feat(typescript/amazon-mq-rabbitmq-lambda) Add an example of Amazon MQ RabbitMQ Integration with Lambda, Secrets Manager, and CloudWatch Logs

Author: architec

typescript/amazon-mq-rabbitmq-lambda/.gitignore

@@ -0,0 +1,8 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

typescript/amazon-mq-rabbitmq-lambda/.npmignore

@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

typescript/amazon-mq-rabbitmq-lambda/README.md

@@ -0,0 +1,82 @@
+# Amazon MQ RabbitMQ Integration with Lambda, Secrets Manager, and CloudWatch Logs
+<!--BEGIN STABILITY BANNER-->
+---
+![Stability: Experimental](https://img.shields.io/badge/stability-Experimental-important.svg?style=for-the-badge)
+
+> **This is an experimental example. It may not build out of the box**
+>
+> This examples is built on Construct Libraries marked "Experimental" and may not be updated for latest breaking changes.
+>
+> It additionally requires infrastructure prerequisites that must be created before successful build.
+>
+> If build is unsuccessful, please create an [issue](https://github.com/aws-samples/aws-cdk-examples/issues/new) so that we may debug the problem
+
+---
+<!--END STABILITY BANNER-->
+This example demonstrates how to set up an Amazon MQ RabbitMQ cluster, integrate it with AWS Lambda for message processing,
+use AWS Secrets Manager for storing sensitive information, and configure CloudWatch Logs for monitoring.
+
+## Deploy
+
+To deploy this app, you need to be in this example's root folder.
+
+Run `cdk deploy`. This will deploy / redeploy your Stack to your AWS Account.
+
+After the deployment you will see the RabbitMQ Broker's endpoints, which will be similar to the following:
+
+```
+AmazonMqRabbitmqLambdaStack.AmqpEndpointPort = 5671
+AmazonMqRabbitmqLambdaStack.AmqpEndpointUrl = amqps://<broker-id>.mq.us-west-2.amazonaws.com:5671
+AmazonMqRabbitmqLambdaStack.WebConsolePort = 443
+AmazonMqRabbitmqLambdaStack.WebConsoleUrl = https://<broker-id>.mq.us-west-2.amazonaws.com
+```
+
+This will install the necessary CDK, then this example's dependencies, and then build your TypeScript files and your CloudFormation template.
+
+## Testing with [producer.py](producer.py)
+> **Important:**
+> Update the `username`, `password`, and `broker_endpoint` fields in the [producer.py](producer.py) script as indicated by the comments in the code.
+>
+> - The `username` and `password` can be retrieved from the secret stored in **AWS Secrets Manager**. You can find the secret created during deployment by searching for the secret name in the AWS Management Console.
+> - The `broker_endpoint` should be set to the broker's endpoint shown in the terminal after the cdk deploy command finishes. Specifically, use the URL format: <broker-id>.mq.us-west-2.amazonaws.com
+
+You can test the example by running the [producer.py](producer.py) script provided in the repository.
+This script connects to the RabbitMQ broker using the provided credentials and publishes three test messages to the `testQueue`.
+
+After running the producer.py script, you can check the CloudWatch Log Group for your Lambda function to see the output from [consumer.js](lambda/consumer.js).
+The [consumer.js](lambda/consumer.js) file includes an example output that shows the details of the received messages, including their Base64-encoded data.
+
+## Stack Components
+
+![Component Diagram](/images/amazon-mq-rabbitmq-lambda-diagram.png)
+
+This stack includes:
+
+- An Amazon MQ RabbitMQ single instance broker, provided by the [AWS::AmazonMQ L2 Construct Library](https://constructs.dev/packages/@cdklabs/cdk-amazonmq/v/0.0.1?lang=go#rabbitmq-brokers).
+- An AWS Lambda function for message processing, located in [consumer.js](lambda/consumer.js).
+- AWS Secrets Manager for storing RabbitMQ credentials.
+- A CloudWatch Log group for Lambda function logs.
+
+## Testing
+```bash
+npm run test
+```
+
+## Cleanup
+
+To avoid incurring future charges, remember to destroy the resources:
+
+```bash
+cdk destroy
+```
+
+## Further Reading
+
+- [Amazon MQ Documentation](https://docs.aws.amazon.com/amazon-mq/)
+- [AWS Lambda Developer Guide](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html)
+- [AWS Secrets Manager User Guide](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html)
+- [Amazon CloudWatch Logs User Guide](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html)
+
+## Reference
+
+- [AWS::AmazonMQ L2 Construct Library](https://constructs.dev/packages/@cdklabs/cdk-amazonmq/v/0.0.1?lang=go#rabbitmq-brokers)

