diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.eslintignore b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.eslintignore new file mode 100644 index 000000000..0819e2e65 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.eslintignore @@ -0,0 +1,5 @@ +lib/*.js +test/*.js +*.d.ts +coverage +test/lambda/index.js \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.gitignore b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.gitignore new file mode 100644 index 000000000..6773cabd2 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.gitignore @@ -0,0 +1,15 @@ +lib/*.js +test/*.js +*.js.map +*.d.ts +node_modules +*.generated.ts +dist +.jsii + +.LAST_BUILD +.nyc_output +coverage +.nycrc +.LAST_PACKAGE +*.snk \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.npmignore b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.npmignore new file mode 100644 index 000000000..f66791629 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/.npmignore @@ -0,0 +1,21 @@ +# Exclude typescript source and config +*.ts +tsconfig.json +coverage +.nyc_output +*.tgz +*.snk +*.tsbuildinfo + +# Include javascript files and typescript declarations +!*.js +!*.d.ts + +# Exclude jsii outdir +dist + +# Include .jsii +!.jsii + +# Include .jsii +!.jsii \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/README.md b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/README.md new file mode 100644 index 000000000..889dd024d --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/README.md @@ -0,0 +1,120 @@ +# aws-lambda-elasticachememcached module + + +--- + +![Stability: Experimental](https://img.shields.io/badge/stability-Experimental-important.svg?style=for-the-badge) + +--- + + +| **Reference Documentation**:| https://docs.aws.amazon.com/solutions/latest/constructs/| +|:-------------|:-------------| +
+ +| **Language** | **Package** | +|:-------------|-----------------| +|![Python Logo](https://docs.aws.amazon.com/cdk/api/latest/img/python32.png) Python|`aws_solutions_constructs.aws_lambda_elasticachememcached`| +|![Typescript Logo](https://docs.aws.amazon.com/cdk/api/latest/img/typescript32.png) Typescript|`@aws-solutions-constructs/aws-lambda-elasticachememcached`| +|![Java Logo](https://docs.aws.amazon.com/cdk/api/latest/img/java32.png) Java|`software.amazon.awsconstructs.services.lambdaelasticachememcached`| + +This AWS Solutions Construct implements an AWS Lambda function connected to an Amazon Elasticache Memcached cluster. + +Here is a minimal deployable pattern definition : + +Typescript +``` typescript +import { Construct } from 'constructs'; +import { Stack, StackProps } from 'aws-cdk-lib'; +import { LambdaToElasticachememcached } from '@aws-solutions-constructs/aws-lambda-elasticachememcached'; +import * as lambda from 'aws-cdk-lib/aws-lambda'; + +new LambdaToElasticachememcached(this, 'LambdaToElasticachememcachedPattern', { + lambdaFunctionProps: { + runtime: lambda.Runtime.NODEJS_14_X, + handler: 'index.handler', + code: lambda.Code.fromAsset(`lambda`) + } +}); +``` + +Python +```python +from aws_solutions_constructs.aws_lambda_elasticachememcached import LambdaToElasticachememcached +from aws_cdk import ( + aws_lambda as _lambda, + Stack +) +from constructs import Construct + +LambdaToElasticachememcached(self, 'LambdaToCachePattern', + lambda_function_props=_lambda.FunctionProps( + code=_lambda.Code.from_asset('lambda'), + runtime=_lambda.Runtime.PYTHON_3_9, + handler='index.handler' + ) + ) +``` + +Java +``` java +import software.constructs.Construct; + +import software.amazon.awscdk.Stack; +import software.amazon.awscdk.StackProps; +import software.amazon.awscdk.services.lambda.*; +import software.amazon.awscdk.services.lambda.Runtime; +import software.amazon.awsconstructs.services.lambdaelasticachememcached.*; + +new LambdaToElasticachememcached(this, "LambdaToCachePattern", new LambdaToElasticachememcachedProps.Builder() + .lambdaFunctionProps(new FunctionProps.Builder() + .runtime(Runtime.NODEJS_14_X) + .code(Code.fromAsset("lambda")) + .handler("index.handler") + .build()) + .build()); +``` + +## Pattern Construct Props + +| **Name** | **Type** | **Description** | +|:-------------|:----------------|-----------------| +|existingLambdaObj?|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-lambda.Function.html)|Existing instance of Lambda Function object, providing both this and `lambdaFunctionProps` will cause an error.| +|lambdaFunctionProps?|[`lambda.FunctionProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-lambda.FunctionProps.html)|Optional user provided props to override the default props for the Lambda function.| +|existingVpc?|[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.IVpc.html)|An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources and an Interface Endpoint will be created in the VPC for Amazon SQS. If an existing VPC is provided, the `deployVpc` property cannot be `true`. This uses `ec2.IVpc` to allow clients to supply VPCs that exist outside the stack using the [`ec2.Vpc.fromLookup()`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.Vpc.html#static-fromwbrlookupscope-id-options) method.| +|vpcProps?|[`ec2.VpcProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.VpcProps.html)|Optional user provided properties to override the default properties for the new VPC. `subnetConfiguration` is set by the pattern, so any values for those properties supplied here will be overrriden. | +| cacheEndpointEnvironmentVariableName?| string | Lambda function environment variable name for the cache Endpoint. Defaults to CACHE_ENDPOINT | +| cacheProps? | [`cache.CfnCacheClusterProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticache.CfnCacheClusterProps.html) | Optional user provided props to override the default props for the Elasticache Cluster. Providing both this and `existingCache` will cause an error. | +| existingCache? | [`cache.CfnCacheCluster`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticache.CfnCacheCluster.html#attrconfigurationendpointport) | Existing instance of Elasticache Cluster object, providing both this and `cacheProps` will cause an error. If you provide this, you must provide the associated VPC in existingVpc. | + +## Pattern Properties + +| **Name** | **Type** | **Description** | +|:-------------|:----------------|-----------------| +|lambdaFunction|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-lambda.Function.html)|Returns an instance of the Lambda function used by the pattern.| +|vpc |[`ec2.IVpc`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.IVpc.html)|Returns an interface on the VPC used by the pattern. This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.| +| cache | [`cache.CfnCacheCluster`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticache.CfnCacheCluster.html#attrconfigurationendpointport) | The Elasticache Memcached cluster used by the construct. | + +## Default settings + +Out of the box implementation of the Construct without any override will set the following defaults: + +### AWS Lambda Function +* Configure limited privilege access IAM role for Lambda function +* Enable reusing connections with Keep-Alive for NodeJs Lambda function +* Enable X-Ray Tracing +* Attached to self referencing security group to grant access to cache +* Set Environment Variables + * (default) CACHE_ENDPOINT + * AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions) + +### Amazon Elasticache Memcached Cluster +* Creates multi node, cross-az cluster by default + * 2 cache nodes, type: cache.t3.medium +* Self referencing security group attached to cluster endpoint + +## Architecture +![Architecture Diagram](architecture.png) + +*** +© Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/architecture.png b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/architecture.png new file mode 100644 index 000000000..bf4e80699 Binary files /dev/null and b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/architecture.png differ diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/lib/index.ts new file mode 100644 index 000000000..3dfa6cafe --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/lib/index.ts @@ -0,0 +1,157 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +// Imports +import * as lambda from "@aws-cdk/aws-lambda"; +import * as ec2 from "@aws-cdk/aws-ec2"; +import * as