diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.eslintignore b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.eslintignore new file mode 100644 index 000000000..0819e2e65 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.eslintignore @@ -0,0 +1,5 @@ +lib/*.js +test/*.js +*.d.ts +coverage +test/lambda/index.js \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.gitignore b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.gitignore new file mode 100644 index 000000000..6773cabd2 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.gitignore @@ -0,0 +1,15 @@ +lib/*.js +test/*.js +*.js.map +*.d.ts +node_modules +*.generated.ts +dist +.jsii + +.LAST_BUILD +.nyc_output +coverage +.nycrc +.LAST_PACKAGE +*.snk \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.npmignore b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.npmignore new file mode 100644 index 000000000..f66791629 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.npmignore @@ -0,0 +1,21 @@ +# Exclude typescript source and config +*.ts +tsconfig.json +coverage +.nyc_output +*.tgz +*.snk +*.tsbuildinfo + +# Include javascript files and typescript declarations +!*.js +!*.d.ts + +# Exclude jsii outdir +dist + +# Include .jsii +!.jsii + +# Include .jsii +!.jsii \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/README.md index 8f16f331e..f5da4ef6d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/README.md @@ -3,7 +3,7 @@ --- -![Stability: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) +![Stability: Experimental](https://img.shields.io/badge/stability-Experimental-important.svg?style=for-the-badge) --- @@ -56,8 +56,8 @@ Java |lambdaFunctionProps?|[`lambda.FunctionProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-lambda.FunctionProps.html)|Optional user provided props to override the default props for the Lambda function.| |existingVpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.IVpc.html)|An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources and an Interface Endpoint will be created in the VPC for Amazon SQS. If an existing VPC is provided, the `deployVpc` property cannot be `true`. This uses `ec2.IVpc` to allow clients to supply VPCs that exist outside the stack using the [`ec2.Vpc.fromLookup()`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.Vpc.html#static-fromwbrlookupscope-id-options) method.| |vpcProps?|[`ec2.VpcProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.VpcProps.html)|Optional user provided properties to override the default properties for the new VPC. `subnetConfiguration` is set by the pattern, so any values for those properties supplied here will be overrriden. | -| cacheEndpointEnvironmentVariableName?| string | | -| cacheProps? | [`cache.CfnCacheClusterProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticache.CfnCacheClusterProps.html) | Optional user provided props to override the default props for the Elasticache Cluster. Providing both this and `existingCache` will cause an error.' | +| cacheEndpointEnvironmentVariableName?| string | Lambda function environment variable name for the cache Endpoint. Defaults to CACHE_ENDPOINT | +| cacheProps? | [`cache.CfnCacheClusterProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticache.CfnCacheClusterProps.html) | Optional user provided props to override the default props for the Elasticache Cluster. Providing both this and `existingCache` will cause an error. | | existingCache? | [`cache.CfnCacheCluster`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticache.CfnCacheCluster.html#attrconfigurationendpointport) | Existing instance of Elasticache Cluster object, providing both this and `cacheProps` will cause an error. | ## Pattern Properties @@ -83,6 +83,7 @@ Out of the box implementation of the Construct without any override will set the ### Amazon Elasticache Memcached Cluster * Creates multi node, cross-az cluster by default + * 2 cache nodes, type: cache.t3.medium * Self referencing security group attached to cluster endpoint ## Architecture diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/lib/index.ts new file mode 100644 index 000000000..88945d517 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/lib/index.ts @@ -0,0 +1,174 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +// Imports +import * as lambda from "@aws-cdk/aws-lambda"; +import * as ec2 from "@aws-cdk/aws-ec2"; +import * as cache from "@aws-cdk/aws-elasticache"; +import * as defaults from "../../core"; +import { Construct } from "@aws-cdk/core"; +import { obtainMemcachedCluster, GetCachePort } from "../../core"; + +const defaultEnvironmentVariableName = "CACHE_ENDPOINT"; + +/** + * @summary The properties for the LambdaToElasticachememcached class. + */ +export interface LambdaToElasticachememcachedProps { + /** + * Existing instance of Lambda Function object, providing both this and `lambdaFunctionProps` will cause an error. + * + * @default - None + */ + readonly existingLambdaObj?: lambda.Function; + /** + * User provided props to override the default props for the Lambda function. + * + * @default - Default properties are used. + */ + readonly lambdaFunctionProps?: lambda.FunctionProps; + /** + * An existing VPC for the construct to use (construct will NOT create a new VPC in this case) + */ + readonly existingVpc?: ec2.IVpc; + /** + * Properties to override default properties if deployVpc is true + */ + readonly vpcProps?: ec2.VpcProps; + /** + * Optional Name for the Elasticache Endpoint environment variable + * + * @default - None + */ + readonly cacheEndpointEnvironmentVariableName?: string; + + readonly cacheProps?: cache.CfnCacheClusterProps | any; + + readonly existingCache?: cache.CfnCacheCluster; +} + +/** + * @summary The LambdaToElasticachememcached class. + */ +export class LambdaToElasticachememcached extends Construct { + public readonly lambdaFunction: lambda.Function; + public readonly vpc: ec2.IVpc; + public readonly cache: cache.CfnCacheCluster; + + /** + * @summary Constructs a new instance of the LambdaToSns class. + * @param {cdk.App} scope - represents the scope for all the resources. + * @param {string} id - this is a a scope-unique id. + * @param {LambdaToElasticachememcachedProps} props - user provided props for the construct. + * @access public + */ + constructor( + scope: Construct, + id: string, + props: LambdaToElasticachememcachedProps + ) { + super(scope, id); + defaults.CheckProps(props); + + if ((props.existingCache || props.existingLambdaObj) && (!props.existingVpc)) { + throw Error('If providing an existing Cache or Lambda Function, you must also supply the associated existingVpc'); + } + + if ( + props.cacheProps && + props.cacheProps.engine && + props.cacheProps.engine !