn,
+            ...props.apiEnv,
+        };
+        this.handlerRole = new aws_cdk_lib_1.aws_iam.Role(this, "execution-role", {
+            description: "Role used by STAC Ingestor. Manually defined so that we can choose a name that is supported by the data access roles trust policy",
+            assumedBy: new aws_cdk_lib_1.aws_iam.ServicePrincipal("lambda.amazonaws.com"),
+            managedPolicies: [
+                aws_cdk_lib_1.aws_iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"),
+                aws_cdk_lib_1.aws_iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole"),
+            ],
+        });
+        const handler = this.buildApiLambda({
+            table: this.table,
+            env,
+            dataAccessRole: props.dataAccessRole,
+            stage: props.stage,
+            dbSecret: props.stacDbSecret,
+            dbVpc: props.vpc,
+            dbSecurityGroup: props.stacDbSecurityGroup,
+            subnetSelection: props.subnetSelection,
+        });
+        this.buildApiEndpoint({
+            handler,
+            stage: props.stage,
+            endpointConfiguration: props.apiEndpointConfiguration,
+            policy: props.apiPolicy,
+        });
+        this.buildIngestor({
+            table: this.table,
+            env: env,
+            dbSecret: props.stacDbSecret,
+            dbVpc: props.vpc,
+            dbSecurityGroup: props.stacDbSecurityGroup,
+            subnetSelection: props.subnetSelection,
+        });
+        this.registerSsmParameter({
+            name: "dynamodb_table",
+            value: this.table.tableName,
+            description: "Name of table used to store ingestions",
+        });
+    }
+    buildTable() {
+        const table = new aws_cdk_lib_1.aws_dynamodb.Table(this, "ingestions-table", {
+            partitionKey: { name: "created_by", type: aws_cdk_lib_1.aws_dynamodb.AttributeType.STRING },
+            sortKey: { name: "id", type: aws_cdk_lib_1.aws_dynamodb.AttributeType.STRING },
+            billingMode: aws_cdk_lib_1.aws_dynamodb.BillingMode.PAY_PER_REQUEST,
+            removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
+            stream: aws_cdk_lib_1.aws_dynamodb.StreamViewType.NEW_IMAGE,
+        });
+        table.addGlobalSecondaryIndex({
+            indexName: "status",
+            partitionKey: { name: "status", type: aws_cdk_lib_1.aws_dynamodb.AttributeType.STRING },
+            sortKey: { name: "created_at", type: aws_cdk_lib_1.aws_dynamodb.AttributeType.STRING },
+        });
+        return table;
+    }
+    buildApiLambda(props) {
+        const handler = new aws_lambda_python_alpha_1.PythonFunction(this, "api-handler", {
+            entry: `${__dirname}/runtime`,
+            index: "src/handler.py",
+            runtime: aws_cdk_lib_1.aws_lambda.Runtime.PYTHON_3_9,
+            timeout: aws_cdk_lib_1.Duration.seconds(30),
+            environment: { DB_SECRET_ARN: props.dbSecret.secretArn, ...props.env },
+            vpc: props.dbVpc,
+            vpcSubnets: props.subnetSelection,
+            allowPublicSubnet: true,
+            role: this.handlerRole,
+            memorySize: 2048,
+        });
+        // Allow handler to read DB secret
+        props.dbSecret.grantRead(handler);
+        // Allow handler to connect to DB
+        props.dbSecurityGroup.addIngressRule(handler.connections.securityGroups[0], aws_cdk_lib_1.aws_ec2.Port.tcp(5432), "Allow connections from STAC Ingestor");
+        props.table.grantReadWriteData(handler);
+        return handler;
+    }
+    buildIngestor(props) {
+        const handler = new aws_lambda_python_alpha_1.PythonFunction(this, "stac-ingestor", {
+            entry: `${__dirname}/runtime`,
+            index: "src/ingestor.py",
+            runtime: aws_cdk_lib_1.aws_lambda.Runtime.PYTHON_3_9,
+            timeout: aws_cdk_lib_1.Duration.seconds(180),
+            environment: { DB_SECRET_ARN: props.dbSecret.secretArn, ...props.env },
+            vpc: props.dbVpc,
