@makemydeal/cdk-lambda-stack v1.153.1

@makemydeal/cdk-lambda-stack

This package contains stacks for creating lambdas. These stacks take in as configuration the location of the build artifacts for the lambda, the name of the lambda, etc. The stacks give you the following options:

Stacks

NOTE RestApiLambdaStack, SnsLambdaStack and SqsLambdaStack all extend LambdaStack.

LambdaStack Properties

A LambdaStack will add Lambdas to your environment. It will not associate them to RestAPI, SNS or anything else. This stack is the base for the other stacks, and can even serve as the base for your own stack.

When defining a LambdaStack, you provide the following properties.
| Property | Required | Type | Description | --- | --- | --- | applicationName | Yes | string | Name of the application and used as a prefix for all lambda names | splunkForwarder | No | LambdaStackSplunkForwarderProps | If you wish to define a splunk forwarder, you can specify this object, see the definition of the object below | definition | Yes | LambdaDefinition | The definition of each lambda you wish to deploy. LambdaDefinition is well documented in the interface itself which should reflect what each property is for. | includeNewRelicExtension | No | boolean | Should the NewRelic Lambda Extension be added (default: true)

LambdaStackSplunkForwarderProps

LambdaStackPropsSplunkForwarderOptions

LambdaVersionDefinition

LambdaAliasDefinition

LambdaProvisionedConcurrency

RestApiLambdaStack Properties

RestApiLambdaStack extends LambdaStack to allow for creation of an API Gateway and adding the Lambdas as endpoints. It also allows creation of lambdas for Custom Authorizers as well. Below are the properties to pass when constructing the class. These properties are an extension of the properties defined for the LambdaStack above. This section will define the additional properties.

MockDefinitions

MockDefinitions allow you to have API Gateway return a response to an endpoint that is static. You can supply the JSON of your choice if you wish. This can be useful for any mocking you wish to do, and the template can consiste of some variables from API Gateway. Please refer to this document about that information: https://docs.aws.amazon.com/apigateway/latest/developerguide/request-response-data-mappings.html#mapping-response-parameters

HttpProxyDefinitions

HttpProxyDefinitions allow you to proxy requests right to other HTTP resources, bypassing the need for a lambda to call those endpoints. If your intention is to just pass requests through, this could be a cost saving alternative.

Application Version

One common use-case would be to return the version of the application. Since this is a pretty standard item, we've added a helper function to create this mock integration.

mockDefinitionCreateVersion will take in 3 parameters: | Parameter | Default | Description | --- | --- | appVersion | | The version of the application being deployed. | httpMethod | 'GET' | The Http Method / Verb to use for this mock | path | /echo | The route to use for this mock

RestApiLambdaStackPrivateEndpointProps

RestApiModelOptions

This extends the AWS CDK ModelOptions by requiring the modelName be entered. We use the modelName later when assigning the model to the given endpoint.

RestApiCustomAuthorizers

RestApiCustomAuthorizersToken

RestApiCustomAuthorizersRequest

LambdaCreateAliasStack

A LambdaCreateAliasStack will add a new alias to an existing lambda function. It will find an existing alias and point the new alias to that function version. This can be useful for blue/green deployment so you can move a "live" alias to a "Dark" existing alias.

When defining a LambdaCreateAliasStack, you provide the following properties.
| Property | Required | Type | Description | --- | --- | --- | applicationName | Yes | string | Name of the application and used as a prefix for all lambda names | alias | Yes | LambdaAliasDefinition | This will define the alias you wish to create | aliasToFind | Yes | LambdaCreateAliasAliasToFindProps | The alias to find and the method on how to find it | definition | Yes | LambdaDefinition | The definition of all the lambdas you wish to add a new alias to. This leverages the same interface used to create the alias to make it easier.