== "memcached" + ) { + throw Error("This construct can only launch memcached clusters"); + } + if (props.cacheProps && props.existingCache) { + throw Error("Cannot specify existingCache and cacheProps"); + } + + const cachePort = GetCachePort(props.cacheProps, props.existingCache); + + this.vpc = defaults.buildVpc(scope, { + defaultVpcProps: defaults.DefaultIsolatedVpcProps(), + existingVpc: props.existingVpc, + userVpcProps: props.vpcProps, + }); + + const lambdaToCacheSecurityGroup = CreateSelfReferencingSecurityGroup(this, id, this.vpc, cachePort); + + this.cache = obtainMemcachedCluster(this, id, { + cacheSecurityGroupId : lambdaToCacheSecurityGroup.securityGroupId, + cacheProps: props.cacheProps, + existingCache: props.existingCache, + vpc: this.vpc, + cachePort, + }); + + const lambdaFunctionProps: lambda.FunctionProps = defaults.consolidateProps( + {}, + props.lambdaFunctionProps, + { securityGroups: [lambdaToCacheSecurityGroup] }, + true + ); + + // Setup the Lambda function + this.lambdaFunction = defaults.buildLambdaFunction(this, { + existingLambdaObj: props.existingLambdaObj, + lambdaFunctionProps, + vpc: this.vpc, + }); + + AddLambdaEnvironmentVariable( + this.lambdaFunction, + `${this.cache.attrConfigurationEndpointAddress}:${this.cache.attrConfigurationEndpointPort}`, + defaultEnvironmentVariableName, + props.cacheEndpointEnvironmentVariableName + ); + } +} + +function AddLambdaEnvironmentVariable(targetFunction: lambda.Function, value: string, defaultName: string, clientName?: string) { + const variableName = clientName || defaultName; + targetFunction.addEnvironment(variableName, value); +} + +function CreateSelfReferencingSecurityGroup(scope: Construct, id: string, vpc: ec2.IVpc, cachePort: any) { + const newCacheSG = new ec2.SecurityGroup(scope, `${id}-cachesg`, { + vpc, + allowAllOutbound: true, + }); + const selfReferenceRule = new ec2.CfnSecurityGroupIngress( + scope, + `${id}-ingress`, + { + groupId: newCacheSG.securityGroupId, + sourceSecurityGroupId: newCacheSG.securityGroupId, + ipProtocol: "TCP", + fromPort: cachePort, + toPort: cachePort, + } + ); + selfReferenceRule.node.addDependency(newCacheSG); + + defaults.addCfnSuppressRules(newCacheSG, [ + { + id: "W5", + reason: "Egress of 0.0.0.0/0 is default and generally considered OK", + }, + { + id: "W40", + reason: + "Egress IPProtocol of -1 is default and generally considered OK", + }, + ]); + return newCacheSG; +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/package.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/package.json new file mode 100644 index 000000000..217ae9109 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/package.json @@ -0,0 +1,97 @@ +{ + "name": "@aws-solutions-constructs/aws-lambda-elasticachememcached", + "version": "0.0.0", + "description": "CDK constructs for defining an interaction between an AWS Lambda function and an Amazon Elasticache memcached cache.", + "main": "lib/index.js", + "types": "lib/index.d.ts", + "repository": { + "type": "git", + "url": "https://github.com/awslabs/aws-solutions-constructs.git", + "directory": "source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached" + }, + "author": { + "name": "Amazon Web Services", + "url": "https://aws.amazon.com", + "organization": true + }, + "license": "Apache-2.0", + "scripts": { + "build": "tsc -b .", + "lint": "eslint -c ../eslintrc.yml --ext=.js,.ts . && tslint --project .", + "lint-fix": "eslint -c ../eslintrc.yml --ext=.js,.ts --fix .", + "test": "jest --coverage", + "clean": "tsc -b --clean", + "watch": "tsc -b -w", + "integ": "cdk-integ", + "integ-assert": "cdk-integ-assert", + "jsii": "jsii", + "jsii-pacmak": "jsii-pacmak", + "build+lint+test": "npm run jsii && npm run lint && npm test && npm run integ-assert", + "integ-no-clean": "cdk-integ --no-clean", + "snapshot-update": "npm run jsii && npm test -- -u && npm run integ-assert" + }, + "jsii": { + "outdir": "dist", + "targets": { + "java": { + "package": "software.amazon.awsconstructs.services.lambdaelasticachememcached", + "maven": { + "groupId": "software.amazon.awsconstructs", + "artifactId": "lambdas3" + } + }, + "dotnet": { + "namespace": "Amazon.SolutionsConstructs.AWS.LambdaElasticachememcached", + "packageId": "Amazon.SolutionsConstructs.AWS.LambdaElasticachememcached", + "signAssembly": true, + "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png" + }, + "python": { + "distName": "aws-solutions-constructs.aws-lambda-elasticachememcached", + "module": "aws_solutions_constructs.aws_lambda_elasticachememcached" + } + } + }, + "dependencies": { + "@aws-cdk/aws-lambda": "0.0.0", + "@aws-cdk/aws-elasticache": "0.0.0", + "@aws-cdk/aws-ec2": "0.0.0", + "@aws-cdk/core": "0.0.0", + "@aws-solutions-constructs/core": "0.0.0", + "constructs": "^3.2.0" + }, + "devDependencies": { + "@aws-cdk/assert": "0.0.0", + "@types/jest": "^27.4.0", + "@types/node": "^10.3.0" + }, + "jest": { + "moduleFileExtensions": [ + "js" + ], + "coverageReporters": [ + "text", + [ + "lcov", + { + "projectRoot": "../../../../" + } + ] + ] + }, + "peerDependencies": { + "@aws-cdk/aws-lambda": "0.0.0", + "@aws-cdk/core": "0.0.0", + "@aws-solutions-constructs/core": "0.0.0", + "constructs": "^3.2.0", + "@aws-cdk/aws-ec2": "0.0.0" + }, + "keywords": [ + "aws", + "cdk", + "awscdk", + "AWS Solutions Constructs", + "Amazon Elasticache", + "AWS Lambda" + ] +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.existingResources.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.existingResources.expected.json new file mode 100644 index 000000000..1cf5b2d5e --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.existingResources.expected.json @@ -0,0 +1,575 @@ +{ + "Description": "Integration Test with new resourcesfor aws-lambda-elasticachememcached", + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "172.168.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc" + } + ] + } + }, + "VpcisolatedSubnet1SubnetE62B1B9B": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "172.168.0.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "existingResources/Vpc/isolatedSubnet1" + } + ] + } + }, + "VpcisolatedSubnet1RouteTableE442650B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc/isolatedSubnet1" + } + ] + } + }, + "VpcisolatedSubnet1RouteTableAssociationD259E31A": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet1RouteTableE442650B" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + } + } + }, + "VpcisolatedSubnet2Subnet39217055": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "172.168.64.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "existingResources/Vpc/isolatedSubnet2" + } + ] + } + }, + "VpcisolatedSubnet2RouteTable334F9764": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc/isolatedSubnet2" + } + ] + } + }, + "VpcisolatedSubnet2RouteTableAssociation25A4716F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet2RouteTable334F9764" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet2Subnet39217055" + } + } + }, + "VpcisolatedSubnet3Subnet44F2537D": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "172.168.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "existingResources/Vpc/isolatedSubnet3" + } + ] + } + }, + "VpcisolatedSubnet3RouteTableA2F6BBC0": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc/isolatedSubnet3" + } + ] + } + }, + "VpcisolatedSubnet3RouteTableAssociationDC010BEB": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet3RouteTableA2F6BBC0" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + } + }, + "VpcFlowLogIAMRole6A475D41": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "vpc-flow-logs.