-
Notifications
You must be signed in to change notification settings - Fork 5
/
app.py
151 lines (127 loc) · 4.6 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/usr/bin/env python3
""" CDK Configuration for the veda-backend stack."""
import subprocess
from aws_cdk import App, Aspects, Stack, Tags, aws_iam
from constructs import Construct
from config import veda_app_settings
from database.infrastructure.construct import RdsConstruct
from ingest_api.infrastructure.config import IngestorConfig as ingest_config
from ingest_api.infrastructure.construct import ApiConstruct as ingest_api_construct
from ingest_api.infrastructure.construct import IngestorConstruct as ingestor_construct
from network.infrastructure.construct import VpcConstruct
from permissions_boundary.infrastructure.construct import PermissionsBoundaryAspect
from raster_api.infrastructure.construct import RasterApiLambdaConstruct
from s3_website.infrastructure.construct import VedaWebsite
from stac_api.infrastructure.construct import StacApiLambdaConstruct
from eoapi_cdk import StacBrowser
app = App()
if veda_app_settings.bootstrap_qualifier:
app.node.set_context(
"@aws-cdk/core:bootstrapQualifier", veda_app_settings.bootstrap_qualifier
)
class VedaStack(Stack):
"""CDK stack for the veda-backend stack."""
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
"""."""
super().__init__(scope, construct_id, **kwargs)
if veda_app_settings.permissions_boundary_policy_name:
permissions_boundary_policy = (
aws_iam.ManagedPolicy.from_managed_policy_name(
self,
"permissions-boundary",
veda_app_settings.permissions_boundary_policy_name,
)
)
aws_iam.PermissionsBoundary.of(self).apply(permissions_boundary_policy)
Aspects.of(self).add(PermissionsBoundaryAspect(permissions_boundary_policy))
veda_stack = VedaStack(
app,
f"{veda_app_settings.app_name}-{veda_app_settings.stage_name()}",
env=veda_app_settings.cdk_env(),
)
if veda_app_settings.vpc_id:
vpc = VpcConstruct(
veda_stack,
"network",
vpc_id=veda_app_settings.vpc_id,
stage=veda_app_settings.stage_name(),
)
else:
vpc = VpcConstruct(veda_stack, "network", stage=veda_app_settings.stage_name())
database = RdsConstruct(
veda_stack,
"database",
vpc=vpc.vpc,
subnet_ids=veda_app_settings.subnet_ids,
stage=veda_app_settings.stage_name(),
)
raster_api = RasterApiLambdaConstruct(
veda_stack,
"raster-api",
stage=veda_app_settings.stage_name(),
vpc=vpc.vpc,
database=database,
)
stac_api = StacApiLambdaConstruct(
veda_stack,
"stac-api",
stage=veda_app_settings.stage_name(),
vpc=vpc.vpc,
database=database,
raster_api=raster_api,
)
website = VedaWebsite(
veda_stack, "stac-browser-bucket", stage=veda_app_settings.stage_name()
)
# Only create a stac browser if we can infer the catalog url from configuration before synthesis (API Gateway URL not yet available)
stac_catalog_url = veda_app_settings.get_stac_catalog_url()
if stac_catalog_url:
stac_browser = StacBrowser(
veda_stack,
"stac-browser",
github_repo_tag=veda_app_settings.stac_browser_tag,
stac_catalog_url=stac_catalog_url,
bucket_arn=website.bucket.bucket_arn,
)
db_secret_name = database.pgstac.secret.secret_name
db_security_group = database.db_security_group
# ingestor config requires references to other resources, but can be shared between ingest api and bulk ingestor
ingestor_config = ingest_config(
stage=veda_app_settings.stage_name(),
stac_db_security_group_id=db_security_group.security_group_id,
stac_api_url=stac_api.stac_api.url,
raster_api_url=raster_api.raster_api.url,
)
ingest_api = ingest_api_construct(
veda_stack,
"ingest-api",
config=ingestor_config,
db_secret=database.pgstac.secret,
db_vpc=vpc.vpc,
db_vpc_subnets=database.vpc_subnets,
)
ingestor = ingestor_construct(
veda_stack,
"IngestorConstruct",
config=ingestor_config,
table=ingest_api.table,
db_secret=database.pgstac.secret,
db_vpc=vpc.vpc,
db_vpc_subnets=database.vpc_subnets,
)
git_sha = subprocess.check_output(["git", "rev-parse", "HEAD"]).decode().strip()
try:
git_tag = subprocess.check_output(["git", "describe", "--tags"]).decode().strip()
except subprocess.CalledProcessError:
git_tag = "no-tag"
for key, value in {
"Project": veda_app_settings.app_name,
"Stack": veda_app_settings.stage_name(),
"Client": "nasa-impact",
"Owner": veda_app_settings.owner,
"GitCommit": git_sha,
"GitTag": git_tag,
}.items():
if value:
Tags.of(app).add(key=key, value=value)
app.synth()