Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Renaming #57

Draft
wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

Renaming #57

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
f35e292
Renaming some modules
muhamadto Mar 20, 2024
1b0383b
Renaming some modules
muhamadto Mar 24, 2024
4ffa483
Renaming some modules
muhamadto Mar 24, 2024
fb7a498
Renaming some modules
muhamadto Mar 24, 2024
336218b
Renaming some modules
muhamadto Mar 24, 2024
18aa9b7
Merge branch 'renaming' of https://github.com/muhamadto/spring-native…
muhamadto Mar 25, 2024
0b97b1f
Merge branch 'renaming' of https://github.com/muhamadto/spring-native…
muhamadto Mar 25, 2024
25396ad
use `sandpiper` infra
muhamadto Mar 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,5 @@ README.md

settings-spring.xml

spring-native-aws-lambda-infra
spring-native-aws-service-infra
docker-compose.yml
8 changes: 6 additions & 2 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,15 +51,19 @@ jobs:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: maven-settings-xml-action
uses: whelk-io/maven-settings-xml-action@v22
with:
servers: '[{ "id": "github", "password": "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" }]'
- name: Build with Maven
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
ENV: ${{ env.ENV }}
COST_CENTRE: ${{ env.COST_CENTRE }}
run: |
./mvnw -ntp clean verify -DskipTests -pl spring-native-aws-lambda-infra
./mvnw -ntp clean -Pnative -DskipTests native:compile package -pl spring-native-aws-lambda-function
./mvnw -ntp clean verify -DskipTests -pl spring-native-aws-service-infra
./mvnw -ntp clean -Pnative -DskipTests native:compile package -pl spring-native-aws-service
- name: cdk diff
uses: muhamadto/aws-cdk-github-actions@v5
with:
Expand Down
2 changes: 1 addition & 1 deletion NOTICE
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
Apache [spring-native-aws-lambda-function]
Apache [spring-native-aws-function]
Copyright 2021 Muhammad Hamadto

This product includes software developed by:
Expand Down
2 changes: 1 addition & 1 deletion PULL_REQUEST_TEMPLATE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@

<!--- Please include the following in your Pull Request when applicable: -->

- [ ] Describe what you did in the pull request description
- [ ] Describe what you did in the pull secret description
- [ ] Add Unit and Integration Tests - at least 80% unit tests for new code.
- [ ] Added or updated documentation
247 changes: 180 additions & 67 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# spring-native-aws-lambda
# spring-native-aws-function

