feat: rewrite aspects

sbstjn · Mar 26, 2024 · 12660ad · 12660ad
1 parent d9f31c6
commit 12660ad
Show file tree

Hide file tree

Showing 6 changed files with 89 additions and 10 deletions.
diff --git a/aws/aspects/EnableLambdaXRayTracing.ts b/aws/aspects/EnableLambdaXRayTracing.ts
@@ -5,10 +5,12 @@ export class EnableLambdaXRayTracing implements IAspect {
   constructor() {}
 
   public visit(node: IConstruct): void {
-    if (node instanceof aws_lambda.CfnFunction) {
-      node.tracingConfig = {
-        mode: 'Active',
-      }
+    if (!(node instanceof aws_lambda.CfnFunction)) {
+      return
+    }
+
+    node.tracingConfig = {
+      mode: 'Active',
     }
   }
 }
diff --git a/aws/aspects/HTTPApiGatewayLogs.ts b/aws/aspects/HTTPApiGatewayLogs.ts
@@ -0,0 +1,55 @@
+import { IAspect, Tags, aws_apigatewayv2, aws_iam, aws_logs } from 'aws-cdk-lib'
+import { RetentionDays } from 'aws-cdk-lib/aws-logs'
+import { Construct, IConstruct } from 'constructs'
+
+export class HTTPApiGatewayLogs implements IAspect {
+  constructor() {}
+
+  public visit(node: IConstruct): void {
+    if (!(node instanceof aws_apigatewayv2.CfnStage)) {
+      return
+    }
+
+    const scope = new Construct(node.node.scope!, 'logs')
+    Tags.of(scope).add('custom:aspect', HTTPApiGatewayLogs.name)
+
+    const group = new aws_logs.LogGroup(scope, `group`, {
+      logGroupName: `/${node.node.scope!}`,
+      retention: RetentionDays.ONE_WEEK,
+    })
+
+    const role = new aws_iam.Role(scope, `role`, {
+      assumedBy: new aws_iam.ServicePrincipal('apigateway.amazonaws.com'),
+    })
+
+    const policy = new aws_iam.PolicyStatement({
+      actions: [
+        'logs:CreateLogGroup',
+        'logs:CreateLogStream',
+        'logs:DescribeLogGroups',
+        'logs:DescribeLogStreams',
+        'logs:PutLogEvents',
+        'logs:GetLogEvents',
+        'logs:FilterLogEvents',
+      ],
+      resources: ['*'],
+    })
+
+    role.addToPolicy(policy)
+    group.grantWrite(role)
+
+    node.accessLogSettings = {
+      destinationArn: group.logGroupArn,
+      format: JSON.stringify({
+        requestId: '$context.requestId',
+        requestTime: '$context.requestTime',
+        requestTimeEpoch: '$context.requestTimeEpoch',
+        userAgent: '$context.identity.userAgent',
+        httpMethod: '$context.httpMethod',
+        domainName: '$context.domainName',
+        status: '$context.status',
+        path: '$context.path',
+      }),
+    }
+  }
+}
diff --git a/aws/aspects/S3BucketAccessLogs.ts b/aws/aspects/S3BucketAccessLogs.ts
@@ -10,11 +10,13 @@ export class S3BucketAccessLogs implements IAspect {
   constructor(private props: S3BucketAccessLogsProps) {}
 
   public visit(node: IConstruct): void {
-    if (node instanceof aws_s3.CfnBucket) {
-      node.loggingConfiguration = {
-        destinationBucketName: this.props.bucket.bucketName,
-        logFilePrefix: `${node.node.scope!.node.id}/`,
-      }
+    if (!(node instanceof aws_s3.CfnBucket)) {
+      return
+    }
+
+    node.loggingConfiguration = {
+      destinationBucketName: this.props.bucket.bucketName,
+      logFilePrefix: `${node.node.scope!.node.id}/`,
     }
   }
 }
diff --git a/aws/stacks/Access.ts b/aws/stacks/Access.ts
@@ -0,0 +1,12 @@
+import { Stack, StackProps, aws_apigatewayv2 } from 'aws-cdk-lib'
+import { IConstruct } from 'constructs'
+
+export interface AccessStackProps extends StackProps {}
+
+export class AccessStack extends Stack {
+  api = new aws_apigatewayv2.HttpApi(this, 'api')
+
+  constructor(scope: IConstruct, id: string, props?: AccessStackProps) {
+    super(scope, id, props)
+  }
+}
diff --git a/aws/stacks/Observability.ts b/aws/stacks/Observability.ts
@@ -1,6 +1,7 @@
 import { Aspects, Stack, aws_s3 } from 'aws-cdk-lib'
 import { Construct, IConstruct } from 'constructs'
 import { EnableLambdaXRayTracing } from '../aspects/EnableLambdaXRayTracing'
+import { HTTPApiGatewayLogs } from '../aspects/HTTPApiGatewayLogs'
 import { S3BucketAccessLogs } from '../aspects/S3BucketAccessLogs'
 
 export interface ObservabilityStackProps {
@@ -16,9 +17,14 @@ export class ObservabilityStack extends Stack {
     props.cover.forEach(node => {
       this.enableS3AccessLogs(node)
       this.enableLambdaXRayTracing(node)
+      this.enableHttpApiGatewayLogs(node)
     })
   }
 
+  public enableHttpApiGatewayLogs(node: Construct) {
+    Aspects.of(node).add(new HTTPApiGatewayLogs())
+  }
+
   public enableS3AccessLogs(node: Construct) {
     Aspects.of(node).add(new S3BucketAccessLogs({ bucket: this.bucketS3AccessLogs }))
   }

diff --git a/aws/workloads/Example.ts b/aws/workloads/Example.ts
@@ -1,5 +1,6 @@
 import { App } from 'aws-cdk-lib'
 import { Construct, IConstruct } from 'constructs'
+import { AccessStack } from '../stacks/Access'
 import { ComputeStack } from '../stacks/Compute'
 import { ObservabilityStack } from '../stacks/Observability'
 import { StorageStack } from '../stacks/Storage'
@@ -16,10 +17,11 @@ export class Example extends Construct {
 
     const storage = new StorageStack(this, 'storage')
     const compute = new ComputeStack(this, 'compute')
+    const access = new AccessStack(this, 'access')
 
     if (props.enableObservability) {
       new ObservabilityStack(this, 'observability', {
-        cover: [storage, compute],
+        cover: [storage, compute, access],
       })
     }