npm - specweave - Versions diffs - 0.22.0 → 0.22.2 - Mend

specweave 0.22.0 → 0.22.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (184) hide show

package/plugins/specweave/templates/iac/aws-lambda/templates/README.md.hbs ADDED Viewed

@@ -0,0 +1,260 @@
+# {{functionName}} - AWS Lambda Serverless Infrastructure
+**Generated by SpecWeave Serverless Architecture Intelligence**
+## Overview
+This Terraform configuration deploys a complete serverless application stack on AWS:
+- **Lambda Function**: `{{functionName}}` ({{runtime}}, {{memorySize}}MB memory, {{timeout}}s timeout)
+- **API Gateway**: HTTP API with CORS support
+- **DynamoDB**: NoSQL database table `{{databaseName}}`
+- **CloudWatch Logs**: Centralized logging with {{logRetentionDays}}-day retention
+{{#if enableVpc}}- **VPC Integration**: Secure network isolation{{/if}}
+{{#if enableXray}}- **X-Ray Tracing**: Distributed tracing enabled{{/if}}
+{{#if enableSecretsManager}}- **Secrets Manager**: Secure secret storage{{/if}}
+## Architecture
+```
+┌─────────────┐
+│   Client    │
+└──────┬──────┘
+       │ HTTPS
+       v
+┌─────────────────┐
+│  API Gateway    │
+│  (HTTP API)     │
+└──────┬──────────┘
+       │
+       v
+┌────────────────────┐      ┌──────────────┐
+│  Lambda Function   │─────>│  DynamoDB    │
+│  {{functionName}}  │      │  {{databaseName}} │
+└────────────────────┘      └──────────────┘
+       │
+       v
+┌────────────────────┐
+│ CloudWatch Logs    │
+└────────────────────┘
+```
+## Prerequisites
+1. **AWS CLI** configured with credentials:
+   ```bash
+   aws configure
+   ```
+2. **Terraform** v1.5.0 or higher:
+   ```bash
+   terraform version
+   ```
+3. **Lambda deployment package** ({{functionName}}.zip):
+   - Create your Lambda function code
+   - Package as {{functionName}}.zip
+   - Place in the same directory as this README
+## Deployment Instructions
+### Step 1: Initialize Terraform
+```bash
+terraform init
+```
+This downloads the AWS provider and initializes the backend.
+### Step 2: Review Configuration
+Edit `terraform.tfvars` (or create environment-specific files like `dev.tfvars`) to customize:
+```hcl
+aws_region     = "{{region}}"
+function_name  = "{{functionName}}"
+environment    = "{{environment}}"
+runtime        = "{{runtime}}"
+memory_size    = {{memorySize}}
+timeout        = {{timeout}}
+database_name  = "{{databaseName}}"
+primary_key    = "{{primaryKey}}"
+project_name   = "{{projectName}}"
+```
+### Step 3: Plan Deployment
+```bash
+terraform plan
+```
+Review the resources that will be created:
+- 1× Lambda Function
+- 1× API Gateway HTTP API
+- 1× DynamoDB Table
+- 2× CloudWatch Log Groups
+- 1× IAM Role + Policies
+{{#if enableVpc}}- 1× Security Group (VPC){{/if}}
+### Step 4: Deploy
+```bash
+terraform apply
+```
+Type `yes` when prompted to confirm deployment.
+### Step 5: Verify Deployment
+After successful deployment, Terraform will output:
+```
+api_endpoint = "https://xxxxxxxxxx.execute-api.{{region}}.amazonaws.com/{{apiStageName}}"
+function_name = "{{functionName}}"
+table_name = "{{databaseName}}"
+```
+Test your API:
+```bash
+curl https://xxxxxxxxxx.execute-api.{{region}}.amazonaws.com/{{apiStageName}}
+```
+## Environment-Specific Deployments
+Deploy to different environments using tfvars files:
+```bash
+# Development
+terraform apply -var-file="environments/dev.tfvars"
+# Staging
+terraform apply -var-file="environments/staging.tfvars"
+# Production
+terraform apply -var-file="environments/prod.tfvars"
+```
+## Cost Optimization
+### Free Tier Limits (First 12 Months)
