Restructure files, extract solution into a separate file

Author: piotrekwitkowski

lib/cdk-context-utils.ts

@@ -1,11 +1,10 @@
-import { Stack } from "aws-cdk-lib";
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: MIT-0
+import { Node } from "constructs";
 
-export const getContextVariables = (stack: Stack) => {
-  const { node } = stack;
-  return {
-    boolean: (key: string, defaultValue = false) => node.tryGetContext(key) ? Boolean(node.tryGetContext(key)) : defaultValue,
-    number: (key: string, defaultValue: number) => node.tryGetContext(key) ? Number(node.tryGetContext(key)) : defaultValue,
-    string: (key: string, defaultValue: string) => node.tryGetContext(key) ? String(node.tryGetContext(key)) : defaultValue,
-    stringOrUndefined: (key: string) => node.tryGetContext(key) ? String(node.tryGetContext(key)) : undefined,
-  }
-}
+export const readContext = (node: Node) => ({
+  boolean: (key: string, defaultValue = false) => node.tryGetContext(key) ? Boolean(node.tryGetContext(key)) : defaultValue,
+  number: (key: string, defaultValue: number) => node.tryGetContext(key) ? Number(node.tryGetContext(key)) : defaultValue,
+  string: (key: string, defaultValue: string) => node.tryGetContext(key) ? String(node.tryGetContext(key)) : defaultValue,
+  stringOrUndefined: (key: string) => node.tryGetContext(key) ? String(node.tryGetContext(key)) : undefined,
+});

lib/image-optimization-sample-website.ts

@@ -0,0 +1,24 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: MIT-0
+import { RemovalPolicy, Stack } from 'aws-cdk-lib';
+import { BlockPublicAccess, Bucket, BucketEncryption } from 'aws-cdk-lib/aws-s3';
+import { Distribution, ViewerProtocolPolicy } from 'aws-cdk-lib/aws-cloudfront';
+import { S3BucketOrigin } from 'aws-cdk-lib/aws-cloudfront-origins';
+
+export const sampleWebsite = (stack: Stack) => {
+  const bucket = new Bucket(stack, 's3-sample-website-bucket', {
+    autoDeleteObjects: true,
+    blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
+    encryption: BucketEncryption.S3_MANAGED,
+    enforceSSL: true,
+    removalPolicy: RemovalPolicy.DESTROY
+  });
+  return new Distribution(stack, 'websiteDeliveryDistribution', {
+    comment: 'Image Optimization - sample website',
+    defaultBehavior: {
+      origin: S3BucketOrigin.withOriginAccessControl(bucket),
+      viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS
+    },
+    defaultRootObject: 'index.html'
+  });
+}

