forked from diegotorres03/serverless-e2e-main
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapi-stack.ts
156 lines (125 loc) · 6.86 KB
/
api-stack.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
import {
Stack,
StackProps,
aws_dynamodb as DynamoDB,
aws_lambda as Lambda,
aws_iam as IAM,
aws_apigateway as ApiGateway,
aws_ec2 as EC2,
CfnOutput,
Fn,
} from 'aws-cdk-lib'
import { Construct } from 'constructs'
export class RestApiStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props)
// [import value](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_core.Fn.html#static-importwbrvaluesharedvaluetoimport)
// [ ] 3.1.2: connect api to dynamodb [docs](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-dynamodb.Table.html#static-fromwbrtablewbrarnscope-id-tablearn)
const ordersTableArn = Fn.importValue('ordersTableArn')
const ordersTable = DynamoDB.Table.fromTableArn(this, 'ordersTable', ordersTableArn)
// [ ] 2.1.1: create lambdas for getOrders [docs](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-lambda.Function.html)
const getOrdersLambda = new Lambda.Function(this, 'getOrders', {
runtime: Lambda.Runtime.NODEJS_14_X,
handler: 'index.handler',
// TODO fix this
code: Lambda.Code.fromAsset('../functions/get-orders'),// [ ] check the deployment, is this needed here
environment: { ORDERS_TABLE: ordersTable.tableName }
})
new CfnOutput(this, 'getOrdersLambda', { value: getOrdersLambda.functionName })
// [ ] 2.1.2: create lambdas for createOrder [docs](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-lambda.Function.html)
const createOrderLambda = new Lambda.Function(this, 'createOrder', {
runtime: Lambda.Runtime.NODEJS_14_X,
handler: 'index.handler',
code: Lambda.Code.fromAsset('../functions/create-order'),
environment: { ORDERS_TABLE: ordersTable.tableName }
})
new CfnOutput(this, 'createOrderLambda', { value: createOrderLambda.functionName })
// [ ] 2.1.3: create lambdas for updateOrder [docs](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-lambda.Function.html)
const updateOrderLambda = new Lambda.Function(this, 'updateOrder', {
runtime: Lambda.Runtime.NODEJS_14_X,
handler: 'index.handler',
code: Lambda.Code.fromAsset('../functions/update-order'),
environment: { ORDERS_TABLE: ordersTable.tableName }
})
new CfnOutput(this, 'updateOrderLambda', { value: updateOrderLambda.functionName })
// [ ] 3.1.2: grant lambda access to dynamo table
ordersTable.grantReadWriteData(createOrderLambda)
ordersTable.grantReadWriteData(getOrdersLambda)
ordersTable.grantReadWriteData(updateOrderLambda)
// ApiGateway.AuthorizationType.CUSTOM
// [ ] 5.1.1 create authenticate lambda function
const authenticateLambda = new Lambda.Function(this, 'authenticate', {
runtime: Lambda.Runtime.NODEJS_14_X,
code: Lambda.Code.fromAsset('../functions/authenticate'),
handler: 'index.handler',
})
new CfnOutput(this, 'authenticateLambda', { value: authenticateLambda.functionName })
// [ ] 5.2.1 create the custom authorizer
const authorizerLambda = new Lambda.Function(this, 'authorize', {
runtime: Lambda.Runtime.NODEJS_14_X,
code: Lambda.Code.fromAsset('../functions/authorize'),
handler: 'index.handler',
})
new CfnOutput(this, 'authorizerLambda', { value: authorizerLambda.functionName })
// [ ] 2.2.1: create api [docs](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-apigateway.RestApi.html)
const api = new ApiGateway.RestApi(this, 'ordersApi', {
description: 'handle api calls from webapp',
deployOptions: { stageName: 'dev' },
defaultCorsPreflightOptions: {
allowHeaders: [
'Content-Type',
'X-Amz-Date',
'Authorization',
'X-Api-Key',
'Access-Control-Allow-Headers',
"Access-Control-Allow-Origin",
"Access-Control-Allow-Methods",
],
allowOrigins: ApiGateway.Cors.ALL_ORIGINS,
allowMethods: ApiGateway.Cors.ALL_METHODS,
allowCredentials: true,
},
})
// export api value so it can be called by other stacks
new CfnOutput(this, 'apiUrl', { value: api.url })
// [ ] 5.1.2 create an endpoint for authentication
const authEndpoint = api.root
.addResource('authenticate')
.addMethod('POST', new ApiGateway.LambdaIntegration(authenticateLambda, { proxy: true }))
// [ ] 5.2.2 add authorizer to private endpoints
const authorizer = new ApiGateway.TokenAuthorizer(this, 'ordersAuthorizer', {
handler: authorizerLambda
})
// [ ] 5.2.2
// [ ] 2.2.2: create /orders resource [POST, GET] [docs](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-apigateway.IResource.html#addwbrmethodhttpmethod-target-options)
const ordersEndpoint = api.root.addResource('orders')
ordersEndpoint.addMethod('GET', new ApiGateway
.LambdaIntegration(getOrdersLambda, { proxy: true }), { authorizer })
ordersEndpoint.addMethod('POST', new ApiGateway
.LambdaIntegration(createOrderLambda, { proxy: true }), { authorizer })
// ordersEndpoint.addCorsPreflight(corsPreflight)
// [ ] 2.2.3: create /orders/{customer}/{id} [docs](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-apigateway.IResource.html#addwbrresourcepathpart-options)
const singleOrderEndpoint = ordersEndpoint.addResource('{customer}').addResource('{id}')
singleOrderEndpoint
.addMethod('PATCH', new ApiGateway
.LambdaIntegration(updateOrderLambda, { proxy: true }), { authorizer })
// this way to handle apis created by ClaudiaJS
// const lambdaRole = IAM.Role.fromRoleName(this, 'lambdaRole', apiConfig.lambda.role)
// ordersTable.grantReadWriteData(lambdaRole)
// const boundary1 = new IAM.ManagedPolicy(this, 'permissions-boundary-ECS', {
// statements: [
// new IAM.PolicyStatement({
// effect: IAM.Effect.DENY,
// actions: ['ECS:*'],
// resources: ['*'],
// }),
// ],
// })
// if (getOrdersLambda.role)
// IAM.PermissionsBoundary.of(getOrdersLambda.role).apply(boundary1)
// if (createOrderLambda.role)
// IAM.PermissionsBoundary.of(createOrderLambda.role).apply(boundary1)
// if (updateOrderLambda.role)
// IAM.PermissionsBoundary.of(updateOrderLambda.role).apply(boundary1)
}
}