initial commit

Author: jeromevdl

.github/ISSUE_TEMPLATE.yaml

@@ -0,0 +1,34 @@
+name: Bug Report
+description: File a bug report
+title: "[Bug]: "
+labels: ["bug", "triage"]
+assignees:
+  - jeromevdl
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: Also tell us, what did you expect to happen?
+      placeholder: Tell us what you see!
+      value: "A bug happened!"
+    validations:
+      required: true
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      render: shell
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://example.com)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,38 @@
+# Pull Request Template
+
+## Description
+
+Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.
+
+Fixes # (issue)
+
+## Type of change
+
+Please delete options that are not relevant.
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] This change requires a documentation update
+
+## How Has This Been Tested?
+
+Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
+
+- [ ] Test A
+- [ ] Test B
+
+**Test Configuration**:
+* Tools versions (node, CDK, SDK, ...)
+
+## Checklist:
+
+- [ ] My code follows the style guidelines of this project
+- [ ] I have performed a self-review of my own code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
+- [ ] Any dependent changes have been merged and published in downstream modules
+- [ ] I have checked my code and corrected any misspellings

.gitignore

@@ -0,0 +1,12 @@
+!jest.config.js
+*.d.ts
+node_modules
+build
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
+
+.idea/
+
+repolinter

.npmignore

@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

CHANGELOG

@@ -1,17 +1,15 @@
-MIT No Attribution
-
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
+SPDX-License-Identifier: MIT-0
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this
+software and associated documentation files (the "Software"), to deal in the Software
+without restriction, including without limitation the rights to use, copy, modify,
+merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

LICENSE

@@ -1,17 +1,71 @@
-## My Project
+# Protecting a Lambda Function URL with Amazon CloudFront and Lambda@Edge
 
-TODO: Fill this README out!
+This repository is provided in support to an AWS blog post: [Protecting a Lambda Function URL with Amazon CloudFront and Lambda@Edge](https://aws.amazon.com/blogs/compute/protecting-an-aws-lambda-function-url-with-amazon-cloudfront-and-lambdaedge/)
 
-Be sure to:
+## Overview
 
-* Change the title in this README
-* Edit your repository description on GitHub
+### Architecture
 
-## Security
+The solution is based on the following architecture:
 
-See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.
+![Architecture](assets/archi.png)
 
-## License
+More details can be found in the blog post.
+
+### Structure of the solution
+
+This repository contains 3 main components, available in the src folder:
+- The frontend, a single page web application built with React and CloudScape.
+- The AWS Lambda functions code. The application is a simple CRUD around books.
+- The infrastructure code, provided as AWS CDK.
+
+## Pre-requisites
+
+To deploy this solution you need the following pre-requisites:
+
+- An AWS Account.
+- The AWS Command Line Interface (CLI) installed and configured for use. Refer this link to install the CLI. https://aws.amazon.com/cli/ 
+
+  The user profile used to implement this reference solution should have enough privileges to create the following resources: 
+    - IAM roles and policies
+    - Lambda function and function url
+    - Cloudfront Distribution & Lambda@Edge function
+    - Systems Manager parameters
+
+- Node JS is installed ( pre-requisite to install AWS CDK ). Download Node JS from here: https://nodejs.org/en/download/
 
-This library is licensed under the MIT-0 License. See the LICENSE file.
+- The AWS CDK V2 is installed. Refer this link to install AWS CDK V2: https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html#getting_started_install
 
+- If you've never deployed a solution with CDK, the AWS account must be bootstrapped (more info here: https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping.html). 
+Execute the following command to create the necessary AWS resources (S3 bucket, IAM role/s, etc...) that CDK will use to provision AWS resources for the solution.
+Replace ACCOUNT-NUMBER and REGION with your account and region where you wish to deploy the solution:
+```shell
+$ cdk bootstrap aws://ACCOUNT-NUMBER/REGION
+```
+
+## Deployment
+1. Clone the current repository
+2. Execute the following commands:
+
+```shell
+$ cd lambda-function-url-lambda-edge
+$ npm install
+$ cdk deploy --all
+```
+
+Note: the deployment can take up to 15 minutes to finish
+
+3. Once the deployment is successful, you should have several URLs in the output of CDK:
+![CDK output](assets/output_cdk.png)
+4. You can test the deployed solution by using the frontend. URL is available in the `FrontendURL` in CDK outputs.
+
+## Clean-up
+To remove the deployed resources from your AWS account:
+1. You must first remove the replicas of the Lambda@Edge function. Refer to https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-delete-replicas.html
+2. Execute the following command:
+```shell
+$ cdk destroy --all
+```
+
+## License
+See [License](LICENSE) of the project.

NOTICE

@@ -0,0 +1,8 @@
+<!-- markdownlint-disable MD043 -->
+
+## Reporting a Vulnerability
+
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security
+via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to aws-security@amazon.com.
+
+Please do **not** create a public GitHub issue.

README.md

@@ -0,0 +1,4 @@
+If you are having trouble running this sample, make sure you have a recent version of terraform and npm and read the 
+[requirements](README.md#-requirements) carefully.
+
+If you find a bug, please submit it to our issue tracker and label it as a bug.

SECURITY.md

@@ -0,0 +1,50 @@
+{
+  "app": "npx ts-node --prefer-ts-exts src/infra/BookApp.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true
+  }
+}

SUPPORT.md

@@ -0,0 +1,12 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: MIT-0
+ */
+module.exports = {
+  testEnvironment: 'node',
+  roots: ['<rootDir>/test'],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.tsx?$': 'ts-jest'
+  }
+};