+- **Lambda**: 1M requests/month + 400,000 GB-seconds compute
+- **API Gateway**: 1M API calls/month (first 12 months)
+- **DynamoDB**: 25GB storage + 25 WCU + 25 RCU (always free)
+- **CloudWatch Logs**: 5GB ingestion + 5GB storage
+### Estimated Monthly Cost (After Free Tier)
+**{{environment}} Environment**:
+{{#if eq environment "dev"}}
+- **Lambda**: ~$0.20/month (10K requests, 128MB, 1s avg duration)
+- **API Gateway**: ~$0.10/month (10K requests)
+- **DynamoDB**: $0.00/month (PAY_PER_REQUEST under free tier)
+- **CloudWatch Logs**: ~$0.50/month (1GB logs)
+- **Total**: ~$0.80/month
+{{else}}{{#if eq environment "staging"}}
+- **Lambda**: ~$2.00/month (100K requests, 256MB, 1s avg duration)
+- **API Gateway**: ~$1.00/month (100K requests)
+- **DynamoDB**: ~$1.25/month (PAY_PER_REQUEST, light usage)
+- **CloudWatch Logs**: ~$1.00/month (2GB logs)
+- **Total**: ~$5.25/month
+{{else}}
+- **Lambda**: ~$20.00/month (1M requests, 512MB, 1s avg duration)
+- **API Gateway**: ~$10.00/month (1M requests)
+- **DynamoDB**: ~$12.50/month (PROVISIONED, 5 RCU/WCU)
+- **CloudWatch Logs**: ~$5.00/month (10GB logs)
+- **Total**: ~$47.50/month
+{{/if}}{{/if}}
+### Cost Optimization Tips
+1. **Right-size memory**: Test with different memory settings (128MB, 256MB, 512MB)
+2. **Optimize timeout**: Reduce timeout to actual function duration
+3. **Use PAY_PER_REQUEST**: For low-traffic apps (<100K requests/month)
+4. **Enable CloudWatch Logs retention**: Delete old logs automatically
+5. **Monitor cold starts**: Use Provisioned Concurrency if needed ($$)
+## Security Best Practices
+✅ **Implemented**:
+- IAM least privilege roles
+- HTTPS-only API Gateway
+- CloudWatch Logs encryption
+- DynamoDB encryption at rest (if enabled)
+- Secrets Manager for sensitive data (if enabled)
+⚠️ **Additional Recommendations**:
+- Enable AWS WAF for API Gateway
+- Implement rate limiting
+- Use AWS Shield for DDoS protection
+- Enable VPC for database access
+- Rotate secrets regularly
+## Monitoring and Logging
+### CloudWatch Logs
+View Lambda logs:
+```bash
+aws logs tail /aws/lambda/{{functionName}} --follow
+```
+View API Gateway logs:
+```bash
+aws logs tail /aws/apigateway/{{apiName}}-{{environment}} --follow
+```
+### CloudWatch Metrics
+Monitor in AWS Console:
+- Lambda: Invocations, Duration, Errors, Throttles
+- API Gateway: Count, Latency, 4XX/5XX errors
+- DynamoDB: Read/Write capacity, Throttled requests
+## Cleanup
+To destroy all resources:
+```bash
+terraform destroy
+```
+Type `yes` to confirm deletion.
+**Warning**: This will permanently delete:
+- Lambda function
+- API Gateway
+- DynamoDB table (and all data)
+- CloudWatch Logs
+## Troubleshooting
+### Lambda Function Not Working
+1. Check CloudWatch Logs for errors
+2. Verify IAM role permissions
+3. Test function locally with AWS SAM
+### API Gateway 403 Errors
+1. Verify Lambda permission for API Gateway
+2. Check CORS configuration
+3. Review API Gateway execution logs
+### DynamoDB Access Denied
+1. Verify Lambda IAM role has DynamoDB permissions
+2. Check table name matches environment variable
+3. Verify primary key schema
+## Support
+For issues with this Terraform configuration, contact your SpecWeave administrator or file an issue at https://github.com/anton-abyzov/specweave/issues.
+## Additional Resources
+- [AWS Lambda Documentation](https://docs.aws.amazon.com/lambda/)
+- [API Gateway HTTP API Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api.html)
+- [DynamoDB Developer Guide](https://docs.aws.amazon.com/dynamodb/)
+- [Terraform AWS Provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs)