cache from "@aws-cdk/aws-elasticache"; +import * as defaults from "../../core"; +import { Construct } from "@aws-cdk/core"; +import { obtainMemcachedCluster, getCachePort, CreateSelfReferencingSecurityGroup } from "../../core"; + +const defaultEnvironmentVariableName = "CACHE_ENDPOINT"; + +/** + * @summary The properties for the LambdaToElasticachememcached class. + */ +export interface LambdaToElasticachememcachedProps { + /** + * Existing instance of Lambda Function object, providing both this and `lambdaFunctionProps` will cause an error. + * + * @default - None + */ + readonly existingLambdaObj?: lambda.Function; + /** + * Optional user provided props to override the default props for the Lambda function. + * + * @default - Default properties are used. + */ + readonly lambdaFunctionProps?: lambda.FunctionProps; + /** + * An existing VPC for the construct to use (construct will NOT create a new VPC in this case) + * + * @default - none + */ + readonly existingVpc?: ec2.IVpc; + /** + * Properties to override default properties if deployVpc is true + * + * @default - DefaultIsolatedVpcProps() in vpc-defaults.ts + */ + readonly vpcProps?: ec2.VpcProps; + /** + * Optional Name for the Elasticache Endpoint environment variable + * + * @default - CACHE_ENDPOINT + */ + readonly cacheEndpointEnvironmentVariableName?: string; + /** + * Optional user provided props to override the default props for the Elasticache cache. + * Providing both this and `existingCache` will cause an error. If you provide this, + * you must provide the associated VPC in existingVpc. + * + * @default - Default properties are used (core/lib/elasticacahe-defaults.ts) + */ + readonly cacheProps?: cache.CfnCacheClusterProps | any; + /** + * Existing instance of Elasticache Cluster object, providing both this and `cacheProps` will cause an error. + * + * @default - none + */ + readonly existingCache?: cache.CfnCacheCluster; +} + +/** + * @summary The LambdaToElasticachememcached class. + */ +export class LambdaToElasticachememcached extends Construct { + public readonly lambdaFunction: lambda.Function; + public readonly vpc: ec2.IVpc; + public readonly cache: cache.CfnCacheCluster; + + /** + * @summary Constructs a new instance of the LambdaToElasticachememcached class. + * @param {cdk.App} scope - represents the scope for all the resources. + * @param {string} id - this is a a scope-unique id. + * @param {LambdaToElasticachememcachedProps} props - user provided props for the construct. + * @access public + */ + constructor( + scope: Construct, + id: string, + props: LambdaToElasticachememcachedProps + ) { + super(scope, id); + defaults.CheckProps(props); + + if ((props.existingCache || props.existingLambdaObj) && (!props.existingVpc)) { + throw Error('If providing an existing Cache or Lambda Function, you must also supply the associated existingVpc'); + } + + if ( + props.cacheProps && + props.cacheProps.engine && + props.cacheProps.engine !== "memcached" + ) { + throw Error("This construct can only launch memcached clusters"); + } + if (props.cacheProps && props.existingCache) { + throw Error("Cannot specify existingCache and cacheProps"); + } + + const cachePort = getCachePort(props.cacheProps, props.existingCache); + + this.vpc = defaults.buildVpc(scope, { + defaultVpcProps: defaults.DefaultIsolatedVpcProps(), + existingVpc: props.existingVpc, + userVpcProps: props.vpcProps, + }); + + const lambdaToCacheSecurityGroup = CreateSelfReferencingSecurityGroup(this, id, this.vpc, cachePort); + + this.cache = obtainMemcachedCluster(this, id, { + cacheSecurityGroupId : lambdaToCacheSecurityGroup.securityGroupId, + cacheProps: props.cacheProps, + existingCache: props.existingCache, + vpc: this.vpc, + cachePort, + }); + + // Add the self-referencing security group to the Lambda function props + const lambdaFunctionProps: lambda.FunctionProps = defaults.consolidateProps( + {}, + props.lambdaFunctionProps, + { securityGroups: [lambdaToCacheSecurityGroup] }, + true + ); + + // Setup the Lambda function + this.lambdaFunction = defaults.buildLambdaFunction(this, { + existingLambdaObj: props.existingLambdaObj, + lambdaFunctionProps, + vpc: this.vpc, + }); + + AddLambdaEnvironmentVariable( + this.lambdaFunction, + `${this.cache.attrConfigurationEndpointAddress}:${this.cache.attrConfigurationEndpointPort}`, + defaultEnvironmentVariableName, + props.cacheEndpointEnvironmentVariableName + ); + } +} + +function AddLambdaEnvironmentVariable(targetFunction: lambda.Function, value: string, defaultName: string, clientName?: string) { + const variableName = clientName || defaultName; + targetFunction.addEnvironment(variableName, value); +} diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/package.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/package.json new file mode 100644 index 000000000..217ae9109 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/package.json @@ -0,0 +1,97 @@ +{ + "name": "@aws-solutions-constructs/aws-lambda-elasticachememcached", + "version": "0.0.0", + "description": "CDK constructs for defining an interaction between an AWS Lambda function and an Amazon Elasticache memcached cache.", + "main": "lib/index.js", + "types": "lib/index.d.ts", + "repository": { + "type": "git", + "url": "https://github.com/awslabs/aws-solutions-constructs.git", + "directory": "source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached" + }, + "author": { + "name": "Amazon Web Services", + "url": "https://aws.amazon.com", + "organization": true + }, + "license": "Apache-2.0", + "scripts": { + "build": "tsc -b .", + "lint": "eslint -c ../eslintrc.yml --ext=.js,.ts . && tslint --project .", + "lint-fix": "eslint -c ../eslintrc.yml --ext=.js,.ts --fix .", + "test": "jest --coverage", + "clean": "tsc -b --clean", + "watch": "tsc -b -w", + "integ": "cdk-integ", + "integ-assert": "cdk-integ-assert", + "jsii": "jsii", + "jsii-pacmak": "jsii-pacmak", + "build+lint+test": "npm run jsii && npm run lint && npm test && npm run integ-assert", + "integ-no-clean": "cdk-integ --no-clean", + "snapshot-update": "npm run jsii && npm test -- -u && npm run integ-assert" + }, + "jsii": { + "outdir": "dist", + "targets": { + "java": { + "package": "software.amazon.awsconstructs.services.lambdaelasticachememcached", + "maven": { + "groupId": "software.amazon.awsconstructs", + "artifactId": "lambdas3" + } + }, + "dotnet": { + "namespace": "Amazon.SolutionsConstructs.AWS.LambdaElasticachememcached", + "packageId": "Amazon.SolutionsConstructs.AWS.LambdaElasticachememcached", + "signAssembly": true, + "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png" + }, + "python": { + "distName": "aws-solutions-constructs.aws-lambda-elasticachememcached", + "module": "aws_solutions_constructs.aws_lambda_elasticachememcached" + } + } + }, + "dependencies": { + "@aws-cdk/aws-lambda": "0.0.0", + "@aws-cdk/aws-elasticache": "0.0.0", + "@aws-cdk/aws-ec2": "0.0.0", + "@aws-cdk/core": "0.0.0", + "@aws-solutions-constructs/core": "0.0.0", + "constructs": "^3.2.0" + }, + "devDependencies": { + "@aws-cdk/assert": "0.0.0", + "@types/jest": "^27.4.0", + "@types/node": "^10.3.0" + }, + "jest": { + "moduleFileExtensions": [ + "js" + ], + "coverageReporters": [ + "text", + [ + "lcov", + { + "projectRoot": "../../../../" + } + ] + ] + }, + "peerDependencies": { + "@aws-cdk/aws-lambda": "0.0.0", + "@aws-cdk/core": "0.0.0", + "@aws-solutions-constructs/core": "0.0.0", + "constructs": "^3.2.0", + "@aws-cdk/aws-ec2": "0.0.0" + }, + "keywords": [ + "aws", + "cdk", + "awscdk", + "AWS Solutions Constructs", + "Amazon Elasticache", + "AWS Lambda" + ] +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.existingResources.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.existingResources.expected.json new file mode 100644 index 000000000..245649786 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.existingResources.expected.json @@ -0,0 +1,622 @@ +{ + "Description": "Integration Test with new resourcesfor aws-lambda-elasticachememcached", + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "172.168.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc" + } + ] + } + }, + "VpcisolatedSubnet1SubnetE62B1B9B": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "172.168.0.