lib/image-optimization-solution.ts

@@ -0,0 +1,149 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: MIT-0
+import {
+  aws_cloudfront as cloudfront,
+  aws_cloudfront_origins as origins,
+  aws_iam as iam,
+  aws_lambda as lambda,
+  aws_logs as logs,
+  aws_s3 as s3,
+  Duration, Fn, RemovalPolicy, Stack
+} from 'aws-cdk-lib';
+
+type ImageProcessingProps = {
+  corsEnabled: boolean,
+  originalImageBucket: s3.IBucket,
+  originShieldRegion: string,
+  lambdaMemory: number,
+  lambdaTimeout: Duration,
+  maxImageSizeBytes: number,
+  transformedImageCacheControl: string,
+  transformedImageExpiration: Duration,
+  storeTransformedImages: boolean,
+}
+
+export const imageOptimizationSolution = (stack: Stack, props: ImageProcessingProps) => {
+  const {
+    corsEnabled,
+    originalImageBucket,
+    originShieldRegion,
+    lambdaMemory,
+    lambdaTimeout,
+    maxImageSizeBytes,
+    transformedImageCacheControl,
+    transformedImageExpiration,
+    storeTransformedImages,
+  } = props;
+
+  // Create Lambda function for image processing
+  const imageProcessing = new lambda.Function(stack, 'image-optimization', {
+    code: lambda.Code.fromAsset('functions/image-processing'),
+    environment: {
+      maxImageSize: String(maxImageSizeBytes),
+      originalImageBucketName: originalImageBucket.bucketName,
+      transformedImageCacheTTL: transformedImageCacheControl,
+    },
+    handler: 'index.handler',
+    // let downloads of original images from S3
+    initialPolicy: [
+      new iam.PolicyStatement({
+        actions: ['s3:GetObject'],
+        resources: [`arn:aws:s3:::${originalImageBucket.bucketName}/*`]
+      }),
+    ],
+    logRetention: logs.RetentionDays.ONE_DAY,
+    memorySize: lambdaMemory,
+    runtime: lambda.Runtime.NODEJS_20_X,
+    timeout: lambdaTimeout,
+  });
+
+  // Enable Lambda URL and create Amazon CloudFront origin
+  const imageProcessingURL = imageProcessing.addFunctionUrl();
+  const imageProcessingDomainName = Fn.parseDomainName(imageProcessingURL.url);
+  const imageProcessingLambdaOrigin = new origins.HttpOrigin(imageProcessingDomainName, { originShieldRegion });
+
+  // Create custom response headers policy with CORS requests allowed for all origins
+  const getCorsResponsePolicy = () => new cloudfront.ResponseHeadersPolicy(stack, 'cors-response-policy', {
+    responseHeadersPolicyName: `CorsResponsePolicy${stack.node.addr}`,
+    corsBehavior: {
+      accessControlAllowCredentials: false,
+      accessControlAllowHeaders: ['*'],
+      accessControlAllowMethods: ['GET'],
+      accessControlAllowOrigins: ['*'],
+      accessControlMaxAge: Duration.seconds(600),
+      originOverride: false,
+    },
+    // Recognize image requests that were processed by this solution
+    customHeadersBehavior: {
+      customHeaders: [
+        { header: 'x-aws-image-optimization', value: 'v1.0', override: true },
+        { header: 'vary', value: 'accept', override: true },
+      ]
+    }
+  });
+
+  // Create an S3 origin with fallback to Lambda
+  const getS3OriginWithFallbackToLambda = () => {
+    const transformedImageBucket = new s3.Bucket(stack, 's3-transformed-image-bucket', {
+      autoDeleteObjects: true,
+      lifecycleRules: [{ expiration: transformedImageExpiration }],
+      removalPolicy: RemovalPolicy.DESTROY,
+    });
+    imageProcessing.addEnvironment('transformedImageBucketName', transformedImageBucket.bucketName);
+    imageProcessing.role!.addToPrincipalPolicy(
+      new iam.PolicyStatement({
+        actions: ['s3:PutObject'],
+        resources: [`arn:aws:s3:::${transformedImageBucket.bucketName}/*`]
+      })
+    );
+    return new origins.OriginGroup({
+      primaryOrigin: origins.S3BucketOrigin.withOriginAccessIdentity(transformedImageBucket, { originShieldRegion }),
+      fallbackOrigin: imageProcessingLambdaOrigin,
+      fallbackStatusCodes: [403, 500, 503, 504],
+    });
+  };
+
+  // Create content delivery distribution with Amazon CloudFront for optimized images
+  const imageDelivery = new cloudfront.Distribution(stack, 'image-delivery-distribution', {
+    comment: 'Image Optimization - image delivery',
+    defaultBehavior: {
+      cachePolicy: new cloudfront.CachePolicy(stack, `ImageCachePolicy${stack.node.addr}`, {
+        defaultTtl: Duration.hours(24),
+        maxTtl: Duration.days(365),
+        minTtl: Duration.seconds(0),
+        queryStringBehavior: cloudfront.CacheQueryStringBehavior.all()
+      }),
+      compress: false,
+      functionAssociations: [{
+        eventType: cloudfront.FunctionEventType.VIEWER_REQUEST,
+        function: new cloudfront.Function(stack, 'urlRewrite', {
+          code: cloudfront.FunctionCode.fromFile({ filePath: 'functions/url-rewrite/index.js' }),
+          functionName: `urlRewriteFunction${stack.node.addr}`,
+        })
+      }],
+      origin: storeTransformedImages ? getS3OriginWithFallbackToLambda() : imageProcessingLambdaOrigin,
+      responseHeadersPolicy: corsEnabled ? getCorsResponsePolicy() : undefined,
+      viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+    }
+  });
+
+  // Add OAC between CloudFront and LambdaURL
+  const oac = new cloudfront.CfnOriginAccessControl(stack, 'origin-access-control', {
+    originAccessControlConfig: {
+      name: `oac${stack.node.addr}`,
+      originAccessControlOriginType: 'lambda',
+      signingBehavior: 'always',
+      signingProtocol: 'sigv4',
+    }
+  });
+
+  const cfnImageDelivery = imageDelivery.node.defaultChild as cloudfront.CfnDistribution;
+  cfnImageDelivery.addPropertyOverride(`DistributionConfig.Origins.${storeTransformedImages ? '1' : '0'}.OriginAccessControlId`, oac.getAtt('Id'));
+  imageProcessing.addPermission('AllowCloudFrontServicePrincipal', {
+    principal: new iam.ServicePrincipal("cloudfront.amazonaws.com"),
+    action: 'lambda:InvokeFunctionUrl',
+    sourceArn: `arn:aws:cloudfront::${stack.account}:distribution/${imageDelivery.distributionId}`
+  });
+
+  return imageDelivery;
+}

