Add documentation: README and SUMMARY

kaiz-io · kaiz-io · commit ecf4cb760e3a · 2025-07-11T11:52:18.000-05:00
diff --git a/typescript/postgres-lambda/README.md b/typescript/postgres-lambda/README.md
@@ -0,0 +1,268 @@
+# PostgreSQL and Lambda Integration Example
+
+A complete AWS CDK example demonstrating bidirectional integration between Aurora PostgreSQL Serverless v2 and AWS Lambda functions.
+
+## What This Example Demonstrates
+
+- **Lambda → PostgreSQL**: Lambda function that connects to and queries PostgreSQL
+- **PostgreSQL → Lambda**: PostgreSQL database that invokes Lambda functions using the `aws_lambda` extension
+- **Secure Architecture**: Private subnets, IAM roles, and Secrets Manager integration
+- **Production-Ready**: Includes error handling, connection pooling, and security best practices
+- **Automated Setup**: Custom CDK resource automatically configures PostgreSQL extensions and functions
+
+## Architecture
+
+```mermaid
+graph TD
+    subgraph VPC
+        subgraph "Private Subnet"
+            DB[Aurora PostgreSQL\nServerless v2]
+            L1[Lambda Function\nLambdaToPostgres]
+            L2[Lambda Function\nPostgresFunction]
+            L3[Lambda Function\nPostgresSetup]
+        end
+    end
+    
+    L1 -->|"(1) Connect and Query"| DB
+    DB -->|"(2) Invoke via aws_lambda extension"| L2
+    L2 -->|"(3) Return Result"| DB
+    L3 -->|"(4) Setup Extensions & Functions"| DB
+    
+    SM[AWS Secrets Manager] -->|Provide Credentials| L1
+    SM -->|Provide Credentials| L3
+    
+    style DB fill:#E3F2FD,stroke:#1976D2,stroke-width:2px,color:#000
+    style L1 fill:#FFF3E0,stroke:#F57C00,stroke-width:2px,color:#000
+    style L2 fill:#FFF3E0,stroke:#F57C00,stroke-width:2px,color:#000
+    style L3 fill:#E8F5E8,stroke:#4CAF50,stroke-width:2px,color:#000
+    style SM fill:#F3E5F5,stroke:#7B1FA2,stroke-width:2px,color:#000
+```
+
+**Components:**
+- Aurora PostgreSQL Serverless v2 cluster (private subnet)
+- Lambda function for database operations (`LambdaToPostgres`)
+- Lambda function invokable from PostgreSQL (`PostgresFunction`)
+- Lambda function for automated setup (`PostgresSetupFunction`)
+- IAM roles with least-privilege permissions
+- Security groups for network access control
+- AWS Secrets Manager for credential storage
+- Custom CDK resource for automated PostgreSQL configuration
+
+## Quick Start
+
+### Prerequisites
+
+- AWS CDK v2 installed (`npm install -g aws-cdk`)
+- Node.js 18.x or later
+- AWS CLI configured with appropriate credentials
+
+### Deploy
+
+```bash
+# Install dependencies
+npm install
+
+# Deploy the stack (setup is now automated!)