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "existingResources/Vpc/isolatedSubnet1" + } + ] + } + }, + "VpcisolatedSubnet1RouteTableE442650B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc/isolatedSubnet1" + } + ] + } + }, + "VpcisolatedSubnet1RouteTableAssociationD259E31A": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet1RouteTableE442650B" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + } + } + }, + "VpcisolatedSubnet2Subnet39217055": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "172.168.64.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "existingResources/Vpc/isolatedSubnet2" + } + ] + } + }, + "VpcisolatedSubnet2RouteTable334F9764": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc/isolatedSubnet2" + } + ] + } + }, + "VpcisolatedSubnet2RouteTableAssociation25A4716F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet2RouteTable334F9764" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet2Subnet39217055" + } + } + }, + "VpcisolatedSubnet3Subnet44F2537D": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "172.168.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "existingResources/Vpc/isolatedSubnet3" + } + ] + } + }, + "VpcisolatedSubnet3RouteTableA2F6BBC0": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc/isolatedSubnet3" + } + ] + } + }, + "VpcisolatedSubnet3RouteTableAssociationDC010BEB": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet3RouteTableA2F6BBC0" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + } + }, + "VpcFlowLogIAMRole6A475D41": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "vpc-flow-logs.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc" + } + ] + } + }, + "VpcFlowLogIAMRoleDefaultPolicy406FB995": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "VpcFlowLogLogGroup7B5C56B9", + "Arn" + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "VpcFlowLogIAMRole6A475D41", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", + "Roles": [ + { + "Ref": "VpcFlowLogIAMRole6A475D41" + } + ] + } + }, + "VpcFlowLogLogGroup7B5C56B9": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731, + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc" + } + ] + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W84", + "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)" + } + ] + } + } + }, + "VpcFlowLog8FF33A73": { + "Type": "AWS::EC2::FlowLog", + "Properties": { + "ResourceId": { + "Ref": "Vpc8378EB38" + }, + "ResourceType": "VPC", + "TrafficType": "ALL", + "DeliverLogsPermissionArn": { + "Fn::GetAtt": [ + "VpcFlowLogIAMRole6A475D41", + "Arn" + ] + }, + "LogDestinationType": "cloud-watch-logs", + "LogGroupName": { + "Ref": "VpcFlowLogLogGroup7B5C56B9" + }, + "Tags": [ + { + "Key": "Name", + "Value": "existingResources/Vpc" + } + ] + } + }, + "testsgsecuritygroup89DCF621": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "existingResources/test-sg-security-group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W5", + "reason": "Egress of 0.0.0.0/0 is default and generally considered OK" + }, + { + "id": "W40", + "reason": "Egress IPProtocol of -1 is default and generally considered OK" + } + ] + } + } + }, + "testfunctionServiceRoleFB85AD63": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + } + }, + "testfunction5B23D3B0": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "c1b23d6af38c04acb744bda25a3dc7f4394daea942c67eaff40911a707a3c37a.zip" + }, + "Role": { + "Fn::GetAtt": [ + "testfunctionServiceRoleFB85AD63", + "Arn" + ] + }, + "Environment": { + "Variables": { + "CACHE_ENDPOINT": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testcachecluster", + "ConfigurationEndpoint.Address" + ] + }, + ":", + { + "Fn::GetAtt": [ + "testcachecluster", + "ConfigurationEndpoint.Port" + ] + } + ] + ] + } + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x", + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "testsgsecuritygroup89DCF621", + "GroupId" + ] + }, + { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + }, + { + "Ref": "VpcisolatedSubnet2Subnet39217055" + }, + { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + ] + } + }, + "DependsOn": [ + "testfunctionServiceRoleFB85AD63" + ], + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W58", + "reason": "Test Resource" + }, + { + "id": "W92", + "reason": "Test Resource" + } + ] + } + } + }, + "ecsubnetgrouptestcache": { + "Type": "AWS::ElastiCache::SubnetGroup", + "Properties": { + "Description": "Solutions Constructs generated Cache Subnet Group", + "SubnetIds": [ + { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + }, + { + "Ref": "VpcisolatedSubnet2Subnet39217055" + }, + { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + ], + "CacheSubnetGroupName": "test-cache-subnet-group" + } + }, + "testcachecachesg7265880E": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "existingResources/test-cache-cachesg", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W40", + "reason": "Test Resource" + }, + { + "id": "W5", + "reason": "Test Resource" + }, + { + "id": "W36", + "reason": "Test Resource" + } + ] + } + } + }, + "testcachecluster": { + "Type": "AWS::ElastiCache::CacheCluster", + "Properties": { + "CacheNodeType": "cache.t3.medium", + "Engine": "memcached", + "NumCacheNodes": 2, + "AZMode": "cross-az", + "CacheSubnetGroupName": "test-cache-subnet-group", + "ClusterName": "test-cache-cdk-cluster", + "Port": 11222, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "testcachecachesg7265880E", + "GroupId" + ] + }, + { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + } + ] + }, + "DependsOn": [ + "ecsubnetgrouptestcache" + ] + }, + "testtestcachesg9F6CF9E2": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "existingResources/test/test-cachesg", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W5", + "reason": "Egress of 0.0.0.0/0 is default and generally considered OK" + }, + { + "id": "W40", + "reason": "Egress IPProtocol of -1 is default and generally considered OK" + } + ] + } + } + }, + "testtestingress291C0179": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "TCP", + "Description": "Self referencing rule to control access to Elasticache memcached cluster", + "FromPort": { + "Fn::GetAtt": [ + "testcachecluster", + "ConfigurationEndpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "testcachecluster", + "ConfigurationEndpoint.Port" + ] + } + }, + "DependsOn": [ + "testtestcachesg9F6CF9E2" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.existingResources.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.existingResources.ts new file mode 100644 index 000000000..cb9bdd8f9 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.existingResources.ts @@ -0,0 +1,58 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +// Imports +import { App, Stack } from "@aws-cdk/core"; +import { LambdaToElasticachememcached, LambdaToElasticachememcachedProps } from "../lib"; +import * as lambda from '@aws-cdk/aws-lambda'; +// import * as ec2 from '@aws-cdk/aws-ec2'; +import { generateIntegStackName, getTestVpc, CreateTestCache, addCfnSuppressRules, buildSecurityGroup } from '@aws-solutions-constructs/core'; + +// Setup +const app = new App(); +const stack = new Stack(app, generateIntegStackName(__filename)); +stack.templateOptions.description = 'Integration Test with new resourcesfor aws-lambda-elasticachememcached'; + +const testVpc = getTestVpc(stack, false); + +// const testSG = new ec2.SecurityGroup(stack, 'test-sg', { +// vpc: testVpc, +// }); +// addCfnSuppressRules(testSG, [{ id: "W40", reason: "Test Resource" }]); +// addCfnSuppressRules(testSG, [{ id: "W5", reason: "Test Resource" }]); +// addCfnSuppressRules(testSG, [{ id: "W36", reason: "Test Resource" }]); +const testSG = buildSecurityGroup(stack, 'test-sg', { vpc: testVpc }, [], []); + +const testFunction = new lambda.Function(stack, 'test-function', { + runtime: lambda.Runtime.NODEJS_14_X, + handler: 'index.handler', + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + vpc: testVpc, + securityGroups: [testSG], +}); +addCfnSuppressRules(testFunction, [{ id: "W58", reason: "Test Resource" }]); +addCfnSuppressRules(testFunction, [{ id: "W92", reason: "Test Resource" }]); + +const testCache = CreateTestCache(stack, 'test-cache', testVpc); + +// Definitions +const props: LambdaToElasticachememcachedProps = { + existingVpc: testVpc, + existingLambdaObj: testFunction, + existingCache: testCache, +}; + +new LambdaToElasticachememcached(stack, 'test', props); + +// Synth +app.synth(); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.newResources.