+            vpcSubnets: props.subnetSelection,
+            allowPublicSubnet: true,
+            memorySize: 2048,
+        });
+        // Allow handler to read DB secret
+        props.dbSecret.grantRead(handler);
+        // Allow handler to connect to DB
+        props.dbSecurityGroup.addIngressRule(handler.connections.securityGroups[0], aws_cdk_lib_1.aws_ec2.Port.tcp(5432), "Allow connections from STAC Ingestor");
+        // Allow handler to write results back to DBƒ
+        props.table.grantWriteData(handler);
+        // Trigger handler from writes to DynamoDB table
+        handler.addEventSource(new aws_cdk_lib_1.aws_lambda_event_sources.DynamoEventSource(props.table, {
+            // Read when batches reach size...
+            batchSize: 1000,
+            // ... or when window is reached.
+            maxBatchingWindow: aws_cdk_lib_1.Duration.seconds(10),
+            // Read oldest data first.
+            startingPosition: aws_cdk_lib_1.aws_lambda.StartingPosition.TRIM_HORIZON,
+            retryAttempts: 1,
+        }));
+        return handler;
+    }
+    buildApiEndpoint(props) {
+        return new aws_cdk_lib_1.aws_apigateway.LambdaRestApi(this, `${aws_cdk_lib_1.Stack.of(this).stackName}-ingestor-api`, {
+            handler: props.handler,
+            proxy: true,
+            cloudWatchRole: true,
+            deployOptions: { stageName: props.stage },
+            endpointExportName: `${aws_cdk_lib_1.Stack.of(this)}-ingestor-api`,
+            endpointConfiguration: props.endpointConfiguration,
+            policy: props.policy,
+        });
+    }
+    registerSsmParameter(props) {
+        const parameterNamespace = aws_cdk_lib_1.Stack.of(this).stackName;
+        return new aws_cdk_lib_1.aws_ssm.StringParameter(this, `${props.name.replace("_", "-")}-parameter`, {
+            description: props.description,
+            parameterName: `/${parameterNamespace}/${props.name}`,
+            stringValue: props.value,
+        });
+    }
+}
+exports.StacIngestor = StacIngestor;
+_a = JSII_RTTI_SYMBOL_1;
+StacIngestor[_a] = { fqn: "eoapi-cdk.StacIngestor", version: "5.0.0" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLDZDQVlxQjtBQUNyQiw4RUFBa0U7QUFDbEUsMkNBQXVDO0FBRXZDLE1BQWEsWUFBYSxTQUFRLHNCQUFTO0lBSXpDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBd0I7UUFDaEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUUvQixNQUFNLEdBQUcsR0FBMkI7WUFDbEMsY0FBYyxFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUztZQUNwQyxTQUFTLEVBQUUsSUFBSSxLQUFLLENBQUMsS0FBSyxFQUFFO1lBQzVCLHdCQUF3QixFQUFFLEdBQUc7WUFDN0IsUUFBUSxFQUFFLEtBQUssQ0FBQyxPQUFPO1lBQ3ZCLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxjQUFjLENBQUMsT0FBTztZQUM5QyxHQUFHLEtBQUssQ0FBQyxNQUFNO1NBQ2hCLENBQUM7UUFFRixJQUFJLENBQUMsV0FBVyxHQUFHLElBQUkscUJBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLGdCQUFnQixFQUFFO1lBQ3RELFdBQVcsRUFDVCxtSUFBbUk7WUFDckksU0FBUyxFQUFFLElBQUkscUJBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxzQkFBc0IsQ0FBQztZQUMzRCxlQUFlLEVBQUU7Z0JBQ2YscUJBQUcsQ0FBQyxhQUFhLENBQUMsd0JBQXdCLENBQ3hDLDBDQUEwQyxDQUMzQztnQkFDRCxxQkFBRyxDQUFDLGFBQWEsQ0FBQyx3QkFBd0IsQ0FDeEMsOENBQThDLENBQy9DO2FBQ0Y7U0FDRixDQUFDLENBQUM7UUFFSCxNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsY0FBYyxDQUFDO1lBQ2xDLEtBQUssRUFBRSxJQUFJLENBQUMsS0FBSztZQUNqQixHQUFHO1lBQ0gsY0FBYyxFQUFFLEtBQUssQ0FBQyxjQUFjO1lBQ3BDLEtBQUssRUFBRSxLQUFLLENBQUMsS0FBSztZQUNsQixRQUFRLEVBQUUsS0FBSyxDQUFDLFlBQVk7WUFDNUIsS0FBSyxFQUFFLEtBQUssQ0FBQyxHQUFHO1lBQ2hCLGVBQWUsRUFBRSxLQUFLLENBQUMsbUJBQW1CO1lBQzFDLGVBQWUsRUFBRSxLQUFLLENBQUMsZUFBZTtTQUN2QyxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsZ0JBQWdCLENBQUM7WUFDcEIsT0FBTztZQUNQLEtBQUssRUFBRSxLQUFLLENBQUMsS0FBSztZQUNsQixxQkFBcUIsRUFBRSxLQUFLLENBQUMsd0JBQXdCO1lBQ3JELE1BQU0sRUFBRSxLQUFLLENBQUMsU0FBUztTQUN4QixDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsYUFBYSxDQUFDO1lBQ2pCLEtBQUssRUFBRSxJQUFJLENBQUMsS0FBSztZQUNqQixHQUFHLEVBQUUsR0FBRztZQUNSLFFBQVEsRUFBRSxLQUFLLENBQUMsWUFBWTtZQUM1QixLQUFLLEVBQUUsS0FBSyxDQUFDLEdBQUc7WUFDaEIsZUFBZSxFQUFFLEtBQUssQ0FBQyxtQkFBbUI7WUFDMUMsZUFBZSxFQUFFLEtBQUssQ0FBQyxlQUFlO1NBQ3ZDLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxvQkFBb0IsQ0FBQztZQUN4QixJQUFJLEVBQUUsZ0JBQWdCO1lBQ3RCLEtBQUssRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLFNBQVM7WUFDM0IsV0FBVyxFQUFFLHdDQUF3QztTQUN0RCxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRU8sVUFBVTtRQUNoQixNQUFNLEtBQUssR0FBRyxJQUFJLDBCQUFRLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSxrQkFBa0IsRUFBRTtZQUN6RCxZQUFZLEVBQUUsRUFBRSxJQUFJLEVBQUUsWUFBWSxFQUFFLElBQUksRUFBRSwwQkFBUSxDQUFDLGFBQWEsQ0FBQyxNQUFNLEVBQUU7WUFDekUsT0FBTyxFQUFFLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsMEJBQVEsQ0FBQyxhQUFhLENBQUMsTUFBTSxFQUFFO1lBQzVELFdBQVcsRUFBRSwwQkFBUSxDQUFDLFdBQVcsQ0FBQyxlQUFlO1lBQ2pELGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87WUFDcEMsTUFBTSxFQUFFLDBCQUFRLENBQUMsY0FBYyxDQUFDLFNBQVM7U0FDMUMsQ0FBQyxDQUFDO1FBRUgsS0FBSyxDQUFDLHVCQUF1QixDQUFDO1lBQzVCLFNBQVMsRUFBRSxRQUFRO1lBQ25CLFlBQVksRUFBRSxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUUsSUFBSSxFQUFFLDBCQUFRLENBQUMsYUFBYSxDQUFDLE1BQU0sRUFBRTtZQUNyRSxPQUFPLEVBQUUsRUFBRSxJQUFJLEVBQUUsWUFBWSxFQUFFLElBQUksRUFBRSwwQkFBUSxDQUFDLGFBQWEsQ0FBQyxNQUFNLEVBQUU7U0FDckUsQ0FBQyxDQUFDO1FBRUgsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0lBRU8sY0FBYyxDQUFDLEtBU3RCO1FBRUMsTUFBTSxPQUFPLEdBQUcsSUFBSSx3Q0FBYyxDQUFDLElBQUksRUFBRSxhQUFhLEVBQUU7WUFDdEQsS0FBSyxFQUFFLEdBQUcsU0FBUyxVQUFVO1lBQzdCLEtBQUssRUFBRSxnQkFBZ0I7WUFDdkIsT0FBTyxFQUFFLHdCQUFNLENBQUMsT0FBTyxDQUFDLFVBQVU7WUFDbEMsT0FBTyxFQUFFLHNCQUFRLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUM3QixXQUFXLEVBQUUsRUFBRSxhQUFhLEVBQUUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxTQUFTLEVBQUUsR0FBRyxLQUFLLENBQUMsR0FBRyxFQUFFO1lBQ3RFLEdBQUcsRUFBRSxLQUFLLENBQUMsS0FBSztZQUNoQixVQUFVLEVBQUUsS0FBSyxDQUFDLGVBQWU7WUFDakMsaUJBQWlCLEVBQUUsSUFBSTtZQUN2QixJQUFJLEVBQUUsSUFBSSxDQUFDLFdBQVc7WUFDdEIsVUFBVSxFQUFFLElBQUk7U0FDakIsQ0FBQyxDQUFDO1FBRUgsa0NBQWtDO1FBQ2xDLEtBQUssQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRWxDLGlDQUFpQztRQUNqQyxLQUFLLENBQUMsZUFBZSxDQUFDLGNBQWMsQ0FDbEMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsQ0FBQyxDQUFDLEVBQ3JDLHFCQUFHLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFDbEIsc0NBQXNDLENBQ3ZDLENBQUM7UUFFRixLQUFLLENBQUMsS0FBSyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRXhDLE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFTyxhQUFhLENBQUMsS0FPckI7UUFDQyxNQUFNLE9BQU8sR0FBRyxJQUFJLHdDQUFjLENBQUMsSUFBSSxFQUFFLGVBQWUsRUFBRTtZQUN4RCxLQUFLLEVBQUUsR0FBRyxTQUFTLFVBQVU7WUFDN0IsS0FBSyxFQUFFLGlCQUFpQjtZQUN4QixPQUFPLEVBQUUsd0JBQU0sQ0FBQyxPQUFPLENBQUMsVUFBVTtZQUNsQyxPQUFPLEVBQUUsc0JBQVEsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDO1lBQzlCLFdBQVcsRUFBRSxFQUFFLGFBQWEsRUFBRSxLQUFLLENBQUMsUUFBUSxDQUFDLFNBQVMsRUFBRSxHQUFHLEtBQUssQ0FBQyxHQUFHLEVBQUU7WUFDdEUsR0FBRyxFQUFFLEtBQUssQ0FBQyxLQUFLO1lBQ2hCLFVBQVUsRUFBRSxLQUFLLENBQUMsZUFBZTtZQUNqQyxpQkFBaUIsRUFBRSxJQUFJO1lBQ3ZCLFVBQVUsRUFBRSxJQUFJO1NBQ2pCLENBQUMsQ0FBQztRQUVILGtDQUFrQztRQUNsQyxLQUFLLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUVsQyxpQ0FBaUM7UUFDakMsS0FBSyxDQUFDLGVBQWUsQ0FBQyxjQUFjLENBQ2xDLE9BQU8sQ0FBQyxXQUFXLENBQUMsY0FBYyxDQUFDLENBQUMsQ0FBQyxFQUNyQyxxQkFBRyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQ2xCLHNDQUFzQyxDQUN2QyxDQUFDO1FBRUYsNkNBQTZDO1FBQzdDLEtBQUssQ0FBQyxLQUFLLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRXBDLGdEQUFnRDtRQUNoRCxPQUFPLENBQUMsY0FBYyxDQUNwQixJQUFJLHNDQUFNLENBQUMsaUJBQWlCLENBQUMsS0FBSyxDQUFDLEtBQUssRUFBRTtZQUN4QyxrQ0FBa0M7WUFDbEMsU0FBUyxFQUFFLElBQUk7WUFDZixpQ0FBaUM7WUFDakMsaUJBQWlCLEVBQUUsc0JBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ3ZDLDBCQUEwQjtZQUMxQixnQkFBZ0IsRUFBRSx3QkFBTSxDQUFDLGdCQUFnQixDQUFDLFlBQVk7WUFDdEQsYUFBYSxFQUFFLENBQUM7U0FDakIsQ0FBQyxDQUNILENBQUM7UUFFRixPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBRU8sZ0JBQWdCLENBQUMsS0FLeEI7UUFDQyxPQUFPLElBQUksNEJBQVUsQ0FBQyxhQUFhLENBQ2pDLElBQUksRUFDSixHQUFHLG1CQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLFNBQVMsZUFBZSxFQUMxQztZQUNFLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTztZQUN0QixLQUFLLEVBQUUsSUFBSTtZQUVYLGNBQWMsRUFBRSxJQUFJO1lBQ3BCLGFBQWEsRUFBRSxFQUFFLFNBQVMsRUFBRSxLQUFLLENBQUMsS0FBSyxFQUFFO1lBQ3pDLGtCQUFrQixFQUFFLEdBQUcsbUJBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLGVBQWU7WUFFcEQscUJBQXFCLEVBQUUsS0FBSyxDQUFDLHFCQUFxQjtZQUNsRCxNQUFNLEVBQUUsS0FBSyxDQUFDLE1BQU07U0FDckIsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVPLG9CQUFvQixDQUFDLEtBSTVCO1FBQ0MsTUFBTSxrQkFBa0IsR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFDcEQsT0FBTyxJQUFJLHFCQUFHLENBQUMsZUFBZSxDQUM1QixJQUFJLEVBQ0osR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLFlBQVksRUFDM0M7WUFDRSxXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7WUFDOUIsYUFBYSxFQUFFLElBQUksa0JBQWtCLElBQUksS0FBSyxDQUFDLElBQUksRUFBRTtZQUNyRCxXQUFXLEVBQUUsS0FBSyxDQUFDLEtBQUs7U0FDekIsQ0FDRixDQUFDO0lBQ0osQ0FBQzs7QUFsTkgsb0NBbU5DIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHtcbiAgYXdzX2FwaWdhdGV3YXkgYXMgYXBpZ2F0ZXdheSxcbiAgYXdzX2R5bmFtb2RiIGFzIGR5bmFtb2RiLFxuICBhd3NfZWMyIGFzIGVjMixcbiAgYXdzX2lhbSBhcyBpYW0sXG4gIGF3c19sYW1iZGEgYXMgbGFtYmRhLFxuICBhd3NfbGFtYmRhX2V2ZW50X3NvdXJjZXMgYXMgZXZlbnRzLFxuICBhd3Nfc2VjcmV0c21hbmFnZXIgYXMgc2VjcmV0c21hbmFnZXIsXG4gIGF3c19zc20gYXMgc3NtLFxuICBEdXJhdGlvbixcbiAgUmVtb3ZhbFBvbGljeSxcbiAgU3RhY2ssXG59IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgUHl0aG9uRnVuY3Rpb24gfSBmcm9tIFwiQGF3cy1jZGsvYXdzLWxhbWJkYS1weXRob24tYWxwaGFcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5cbmV4cG9ydCBjbGFzcyBTdGFjSW5nZXN0b3IgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICB0YWJsZTogZHluYW1vZGIuVGFibGU7XG4gIHB1YmxpYyBoYW5kbGVyUm9sZTogaWFtLlJvbGU7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IFN0YWNJbmdlc3RvclByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIHRoaXMudGFibGUgPSB0aGlzLmJ1aWxkVGFibGUoKTtcblxuICAgIGNvbnN0IGVudjogUmVjb3JkPHN0cmluZywgc3RyaW5nPiA9IHtcbiAgICAgIERZTkFNT0RCX1RBQkxFOiB0aGlzLnRhYmxlLnRhYmxlTmFtZSxcbiAgICAgIFJPT1RfUEFUSDogYC8ke3Byb3BzLnN0YWdlfWAsXG4gICAgICBOT19QWURBTlRJQ19TU01fU0VUVElOR1M6IFwiMVwiLFxuICAgICAgU1RBQ19VUkw6IHByb3BzLnN0YWNVcmwsXG4gICAgICBEQVRBX0FDQ0VTU19ST0xFOiBwcm9wcy5kYXRhQWNjZXNzUm9sZS5yb2xlQXJuLFxuICAgICAgLi4ucHJvcHMuYXBpRW52LFxuICAgIH07XG5cbiAgICB0aGlzLmhhbmRsZXJSb2xlID0gbmV3IGlhbS5Sb2xlKHRoaXMsIFwiZXhlY3V0aW9uLXJvbGVcIiwge1xuICAgICAgZGVzY3JpcHRpb246XG4gICAgICAgIFwiUm9sZSB1c2VkIGJ5IFNUQUMgSW5nZXN0b3IuIE1hbnVhbGx5IGRlZmluZWQgc28gdGhhdCB3ZSBjYW4gY2hvb3NlIGEgbmFtZSB0aGF0IGlzIHN1cHBvcnRlZCBieSB0aGUgZGF0YSBhY2Nlc3Mgcm9sZXMgdHJ1c3QgcG9saWN5XCIsXG4gICAgICBhc3N1bWVkQnk6IG5ldyBpYW0uU2VydmljZVByaW5jaXBhbChcImxhbWJkYS5hbWF6b25hd3MuY29tXCIpLFxuICAgICAgbWFuYWdlZFBvbGljaWVzOiBbXG4gICAgICAgIGlhbS5NYW5hZ2VkUG9saWN5LmZyb21Bd3NNYW5hZ2VkUG9saWN5TmFtZShcbiAgICAgICAgICBcInNlcnZpY2Utcm9sZS9BV1NMYW1iZGFCYXNpY0V4ZWN1dGlvblJvbGVcIixcbiAgICAgICAgKSxcbiAgICAgICAgaWFtLk1hbmFnZWRQb2xpY3kuZnJvbUF3c01hbmFnZWRQb2xpY3lOYW1lKFxuICAgICAgICAgIFwic2VydmljZS1yb2xlL0FXU0xhbWJkYVZQQ0FjY2Vzc0V4ZWN1dGlvblJvbGVcIixcbiAgICAgICAgKSxcbiAgICAgIF0sXG4gICAgfSk7XG4gICAgXG4gICAgY29uc3QgaGFuZGxlciA9IHRoaXMuYnVpbGRBcGlMYW1iZGEoe1xuICAgICAgdGFibGU6IHRoaXMudGFibGUsXG4gICAgICBlbnYsXG4gICAgICBkYXRhQWNjZXNzUm9sZTogcHJvcHMuZGF0YUFjY2Vzc1JvbGUsXG4gICAgICBzdGFnZTogcHJvcHMuc3RhZ2UsXG4gICAgICBkYlNlY3JldDogcHJvcHMuc3RhY0RiU2VjcmV0LFxuICAgICAgZGJWcGM6IHByb3BzLnZwYyxcbiAgICAgIGRiU2VjdXJpdHlHcm91cDogcHJvcHMuc3RhY0RiU2VjdXJpdHlHcm91cCxcbiAgICAgIHN1Ym5ldFNlbGVjdGlvbjogcHJvcHMuc3VibmV0U2VsZWN0aW9uLFxuICAgIH0pO1xuXG4gICAgdGhpcy5idWlsZEFwaUVuZHBvaW50KHtcbiAgICAgIGhhbmRsZXIsXG4gICAgICBzdGFnZTogcHJvcHMuc3RhZ2UsXG4gICAgICBlbmRwb2ludENvbmZpZ3VyYXRpb246IHByb3BzLmFwaUVuZHBvaW50Q29uZmlndXJhdGlvbixcbiAgICAgIHBvbGljeTogcHJvcHMuYXBpUG9saWN5LFxuICAgIH0pO1xuXG4gICAgdGhpcy5idWlsZEluZ2VzdG9yKHtcbiAgICAgIHRhYmxlOiB0aGlzLnRhYmxlLFxuICAgICAgZW52OiBlbnYsXG4gICAgICBkYlNlY3JldDogcHJvcHMuc3RhY0RiU2VjcmV0LFxuICAgICAgZGJWcGM6IHByb3BzLnZwYyxcbiAgICAgIGRiU2VjdXJpdHlHcm91cDogcHJvcHMuc3RhY0RiU2VjdXJpdHlHcm91cCxcbiAgICAgIHN1Ym5ldFNlbGVjdGlvbjogcHJvcHMuc3VibmV0U2VsZWN0aW9uLFxuICAgIH0pO1xuXG4gICAgdGhpcy5yZWdpc3RlclNzbVBhcmFtZXRlcih7XG4gICAgICBuYW1lOiBcImR5bmFtb2RiX3RhYmxlXCIsXG4gICAgICB2YWx1ZTogdGhpcy50YWJsZS50YWJsZU5hbWUsXG4gICAgICBkZXNjcmlwdGlvbjogXCJOYW1lIG9mIHRhYmxlIHVzZWQgdG8gc3RvcmUgaW5nZXN0aW9uc1wiLFxuICAgIH0pO1xuICB9XG5cbiAgcHJpdmF0ZSBidWlsZFRhYmxlKCk6IGR5bmFtb2RiLlRhYmxlIHtcbiAgICBjb25zdCB0YWJsZSA9IG5ldyBkeW5hbW9kYi5UYWJsZSh0aGlzLCBcImluZ2VzdGlvbnMtdGFibGVcIiwge1xuICAgICAgcGFydGl0aW9uS2V5OiB7IG5hbWU6IFwiY3JlYXRlZF9ieVwiLCB0eXBlOiBkeW5hbW9kYi5BdHRyaWJ1dGVUeXBlLlNUUklORyB9LFxuICAgICAgc29ydEtleTogeyBuYW1lOiBcImlkXCIsIHR5cGU6IGR5bmFtb2RiLkF0dHJpYnV0ZVR5cGUuU1RSSU5HIH0sXG4gICAgICBiaWxsaW5nTW9kZTogZHluYW1vZGIuQmlsbGluZ01vZGUuUEFZX1BFUl9SRVFVRVNULFxuICAgICAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5ERVNUUk9ZLFxuICAgICAgc3RyZWFtOiBkeW5hbW9kYi5TdHJlYW1WaWV3VHlwZS5ORVdfSU1BR0UsXG4gICAgfSk7XG5cbiAgICB0YWJsZS5hZGRHbG9iYWxTZWNvbmRhcnlJbmRleCh7XG4gICAgICBpbmRleE5hbWU6IFwic3RhdHVzXCIsXG4gICAgICBwYXJ0aXRpb25LZXk6IHsgbmFtZTogXCJzdGF0dXNcIiwgdHlwZTogZHluYW1vZGIuQXR0cmlidXRlVHlwZS5TVFJJTkcgfSxcbiAgICAgIHNvcnRLZXk6IHsgbmFtZTogXCJjcmVhdGVkX2F0XCIsIHR5cGU6IGR5bmFtb2RiLkF0dHJpYnV0ZVR5cGUuU1RSSU5HIH0sXG4gICAgfSk7XG5cbiAgICByZXR1cm4gdGFibGU7XG4gIH1cblxuICBwcml2YXRlIGJ1aWxkQXBpTGFtYmRhKHByb3BzOiB7XG4gICAgdGFibGU6IGR5bmFtb2RiLklUYWJsZTtcbiAgICBlbnY6IFJlY29yZDxzdHJpbmcsIHN0cmluZz47XG4gICAgZGF0YUFjY2Vzc1JvbGU6IGlhbS5JUm9sZTtcbiAgICBzdGFnZTogc3RyaW5nO1xuICAgIGRiU2VjcmV0OiBzZWNyZXRzbWFuYWdlci5JU2VjcmV0O1xuICAgIGRiVnBjOiBlYzIuSVZwYztcbiAgICBkYlNlY3VyaXR5R3JvdXA6IGVjMi5JU2VjdXJpdHlHcm91cDtcbiAgICBzdWJuZXRTZWxlY3Rpb246IGVjMi5TdWJuZXRTZWxlY3Rpb25cbiAgfSk6IFB5dGhvbkZ1bmN0aW9uIHtcbiAgICBcbiAgICBjb25zdCBoYW5kbGVyID0gbmV3IFB5dGhvbkZ1bmN0aW9uKHRoaXMsIFwiYXBpLWhhbmRsZXJcIiwge1xuICAgICAgZW50cnk6IGAke19fZGlybmFtZX0vcnVudGltZWAsXG4gICAgICBpbmRleDogXCJzcmMvaGFuZGxlci5weVwiLFxuICAgICAgcnVudGltZTogbGFtYmRhLlJ1bnRpbWUuUFlUSE9OXzNfOSxcbiAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLnNlY29uZHMoMzApLFxuICAgICAgZW52aXJvbm1lbnQ6IHsgREJfU0VDUkVUX0FSTjogcHJvcHMuZGJTZWNyZXQuc2VjcmV0QXJuLCAuLi5wcm9wcy5lbnYgfSxcbiAgICAgIHZwYzogcHJvcHMuZGJWcGMsXG4gICAgICB2cGNTdWJuZXRzOiBwcm9wcy5zdWJuZXRTZWxlY3Rpb24sXG4gICAgICBhbGxvd1B1YmxpY1N1Ym5ldDogdHJ1ZSxcbiAgICAgIHJvbGU6IHRoaXMuaGFuZGxlclJvbGUsXG4gICAgICBtZW1vcnlTaXplOiAyMDQ4LFxuICAgIH0pO1xuXG4gICAgLy8gQWxsb3cgaGFuZGxlciB0byByZWFkIERCIHNlY3JldFxuICAgIHByb3BzLmRiU2VjcmV0LmdyYW50UmVhZChoYW5kbGVyKTtcblxuICAgIC8vIEFsbG93IGhhbmRsZXIgdG8gY29ubmVjdCB0byBEQlxuICAgIHByb3BzLmRiU2VjdXJpdHlHcm91cC5hZGRJbmdyZXNzUnVsZShcbiAgICAgIGhhbmRsZXIuY29ubmVjdGlvbnMuc2VjdXJpdHlHcm91cHNbMF0sXG4gICAgICBlYzIuUG9ydC50Y3AoNTQzMiksXG4gICAgICBcIkFsbG93IGNvbm5lY3Rpb25zIGZyb20gU1RBQyBJbmdlc3RvclwiXG4gICAgKTtcblxuICAgIHByb3BzLnRhYmxlLmdyYW50UmVhZFdyaXRlRGF0YShoYW5kbGVyKTtcblxuICAgIHJldHVybiBoYW5kbGVyO1xuICB9XG5cbiAgcHJpdmF0ZSBidWlsZEluZ2VzdG9yKHByb3BzOiB7XG4gICAgdGFibGU6IGR5bmFtb2RiLklUYWJsZTtcbiAgICBlbnY6IFJlY29yZDxzdHJpbmcsIHN0cmluZz47XG4gICAgZGJTZWNyZXQ6IHNlY3JldHNtYW5hZ2VyLklTZWNyZXQ7XG4gICAgZGJWcGM6IGVjMi5JVnBjO1xuICAgIGRiU2VjdXJpdHlHcm91cDogZWMyLklTZWN1cml0eUdyb3VwO1xuICAgIHN1Ym5ldFNlbGVjdGlvbjogZWMyLlN1Ym5ldFNlbGVjdGlvbjtcbiAgfSk6IFB5dGhvbkZ1bmN0aW9uIHtcbiAgICBjb25zdCBoYW5kbGVyID0gbmV3IFB5dGhvbkZ1bmN0aW9uKHRoaXMsIFwic3RhYy1pbmdlc3RvclwiLCB7XG4gICAgICBlbnRyeTogYCR7X19kaXJuYW1lfS9ydW50aW1lYCxcbiAgICAgIGluZGV4OiBcInNyYy9pbmdlc3Rvci5weVwiLFxuICAgICAgcnVudGltZTogbGFtYmRhLlJ1bnRpbWUuUFlUSE9OXzNfOSxcbiAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLnNlY29uZHMoMTgwKSxcbiAgICAgIGVudmlyb25tZW50OiB7IERCX1NFQ1JFVF9BUk46IHByb3BzLmRiU2VjcmV0LnNlY3JldEFybiwgLi4ucHJvcHMuZW52IH0sXG4gICAgICB2cGM6IHByb3BzLmRiVnBjLFxuICAgICAgdnBjU3VibmV0czogcHJvcHMuc3VibmV0U2VsZWN0aW9uLFxuICAgICAgYWxsb3dQdWJsaWNTdWJuZXQ6IHRydWUsXG4gICAgICBtZW1vcnlTaXplOiAyMDQ4LFxuICAgIH0pO1xuXG4gICAgLy8gQWxsb3cgaGFuZGxlciB0byByZWFkIERCIHNlY3JldFxuICAgIHByb3BzLmRiU2VjcmV0LmdyYW50UmVhZChoYW5kbGVyKTtcblxuICAgIC8vIEFsbG93IGhhbmRsZXIgdG8gY29ubmVjdCB0byBEQlxuICAgIHByb3BzLmRiU2VjdXJpdHlHcm91cC5hZGRJbmdyZXNzUnVsZShcbiAgICAgIGhhbmRsZXIuY29ubmVjdGlvbnMuc2VjdXJpdHlHcm91cHNbMF0sXG4gICAgICBlYzIuUG9ydC50Y3AoNTQzMiksXG4gICAgICBcIkFsbG93IGNvbm5lY3Rpb25zIGZyb20gU1RBQyBJbmdlc3RvclwiXG4gICAgKTtcblxuICAgIC8vIEFsbG93IGhhbmRsZXIgdG8gd3JpdGUgcmVzdWx0cyBiYWNrIHRvIERCxpJcbiAgICBwcm9wcy50YWJsZS5ncmFudFdyaXRlRGF0YShoYW5kbGVyKTtcblxuICAgIC8vIFRyaWdnZXIgaGFuZGxlciBmcm9tIHdyaXRlcyB0byBEeW5hbW9EQiB0YWJsZVxuICAgIGhhbmRsZXIuYWRkRXZlbnRTb3VyY2UoXG4gICAgICBuZXcgZXZlbnRzLkR5bmFtb0V2ZW50U291cmNlKHByb3BzLnRhYmxlLCB7XG4gICAgICAgIC8vIFJlYWQgd2hlbiBiYXRjaGVzIHJlYWNoIHNpemUuLi5cbiAgICAgICAgYmF0Y2hTaXplOiAxMDAwLFxuICAgICAgICAvLyAuLi4gb3Igd2hlbiB3aW5kb3cgaXMgcmVhY2hlZC5cbiAgICAgICAgbWF4QmF0Y2hpbmdXaW5kb3c6IER1cmF0aW9uLnNlY29uZHMoMTApLFxuICAgICAgICAvLyBSZWFkIG9sZGVzdCBkYXRhIGZpcnN0LlxuICAgICAgICBzdGFydGluZ1Bvc2l0aW9uOiBsYW1iZGEuU3RhcnRpbmdQb3NpdGlvbi5UUklNX0hPUklaT04sXG4gICAgICAgIHJldHJ5QXR0ZW1wdHM6IDEsXG4gICAgICB9KVxuICAgICk7XG5cbiAgICByZXR1cm4gaGFuZGxlcjtcbiAgfVxuXG4gIHByaXZhdGUgYnVpbGRBcGlFbmRwb2ludChwcm9wczoge1xuICAgIGhhbmRsZXI6IGxhbWJkYS5JRnVuY3Rpb247XG4gICAgc3RhZ2U6IHN0cmluZztcbiAgICBwb2xpY3k/OiBpYW0uUG9saWN5RG9jdW1lbnQ7XG4gICAgZW5kcG9pbnRDb25maWd1cmF0aW9uPzogYXBpZ2F0ZXdheS5FbmRwb2ludENvbmZpZ3VyYXRpb247XG4gIH0pOiBhcGlnYXRld2F5LkxhbWJkYVJlc3RBcGkge1xuICAgIHJldHVybiBuZXcgYXBpZ2F0ZXdheS5MYW1iZGFSZXN0QXBpKFxuICAgICAgdGhpcyxcbiAgICAgIGAke1N0YWNrLm9mKHRoaXMpLnN0YWNrTmFtZX0taW5nZXN0b3ItYXBpYCxcbiAgICAgIHtcbiAgICAgICAgaGFuZGxlcjogcHJvcHMuaGFuZGxlcixcbiAgICAgICAgcHJveHk6IHRydWUsXG5cbiAgICAgICAgY2xvdWRXYXRjaFJvbGU6IHRydWUsXG4gICAgICAgIGRlcGxveU9wdGlvbnM6IHsgc3RhZ2VOYW1lOiBwcm9wcy5zdGFnZSB9LFxuICAgICAgICBlbmRwb2ludEV4cG9ydE5hbWU6IGAke1N0YWNrLm9mKHRoaXMpfS1pbmdlc3Rvci1hcGlgLFxuXG4gICAgICAgIGVuZHBvaW50Q29uZmlndXJhdGlvbjogcHJvcHMuZW5kcG9pbnRDb25maWd1cmF0aW9uLFxuICAgICAgICBwb2xpY3k6IHByb3BzLnBvbGljeSxcbiAgICAgIH1cbiAgICApO1xuICB9XG5cbiAgcHJpdmF0ZSByZWdpc3RlclNzbVBhcmFtZXRlcihwcm9wczoge1xuICAgIG5hbWU6IHN0cmluZztcbiAgICB2YWx1ZTogc3RyaW5nO1xuICAgIGRlc2NyaXB0aW9uOiBzdHJpbmc7XG4gIH0pOiBzc20uSVN0cmluZ1BhcmFtZXRlciB7XG4gICAgY29uc3QgcGFyYW1ldGVyTmFtZXNwYWNlID0gU3RhY2sub2YodGhpcykuc3RhY2tOYW1lO1xuICAgIHJldHVybiBuZXcgc3NtLlN0cmluZ1BhcmFtZXRlcihcbiAgICAgIHRoaXMsXG4gICAgICBgJHtwcm9wcy5uYW1lLnJlcGxhY2UoXCJfXCIsIFwiLVwiKX0tcGFyYW1ldGVyYCxcbiAgICAgIHtcbiAgICAgICAgZGVzY3JpcHRpb246IHByb3BzLmRlc2NyaXB0aW9uLFxuICAgICAgICBwYXJhbWV0ZXJOYW1lOiBgLyR7cGFyYW1ldGVyTmFtZXNwYWNlfS8ke3Byb3BzLm5hbWV9YCxcbiAgICAgICAgc3RyaW5nVmFsdWU6IHByb3BzLnZhbHVlLFxuICAgICAgfVxuICAgICk7XG4gIH1cbn1cblxuZXhwb3J0IGludGVyZmFjZSBTdGFjSW5nZXN0b3JQcm9wcyB7XG4gIC8qKlxuICAgKiBBUk4gb2YgQVdTIFJvbGUgdXNlZCB0byB2YWxpZGF0ZSBhY2Nlc3MgdG8gUzMgZGF0YVxuICAgKi9cbiAgcmVhZG9ubHkgZGF0YUFjY2Vzc1JvbGU6IGlhbS5JUm9sZTtcblxuICAvKipcbiAgICogVVJMIG9mIFNUQUMgQVBJXG4gICAqL1xuICByZWFkb25seSBzdGFjVXJsOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFN0YWdlIG9mIGRlcGxveW1lbnQgKGUuZy4gYGRldmAsIGBwcm9kYClcbiAgICovXG4gIHJlYWRvbmx5IHN0YWdlOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFNlY3JldCBjb250YWluaW5nIHBnU1RBQyBEQiBjb25uZWN0aW9uIGluZm9ybWF0aW9uXG4gICAqL1xuICByZWFkb25seSBzdGFjRGJTZWNyZXQ6IHNlY3JldHNtYW5hZ2VyLklTZWNyZXQ7XG5cbiAgLyoqXG4gICAqIFZQQyBydW5uaW5nIHBnU1RBQyBEQlxuICAgKi9cbiAgcmVhZG9ubHkgdnBjOiBlYzIuSVZwYztcblxuICAvKipcbiAgICogU2VjdXJpdHkgR3JvdXAgdXNlZCBieSBwZ1NUQUMgREJcbiAgICovXG4gIHJlYWRvbmx5IHN0YWNEYlNlY3VyaXR5R3JvdXA6IGVjMi5JU2VjdXJpdHlHcm91cDtcblxuICAvKipcbiAgICogQm9vbGVhbiBpbmRpY2F0aW5nIHdoZXRoZXIgb3Igbm90IHBnU1RBQyBEQiBpcyBpbiBhIHB1YmxpYyBzdWJuZXRcbiAgICovXG4gIHJlYWRvbmx5IHN1Ym5ldFNlbGVjdGlvbjogZWMyLlN1Ym5ldFNlbGVjdGlvbjtcblxuICAvKipcbiAgICogRW52aXJvbm1lbnQgdmFyaWFibGVzIHRvIGJlIHNlbnQgdG8gTGFtYmRhLlxuICAgKi9cbiAgcmVhZG9ubHkgYXBpRW52PzogUmVjb3JkPHN0cmluZywgc3RyaW5nPjtcblxuICAvKipcbiAgICogQVBJIEVuZHBvaW50IENvbmZpZ3VyYXRpb24sIHVzZWZ1bCBmb3IgY3JlYXRpbmcgcHJpdmF0ZSBBUElzLlxuICAgKi9cbiAgcmVhZG9ubHkgYXBpRW5kcG9pbnRDb25maWd1cmF0aW9uPzogYXBpZ2F0ZXdheS5FbmRwb2ludENvbmZpZ3VyYXRpb247XG5cbiAgLyoqXG4gICAqIEFQSSBQb2xpY3kgRG9jdW1lbnQsIHVzZWZ1bCBmb3IgY3JlYXRpbmcgcHJpdmF0ZSBBUElzLlxuICAgKi9cbiAgcmVhZG9ubHkgYXBpUG9saWN5PzogaWFtLlBvbGljeURvY3VtZW50O1xufVxuIl19