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc" + } + ] + } + }, + "VpcFlowLogIAMRoleDefaultPolicy406FB995": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "VpcFlowLogLogGroup7B5C56B9", + "Arn" + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "VpcFlowLogIAMRole6A475D41", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", + "Roles": [ + { + "Ref": "VpcFlowLogIAMRole6A475D41" + } + ] + } + }, + "VpcFlowLogLogGroup7B5C56B9": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731, + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc" + } + ] + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W84", + "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)" + } + ] + } + } + }, + "VpcFlowLog8FF33A73": { + "Type": "AWS::EC2::FlowLog", + "Properties": { + "ResourceId": { + "Ref": "Vpc8378EB38" + }, + "ResourceType": "VPC", + "TrafficType": "ALL", + "DeliverLogsPermissionArn": { + "Fn::GetAtt": [ + "VpcFlowLogIAMRole6A475D41", + "Arn" + ] + }, + "LogDestinationType": "cloud-watch-logs", + "LogGroupName": { + "Ref": "VpcFlowLogLogGroup7B5C56B9" + }, + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc" + } + ] + } + }, + "testfunctionServiceRoleFB85AD63": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + } + }, + "testfunctionSecurityGroupCF8CDBF5": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Automatic security group for Lambda Function existingResourcestestfunctionD9F94533", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "testfunction5B23D3B0": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "c1b23d6af38c04acb744bda25a3dc7f4394daea942c67eaff40911a707a3c37a.zip" + }, + "Role": { + "Fn::GetAtt": [ + "testfunctionServiceRoleFB85AD63", + "Arn" + ] + }, + "Environment": { + "Variables": { + "CACHE_ENDPOINT": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testcachecluster", + "ConfigurationEndpoint.Address" + ] + }, + ":", + { + "Fn::GetAtt": [ + "testcachecluster", + "ConfigurationEndpoint.Port" + ] + } + ] + ] + } + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x", + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "testfunctionSecurityGroupCF8CDBF5", + "GroupId" + ] + }, + { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + }, + { + "Ref": "VpcisolatedSubnet2Subnet39217055" + }, + { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + ] + } + }, + "DependsOn": [ + "testfunctionServiceRoleFB85AD63" + ] + }, + "ecsubnetgrouptestcache": { + "Type": "AWS::ElastiCache::SubnetGroup", + "Properties": { + "Description": "Solutions Constructs generated Cache Subnet Group", + "SubnetIds": [ + { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + }, + { + "Ref": "VpcisolatedSubnet2Subnet39217055" + }, + { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + ], + "CacheSubnetGroupName": "test-cache-subnet-group" + } + }, + "testcachecachesg7265880E": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "existingResources/test-cache-cachesg", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "testcachecluster": { + "Type": "AWS::ElastiCache::CacheCluster", + "Properties": { + "CacheNodeType": "cache.t3.medium", + "Engine": "memcached", + "NumCacheNodes": 2, + "AZMode": "cross-az", + "CacheSubnetGroupName": "test-cache-subnet-group", + "ClusterName": "test-cache-cdk-cluster", + "Port": 11222, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "testcachecachesg7265880E", + "GroupId" + ] + }, + { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + } + ] + }, + "DependsOn": [ + "ecsubnetgrouptestcache" + ] + }, + "testtestcachesg9F6CF9E2": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "existingResources/test/test-cachesg", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W5", + "reason": "Egress of 0.0.0.0/0 is default and generally considered OK" + }, + { + "id": "W40", + "reason": "Egress IPProtocol of -1 is default and generally considered OK" + } + ] + } + } + }, + "testtestingress291C0179": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "TCP", + "FromPort": { + "Fn::GetAtt": [ + "testcachecluster", + "ConfigurationEndpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "testcachecluster", + "ConfigurationEndpoint.Port" + ] + } + }, + "DependsOn": [ + "testtestcachesg9F6CF9E2" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.existingResources.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.existingResources.ts new file mode 100644 index 000000000..fcd32883d --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.existingResources.ts @@ -0,0 +1,45 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +// Imports +import { App, Stack } from "@aws-cdk/core"; +import { LambdaToElasticachememcached, LambdaToElasticachememcachedProps } from "../lib"; +import * as lambda from '@aws-cdk/aws-lambda'; +import { generateIntegStackName, getTestVpc, CreateTestCache } from '@aws-solutions-constructs/core'; + +// Setup +const app = new App(); +const stack = new Stack(app, generateIntegStackName(__filename)); +stack.templateOptions.description = 'Integration Test with new resourcesfor aws-lambda-elasticachememcached'; + +const testVpc = getTestVpc(stack, false); +const testFunction = new lambda.Function(stack, 'test-function', { + runtime: lambda.Runtime.NODEJS_14_X, + handler: 'index.handler', + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + vpc: testVpc, +}); +const testCache = CreateTestCache(stack, 'test-cache', testVpc); + + +// Definitions +const props: LambdaToElasticachememcachedProps = { + existingVpc: testVpc, + existingLambdaObj: testFunction, + existingCache: testCache, +}; + +new LambdaToElasticachememcached(stack, 'test', props); + +// Synth +app.synth(); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.newResources.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.newResources.expected.json new file mode 100644 index 000000000..00c5a4ffd --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.newResources.expected.json @@ -0,0 +1,637 @@ +{ + "Description": "Integration Test with new resourcesfor aws-lambda-elasticachememcached", + "Resources": { + "testtestcachesg9F6CF9E2": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "newResources/test/test-cachesg", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W5", + "reason": "Egress of 0.0.0.0/0 is default and generally considered OK" + }, + { + "id": "W40", + "reason": "Egress IPProtocol of -1 is default and generally considered OK" + } + ] + } + } + }, + "testtestingress291C0179": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "TCP", + "FromPort": 11222, + "GroupId": { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + "ToPort": 11222 + }, + "DependsOn": [ + "testtestcachesg9F6CF9E2" + ] + }, + "testecsubnetgrouptest868C53AE": { + "Type": "AWS::ElastiCache::SubnetGroup", + "Properties": { + "Description": "Solutions Constructs generated Cache Subnet Group", + "SubnetIds": [ + { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + }, + { + "Ref": "VpcisolatedSubnet2Subnet39217055" + }, + { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + ], + "CacheSubnetGroupName": "test-subnet-group" + } + }, + "testtestcluster57FB8D14": { + "Type": "AWS::ElastiCache::CacheCluster", + "Properties": { + "CacheNodeType": "cache.t3.medium", + "Engine": "memcached", + "NumCacheNodes": 2, + "AZMode": "cross-az", + "CacheSubnetGroupName": "test-subnet-group", + "ClusterName": "test-cdk-cluster", + "Port": 11222, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + } + ] + }, + "DependsOn": [ + "testecsubnetgrouptest868C53AE" + ] + }, + "testLambdaFunctionServiceRoleA03EDA2B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRolePolicy" + } + ] + } + }, + "testLambdaFunctionServiceRoleDefaultPolicy4F560EE3": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testLambdaFunctionServiceRoleDefaultPolicy4F560EE3", + "Roles": [ + { + "Ref": "testLambdaFunctionServiceRoleA03EDA2B" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." + } + ] + } + } + }, + "testReplaceDefaultSecurityGroupsecuritygroupAC4F969B": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "newResources/test/ReplaceDefaultSecurityGroup-security-group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W5", + "reason": "Egress of 0.0.0.0/0 is default and generally considered OK" + }, + { + "id": "W40", + "reason": "Egress IPProtocol of -1 is default and generally considered OK" + } + ] + } + } + }, + "testLambdaFunction1BF7CD84": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "c1b23d6af38c04acb744bda25a3dc7f4394daea942c67eaff40911a707a3c37a.zip" + }, + "Role": { + "Fn::GetAtt": [ + "testLambdaFunctionServiceRoleA03EDA2B", + "Arn" + ] + }, + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", + "CACHE_ENDPOINT": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testtestcluster57FB8D14", + "ConfigurationEndpoint.Address" + ] + }, + ":", + { + "Fn::GetAtt": [ + "testtestcluster57FB8D14", + "ConfigurationEndpoint.Port" + ] + } + ] + ] + } + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x", + "TracingConfig": { + "Mode": "Active" + }, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + { + "Fn::GetAtt": [ + "testReplaceDefaultSecurityGroupsecuritygroupAC4F969B", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + }, + { + "Ref": "VpcisolatedSubnet2Subnet39217055" + }, + { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + ] + } + }, + "DependsOn": [ + "testLambdaFunctionServiceRoleDefaultPolicy4F560EE3", + "testLambdaFunctionServiceRoleA03EDA2B" + ], + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W58", + "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions." + }, + { + "id": "W89", + "reason": "This is not a rule for the general case, just for specific use cases/industries" + }, + { + "id": "W92", + "reason": "Impossible for us to define the correct concurrency for clients" + } + ] + } + } + }, + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc" + } + ] + } + }, + "VpcisolatedSubnet1SubnetE62B1B9B": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "newResources/Vpc/isolatedSubnet1" + } + ] + } + }, + "VpcisolatedSubnet1RouteTableE442650B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc/isolatedSubnet1" + } + ] + } + }, + "VpcisolatedSubnet1RouteTableAssociationD259E31A": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet1RouteTableE442650B" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + } + } + }, + "VpcisolatedSubnet2Subnet39217055": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "newResources/Vpc/isolatedSubnet2" + } + ] + } + }, + "VpcisolatedSubnet2RouteTable334F9764": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc/isolatedSubnet2" + } + ] + } + }, + "VpcisolatedSubnet2RouteTableAssociation25A4716F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet2RouteTable334F9764" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet2Subnet39217055" + } + } + }, + "VpcisolatedSubnet3Subnet44F2537D": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "newResources/Vpc/isolatedSubnet3" + } + ] + } + }, + "VpcisolatedSubnet3RouteTableA2F6BBC0": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc/isolatedSubnet3" + } + ] + } + }, + "VpcisolatedSubnet3RouteTableAssociationDC010BEB": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet3RouteTableA2F6BBC0" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + } + }, + "VpcFlowLogIAMRole6A475D41": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "vpc-flow-logs.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc" + } + ] + } + }, + "VpcFlowLogIAMRoleDefaultPolicy406FB995": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "VpcFlowLogLogGroup7B5C56B9", + "Arn" + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "VpcFlowLogIAMRole6A475D41", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", + "Roles": [ + { + "Ref": "VpcFlowLogIAMRole6A475D41" + } + ] + } + }, + "VpcFlowLogLogGroup7B5C56B9": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731, + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc" + } + ] + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W84", + "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)" + } + ] + } + } + }, + "VpcFlowLog8FF33A73": { + "Type": "AWS::EC2::FlowLog", + "Properties": { + "ResourceId": { + "Ref": "Vpc8378EB38" + }, + "ResourceType": "VPC", + "TrafficType": "ALL", + "DeliverLogsPermissionArn": { + "Fn::GetAtt": [ + "VpcFlowLogIAMRole6A475D41", + "Arn" + ] + }, + "LogDestinationType": "cloud-watch-logs", + "LogGroupName": { + "Ref": "VpcFlowLogLogGroup7B5C56B9" + }, + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc" + } + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.newResources.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.newResources.ts new file mode 100644 index 000000000..f452bf7d0 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.newResources.ts @@ -0,0 +1,37 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +// Imports +import { App, Stack } from "@aws-cdk/core"; +import { LambdaToElasticachememcached, LambdaToElasticachememcachedProps } from "../lib"; +import * as lambda from '@aws-cdk/aws-lambda'; +import { generateIntegStackName } from '@aws-solutions-constructs/core'; + +// Setup +const app = new App(); +const stack = new Stack(app, generateIntegStackName(__filename)); +stack.templateOptions.description = 'Integration Test with new resourcesfor aws-lambda-elasticachememcached'; + +// Definitions +const props: LambdaToElasticachememcachedProps = { + lambdaFunctionProps: { + runtime: lambda.Runtime.NODEJS_14_X, + handler: 'index.handler', + code: lambda.Code.fromAsset(`${__dirname}/lambda`) + } +}; + +new LambdaToElasticachememcached(stack, 'test', props); + +// Synth +app.synth(); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.withClientProps.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.withClientProps.expected.json new file mode 100644 index 000000000..a1c0f4bc4 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.withClientProps.expected.json @@ -0,0 +1,637 @@ +{ + "Description": "Integration Test with new resourcesfor aws-lambda-elasticachememcached", + "Resources": { + "testtestcachesg9F6CF9E2": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "withClientProps/test/test-cachesg", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W5", + "reason": "Egress of 0.0.0.0/0 is default and generally considered OK" + }, + { + "id": "W40", + "reason": "Egress IPProtocol of -1 is default and generally considered OK" + } + ] + } + } + }, + "testtestingress291C0179": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "TCP", + "FromPort": 11222, + "GroupId": { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + "ToPort": 11222 + }, + "DependsOn": [ + "testtestcachesg9F6CF9E2" + ] + }, + "testecsubnetgrouptest868C53AE": { + "Type": "AWS::ElastiCache::SubnetGroup", + "Properties": { + "Description": "Solutions Constructs generated Cache Subnet Group", + "SubnetIds": [ + { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + }, + { + "Ref": "VpcisolatedSubnet2Subnet39217055" + }, + { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + ], + "CacheSubnetGroupName": "test-subnet-group" + } + }, + "testtestcluster57FB8D14": { + "Type": "AWS::ElastiCache::CacheCluster", + "Properties": { + "CacheNodeType": "cache.t3.medium", + "Engine": "memcached", + "NumCacheNodes": 