Update OpenSearch UBI implementation with webapp backend and deployment scripts

Author: mateon01

.gitignore

@@ -86,7 +86,6 @@ env/
 # === Java / Gradle ===
 .gradle/
 build/
-bin/
 !**/src/main/**/bin/
 !**/src/test/**/bin/
 *.class

opensearch/opensearch_ubi/.gitignore

@@ -10,10 +10,33 @@ node_modules/
 *.d.ts
 !jest.config.js
 
-# Lambda layer build
-lambda/layers/dependencies/python/*
+# Lambda layer dependencies (installed during deploy)
+lambda/layers/dependencies/python/
 !lambda/layers/dependencies/python/.gitkeep
-lambda/webapp-backend/
+
+# Lambda webapp-backend dependencies (installed during deploy)
+# Exclude all except source files
+lambda/webapp-backend/*
+!lambda/webapp-backend/main.py
+!lambda/webapp-backend/requirements.txt
+!lambda/webapp-backend/.gitkeep
+
+# Lambda function dependencies (if any)
+lambda/functions/**/package/
+lambda/functions/**/__pycache__/
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+*.egg-info/
+.eggs/
+*.egg
+.dist-info/
+
+# Archives
 *.zip
 
 # IDE
@@ -33,3 +56,7 @@ npm-debug.log*
 # Test coverage
 coverage/
 .nyc_output/
+
+# Environment
+.env
+.env.local

opensearch/opensearch_ubi/bin/app.ts

@@ -0,0 +1,203 @@
+#!/usr/bin/env node
+/**
+ * CDK App Entry Point - UBI to LTR Pipeline Infrastructure.
+ *
+ * This app deploys the complete infrastructure for:
+ * 1. OpenSearch Service domain with UBI plugin support
+ * 2. OSI (OpenSearch Ingestion) pipeline configurations
+ * 3. S3 buckets for data storage
+ * 4. Lambda functions for judgment generation
+ * 5. Step Functions for pipeline orchestration
+ *
+ * Usage:
+ *   npm run build
+ *   cdk deploy --all
+ *
+ * Environment variables:
+ *   CDK_DEFAULT_ACCOUNT - AWS account ID
+ *   CDK_DEFAULT_REGION  - AWS region (default: us-east-1)
+ *   ENV_PREFIX          - Environment prefix (default: dev)
+ */
+
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import { IamStack } from '../lib/iam-stack';
+import { StorageStack } from '../lib/storage-stack';
+import { OpenSearchStack } from '../lib/opensearch-stack';
+import { OsiStack } from '../lib/osi-stack';
+import { ProcessingStack } from '../lib/processing-stack';
+import { SetupStack } from '../lib/setup-stack';
+import { WebappStack } from '../lib/webapp-stack';
+
+const app = new cdk.App();
+
+// ===========================================================================
+// Configuration
+// ===========================================================================
+const envPrefix = app.node.tryGetContext('envPrefix') ?? process.env.ENV_PREFIX ?? 'dev';
+const region = app.node.tryGetContext('region') ?? process.env.CDK_DEFAULT_REGION ?? 'us-east-1';
+const account = process.env.CDK_DEFAULT_ACCOUNT ?? process.env.AWS_ACCOUNT_ID;
+
+// OpenSearch configuration
+const openSearchConfig = {
+  version: app.node.tryGetContext('opensearchVersion') ?? '3.3',
+  instanceType: app.node.tryGetContext('instanceType') ?? 't3.small.search',
+  instanceCount: parseInt(app.node.tryGetContext('instanceCount') ?? '1'),
+  ebsVolumeSize: parseInt(app.node.tryGetContext('ebsVolumeSize') ?? '20'),
+  dedicatedMasterEnabled: app.node.tryGetContext('dedicatedMaster') === 'true',
+  multiAzEnabled: app.node.tryGetContext('multiAz') === 'true',
+};
+
+// Processing configuration
+const processingConfig = {
+  bedrockModelId: app.node.tryGetContext('bedrockModelId') ?? 'us.anthropic.claude-sonnet-4-5-20250929-v1:0',
+  enableSchedule: app.node.tryGetContext('enableSchedule') === 'true',
+  scheduleExpression: app.node.tryGetContext('scheduleExpression') ?? 'rate(1 day)',
+};
+
+const env: cdk.Environment = {
+  account,
+  region,
+};
+
+console.log(`
+===========================================================================
+UBI to LTR Pipeline Infrastructure
+===========================================================================
+Environment:  ${envPrefix}
+Region:       ${region}
+Account:      ${account ?? 'Not specified (will use default)'}
+
+OpenSearch Configuration:
+  - Version:        ${openSearchConfig.version}
+  - Instance Type:  ${openSearchConfig.instanceType}
+  - Instance Count: ${openSearchConfig.instanceCount}
+  - EBS Volume:     ${openSearchConfig.ebsVolumeSize} GB
+
+Processing Configuration:
+  - Bedrock Model:  ${processingConfig.bedrockModelId}
+  - Scheduled:      ${processingConfig.enableSchedule}
+===========================================================================
+`);
+
+// ===========================================================================
+// Stack Deployment
+// ===========================================================================
+
+// 1. Storage Stack (S3 buckets)