+npx cdk deploy
+```
+
+The deployment will automatically:
+- Create the Aurora PostgreSQL cluster
+- Deploy all Lambda functions
+- Configure PostgreSQL extensions and functions
+- Set up all necessary permissions
+
+No manual setup required! 🎉
+
+## Testing
+
+### Test Lambda → PostgreSQL
+
+Using the provided test script:
+```bash
+./test-lambda.sh --function-name <LAMBDA_TO_POSTGRES_FUNCTION_NAME> --message "Hello World"
+```
+
+Or using AWS CLI directly:
+```bash
+aws lambda invoke \
+  --function-name <LAMBDA_TO_POSTGRES_FUNCTION_NAME> \
+  --payload '{"message": "Hello from CLI!"}' \
+  response.json && cat response.json
+```
+
+### Test PostgreSQL → Lambda
+
+Connect to PostgreSQL and test the functions:
+```bash
+psql -h <DB_CLUSTER_ENDPOINT> -U postgres -d demodb
+```
+
+```sql
+-- Test the PostgreSQL to Lambda integration
+SELECT process_data('{"id": 123, "value": "test"}'::JSONB);
+SELECT transform_data('{"id": 456, "value": "hello world"}'::JSONB);
+SELECT validate_data('{"id": 789, "value": "valid data"}'::JSONB);
+```
+
+## How It Works
+
+### Automated Setup Process
+
+1. **CDK Deployment**: Stack creates all resources including a setup Lambda function
+2. **Custom Resource**: Triggers the setup Lambda after database is ready
+3. **Extension Installation**: Setup function creates the `aws_lambda` extension
+4. **Function Creation**: Creates SQL functions that wrap Lambda invocations
+5. **Ready to Use**: Database is immediately ready for bidirectional Lambda integration
+
+### Lambda to PostgreSQL Flow
+
+1. **Credential Retrieval**: Function retrieves DB credentials from Secrets Manager
+2. **Connection**: Establishes secure SSL connection to PostgreSQL
+3. **Table Management**: Creates demo table if it doesn't exist
+4. **Data Operations**: Inserts message and queries recent records
+5. **Response**: Returns formatted results with error handling
+
+### PostgreSQL to Lambda Flow
+
+1. **Extension Setup**: Uses `aws_lambda` extension for Lambda invocation (automated)
+2. **Function Creation**: SQL functions wrap Lambda calls with proper ARN construction (automated)
+3. **Event Processing**: Lambda receives structured JSON events from PostgreSQL
+4. **Result Return**: Lambda response becomes available in SQL query results
+
+## Project Structure
+
+```
+├── bin/                    # CDK app entry point
+├── lib/                    # CDK stack definition
+├── lambda/                 # Lambda function source code
+│   ├── lambda-to-postgres/ # Lambda that calls PostgreSQL
+│   ├── postgres-to-lambda/ # Lambda called by PostgreSQL
+│   └── postgres-setup/     # Lambda for automated setup
+├── test/                   # Unit tests
+├── setup-postgres-lambda.sql # Reference SQL (now automated)
+├── test-lambda.sh         # Lambda testing script
+└── README.md              # This file
+```
+
+## Configuration
+
+### Environment Variables
+
+The Lambda functions use these environment variables (set automatically by CDK):
+
+- `DB_SECRET_ARN`: ARN of the database credentials secret
+- `DB_NAME`: Database name (default: `demodb`)
+- `POSTGRES_FUNCTION_NAME`: Name of the Lambda function called by PostgreSQL
+- `AWS_REGION`: AWS region for Lambda ARN construction
+
+### Customization
+
+- **Database Configuration**: Modify `lib/postgres-lambda-stack.ts`
+- **Lambda Logic**: Update files in `lambda/` directories
+- **Setup SQL**: Customize `lambda/postgres-setup/index.js`
+
+## Security Features
+
+✅ **Network Security**
+- Database in private subnets
+- Security groups with minimal required access
+- No direct internet access to database
+
+✅ **Access Control**
+- IAM roles with least-privilege permissions
+- Secrets Manager for credential storage
+- SSL/TLS encryption for database connections
+
+✅ **Monitoring**
+- CloudWatch logs for all Lambda functions
+- Database performance insights available
+- VPC Flow Logs (can be enabled)
+
+## Production Considerations
+
+Before using in production:
+
+- [ ] Enable SSL certificate validation (`rejectUnauthorized: true`)
+- [ ] Implement connection pooling (consider RDS Proxy)