lib/image-optimization-stack.ts

@@ -1,41 +1,44 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: MIT-0
-import { aws_cloudfront as cloudfront, aws_cloudfront_origins as origins, aws_iam as iam, aws_lambda as lambda, aws_logs as logs, aws_s3 as s3, aws_s3_deployment as s3deploy, CfnOutput, Duration, Fn, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib';
+import { aws_s3 as s3, aws_s3_deployment as s3deploy, Duration, CfnOutput, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
-import { getContextVariables } from './cdk-context-utils';
+import { readContext } from './cdk-context-utils';
+import { sampleWebsite } from './image-optimization-sample-website';
+import { imageOptimizationSolution } from './image-optimization-solution';
 import { getOriginShieldRegion } from './origin-shield';
-import { deploySampleWebsite } from './sample-website';
 
 export class ImageOptimizationStack extends Stack {
   constructor(scope: Construct, id: string, props?: StackProps) {
     super(scope, id, props);
 
     // Load stack parameters related to architecture from CDK context
-    const getContext = getContextVariables(this);
-    const CLOUDFRONT_CORS_ENABLED = getContext.boolean('CLOUDFRONT_CORS_ENABLED', true);
-    const CLOUDFRONT_ORIGIN_SHIELD_REGION = getContext.string('CLOUDFRONT_ORIGIN_SHIELD_REGION', getOriginShieldRegion(process.env.AWS_REGION || process.env.CDK_DEFAULT_REGION || 'us-east-1'));
+    const context = readContext(this.node);
 
-    const LAMBDA_MEMORY = getContext.number('LAMBDA_MEMORY', 1500);
-    const LAMBDA_TIMEOUT_SECONDS = getContext.number('LAMBDA_TIMEOUT', 60);
-    const MAX_IMAGE_SIZE = getContext.number('MAX_IMAGE_SIZE', 4700000);
+    const CORS_ENABLED = context.boolean('CLOUDFRONT_CORS_ENABLED', true);
+    const DEPLOY_SAMPLE_WEBSITE = context.boolean('DEPLOY_SAMPLE_WEBSITE');
+    const LAMBDA_MEMORY = context.number('LAMBDA_MEMORY', 1500);
+    const LAMBDA_TIMEOUT_SECONDS = context.number('LAMBDA_TIMEOUT', 60);
+    const MAX_IMAGE_SIZE = context.number('MAX_IMAGE_SIZE', 4700000);
+    const ORIGIN_SHIELD_REGION = context.string('CLOUDFRONT_ORIGIN_SHIELD_REGION', getOriginShieldRegion(process.env.AWS_REGION || process.env.CDK_DEFAULT_REGION || 'us-east-1'));
+    const S3_ORIGINAL_IMAGE_BUCKET_NAME = context.stringOrUndefined('S3_IMAGE_BUCKET_NAME');
+    const S3_TRANSFORMED_IMAGE_CACHE_CONTROL = context.string('S3_TRANSFORMED_IMAGE_CACHE_TTL', 'max-age=31622400');
+    const S3_TRANSFORMED_IMAGE_EXPIRATION_DAYS = context.number('S3_TRANSFORMED_IMAGE_EXPIRATION_DURATION', 90);
+    const STORE_TRANSFORMED_IMAGES = context.boolean('STORE_TRANSFORMED_IMAGES', true);
 
