-add sns

-new pictures
-add watermark logic to lambda handler
-use sse for refreshing FE

Author: tinyg210

docker-compose.yml

@@ -1,11 +1,32 @@
 version: "3.9"
 
 services:
+  ping:
+    image: alpine:3.14
+    container_name: ping
+    tty: true
+    ports:
+      - "127.0.0.1:8081:8081"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+    environment:
+      - DOCKER_HOST=unix:///var/run/docker.sock
   localstack:
-    image: localstack/localstack  # name and tag of LocalStack Docker image to use
-    container_name: localstack  # the main docker container name
+    container_name: localstack
+    image: localstack/localstack:latest
     ports:
       - "127.0.0.1:4566:4566"            # LocalStack Gateway
+      - "127.0.0.1:4510-4559:4510-4559"  # external services port range
     environment:
-      - PORT_WEB_UI=9000
-      - LAMBDA_EXECUTOR=local  # the lambda code is executed directly in the context of LocalStack itself
+      - DEBUG=1  # enable more verbose logs
+      - DOCKER_HOST=unix:///var/run/docker.sock #unix socket to communicate with the docker daemon
+#      - LAMBDA_KEEPALIVE_MS=0 # disable lambda keepalive
+      - LOCALSTACK_HOST=localstack # where services are available from other containers
+#      - ENFORCE_IAM=1 # enforce IAM policies
+    volumes:
+      - "${LOCALSTACK_VOLUME_DIR:-./volume}:/var/lib/localstack"
+      - "/var/run/docker.sock:/var/run/docker.sock"
+
+networks:
+  ls:
+    name: ls

pom.xml

@@ -42,6 +42,15 @@
       <groupId>software.amazon.awssdk</groupId>
       <artifactId>s3</artifactId>
     </dependency>
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>sqs</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>sns</artifactId>
+    </dependency>
     <dependency>
       <groupId>software.amazon.awssdk</groupId>
       <artifactId>dynamodb-enhanced</artifactId>
@@ -58,12 +67,34 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-logging</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.awspring.cloud</groupId>
+      <artifactId>spring-cloud-starter-aws-messaging</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-websocket</artifactId>
+      <version>3.0.4</version>
+    </dependency>
+    <dependency>
+      <groupId>io.projectreactor</groupId>
+      <artifactId>reactor-core</artifactId>
+      <version>3.5.4</version>
+    </dependency>
+
+
     <!--     Test -->
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-test</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.json</groupId>
+      <artifactId>json</artifactId>
+      <version>20220924</version>
+    </dependency>
+
   </dependencies>
 
   <dependencyManagement>
@@ -75,6 +106,13 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <dependency>
+        <groupId>io.awspring.cloud</groupId>
+        <artifactId>spring-cloud-aws-dependencies</artifactId>
+        <version>2.3.1</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 

sample-pictures/cat.jpeg sample-pictures/cat.jpgsample-pictures/cat.jpeg renamed to sample-pictures/cat.jpg

@@ -1,6 +1,3 @@
-
-# declares the provider it will be using (AWS) and the minimum
-# version of the provider required to run the script
 terraform {
   required_providers {
     aws = {
@@ -13,8 +10,6 @@ provider "aws" {
   region = "eu-central-1"
 }
 
-# S3 bucket, named "shipment-picture-bucket", which is set to be destroyed even if it
-# has non-empty contents, and sets the ACL to be private
 resource "aws_s3_bucket" "shipment_picture_bucket" {
   bucket        = "shipment-picture-bucket"
   force_destroy = true
@@ -23,14 +18,6 @@ resource "aws_s3_bucket" "shipment_picture_bucket" {
   }
 }
 