[![CodeQL](https://github.com/muhamadto/spring-native-aws-lambda/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/muhamadto/spring-native-aws-lambda/actions/workflows/codeql-analysis.yml)
[![Build](https://github.com/muhamadto/spring-native-aws-lambda/actions/workflows/build.yml/badge.svg)](https://github.com/muhamadto/spring-native-aws-lambda/actions/workflows/build.yml)
Expand Down Expand Up @@ -43,21 +43,26 @@ $ ./mvnw -ntp clean verify -U
```
The service responds
```json
[
{
"name": "CoffeeBeans",
"saved": true
}
]
{
"id": "production1234someapp",
"env": "production",
"costCentre": "1234",
"applicationName": "some-app",
"items": {
"GITHUB_TOKEN": "WOAH",
"AWS_ACCESS_KEY_ID": "OMG",
"AWS_SECRET_ACCESS_KEY": "OH NO"
}
}
```

#### Using `mvnw`

1. Run the following commands
```shell
$ export SPRING_PROFILES_ACTIVE=local
$ ./mvnw -ntp clean -Pnative -DskipTests native:compile package -pl spring-native-aws-lambda-function
$ ./spring-native-aws-lambda-function/target/spring-native-aws-lambda-function
$ ./mvnw -ntp clean -DskipTests -Pnative native:compile package -pl spring-native-aws-service
$ ./spring-native-aws-service/target/spring-native-aws-service
```
The service starts in less than 100 ms
```shell
Expand All @@ -77,17 +82,24 @@ $ ./mvnw -ntp clean verify -U
$ curl --location --request POST 'http://localhost:8080' \
--header 'Content-Type: application/json' \
--data-raw '{
"body": "{ \"name\": \"CoffeeBeans\" }"
"httpMethod": "POST",
"body": "{ \"env\": \"production\", \"costCentre\": \"1234\", \"applicationName\": \"some-app\", \"items\": { \"GITHUB_TOKEN\": \"WOAH\", \"AWS_ACCESS_KEY_ID\": \"OMG\", \"AWS_SECRET_ACCESS_KEY\": \"OH NO\" } }"
}'
```

The service responds
```json
[
{
"name": "CoffeeBeans",
"saved": true
}
]
{
"id": "production1234someapp",
"env": "production",
"costCentre": "1234",
"applicationName": "some-app",
"items": {
"GITHUB_TOKEN": "WOAH",
"AWS_ACCESS_KEY_ID": "OMG",
"AWS_SECRET_ACCESS_KEY": "OH NO"
}
}
```

### Github action
Expand Down Expand Up @@ -134,7 +146,7 @@ and the following trust relationship
"token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
},
"StringLike": {
"token.actions.githubusercontent.com:sub": "repo:{github-account-or-org}/spring-native-aws-lambda:*"
"token.actions.githubusercontent.com:sub": "repo:{github-account-or-org}/spring-native-aws-service:*"
}
}
}
Expand All @@ -150,67 +162,151 @@ and the following trust relationship
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ECRPermissions",
"Sid": "S3Permissions",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::cdk-cbcore-assets-718055627712-ap-southeast-2",
"arn:aws:s3:::cdk-cbcore-assets-718055627712-ap-southeast-2/*"
]
},
{
"Sid": "AGWPermissions",
"Effect": "Allow",
"Action": [
"ecr:CreateRepository",
"ecr:DeleteRepository",
"ecr:SetRepositoryPolicy",
"ecr:DescribeRepositories"
"apigateway:POST",
"apigateway:DELETE",
"apigateway:GET",
"apigateway:PATCH",
"apigateway:PUT"
],
"Resource": "arn:aws:ecr:{aws-region}:{aws-account-number}:repository/cdk-{qualifier}-container-assets-{aws-account-number}-{aws-region}"
"Resource": [
"arn:aws:apigateway:ap-southeast-2::/restapis",
"arn:aws:apigateway:ap-southeast-2::/restapis/*",
"arn:aws:apigateway:ap-southeast-2::/account",
"arn:aws:apigateway:ap-southeast-2::/tags/arn:aws:apigateway:ap-southeast-2::/restapis/*"
]
},
{
"Sid": "IAMPermissions",
"Sid": "SNSPermissions",
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:CreateRole",
"iam:DeleteRole",
"iam:AttachRolePolicy",
"iam:PutRolePolicy",
"iam:DetachRolePolicy",
"iam:DeleteRolePolicy"
"SNS:CreateTopic",
"SNS:DeleteTopic",
"SNS:Subscribe",
"SNS:GetTopicAttributes",
"SNS:ListSubscriptionsByTopic",
"SNS:Unsubscribe",
"SNS:TagResource",
"SNS:UntagResource"
],
"Resource": [
"arn:aws:iam::{aws-account-number}:role/cdk-{qualifier}-lookup-role-{aws-account-number}-{aws-region}",
"arn:aws:iam::{aws-account-number}:role/cdk-{qualifier}-file-publishing-role-{aws-account-number}-{aws-region}",
"arn:aws:iam::{aws-account-number}:role/cdk-{qualifier}-image-publishing-role-{aws-account-number}-{aws-region}",
"arn:aws:iam::{aws-account-number}:role/cdk-{qualifier}-cfn-exec-role-{aws-account-number}-{aws-region}",
"arn:aws:iam::{aws-account-number}:role/cdk-{qualifier}-deploy-role-{aws-account-number}-{aws-region}"
"arn:aws:sqs:ap-southeast-2:718055627712:SpringNativeAwsFunctionStack-LambdaDeadLetterTopic*"
]
},
{
"Sid": "S3Permissions",
"Sid": "SQSPermissions",
"Effect": "Allow",
"Action": [
"s3:PutBucketPublicAccessBlock",
"s3:CreateBucket",
"s3:DeleteBucketPolicy",
"s3:PutEncryptionConfiguration",
"s3:GetEncryptionConfiguration",
"s3:PutBucketPolicy",
"s3:DeleteBucket",
"s3:PutBucketVersioning"
"sqs:GetQueueAttributes",
"sqs:CreateQueue",
"sqs:DeleteQueue",
"sqs:GetQueueUrl",
"sqs:SetQueueAttributes",
"sqs:ListQueues"
],
"Resource": [
"arn:aws:s3:::{qualifier}-cdk-bucket"
"arn:aws:sqs:ap-southeast-2:718055627712:SpringNativeAwsFunctionStack-LambdaDeadLetterQueue*"
]
},
{
"Sid": "LambdaPermissions",
"Effect": "Allow",
"Action": [
"lambda:GetFunction",
"lambda:ListFunctions",
"lambda:DeleteFunction",
"lambda:CreateFunction",
"lambda:TagResource",
"lambda:AddPermission",
"lambda:RemovePermission",
"lambda:PutFunctionEventInvokeConfig",
"lambda:UpdateFunctionEventInvokeConfig",
"lambda:DeleteFunctionEventInvokeConfig",
"lambda:UpdateFunctionCode",
"lambda:ListTags",
"lambda:UpdateFunctionConfiguration"
],
"Resource": [
"arn:aws:lambda:ap-southeast-2:718055627712:function:SpringNativeAwsFunctionStack*"
]
},
{
"Sid": "SSMPermissions",
"Effect": "Allow",
"Action": [
"ssm:DeleteParameter",
"ssm:AddTagsToResource",
"ssm:GetParameters",
"ssm:PutParameter"
"ssm:GetParameters"
],
"Resource": [
"arn:aws:ssm:ap-southeast-2:718055627712:parameter/cdk-bootstrap/cbcore/version"
]
},
{
"Sid": "DynamoDBPermissions",
"Effect": "Allow",
"Action": [
"dynamodb:DescribeTable",
"dynamodb:CreateTable",
"dynamodb:DeleteTable",
"dynamodb:TagResource",
"dynamodb:UntagResource",
"dynamodb:ListTagsOfResource",
"dynamodb:DescribeTimeToLive",
"dynamodb:DescribeContributorInsights",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeKinesisStreamingDestination"
],
"Resource": [
"arn:aws:dynamodb:ap-southeast-2:718055627712:table/secrets",
"arn:aws:dynamodb:ap-southeast-2:718055627712:table/SpringNativeAwsFunction*"
]
},
{
"Sid": "IAMPermissions",
"Effect": "Allow",
"Action": [
"iam:PassRole",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:CreateRole",
"iam:PutRolePolicy",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:AttachRolePolicy",
"iam:DetachRolePolicy"
],
"Resource": [
"arn:aws:iam::718055627712:role/SpringNativeAwsFunction*"
]
},
{
"Sid": "CFNPermissions",
"Effect": "Allow",
"Action": "cloudformation:DescribeStacks",
"Resource": "arn:aws:cloudformation:ap-southeast-2:718055627712:stack/cbcore-example-function-dev-stack/*"
},
{
"Sid": "ApplicationAutoscalingPermissions",
"Effect": "Allow",
"Action": [
"application-autoscaling:DeregisterScalableTarget"
],
"Resource": "arn:aws:ssm:{aws-region}:{aws-account-number}:parameter/cdk-bootstrap/{qualifier}/version"
"Resource": [
"arn:aws:application-autoscaling:ap-southeast-2:718055627712:scalable-target/*"
]
}
]
}
```
}```