package/plugins/specweave/templates/iac/aws-lambda/templates/environments/dev.tfvars.hbs ADDED Viewed

@@ -0,0 +1,34 @@
+# Development Environment Configuration
+# Optimized for free tier and minimal costs
+# Generated by SpecWeave Serverless Architecture Intelligence
+aws_region    = "{{region}}"
+environment   = "dev"
+function_name = "{{functionName}}-dev"
+runtime       = "{{runtime}}"
+# Free tier optimized settings
+memory_size = 128  # Smallest memory size (free tier eligible)
+timeout     = 30   # Conservative timeout
+# Database configuration
+database_name = "{{databaseName}}-dev"
+primary_key   = "{{primaryKey}}"
+{{#if sortKey}}
+sort_key      = "{{sortKey}}"
+{{/if}}
+# Logging (keep retention short in dev)
+log_retention_days = 7
+# CORS (allow localhost for development)
+cors_origins = ["http://localhost:3000", "http://localhost:8080"]
+# Project metadata
+project_name = "{{projectName}}"
+# Additional tags
+tags = {
+  CostCenter = "Development"
+  AutoDelete = "true"  # Mark for cleanup scripts
+}

package/plugins/specweave/templates/iac/aws-lambda/templates/environments/prod.tfvars.hbs ADDED Viewed

@@ -0,0 +1,37 @@
+# Production Environment Configuration
+# High availability, performance, and security
+# Generated by SpecWeave Serverless Architecture Intelligence
+aws_region    = "{{region}}"
+environment   = "prod"
+function_name = "{{functionName}}-prod"
+runtime       = "{{runtime}}"
+# Production-optimized settings
+memory_size = 512  # Higher memory for better performance
+timeout     = 300  # 5-minute timeout for complex operations
+# Database configuration
+database_name = "{{databaseName}}-prod"
+primary_key   = "{{primaryKey}}"
+{{#if sortKey}}
+sort_key      = "{{sortKey}}"
+{{/if}}
+# Logging (long retention for compliance)
+log_retention_days = 90
+# CORS (production domains only)
+cors_origins = ["https://{{projectName}}.com", "https://www.{{projectName}}.com", "https://api.{{projectName}}.com"]
+# Project metadata
+project_name = "{{projectName}}"
+# Additional tags
+tags = {
+  CostCenter        = "Production"
+  AutoDelete        = "false"
+  Backup            = "true"
+  DisasterRecovery  = "true"
+  Compliance        = "SOC2"
+}

package/plugins/specweave/templates/iac/aws-lambda/templates/environments/staging.tfvars.hbs ADDED Viewed

@@ -0,0 +1,35 @@
+# Staging Environment Configuration
+# Medium-tier resources for pre-production testing
+# Generated by SpecWeave Serverless Architecture Intelligence
+aws_region    = "{{region}}"
+environment   = "staging"
+function_name = "{{functionName}}-staging"
+runtime       = "{{runtime}}"
+# Medium-tier settings
+memory_size = 256  # Double dev memory for realistic testing
+timeout     = 60   # Higher timeout for complex operations
+# Database configuration
+database_name = "{{databaseName}}-staging"
+primary_key   = "{{primaryKey}}"
+{{#if sortKey}}
+sort_key      = "{{sortKey}}"
+{{/if}}
+# Logging (moderate retention for staging)
+log_retention_days = 30
+# CORS (allow staging domains)
+cors_origins = ["https://staging.{{projectName}}.com", "http://localhost:3000"]
+# Project metadata
+project_name = "{{projectName}}"
+# Additional tags
+tags = {
+  CostCenter = "Staging"
+  AutoDelete = "false"
+  Backup     = "true"
+}

package/plugins/specweave/templates/iac/aws-lambda/templates/outputs.tf.hbs ADDED Viewed