-    const S3_IMAGE_BUCKET_NAME = getContext.stringOrUndefined('S3_IMAGE_BUCKET_NAME');
-    const S3_TRANSFORMED_IMAGE_CACHE_TTL = getContext.string('S3_TRANSFORMED_IMAGE_CACHE_TTL', 'max-age=31622400');
-    const S3_TRANSFORMED_IMAGE_EXPIRATION_DAYS = getContext.number('S3_TRANSFORMED_IMAGE_EXPIRATION_DURATION', 90);
-    const STORE_TRANSFORMED_IMAGES = getContext.boolean('STORE_TRANSFORMED_IMAGES', true);
-
-    // If DEPLOY_SAMPLE_WEBSITE is true, this stack will deploy an additional, sample website to showcase the solution
+    // If true, this stack will deploy an additional, sample website to showcase the solution
     // Architecture of the sample website is described at https://aws.amazon.com/blogs/networking-and-content-delivery/image-optimization-using-amazon-cloudfront-and-aws-lambda/
-    if (getContext.boolean('DEPLOY_SAMPLE_WEBSITE')) {
-      deploySampleWebsite(this);
+    if (DEPLOY_SAMPLE_WEBSITE) {
+      const sampleWebsiteDelivery = sampleWebsite(this);
+      new CfnOutput(this, 'SampleWebsiteDomain', {
+        description: 'Sample website domain',
+        value: sampleWebsiteDelivery.distributionDomainName
+      });
     }
 
-    // ********************* Image Optimization Resources *********************
-
     // For original images, use existing S3 bucket if provided, otherwise create a new one with sample images
     let originalImageBucket: s3.IBucket;
-    if (S3_IMAGE_BUCKET_NAME) {
-      originalImageBucket = s3.Bucket.fromBucketName(this, 'imported-original-image-bucket', S3_IMAGE_BUCKET_NAME);
+    if (S3_ORIGINAL_IMAGE_BUCKET_NAME) {
+      originalImageBucket = s3.Bucket.fromBucketName(this, 'imported-original-image-bucket', S3_ORIGINAL_IMAGE_BUCKET_NAME);
     } else {
       originalImageBucket = new s3.Bucket(this, 's3-sample-original-image-bucket', {
         removalPolicy: RemovalPolicy.DESTROY,
@@ -55,120 +58,21 @@ export class ImageOptimizationStack extends Stack {
       value: originalImageBucket.bucketName
     });
 
