EREGCSC-2859 Migrate the site lambdas and database to CDK #1522
+4,435
−1,395
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves EREGCSC-2858 and EREGCSC-2859
Description
This PR is the result of two JIRA stories:
This is part of our broader initiative to standardize our infrastructure as code using CDK.
This pull request changes:
From 2858:
CDK Migration: Backend Infrastructure and Static Assets
Resolves EREGCSC-2858 and EREGCSC-2859
Description
Migration of site lambdas and database infrastructure to CDK (EREGCSC-2859)
Site Lambda and Database Migration (EREGCSC-2859)
Migrated site lambdas to Docker-based deployments
Implemented Docker Lambda factory pattern for consistent configuration
Integrated AWS Secrets Manager for credential management
Configured VPC networking and security groups
Added WAF integration with API Gateway
Implemented proper IAM roles and permissions
Added support for non-prod environment authorizer lambda
Deploy the stack to the eph-1522 environment:
bashCopycdk deploy --app 'npx ts-node bin/app.ts' "*-eph-1522"
Verify successful creation of all stacks in CloudFormation:
Backend stack
Static assets stack
Parser stack
Text extractor stack
Functional Verification
Access the API Gateway endpoint:
Verify page loading
Test navigation and links
Confirm static asset delivery
Validate API functionality
Test Security Features:
Verify WAF rules
Test authentication flows
Validate secure asset access
Database Operations:
Verify database connections
Test CRUD operations
Validate migration scripts
Environment Variables
Ensure the following environment variables are properly set:
CopySTAGE_ENV=eph-1522
DEPLOY_NUMBER=[build_number]
Notes
This migration maintains backward compatibility with existing systems
Security groups are properly shared between ephemeral environments
All secrets have been migrated to AWS Secrets Manager
Cross-stack references are handled via CloudFormation exports