4. Create an IAM managed policy `CoffeebeansCoreCdkExecutionAccess` to be used
by `cdk-{qualifier}-cfn-exec-role-{aws-account-number}-{aws-region}` which is gonna be created by
Expand Down Expand Up @@ -259,7 +355,7 @@ and the following trust relationship
"SNS:UntagResource"
],
"Resource": [
"arn:aws:sns:{aws-region}:{aws-account-number}:spring-native-aws-lambda-function-dead-letter-topic"
"arn:aws:sns:{aws-region}:{aws-account-number}:spring-native-aws-function-dead-letter-topic"
]
},
{
Expand All @@ -281,8 +377,8 @@ and the following trust relationship
"lambda:UpdateFunctionConfiguration"
],
"Resource": [
"arn:aws:lambda:{aws-region}:{aws-account-number}:function:spring-native-aws-lambda-function",
"arn:aws:lambda:{aws-region}:{aws-account-number}:function:spring-native-aws-lambda-function:$LATEST"
"arn:aws:lambda:{aws-region}:{aws-account-number}:function:spring-native-aws-function",
"arn:aws:lambda:{aws-region}:{aws-account-number}:function:spring-native-aws-function:$LATEST"
]
},
{
Expand Down Expand Up @@ -310,9 +406,9 @@ and the following trust relationship
"iam:DetachRolePolicy"
],
"Resource": [
"arn:aws:iam::{aws-account-number}:role/spring-native-aws-lambda-springnativeawslambdafun-*",
"arn:aws:iam::{aws-account-number}:role/spring-native-aws-lambda-springnativeawslambdares-4FVJBBHF9EL2",
"arn:aws:iam::{aws-account-number}:role/spring-native-aws-lambda-function-rest-api/CloudWatchRole"
"arn:aws:iam::{aws-account-number}:role/spring-native-aws-service-springnativeawslambdafun-*",
"arn:aws:iam::{aws-account-number}:role/spring-native-aws-service-springnativeawslambdares-4FVJBBHF9EL2",
"arn:aws:iam::{aws-account-number}:role/spring-native-aws-function-rest-api/CloudWatchRole"
]
},
{
Expand Down Expand Up @@ -346,15 +442,32 @@ in step 4
Now that the setup is done you can deploy to AWS.