-    // Create Lambda function for image processing
-    const imageProcessing = new lambda.Function(this, 'image-optimization', {
-      code: lambda.Code.fromAsset('functions/image-processing'),
-      environment: {
-        maxImageSize: String(MAX_IMAGE_SIZE),
-        originalImageBucketName: originalImageBucket.bucketName,
-        transformedImageCacheTTL: S3_TRANSFORMED_IMAGE_CACHE_TTL,
-      },
-      handler: 'index.handler',
-      // let downloads of original images from S3
-      initialPolicy: [
-        new iam.PolicyStatement({
-          actions: ['s3:GetObject'],
-          resources: [`arn:aws:s3:::${originalImageBucket.bucketName}/*`]
-        }),
-      ],
-      logRetention: logs.RetentionDays.ONE_DAY,
-      memorySize: LAMBDA_MEMORY,
-      runtime: lambda.Runtime.NODEJS_20_X,
-      timeout: Duration.seconds(LAMBDA_TIMEOUT_SECONDS),
-    });
-
-    // Enable Lambda URL and create Amazon CloudFront origin
-    const imageProcessingURL = imageProcessing.addFunctionUrl();
-    const imageProcessingDomainName = Fn.parseDomainName(imageProcessingURL.url);
-    const originProps = { originShieldRegion: CLOUDFRONT_ORIGIN_SHIELD_REGION };
-    const imageProcessingLambdaOrigin = new origins.HttpOrigin(imageProcessingDomainName, originProps);
-
-    // Create custom response headers policy with CORS requests allowed for all origins
-    const getCorsResponsePolicy = () => new cloudfront.ResponseHeadersPolicy(this, 'cors-response-policy', {
-      responseHeadersPolicyName: `CorsResponsePolicy${this.node.addr}`,
-      corsBehavior: {
-        accessControlAllowCredentials: false,
-        accessControlAllowHeaders: ['*'],
-        accessControlAllowMethods: ['GET'],
-        accessControlAllowOrigins: ['*'],
-        accessControlMaxAge: Duration.seconds(600),
-        originOverride: false,
-      },
-      // Recognize image requests that were processed by this solution
-      customHeadersBehavior: {
-        customHeaders: [
-          { header: 'x-aws-image-optimization', value: 'v1.0', override: true },
-          { header: 'vary', value: 'accept', override: true },
-        ]
-      }
+    // Create Amazon CloudFront distribution to deliver optimized images
+    const imageOptimization = imageOptimizationSolution(this, {
+      corsEnabled: CORS_ENABLED,
+      lambdaMemory: LAMBDA_MEMORY,
+      lambdaTimeout: Duration.seconds(LAMBDA_TIMEOUT_SECONDS),
+      maxImageSizeBytes: MAX_IMAGE_SIZE,
+      originalImageBucket: originalImageBucket,
+      originShieldRegion: ORIGIN_SHIELD_REGION,
+      storeTransformedImages: STORE_TRANSFORMED_IMAGES,
+      transformedImageCacheControl: S3_TRANSFORMED_IMAGE_CACHE_CONTROL,
+      transformedImageExpiration: Duration.days(S3_TRANSFORMED_IMAGE_EXPIRATION_DAYS),
     });
-
-    // Create an S3 origin with fallback to Lambda
-    const getS3OriginWithFallbackToLambda = () => {
-      const transformedImageBucket = new s3.Bucket(this, 's3-transformed-image-bucket', {
-        autoDeleteObjects: true,
-        lifecycleRules: [{ expiration: Duration.days(S3_TRANSFORMED_IMAGE_EXPIRATION_DAYS) }],
-        removalPolicy: RemovalPolicy.DESTROY,
-      });
-      imageProcessing.addEnvironment('transformedImageBucketName', transformedImageBucket.bucketName);
-      imageProcessing.role!.addToPrincipalPolicy(
-        new iam.PolicyStatement({
-          actions: ['s3:PutObject'],
-          resources: [`arn:aws:s3:::${transformedImageBucket.bucketName}/*`]
-        })
-      );
-      return new origins.OriginGroup({
-        primaryOrigin: origins.S3BucketOrigin.withOriginAccessIdentity(transformedImageBucket, originProps),
-        fallbackOrigin: imageProcessingLambdaOrigin,
-        fallbackStatusCodes: [403, 500, 503, 504],
-      });
-    };
-
-    // Create content delivery distribution with Amazon CloudFront for optimized images
-    const imageDelivery = new cloudfront.Distribution(this, 'image-delivery-distribution', {
-      comment: 'Image Optimization - image delivery',
-      defaultBehavior: {
-        cachePolicy: new cloudfront.CachePolicy(this, `ImageCachePolicy${this.node.addr}`, {
-          defaultTtl: Duration.hours(24),
-          maxTtl: Duration.days(365),
-          minTtl: Duration.seconds(0),
-          queryStringBehavior: cloudfront.CacheQueryStringBehavior.all()
-        }),
-        compress: false,
-        functionAssociations: [{
-          eventType: cloudfront.FunctionEventType.VIEWER_REQUEST,
-          function: new cloudfront.Function(this, 'urlRewrite', {
-            code: cloudfront.FunctionCode.fromFile({ filePath: 'functions/url-rewrite/index.js' }),
-            functionName: `urlRewriteFunction${this.node.addr}`,
-          })
-        }],
-        origin: STORE_TRANSFORMED_IMAGES ? getS3OriginWithFallbackToLambda() : imageProcessingLambdaOrigin,
-        responseHeadersPolicy: CLOUDFRONT_CORS_ENABLED ? getCorsResponsePolicy() : undefined,
-        viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
-      }
-    });
-
-    // Add OAC between CloudFront and LambdaURL
-    const oac = new cloudfront.CfnOriginAccessControl(this, 'origin-access-control', {
-      originAccessControlConfig: {
-        name: `oac${this.node.addr}`,
-        originAccessControlOriginType: 'lambda',
-        signingBehavior: 'always',
-        signingProtocol: 'sigv4',
-      }
-    });
-
-    const cfnImageDelivery = imageDelivery.node.defaultChild as cloudfront.CfnDistribution;
-    cfnImageDelivery.addPropertyOverride(`DistributionConfig.Origins.${STORE_TRANSFORMED_IMAGES ? '1' : '0'}.OriginAccessControlId`, oac.getAtt('Id'));
-    imageProcessing.addPermission('AllowCloudFrontServicePrincipal', {
-      principal: new iam.ServicePrincipal("cloudfront.amazonaws.com"),
-      action: 'lambda:InvokeFunctionUrl',
-      sourceArn: `arn:aws:cloudfront::${this.account}:distribution/${imageDelivery.distributionId}`
-    });
-
     new CfnOutput(this, 'image-delivery-domain', {
-      description: 'Domain name of image delivery',
-      value: imageDelivery.distributionDomainName
+      description: 'Image delivery domain',
+      value: imageOptimization.distributionDomainName
     });
   }
 }