template-db-ingress-gateway

template-db-ingress-gateway/.babelrc

@@ -0,0 +1,33 @@
+{
+  "presets": [
+    [
+      "@babel/preset-env",
+      {
+        "targets": {
+          "node": "20"
+        }
+      }
+    ]
+  ],
+  "plugins": [
+    "@babel/plugin-transform-runtime"
+  ],
+  "env": {
+    "test": {
+      "plugins": [
+        "istanbul"
+      ],
+      "presets": [
+        [
+          "@babel/preset-env",
+          {
+            "targets": {
+              "node": "20"
+            },
+            "modules": "umd"
+          }
+        ]
+      ]
+    }
+  }
+}

template-db-ingress-gateway/.editorconfig

@@ -0,0 +1,21 @@
+# EditorConfig is awesome: http://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+trim_trailing_whitespace = true
+end_of_line = lf
+insert_final_newline = true
+
+# Set default charset
+[*.{js,ts,css,json}]
+charset = utf-8
+indent_style = space
+indent_size = 2
+
+# Matches the exact files package.json
+[{package.json}]
+indent_style = space
+indent_size = 2

template-db-ingress-gateway/.eslintignore

@@ -0,0 +1,8 @@
+tools/
+lib/
+coverage/
+webpack.config.js
+.idea
+*.iml
+mappings.js
+bak

template-db-ingress-gateway/.eslintrc.js

@@ -0,0 +1,41 @@
+module.exports = {
+  parser: '@babel/eslint-parser',
+  extends: 'airbnb-base',
+  plugins: [],
+  env: {
+    node: true,
+    mocha: true,
+    commonjs: true,
+  },
+  parserOptions: {
+    ecmaVersion: 6,
+    sourceType: 'module',
+  },
+  rules: {
+    'linebreak-style': 0,
+    'max-len': [1, 140, 2, { ignoreComments: true, ignoreStrings: true }],
+    'quote-props': [1, 'consistent-as-needed'],
+    'no-cond-assign': [2, 'except-parens'],
+    'space-infix-ops': 0,
+    'no-unused-vars': [1, { vars: 'local', args: 'none' }],
+    'default-case': 0,
+    'no-else-return': 0,
+    'no-param-reassign': 0,
+    'comma-dangle': 1,
+    'indent': 1,
+    'object-curly-spacing': 1,
+    'arrow-body-style': 1,
+    'no-console': 0,
+    'prefer-template': 1,
+    'import/no-unresolved': 1,
+    'import/no-extraneous-dependencies': [2, { devDependencies: ['**/test/**/*.js'] }],
+    'global-require': 1,
+    'no-underscore-dangle': 0,
+    'new-cap': 0,
+    'no-use-before-define': 0,
+    'no-useless-escape': 0,
+    'no-unused-expressions': 0,
+    'class-methods-use-this': 0,
+  },
+  globals: {},
+};

template-db-ingress-gateway/.gitignore

@@ -0,0 +1,8 @@
+node_modules
+.serverless
+.webpack
+.DS_Store
+coverage
+.nyc_output
+*.log
+bak

template-db-ingress-gateway/.nycrc

@@ -0,0 +1,28 @@
+{
+    "lines": 100,
+    "statements": 100,
+    "functions": 100,
+    "branches": 100,
+    "include": [
+      "src/**/*.js"
+    ],
+    "exclude": [
+      "test/int/**/*.test.js",
+      "test/unit/**/*.test.js"
+    ],
+    "require": [
+      "@babel/register",
+      "./test/helper.js"
+    ],
+    "reporter": [
+      "text",
+      "lcov",
+      "html",
+      "text-summary"
+    ],
+    "sourceMap": false,
+    "instrument": false,
+    "cache": false,
+    "check-coverage": true,
+    "all": true
+}

template-db-ingress-gateway/README.md

@@ -0,0 +1 @@
+# template-db-ingress-gateway

template-db-ingress-gateway/cvo/bus.yml

@@ -0,0 +1,5 @@
+iamRoleStatements:
+  Effect: Allow
+  Action:
+    - events:PutEvents
+  Resource: ${self:provider.environment.BUS_ARN}

template-db-ingress-gateway/cvo/cfn.yml

@@ -0,0 +1,5 @@
+deploymentBucket: 
+  # name: ${self:custom.org}-${self:custom.subsys}-sls-deploy-${opt:stage}-${opt:region}
+  name: my-cvo-deploy-dev-us-west-2
+
+deploymentRole: arn:${aws:partition}:iam::${aws:accountId}:role/${self:custom.subsys}-cfn-exec-${opt:stage}

template-db-ingress-gateway/cvo/conditions.yml

@@ -0,0 +1,9 @@
+Conditions:
+  IsWest:
+    Fn::Equals:
+      - ${opt:region}
+      - us-west-2
+  IsEast:
+    Fn::Equals:
+      - ${opt:region}
+      - us-east-1