package/lib/ingestor-api/runtime/dev_requirements.txt

@@ -0,0 +1,2 @@
+httpx
+moto[dynamodb, ssm]>=4.0.9

package/lib/ingestor-api/runtime/requirements.txt

@@ -0,0 +1,12 @@
+Authlib==1.0.1
+cachetools==5.1.0
+fastapi>=0.75.1
+mangum>=0.15.0
+orjson>=3.6.8
+psycopg[binary,pool]>=3.0.15
+pydantic_ssm_settings>=0.2.0
+pydantic>=1.9.0
+pypgstac==0.6.13
+requests>=2.27.1
+# Waiting for https://github.com/stac-utils/stac-pydantic/pull/116
+stac-pydantic @ git+https://github.com/alukach/stac-pydantic.git@patch-1

package/lib/ingestor-api/runtime/src/collection.py

@@ -0,0 +1,36 @@
+import os
+
+from pypgstac.db import PgstacDB
+from pypgstac.load import Methods
+
+from .loader import Loader
+from .schemas import StacCollection
+from .utils import get_db_credentials
+
+
+def ingest(collection: StacCollection):
+    """
+    Takes a collection model,
+    does necessary preprocessing,
+    and loads into the PgSTAC collection table
+    """
+    try:
+        creds = get_db_credentials(os.environ["DB_SECRET_ARN"])
+        with PgstacDB(dsn=creds.dsn_string, debug=True) as db:
+            loader = Loader(db=db)
+            collection = [
+                collection.to_dict()
+            ]  # pypgstac wants either a string or an Iterable of dicts.
+            loader.load_collections(file=collection, insert_mode=Methods.upsert)
+    except Exception as e:
+        print(f"Encountered failure loading collection into pgSTAC: {e}")
+
+
+def delete(collection_id: str):
+    """
+    Deletes the collection from the database
+    """
+    creds = get_db_credentials(os.environ["DB_SECRET_ARN"])
+    with PgstacDB(dsn=creds.dsn_string, debug=True) as db:
+        loader = Loader(db=db)
+        loader.delete_collection(collection_id)

package/lib/ingestor-api/runtime/src/config.py

@@ -0,0 +1,46 @@
+import os
+from getpass import getuser
+from typing import Optional
+
+from pydantic import AnyHttpUrl, BaseSettings, Field, constr
+from pydantic_ssm_settings import AwsSsmSourceConfig
+
+AwsArn = constr(regex=r"^arn:aws:iam::\d{12}:role/.+")
+
+
+class Settings(BaseSettings):
+    dynamodb_table: str
+
+    root_path: Optional[str] = Field(description="Path from where to serve this URL.")
+
+    jwks_url: Optional[AnyHttpUrl] = Field(
+        description="URL of JWKS, e.g. https://cognito-idp.{region}.amazonaws.com/{userpool_id}/.well-known/jwks.json"  # noqa
+    )
+
+    stac_url: AnyHttpUrl = Field(description="URL of STAC API")
+
+    data_access_role: AwsArn = Field(
+        description="ARN of AWS Role used to validate access to S3 data"
+    )
+
+    requester_pays: Optional[bool] = Field(
+        description="Path from where to serve this URL.", default=False
+    )
+
+    class Config(AwsSsmSourceConfig):
+        env_file = ".env"
+
+    @classmethod
+    def from_ssm(cls, stack: str):
+        return cls(_secrets_dir=f"/{stack}")
+
+
+settings = (
+    Settings()
+    if os.environ.get("NO_PYDANTIC_SSM_SETTINGS")
+    else Settings.from_ssm(
+        stack=os.environ.get(
+            "STACK", f"veda-stac-ingestion-system-{os.environ.get('STAGE', getuser())}"
+        ),
+    )
+)

package/lib/ingestor-api/runtime/src/dependencies.py

@@ -0,0 +1,94 @@
+import logging
+from typing import Optional
+
+import boto3
+import requests
+from authlib.jose import JsonWebKey, JsonWebToken, JWTClaims, KeySet, errors
+from cachetools import TTLCache, cached
+from fastapi import Depends, HTTPException, Request, security
+
+from . import config, services
+
+logger = logging.getLogger(__name__)
+
+token_scheme = security.HTTPBearer()
+
+
+def get_settings(request: Request) -> config.Settings:
+    return request.app.extra["settings"]
+
+
+def get_jwks_url(settings: config.Settings = Depends(get_settings)) -> str:
+    return settings.jwks_url
+
+
+@cached(TTLCache(maxsize=1, ttl=3600))
+def get_jwks(jwks_url: str = Depends(get_jwks_url)) -> KeySet:
+    with requests.get(jwks_url) as response:
+        response.raise_for_status()
+        return JsonWebKey.import_key_set(response.json())
+
+
+def decode_token(
+    token: security.HTTPAuthorizationCredentials = Depends(token_scheme),
+    jwks: KeySet = Depends(get_jwks),
+) -> JWTClaims:
+    """
+    Validate & decode JWT
+    """
+    try:
+        claims = JsonWebToken(["RS256"]).decode(
+            s=token.credentials,
+            key=jwks,
+            claims_options={
+                # # Example of validating audience to match expected value
+                # "aud": {"essential": True, "values": [APP_CLIENT_ID]}
+            },
+        )
+
+        if "client_id" in claims:
+            # Insert Cognito's `client_id` into `aud` claim if `aud` claim is unset
+            claims.setdefault("aud", claims["client_id"])
+
+        claims.validate()
+        return claims
+    except errors.JoseError:  #
+        logger.exception("Unable to decode token")
+        raise HTTPException(status_code=403, detail="Bad auth token")
+
+
+def get_username_from_token(
+    claims: Optional[security.HTTPBasicCredentials] = Depends(decode_token),
+):
+    return claims["sub"]
+
+
+def get_username_from_request(provided_by: str):
+    return provided_by
+
+
+get_username = (
+    get_username_from_token if config.settings.jwks_url else get_username_from_request
+)
+
+
+def get_table(settings: config.Settings = Depends(get_settings)):
+    client = boto3.resource("dynamodb")
+    return client.Table(settings.dynamodb_table)
+
+
+def get_db(table=Depends(get_table)) -> services.Database:
+    return services.Database(table=table)
+
+
+def fetch_ingestion(
+    ingestion_id: str,
+    db: services.Database = Depends(get_db),
+    username: str = Depends(get_username),
+):
+    try:
+        return db.fetch_one(username=username, ingestion_id=ingestion_id)
+    except services.NotInDb:
+        raise HTTPException(
+            status_code=404, detail="No ingestion found with provided ID"
+        )

package/lib/ingestor-api/runtime/src/handler.py

@@ -0,0 +1,9 @@
+"""
+Entrypoint for Lambda execution.
+"""
+
+from mangum import Mangum
+
+from .main import app
+
+handler = Mangum(app, lifespan="off")

