Fix PostgreSQL Lambda integration issues and improve setup process

- Fix security group rule direction (allowDefaultPortFrom instead of allowDefaultPortTo)
- Improve Lambda to PostgreSQL connection with increased timeout and better logging
- Replace custom CloudFormation response handling with cfn-response library
- Update PostgreSQL setup function to use standard CloudFormation response pattern
- Add proper error handling in setup function

Author: kaiz-io

typescript/postgres-lambda/lambda/lambda-to-postgres/index.js

@@ -8,16 +8,18 @@ const secretsManager = new SecretsManager();
  */
 exports.handler = async (event) => {
   console.log('Event received:', JSON.stringify(event));
-  
+
   try {
     // Get database credentials from Secrets Manager
     const secretArn = process.env.DB_SECRET_ARN;
     const dbName = process.env.DB_NAME;
-    
+
     console.log(`Retrieving secret from ${secretArn}`);
     const secretResponse = await secretsManager.getSecretValue({ SecretId: secretArn });
     const secret = JSON.parse(secretResponse.SecretString);
-    
+    const logSecret = {...secret, password: '*********'};
+    console.log(logSecret);
+
     // Create PostgreSQL client
     const client = new Client({
       host: secret.host,
@@ -28,13 +30,13 @@ exports.handler = async (event) => {
       ssl: {
         rejectUnauthorized: false, // For demo purposes only, consider proper SSL setup in production
       },
-      connectionTimeoutMillis: 5000,
+      connectionTimeoutMillis: 10000,
     });
-    
+
     // Connect to the database
     console.log('Connecting to PostgreSQL database...');
     await client.connect();
-    
+
     // Check if our demo table exists, if not create it
     console.log('Creating demo table if it does not exist...');
     await client.query(`
@@ -44,19 +46,19 @@ exports.handler = async (event) => {
         created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
       )
     `);
-    
+
     // Insert a record
     const message = event.message || 'Hello from Lambda!';
     console.log(`Inserting message: ${message}`);
     await client.query('INSERT INTO demo_table (message) VALUES ($1)', [message]);
-    
+
     // Query the records
     console.log('Querying records...');
     const result = await client.query('SELECT * FROM demo_table ORDER BY created_at DESC LIMIT 10');
-    
+
     // Close the connection
     await client.end();
-    
+
     // Return the results
     return {
       statusCode: 200,

typescript/postgres-lambda/lambda/postgres-setup/index.js

@@ -1,15 +1,14 @@
 const { Client } = require('pg');
 const { SecretsManagerClient, GetSecretValueCommand } = require('@aws-sdk/client-secrets-manager');
-const https = require('https');
-const url = require('url');
+const response = require('cfn-response');
 
 const secretsManager = new SecretsManagerClient();
 
-exports.handler = async (event) => {
+exports.handler = async (event, context) => {
   console.log('Event:', JSON.stringify(event, null, 2));
 
   if (event.RequestType === 'Delete') {
-    return sendResponse(event, 'SUCCESS', 'Delete operation completed');
+    return response.send(event, context, response.SUCCESS, {}, 'postgres-setup-delete');
   }
 
   try {
@@ -68,56 +67,15 @@ exports.handler = async (event) => {
     await client.query(setupSQL);
     await client.end();
 
-    return sendResponse(event, 'SUCCESS', 'PostgreSQL setup completed successfully');
+    // Send success response
+    return response.send(event, context, response.SUCCESS, {
+      Message: 'PostgreSQL setup completed successfully'
+    }, 'postgres-setup-' + Date.now());
 
   } catch (error) {
     console.error('Error:', error);
-    return sendResponse(event, 'FAILED', error.message);
+    return response.send(event, context, response.FAILED, {
+      Error: error.message
+    });
   }
 };
-
-function sendResponse(event, status, reason) {
-  return new Promise((resolve, reject) => {
-    const responseBody = JSON.stringify({
-      Status: status,
-      Reason: reason,
-      PhysicalResourceId: 'postgres-setup-' + Date.now(),
-      StackId: event.StackId,
-      RequestId: event.RequestId,
-      LogicalResourceId: event.LogicalResourceId,
-      Data: {}
-    });
-
-    console.log('Response:', responseBody);
-
-    // Parse the URL
-    const parsedUrl = url.parse(event.ResponseURL);
-    
-    // Prepare the request options
-    const options = {
-      hostname: parsedUrl.hostname,
-      port: 443,
-      path: parsedUrl.path,
-      method: 'PUT',
-      headers: {
-        'Content-Type': '',
-        'Content-Length': responseBody.length
-      }
-    };
-
-    // Send the response
-    const request = https.request(options, (response) => {
-      console.log(`Status code: ${response.statusCode}`);
-      resolve({ status, reason });
-    });
-
-    request.on('error', (error) => {
-      console.error('Error sending response:', error);
-      reject(error);
-    });
-
-    // Write the response body and end the request
-    request.write(responseBody);
-    request.end();
-  });
-}

typescript/postgres-lambda/lambda/postgres-setup/package.json

@@ -7,7 +7,8 @@
     "build": "mkdir -p node_modules && npm install --no-package-lock"
   },
   "dependencies": {
-    "pg": "^8.11.0",
-    "@aws-sdk/client-secrets-manager": "^3.350.0"
+    "@aws-sdk/client-secrets-manager": "^3.350.0",
+    "cfn-response": "^1.0.1",
+    "pg": "^8.11.0"
   }
 }

typescript/postgres-lambda/lib/postgres-lambda-stack.ts

@@ -58,7 +58,7 @@ export class PostgresLambdaStack extends cdk.Stack {
     });
 
     // Grant Lambda access to the DB
-    dbCluster.connections.allowDefaultPortTo(lambdaToPostgres);
+    dbCluster.connections.allowDefaultPortFrom(lambdaToPostgres);
 
     // Grant the Lambda function permission to read the database secret
     dbCluster.secret?.grantRead(lambdaToPostgres);