+- [ ] Set up proper monitoring and alerting
+- [ ] Configure backup and disaster recovery
+- [ ] Review and tighten IAM policies
+- [ ] Enable database encryption at rest
+- [ ] Set up VPC endpoints for AWS services
+- [ ] Implement proper error handling and retry logic
+
+## Troubleshooting
+
+### Common Issues
+
+**Connection Timeouts**
+- Check security group rules
+- Verify Lambda is in correct VPC/subnets
+- Confirm database is running
+
+**Permission Errors**
+- Verify IAM roles have required permissions
+- Check Secrets Manager access
+- Confirm Lambda execution role
+
+**Setup Function Issues**
+- Check CloudWatch logs for the PostgresSetupFunction
+- Verify custom resource completed successfully
+- Ensure database is accessible from setup Lambda
+
+### Useful Commands
+
+```bash
+# Build and watch for changes
+npm run watch
+
+# Run tests
+npm run test
+
+# View CloudFormation template
+npx cdk synth
+
+# Compare deployed vs current state
+npx cdk diff
+
+# View stack outputs
+aws cloudformation describe-stacks --stack-name PostgresLambdaStack --query 'Stacks[0].Outputs'
+
+# Check setup function logs
+aws logs describe-log-groups --log-group-name-prefix /aws/lambda/PostgresLambdaStack-PostgresSetupFunction
+```
+
+## Cleanup
+
+```bash
+npx cdk destroy
+```
+
+**Note**: This will delete all resources including the database and any data stored in it.
+
+## Cost Optimization
+
+- Aurora Serverless v2 scales to zero when not in use
+- Lambda functions only charge for execution time
+- Setup function runs only once during deployment
+- Consider Reserved Capacity for consistent workloads
+- Monitor usage with AWS Cost Explorer
+
+## Related Examples
+
+- [Lambda with RDS Proxy](../lambda-rds-proxy/)
+- [Aurora Serverless v1](../aurora-serverless-v1/)
+- [PostgreSQL with CDK](../postgresql-cdk/)
+
+## Contributing
+
+1. Fork the repository
+2. Create a feature branch
+3. Make your changes
+4. Add tests if applicable
+5. Submit a pull request
+
+## License
+
+This example is provided under the MIT-0 License. See the LICENSE file for details.
diff --git a/typescript/postgres-lambda/SUMMARY.md b/typescript/postgres-lambda/SUMMARY.md
@@ -0,0 +1,50 @@
+# PostgreSQL and Lambda Integration Example - Summary
+
+This CDK example demonstrates the integration between AWS Lambda and Aurora PostgreSQL Serverless v2. It showcases two key integration patterns:
+
+## 1. Lambda to PostgreSQL
+
+The first pattern demonstrates how a Lambda function can connect to and interact with a PostgreSQL database:
+
+- The Lambda function (`LambdaToPostgres`) retrieves database credentials from AWS Secrets Manager
+- It establishes a connection to the PostgreSQL database
+- It creates a table if it doesn't exist, inserts data, and queries the database
+- The function returns the query results
+
+## 2. PostgreSQL to Lambda
+
+The second pattern demonstrates how PostgreSQL can invoke a Lambda function:
+
+- PostgreSQL uses the `aws_lambda` extension to call Lambda functions
+- The Lambda function (`PostgresFunction`) receives data from PostgreSQL
+- It processes the data based on the action specified in the event
+- It returns results that can be used in SQL queries
+
+## Security Features
+
+The example implements several security best practices:
+
+- The database is deployed in a private subnet
+- Security groups restrict access to the database
+- Credentials are stored in AWS Secrets Manager
+- IAM roles limit permissions to only what's necessary
+
+## Helper Scripts
+
+The example includes several helper scripts:
+
+- `test-lambda.sh`: For testing the Lambda functions
+- `connect-to-postgres.sh`: For connecting to the PostgreSQL database
+- `setup-postgres-lambda.sql`: For setting up the PostgreSQL database to call Lambda
+
+## Deployment
+
+The example can be deployed with standard CDK commands:
+
+```bash
+npm install
+npm run build
+npx cdk deploy
+```
+
+After deployment, users need to set up the PostgreSQL database to call Lambda by creating the `aws_lambda` extension and defining functions that invoke Lambda.
