Add CDK stack

Author: davidsteiner

cdk.json

@@ -0,0 +1,17 @@
+{
+  "app": "python3 infrastructure/app.py",
+  "context": {
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
+    "@aws-cdk/core:stackRelativeExports": true,
+    "@aws-cdk/aws-lambda:recognizeVersionProps": true,
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ]
+  }
+}

infrastructure/app.py

@@ -0,0 +1,9 @@
+#!/usr/bin/env python3
+import aws_cdk as cdk
+
+from stack.stack import ServerlessRustStack
+
+app = cdk.App()
+ServerlessRustStack(app, "ServerlessRustStack")
+
+app.synth()

infrastructure/stack/__init__.py

@@ -0,0 +1,66 @@
+from aws_cdk.aws_apigatewayv2 import (
+    CorsHttpMethod,
+    CorsPreflightOptions,
+    HttpApi,
+    HttpMethod,
+)
+from aws_cdk.aws_apigatewayv2_authorizers import HttpJwtAuthorizer
+from aws_cdk.aws_apigatewayv2_integrations import HttpLambdaIntegration
+from aws_cdk.aws_cognito import UserPool, UserPoolClient
+from aws_cdk.aws_lambda import IFunction
+from constructs import Construct
+
+ALLOWED_HEADERS = ["Authorization", "Content-Type"]
+ALLOWED_METHODS = [
+    CorsHttpMethod.GET,
+    CorsHttpMethod.OPTIONS,
+    CorsHttpMethod.POST,
+]
+
+
+class ServerlessApi(Construct):
+    def __init__(
+        self,
+        scope: Construct,
+        construct_id: str,
+        *,
+        handler: IFunction,
+        user_pool: UserPool,
+        user_pool_client: UserPoolClient,
+    ) -> None:
+        super().__init__(scope, construct_id)
+
+        self._api = self.build_http_api()
+        authorizer = self.build_authorizer(user_pool, user_pool_client)
+        self.setup_lambda_integration(self._api, handler, authorizer)
+
+    @property
+    def endpoint_url(self) -> str:
+        return self._api.api_endpoint
+
+    def build_http_api(self) -> HttpApi:
+        cors_options = CorsPreflightOptions(
+            allow_headers=ALLOWED_HEADERS, allow_methods=ALLOWED_METHODS
+        )
+        return HttpApi(self, "ServerlessRustApi", cors_preflight=cors_options)
+
+    @staticmethod
+    def build_authorizer(
+        user_pool: UserPool, user_pool_client: UserPoolClient
+    ) -> HttpJwtAuthorizer:
+        issuer = f"https://cognito-idp.{user_pool.env.region}.amazonaws.com/{user_pool.user_pool_id}"
+        return HttpJwtAuthorizer(
+            "JwtAuthorizer", issuer, jwt_audience=[user_pool_client.user_pool_client_id]
+        )
+
+    @staticmethod
+    def setup_lambda_integration(
+        api: HttpApi, handler: IFunction, authorizer: HttpJwtAuthorizer
+    ) -> None:
+        integration = HttpLambdaIntegration("LambdaIntegration", handler)
+        api.add_routes(
+            path="/{proxy+}",
+            methods=[HttpMethod.GET, HttpMethod.POST],
+            authorizer=authorizer,
+            integration=integration,
+        )

infrastructure/stack/api.py

@@ -0,0 +1,85 @@
+import pathlib
+
+from aws_cdk import CfnOutput, Stack
+from aws_cdk.aws_lambda import Architecture, Code, Function, Runtime
+from aws_cdk.aws_cognito import (
+    UserPool,
+    StandardAttributes,
+    StandardAttribute,
+    AuthFlow,
+    UserPoolClient,
+)
+from aws_cdk.aws_dynamodb import Table, Attribute, AttributeType
+from constructs import Construct
+
+from stack.api import ServerlessApi
+
+
+class ServerlessRustStack(Stack):
+    def __init__(self, scope: Construct, construct_id: str) -> None:
+        super().__init__(scope, construct_id)
+
+        database_table = self.create_database_table()
+        handler = self.create_function(
+            "serverless", table_name=database_table.table_name
+        )
+        database_table.grant_read_write_data(handler)
+
+        user_pool, user_pool_client = self.create_user_pool()
+        api = ServerlessApi(
+            self,
+            "ServerlessApi",
+            handler=handler,
+            user_pool=user_pool,
+            user_pool_client=user_pool_client,
+        )
+
+        CfnOutput(
+            self,
+            "ApiEndpointUrl",
+            value=api.endpoint_url,
+            description="The URL of the API endpoint.",
+        )
+
+    def create_database_table(self) -> Table:
+        partition_key = Attribute(name="pk", type=AttributeType.STRING)
+        return Table(
+            self,
+            "DatabaseTable",
+            table_name="currencies",
+            partition_key=partition_key,
+        )
+
+    def create_function(self, bin_name: str, *, table_name: str) -> Function:
+        code_path = pathlib.Path.cwd() / "target" / "lambda" / bin_name
+        code = Code.from_asset(code_path.as_posix())
+
+        return Function(
+            self,
+            "ApiHandler",
+            code=code,
+            architecture=Architecture.ARM_64,
+            runtime=Runtime.PROVIDED_AL2023,
+            memory_size=256,
+            handler="does-not-matter",
+            environment={
+                "TABLE_NAME": table_name,
+            },
+        )
+
+    def create_user_pool(self) -> tuple[UserPool, UserPoolClient]:
+        standard_attributes = StandardAttributes(
+            given_name=StandardAttribute(required=True, mutable=True),
+            family_name=StandardAttribute(required=True, mutable=True),
+        )
+        user_pool = UserPool(
+            self,
+            "UserPool",
+            user_pool_name="rust-demo",
+            self_sign_up_enabled=False,
+            standard_attributes=standard_attributes,
+        )
+        auth_flows = AuthFlow(admin_user_password=True, user_srp=True)
+        user_pool_client = user_pool.add_client("app-client", auth_flows=auth_flows)
+
+        return user_pool, user_pool_client