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.newResources.expected.json new file mode 100644 index 000000000..c48755395 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.newResources.expected.json @@ -0,0 +1,638 @@ +{ + "Description": "Integration Test with new resourcesfor aws-lambda-elasticachememcached", + "Resources": { + "testtestcachesg9F6CF9E2": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "newResources/test/test-cachesg", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W5", + "reason": "Egress of 0.0.0.0/0 is default and generally considered OK" + }, + { + "id": "W40", + "reason": "Egress IPProtocol of -1 is default and generally considered OK" + } + ] + } + } + }, + "testtestingress291C0179": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "TCP", + "Description": "Self referencing rule to control access to Elasticache memcached cluster", + "FromPort": 11222, + "GroupId": { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + "ToPort": 11222 + }, + "DependsOn": [ + "testtestcachesg9F6CF9E2" + ] + }, + "testecsubnetgrouptest868C53AE": { + "Type": "AWS::ElastiCache::SubnetGroup", + "Properties": { + "Description": "Solutions Constructs generated Cache Subnet Group", + "SubnetIds": [ + { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + }, + { + "Ref": "VpcisolatedSubnet2Subnet39217055" + }, + { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + ], + "CacheSubnetGroupName": "test-subnet-group" + } + }, + "testtestcluster57FB8D14": { + "Type": "AWS::ElastiCache::CacheCluster", + "Properties": { + "CacheNodeType": "cache.t3.medium", + "Engine": "memcached", + "NumCacheNodes": 2, + "AZMode": "cross-az", + "CacheSubnetGroupName": "test-subnet-group", + "ClusterName": "test-cdk-cluster", + "Port": 11222, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + } + ] + }, + "DependsOn": [ + "testecsubnetgrouptest868C53AE" + ] + }, + "testLambdaFunctionServiceRoleA03EDA2B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRolePolicy" + } + ] + } + }, + "testLambdaFunctionServiceRoleDefaultPolicy4F560EE3": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testLambdaFunctionServiceRoleDefaultPolicy4F560EE3", + "Roles": [ + { + "Ref": "testLambdaFunctionServiceRoleA03EDA2B" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." + } + ] + } + } + }, + "testReplaceDefaultSecurityGroupsecuritygroupAC4F969B": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "newResources/test/ReplaceDefaultSecurityGroup-security-group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W5", + "reason": "Egress of 0.0.0.0/0 is default and generally considered OK" + }, + { + "id": "W40", + "reason": "Egress IPProtocol of -1 is default and generally considered OK" + } + ] + } + } + }, + "testLambdaFunction1BF7CD84": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "c1b23d6af38c04acb744bda25a3dc7f4394daea942c67eaff40911a707a3c37a.zip" + }, + "Role": { + "Fn::GetAtt": [ + "testLambdaFunctionServiceRoleA03EDA2B", + "Arn" + ] + }, + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", + "CACHE_ENDPOINT": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testtestcluster57FB8D14", + "ConfigurationEndpoint.Address" + ] + }, + ":", + { + "Fn::GetAtt": [ + "testtestcluster57FB8D14", + "ConfigurationEndpoint.Port" + ] + } + ] + ] + } + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x", + "TracingConfig": { + "Mode": "Active" + }, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + { + "Fn::GetAtt": [ + "testReplaceDefaultSecurityGroupsecuritygroupAC4F969B", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + }, + { + "Ref": "VpcisolatedSubnet2Subnet39217055" + }, + { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + ] + } + }, + "DependsOn": [ + "testLambdaFunctionServiceRoleDefaultPolicy4F560EE3", + "testLambdaFunctionServiceRoleA03EDA2B" + ], + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W58", + "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions." + }, + { + "id": "W89", + "reason": "This is not a rule for the general case, just for specific use cases/industries" + }, + { + "id": "W92", + "reason": "Impossible for us to define the correct concurrency for clients" + } + ] + } + } + }, + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc" + } + ] + } + }, + "VpcisolatedSubnet1SubnetE62B1B9B": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "newResources/Vpc/isolatedSubnet1" + } + ] + } + }, + "VpcisolatedSubnet1RouteTableE442650B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc/isolatedSubnet1" + } + ] + } + }, + "VpcisolatedSubnet1RouteTableAssociationD259E31A": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet1RouteTableE442650B" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + } + } + }, + "VpcisolatedSubnet2Subnet39217055": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "newResources/Vpc/isolatedSubnet2" + } + ] + } + }, + "VpcisolatedSubnet2RouteTable334F9764": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc/isolatedSubnet2" + } + ] + } + }, + "VpcisolatedSubnet2RouteTableAssociation25A4716F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet2RouteTable334F9764" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet2Subnet39217055" + } + } + }, + "VpcisolatedSubnet3Subnet44F2537D": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "newResources/Vpc/isolatedSubnet3" + } + ] + } + }, + "VpcisolatedSubnet3RouteTableA2F6BBC0": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc/isolatedSubnet3" + } + ] + } + }, + "VpcisolatedSubnet3RouteTableAssociationDC010BEB": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet3RouteTableA2F6BBC0" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + } + }, + "VpcFlowLogIAMRole6A475D41": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "vpc-flow-logs.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc" + } + ] + } + }, + "VpcFlowLogIAMRoleDefaultPolicy406FB995": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "VpcFlowLogLogGroup7B5C56B9", + "Arn" + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "VpcFlowLogIAMRole6A475D41", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", + "Roles": [ + { + "Ref": "VpcFlowLogIAMRole6A475D41" + } + ] + } + }, + "VpcFlowLogLogGroup7B5C56B9": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731, + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc" + } + ] + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W84", + "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)" + } + ] + } + } + }, + "VpcFlowLog8FF33A73": { + "Type": "AWS::EC2::FlowLog", + "Properties": { + "ResourceId": { + "Ref": "Vpc8378EB38" + }, + "ResourceType": "VPC", + "TrafficType": "ALL", + "DeliverLogsPermissionArn": { + "Fn::GetAtt": [ + "VpcFlowLogIAMRole6A475D41", + "Arn" + ] + }, + "LogDestinationType": "cloud-watch-logs", + "LogGroupName": { + "Ref": "VpcFlowLogLogGroup7B5C56B9" + }, + "Tags": [ + { + "Key": "Name", + "Value": "newResources/Vpc" + } + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.newResources.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.newResources.ts new file mode 100644 index 000000000..f452bf7d0 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.newResources.ts @@ -0,0 +1,37 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +// Imports +import { App, Stack } from "@aws-cdk/core"; +import { LambdaToElasticachememcached, LambdaToElasticachememcachedProps } from "../lib"; +import * as lambda from '@aws-cdk/aws-lambda'; +import { generateIntegStackName } from '@aws-solutions-constructs/core'; + +// Setup +const app = new App(); +const stack = new Stack(app, generateIntegStackName(__filename)); +stack.templateOptions.description = 'Integration Test with new resourcesfor aws-lambda-elasticachememcached'; + +// Definitions +const props: LambdaToElasticachememcachedProps = { + lambdaFunctionProps: { + runtime: lambda.Runtime.NODEJS_14_X, + handler: 'index.handler', + code: lambda.Code.fromAsset(`${__dirname}/lambda`) + } +}; + +new LambdaToElasticachememcached(stack, 'test', props); + +// Synth +app.synth(); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.withClientProps.