2, + "AZMode": "single-az", + "CacheSubnetGroupName": "test-subnet-group", + "ClusterName": "test-cdk-cluster", + "Port": 11222, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + } + ] + }, + "DependsOn": [ + "testecsubnetgrouptest868C53AE" + ] + }, + "testLambdaFunctionServiceRoleA03EDA2B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRolePolicy" + } + ] + } + }, + "testLambdaFunctionServiceRoleDefaultPolicy4F560EE3": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testLambdaFunctionServiceRoleDefaultPolicy4F560EE3", + "Roles": [ + { + "Ref": "testLambdaFunctionServiceRoleA03EDA2B" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." + } + ] + } + } + }, + "testReplaceDefaultSecurityGroupsecuritygroupAC4F969B": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "withClientProps/test/ReplaceDefaultSecurityGroup-security-group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W5", + "reason": "Egress of 0.0.0.0/0 is default and generally considered OK" + }, + { + "id": "W40", + "reason": "Egress IPProtocol of -1 is default and generally considered OK" + } + ] + } + } + }, + "testLambdaFunction1BF7CD84": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "c1b23d6af38c04acb744bda25a3dc7f4394daea942c67eaff40911a707a3c37a.zip" + }, + "Role": { + "Fn::GetAtt": [ + "testLambdaFunctionServiceRoleA03EDA2B", + "Arn" + ] + }, + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", + "CACHE_ENDPOINT": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testtestcluster57FB8D14", + "ConfigurationEndpoint.Address" + ] + }, + ":", + { + "Fn::GetAtt": [ + "testtestcluster57FB8D14", + "ConfigurationEndpoint.Port" + ] + } + ] + ] + } + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x", + "TracingConfig": { + "Mode": "Active" + }, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + { + "Fn::GetAtt": [ + "testReplaceDefaultSecurityGroupsecuritygroupAC4F969B", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + }, + { + "Ref": "VpcisolatedSubnet2Subnet39217055" + }, + { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + ] + } + }, + "DependsOn": [ + "testLambdaFunctionServiceRoleDefaultPolicy4F560EE3", + "testLambdaFunctionServiceRoleA03EDA2B" + ], + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W58", + "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions." + }, + { + "id": "W89", + "reason": "This is not a rule for the general case, just for specific use cases/industries" + }, + { + "id": "W92", + "reason": "Impossible for us to define the correct concurrency for clients" + } + ] + } + } + }, + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "192.68.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc" + } + ] + } + }, + "VpcisolatedSubnet1SubnetE62B1B9B": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "192.68.0.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "withClientProps/Vpc/isolatedSubnet1" + } + ] + } + }, + "VpcisolatedSubnet1RouteTableE442650B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc/isolatedSubnet1" + } + ] + } + }, + "VpcisolatedSubnet1RouteTableAssociationD259E31A": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet1RouteTableE442650B" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + } + } + }, + "VpcisolatedSubnet2Subnet39217055": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "192.68.64.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "withClientProps/Vpc/isolatedSubnet2" + } + ] + } + }, + "VpcisolatedSubnet2RouteTable334F9764": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc/isolatedSubnet2" + } + ] + } + }, + "VpcisolatedSubnet2RouteTableAssociation25A4716F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet2RouteTable334F9764" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet2Subnet39217055" + } + } + }, + "VpcisolatedSubnet3Subnet44F2537D": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "192.68.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "withClientProps/Vpc/isolatedSubnet3" + } + ] + } + }, + "VpcisolatedSubnet3RouteTableA2F6BBC0": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc/isolatedSubnet3" + } + ] + } + }, + "VpcisolatedSubnet3RouteTableAssociationDC010BEB": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet3RouteTableA2F6BBC0" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + } + }, + "VpcFlowLogIAMRole6A475D41": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "vpc-flow-logs.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc" + } + ] + } + }, + "VpcFlowLogIAMRoleDefaultPolicy406FB995": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "VpcFlowLogLogGroup7B5C56B9", + "Arn" + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "VpcFlowLogIAMRole6A475D41", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", + "Roles": [ + { + "Ref": "VpcFlowLogIAMRole6A475D41" + } + ] + } + }, + "VpcFlowLogLogGroup7B5C56B9": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731, + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc" + } + ] + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W84", + "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)" + } + ] + } + } + }, + "VpcFlowLog8FF33A73": { + "Type": "AWS::EC2::FlowLog", + "Properties": { + "ResourceId": { + "Ref": "Vpc8378EB38" + }, + "ResourceType": "VPC", + "TrafficType": "ALL", + "DeliverLogsPermissionArn": { + "Fn::GetAtt": [ + "VpcFlowLogIAMRole6A475D41", + "Arn" + ] + }, + "LogDestinationType": "cloud-watch-logs", + "LogGroupName": { + "Ref": "VpcFlowLogLogGroup7B5C56B9" + }, + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc" + } + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.withClientProps.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.withClientProps.ts new file mode 100644 index 000000000..82269d117 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.withClientProps.ts @@ -0,0 +1,43 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +// Imports +import { App, Stack } from "@aws-cdk/core"; +import { LambdaToElasticachememcached, LambdaToElasticachememcachedProps } from "../lib"; +import * as lambda from '@aws-cdk/aws-lambda'; +import { generateIntegStackName } from '@aws-solutions-constructs/core'; + +// Setup +const app = new App(); +const stack = new Stack(app, generateIntegStackName(__filename)); +stack.templateOptions.description = 'Integration Test with new resourcesfor aws-lambda-elasticachememcached'; + +// Definitions +const props: LambdaToElasticachememcachedProps = { + lambdaFunctionProps: { + runtime: lambda.Runtime.NODEJS_14_X, + handler: 'index.handler', + code: lambda.Code.fromAsset(`${__dirname}/lambda`) + }, + cacheProps: { + azMode: "single-az" + }, + vpcProps: { + cidr: '192.68.0.0/16' + } +}; + +new LambdaToElasticachememcached(stack, 'test', props); + +// Synth +app.synth(); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/lambda-elasticachememcached.