Merge branch 'renaming' of https://github.com/muhamadto/spring-native-aws-lambda into renaming

Author: muhamadto

README.md

@@ -77,17 +77,22 @@ $ ./mvnw -ntp clean verify -U
    $ curl --location --request POST 'http://localhost:8080' \
    --header 'Content-Type: application/json' \
    --data-raw '{
-        "body": "{ \"name\": \"CoffeeBeans\" }"
+        "body": "{ \"env\": \"production\", \"costCentre\": \"1234\", \"applicationName\": \"some-app\", \"items\": { \"GITHUB_TOKEN\": \"WOAH\", \"AWS_ACCESS_KEY_ID\": \"OMG\", \"AWS_SECRET_ACCESS_KEY\": \"OH NO\" } }"
       }'
     ```
    The service responds
    ```json
-   [
-       {
-           "name": "CoffeeBeans",
-           "saved": true
-       }
-   ]
+   {
+      "id": "production1234someapp",
+      "env": "production",
+       "costCentre": "1234",
+       "applicationName": "some-app",
+       "items": {
+          "GITHUB_TOKEN": "WOAH",
+          "AWS_ACCESS_KEY_ID": "OMG",
+          "AWS_SECRET_ACCESS_KEY": "OH NO"
+      }
+   }
    ```
 