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.withClientProps.expected.json new file mode 100644 index 000000000..e25b5ec4d --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.withClientProps.expected.json @@ -0,0 +1,638 @@ +{ + "Description": "Integration Test with new resourcesfor aws-lambda-elasticachememcached", + "Resources": { + "testtestcachesg9F6CF9E2": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "withClientProps/test/test-cachesg", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W5", + "reason": "Egress of 0.0.0.0/0 is default and generally considered OK" + }, + { + "id": "W40", + "reason": "Egress IPProtocol of -1 is default and generally considered OK" + } + ] + } + } + }, + "testtestingress291C0179": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "TCP", + "Description": "Self referencing rule to control access to Elasticache memcached cluster", + "FromPort": 11222, + "GroupId": { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + "ToPort": 11222 + }, + "DependsOn": [ + "testtestcachesg9F6CF9E2" + ] + }, + "testecsubnetgrouptest868C53AE": { + "Type": "AWS::ElastiCache::SubnetGroup", + "Properties": { + "Description": "Solutions Constructs generated Cache Subnet Group", + "SubnetIds": [ + { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + }, + { + "Ref": "VpcisolatedSubnet2Subnet39217055" + }, + { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + ], + "CacheSubnetGroupName": "test-subnet-group" + } + }, + "testtestcluster57FB8D14": { + "Type": "AWS::ElastiCache::CacheCluster", + "Properties": { + "CacheNodeType": "cache.t3.medium", + "Engine": "memcached", + "NumCacheNodes": 2, + "AZMode": "single-az", + "CacheSubnetGroupName": "test-subnet-group", + "ClusterName": "test-cdk-cluster", + "Port": 11222, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + } + ] + }, + "DependsOn": [ + "testecsubnetgrouptest868C53AE" + ] + }, + "testLambdaFunctionServiceRoleA03EDA2B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/*" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRolePolicy" + } + ] + } + }, + "testLambdaFunctionServiceRoleDefaultPolicy4F560EE3": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testLambdaFunctionServiceRoleDefaultPolicy4F560EE3", + "Roles": [ + { + "Ref": "testLambdaFunctionServiceRoleA03EDA2B" + } + ] + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W12", + "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC." + } + ] + } + } + }, + "testReplaceDefaultSecurityGroupsecuritygroupAC4F969B": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "withClientProps/test/ReplaceDefaultSecurityGroup-security-group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W5", + "reason": "Egress of 0.0.0.0/0 is default and generally considered OK" + }, + { + "id": "W40", + "reason": "Egress IPProtocol of -1 is default and generally considered OK" + } + ] + } + } + }, + "testLambdaFunction1BF7CD84": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "c1b23d6af38c04acb744bda25a3dc7f4394daea942c67eaff40911a707a3c37a.zip" + }, + "Role": { + "Fn::GetAtt": [ + "testLambdaFunctionServiceRoleA03EDA2B", + "Arn" + ] + }, + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", + "CACHE_ENDPOINT": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testtestcluster57FB8D14", + "ConfigurationEndpoint.Address" + ] + }, + ":", + { + "Fn::GetAtt": [ + "testtestcluster57FB8D14", + "ConfigurationEndpoint.Port" + ] + } + ] + ] + } + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x", + "TracingConfig": { + "Mode": "Active" + }, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "testtestcachesg9F6CF9E2", + "GroupId" + ] + }, + { + "Fn::GetAtt": [ + "testReplaceDefaultSecurityGroupsecuritygroupAC4F969B", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + }, + { + "Ref": "VpcisolatedSubnet2Subnet39217055" + }, + { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + ] + } + }, + "DependsOn": [ + "testLambdaFunctionServiceRoleDefaultPolicy4F560EE3", + "testLambdaFunctionServiceRoleA03EDA2B" + ], + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W58", + "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions." + }, + { + "id": "W89", + "reason": "This is not a rule for the general case, just for specific use cases/industries" + }, + { + "id": "W92", + "reason": "Impossible for us to define the correct concurrency for clients" + } + ] + } + } + }, + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "192.68.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc" + } + ] + } + }, + "VpcisolatedSubnet1SubnetE62B1B9B": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1a", + "CidrBlock": "192.68.0.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "withClientProps/Vpc/isolatedSubnet1" + } + ] + } + }, + "VpcisolatedSubnet1RouteTableE442650B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc/isolatedSubnet1" + } + ] + } + }, + "VpcisolatedSubnet1RouteTableAssociationD259E31A": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet1RouteTableE442650B" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet1SubnetE62B1B9B" + } + } + }, + "VpcisolatedSubnet2Subnet39217055": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1b", + "CidrBlock": "192.68.64.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "withClientProps/Vpc/isolatedSubnet2" + } + ] + } + }, + "VpcisolatedSubnet2RouteTable334F9764": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc/isolatedSubnet2" + } + ] + } + }, + "VpcisolatedSubnet2RouteTableAssociation25A4716F": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet2RouteTable334F9764" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet2Subnet39217055" + } + } + }, + "VpcisolatedSubnet3Subnet44F2537D": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": "test-region-1c", + "CidrBlock": "192.68.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "withClientProps/Vpc/isolatedSubnet3" + } + ] + } + }, + "VpcisolatedSubnet3RouteTableA2F6BBC0": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc/isolatedSubnet3" + } + ] + } + }, + "VpcisolatedSubnet3RouteTableAssociationDC010BEB": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcisolatedSubnet3RouteTableA2F6BBC0" + }, + "SubnetId": { + "Ref": "VpcisolatedSubnet3Subnet44F2537D" + } + } + }, + "VpcFlowLogIAMRole6A475D41": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "vpc-flow-logs.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc" + } + ] + } + }, + "VpcFlowLogIAMRoleDefaultPolicy406FB995": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "VpcFlowLogLogGroup7B5C56B9", + "Arn" + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "VpcFlowLogIAMRole6A475D41", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", + "Roles": [ + { + "Ref": "VpcFlowLogIAMRole6A475D41" + } + ] + } + }, + "VpcFlowLogLogGroup7B5C56B9": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 731, + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc" + } + ] + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W84", + "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)" + } + ] + } + } + }, + "VpcFlowLog8FF33A73": { + "Type": "AWS::EC2::FlowLog", + "Properties": { + "ResourceId": { + "Ref": "Vpc8378EB38" + }, + "ResourceType": "VPC", + "TrafficType": "ALL", + "DeliverLogsPermissionArn": { + "Fn::GetAtt": [ + "VpcFlowLogIAMRole6A475D41", + "Arn" + ] + }, + "LogDestinationType": "cloud-watch-logs", + "LogGroupName": { + "Ref": "VpcFlowLogLogGroup7B5C56B9" + }, + "Tags": [ + { + "Key": "Name", + "Value": "withClientProps/Vpc" + } + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.withClientProps.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.withClientProps.ts new file mode 100644 index 000000000..82269d117 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/integ.withClientProps.ts @@ -0,0 +1,43 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +// Imports +import { App, Stack } from "@aws-cdk/core"; +import { LambdaToElasticachememcached, LambdaToElasticachememcachedProps } from "../lib"; +import * as lambda from '@aws-cdk/aws-lambda'; +import { generateIntegStackName } from '@aws-solutions-constructs/core'; + +// Setup +const app = new App(); +const stack = new Stack(app, generateIntegStackName(__filename)); +stack.templateOptions.description = 'Integration Test with new resourcesfor aws-lambda-elasticachememcached'; + +// Definitions +const props: LambdaToElasticachememcachedProps = { + lambdaFunctionProps: { + runtime: lambda.Runtime.NODEJS_14_X, + handler: 'index.handler', + code: lambda.Code.fromAsset(`${__dirname}/lambda`) + }, + cacheProps: { + azMode: "single-az" + }, + vpcProps: { + cidr: '192.68.0.0/16' + } +}; + +new LambdaToElasticachememcached(stack, 'test', props); + +// Synth +app.synth(); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/lambda-elasticachememcached.