+const storageStack = new StorageStack(app, `UbiLtr-StorageStack-${envPrefix}`, {
+  stackName: `${envPrefix}-ubi-ltr-storage`,
+  description: 'S3 buckets for UBI-LTR pipeline data storage',
+  env,
+  envPrefix,
+  iaTransitionDays: 30,
+  retentionDays: 365,
+  enableVersioning: true,
+});
+
+// 2. IAM Stack (roles and policies)
+const iamStack = new IamStack(app, `UbiLtr-IamStack-${envPrefix}`, {
+  stackName: `${envPrefix}-ubi-ltr-iam`,
+  description: 'IAM roles and policies for UBI-LTR pipeline',
+  env,
+  envPrefix,
+  dataBucketArn: storageStack.dataBucket.bucketArn,
+});
+
+// Add dependency
+iamStack.addDependency(storageStack);
+
+// 3. OpenSearch Stack (domain + OSI configs)
+const openSearchStack = new OpenSearchStack(app, `UbiLtr-OpenSearchStack-${envPrefix}`, {
+  stackName: `${envPrefix}-ubi-ltr-opensearch`,
+  description: 'OpenSearch Service domain with UBI support',
+  env,
+  envPrefix,
+  openSearchVersion: openSearchConfig.version,
+  instanceType: openSearchConfig.instanceType,
+  instanceCount: openSearchConfig.instanceCount,
+  ebsVolumeSize: openSearchConfig.ebsVolumeSize,
+  dedicatedMasterEnabled: openSearchConfig.dedicatedMasterEnabled,
+  multiAzEnabled: openSearchConfig.multiAzEnabled,
+  osiPipelineRoleArn: iamStack.osiPipelineRole.roleArn,
+  dlqBucketArn: storageStack.dlqBucket.bucketArn,
+});
+
+// Add dependencies
+openSearchStack.addDependency(iamStack);
+openSearchStack.addDependency(storageStack);
+
+// 3.5 OSI Stack (OpenSearch Ingestion pipelines for UBI)
+const osiStack = new OsiStack(app, `UbiLtr-OsiStack-${envPrefix}`, {
+  stackName: `${envPrefix}-ubi-ltr-osi`,
+  description: 'OSI pipelines for UBI queries and events ingestion',
+  env,
+  envPrefix,
+  openSearchEndpoint: openSearchStack.domainEndpoint,
+  osiPipelineRoleArn: iamStack.osiPipelineRole.roleArn,
+  dlqBucketName: storageStack.dlqBucket.bucketName,
+});
+
+// Add dependencies - OSI needs OpenSearch domain endpoint and IAM role
+osiStack.addDependency(openSearchStack);
+osiStack.addDependency(iamStack);
+osiStack.addDependency(storageStack);
+
+// 4. Processing Stack (Lambda + Step Functions)
+// Pass role ARNs instead of role objects to avoid circular dependencies
+const processingStack = new ProcessingStack(app, `UbiLtr-ProcessingStack-${envPrefix}`, {
+  stackName: `${envPrefix}-ubi-ltr-processing`,
+  description: 'Lambda functions and Step Functions for UBI-LTR pipeline',
+  env,
+  envPrefix,
+  openSearchEndpoint: openSearchStack.domainEndpoint,
+  masterUserSecretArn: openSearchStack.masterUserSecret.secretArn,
+  dataBucket: storageStack.dataBucket,
+  lambdaExecutionRoleArn: iamStack.lambdaExecutionRole.roleArn,
+  stepFunctionsRoleArn: iamStack.stepFunctionsRole.roleArn,
+  bedrockModelId: processingConfig.bedrockModelId,
+  enableSchedule: processingConfig.enableSchedule,
+  scheduleExpression: processingConfig.scheduleExpression,
+});
+
+// Add dependencies
+processingStack.addDependency(openSearchStack);
+processingStack.addDependency(iamStack);
+processingStack.addDependency(storageStack);
+
+// 5. Setup Stack (OpenSearch initialization)
+// This stack creates indices, role mappings, and sample data
+const setupStack = new SetupStack(app, `UbiLtr-SetupStack-${envPrefix}`, {
+  stackName: `${envPrefix}-ubi-ltr-setup`,
+  description: 'OpenSearch initialization with indices, role mappings, and sample data',
+  env,
+  envPrefix,
+  openSearchEndpoint: openSearchStack.domainEndpoint,
+  masterUserSecretArn: openSearchStack.masterUserSecret.secretArn,
+  lambdaExecutionRoleArn: iamStack.lambdaExecutionRole.roleArn,
+  osiPipelineRoleArn: iamStack.osiPipelineRole.roleArn,
+});
+
+// Add dependencies - setup must run after OpenSearch and IAM are ready
+setupStack.addDependency(openSearchStack);
+setupStack.addDependency(iamStack);
+
+// 6. Webapp Stack (Lambda API + Frontend)
+// Frontend deployment is enabled by default - requires: cd webapp/frontend && npm run build
+const deployFrontend = app.node.tryGetContext('deployFrontend') !== 'false';
+const webappStack = new WebappStack(app, `UbiLtr-WebappStack-${envPrefix}`, {
+  stackName: `${envPrefix}-ubi-ltr-webapp`,
+  description: 'API Gateway, Lambda backend, and S3/CloudFront frontend for UBI webapp',
+  env,
+  envPrefix,
+  masterUserSecretArn: openSearchStack.masterUserSecret.secretArn,
+  deployFrontend,
+});
+
+// Add dependencies - webapp needs OpenSearch to be ready (for SSM parameters)
+webappStack.addDependency(openSearchStack);
+
+// ===========================================================================
+// App Synthesis
+// ===========================================================================
+app.synth();

