Add resource name utility and update DynamoDB table names based on environment

Author: av1choudharyy

.github/workflows/deploy.yml

@@ -34,5 +34,16 @@ jobs:
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ap-south-1
 
+      - name: Determine Environment Name
+        run: |
+          if [[ $GITHUB_REF == refs/heads/main ]]; then
+            ENV_NAME="prod"
+          elif [[ $GITHUB_REF == refs/heads/stage ]]; then
+            ENV_NAME="stg"
+          else
+            ENV_NAME="dev"
+          fi
+          echo "ENV_NAME=$ENV_NAME" >> $GITHUB_ENV
+
       - name: Deploy CDK
-        run: cdk deploy --all --require-approval never
+        run: cdk deploy --all -c env=${{ env.ENV_NAME }} --require-approval never

bin/backend.ts

@@ -3,40 +3,30 @@ import 'source-map-support/register';
 import * as cdk from 'aws-cdk-lib';
 import { S3Stack } from '../lib/s3-stack';
 import { DynamoTableStack } from '../lib/dynamo-stack';
-import { WebSocketStack } from '../lib/webSocket-stack';
 import { AuthStack } from '../lib/auth-stack';
 import { OrderStack } from '../lib/order-stack';
 import { RestaurantStack } from '../lib/restaurant-stack';
 import { HttpStack } from '../lib/httpAPI-stack';
+import { CertificateStack } from '../lib/certificate-stack';
 
 const app = new cdk.App();
-// new BackendStack(app, 'BackendStack', {
-//   /* If you don't specify 'env', this stack will be environment-agnostic.
-//    * Account/Region-dependent features and context lookups will not work,
-//    * but a single synthesized template can be deployed anywhere. */
 
-//   /* Uncomment the next line to specialize this stack for the AWS Account
-//    * and Region that are implied by the current CLI configuration. */
-//   // env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
+const envName = app.node.tryGetContext('env');
+if (!envName) {
+  throw new Error('env is required')
+}
 
-//   /* Uncomment the next line if you know exactly what Account and Region you
-//    * want to deploy the stack to. */
-//   // env: { account: '123456789012', region: 'us-east-1' },
 
-//   /* For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html */
-// });
 const env = {
   account: process.env.CDK_DEFAULT_ACCOUNT,
   region: process.env.CDK_DEFAULT_REGION,
 };
-new HttpStack(app, 'HttpStack', { env });
-new DynamoTableStack(app, 'DynamoStack', { env, terminationProtection: true });
-new AuthStack(app, 'AuthStack', { env });
-new S3Stack(app, 'S3Stack', { env, terminationProtection: true });
-new OrderStack(app, 'OrderStack', { env });
-new RestaurantStack(app, 'RestaurantStack', { env });
-// new WebSocketStack(app, 'WebSocketStack', {
-//   // liveRestaurantConnectionsTable,
-//   env,
-// });
+
+new CertificateStack(app, 'CertificateStack', { env });
+new HttpStack(app, 'HttpStack', { env, envName });
+new DynamoTableStack(app, 'DynamoStack', { env, terminationProtection: true, envName });
+new AuthStack(app, 'AuthStack', { env, envName });
+new S3Stack(app, 'S3Stack', { env, terminationProtection: true, envName });
+new OrderStack(app, 'OrderStack', { env, envName });
+new RestaurantStack(app, 'RestaurantStack', { env, envName });
 

lib/auth-stack.ts

@@ -7,28 +7,35 @@ import { HttpLambdaIntegration } from 'aws-cdk-lib/aws-apigatewayv2-integrations
 import { RetentionDays } from 'aws-cdk-lib/aws-logs';
 import { NodejsFunction } from 'aws-cdk-lib/aws-lambda-nodejs';
 import { ServicePrincipal } from 'aws-cdk-lib/aws-iam';
+import { getResourceName } from '../utils/getResourceName';
 
+interface AuthStackProps extends cdk.StackProps {
+  envName: string;
+}
 
 export class AuthStack extends cdk.Stack {
-  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
+  constructor(scope: Construct, id: string, props: AuthStackProps) {
     super(scope, id, props);
 
-    const httpApiId = cdk.Fn.importValue('BeejhoHttpApiId');
-    const httpApi = HttpApi.fromHttpApiAttributes(this, 'BeejhoHttpApi', {
+    const { envName } = props;
+
+    const httpApiId = cdk.Fn.importValue(getResourceName(envName, 'BeejhoHttpApiId'));
+    const httpApi = HttpApi.fromHttpApiAttributes(this, getResourceName(envName, 'BeejhoHttpApiId'), {
       httpApiId
-    })
+    });
 
-    const userTable = dynamodb.Table.fromTableName(this, 'OrderTable', 'users')
-    const restaurantTable = dynamodb.Table.fromTableName(this, 'RestaurantTable', 'restaurants')
+    const userTable = dynamodb.Table.fromTableName(this, getResourceName(envName, 'UsersTable'), getResourceName(envName, 'users'));
+    const restaurantTable = dynamodb.Table.fromTableName(this, getResourceName(envName, 'RestaurantTable'), getResourceName(envName, 'restaurants'));
 
-    const userLoginLambda = new NodejsFunction(this, 'LoginUser', {
+    const userLoginLambda = new NodejsFunction(this, getResourceName(envName, 'LoginUser'), {
       runtime: lambda.Runtime.NODEJS_LATEST,
       entry: './src/lambdas/auth.ts',
       handler: 'userLoginHandler',
-      functionName: 'loginUser',
+      functionName: getResourceName(envName, 'LoginUser'),
       architecture: lambda.Architecture.ARM_64,
       environment: {
         JWT_SECRET: 'Abhi2199@321#',
+        envName,
       },
       logRetention: RetentionDays.ONE_DAY,
       bundling: {
@@ -37,59 +44,64 @@ export class AuthStack extends cdk.Stack {
     });
     userTable.grantReadWriteData(userLoginLambda);
 
-    new HttpRoute(this, 'LoginRoute', {
+    new HttpRoute(this, getResourceName(envName, 'LoginRoute'), {
       httpApi,
       routeKey: HttpRouteKey.with('/v0/login', HttpMethod.POST),
-      integration: new HttpLambdaIntegration('LoginrUserLambdaIntegration', userLoginLambda),
+      integration: new HttpLambdaIntegration(getResourceName(envName, 'LoginUserLambdaIntegration'), userLoginLambda),
     });
 
-    const generateOTPLambda = new NodejsFunction(this, 'GenerateOTP', {
+    const generateOTPLambda = new NodejsFunction(this, getResourceName(envName, 'GenerateOTP'), {
       runtime: lambda.Runtime.NODEJS_LATEST,
       entry: './src/lambdas/auth.ts',
       handler: 'generateOTPHandler',
-      functionName: 'generateOTP',
+      functionName: getResourceName(envName, 'GenerateOTP'),
       architecture: lambda.Architecture.ARM_64,
+      environment: {
+        JWT_SECRET: 'Abhi2199@321#',
+        envName,
+      },
       logRetention: RetentionDays.ONE_DAY,
       bundling: {
         externalModules: ['aws-sdk']
       },
     });
-    userTable.grantWriteData(generateOTPLambda);
 
-    new HttpRoute(this, 'GenerateOTPRoute', {
+    new HttpRoute(this, getResourceName(envName, 'GenerateOTPRoute'), {
       httpApi,
       routeKey: HttpRouteKey.with('/v0/generateOTP', HttpMethod.POST),
-      integration: new HttpLambdaIntegration('GenerateOTPLambdaIntegration', generateOTPLambda),
-    })
+      integration: new HttpLambdaIntegration(getResourceName(envName, 'GenerateOTPLambdaIntegration'), generateOTPLambda),
+    });
+    userTable.grantWriteData(generateOTPLambda);
 
-    const userAuthorizerLambda = new NodejsFunction(this, 'UserAuthorizerLambda', {
+    const userAuthorizerLambda = new NodejsFunction(this, getResourceName(envName, 'UserAuthorizerLambda'), {
       runtime: lambda.Runtime.NODEJS_LATEST,
       entry: './src/lambdas/auth.ts',
       handler: 'userAuthorizerHandler',
-      functionName: 'userAuthorizer',
+      functionName: getResourceName(envName, 'UserAuthorizer'),
       architecture: lambda.Architecture.ARM_64,
       environment: {
         JWT_SECRET: 'Abhi2199@321#',
+        envName,
       },
       logRetention: RetentionDays.ONE_DAY,
       bundling: {
         externalModules: ['aws-sdk']
       },
     });
 
