Infra/vpc lambda (#38)

* vpc updates * remove extraneous logging * additional null checks for location name * vpc lambda * line chart updates * downloads
openaq · Sep 12, 2024 · 04399e8 · 04399e8
1 parent 5fa0380
commit 04399e8
Show file tree

Hide file tree

Showing 23 changed files with 968 additions and 552 deletions.
diff --git a/cdk/bin/cdk.ts b/cdk/bin/cdk.ts
@@ -3,28 +3,38 @@ import 'source-map-support/register';
 import * as cdk from 'aws-cdk-lib';
 import { LambdaStack } from '../lib/lambda-stack';
 import * as dotenv from 'dotenv'
-import { AwsSolutionsChecks } from 'cdk-nag'
-import { Aspects } from 'aws-cdk-lib';
 
 declare var process : {
   env: {
+    VPC_ID: string
     HOSTED_ZONE_ID: string
     HOSTED_ZONE_NAME: string
     DOMAIN_NAME: string
     ENV_NAME: string
     CERTIFICATE_ARN: string
+    CDK_ACCOUNT: string
+    CDK_REGION: string
+    REST_API_URL: string
   }
 }
 
 dotenv.config({path: '../.env'})
 
 const app = new cdk.App();
-const stack = new LambdaStack(app, 'ExplorerLambdaStack', {
+const stack = new LambdaStack(app, `ExplorerLambdaStack-${process.env.ENV_NAME}`, {
+  vpcId: process.env.VPC_ID,
   hostedZoneId: process.env.HOSTED_ZONE_ID,
   hostedZoneName:  process.env.HOSTED_ZONE_NAME,
   domainName:  process.env.DOMAIN_NAME,
   envName:  process.env.ENV_NAME,
-  certificateArn: process.env.CERTIFICATE_ARN
+  certificateArn: process.env.CERTIFICATE_ARN,
+  lambdaEnv: {
+    REST_API_URL: process.env.REST_API_URL
+  },
+  env: {
+    account: process.env.CDK_ACCOUNT,
+    region: process.env.CDK_REGION
+  }
 });
 
 cdk.Tags.of(stack).add('project', 'openaq');

diff --git a/cdk/cdk.context.json b/cdk/cdk.context.json
@@ -0,0 +1,58 @@
+{
+  "vpc-provider:account=470049585876:filter.vpc-id=vpc-01de015177eedd05e:region=us-east-1:returnAsymmetricSubnets=true": {
+    "vpcId": "vpc-01de015177eedd05e",
+    "vpcCidrBlock": "10.0.0.0/16",
+    "ownerAccountId": "470049585876",
+    "availabilityZones": [],
+    "subnetGroups": [
+      {
+        "name": "Public",
+        "type": "Public",
+        "subnets": [
+          {
+            "subnetId": "subnet-0baeac8d7cea3fece",
+            "cidr": "10.0.0.0/19",
+            "availabilityZone": "us-east-1a",
+            "routeTableId": "rtb-000e19ce83d0905d6"
+          },
+          {
+            "subnetId": "subnet-07a17a8257f4250c5",
+            "cidr": "10.0.32.0/19",
+            "availabilityZone": "us-east-1b",
+            "routeTableId": "rtb-088a4b51a5453d51c"
+          },
+          {
+            "subnetId": "subnet-0524632c1b5d3e5ea",
+            "cidr": "10.0.64.0/19",
+            "availabilityZone": "us-east-1c",
+            "routeTableId": "rtb-097d6b80c46bd7fd8"
+          }
+        ]
+      },
+      {
+        "name": "Private",
+        "type": "Private",
+        "subnets": [
+          {
+            "subnetId": "subnet-09f93828e47072297",
+            "cidr": "10.0.96.0/19",
+            "availabilityZone": "us-east-1a",
+            "routeTableId": "rtb-03e599fde8ca3336a"
+          },
+          {
+            "subnetId": "subnet-01f1f2600e62bd260",
+            "cidr": "10.0.128.0/19",
+            "availabilityZone": "us-east-1b",
+            "routeTableId": "rtb-01c38feaf28ba3134"
+          },
+          {
+            "subnetId": "subnet-08c5b31b1d655912b",
+            "cidr": "10.0.160.0/19",
+            "availabilityZone": "us-east-1c",
+            "routeTableId": "rtb-0cf296aaf6574cb3f"
+          }
+        ]
+      }
+    ]
+  }
+}
diff --git a/cdk/lib/lambda-stack.ts b/cdk/lib/lambda-stack.ts
@@ -7,6 +7,7 @@ import {
   aws_lambda as lambda,
   aws_s3 as s3,
   aws_s3_deployment,
+  aws_ec2 as ec2, 
 } from 'aws-cdk-lib';
 import { RemovalPolicy } from 'aws-cdk-lib';
 import {
@@ -20,15 +21,23 @@ import { HttpLambdaIntegration } from 'aws-cdk-lib/aws-apigatewayv2-integrations
 import { OriginProtocolPolicy } from 'aws-cdk-lib/aws-cloudfront';
 import { Construct } from 'constructs';
 
+interface LambdaEnv { 
+  [key: string]: string; 
+}
+
 interface StackProps extends cdk.StackProps {
   hostedZoneId: string;
   hostedZoneName: string;
   domainName: string;
   envName: string;
   certificateArn: string;
+  vpcId: string;
+  lambdaEnv: LambdaEnv;
 }
 
 
+
+
 export class LambdaStack extends cdk.Stack {
   constructor(
     scope: Construct
@@ -39,11 +48,19 @@ export class LambdaStack extends cdk.Stack {
       domainName,
       envName,
       certificateArn,
+      vpcId, 
+      lambdaEnv,
       ...props
     }: StackProps
     ) {
     super(scope, id, props);
 
+
+    const vpc = ec2.Vpc.fromLookup(this, `${id}-explorer-vpc`, {
+      vpcId: vpcId
+    });
+
+
     const lambdaFunction = new lambda.Function(
       this,
       `${id}-explorer-lambda`,
@@ -53,7 +70,11 @@ export class LambdaStack extends cdk.Stack {
         handler: 'server/index.handler',
         memorySize: 512,
         runtime: lambda.Runtime.NODEJS_20_X,
+        vpc: vpc,
+        allowPublicSubnet: true,
+        vpcSubnets: {subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS},
         timeout: cdk.Duration.seconds(10),
+        environment: lambdaEnv
       }
     );