Merge pull request #23 from Virtual-Finland-Development/feat/esco-api

Esco API

Author: lsipii

infra/Pulumi.dev.yaml

@@ -1,3 +1,6 @@
 name: codesets
 description: Codesets infra builder
 runtime: nodejs
+config:
+    aws:region: us-east-1 # // Lambda@Edge functions must be deployed in us-east-1
+    escoApi:awsRegion: eu-north-1

infra/Pulumi.staging.yaml

@@ -8,6 +8,7 @@ import createLambdaAtEdgeFunction from './resources/LambdaAtEdge';
 import createS3Bucket, {createS3BucketPermissions, uploadAssetsToBucket} from './resources/S3Bucket';
 import {getSetup} from './utils/Setup';
 import {createStandardLogsBucket} from "./resources/standardLogsBucket";
+import { createEscoApiLambdaFunctionUrl } from './resources/LambdaFunctionUrl';
 
 const setup = getSetup();
 const originAccessIdentity = createOriginAccessIdentity(setup);
@@ -25,11 +26,17 @@ const cloudFrontDistribution = createCloudFrontDistribution(
 uploadAssetsToBucket(s3bucketSetup.bucket);
 createCacheInvalidation(setup, cloudFrontDistribution);
 
+// Codesets
 export const url = pulumi.interpolate`https://${cloudFrontDistribution.domainName}`;
 export const bucketName = s3bucketSetup.bucket.bucket;
-export const lambdaId = pulumi.interpolate`${edgeLambdaPackage.lambdaAtEdgeFunction.name}:${edgeLambdaPackage.lambdaAtEdgeFunction.version}`
+export const lambdaId = pulumi.interpolate`${edgeLambdaPackage.lambdaAtEdgeFunction.name}:${edgeLambdaPackage.lambdaAtEdgeFunction.version}`;
 export const cloudFrontDistributionId = cloudFrontDistribution.id;
 export const standardLogsBucketDetails = {
     arn: standardLogsBucket.arn,
     id: standardLogsBucket.id
 }
+
+// Esco API
+const escoApi = createEscoApiLambdaFunctionUrl(setup, url);
+export const escoApiUrl = escoApi.lambdaFunctionUrl.functionUrl;
+export const escoApiLambdaId = escoApi.lambdaFunction.id;

infra/Pulumi.yaml

@@ -2,17 +2,18 @@
   "name": "codesets-infra",
   "main": "index.ts",
   "dependencies": {
-    "@pulumi/aws": "^5.30.0",
-    "@pulumi/command": "^0.7.1",
-    "@pulumi/pulumi": "^3.55.0",
+    "@pulumi/aws": "^5.41.0",
+    "@pulumi/command": "^0.7.2",
+    "@pulumi/pulumi": "^3.69.0",
     "mime": "^3.0.0"
   },
   "scripts": {
     "prebuild": "rimraf dist",
-    "build": "mkdir -p ./dist && cp -r ../dist/* ./dist/ && cp ../package.json ./dist/ && cp ../package-lock.json ./dist/ && npm install --prefix ./dist --omit=dev && rm ./dist/build/*.js"
+    "build": "mkdir -p ./dist && cp -r ../dist/* ./dist/ && cp ../package.json ./dist/ && cp ../package-lock.json ./dist/ && npm install --prefix ./dist --omit=dev",
+    "postbuild": "mv ./dist/node_modules ./dist/codesets/ && rm ./dist/codesets/build/*.js"
   },
   "devDependencies": {
     "@types/mime": "^3.0.1",
     "rimraf": "^4.1.2"
   }
-}
+}

infra/index.ts

@@ -40,7 +40,7 @@ export default function createLambdaAtEdgeFunction(
 
     // pass the bucket name to the lambda function dist folder
     fs.writeFileSync(
-        './dist/build/bucket-info.json',
+        './dist/codesets/build/bucket-info.json',
         JSON.stringify({
             name: s3BucketSetup.name,
         })
@@ -49,17 +49,15 @@ export default function createLambdaAtEdgeFunction(
 
     const lambdaAtEdgeFunctionConfig = setup.getResourceConfig('LambdaAtEdge');
     const lambdaAtEdgeFunction = new aws.lambda.Function(lambdaAtEdgeFunctionConfig.name, {
-        code: new pulumi.asset.FileArchive('./dist'),
-        handler: 'app.handler',
+        code: new pulumi.asset.FileArchive('./dist/codesets'),
+        handler: 'codesets.handler',
         runtime: 'nodejs18.x',
         memorySize: 256,
         timeout: 30,
         role: lambdaAtEdgeRole.arn,
         tags: lambdaAtEdgeFunctionConfig.tags,
         publish: true,
     });
-    // { provider: new aws.Provider("us-east-1", { region: "us-east-1"} ) }
-    // Lambda@Edge functions must be in us-east-1
 