 ### Github action
@@ -150,67 +155,151 @@ and the following trust relationship
    "Version": "2012-10-17",
    "Statement": [
       {
-         "Sid": "ECRPermissions",
+         "Sid": "S3Permissions",
+         "Effect": "Allow",
+         "Action": "s3:GetObject",
+         "Resource": [
+            "arn:aws:s3:::cdk-cbcore-assets-718055627712-ap-southeast-2",
+            "arn:aws:s3:::cdk-cbcore-assets-718055627712-ap-southeast-2/*"
+         ]
+      },
+      {
+         "Sid": "AGWPermissions",
          "Effect": "Allow",
          "Action": [
-            "ecr:CreateRepository",
-            "ecr:DeleteRepository",
-            "ecr:SetRepositoryPolicy",
-            "ecr:DescribeRepositories"
+            "apigateway:POST",
+            "apigateway:DELETE",
+            "apigateway:GET",
+            "apigateway:PATCH",
+            "apigateway:PUT"
          ],
-         "Resource": "arn:aws:ecr:{aws-region}:{aws-account-number}:repository/cdk-{qualifier}-container-assets-{aws-account-number}-{aws-region}"
+         "Resource": [
+            "arn:aws:apigateway:ap-southeast-2::/restapis",
+            "arn:aws:apigateway:ap-southeast-2::/restapis/*",
+            "arn:aws:apigateway:ap-southeast-2::/account",
+            "arn:aws:apigateway:ap-southeast-2::/tags/arn:aws:apigateway:ap-southeast-2::/restapis/*"
+         ]
       },
       {
-         "Sid": "IAMPermissions",
+         "Sid": "SNSPermissions",
          "Effect": "Allow",
          "Action": [
-            "iam:GetRole",
-            "iam:CreateRole",
-            "iam:DeleteRole",
-            "iam:AttachRolePolicy",
-            "iam:PutRolePolicy",
-            "iam:DetachRolePolicy",
-            "iam:DeleteRolePolicy"
+            "SNS:CreateTopic",
+            "SNS:DeleteTopic",
+            "SNS:Subscribe",
+            "SNS:GetTopicAttributes",
+            "SNS:ListSubscriptionsByTopic",
+            "SNS:Unsubscribe",
+            "SNS:TagResource",
+            "SNS:UntagResource"
          ],
          "Resource": [
-            "arn:aws:iam::{aws-account-number}:role/cdk-{qualifier}-lookup-role-{aws-account-number}-{aws-region}",
-            "arn:aws:iam::{aws-account-number}:role/cdk-{qualifier}-file-publishing-role-{aws-account-number}-{aws-region}",
-            "arn:aws:iam::{aws-account-number}:role/cdk-{qualifier}-image-publishing-role-{aws-account-number}-{aws-region}",
-            "arn:aws:iam::{aws-account-number}:role/cdk-{qualifier}-cfn-exec-role-{aws-account-number}-{aws-region}",
-            "arn:aws:iam::{aws-account-number}:role/cdk-{qualifier}-deploy-role-{aws-account-number}-{aws-region}"
+            "arn:aws:sqs:ap-southeast-2:718055627712:SpringNativeAwsFunctionStack-LambdaDeadLetterTopic*"
          ]
       },
       {
-         "Sid": "S3Permissions",
+         "Sid": "SQSPermissions",
          "Effect": "Allow",
          "Action": [
-            "s3:PutBucketPublicAccessBlock",
-            "s3:CreateBucket",
-            "s3:DeleteBucketPolicy",
-            "s3:PutEncryptionConfiguration",
-            "s3:GetEncryptionConfiguration",
-            "s3:PutBucketPolicy",
-            "s3:DeleteBucket",
-            "s3:PutBucketVersioning"
+            "sqs:GetQueueAttributes",
+            "sqs:CreateQueue",
+            "sqs:DeleteQueue",
+            "sqs:GetQueueUrl",
+            "sqs:SetQueueAttributes",
+            "sqs:ListQueues"
+         ],
+         "Resource": [
+            "arn:aws:sqs:ap-southeast-2:718055627712:SpringNativeAwsFunctionStack-LambdaDeadLetterQueue*"
+         ]
+      },
+      {
+         "Sid": "LambdaPermissions",
+         "Effect": "Allow",
+         "Action": [
+            "lambda:GetFunction",
+            "lambda:ListFunctions",
+            "lambda:DeleteFunction",
+            "lambda:CreateFunction",
+            "lambda:TagResource",
+            "lambda:AddPermission",
+            "lambda:RemovePermission",
+            "lambda:PutFunctionEventInvokeConfig",
+            "lambda:UpdateFunctionEventInvokeConfig",
+            "lambda:DeleteFunctionEventInvokeConfig",
+            "lambda:UpdateFunctionCode",
+            "lambda:ListTags",
+            "lambda:UpdateFunctionConfiguration"
          ],
          "Resource": [
-            "arn:aws:s3:::{qualifier}-cdk-bucket"
+            "arn:aws:lambda:ap-southeast-2:718055627712:function:SpringNativeAwsFunctionStack*"
          ]
       },
       {
          "Sid": "SSMPermissions",
          "Effect": "Allow",
          "Action": [
-            "ssm:DeleteParameter",
-            "ssm:AddTagsToResource",
-            "ssm:GetParameters",
-            "ssm:PutParameter"
+            "ssm:GetParameters"
+         ],
+         "Resource": [
+            "arn:aws:ssm:ap-southeast-2:718055627712:parameter/cdk-bootstrap/cbcore/version"
+         ]
+      },
+      {
+         "Sid": "DynamoDBPermissions",
+         "Effect": "Allow",
+         "Action": [
+            "dynamodb:DescribeTable",
+            "dynamodb:CreateTable",
+            "dynamodb:DeleteTable",
+            "dynamodb:TagResource",
+            "dynamodb:UntagResource",
+            "dynamodb:ListTagsOfResource",
+            "dynamodb:DescribeTimeToLive",
+            "dynamodb:DescribeContributorInsights",
+            "dynamodb:DescribeContinuousBackups",
+            "dynamodb:DescribeKinesisStreamingDestination"
          ],
-         "Resource": "arn:aws:ssm:{aws-region}:{aws-account-number}:parameter/cdk-bootstrap/{qualifier}/version"
+         "Resource": [
+            "arn:aws:dynamodb:ap-southeast-2:718055627712:table/secrets",
+            "arn:aws:dynamodb:ap-southeast-2:718055627712:table/SpringNativeAwsFunction*"
+         ]
+      },
+      {
+         "Sid": "IAMPermissions",
+         "Effect": "Allow",
+         "Action": [
+            "iam:PassRole",
+            "iam:GetRole",
+            "iam:GetRolePolicy",
+            "iam:CreateRole",
+            "iam:PutRolePolicy",
+            "iam:DeleteRole",
+            "iam:DeleteRolePolicy",
+            "iam:AttachRolePolicy",
+            "iam:DetachRolePolicy"
+         ],
+         "Resource": [
+            "arn:aws:iam::718055627712:role/SpringNativeAwsFunction*"
+         ]
+      },
+      {
+         "Sid": "CFNPermissions",
+         "Effect": "Allow",
+         "Action": "cloudformation:DescribeStacks",
+         "Resource": "arn:aws:cloudformation:ap-southeast-2:718055627712:stack/cbcore-example-function-dev-stack/*"
+      },
+      {
+         "Sid": "ApplicationAutoscalingPermissions",
+         "Effect": "Allow",
+         "Action": [
+            "application-autoscaling:DeregisterScalableTarget"
+         ],
+         "Resource": [
+            "arn:aws:application-autoscaling:ap-southeast-2:718055627712:scalable-target/*"
+         ]
       }
    ]
-}
-```
+}```
 