1. Create a new release in
Github [releases page](https://github.com/muhamadto/spring-native-aws-lambda/releases),
Github [releases page](https://github.com/muhamadto/spring-native-aws-service/releases),
the [github action](.github/workflows/release.yml) will start and a deployment to AWS
environment.
2. Test via curl
```shell
$ curl --location --request POST 'https://{api-id}.execute-api.ap-southeast-2.amazonaws.com/dev/name' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "CoffeeBeans"

POST

```shell
$ curl --location --request POST 'https://{apiid}.execute-api.ap-southeast-2.amazonaws.com/dev/' \
--header 'Content-Type: application/json' \
--data-raw '{
"env": "production",
"costCentre": "1234",
"applicationName": "some-app",
"items": {
"GITHUB_TOKEN": "WOAH",
"AWS_ACCESS_KEY_ID": "OMG",
"AWS_SECRET_ACCESS_KEY": "OH NO"
}
}'
```
3. Et voila! It runs with 500 ms for cold start.
```

GET

```shell
curl --request GET 'https://{apiid}.execute-api.ap-southeast-2.amazonaws.com/dev/production-1234-someapp'
```
3. Et voila! It runs with 500 ms for cold start.

5 changes: 4 additions & 1 deletion cdk.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
{
"app": "./mvnw exec:java -pl spring-native-aws-lambda-infra -Dexec.mainClass=com.coffeebeans.springnativeawslambda.infra.Application"
"app": "./mvnw exec:java -pl spring-native-aws-service-infra -Dexec.mainClass=com.coffeebeans.springnativeawslambda.infra.Application",
"context": {
"@aws-cdk/core:bootstrapQualifier": "cbcore"
}
}
Loading
Loading