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/lambda-elasticachememcached.test.ts new file mode 100755 index 000000000..5f8a95f22 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/lambda-elasticachememcached.test.ts @@ -0,0 +1,366 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +// Imports +// import { expect as expectCDK, haveResource } from '@aws-cdk/assert'; +// import { LambdaToElasticachememcached, LambdaToElasticachememcachedProps } from "../lib"; +// import * as lambda from '@aws-cdk/aws-lambda'; +// import * as cdk from "@aws-cdk/core"; +import "@aws-cdk/assert/jest"; +import * as defaults from "@aws-solutions-constructs/core"; +import * as cdk from "@aws-cdk/core"; +import * as lambda from "@aws-cdk/aws-lambda"; +import { LambdaToElasticachememcached } from "../lib"; + +const testPort = 12321; +const testFunctionName = "something-unique"; +const testClusterName = "something-else"; + +test("When provided a VPC, does not create a second VPC", () => { + const stack = new cdk.Stack(); + + const existingVpc = defaults.getTestVpc(stack); + new LambdaToElasticachememcached(stack, "testStack", { + existingVpc, + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + }); + + expect(stack).toCountResources("AWS::EC2::VPC", 1); +}); + +test("When provided an existingCache, does not create a second cache", () => { + const stack = new cdk.Stack(); + + const existingVpc = defaults.getTestVpc(stack); + const existingCache = defaults.CreateTestCache(stack, "test-cache", existingVpc, testPort); + + new LambdaToElasticachememcached(stack, "testStack", { + existingVpc, + existingCache, + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + }); + + expect(stack).toCountResources("AWS::ElastiCache::CacheCluster", 1); + expect(stack).toHaveResourceLike("AWS::ElastiCache::CacheCluster", { + Port: testPort, + }); +}); + +test("When provided an existingFunction, does not create a second function", () => { + const stack = new cdk.Stack(); + + const existingVpc = defaults.getTestVpc(stack); + const existingFunction = new lambda.Function(stack, "test-function", { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + vpc: existingVpc, + functionName: testFunctionName, + }); + + new LambdaToElasticachememcached(stack, "testStack", { + existingVpc, + existingLambdaObj: existingFunction, + }); + + expect(stack).toCountResources("AWS::Lambda::Function", 1); + expect(stack).toHaveResourceLike("AWS::Lambda::Function", { + FunctionName: testFunctionName, + }); +}); + +test("Test custom environment variable name", () => { + const stack = new cdk.Stack(); + + const testEnvironmentVariableName = "CUSTOM_CLUSTER_NAME"; + + new LambdaToElasticachememcached(stack, "test-construct", { + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + cacheEndpointEnvironmentVariableName: testEnvironmentVariableName, + }); + + expect(stack).toHaveResource("AWS::Lambda::Function", { + Environment: { + Variables: { + AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1", + CUSTOM_CLUSTER_NAME: { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testconstructtestconstructclusterCF9DF48A", + "ConfigurationEndpoint.Address", + ], + }, + ":", + { + "Fn::GetAtt": [ + "testconstructtestconstructclusterCF9DF48A", + "ConfigurationEndpoint.Port", + ], + }, + ], + ], + }, + }, + }, + }); +}); + +test("Test setting custom function properties", () => { + const stack = new cdk.Stack(); + + new LambdaToElasticachememcached(stack, "test-cache", { + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + functionName: testFunctionName, + }, + }); + + expect(stack).toHaveResourceLike("AWS::Lambda::Function", { + FunctionName: testFunctionName, + }); +}); + +test("Test setting custom cache properties", () => { + const stack = new cdk.Stack(); + + new LambdaToElasticachememcached(stack, "test-cache", { + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + cacheProps: { + clusterName: testClusterName, + }, + }); + + expect(stack).toHaveResourceLike("AWS::ElastiCache::CacheCluster", { + ClusterName: testClusterName, + }); +}); +test("Test setting custom VPC properties", () => { + const stack = new cdk.Stack(); + const testCidrBlock = "192.168.0.0/16"; + + new LambdaToElasticachememcached(stack, "test-cache", { + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + vpcProps: { + cidr: testCidrBlock, + }, + }); + + expect(stack).toHaveResourceLike("AWS::EC2::VPC", { + CidrBlock: testCidrBlock, + }); +}); +test("Test all default values", () => { + const stack = new cdk.Stack(); + + new LambdaToElasticachememcached(stack, "test-cache", { + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + }); + + expect(stack).toCountResources("AWS::Lambda::Function", 1); + expect(stack).toCountResources("AWS::ElastiCache::CacheCluster", 1); + expect(stack).toCountResources("AWS::EC2::VPC", 1); + + expect(stack).toHaveResourceLike("AWS::Lambda::Function", { + Environment: { + Variables: { + AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1", + CACHE_ENDPOINT: { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testcachetestcachecluster27D08FAD", + "ConfigurationEndpoint.Address", + ], + }, + ":", + { + "Fn::GetAtt": [ + "testcachetestcachecluster27D08FAD", + "ConfigurationEndpoint.Port", + ], + }, + ], + ], + }, + }, + }, + Handler: ".handler", + Runtime: "nodejs14.x", + }); + + // All values taken from elasticache-defaults.ts + expect(stack).toHaveResourceLike("AWS::ElastiCache::CacheCluster", { + CacheNodeType: "cache.t3.medium", + Engine: "memcached", + NumCacheNodes: 2, + Port: 11222, + AZMode: "cross-az", + }); + + expect(stack).toHaveResourceLike("AWS::EC2::VPC", { + EnableDnsHostnames: true, + EnableDnsSupport: true, + }); +}); + +test('Test for the proper self referencing security group', () => { + const stack = new cdk.Stack(); + + new LambdaToElasticachememcached(stack, "test-cache", { + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + cacheProps: { + port: 22223 + } + }); + + expect(stack).toHaveResourceLike("AWS::EC2::SecurityGroupIngress", { + IpProtocol: "TCP", + FromPort: 22223, + ToPort: 22223, + GroupId: { + "Fn::GetAtt": [ + "testcachetestcachecachesg74A03DA4", + "GroupId" + ] + }, + SourceSecurityGroupId: { + "Fn::GetAtt": [ + "testcachetestcachecachesg74A03DA4", + "GroupId" + ] + }, + }); +}); +// test('', () => {}); +test("Test error from existingCache and no VPC", () => { + const stack = new cdk.Stack(); + + const existingVpc = defaults.getTestVpc(stack); + const existingCache = defaults.CreateTestCache(stack, "test-cache", existingVpc); + + const app = () => { + new LambdaToElasticachememcached(stack, "testStack", { + existingCache, + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + }); + }; + + expect(app).toThrowError( + "If providing an existing Cache or Lambda Function, you must also supply the associated existingVpc" + ); +}); + +test("Test error from existing function and no VPC", () => { + const stack = new cdk.Stack(); + + const existingVpc = defaults.getTestVpc(stack); + const existingFunction = new lambda.Function(stack, "test-function", { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + vpc: existingVpc, + }); + + const app = () => { + new LambdaToElasticachememcached(stack, "testStack", { + existingLambdaObj: existingFunction, + }); + }; + + expect(app).toThrowError( + "If providing an existing Cache or Lambda Function, you must also supply the associated existingVpc" + ); +}); + +test("Test error from existingCache and cacheProps", () => { + const stack = new cdk.Stack(); + + const existingVpc = defaults.getTestVpc(stack); + const existingCache = defaults.CreateTestCache(stack, "test-cache", existingVpc); + + const app = () => { + new LambdaToElasticachememcached(stack, "testStack", { + existingCache, + existingVpc, + cacheProps: { + numCacheNodes: 4, + }, + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + }); + }; + + expect(app).toThrowError("Cannot specify existingCache and cacheProps"); +}); + +test("Test error from trying to launch Redis", () => { + const stack = new cdk.Stack(); + + const app = () => { + new LambdaToElasticachememcached(stack, "testStack", { + cacheProps: { + numCacheNodes: 4, + engine: "redis", + }, + lambdaFunctionProps: { + code: lambda.Code.fromAsset(`${__dirname}/lambda`), + runtime: lambda.Runtime.NODEJS_14_X, + handler: ".handler", + }, + }); + }; + + expect(app).toThrowError("This construct can only launch memcached clusters"); +}); diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/lambda/index.js b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/lambda/index.js new file mode 100644 index 000000000..93b955782 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticachememcached/test/lambda/index.js @@ -0,0 +1,8 @@ +exports.handler = async function (event) { + console.log(`request:${JSON.stringify(event, undefined, 2)}`); + return { + statusCode: 200, + headers: { "Content-Type": "text/plain" }, + body: `Hello, AWS Solutions Constructs! You've hit ${event.path}`, + }; +}; diff --git a/source/patterns/@aws-solutions-constructs/core/index.ts b/source/patterns/@aws-solutions-constructs/core/index.ts index 41602954a..5e1aee4e8 100644 --- a/source/patterns/@aws-solutions-constructs/core/index.ts +++ b/source/patterns/@aws-solutions-constructs/core/index.ts @@ -16,6 +16,8 @@ export * from './lib/alb-helper'; export * from './lib/apigateway-defaults'; export * from './lib/apigateway-helper'; export * from './lib/dynamodb-table-defaults'; +export * from './lib/elasticache-defaults'; +export * from './lib/elasticache-helper'; export * from './lib/fargate-defaults'; export * from './lib/fargate-helper'; export * from './lib/iot-topic-rule-defaults'; diff --git a/source/patterns/@aws-solutions-constructs/core/lib/elasticache-defaults.ts b/source/patterns/@aws-solutions-constructs/core/lib/elasticache-defaults.ts new file mode 100644 index 000000000..c5282665b --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/core/lib/elasticache-defaults.ts @@ -0,0 +1,28 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +export function GetDefaultCachePort() { + // Best practice not to use default port 11211 + return 11222; +} + +export function GetMemcachedDefaults(id: string, port: number) { + return { + clusterName: `${id}-cdk-cluster`, + cacheNodeType: "cache.t3.medium", + engine: "memcached", + numCacheNodes: 2, + port, + azMode: 'cross-az' + }; +} diff --git a/source/patterns/@aws-solutions-constructs/core/lib/elasticache-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/elasticache-helper.ts new file mode 100644 index 000000000..fbcd82364 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/core/lib/elasticache-helper.ts @@ -0,0 +1,100 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +import * as ec2 from "@aws-cdk/aws-ec2"; +import * as cache from "@aws-cdk/aws-elasticache"; +import { Construct } from "@aws-cdk/core"; +import { GetDefaultCachePort, GetMemcachedDefaults } from './elasticache-defaults'; +import { consolidateProps } from './utils'; + +export interface ObtainMemcachedClusterProps { + readonly cachePort?: any, + readonly cacheSecurityGroupId: string, + readonly cacheProps?: cache.CfnCacheClusterProps | any, + readonly existingCache?: cache.CfnCacheCluster, + readonly vpc?: ec2.IVpc, +} + +export function obtainMemcachedCluster( + scope: Construct, + id: string, + props: ObtainMemcachedClusterProps +) { + + if (props.existingCache) { + props.existingCache.vpcSecurityGroupIds?.push(props.cacheSecurityGroupId); + return props.existingCache; + } else { + if (!props.cachePort) { + throw Error('props.cachePort required for new caches'); + } + + // Create the subnet group from all the isolated subnets in the VPC + const subnetGroup = createCacheSubnetGroup(scope, props.vpc!, id); + + const defaultProps = GetMemcachedDefaults(id, props.cachePort); + const requiredConstructProps = { + vpcSecurityGroupIds: [props.cacheSecurityGroupId], + cacheSubnetGroupName: subnetGroup.cacheSubnetGroupName, + }; + const consolidatedProps = consolidateProps( + defaultProps, + props.cacheProps, + requiredConstructProps, + true + ); + + const newCache = new cache.CfnCacheCluster( + scope, + `${id}-cluster`, + consolidatedProps + ); + newCache.addDependsOn(subnetGroup); + return newCache; + } + +} + +export function createCacheSubnetGroup( + construct: Construct, + vpc: ec2.IVpc, + id: string +): cache.CfnSubnetGroup { + + // Memcached has no auth, all access control is + // network based, so, at least initially, we will + // only launch it in isolated subnets. + const subnetIds: string[] = []; + vpc.isolatedSubnets.forEach((subnet) => { + subnetIds.push(subnet.subnetId); + }); + + return new cache.CfnSubnetGroup(construct, `ec-subnetgroup-${id}`, { + description: "Solutions Constructs generated Cache Subnet Group", + subnetIds, + cacheSubnetGroupName: `${id}-subnet-group`, + }); +} + +export function getCachePort( + clientCacheProps?: cache.CfnCacheClusterProps | any, + existingCache?: cache.CfnCacheCluster +): any { + if (existingCache) { + return existingCache.attrConfigurationEndpointPort!; + } else if (clientCacheProps?.port) { + return clientCacheProps.port; + } else { + return GetDefaultCachePort(); + } +} diff --git a/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts index 4403a6979..272cb2545 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts @@ -53,6 +53,14 @@ export function buildLambdaFunction(scope: Construct, props: BuildLambdaFunction } } else { if (props.vpc) { + const levelOneFunction: lambda.CfnFunction = props.existingLambdaObj.node.defaultChild as lambda.CfnFunction; + if (props.lambdaFunctionProps?.securityGroups) { + let ctr = 20; + props.lambdaFunctionProps?.securityGroups.forEach(sg => { + // TODO: Discuss with someone why I can't get R/O access to VpcConfigSecurityGroupIds + levelOneFunction.addOverride(`Properties.VpcConfig.SecurityGroupIds.${ctr++}`, sg.securityGroupId); + }); + } if (!props.existingLambdaObj.isBoundToVpc) { throw Error('A Lambda function must be bound to a VPC upon creation, it cannot be added to a VPC in a subsequent construct'); } @@ -128,7 +136,7 @@ export function deployLambdaFunction(scope: Construct, finalLambdaFunctionProps = overrideProps(finalLambdaFunctionProps, { securityGroups: [ lambdaSecurityGroup ], vpc, - }); + }, true); } const lambdafunction = new lambda.Function(scope, _functionId, finalLambdaFunctionProps); diff --git a/source/patterns/@aws-solutions-constructs/core/lib/security-group-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/security-group-helper.ts index 7ad7ca8e6..592019eb6 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/security-group-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/security-group-helper.ts @@ -55,3 +55,36 @@ export function buildSecurityGroup( return newSecurityGroup; } + +export function CreateSelfReferencingSecurityGroup(scope: Construct, id: string, vpc: ec2.IVpc, cachePort: any) { + const newCacheSG = new ec2.SecurityGroup(scope, `${id}-cachesg`, { + vpc, + allowAllOutbound: true, + }); + const selfReferenceRule = new ec2.CfnSecurityGroupIngress( + scope, + `${id}-ingress`, + { + groupId: newCacheSG.securityGroupId, + sourceSecurityGroupId: newCacheSG.securityGroupId, + ipProtocol: "TCP", + fromPort: cachePort, + toPort: cachePort, + description: 'Self referencing rule to control access to Elasticache memcached cluster', + } + ); + selfReferenceRule.node.addDependency(newCacheSG); + + addCfnSuppressRules(newCacheSG, [ + { + id: "W5", + reason: "Egress of 0.0.0.0/0 is default and generally considered OK", + }, + { + id: "W40", + reason: + "Egress IPProtocol of -1 is default and generally considered OK", + }, + ]); + return newCacheSG; +} diff --git a/source/patterns/@aws-solutions-constructs/core/lib/utils.ts b/source/patterns/@aws-solutions-constructs/core/lib/utils.ts index 7cfe7da7b..b84cf6b37 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/utils.