-
-resource "aws_s3_bucket_acl" "shipment_picture_bucket_acl" {
-  bucket = aws_s3_bucket.shipment_picture_bucket.id
-  acl    = "private"
-}
-
-# dynamoDB table is created, with a primary key "shipmentId" and
-# enables server-side encryption
 resource "aws_dynamodb_table" "shipment" {
   name           = "shipment"
   read_capacity  = 10
@@ -49,15 +36,14 @@ resource "aws_dynamodb_table" "shipment" {
   stream_view_type = "NEW_AND_OLD_IMAGES"
 }
 
-# populates table with sample data from file
 resource "aws_dynamodb_table_item" "shipment" {
   for_each   = local.tf_data
   table_name = aws_dynamodb_table.shipment.name
   hash_key   = "shipmentId"
   item       = jsonencode(each.value)
 }
 
-# the bucket used for storing the lambda jar
+
 resource "aws_s3_bucket" "lambda_code_bucket" {
   bucket        = "shipment-picture-lambda-validator-bucket"
   force_destroy = true
@@ -66,21 +52,12 @@ resource "aws_s3_bucket" "lambda_code_bucket" {
   }
 }
 
-resource "aws_s3_bucket_acl" "lambda_code_bucket_acl" {
-  bucket = aws_s3_bucket.lambda_code_bucket.id
-  acl    = "private"
-}
-
-# bucket object with lambda code
 resource "aws_s3_bucket_object" "lambda_code" {
   source = "../../shipment-picture-lambda-validator/target/shipment-picture-lambda-validator.jar"
   bucket = aws_s3_bucket.lambda_code_bucket.id
   key    = "shipment-picture-lambda-validator.jar"
 }
 
-# creates lambda using the JAR file uploaded to the S3 bucket.
-# the function is set up with a java 11 runtime, with a specified IAM role,
-# memory of 512mb, timeout of 15s, and environment variable
 resource "aws_lambda_function" "shipment_picture_lambda_validator" {
   function_name = "shipment-picture-lambda-validator"
   handler       = "dev.ancaghenade.shipmentpicturelambdavalidator.ServiceHandler::handleRequest"
@@ -89,17 +66,14 @@ resource "aws_lambda_function" "shipment_picture_lambda_validator" {
   s3_bucket     = aws_s3_bucket.lambda_code_bucket.id
   s3_key        = aws_s3_bucket_object.lambda_code.key
   memory_size   = 512
-  timeout       = 15
+  timeout       = 60
   environment {
     variables = {
       ENVIRONMENT = var.env
     }
   }
 }
 
-
-# notification for "shipment-picture-bucket" S3 bucket,
-# so that the lambda function will be triggered when a new object is created in the bucket.
 resource "aws_s3_bucket_notification" "demo_bucket_notification" {
   bucket = aws_s3_bucket.shipment_picture_bucket.id
   lambda_function {
@@ -116,8 +90,17 @@ resource "aws_lambda_permission" "s3_lambda_exec_permission" {
   source_arn    = aws_s3_bucket.shipment_picture_bucket.arn
 }
 
-# IAM role with a policy that allows it to assume the role of a lambda function
-# the role is attached to the Lambda function
+resource "aws_sns_topic" "update_shipment_picture_topic" {
+  name = "update_shipment_picture_topic"
+}
+
+
+resource "aws_sns_topic_subscription" "example_subscription" {
+  topic_arn = aws_sns_topic.update_shipment_picture_topic.arn
+  protocol  = "https"
+  endpoint  = var.sns_sub_endpoint
+}
+
 resource "aws_iam_role" "lambda_exec" {
   name = "lambda_exec_role"
 
@@ -137,14 +120,13 @@ resource "aws_iam_role" "lambda_exec" {
 EOF
 }
 
-# used to attach the AmazonS3FullAccess policy to the IAM role lambda_exec
 resource "aws_iam_role_policy_attachment" "lambda_exec_policy" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
   role       = aws_iam_role.lambda_exec.name
 }
 