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/lambda-elasticachememcached.test.ts new file mode 100755 index 000000000..88eda78f4 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/lambda-elasticachememcached.test.ts @@ -0,0 +1,398 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +// Imports +// import { expect as expectCDK, haveResource } from '@aws-cdk/assert'; +// import { LambdaToElasticachememcached, LambdaToElasticachememcachedProps } from "../lib"; +// import * as lambda from '@aws-cdk/aws-lambda'; +// import * as cdk from "@aws-cdk/core"; +import "@aws-cdk/assert/jest"; +import * as defaults from "@aws-solutions-constructs/core"; +import * as cdk from "@aws-cdk/core"; +import * as lambda from "@aws-cdk/aws-lambda"; +import { LambdaToElasticachememcached } from "../lib"; + +const testPort = 12321; +const testFunctionName = "something-unique"; +const testClusterName = "something-else"; + +test("When provided a VPC, does not create a second VPC", () => { + const stack = new cdk.Stack(); + + const existingVpc = defaults.getTestVpc(stack); + new LambdaToElasticachememcached(stack, "testStack", { + existingVpc, + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + }); + + expect(stack).toCountResources("AWS::EC2::VPC", 1); +}); + +test("When provided an existingCache, does not create a second cache", () => { + const stack = new cdk.Stack(); + + const existingVpc = defaults.getTestVpc(stack); + const existingCache = defaults.CreateTestCache(stack, "test-cache", existingVpc, testPort); + + new LambdaToElasticachememcached(stack, "testStack", { + existingVpc, + existingCache, + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + }); + + expect(stack).toCountResources("AWS::ElastiCache::CacheCluster", 1); + expect(stack).toHaveResourceLike("AWS::ElastiCache::CacheCluster", { + Port: testPort, + }); +}); + +test("When provided an existingFunction, does not create a second function", () => { + const stack = new cdk.Stack(); + + const existingVpc = defaults.getTestVpc(stack); + const existingFunction = new lambda.Function(stack, "test-function", { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + vpc: existingVpc, + functionName: testFunctionName, + }); + + new LambdaToElasticachememcached(stack, "testStack", { + existingVpc, + existingLambdaObj: existingFunction, + }); + + expect(stack).toCountResources("AWS::Lambda::Function", 1); + expect(stack).toHaveResourceLike("AWS::Lambda::Function", { + FunctionName: testFunctionName, + }); +}); + +test("Test custom environment variable name", () => { + const stack = new cdk.Stack(); + + const testEnvironmentVariableName = "CUSTOM_CLUSTER_NAME"; + + new LambdaToElasticachememcached(stack, "test-construct", { + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + cacheEndpointEnvironmentVariableName: testEnvironmentVariableName, + }); + + expect(stack).toHaveResource("AWS::Lambda::Function", { + Environment: { + Variables: { + AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1", + CUSTOM_CLUSTER_NAME: { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testconstructtestconstructclusterCF9DF48A", + "ConfigurationEndpoint.Address", + ], + }, + ":", + { + "Fn::GetAtt": [ + "testconstructtestconstructclusterCF9DF48A", + "ConfigurationEndpoint.Port", + ], + }, + ], + ], + }, + }, + }, + }); +}); + +test("Test setting custom function properties", () => { + const stack = new cdk.Stack(); + + new LambdaToElasticachememcached(stack, "test-cache", { + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + functionName: testFunctionName, + }, + }); + + expect(stack).toHaveResourceLike("AWS::Lambda::Function", { + FunctionName: testFunctionName, + }); +}); + +test("Test setting custom cache properties", () => { + const stack = new cdk.Stack(); + + new LambdaToElasticachememcached(stack, "test-cache", { + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + cacheProps: { + clusterName: testClusterName, + }, + }); + + expect(stack).toHaveResourceLike("AWS::ElastiCache::CacheCluster", { + ClusterName: testClusterName, + }); +}); +test("Test setting custom VPC properties", () => { + const stack = new cdk.Stack(); + const testCidrBlock = "192.168.0.0/16"; + + new LambdaToElasticachememcached(stack, "test-cache", { + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + vpcProps: { + cidr: testCidrBlock, + }, + }); + + expect(stack).toHaveResourceLike("AWS::EC2::VPC", { + CidrBlock: testCidrBlock, + }); +}); +test("Test all default values", () => { + const stack = new cdk.Stack(); + + new LambdaToElasticachememcached(stack, "test-cache", { + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + }); + + expect(stack).toCountResources("AWS::Lambda::Function", 1); + expect(stack).toCountResources("AWS::ElastiCache::CacheCluster", 1); + expect(stack).toCountResources("AWS::EC2::VPC", 1); + + expect(stack).toHaveResourceLike("AWS::Lambda::Function", { + Environment: { + Variables: { + AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1", + CACHE_ENDPOINT: { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testcachetestcachecluster27D08FAD", + "ConfigurationEndpoint.Address", + ], + }, + ":", + { + "Fn::GetAtt": [ + "testcachetestcachecluster27D08FAD", + "ConfigurationEndpoint.Port", + ], + }, + ], + ], + }, + }, + }, + Handler: ".handler", + Runtime: "nodejs14.x", + }); + + // All values taken from elasticache-defaults.ts + expect(stack).toHaveResourceLike("AWS::ElastiCache::CacheCluster", { + CacheNodeType: "cache.t3.medium", + Engine: "memcached", + NumCacheNodes: 2, + Port: 11222, + AZMode: "cross-az", + }); + + expect(stack).toHaveResourceLike("AWS::EC2::VPC", { + EnableDnsHostnames: true, + EnableDnsSupport: true, + }); +}); + +test('Test for the proper self referencing security group', () => { + const stack = new cdk.Stack(); + + new LambdaToElasticachememcached(stack, "test-cache", { + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + cacheProps: { + port: 22223 + } + }); + + expect(stack).toHaveResourceLike("AWS::EC2::SecurityGroupIngress", { + IpProtocol: "TCP", + FromPort: 22223, + ToPort: 22223, + GroupId: { + "Fn::GetAtt": [ + "testcachetestcachecachesg74A03DA4", + "GroupId" + ] + }, + SourceSecurityGroupId: { + "Fn::GetAtt": [ + "testcachetestcachecachesg74A03DA4", + "GroupId" + ] + }, + }); +}); +// test('', () => {}); +test("Test error from existingCache and no VPC", () => { + const stack = new cdk.Stack(); + + const existingVpc = defaults.getTestVpc(stack); + const existingCache = defaults.CreateTestCache(stack, "test-cache", existingVpc); + + const app = () => { + new LambdaToElasticachememcached(stack, "testStack", { + existingCache, + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + }); + }; + + expect(app).toThrowError( + "If providing an existing Cache or Lambda Function, you must also supply the associated existingVpc" + ); +}); + +test("Test error from existing function and no VPC", () => { + const stack = new cdk.Stack(); + + const existingVpc = defaults.getTestVpc(stack); + const existingFunction = new lambda.Function(stack, "test-function", { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + vpc: existingVpc, + }); + + const app = () => { + new LambdaToElasticachememcached(stack, "testStack", { + existingLambdaObj: existingFunction, + }); + }; + + expect(app).toThrowError( + "If providing an existing Cache or Lambda Function, you must also supply the associated existingVpc" + ); +}); + +test("Test error from existingCache and cacheProps", () => { + const stack = new cdk.Stack(); + + const existingVpc = defaults.getTestVpc(stack); + const existingCache = defaults.CreateTestCache(stack, "test-cache", existingVpc); + + const app = () => { + new LambdaToElasticachememcached(stack, "testStack", { + existingCache, + existingVpc, + cacheProps: { + numCacheNodes: 4, + }, + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + }); + }; + + expect(app).toThrowError("Cannot specify existingCache and cacheProps"); +}); + +test("Test error from trying to launch Redis", () => { + const