-    const userAuthorizer = new HttpAuthorizer(this, 'UserAuthorizer', {
+    const userAuthorizer = new HttpAuthorizer(this, getResourceName(envName, 'UserAuthorizer'), {
       httpApi,
       type: HttpAuthorizerType.LAMBDA,
       identitySource: ['$request.header.Authorization'],
       enableSimpleResponses: true,
       payloadFormatVersion: AuthorizerPayloadVersion.VERSION_2_0,
       authorizerUri: `arn:aws:apigateway:${this.region}:lambda:path/2015-03-31/functions/${userAuthorizerLambda.functionArn}/invocations`,
-    })
+    });
 
     // Export the authorizer ID
-    new cdk.CfnOutput(this, 'UserAuthorizerId', {
+    new cdk.CfnOutput(this, getResourceName(envName, 'UserAuthorizerId'), {
       value: userAuthorizer.authorizerId,
-      exportName: 'UserAuthorizerId',
+      exportName: getResourceName(envName, 'UserAuthorizerId'),
     });
 
     // Grant permission to API Gateway to invoke the Lambda authorizer
@@ -99,37 +111,39 @@ export class AuthStack extends cdk.Stack {
       sourceArn: `arn:aws:execute-api:${this.region}:${this.account}:${httpApiId}/*`,
     });
 
-    const restaurantLoginLambda = new NodejsFunction(this, 'RestaurantLogin', {
+    const restaurantLoginLambda = new NodejsFunction(this, getResourceName(envName, 'RestaurantLogin'), {
       runtime: lambda.Runtime.NODEJS_LATEST,
       entry: './src/lambdas/auth.ts',
       handler: 'restaurantLoginHandler',
-      functionName: 'restaurantLogin',
+      functionName: getResourceName(envName, 'RestaurantLogin'),
       architecture: lambda.Architecture.ARM_64,
       logRetention: RetentionDays.ONE_DAY,
       bundling: {
         externalModules: ['aws-sdk']
       },
       environment: {
         JWT_SECRET: 'Abhi2199@321#',
+        envName,
       },
       memorySize: 512 //bcrypt comparison is expensive
     });
     restaurantTable.grantReadData(restaurantLoginLambda);
 
-    new HttpRoute(this, 'RestaurantLoginRoute', {
+    new HttpRoute(this, getResourceName(envName, 'RestaurantLoginRoute'), {
       httpApi,
       routeKey: HttpRouteKey.with('/v0/restaurantLogin', HttpMethod.POST),
-      integration: new HttpLambdaIntegration('RestaurantLoginLambdaIntegration', restaurantLoginLambda),
-    })
+      integration: new HttpLambdaIntegration(getResourceName(envName, 'RestaurantLoginLambdaIntegration'), restaurantLoginLambda),
+    });
 
-    const restaurantAuthorizerLambda = new NodejsFunction(this, 'RestaurantAuthorizerLambda', {
+    const restaurantAuthorizerLambda = new NodejsFunction(this, getResourceName(envName, 'RestaurantAuthorizerLambda'), {
       runtime: lambda.Runtime.NODEJS_LATEST,
       entry: './src/lambdas/auth.ts',
       handler: 'restaurantAuthorizerHandler',
-      functionName: 'restaurantAuthorizer',
+      functionName: getResourceName(envName, 'RestaurantAuthorizer'),
       architecture: lambda.Architecture.ARM_64,
       environment: {
         JWT_SECRET: 'Abhi2199@321#',
+        envName,
       },
       logRetention: RetentionDays.ONE_DAY,
       bundling: {
@@ -138,25 +152,25 @@ export class AuthStack extends cdk.Stack {
     });
 
 
-    const restaurantAuthorizer = new HttpAuthorizer(this, 'RestaurantAuthorizer', {
+    const restaurantAuthorizer = new HttpAuthorizer(this, getResourceName(envName, 'RestaurantAuthorizer'), {
       httpApi,
       type: HttpAuthorizerType.LAMBDA,
       identitySource: ['$request.header.Authorization'],
       enableSimpleResponses: true,
       payloadFormatVersion: AuthorizerPayloadVersion.VERSION_2_0,
       authorizerUri: `arn:aws:apigateway:${this.region}:lambda:path/2015-03-31/functions/${restaurantAuthorizerLambda.functionArn}/invocations`,
-    })
+    });
 
-    restaurantAuthorizerLambda.addPermission('InvokeRestaurantAuthorizerLambda', {
+    restaurantAuthorizerLambda.addPermission(getResourceName(envName, 'InvokeRestaurantAuthorizerLambda'), {
       principal: new ServicePrincipal('apigateway.amazonaws.com'),
       action: 'lambda:InvokeFunction',
       sourceArn: `arn:aws:execute-api:${this.region}:${this.account}:${httpApiId}/*`,
     });
 