 4. Create an IAM managed policy `CoffeebeansCoreCdkExecutionAccess` to be used
    by `cdk-{qualifier}-cfn-exec-role-{aws-account-number}-{aws-region}` which is gonna be created by
@@ -351,10 +440,18 @@ Now that the setup is done you can deploy to AWS.
    environment.
 2. Test via curl
     ```shell
-   $ curl --location --request POST 'https://{api-id}.execute-api.ap-southeast-2.amazonaws.com/dev/name' \
-   --header 'Content-Type: application/json' \
-   --data-raw '{
-        "name": "CoffeeBeans"
+   $ curl --location --request POST 'https://lmk0qo0xrl.execute-api.ap-southeast-2.amazonaws.com/dev/' \
+    --header 'Content-Type: application/json' \
+    --data-raw '{
+        "env": "production",
+        "costCentre": "1234",
+        "applicationName": "some-app",
+        "items": {
+            "GITHUB_TOKEN": "WOAH",
+            "AWS_ACCESS_KEY_ID": "OMG",
+            "AWS_SECRET_ACCESS_KEY": "OH NO"
+          }
       }'
     ```
-3. Et voila! It runs with 500 ms for cold start.
+3. Et voila! It runs with 500 ms for cold start.
+

cdk.json

@@ -1,3 +1,6 @@
 {
-  "app": "./mvnw exec:java -pl spring-native-aws-service-infra -Dexec.mainClass=com.coffeebeans.springnativeawslambda.infra.Application"
+  "app": "./mvnw --settings /Users/muhammad/.m2/settings-nonqantas.xml exec:java -pl spring-native-aws-service-infra -Dexec.mainClass=com.coffeebeans.springnativeawslambda.infra.Application",
+  "context": {
+    "@aws-cdk/core:bootstrapQualifier": "cbcore"
+  }
 }

spring-native-aws-service-infra/src/main/java/com/coffeebeans/springnativeawslambda/infra/Application.java

@@ -37,13 +37,15 @@
 public final class Application extends AbstractApp {
   private static final String ENVIRONMENT_NAME_DEV = "dev";
   private static final String ENVIRONMENT_NAME_PRD = "prd";
-  private static final String LAMBDA_CODE_PATH = "spring-native-aws-service/target/spring-native-aws-function-native-zip.zip";
+
+
+  private static final String LAMBDA_CODE_PATH = "spring-native-aws-service/target/spring-native-aws-service-native-zip.zip";
 
   public static void main(final String... args) {
     final Application app = new Application();
 
     final String env = System.getenv(KEY_ENV);
-    checkNotNull(env, "'env' environment variable is required");
+    checkNotNull(env, "'ENVIRONMENT' environment variable is required");
 
     switch (env) {
       case ENVIRONMENT_NAME_DEV -> new SpringNativeAwsFunctionStack(app, COFFEE_BEANS_DEV_111111111111_AP_SOUTHEAST_2, LAMBDA_CODE_PATH, env);

spring-native-aws-service-infra/src/main/java/com/coffeebeans/springnativeawslambda/infra/SpringNativeAwsFunctionStack.java

@@ -22,9 +22,7 @@
 import static software.amazon.awscdk.services.iam.ManagedPolicy.fromAwsManagedPolicyName;
 import static software.amazon.awscdk.services.lambda.Code.fromAsset;
 