@@ -0,0 +1,77 @@
+# Outputs for AWS Lambda + API Gateway + DynamoDB
+# Generated by SpecWeave Serverless Architecture Intelligence
+output "api_endpoint" {
+  description = "API Gateway endpoint URL"
+  value       = aws_apigatewayv2_stage.{{snakeCase apiStageName}}.invoke_url
+}
+output "api_id" {
+  description = "API Gateway ID"
+  value       = aws_apigatewayv2_api.{{snakeCase apiName}}.id
+}
+output "function_name" {
+  description = "Lambda function name"
+  value       = aws_lambda_function.{{snakeCase functionName}}.function_name
+}
+output "function_arn" {
+  description = "Lambda function ARN"
+  value       = aws_lambda_function.{{snakeCase functionName}}.arn
+}
+output "function_invoke_arn" {
+  description = "Lambda function invoke ARN"
+  value       = aws_lambda_function.{{snakeCase functionName}}.invoke_arn
+}
+output "table_name" {
+  description = "DynamoDB table name"
+  value       = aws_dynamodb_table.{{snakeCase databaseName}}.name
+}
+output "table_arn" {
+  description = "DynamoDB table ARN"
+  value       = aws_dynamodb_table.{{snakeCase databaseName}}.arn
+}
+{{#if enableStreams}}
+output "table_stream_arn" {
+  description = "DynamoDB stream ARN"
+  value       = aws_dynamodb_table.{{snakeCase databaseName}}.stream_arn
+}
+{{/if}}
+output "lambda_role_arn" {
+  description = "Lambda execution role ARN"
+  value       = aws_iam_role.lambda_exec.arn
+}
+output "lambda_logs_group" {
+  description = "CloudWatch Logs group for Lambda"
+  value       = aws_cloudwatch_log_group.lambda_logs.name
+}
+output "api_logs_group" {
+  description = "CloudWatch Logs group for API Gateway"
+  value       = aws_cloudwatch_log_group.api_logs.name
+}
+{{#if enableVpc}}
+output "lambda_security_group_id" {
+  description = "Security group ID for Lambda function"
+  value       = aws_security_group.lambda_sg.id
+}
+{{/if}}
+output "deployment_summary" {
+  description = "Summary of deployed resources"
+  value = {
+    api_endpoint   = aws_apigatewayv2_stage.{{snakeCase apiStageName}}.invoke_url
+    function_name  = aws_lambda_function.{{snakeCase functionName}}.function_name
+    table_name     = aws_dynamodb_table.{{snakeCase databaseName}}.name
+    environment    = var.environment
+    region         = var.aws_region
+  }
+}

package/plugins/specweave/templates/iac/aws-lambda/templates/providers.tf.hbs ADDED Viewed

@@ -0,0 +1,36 @@
+# Terraform and AWS Provider Configuration
+# Generated by SpecWeave Serverless Architecture Intelligence
+terraform {
+  required_version = ">= 1.5.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+  {{#if enableRemoteState}}
+  backend "s3" {
+    bucket         = "{{terraformStateBucket}}"
+    key            = "{{functionName}}/terraform.tfstate"
+    region         = "{{region}}"
+    encrypt        = true
+    dynamodb_table = "{{terraformLockTable}}"
+  }
+  {{/if}}
+}
+provider "aws" {
+  region = var.aws_region
+  default_tags {
+    tags = {
+      Project     = var.project_name
+      Environment = var.environment
+      ManagedBy   = "Terraform"
+      CreatedBy   = "SpecWeave"
+    }
+  }
+}

package/plugins/specweave/templates/iac/aws-lambda/templates/variables.tf.hbs ADDED Viewed