     return {
         lambdaAtEdgeFunction,

infra/package-lock.json

@@ -0,0 +1,130 @@
+import * as aws from '@pulumi/aws';
+import * as pulumi from '@pulumi/pulumi';
+import { ISetup } from '../utils/Setup';
+
+export function createEscoApiLambdaFunctionUrl(setup: ISetup, codesetsUrl: pulumi.Output<string>) {
+    const escoApiLambdaFunctionExecRoleConfig = setup.getResourceConfig('EscoApiLambdaFunctionExecRole');
+    const escoApiLambdaFunctionExecRoleRole = new aws.iam.Role(escoApiLambdaFunctionExecRoleConfig.name, {
+        assumeRolePolicy: JSON.stringify({
+            Version: '2012-10-17',
+            Statement: [
+                {
+                    Action: 'sts:AssumeRole',
+                    Principal: {
+                        Service: ['lambda.amazonaws.com'],
+                    },
+                    Effect: 'Allow',
+                },
+            ],
+        }),
+        tags: escoApiLambdaFunctionExecRoleConfig.tags,
+    });
+
+    const escoApiLambdaFunctionExecRolePolicy = setup.getResourceConfig('EscoApiLambdaFunctionExecRolePolicy');
+    new aws.iam.RolePolicy(escoApiLambdaFunctionExecRolePolicy.name, {
+        role: escoApiLambdaFunctionExecRoleRole.id,
+        policy: JSON.stringify({
+            Version: '2012-10-17',
+            Statement: [
+                {
+                    Action: ['logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents'],
+                    Resource: 'arn:aws:logs:*:*:*',
+                    Effect: 'Allow',
+                },
+            ],
+        }),
+    });
+
+    const escoApiConfig = new pulumi.Config('escoApi');
+    const escoApiRegionConfig = setup.getResourceConfig('EscoApiRegion');
+    const escoApiRegion = new aws.Provider(escoApiRegionConfig.name, {
+        region: escoApiConfig.require('awsRegion') as aws.Region,
+    });
+
+    const escoApiLambdaFunctionConfig = setup.getResourceConfig('EscoApiLambdaFunction');
+    const escoApiLambdaFunction = new aws.lambda.Function(
+        escoApiLambdaFunctionConfig.name,
+        {
+            role: escoApiLambdaFunctionExecRoleRole.arn,
+            runtime: 'nodejs18.x',
+            handler: 'index.handler',
+            timeout: 30,
+            memorySize: 256,
+            code: new pulumi.asset.FileArchive('./dist/escoApi'),
+            tags: escoApiLambdaFunctionConfig.tags,
+            environment: {
+                variables: {
+                    CODESETS_API_ENDPOINT: pulumi.interpolate`${codesetsUrl}`,
+                },
+            },
+        },
+        { provider: escoApiRegion }
+    );
+
+    const escoApiLambdaFunctionUrlConfig = setup.getResourceConfig('EscoApiLambdaFunctionUrl');
+    const escoApiLambdaFunctionUrl = new aws.lambda.FunctionUrl(
+        escoApiLambdaFunctionUrlConfig.name,
+        {
+            functionName: escoApiLambdaFunction.name,
+            authorizationType: 'NONE',
+            cors: {
+                allowCredentials: false,
+                allowOrigins: ['*'],
+                allowMethods: ['POST'],
+            },
+        },
+        { provider: escoApiRegion }
+    );
+
+    // Warmup scheduler for lambda function
+    if (setup.isProductionLikeEnvironment()) {
+        setupLambdaWarmerScheduler(setup, escoApiLambdaFunction, escoApiRegion);
+    }
+
+    return {
+        lambdaFunctionExecRoleRole: escoApiLambdaFunctionExecRoleRole,
+        lambdaFunction: escoApiLambdaFunction,
+        lambdaFunctionUrl: escoApiLambdaFunctionUrl,
+    };
+}
+
+function setupLambdaWarmerScheduler(
+    setup: ISetup,
+    escoApiLambdaFunction: aws.lambda.Function,
+    escoApiRegion: aws.Provider
+) {
+    const escoApiWarmupSchedulerEventConfig = setup.getResourceConfig('EscoApiWarmupSchedulerEvent');
+    const escoApiWarmupSchedulerEvent = new aws.cloudwatch.EventRule(
+        escoApiWarmupSchedulerEventConfig.name,
+        {
+            scheduleExpression: 'rate(5 minutes)',
+            description: 'Warmup scheduler for Esco API lambda function',
+            tags: escoApiWarmupSchedulerEventConfig.tags,
+        },
+        { provider: escoApiRegion }
+    );
+
+    const escoApiWarmupSchedulerTargetConfig = setup.getResourceConfig('EscoApiWarmupSchedulerTarget');
+    new aws.cloudwatch.EventTarget(
+        escoApiWarmupSchedulerTargetConfig.name,
+        {
+            rule: escoApiWarmupSchedulerEvent.name,
+            arn: escoApiLambdaFunction.arn,
+            input: JSON.stringify({ source: 'warmup' }),
+        },
+        { provider: escoApiRegion }
+    );
+
+    // Permission for the warmup scheduler to invoke the lambda function
+    const escoApiWarmupSchedulerPermissionConfig = setup.getResourceConfig('EscoApiWarmupSchedulerPermission');
+    new aws.lambda.Permission(
+        escoApiWarmupSchedulerPermissionConfig.name,
+        {
+            action: 'lambda:InvokeFunction',
+            function: escoApiLambdaFunction.name,
+            principal: 'events.amazonaws.com',
+            sourceArn: escoApiWarmupSchedulerEvent.arn,
+        },
+        { provider: escoApiRegion }
+    );
+}

infra/package.json

@@ -13,6 +13,9 @@ const setup = {
             },
         };
     },
+    isProductionLikeEnvironment() {
+        return this.stage === 'production' || this.stage === 'staging';
+    },
 };
 
 type ISetup = typeof setup;