opensearch/opensearch_ubi/deploy.sh

@@ -95,6 +95,22 @@ check_prerequisites() {
         print_success "npm: $(npm --version)"
     fi
 
+    # Check Python (for Lambda dependencies)
+    if ! command -v python3 &> /dev/null; then
+        missing+=("python3")
+    else
+        PYTHON_VERSION=$(python3 --version 2>&1 | sed 's/Python //')
+        print_success "Python: $PYTHON_VERSION"
+    fi
+
+    # Check pip
+    if ! command -v pip3 &> /dev/null && ! python3 -m pip --version &> /dev/null; then
+        missing+=("pip3")
+    else
+        PIP_VERSION=$(python3 -m pip --version 2>&1 | head -n1)
+        print_success "pip: $PIP_VERSION"
+    fi
+
     # Check AWS credentials
     if ! aws sts get-caller-identity &> /dev/null; then
         print_error "AWS credentials not configured or invalid"
@@ -110,6 +126,7 @@ check_prerequisites() {
         echo "Please install missing dependencies:"
         echo "  - AWS CLI: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html"
         echo "  - Node.js: https://nodejs.org/ (v18 or higher)"
+        echo "  - Python 3: https://www.python.org/downloads/ (v3.9 or higher)"
         echo "  - AWS credentials: aws configure"
         exit 1
     fi
@@ -130,6 +147,59 @@ install_dependencies() {
     cd "$SCRIPT_DIR"
 }
 
+install_python_dependencies() {
+    print_step "Installing Python dependencies for Lambda..."
+
+    # Install webapp-backend dependencies
+    local WEBAPP_DIR="$SCRIPT_DIR/lambda/webapp-backend"
+    if [ -f "$WEBAPP_DIR/requirements.txt" ]; then
+        echo "Installing webapp-backend dependencies..."
+
+        # Clean up old packages (keep only main.py and requirements.txt)
+        find "$WEBAPP_DIR" -mindepth 1 -maxdepth 1 \
+            ! -name "main.py" \
+            ! -name "requirements.txt" \
+            ! -name ".gitkeep" \
+            -exec rm -rf {} + 2>/dev/null || true
+
+        # Install dependencies to the directory
+        python3 -m pip install \
+            --quiet \
+            --target "$WEBAPP_DIR" \
+            -r "$WEBAPP_DIR/requirements.txt"
+
+        # Count installed packages
+        PKG_COUNT=$(find "$WEBAPP_DIR" -maxdepth 1 -type d | wc -l | tr -d ' ')
+        print_success "webapp-backend dependencies installed ($PKG_COUNT packages)"
+    else
+        print_warning "webapp-backend/requirements.txt not found, skipping"
+    fi
+
+    # Install layer dependencies
+    local LAYER_DIR="$SCRIPT_DIR/lambda/layers/dependencies"
+    if [ -f "$LAYER_DIR/requirements.txt" ]; then
+        echo "Installing Lambda layer dependencies..."
+
+        # Create python directory for layer
+        mkdir -p "$LAYER_DIR/python"
+
+        # Clean up old packages
+        rm -rf "$LAYER_DIR/python/"* 2>/dev/null || true
+
+        # Install dependencies to python/ directory (Lambda layer structure)
+        python3 -m pip install \
+            --quiet \
+            --target "$LAYER_DIR/python" \
+            -r "$LAYER_DIR/requirements.txt"
+
+        # Count installed packages
+        PKG_COUNT=$(find "$LAYER_DIR/python" -maxdepth 1 -type d | wc -l | tr -d ' ')
+        print_success "Lambda layer dependencies installed ($PKG_COUNT packages)"
+    else
+        print_warning "lambda/layers/dependencies/requirements.txt not found, skipping"
+    fi
+}
+
 build_frontend() {
     print_step "Building frontend application..."
 
@@ -322,6 +392,7 @@ fi
 # Execute deployment steps
 check_prerequisites
 install_dependencies
+install_python_dependencies
 build_frontend
 bootstrap_cdk
 deploy_stacks

opensearch/opensearch_ubi/lambda/layers/dependencies/python/.gitkeep

@@ -0,0 +1,2 @@
+# This file ensures the directory is tracked by git
+# Python dependencies are installed during deployment via requirements.txt