Skip to content

Commit

Permalink
Merge pull request #734 from awslabs/bump/1.158.0
Browse files Browse the repository at this point in the history
chore(release): 1.158.0
  • Loading branch information
biffgaut authored Jul 26, 2022
2 parents e6954f4 + f234b4e commit ad7796f
Show file tree
Hide file tree
Showing 28 changed files with 6,478 additions and 131 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

## [1.158.0](https://github.com/awslabs/aws-solutions-constructs/compare/v2.11.0...v1.158.0) (2022-07-26)

* Upgraded all patterns to CDK v1.158.0

## [1.157.0](https://github.com/awslabs/aws-solutions-constructs/compare/v2.8.0...v1.157.0) (2022-06-13)

* Upgraded all patterns to CDK v1.157.0
Expand Down
18 changes: 18 additions & 0 deletions CHANGELOG.v2.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,24 @@

All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

## [2.11.0](https://github.com/awslabs/aws-solutions-constructs/compare/v2.10.0...v2.11.0) (2022-07-18)

* Built upon underlying CDK version V2.24.0

### Features

* **aws-lambda-elasticsearch-kibana:** added VPC support ([#718](https://github.com/awslabs/aws-solutions-constructs/issues/718)) ([33e8f17](https://github.com/awslabs/aws-solutions-constructs/commit/33e8f17a1d1df5be78882a8a59b54d689fea1e82))

## [2.10.0](https://github.com/awslabs/aws-solutions-constructs/compare/v2.9.0...v2.10.0) (2022-07-01)

* Includes all functionality of V1.157.0
* Built upon underlying CDK version V2.24.0

## [2.9.0](https://github.com/awslabs/aws-solutions-constructs/compare/v2.8.0...v2.9.0) (2022-06-13)

* Includes all functionality of V1.157.0
* Built upon underlying CDK version V2.23.0

## [2.8.0](https://github.com/awslabs/aws-solutions-constructs/compare/v2.7.0...v2.8.0) (2022-05-20)

* Includes all functionality of V1.156.1
Expand Down
2 changes: 1 addition & 1 deletion deployment/v2/align-version.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ const findVersion = process.argv[2];
const replaceVersion = process.argv[3];

// these versions need to be sourced from a config file
const awsCdkLibVersion = '2.23.0';
const awsCdkLibVersion = '2.24.0';
const constructsVersion = '10.0.0';
const MODULE_EXEMPTIONS = new Set([
'@aws-cdk/cloudformation-diff',
Expand Down
2 changes: 1 addition & 1 deletion source/lerna.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,5 @@
"./patterns/@aws-solutions-constructs/*"
],
"rejectCycles": "true",
"version": "1.157.0"
"version": "1.158.0"
}
2 changes: 1 addition & 1 deletion source/lerna.v2.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,5 @@
"./patterns/@aws-solutions-constructs/*"
],
"rejectCycles": "true",
"version": "2.8.0"
"version": "2.11.0"
}
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,13 @@
## Overview
This AWS Solutions Construct implements the AWS Lambda function and Amazon Elasticsearch Service with the least privileged permissions.

**Some cluster configurations (e.g VPC access) require the existence of the `AWSServiceRoleForAmazonElasticsearchService` Service-Linked Role in your account.**

**You will need to create the service-linked role using the AWS CLI once in any account using this construct (it may have already been run to support other stacks):**
```
aws iam create-service-linked-role --aws-service-name es.amazonaws.com
```

Here is a minimal deployable pattern definition:

Typescript
Expand Down Expand Up @@ -105,7 +112,10 @@ new LambdaToElasticSearchAndKibana(this, "sample",
|domainName|`string`|Domain name for the Cognito and the Elasticsearch Service|
|cognitoDomainName?|`string`|Optional Cognito Domain Name, if provided it will be used for Cognito Domain, and domainName will be used for the Elasticsearch Domain|
|createCloudWatchAlarms|`boolean`|Whether to create recommended CloudWatch alarms|
|domainEndpointEnvironmentVariableName?|`string`|Optional Name for the Lambda function environment variable set to the domain endpoint. Default: DOMAIN_ENDPOINT |
|domainEndpointEnvironmentVariableName?|`string`|Optional Name for the ElasticSearch domain endpoint environment variable set for the Lambda function.|
|existingVpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.IVpc.html)|An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources. If an existing VPC is provided, the `deployVpc` property cannot be `true`. This uses `ec2.IVpc` to allow clients to supply VPCs that exist outside the stack using the [`ec2.Vpc.fromLookup()`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.Vpc.html#static-fromwbrlookupscope-id-options) method.|
|vpcProps?|[`ec2.VpcProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.VpcProps.html)|Optional user provided properties to override the default properties for the new VPC. `enableDnsHostnames`, `enableDnsSupport`, `natGateways` and `subnetConfiguration` are set by the pattern, so any values for those properties supplied here will be overrriden. If `deployVpc` is not `true` then this property will be ignored.|
|deployVpc?|`boolean`|Whether to create a new VPC based on `vpcProps` into which to deploy this pattern. Setting this to true will deploy the minimal, most private VPC to run the pattern:<ul><li> One isolated subnet in each Availability Zone used by the CDK program</li><li>`enableDnsHostnames` and `enableDnsSupport` will both be set to true</li></ul>If this property is `true` then `existingVpc` cannot be specified. Defaults to `false`.|

## Pattern Properties

Expand All @@ -118,6 +128,7 @@ new LambdaToElasticSearchAndKibana(this, "sample",
|elasticsearchDomain|[`elasticsearch.CfnDomain`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-elasticsearch.CfnDomain.html)|Returns an instance of elasticsearch.CfnDomain created by the construct|
|elasticsearchDomain|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of iam.Role created by the construct for elasticsearch.CfnDomain|
|cloudwatchAlarms?|[`cloudwatch.Alarm[]`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudwatch.Alarm.html)|Returns a list of cloudwatch.Alarm created by the construct|
|vpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.IVpc.html)|Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.|

## Lambda Function

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import * as defaults from '@aws-solutions-constructs/core';
import { Construct } from '@aws-cdk/core';
import { Role } from '@aws-cdk/aws-iam';
import * as cloudwatch from '@aws-cdk/aws-cloudwatch';
import * as ec2 from '@aws-cdk/aws-ec2';

/**
* @summary The properties for the CognitoToApiGatewayToLambda Construct
Expand Down Expand Up @@ -67,6 +68,24 @@ export interface LambdaToElasticSearchAndKibanaProps {
* @default - DOMAIN_ENDPOINT
*/
readonly domainEndpointEnvironmentVariableName?: string;
/**
* An existing VPC for the construct to use (construct will NOT create a new VPC in this case)
*
* @default - None
*/
readonly existingVpc?: ec2.IVpc;
/**
* Properties to override default properties if deployVpc is true
*
* @default - DefaultIsolatedVpcProps() in vpc-defaults.ts
*/
readonly vpcProps?: ec2.VpcProps;
/**
* Whether to deploy a new VPC
*
* @default - false
*/
readonly deployVpc?: boolean;
}

export class LambdaToElasticSearchAndKibana extends Construct {
Expand All @@ -77,6 +96,7 @@ export class LambdaToElasticSearchAndKibana extends Construct {
public readonly elasticsearchRole: iam.Role;
public readonly lambdaFunction: lambda.Function;
public readonly cloudwatchAlarms?: cloudwatch.Alarm[];
public readonly vpc?: ec2.IVpc;

/**
* @summary Constructs a new instance of the CognitoToApiGatewayToLambda class.
Expand All @@ -90,37 +110,62 @@ export class LambdaToElasticSearchAndKibana extends Construct {
super(scope, id);
defaults.CheckProps(props);

if (props.vpcProps && !props.deployVpc) {
throw new Error("Error - deployVpc must be true when defining vpcProps");
}

if (props.lambdaFunctionProps?.vpc || props.lambdaFunctionProps?.vpcSubnets) {
throw new Error("Error - Define VPC using construct parameters not Lambda function props");
}

if (props.esDomainProps?.vpcOptions) {
throw new Error("Error - Define VPC using construct parameters not Elasticsearch props");
}

if (props.deployVpc || props.existingVpc) {
this.vpc = defaults.buildVpc(scope, {
defaultVpcProps: defaults.DefaultIsolatedVpcProps(),
existingVpc: props.existingVpc,
userVpcProps: props.vpcProps,
constructVpcProps: {
enableDnsHostnames: true,
enableDnsSupport: true,
},
});
}

this.lambdaFunction = defaults.buildLambdaFunction(this, {
existingLambdaObj: props.existingLambdaObj,
lambdaFunctionProps: props.lambdaFunctionProps
lambdaFunctionProps: props.lambdaFunctionProps,
vpc: this.vpc
});

