feat: add CDK stack for Interacting Bear static website deployment with S3, CloudFront, and Route53

Author: devsteppe9

cdk/.gitignore

@@ -0,0 +1,173 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# CDK specific
+*.swp
+*.swo
+*~
+
+# CDK Context & Staging files
+.cdk.staging
+cdk.context.json
+
+# CDK output
+cdk.out/
+
+# Node modules (if using TypeScript CDK)
+node_modules/
+
+# IDE
+.vscode/
+.idea/
+*.iml
+
+# OS generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Local environment variables
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+# AWS credentials (should never be committed)
+.aws/
+credentials
+config
+
+# Temporary files
+*.tmp
+*.temp

cdk/README.md

@@ -0,0 +1,88 @@
+# Interacting Bear Static Website CDK Deployment
+
+This CDK project deploys the infrastructure for the Interacting Bear static website at `interactingbear.jackjapar.com`.
+
+## Infrastructure Components
+
+- **S3 Bucket**: Stores the static website files
+- **CloudFront Distribution**: CDN for global content delivery
+- **SSL Certificate**: Automatic SSL certificate for the custom domain
+- **Route53 Record**: DNS record pointing to CloudFront distribution
+
+## Prerequisites
+
+1. AWS CLI configured with appropriate permissions
+2. AWS CDK CLI installed (`npm install -g aws-cdk`)
+3. Python 3.7+
+4. The `jackjapar.com` domain already configured in Route53
+
+## Setup and Deployment
+
+1. **Install CDK dependencies:**
+   ```bash
+   cd cdk
+   python3 -m venv .venv
+   source .venv/bin/activate
+   pip install --upgrade pip
+   pip install -r requirements.txt
+   ```
+
+2. **Bootstrap CDK (first time only):**
+   ```bash
+   cdk bootstrap
+   ```
+
+3. **Deploy the stack:**
+   ```bash
+   cdk deploy
+   ```
+
+4. **Manual Website Upload:**
+   After deployment, upload your website files from `./build/web` to the S3 bucket:
+   ```bash
+   aws s3 sync ../build/web s3://interacting-bear-static-website --delete
+   ```
+
+5. **Invalidate CloudFront cache (if needed):**
+   ```bash
+   aws cloudfront create-invalidation --distribution-id <DISTRIBUTION_ID> --paths "/*"
+   ```
+
+## Stack Outputs
+
+After deployment, you'll see:
+- **BucketName**: S3 bucket name for manual uploads
+- **DistributionId**: CloudFront distribution ID for cache invalidation
+- **WebsiteURL**: Your website URL (https://interactingbear.jackjapar.com)
+
+## Manual Upload Process
+
+Since the website files are not automatically deployed by CDK, you'll need to:
+
+1. Build your Flutter web app:
+   ```bash
+   flutter build web
+   ```
+
+2. Upload to S3:
+   ```bash
+   aws s3 sync ./build/web s3://interacting-bear-static-website --delete
+   ```
+
+3. Invalidate CloudFront cache:
+   ```bash
+   aws cloudfront create-invalidation --distribution-id <DISTRIBUTION_ID> --paths "/*"
+   ```
+
+## Security Features
+
+- S3 bucket blocks all public access
+- CloudFront uses Origin Access Control (OAC) for secure S3 access
+- SSL/TLS certificate automatically provisioned and renewed
+- HTTPS redirect enforced
+
+## Cost Optimization
+
+- CloudFront compression enabled
+- Optimized caching policies
+- Versioned S3 bucket for backup and rollback capabilities

cdk/app.py

@@ -0,0 +1,19 @@
+#!/usr/bin/env python3
+import os
+import aws_cdk as cdk
+from static_website.static_website_stack import StaticWebsiteStack
+
+app = cdk.App()
+
+# Get environment variables for AWS account and region
+account = os.getenv('CDK_DEFAULT_ACCOUNT')
+region = os.getenv('CDK_DEFAULT_REGION', 'us-east-1')  # CloudFront requires certificates in us-east-1
+
+StaticWebsiteStack(app, "InteractingBearStaticWebsiteStack",
+    domain_name="interactingbear.jackjapar.com",
+    hosted_zone_name="jackjapar.com",
+    env=cdk.Environment(account=account, region=region),
+    description="Static website deployment for Interacting Bear Flutter app"
+)
+
+app.synth()

cdk/cdk.json

@@ -0,0 +1,38 @@
+{
+    "app": "python3 app.py",
+    "watch": {
+        "include": [
+            "**"
+        ],
+        "exclude": [
+            "README.md",
+            "cdk*.json",
+            "requirements*.txt",
+            "source.bat",
+            "**/__pycache__",
+            "**/*.pyc"
+        ]
+    },
+    "context": {
+        "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+        "@aws-cdk/core:checkSecretUsage": true,
+        "@aws-cdk/core:target": "aws-cdk-lib.assertions",
+        "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
+        "aws-cdk:enableDiffNoFail": true,
+        "@aws-cdk/core:stackRelativeExports": true,
+        "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
+        "@aws-cdk/aws-lambda:recognizeVersionProps": true,
+        "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true,
+        "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+        "@aws-cdk/aws-redshift:columnId": true,
+        "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+        "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+        "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+        "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+        "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+        "@aws-cdk/core:enablePartitionLiterals": true,
+        "@aws-cdk/core:disableDeprecatedFlagProcessing": true,
+        "@aws-cdk/aws-s3-deployment:createDefaultLoggingPolicy": true,
+        "@aws-cdk/aws-sns:restrictSqsDescryption": true
+    }
+}

cdk/requirements.txt

@@ -0,0 +1,3 @@
+aws-cdk-lib>=2.100.0
+constructs>=10.0.0
+boto3>=1.26.0

cdk/static_website/__init__.py

@@ -0,0 +1 @@
+# Static Website CDK Stack