@@ -0,0 +1,115 @@
+# Input Variables for AWS Lambda + API Gateway + DynamoDB
+# Generated by SpecWeave Serverless Architecture Intelligence
+variable "aws_region" {
+  description = "AWS region for all resources"
+  type        = string
+  default     = "{{region}}"
+}
+variable "function_name" {
+  description = "Lambda function name"
+  type        = string
+  default     = "{{functionName}}"
+}
+variable "runtime" {
+  description = "Lambda runtime (nodejs20.x, python3.12, etc.)"
+  type        = string
+  default     = "{{runtime}}"
+}
+variable "memory_size" {
+  description = "Lambda memory size in MB (128-10240)"
+  type        = number
+  default     = {{memorySize}}
+}
+variable "timeout" {
+  description = "Lambda timeout in seconds (1-900)"
+  type        = number
+  default     = {{timeout}}
+}
+variable "environment" {
+  description = "Environment name (dev, staging, prod)"
+  type        = string
+  default     = "{{environment}}"
+}
+variable "handler" {
+  description = "Lambda function handler"
+  type        = string
+  default     = "{{handler}}"
+}
+variable "database_name" {
+  description = "DynamoDB table name"
+  type        = string
+  default     = "{{databaseName}}"
+}
+variable "primary_key" {
+  description = "DynamoDB primary key (partition key)"
+  type        = string
+  default     = "{{primaryKey}}"
+}
+{{#if sortKey}}
+variable "sort_key" {
+  description = "DynamoDB sort key (range key)"
+  type        = string
+  default     = "{{sortKey}}"
+}
+{{/if}}
+variable "log_retention_days" {
+  description = "CloudWatch Logs retention in days"
+  type        = number
+  default     = {{logRetentionDays}}
+}
+variable "cors_origins" {
+  description = "List of allowed CORS origins for API Gateway"
+  type        = list(string)
+  default     = {{tfList corsOrigins}}
+}
+{{#if enableVpc}}
+variable "vpc_id" {
+  description = "VPC ID for Lambda function (if VPC enabled)"
+  type        = string
+}
+variable "subnet_ids" {
+  description = "Subnet IDs for Lambda function (if VPC enabled)"
+  type        = list(string)
+}
+{{/if}}
+{{#if enableSecretsManager}}
+variable "secrets_manager_arns" {
+  description = "ARNs of Secrets Manager secrets to access"
+  type        = list(string)
+  default     = []
+}
+{{/if}}
+{{#if enableKms}}
+variable "kms_key_arn" {
+  description = "KMS key ARN for encryption"
+  type        = string
+}
+{{/if}}
+variable "project_name" {
+  description = "Project name for resource tagging"
+  type        = string
+  default     = "{{projectName}}"
+}
+variable "tags" {
+  description = "Additional tags for all resources"
+  type        = map(string)
+  default     = {}
+}

package/plugins/specweave/templates/iac/azure-functions/defaults.json ADDED Viewed

@@ -0,0 +1,25 @@
+{
+  "location": "eastus",
+  "resourceGroupName": "my-functions-rg",
+  "functionName": "my-function-app",
+  "runtime": "node",
+  "runtimeVersion": "20",
+  "osType": "linux",
+  "skuName": "Y1",
+  "environment": "dev",
+  "databaseAccountName": "my-cosmosdb-account",
+  "databaseName": "my-database",
+  "containerName": "my-container",
+  "partitionKey": "/id",
+  "throughput": 400,
+  "corsOrigins": ["*"],
+  "projectName": "my-project",
+  "enableApplicationInsights": true,
+  "enableKeyVault": false,
+  "enableVnet": false,
+  "enableBackup": false,
+  "enableAutomaticFailover": false,
+  "enableMultiRegion": false,
+  "storageAccountTier": "Standard",
+  "storageAccountReplication": "LRS"
+}