// Find the lambda service Role ARN
const lambdaFunctionRoleARN = this.lambdaFunction.role?.roleArn;

this.userPool = defaults.buildUserPool(this);
this.userPoolClient = defaults.buildUserPoolClient(this, this.userPool);
this.identityPool = defaults.buildIdentityPool(this, this.userPool, this.userPoolClient);

let cognitoDomainName = props.domainName;

if (props.cognitoDomainName) {
cognitoDomainName = props.cognitoDomainName;
}
let cognitoAuthorizedRole: iam.Role;

const cognitoAuthorizedRole: Role = defaults.setupCognitoForElasticSearch(this, cognitoDomainName, {
userpool: this.userPool,
identitypool: this.identityPool,
userpoolclient: this.userPoolClient
});
[this.userPool, this.userPoolClient, this.identityPool, cognitoAuthorizedRole] =
this.setupCognito(this, props.cognitoDomainName ?? props.domainName);

[this.elasticsearchDomain, this.elasticsearchRole] = defaults.buildElasticSearch(this, props.domainName, {
const buildElasticSearchProps: any = {
userpool: this.userPool,
identitypool: this.identityPool,
cognitoAuthorizedRoleARN: cognitoAuthorizedRole.roleArn,
serviceRoleARN: lambdaFunctionRoleARN}, props.esDomainProps);
serviceRoleARN: lambdaFunctionRoleARN,
vpc: this.vpc,
domainName: props.domainName,
clientDomainProps: props.esDomainProps
};

if (this.vpc) {
const securityGroupIds = defaults.getLambdaVpcSecurityGroupIds(this.lambdaFunction);
buildElasticSearchProps.securityGroupIds = securityGroupIds;
}

[this.elasticsearchDomain, this.elasticsearchRole] = defaults.buildElasticSearch(this, buildElasticSearchProps);

// Add ES Domain to lambda envrionment variable
// Add ES Domain to lambda environment variable
const domainEndpointEnvironmentVariableName = props.domainEndpointEnvironmentVariableName || 'DOMAIN_ENDPOINT';
this.lambdaFunction.addEnvironment(domainEndpointEnvironmentVariableName, this.elasticsearchDomain.attrDomainEndpoint);

Expand All @@ -129,4 +174,18 @@ export class LambdaToElasticSearchAndKibana extends Construct {
this.cloudwatchAlarms = defaults.buildElasticSearchCWAlarms(this);
}
}
}

setupCognito(scope: Construct, domainName: string): [cognito.UserPool, cognito.UserPoolClient, cognito.CfnIdentityPool, iam.Role] {
const userPool = defaults.buildUserPool(scope);
const userPoolClient = defaults.buildUserPoolClient(scope, userPool);
const identityPool = defaults.buildIdentityPool(scope, userPool, userPoolClient);

const cognitoAuthorizedRole: Role = defaults.setupCognitoForElasticSearch(scope, domainName, {
userpool: userPool,
identitypool: identityPool,
userpoolclient: userPoolClient
});

return [userPool, userPoolClient, identityPool, cognitoAuthorizedRole];
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@
"@aws-cdk/aws-lambda": "0.0.0",
"@aws-cdk/core": "0.0.0",
"@aws-cdk/aws-cognito": "0.0.0",
"@aws-cdk/aws-ec2": "0.0.0",
"@aws-cdk/aws-elasticsearch": "0.0.0",
"@aws-cdk/aws-iam": "0.0.0",
"@aws-cdk/aws-cloudwatch": "0.0.0",
Expand Down
Loading

0 comments on commit ad7796f

Please sign in to comment.