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/utils.ts @@ -164,15 +164,15 @@ export function addCfnSuppressRules(resource: cdk.Resource | cdk.CfnResource, ru * 2) clientProps value * 3) defaultProps value */ -export function consolidateProps(defaultProps: object, clientProps?: object, constructProps?: object): any { +export function consolidateProps(defaultProps: object, clientProps?: object, constructProps?: object, concatArray: boolean = false): any { let result: object = defaultProps; if (clientProps) { - result = overrideProps(result, clientProps); + result = overrideProps(result, clientProps, concatArray); } if (constructProps) { - result = overrideProps(result, constructProps); + result = overrideProps(result, constructProps, concatArray); } return result; diff --git a/source/patterns/@aws-solutions-constructs/core/package.json b/source/patterns/@aws-solutions-constructs/core/package.json index c9c0e5179..55c416e5e 100644 --- a/source/patterns/@aws-solutions-constructs/core/package.json +++ b/source/patterns/@aws-solutions-constructs/core/package.json @@ -55,6 +55,7 @@ "@aws-cdk/aws-cloudfront": "0.0.0", "@aws-cdk/aws-cloudfront-origins": "0.0.0", "@aws-cdk/aws-dynamodb": "0.0.0", + "@aws-cdk/aws-elasticache": "0.0.0", "@aws-cdk/aws-elasticloadbalancingv2": "0.0.0", "@aws-cdk/aws-elasticloadbalancingv2-targets": "0.0.0", "@aws-cdk/aws-glue": "0.0.0", diff --git a/source/patterns/@aws-solutions-constructs/core/test/elasticache-defaults.test.ts b/source/patterns/@aws-solutions-constructs/core/test/elasticache-defaults.test.ts new file mode 100644 index 000000000..bf8d12cfa --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/core/test/elasticache-defaults.test.ts @@ -0,0 +1,35 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +import "@aws-cdk/assert/jest"; +import { GetDefaultCachePort, GetMemcachedDefaults } from "../lib/elasticache-defaults"; + +test("Test GetDefaultCachePort()", () => { + const defaultPort = GetDefaultCachePort(); + + expect(defaultPort).toEqual(11222); +}); + +test("Test GetMemcachedDefaults()", () => { + const testPort = 22222; + const testId = 'test'; + + const props = GetMemcachedDefaults(testId, testPort); + + expect(props.port).toEqual(testPort); + expect(props.clusterName).toEqual(`${testId}-cdk-cluster`); + expect(props.engine).toEqual("memcached"); + expect(props.cacheNodeType).toEqual("cache.t3.medium"); + expect(props.numCacheNodes).toEqual(2); + expect(props.azMode).toEqual('cross-az'); +}); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/core/test/elasticache-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/elasticache-helper.test.ts new file mode 100644 index 000000000..e00059ecd --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/core/test/elasticache-helper.test.ts @@ -0,0 +1,110 @@ +/** + * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +import "@aws-cdk/assert/jest"; +import { CreateTestCache, getTestVpc } from "./test-helper"; +import * as cdk from '@aws-cdk/core'; +import * as ec2 from '@aws-cdk/aws-ec2'; +import { getCachePort, obtainMemcachedCluster } from "../lib/elasticache-helper"; +import { GetDefaultCachePort } from "../lib/elasticache-defaults"; + +test("Test returning existing Cache", () => { + const stack = new cdk.Stack(); + + const testVpc = getTestVpc(stack, false); + const existingCache = CreateTestCache(stack, 'test', testVpc); + + const securityGroup = new ec2.SecurityGroup(stack, 'test-sg', { + vpc: testVpc + }); + const obtainedCache = obtainMemcachedCluster(stack, 'test-cache', { + existingCache, + cacheSecurityGroupId: securityGroup.securityGroupId + }); + + expect(obtainedCache).toBe(existingCache); +}); + +test("Test create cache with no client props", () => { + const stack = new cdk.Stack(); + + const testVpc = getTestVpc(stack, false); + + const securityGroup = new ec2.SecurityGroup(stack, 'test-sg', { + vpc: testVpc + }); + obtainMemcachedCluster(stack, 'test-cache', { + vpc: testVpc, + cacheSecurityGroupId: securityGroup.securityGroupId, + cachePort: 11111, + }); + + expect(stack).toHaveResourceLike("AWS::ElastiCache::CacheCluster", { + Port: 11111, + AZMode: 'cross-az', + Engine: 'memcached', + }); +}); + +test("Test create cache with client props", () => { + const stack = new cdk.Stack(); + + const testVpc = getTestVpc(stack, false); + + const securityGroup = new ec2.SecurityGroup(stack, 'test-sg', { + vpc: testVpc + }); + obtainMemcachedCluster(stack, 'test-cache', { + vpc: testVpc, + cacheSecurityGroupId: securityGroup.securityGroupId, + cachePort: 12321, + cacheProps: { + azMode: 'single-az', + clusterName: 'test-name' + } + }); + + expect(stack).toHaveResourceLike("AWS::ElastiCache::CacheCluster", { + Port: 12321, + AZMode: 'single-az', + Engine: 'memcached', + ClusterName: 'test-name' + }); +}); + +test("Test GetCachePort() with existing cache", () => { + + const stack = new cdk.Stack(); + + const testVpc = getTestVpc(stack, false); + const existingCache = CreateTestCache(stack, 'test', testVpc, 32123); + + const port = getCachePort(undefined, existingCache); + + // Since the port from the existing cache is a token, + // we can't check it directly, but we can ensure + // the default port was replaced + expect(port).not.toEqual(GetDefaultCachePort()); +}); + +test("Test GetCachePort() with clientCacheProps", () => { + const clientPort = 32123; + + const port = getCachePort({ port: clientPort }); + expect(port).toEqual(clientPort); +}); +test("Test GetCachePort() with default port", () => { + + const port = getCachePort(); + expect(port).toEqual(GetDefaultCachePort()); +}); diff --git a/source/patterns/@aws-solutions-constructs/core/test/security-group-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/security-group-helper.test.ts index e1472bc3f..139e9b2b2 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/security-group-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/security-group-helper.test.ts @@ -119,3 +119,38 @@ test("Test deployment with egress rule", () => { ], }); }); + +test("Test self referencing security group", () => { + const testPort = 33333; + // Stack + const stack = new Stack(); + + const vpc = new ec2.Vpc(stack, "test-vpc", {}); + + // Helper declaration + defaults.CreateSelfReferencingSecurityGroup( + stack, + "testsg", + vpc, + testPort, + ); + + expect(stack).toHaveResourceLike("AWS::EC2::SecurityGroupIngress", { + IpProtocol: "TCP", + FromPort: testPort, + ToPort: testPort, + GroupId: { + "Fn::GetAtt": [ + "testsgcachesg72A723EA", + "GroupId" + ] + }, + SourceSecurityGroupId: { + "Fn::GetAtt": [ + "testsgcachesg72A723EA", + "GroupId" + ] + }, + }); + +}); diff --git a/source/patterns/@aws-solutions-constructs/core/test/test-helper.ts b/source/patterns/@aws-solutions-constructs/core/test/test-helper.ts index c4ed8f74f..189e58dd4 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/test-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/test-helper.ts @@ -17,9 +17,13 @@ import { Construct, RemovalPolicy, Stack } from "@aws-cdk/core"; import { buildVpc } from '../lib/vpc-helper'; import { DefaultPublicPrivateVpcProps, DefaultIsolatedVpcProps } from '../lib/vpc-defaults'; import { overrideProps, addCfnSuppressRules } from "../lib/utils"; +import { createCacheSubnetGroup } from "../lib/elasticache-helper"; import * as path from 'path'; +import * as cache from '@aws-cdk/aws-elasticache'; +import * as ec2 from '@aws-cdk/aws-ec2'; import * as acm from '@aws-cdk/aws-certificatemanager'; import { CfnFunction } from "@aws-cdk/aws-lambda"; +import { GetDefaultCachePort } from "../lib/elasticache-defaults"; export const fakeEcrRepoArn = 'arn:aws:ecr:us-east-1:123456789012:repository/fake-repo'; @@ -106,4 +110,37 @@ export function suppressAutoDeleteHandlerWarnings(stack: Stack) { } }); -} \ No newline at end of file +} + +export function CreateTestCache(scope: Construct, id: string, vpc: ec2.IVpc, port?: number) { + const cachePort = port ?? GetDefaultCachePort(); + + // Create the subnet group from all the isolated subnets in the VPC + const subnetGroup = createCacheSubnetGroup(scope, vpc, id); + const emptySG = new ec2.SecurityGroup(scope, `${id}-cachesg`, { + vpc, + allowAllOutbound: true, + }); + addCfnSuppressRules(emptySG, [{ id: "W40", reason: "Test Resource" }]); + addCfnSuppressRules(emptySG, [{ id: "W5", reason: "Test Resource" }]); + addCfnSuppressRules(emptySG, [{ id: "W36", reason: "Test Resource" }]); + + const cacheProps = { + clusterName: `${id}-cdk-cluster`, + cacheNodeType: "cache.t3.medium", + engine: "memcached", + numCacheNodes: 2, + port: cachePort, + azMode: "cross-az", + vpcSecurityGroupIds: [emptySG.securityGroupId], + cacheSubnetGroupName: subnetGroup.cacheSubnetGroupName, + }; + + const newCache = new cache.CfnCacheCluster( + scope, + `${id}-cluster`, + cacheProps + ); + newCache.addDependsOn(subnetGroup); + return newCache; +}