typescript/amazon-mq-rabbitmq-lambda/bin/amazon-mq-rabbitmq-lambda.ts

@@ -0,0 +1,6 @@
+#!/usr/bin/env node
+import * as cdk from 'aws-cdk-lib';
+import { AmazonMqRabbitmqLambdaStack } from '../lib/amazon-mq-rabbitmq-lambda-stack';
+
+const app = new cdk.App();
+new AmazonMqRabbitmqLambdaStack(app, 'AmazonMqRabbitmqLambdaStack');

typescript/amazon-mq-rabbitmq-lambda/cdk.json

@@ -0,0 +1,74 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/amazon-mq-rabbitmq-lambda.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+    "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+    "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
+    "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
+    "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
+    "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
+    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
+    "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true,
+    "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
+    "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
+    "@aws-cdk/aws-eks:nodegroupNameAttribute": true,
+    "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
+    "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
+    "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
+    "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false,
+    "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true,
+    "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true
+  }
+}

typescript/amazon-mq-rabbitmq-lambda/images/amazon-mq-rabbitmq-lambda-diagram.png

@@ -0,0 +1,8 @@
+module.exports = {
+  testEnvironment: 'node',
+  roots: ['<rootDir>/test'],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.tsx?$': 'ts-jest'
+  }
+};

typescript/amazon-mq-rabbitmq-lambda/jest.config.js

@@ -0,0 +1,71 @@
+import { Duration, Stack, StackProps, CfnOutput, RemovalPolicy } from 'aws-cdk-lib';
+import { Construct } from 'constructs';
+import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
+import * as logs from 'aws-cdk-lib/aws-logs';
+import { Function, Runtime, Code } from 'aws-cdk-lib/aws-lambda';
+import { InstanceClass, InstanceSize, InstanceType } from 'aws-cdk-lib/aws-ec2';
+import { RabbitMqBrokerEngineVersion, RabbitMqBrokerInstance, RabbitMqEventSource } from '@cdklabs/cdk-amazonmq';
+
+export class AmazonMqRabbitmqLambdaStack extends Stack {
+  constructor(scope: Construct, id: string, props?: StackProps) {
+    super(scope, id, props);
+
+    // Define the admin secret in AWS Secrets Manager
+    const adminSecret = new secretsmanager.Secret(this, 'AdminSecret', {
+      secretName: 'AdminCredentials',
+      generateSecretString: {
+        secretStringTemplate: JSON.stringify({
+          username: 'admin' // Set a default username for RabbitMQ broker
+        }),
+        generateStringKey: 'password', // Auto-generate password
+        excludePunctuation: true,      // Avoid punctuation in password
+        passwordLength: 12,            // Set password length to 12 characters
+      },
+      removalPolicy: RemovalPolicy.DESTROY, // Ensure the secret is deleted on stack destroy
+    });
+
+    // Create a RabbitMQ broker instance with specified version and instance type
+    const broker = new RabbitMqBrokerInstance(this, 'RabbitMqBroker', {
+      publiclyAccessible: true,                 // Publicly accessible RabbitMQ broker
+      version: RabbitMqBrokerEngineVersion.V3_13, // Use RabbitMQ version 3.13
+      instanceType: InstanceType.of(InstanceClass.T3, InstanceSize.MICRO), // Instance type T3.micro
+      admin: {
+        username: adminSecret.secretValueFromJson('username').unsafeUnwrap(), // Use username from Secrets Manager
+        password: adminSecret.secretValueFromJson('password'),               // Use password from Secrets Manager
+      },
+      autoMinorVersionUpgrade: true, // Enable auto minor version upgrades
+    });
+
+    // Output the AMQP and Web Console endpoints and ports for the RabbitMQ broker
+    new CfnOutput(this, 'AmqpEndpointUrl', { value: broker.endpoints.amqp.url });
+    new CfnOutput(this, 'AmqpEndpointPort', { value: broker.endpoints.amqp.port.toString() });
+    new CfnOutput(this, 'WebConsoleUrl', { value: broker.endpoints.console.url });
+    new CfnOutput(this, 'WebConsolePort', { value: broker.endpoints.console.port.toString() });
+
+    // Create a custom CloudWatch Log Group for the consumer Lambda function
+    const consumerLambdaLogGroup = new logs.LogGroup(this, 'ConsumerLambdaLogGroup', {
+      logGroupName: 'customLogGroup', // Custom log group name
+      removalPolicy: RemovalPolicy.DESTROY, // Ensure it's deleted on stack destroy
+    });
+
+    // Define the consumer Lambda function which will handle messages from RabbitMQ
+    const consumer_lambda = new Function(this, 'consumer_lambdaFunction', {
+      runtime: Runtime.NODEJS_20_X,       // Use Node.js 20.x runtime for the Lambda function
+      code: Code.fromAsset('lambda'),     // Path to Lambda function code directory
+      handler: 'consumer.handler',        // The entry point (handler) for the Lambda function
+      memorySize: 128,                    // Set memory size to 128 MB
+      timeout: Duration.seconds(30),      // Set timeout duration to 30 seconds
+      logGroup: consumerLambdaLogGroup,   // Attach the custom CloudWatch log group
+    });
+
+    // Prevent the default log group creation
+    consumer_lambda.logGroup.applyRemovalPolicy(RemovalPolicy.DESTROY);
+
+    // Add RabbitMQ as an event source for the Lambda function to consume messages from 'testQueue'
+    consumer_lambda.addEventSource(new RabbitMqEventSource({
+      broker,                           // Reference to the RabbitMQ broker instance
+      credentials: adminSecret,         // Use admin credentials from Secrets Manager
+      queueName: 'testQueue',           // Queue name in RabbitMQ from which Lambda will consume messages
+    }));
+  }
+}