     // Export the authorizer ID
-    new cdk.CfnOutput(this, 'RestaurantAuthorizerId', {
+    new cdk.CfnOutput(this, getResourceName(envName, 'RestaurantAuthorizerId'), {
       value: restaurantAuthorizer.authorizerId,
-      exportName: 'RestaurantAuthorizerId',
+      exportName: getResourceName(envName, 'RestaurantAuthorizerId'),
     });
   }
 }

lib/certificate-stack.ts

@@ -0,0 +1,28 @@
+import * as cdk from 'aws-cdk-lib';
+import { Certificate, CertificateValidation } from 'aws-cdk-lib/aws-certificatemanager';
+import { HostedZone } from 'aws-cdk-lib/aws-route53';
+import { Construct } from 'constructs';
+
+export class CertificateStack extends cdk.Stack {
+  constructor(scope: Construct, id: string, props: cdk.StackProps) {
+    super(scope, id, props);
+
+    const hostedZone = HostedZone.fromLookup(this, 'HostedZone', {
+      domainName: 'beejho.in',
+    });
+
+    const certificate = new Certificate(this, 'BeejhoBackendCertificate', {
+      domainName: 'api.beejho.in',
+      subjectAlternativeNames: [
+        'api-stg.beejho.in',
+        'api-dev.beejho.in',
+      ],
+      validation: CertificateValidation.fromDns(hostedZone),
+    });
+
+    new cdk.CfnOutput(this, 'BeejhoBackendCertificateOutput', {
+      value: certificate.certificateArn,
+      exportName: `${this.stackName}-CertificateArn`,
+    });
+  }
+}

lib/dynamo-stack.ts

@@ -1,44 +1,46 @@
 import * as cdk from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 import * as dynamodb from 'aws-cdk-lib/aws-dynamodb';
+import { getResourceName } from '../utils/getResourceName';
+
+interface DynamoTableStackProps extends cdk.StackProps {
+  envName: string;
+}
 
 export class DynamoTableStack extends cdk.Stack {
-  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
+  constructor(scope: Construct, id: string, props: DynamoTableStackProps) {
     super(scope, id, props);
 
-    new dynamodb.Table(this, 'Menu', {
-      tableName: 'menu',
+    const { envName } = props;
+
+    new dynamodb.Table(this, getResourceName(envName, 'Menu'), {
+      tableName: getResourceName(envName, 'menu'),
       partitionKey: { name: 'restaurantId', type: dynamodb.AttributeType.STRING },
       sortKey: { name: 'itemId', type: dynamodb.AttributeType.STRING },
     });
 
-    const ordersTable = new dynamodb.Table(this, 'Orders', {
-      tableName: 'orders',
+    const ordersTable = new dynamodb.Table(this, getResourceName(envName, 'Orders'), {
+      tableName: getResourceName(envName, 'orders'),
       partitionKey: { name: 'restaurantId', type: dynamodb.AttributeType.STRING },
       sortKey: { name: 'orderId', type: dynamodb.AttributeType.STRING },
     });
 
     ordersTable.addLocalSecondaryIndex({
-      indexName: 'restaurantId-resourceId-index',
+      indexName: getResourceName(envName, 'restaurantId-resourceId-index'),
       sortKey: {
         name: 'resourceId',
         type: dynamodb.AttributeType.STRING,
       },
     });
 
-    new dynamodb.Table(this, 'Users', {
-      tableName: 'users',
+    new dynamodb.Table(this, getResourceName(envName, 'Users'), {
+      tableName: getResourceName(envName, 'users'),
       partitionKey: { name: 'userId', type: dynamodb.AttributeType.STRING },
     });
 
-    new dynamodb.Table(this, 'Restaurants', {
-      tableName: 'restaurants',
+    new dynamodb.Table(this, getResourceName(envName, 'Restaurants'), {
+      tableName: getResourceName(envName, 'restaurants'),
       partitionKey: { name: 'restaurantId', type: dynamodb.AttributeType.STRING },
     });
-
-    new dynamodb.Table(this, 'LiveRestaurantConnectionsTable', {
-      tableName: 'live-restaurant-connections',
-      partitionKey: { name: 'connectionId', type: dynamodb.AttributeType.STRING },
-    });
   }
 }