Managers

Managers are used to have a consolidated object that will control the CICD and Build process. This allows the same object to be passed to the CICD and APP setups. They allow for custom actions to be run during the IAC Setup, the Environment Setup, and when creating the stack. These managers will be passed to the CICD process.

Each stack above has a corresponding manager:

• LambdaStackManager
• RestApiLambdaStackManager
• SnsLambdaStackManager
• SqsLambdaStackManager
• LambdaCreateAliasStackManager

Usage

import { ParameterType, StringParameter } from '@aws-cdk/aws-ssm';
import { Construct } from '@aws-cdk/core';
import {
    RestApiCreateStackProps,
    RestApiLambdaStack,
    RestApiLambdaStackManager,
    RestApiLambdaStackManagerProps
} from '@makemydeal/cdk-lambda-stack';
import { isPrivateApi } from './utils';

export class DealerRestApiLambdaManager extends RestApiLambdaStackManager {
    public CreateStack(scope: Construct, props: RestApiCreateStackProps): RestApiLambdaStack {
        const stack = super.CreateStack(scope, props) as RestApiLambdaStack;

        const { environmentName } = props;

        // add storage of the restApi and stage to parameter store
        new StringParameter(stack, `${stack.instanceName}-parameter-restapiid`, {
            parameterName: `/dr/${environmentName}/services/dealer/lambda/restApiId`,
            stringValue: stack.ApiGateway.restApiId,
            type: ParameterType.STRING
        });

        return stack;
    }
}

NewRelic Lambda Extension Support

By Default, each lambda will be instrumented with NewRelic's Lambda Extension. This will send more detailed information to NewRelic about the lambda. If you do not wish to do this, in each lambda definition, there is a includeNewRelicExtension setting. Setting this to false will not install the layer for the particular lambda.

NewRelic Prerequisites

In order for the NewRelic extension to work, there are a few prerequisites. These are outlined below:

• A Role with Trust Relationship setup to account 754728514883. This is NewRelic's account. This Role should be setup by CBO in our account and have the following: ReadOnlyAccess AWS Managed Policy and

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "budgets:ViewBudget"
            ],
            "Resource": "*"
        }
    ]
}

In our L1 accounts, this role is called SvcNewRelicInfrastructure-Integrations

• A SecretsManager Token with NEW_RELIC_LICENSE_KEY setup. It will have a LicenseKey value setup to our key on NewRelic. NewRelic's Lambda CLI newrelic-lambda will assist in setting this up, but because of ALKS, we cannot use the CLI out of the box. This repo https://ghe.coxautoinc.com/DigitalRetailing/newrelic-lambda-cli has been setup as a fork of NewRelic's repo. It has adjustments to https://ghe.coxautoinc.com/DigitalRetailing/newrelic-lambda-cli/blob/master/newrelic_lambda_cli/templates/license-key-secret.yaml and https://ghe.coxautoinc.com/DigitalRetailing/newrelic-lambda-cli/blob/master/newrelic_lambda_cli/integrations.py that will use the role setup in the bullet above and give the right permissions for the NEW_RELIC_LICENSE_KEY secret to be created.

Here is the command once you've installed the newrelic-lambda and placed our files on top of theirs to apply to the account. This has been done for awsdrst and awsdrstnp

newrelic-lambda integrations install --nr-account-id 1840109 --linked-account-name awsdrstnp --nr-api-key <nr userapikey> --enable-license-key-secret --role-name acct-managed/cai-dr-lambda-execution-role 

• newrelic-log-ingestion will also be created by the process above.
• cai-dr-lambda-execution-role (lambda execution role) needs the following policy so it can read secrets:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "secretsmanager:GetSecretValue",
            "Resource": [
                "arn:aws:secretsmanager:us-east-1:<accountId>:secret:*"
            ]
        }
    ]
}

• SSM Parameter Store needs to be setup with /dr/global/services/newrelic/* as defined in the "Parameter Store Dependencies" section below. This has been done for awsdrst and awsdrstnp

Parameter Store Dependencies