typescript/amazon-mq-rabbitmq-lambda/lib/amazon-mq-rabbitmq-lambda-stack.ts

@@ -0,0 +1,27 @@
+{
+  "name": "amazon-mq-rabbitmq-lambda",
+  "version": "0.1.0",
+  "bin": {
+    "amazon-mq-rabbitmq-lambda": "bin/amazon-mq-rabbitmq-lambda.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "watch": "tsc -w",
+    "test": "jest",
+    "cdk": "cdk"
+  },
+  "devDependencies": {
+    "@types/jest": "^29.5.12",
+    "@types/node": "22.5.4",
+    "aws-cdk": "2.160.0",
+    "jest": "^29.7.0",
+    "ts-jest": "^29.2.5",
+    "ts-node": "^10.9.2",
+    "typescript": "~5.6.2"
+  },
+  "dependencies": {
+    "@cdklabs/cdk-amazonmq": "^0.0.1",
+    "aws-cdk-lib": "2.160.0",
+    "constructs": "^10.0.0"
+  }
+}

typescript/amazon-mq-rabbitmq-lambda/package.json

@@ -0,0 +1,52 @@
+import pika
+import ssl
+
+def publish_messages():
+    # Replace with your RabbitMQ connection details
+    username = 'your_rabbitmq_username'  # Retrieve your RabbitMQ username from AWS Secrets Manager
+    password = 'your_rabbitmq_password'  # Retrieve your RabbitMQ password from AWS Secrets Manager
+    broker_endpoint = 'your_broker_id.mq.us-west-2.amazonaws.com'  # Replace with your RabbitMQ broker endpoint (no protocol)
+    port = 5671  # AMQPS port
+    queue_name = 'testQueue'
+
+    # Create credentials
+    credentials = pika.PlainCredentials(username, password)
+
+    # Create SSL context
+    ssl_context = ssl.create_default_context()
+    ssl_context.check_hostname = False  # Change to True if you want hostname verification
+    ssl_context.verify_mode = ssl.CERT_NONE  # Change to ssl.CERT_REQUIRED if you have proper certificates
+
+    # Create connection parameters with SSL
+    parameters = pika.ConnectionParameters(
+        host=broker_endpoint,
+        port=port,
+        credentials=credentials,
+        ssl_options=pika.SSLOptions(context=ssl_context)  # Use ssl_options
+    )
+
+    # Establish the connection
+    connection = pika.BlockingConnection(parameters)
+    channel = connection.channel()
+
+    # Declare the queue (it will create if it doesn't exist)
+    channel.queue_declare(queue=queue_name, durable=True)
+
+    # Publish 3 test messages
+    for i in range(1, 4):
+        message = f'Hello World {i}'
+        channel.basic_publish(
+            exchange='',
+            routing_key=queue_name,
+            body=message,
+            properties=pika.BasicProperties(
+                delivery_mode=2,  # Make message persistent
+            )
+        )
+        print(f'Sent: {message}')
+
+    # Clean up
+    connection.close()
+
+if __name__ == '__main__':
+    publish_messages()