stack = new cdk.Stack(); + + const app = () => { + new LambdaToElasticachememcached(stack, "testStack", { + cacheProps: { + numCacheNodes: 4, + engine: "redis", + }, + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + }); + }; + + expect(app).toThrowError("This construct can only launch memcached clusters"); +}); + +// ******* Helper Functions ****** + +// function CreateTestCache(scope: cdk.Construct, id: string, vpc: ec2.IVpc) { +// const cachePort = testPort; + +// // Create the subnet group from all the isolated subnets in the VPC +// const subnetGroup = defaults.CreateCacheSubnetGroup(scope, vpc, id); +// const emptySG = new ec2.SecurityGroup(scope, `${id}-cachesg`, { +// vpc, +// allowAllOutbound: true, +// }); + +// const cacheProps = { +// clusterName: `${id}-cdk-cluster`, +// cacheNodeType: "cache.t3.medium", +// engine: "memcached", +// numCacheNodes: 2, +// port: cachePort, +// azMode: "cross-az", +// vpcSecurityGroupIds: [emptySG.securityGroupId], +// cacheSubnetGroupName: subnetGroup.cacheSubnetGroupName, +// }; + +// const newCache = new cache.CfnCacheCluster( +// scope, +// `${id}-cluster`, +// cacheProps +// ); +// newCache.addDependsOn(subnetGroup); +// return newCache; +// } diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/lambda/index.js b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/lambda/index.js new file mode 100644 index 000000000..93b955782 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/lambda/index.js @@ -0,0 +1,8 @@ +exports.handler = async function (event) { + console.log(`request:${JSON.stringify(event, undefined, 2)}`); + return { + statusCode: 200, + headers: { "Content-Type": "text/plain" }, + body: `Hello, AWS Solutions Constructs! You've hit ${event.path}`, + }; +}; diff --git a/source/patterns/@aws-solutions-constructs/core/index.ts b/source/patterns/@aws-solutions-constructs/core/index.ts index 41602954a..5e1aee4e8 100644 --- a/source/patterns/@aws-solutions-constructs/core/index.ts +++ b/source/patterns/@aws-solutions-constructs/core/index.ts @@ -16,6 +16,8 @@ export * from './lib/alb-helper'; export * from './lib/apigateway-defaults'; export * from './lib/apigateway-helper'; export * from './lib/dynamodb-table-defaults'; +export * from './lib/elasticache-defaults'; +export * from './lib/elasticache-helper'; export * from './lib/fargate-defaults'; export * from './lib/fargate-helper'; export * from './lib/iot-topic-rule-defaults'; diff --git a/source/patterns/@aws-solutions-constructs/core/lib/elasticache-defaults.ts b/source/patterns/@aws-solutions-constructs/core/lib/elasticache-defaults.ts new file mode 100644 index 000000000..c5282665b --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/core/lib/elasticache-defaults.ts @@ -0,0 +1,28 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +export function GetDefaultCachePort() { + // Best practice not to use default port 11211 + return 11222; +} + +export function GetMemcachedDefaults(id: string, port: number) { + return { + clusterName: `${id}-cdk-cluster`, + cacheNodeType: "cache.t3.medium", + engine: "memcached", + numCacheNodes: 2, + port, + azMode: 'cross-az' + }; +} diff --git a/source/patterns/@aws-solutions-constructs/core/lib/elasticache-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/elasticache-helper.ts new file mode 100644 index 000000000..e228b4264 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/core/lib/elasticache-helper.ts @@ -0,0 +1,101 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +import * as ec2 from "@aws-cdk/aws-ec2"; +import * as cache from "@aws-cdk/aws-elasticache"; +import { Construct } from "@aws-cdk/core"; +import { GetDefaultCachePort, GetMemcachedDefaults } from './elasticache-defaults'; +import { consolidateProps } from './utils'; + +export interface ObtainMemcachedClusterProps { + readonly cachePort?: any, + readonly cacheSecurityGroupId: string, + readonly cacheProps?: cache.CfnCacheClusterProps | any, + readonly existingCache?: cache.CfnCacheCluster, + readonly vpc?: ec2.IVpc, +} + +export function obtainMemcachedCluster( + scope: Construct, + id: string, + props: ObtainMemcachedClusterProps +) { + + if (props.existingCache) { + props.existingCache.vpcSecurityGroupIds?.push(props.cacheSecurityGroupId); + return props.existingCache; + } else { + if (!props.cachePort) { + throw Error('props.cachePort required for new caches'); + } + + // Create the subnet group from all the isolated subnets in the VPC + const subnetGroup = CreateCacheSubnetGroup(scope, props.vpc!, id); + + const defaultProps = GetMemcachedDefaults(id, props.cachePort); + const requiredConstructProps = { + vpcSecurityGroupIds: [props.cacheSecurityGroupId], + cacheSubnetGroupName: subnetGroup.cacheSubnetGroupName, + }; + const consolidatedProps = consolidateProps( + defaultProps, + props.cacheProps, + requiredConstructProps, + true + ); + + const newCache = new cache.CfnCacheCluster( + scope, + `${id}-cluster`, + consolidatedProps + ); + newCache.addDependsOn(subnetGroup); + return newCache; + } + +} + +export function CreateCacheSubnetGroup( + construct: Construct, + vpc: ec2.IVpc, + id: string +): cache.CfnSubnetGroup { + + // Memcached has no auth, all access control is + // network based, so, at least initially, we will + // only launch it in isolated subnets. + // TODO: consider whether we should also allow private subnets? + const subnetIds: string[] = []; + vpc.isolatedSubnets.forEach((sn) => { + subnetIds.push(sn.subnetId); + }); + + return new cache.CfnSubnetGroup(construct, `ec-subnetgroup-${id}`, { + description: "Solutions Constructs generated Cache Subnet Group", + subnetIds, + cacheSubnetGroupName: `${id}-subnet-group`, + }); +} + +export function GetCachePort( + clientCacheProps?: cache.CfnCacheClusterProps | any, + existingCache?: cache.CfnCacheCluster +): any { + if (existingCache) { + return existingCache.attrConfigurationEndpointPort!; + } else if (clientCacheProps?.port) { + return clientCacheProps.port; + } else { + return GetDefaultCachePort(); + } +} diff --git a/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts index 4403a6979..272cb2545 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts @@ -53,6 +53,14 @@ export function buildLambdaFunction(scope: Construct, props: BuildLambdaFunction } } else { if (props.vpc) { + const levelOneFunction: lambda.CfnFunction = props.existingLambdaObj.node.defaultChild as lambda.CfnFunction; + if (props.lambdaFunctionProps?.securityGroups) { + let ctr = 20; + props.lambdaFunctionProps?.securityGroups.forEach(sg => { + // TODO: Discuss with someone why I can't get R/O access to VpcConfigSecurityGroupIds + levelOneFunction.addOverride(`Properties.VpcConfig.SecurityGroupIds.${ctr++}`, sg.securityGroupId); + }); + } if (!props.existingLambdaObj.isBoundToVpc) { throw Error('A Lambda function must be bound to a VPC upon creation, it cannot be added to a VPC in a subsequent construct'); } @@ -128,7 +136,7 @@ export function deployLambdaFunction(scope: Construct, finalLambdaFunctionProps = overrideProps(finalLambdaFunctionProps, { securityGroups: [ lambdaSecurityGroup ], vpc, - }); + }, true); } const lambdafunction = new lambda.Function(scope, _functionId, finalLambdaFunctionProps); diff --git a/source/patterns/@aws-solutions-constructs/core/lib/utils.ts b/source/patterns/@aws-solutions-constructs/core/lib/utils.ts index 7cfe7da7b..b84cf6b37 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/utils.