package/lib/ingestor-api/runtime/src/ingestor.py

@@ -0,0 +1,82 @@
+import os
+from datetime import datetime
+from typing import TYPE_CHECKING, Iterator, List, Optional, Sequence
+
+from boto3.dynamodb.types import TypeDeserializer
+
+from .config import settings
+from .dependencies import get_table
+from .schemas import Ingestion, Status
+from .utils import get_db_credentials, load_items
+
+if TYPE_CHECKING:
+    from aws_lambda_typing import context as context_
+    from aws_lambda_typing import events
+    from aws_lambda_typing.events.dynamodb_stream import DynamodbRecord
+
+
+def get_queued_ingestions(records: List["DynamodbRecord"]) -> Iterator[Ingestion]:
+    deserializer = TypeDeserializer()
+    for record in records:
+        # Parse Record
+        parsed = {
+            k: deserializer.deserialize(v)
+            for k, v in record["dynamodb"]["NewImage"].items()
+        }
+        ingestion = Ingestion.parse_obj(parsed)
+        if ingestion.status == Status.queued:
+            yield ingestion
+
+
+def update_dynamodb(
+    ingestions: Sequence[Ingestion],
+    status: Status,
+    message: Optional[str] = None,
+):
+    """
+    Bulk update DynamoDB with ingestion results.
+    """
+    # Update records in DynamoDB
+    print(f"Updating ingested items status in DynamoDB, marking as {status}...")
+    table = get_table(settings)
+    with table.batch_writer(overwrite_by_pkeys=["created_by", "id"]) as batch:
+        for ingestion in ingestions:
+            batch.put_item(
+                Item=ingestion.copy(
+                    update={
+                        "status": status,
+                        "message": message,
+                        "updated_at": datetime.now(),
+                    }
+                ).dynamodb_dict()
+            )
+
+
+def handler(event: "events.DynamoDBStreamEvent", context: "context_.Context"):
+    # Parse input
+    ingestions = list(get_queued_ingestions(event["Records"]))
+    if not ingestions:
+        print("No queued ingestions to process")
+        return
+
+    # Insert into PgSTAC DB
+    outcome = Status.succeeded
+    message = None
+    try:
+        load_items(
+            creds=get_db_credentials(os.environ["DB_SECRET_ARN"]),
+            ingestions=ingestions,
+        )
+    except Exception as e:
+        print(f"Encountered failure loading items into pgSTAC: {e}")
+        outcome = Status.failed
+        message = str(e)
+
+    # Update DynamoDB with outcome
+    update_dynamodb(
+        ingestions=ingestions,
+        status=outcome,
+        message=message,
+    )
+
+    print("Completed batch...")

package/lib/ingestor-api/runtime/src/loader.py

@@ -0,0 +1,21 @@
+"""Utilities to bulk load data into pgstac from json/ndjson."""
+import logging
+
+from pypgstac.load import Loader as BaseLoader
+
+logger = logging.getLogger(__name__)
+
+
+class Loader(BaseLoader):
+    """Utilities for loading data and updating collection summaries/extents."""
+
+    def __init__(self, db) -> None:
+        super().__init__(db)
+        self.check_version()
+        self.conn = self.db.connect()
+
+    def delete_collection(self, collection_id: str) -> None:
+        with self.conn.cursor() as cur:
+            with self.conn.transaction():
+                logger.info(f"Deleting collection: {collection_id}.")
+                cur.execute("SELECT pgstac.delete_collection(%s);", [collection_id])

package/lib/ingestor-api/runtime/src/main.py

@@ -0,0 +1,125 @@
+from fastapi import Depends, FastAPI, HTTPException
+
+from . import collection as collection_loader
+from . import config, dependencies, schemas, services
+
+app = FastAPI(
+    root_path=config.settings.root_path,
+    settings=config.settings,
+)
+
+
+@app.get(
+    "/ingestions", response_model=schemas.ListIngestionResponse, tags=["Ingestion"]
+)
+async def list_ingestions(
+    list_request: schemas.ListIngestionRequest = Depends(),
+    db: services.Database = Depends(dependencies.get_db),
+):
+    return db.fetch_many(
+        status=list_request.status, next=list_request.next, limit=list_request.limit
+    )
+
+
+@app.post(
+    "/ingestions",
+    response_model=schemas.Ingestion,
+    tags=["Ingestion"],
+    status_code=201,
+)
+async def create_ingestion(
+    item: schemas.AccessibleItem,
+    username: str = Depends(dependencies.get_username),
+    db: services.Database = Depends(dependencies.get_db),
+) -> schemas.Ingestion:
+    return schemas.Ingestion(
+        id=item.id,
+        created_by=username,
+        item=item,
+        status=schemas.Status.queued,
+    ).enqueue(db)
+
+
+@app.get(
+    "/ingestions/{ingestion_id}",
+    response_model=schemas.Ingestion,
+    tags=["Ingestion"],
+)
+def get_ingestion(
+    ingestion: schemas.Ingestion = Depends(dependencies.fetch_ingestion),
+) -> schemas.Ingestion:
+    return ingestion
+
+
+@app.patch(
+    "/ingestions/{ingestion_id}",
+    response_model=schemas.Ingestion,
+    tags=["Ingestion"],
+)
+def update_ingestion(
+    update: schemas.UpdateIngestionRequest,
+    ingestion: schemas.Ingestion = Depends(dependencies.fetch_ingestion),
+    db: services.Database = Depends(dependencies.get_db),
+):
+    updated_item = ingestion.copy(update=update.dict(exclude_unset=True))
+    return updated_item.save(db)
+
+
+@app.delete(
+    "/ingestions/{ingestion_id}",
+    response_model=schemas.Ingestion,
+    tags=["Ingestion"],
+)
+def cancel_ingestion(
+    ingestion: schemas.Ingestion = Depends(dependencies.fetch_ingestion),
+    db: services.Database = Depends(dependencies.get_db),
+) -> schemas.Ingestion:
+    if ingestion.status != schemas.Status.queued:
+        raise HTTPException(
+            status_code=400,
+            detail=(
+                "Unable to delete ingestion if status is not "
+                f"{schemas.Status.queued}"
+            ),
+        )
+    return ingestion.cancel(db)
+
+
+@app.post(
+    "/collections",
+    tags=["Collection"],
+    status_code=201,
+    dependencies=[Depends(dependencies.get_username)],
+)
+def publish_collection(collection: schemas.StacCollection):
+    # pgstac create collection
+    try:
+        collection_loader.ingest(collection)
+        return {f"Successfully published: {collection.id}"}
+    except Exception as e:
+        raise HTTPException(
+            status_code=400,
+            detail=(f"Unable to publish collection: {e}"),
+        )
+
+
+@app.delete(
+    "/collections/{collection_id}",
+    tags=["Collection"],
+    dependencies=[Depends(dependencies.get_username)],
+)
+def delete_collection(collection_id: str):
+    try:
+        collection_loader.delete(collection_id=collection_id)
+        return {f"Successfully deleted: {collection_id}"}
+    except Exception as e:
+        print(e)
+        raise HTTPException(status_code=400, detail=(f"{e}"))
+
+
+@app.get("/auth/me")
+def who_am_i(username=Depends(dependencies.get_username)):
+    """
+    Return username for the provided request
+    """
+    return {"username": username}