-import com.coffeebeans.cdk.core.AbstractApp;
 import com.coffeebeans.cdk.core.AbstractEnvironment;
-import com.coffeebeans.cdk.core.construct.BaseStack;
 import com.coffeebeans.cdk.core.construct.dynamodb.TableV2;
 import com.coffeebeans.cdk.core.construct.dynamodb.TableV2.TableProps;
 import com.coffeebeans.cdk.core.construct.lambda.CustomRuntime2023Function;
@@ -36,33 +34,36 @@
 import javax.validation.constraints.NotBlank;
 import org.apache.commons.lang3.StringUtils;
 import org.jetbrains.annotations.NotNull;
+import software.amazon.awscdk.DefaultStackSynthesizer;
 import software.amazon.awscdk.Duration;
+import software.amazon.awscdk.RemovalPolicy;
+import software.amazon.awscdk.Stack;
+import software.amazon.awscdk.StackProps;
 import software.amazon.awscdk.services.apigateway.LambdaRestApi;
 import software.amazon.awscdk.services.apigateway.Resource;
 import software.amazon.awscdk.services.apigateway.StageOptions;
 import software.amazon.awscdk.services.dynamodb.Attribute;
 import software.amazon.awscdk.services.dynamodb.AttributeType;
-import software.amazon.awscdk.services.iam.IGrantable;
 import software.amazon.awscdk.services.iam.IManagedPolicy;
 import software.amazon.awscdk.services.iam.Role;
 import software.amazon.awscdk.services.iam.ServicePrincipal;
 import software.amazon.awscdk.services.lambda.AssetCode;
 import software.amazon.awscdk.services.lambda.Function;
 
-public class SpringNativeAwsFunctionStack extends BaseStack {
+public class SpringNativeAwsFunctionStack extends Stack {
 
   private static final int LAMBDA_FUNCTION_TIMEOUT_IN_SECONDS = 3;
   private static final int LAMBDA_FUNCTION_MEMORY_SIZE = 512;
   private static final int LAMBDA_FUNCTION_RETRY_ATTEMPTS = 2;
   private static final String LAMBDA_HANDLER = "org.springframework.cloud.function.adapter.aws.FunctionInvoker::handleRequest";
   private static final String ENVIRONMENT_VARIABLE_SPRING_PROFILES_ACTIVE = "SPRING_PROFILES_ACTIVE";
 
-
-  public SpringNativeAwsFunctionStack(@NotNull final AbstractApp app,
+  public SpringNativeAwsFunctionStack(@NotNull final Application app,
       @NotNull final AbstractEnvironment environment,
       @NotBlank final String lambdaCodePath,
       @NotBlank final String stage) {
-    super(app, environment);
+    super(app, "SpringNativeAwsFunctionStack",
+        StackProps.builder().synthesizer(DefaultStackSynthesizer.Builder.create().qualifier("cbcore").build()).build());
 
     final List<IManagedPolicy> managedPolicies =
         List.of(fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"));
@@ -95,6 +96,7 @@ public SpringNativeAwsFunctionStack(@NotNull final AbstractApp app,
         .partitionKey(Attribute.builder().name("id").type(AttributeType.STRING).build())
         .timeToLiveAttribute("creationTime")
         .tableName(KebabCaseString.of("secrets"))
+        .removalPolicy(RemovalPolicy.RETAIN_ON_UPDATE_OR_DELETE)
         .build();
 
     final software.amazon.awscdk.services.dynamodb.TableV2 tableV2 = new TableV2(this, SafeString.of("Table"), tableProps).getTable();

spring-native-aws-service/pom.xml

@@ -43,7 +43,9 @@
 
   <properties>
     <spring-cloud.version>2023.0.0</spring-cloud.version>
-    <repackage.classifier />
+    <repackage.classifier/>
+    <maven.compiler.source>21</maven.compiler.source>
+    <maven.compiler.target>21</maven.compiler.target>
   </properties>
 
   <dependencyManagement>

spring-native-aws-service/src/assembly/native.xml

@@ -40,7 +40,7 @@
       <useDefaultExcludes>true</useDefaultExcludes>
       <fileMode>0775</fileMode>
       <includes>
-        <include>spring-native-aws-function</include>
+        <include>spring-native-aws-service</include>
       </includes>
     </fileSet>
   </fileSets>