-# used to create a custom IAM policy
-# & give permission to the lambda to interract with the S3 and cloudwatch logs
+
+
 resource "aws_iam_role_policy" "lambda_exec_policy" {
   name = "lambda_exec_policy"
   role = aws_iam_role.lambda_exec.id
@@ -166,11 +148,13 @@ resource "aws_iam_role_policy" "lambda_exec_policy" {
             "Effect": "Allow",
             "Action": [
               "s3:GetObject",
-              "s3:PutObject"
+              "s3:PutObject",
+              "sns:Publish"
             ],
             "Resource": [
               "arn:aws:s3:::shipment-picture-bucket",
-              "arn:aws:s3:::shipment-picture-bucket/*"
+              "arn:aws:s3:::shipment-picture-bucket/*",
+              "${aws_sns_topic.update_shipment_picture_topic.arn}"
             ]
           }
           ]

sample-pictures/open-package.jpeg sample-pictures/open-package.jpgsample-pictures/open-package.jpeg renamed to sample-pictures/open-package.jpg

@@ -2,4 +2,10 @@ variable "env" {
   type        = string
   description = "dev env"
   default = ""
+}
+
+variable "sns_sub_endpoint" {
+  type        = string
+  description = "SNS subscriber endpoint"
+  default = "https://localhost:8081/sns/notifications"
 }

sample-pictures/scale.jpeg sample-pictures/scale.jpgsample-pictures/scale.jpeg renamed to sample-pictures/scale.jpg

@@ -2,16 +2,16 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.52.0"
+      version = ">= 4.64.0"
     }
   }
 }
 provider "aws" {
-  region = "eu-central-1"
+  region = "eu-east-1"
 }
 
 resource "aws_s3_bucket" "shipment_picture_bucket" {
-  bucket = "shipment-picture-bucket"
+  bucket        = "shipment-picture-bucket"
   force_destroy = true
   lifecycle {
     prevent_destroy = false
@@ -51,7 +51,7 @@ resource "aws_dynamodb_table_item" "shipment" {
 
 
 resource "aws_s3_bucket" "lambda_code_bucket" {
-  bucket = "shipment-picture-lambda-validator-bucket"
+  bucket        = "shipment-picture-lambda-validator-bucket"
   force_destroy = true
   lifecycle {
     prevent_destroy = false
@@ -60,7 +60,7 @@ resource "aws_s3_bucket" "lambda_code_bucket" {
 
 resource "aws_s3_bucket_acl" "lambda_code_bucket_acl" {
   bucket = aws_s3_bucket.lambda_code_bucket.id
-  acl = "private"
+  acl    = "private"
 }
 
 resource "aws_s3_bucket_object" "lambda_code" {
@@ -81,6 +81,7 @@ resource "aws_lambda_function" "shipment_picture_lambda_validator" {
   environment {
     variables = {
       ENVIRONMENT = var.env
+      SNS_TOPIC_ARN = aws_sns_topic.update_shipment_picture_topic.arn
     }
   }
 }
@@ -101,6 +102,20 @@ resource "aws_lambda_permission" "s3_lambda_exec_permission" {
   source_arn    = aws_s3_bucket.shipment_picture_bucket.arn
 }
 
+resource "aws_sns_topic" "update_shipment_picture_topic" {
+  name = "update_shipment_picture_topic"
+}
+
+resource "aws_sqs_queue" "update_shipment_picture_topic_queue" {
+  name = "update_shipment_picture_topic_queue"
+}
+
+resource "aws_sns_topic_subscription" "example_subscription" {
+  topic_arn = aws_sns_topic.update_shipment_picture_topic.arn
+  protocol  = "sqs"
+  endpoint  = aws_sqs_queue.update_shipment_picture_topic_queue.arn
+}
+
 resource "aws_iam_role" "lambda_exec" {
   name = "lambda_exec_role"
 

sample-pictures/television.jpeg sample-pictures/television.jpgsample-pictures/television.jpeg renamed to sample-pictures/television.jpg

@@ -0,0 +1,4 @@
+
+tflocal init
+tflocal plan -var 'env=dev'
+tflocal apply -var 'env=dev' --auto-approve