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/utils.ts @@ -164,15 +164,15 @@ export function addCfnSuppressRules(resource: cdk.Resource | cdk.CfnResource, ru * 2) clientProps value * 3) defaultProps value */ -export function consolidateProps(defaultProps: object, clientProps?: object, constructProps?: object): any { +export function consolidateProps(defaultProps: object, clientProps?: object, constructProps?: object, concatArray: boolean = false): any { let result: object = defaultProps; if (clientProps) { - result = overrideProps(result, clientProps); + result = overrideProps(result, clientProps, concatArray); } if (constructProps) { - result = overrideProps(result, constructProps); + result = overrideProps(result, constructProps, concatArray); } return result; diff --git a/source/patterns/@aws-solutions-constructs/core/package.json b/source/patterns/@aws-solutions-constructs/core/package.json index c9c0e5179..55c416e5e 100644 --- a/source/patterns/@aws-solutions-constructs/core/package.json +++ b/source/patterns/@aws-solutions-constructs/core/package.json @@ -55,6 +55,7 @@ "@aws-cdk/aws-cloudfront": "0.0.0", "@aws-cdk/aws-cloudfront-origins": "0.0.0", "@aws-cdk/aws-dynamodb": "0.0.0", + "@aws-cdk/aws-elasticache": "0.0.0", "@aws-cdk/aws-elasticloadbalancingv2": "0.0.0", "@aws-cdk/aws-elasticloadbalancingv2-targets": "0.0.0", "@aws-cdk/aws-glue": "0.0.0", diff --git a/source/patterns/@aws-solutions-constructs/core/test/elasticache-defaults.test.ts b/source/patterns/@aws-solutions-constructs/core/test/elasticache-defaults.test.ts new file mode 100644 index 000000000..f6bf98132 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/core/test/elasticache-defaults.test.ts @@ -0,0 +1,31 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +import "@aws-cdk/assert/jest"; +import { GetDefaultCachePort, GetMemcachedDefaults } from "../lib/elasticache-defaults"; + +test("Test GetDefaultCachePort()", () => { + const defaultPort = GetDefaultCachePort(); + + expect(defaultPort).toEqual(11222); +}); + +test("Test GetMemcachedDefaults()", () => { + const testPort = 22222; + const testId = 'test'; + + const props = GetMemcachedDefaults(testId, testPort); + + expect(props.port).toEqual(testPort); + expect(props.clusterName).toEqual(`${testId}-cdk-cluster`); +}); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/core/test/elasticache-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/elasticache-helper.test.ts new file mode 100644 index 000000000..b1b94a8bd --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/core/test/elasticache-helper.test.ts @@ -0,0 +1,110 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +import "@aws-cdk/assert/jest"; +import { CreateTestCache, getTestVpc } from "./test-helper"; +import * as cdk from '@aws-cdk/core'; +import * as ec2 from '@aws-cdk/aws-ec2'; +import { GetCachePort, obtainMemcachedCluster } from "../lib/elasticache-helper"; +import { GetDefaultCachePort } from "../lib/elasticache-defaults"; + +test("Test returning existing Cache", () => { + const stack = new cdk.Stack(); + + const testVpc = getTestVpc(stack, false); + const existingCache = CreateTestCache(stack, 'test', testVpc); + + const securityGroup = new ec2.SecurityGroup(stack, 'test-sg', { + vpc: testVpc + }); + const obtainedCache = obtainMemcachedCluster(stack, 'test-cache', { + existingCache, + cacheSecurityGroupId: securityGroup.securityGroupId + }); + + expect(obtainedCache).toBe(existingCache); +}); + +test("Test create cache with no client props", () => { + const stack = new cdk.Stack(); + + const testVpc = getTestVpc(stack, false); + + const securityGroup = new ec2.SecurityGroup(stack, 'test-sg', { + vpc: testVpc + }); + obtainMemcachedCluster(stack, 'test-cache', { + vpc: testVpc, + cacheSecurityGroupId: securityGroup.securityGroupId, + cachePort: 11111, + }); + + expect(stack).toHaveResourceLike("AWS::ElastiCache::CacheCluster", { + Port: 11111, + AZMode: 'cross-az', + Engine: 'memcached', + }); +}); + +test("Test create cache with client props", () => { + const stack = new cdk.Stack(); + + const testVpc = getTestVpc(stack, false); + + const securityGroup = new ec2.SecurityGroup(stack, 'test-sg', { + vpc: testVpc + }); + obtainMemcachedCluster(stack, 'test-cache', { + vpc: testVpc, + cacheSecurityGroupId: securityGroup.securityGroupId, + cachePort: 12321, + cacheProps: { + azMode: 'single-az', + clusterName: 'test-name' + } + }); + + expect(stack).toHaveResourceLike("AWS::ElastiCache::CacheCluster", { + Port: 12321, + AZMode: 'single-az', + Engine: 'memcached', + ClusterName: 'test-name' + }); +}); + +test("Test GetCachePort() with existing cache", () => { + + const stack = new cdk.Stack(); + + const testVpc = getTestVpc(stack, false); + const existingCache = CreateTestCache(stack, 'test', testVpc, 32123); + + const port = GetCachePort(undefined, existingCache); + + // Since the port from the existing cache is a token, + // we can't check it directly, but we can ensure + // the default port was replaced + expect(port).not.toEqual(GetDefaultCachePort()); +}); + +test("Test GetCachePort() with clientCacheProps", () => { + const clientPort = 32123; + + const port = GetCachePort({ port: clientPort }); + expect(port).toEqual(clientPort); +}); +test("Test GetCachePort() with default port", () => { + + const port = GetCachePort(); + expect(port).toEqual(GetDefaultCachePort()); +}); diff --git a/source/patterns/@aws-solutions-constructs/core/test/test-helper.ts b/source/patterns/@aws-solutions-constructs/core/test/test-helper.ts index c4ed8f74f..4a0e23f85 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/test-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/test-helper.ts @@ -17,9 +17,13 @@ import { Construct, RemovalPolicy, Stack } from "@aws-cdk/core"; import { buildVpc } from '../lib/vpc-helper'; import { DefaultPublicPrivateVpcProps, DefaultIsolatedVpcProps } from '../lib/vpc-defaults'; import { overrideProps, addCfnSuppressRules } from "../lib/utils"; +import { CreateCacheSubnetGroup } from "../lib/elasticache-helper"; import * as path from 'path'; +import * as cache from '@aws-cdk/aws-elasticache'; +import * as ec2 from '@aws-cdk/aws-ec2'; import * as acm from '@aws-cdk/aws-certificatemanager'; import { CfnFunction } from "@aws-cdk/aws-lambda"; +import { GetDefaultCachePort } from "../lib/elasticache-defaults"; export const fakeEcrRepoArn = 'arn:aws:ecr:us-east-1:123456789012:repository/fake-repo'; @@ -106,4 +110,34 @@ export function suppressAutoDeleteHandlerWarnings(stack: Stack) { } }); -} \ No newline at end of file +} + +export function CreateTestCache(scope: Construct, id: string, vpc: ec2.IVpc, port?: number) { + const cachePort = port ?? GetDefaultCachePort(); + + // Create the subnet group from all the isolated subnets in the VPC + const subnetGroup = CreateCacheSubnetGroup(scope, vpc, id); + const emptySG = new ec2.SecurityGroup(scope, `${id}-cachesg`, { + vpc, + allowAllOutbound: true, + }); + + const cacheProps = { + clusterName: `${id}-cdk-cluster`, + cacheNodeType: "cache.t3.medium", + engine: "memcached", + numCacheNodes: 2, + port: cachePort, + azMode: "cross-az", + vpcSecurityGroupIds: [emptySG.securityGroupId], + cacheSubnetGroupName: subnetGroup.cacheSubnetGroupName, + }; + + const newCache = new cache.CfnCacheCluster( + scope, + `${id}-cluster`, + cacheProps + ); + newCache.addDependsOn(subnetGroup); + return newCache; +}