template-db-ingress-gateway/cvo/config.yml

@@ -0,0 +1,41 @@
+params:
+  stg:
+    debug: '*'
+    account: stg # nonprod
+    logRetentionInDays: 3
+  prd:
+    debug: ''
+    account: prod
+    logRetentionInDays: 30
+
+custom:
+  partition: aws
+  org: my
+  subsys: template
+  # webpack:
+  #   isLegacy: true
+  #   includeModules:
+  #     forceExclude:
+  #       - '@aws-sdk/client-dynamodb'
+  #       - '@aws-sdk/lib-dynamodb'
+  tableArn: ${file(cvo/dynamodb.yml):tableArn.${opt:region}}
+  tableStreamArn: ${file(cvo/dynamodb.yml):tableStreamArn.${opt:region}}
+  failover:
+    us-west-2: us-east-1
+    us-east-1: us-west-2 
+
+environment:
+  ACCOUNT_NAME: ${param:account}
+  PROJECT: ${self:service}
+  STAGE: ${opt:stage}
+  DEBUG: ${param:debug}
+  AWS_NODEJS_CONNECTION_REUSE_ENABLED: 1
+  ENTITY_TABLE_NAME: ${self:service}-${opt:stage}-entities
+  # ENTITY_DATA_INDEX: gsi1
+  BUS_NAME: ${cf:${self:custom.subsys}-event-hub-${opt:stage}.busName, 'unknown'}
+  BUS_ARN: ${cf:${self:custom.subsys}-event-hub-${opt:stage}.busArn, 'unknown'}
+  STREAM_ARN: ${cf:${self:custom.subsys}-event-hub-${opt:stage}.stream1Arn, 'unknown'}
+  FAILOVER_REGION: ${self:custom.failover.${opt:region}}
+  # MASTER_KEY_ALIAS: ${cf:${self:custom.subsys}-global-resources-${opt:stage}.MasterKeyAlias}
+  # MASTER_KEY_ARN: ${cf:${self:custom.subsys}-global-resources-${opt:stage}.MasterKeyArn}
+  # KMS_REGIONS: us-east-1,us-west-2

template-db-ingress-gateway/cvo/dynamodb.yml

@@ -0,0 +1,94 @@
+tableArn:
+  us-west-2:
+    Fn::GetAtt: [ EntitiesTable, Arn ]
+  us-east-1: # ${awsdesc:DynamoDB.describeTable.TableName.${self:provider.environment.ENTITY_TABLE_NAME}.Table.TableArn}
+    Fn::GetAtt: [ EntitiesTable, Arn ]
+
+tableStreamArn:
+  us-west-2:
+    Fn::GetAtt: [ EntitiesTable, StreamArn ]
+  us-east-1: # ${awsdesc:DynamoDB.describeTable.TableName.${self:provider.environment.ENTITY_TABLE_NAME}.Table.LatestStreamArn}
+    Fn::GetAtt: [ EntitiesTable, StreamArn ]
+
+iamRoleStatements:
+  Effect: Allow
+  Action:
+    - dynamodb:Query
+    - dynamodb:GetItem
+    - dynamodb:UpdateItem
+    - dynamodb:PutItem
+  Resource:
+    - ${self:custom.tableArn}
+    - Fn::Join:
+        - '/'
+        - - ${self:custom.tableArn}
+          - index
+          - gsi1        
+
+filterPatterns:
+  - eventName: [ INSERT, MODIFY ]
+    dynamodb:
+      NewImage:
+        awsregion:
+          S:
+            - ${opt:region}
+  - eventName: [ REMOVE ]
+    dynamodb:
+      OldImage:
+        awsregion:
+          S:
+            - ${opt:region}
+
+resources:
+  Resources:
+    EntitiesTable:
+      Type: AWS::DynamoDB::GlobalTable
+      Condition: IsWest # west will own global tables based on order of deployment
+      # DeletionPolicy: Retain
+      Properties:
+        TableName: ${self:provider.environment.ENTITY_TABLE_NAME}
+        AttributeDefinitions:
+          - AttributeName: pk
+            AttributeType: S
+          - AttributeName: sk
+            AttributeType: S
+          - AttributeName: discriminator
+            AttributeType: S
+          # - AttributeName: data
+          #   AttributeType: S
+        KeySchema:
+          - AttributeName: pk
+            KeyType: HASH
+          - AttributeName: sk
+            KeyType: RANGE
+        GlobalSecondaryIndexes:
+          - IndexName: gsi1
+            KeySchema:
+              - AttributeName: discriminator
+                KeyType: HASH
+              - AttributeName: pk
+                KeyType: RANGE
+            Projection:
+              ProjectionType: ALL
+        #   - IndexName: gsi2
+        #     KeySchema:
+        #       - AttributeName: discriminator
+        #         KeyType: HASH
+        #       - AttributeName: data
+        #         KeyType: RANGE
+        #     Projection:
+        #       ProjectionType: ALL
+        Replicas:
+          # - Region: ${opt:region} # when not replicating
+          - Region: us-west-2
+            # PointInTimeRecoverySpecification:
+            #   PointInTimeRecoveryEnabled: true
+          - Region: us-east-1
+        BillingMode: PAY_PER_REQUEST
+        StreamSpecification:
+          StreamViewType: NEW_AND_OLD_IMAGES
+        TimeToLiveSpecification:
+          AttributeName: ttl
+          Enabled: true
+        SSESpecification:
+          SSEEnabled: true

template-db-ingress-gateway/cvo/iam.yml

@@ -0,0 +1,7 @@
+role:
+  permissionsBoundary: arn:${self:custom.partition}:iam::${aws:accountId}:policy/${self:custom.subsys}-boundary-${opt:stage}
+  statements:
+    - ${file(cvo/dynamodb.yml):iamRoleStatements}
+    - ${file(cvo/bus.yml):iamRoleStatements}
+    # - ${file(cvo/secrets.yml):iamRoleStatements}
+    # - ${file(cvo/kms.yml):iamRoleStatements}

template-db-ingress-gateway/cvo/kms.yml

@@ -0,0 +1,7 @@
+iamRoleStatements:
+  Effect: Allow
+  Action:
+    - kms:GenerateDataKey
+    - kms:Encrypt
+    - kms:Decrypt
+  Resource: ${self:provider.environment.MASTER_KEY_ARN}

template-db-ingress-gateway/cvo/tags.yml

@@ -0,0 +1,4 @@
+service: ${self:service}
+env: ${opt:stage}
+# GitCommit: ${env:GIT_COMMIT, 'tbd'}
+# GitCommit: ${env:CI_COMMIT_SHA, 'tbd'}