Update sample app

Author: yacchi

Makefile

@@ -13,3 +13,12 @@ stop:
 lint:
 	go vet ./...
 	go run honnef.co/go/tools/cmd/staticcheck@latest ./...
+
+SIMPLE_EXAMPLE_DIR := example/simple
+
+sample-image:
+	docker build -t sampleapp -f contrib/containerd-lambda/Dockerfile .
+
+simple-example:
+	env GOOS=linux GOARCH=amd64 go build -o $(SIMPLE_EXAMPLE_DIR)/main $(SIMPLE_EXAMPLE_DIR)/main.go
+	cd $(SIMPLE_EXAMPLE_DIR) && zip -o main.zip main

contrib/containerd-lambda/Dockerfile

@@ -0,0 +1 @@
+nodejs 22.2.0

contrib/sample-lambda-app/.tool-versions

@@ -0,0 +1,10 @@
+TAG ?= lambda-http-adaptor
+
+image:
+	docker build -t $(TAG) src
+
+run: image
+	docker run --rm \
+		--name lambda-http-adaptor \
+		-p 9000:8080 \
+		$(TAG)

contrib/sample-lambda-app/Makefile

@@ -1,3 +1,3 @@
 {
-  "app": "yarn ts-node cdk.ts"
+  "app": "pnpm ts-node cdk.ts"
 }

contrib/sample-lambda-app/cdk.json

@@ -1,126 +1,151 @@
-import * as core from "@aws-cdk/core"
-import * as iam from "@aws-cdk/aws-iam"
-import {Effect} from "@aws-cdk/aws-iam"
-import * as lambda from "@aws-cdk/aws-lambda"
-import * as apiGWv1 from "@aws-cdk/aws-apigateway"
-import {AuthorizationType} from "@aws-cdk/aws-apigateway"
-import * as apiGWv2 from "@aws-cdk/aws-apigatewayv2"
-import {GoFunction} from "@aws-cdk/aws-lambda-go"
-import {LambdaProxyIntegration, LambdaWebSocketIntegration} from "@aws-cdk/aws-apigatewayv2-integrations"
-import {RetentionDays} from "@aws-cdk/aws-logs";
-import * as path from "path";
-
-(() => {
-    const app = new core.App()
-
-    const env = {
-        region: app.node.tryGetContext('region') || process.env['CDK_DEFAULT_REGION'] || process.env['AWS_DEFAULT_REGION'],
-        account: app.node.tryGetContext('account') || process.env['CDK_DEFAULT_ACCOUNT'] || process.env['AWS_ACCOUNT'],
-    }
-
-    const prefix = "SampleApp"
-
-    const stack = new core.Stack(app, "SampleLambdaApp", {env})
-
-    const role = new iam.Role(stack, `${prefix}Role`, {
-        roleName: "sample-app",
-        assumedBy: new iam.ServicePrincipal("lambda.amazonaws.com"),
-        managedPolicies: [
-            iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole")
-        ],
-        inlinePolicies: {
-            Websocket: new iam.PolicyDocument({
-                statements: [
-                    new iam.PolicyStatement({
-                        effect: Effect.ALLOW,
-                        actions: [
-                            "execute-api:ManageConnections",
-                        ],
-                        resources: [
-                            `arn:${core.Aws.PARTITION}:execute-api:*:${core.Aws.ACCOUNT_ID}:*/*/*/*`  
+import * as core from "aws-cdk-lib/core"
+import {Size} from "aws-cdk-lib/core"
+import * as iam from "aws-cdk-lib/aws-iam"
+import {Effect} from "aws-cdk-lib/aws-iam"
+import * as lambda from "aws-cdk-lib/aws-lambda"
+import * as apiGWv1 from "aws-cdk-lib/aws-apigateway"
+import {AuthorizationType} from "aws-cdk-lib/aws-apigateway"
+import * as apiGWv2 from "aws-cdk-lib/aws-apigatewayv2"
+import {HttpLambdaIntegration, WebSocketLambdaIntegration} from "aws-cdk-lib/aws-apigatewayv2-integrations"
+import {LogGroup, RetentionDays} from "aws-cdk-lib/aws-logs"
+
+const app = new core.App()
+
+const env = {
+    region: app.node.tryGetContext('region') || process.env['CDK_DEFAULT_REGION'] || process.env['AWS_DEFAULT_REGION'],
+    account: app.node.tryGetContext('account') || process.env['CDK_DEFAULT_ACCOUNT'] || process.env['AWS_ACCOUNT'],
+}
+
+const prefix = "SampleApp"
+
+const stack = new core.Stack(app, "SampleLambdaApp", {env})
+
+const handler = new lambda.DockerImageFunction(stack, `${prefix}Container`, {
+    code: lambda.DockerImageCode.fromImageAsset("src"),
+    memorySize: 128,
+    timeout: core.Duration.minutes(1),
+    architecture: lambda.Architecture.X86_64,
+    logGroup: new LogGroup(stack, `${prefix}LogGroup`, {
+        logGroupName: `/aws/lambda/${prefix}Container`,
+        retention: RetentionDays.THREE_MONTHS,
+        removalPolicy: core.RemovalPolicy.DESTROY,
+    })
+})
+
+handler.addToRolePolicy(new iam.PolicyStatement({
+    effect: Effect.ALLOW,
+    actions: [
+        "execute-api:ManageConnections",
+    ],
+    resources: [
+        `arn:${core.Aws.PARTITION}:execute-api:*:${core.Aws.ACCOUNT_ID}:*/*/*/*`
+    ],
+}))
+
+const integrationV1 = new apiGWv1.LambdaIntegration(handler)
+
+const integrationV2 = new HttpLambdaIntegration("HTTPAPI", handler)
+
+const restAPI = new apiGWv1.RestApi(stack, `${prefix}API-REST`, {
+    restApiName: "sample-app-rest",
+    cloudWatchRole: false,
+    endpointTypes: [apiGWv1.EndpointType.REGIONAL],
+    minCompressionSize: Size.kibibytes(100),
+    policy: new iam.PolicyDocument({
+        statements: [
+            new iam.PolicyStatement({
+                effect: Effect.ALLOW,
+                principals: [
+                    new iam.AnyPrincipal()
+                ],
+                actions: [
+                    "execute-api:Invoke"
+                ],
+                resources: [
+                    "execute-api:/*"
+                ],
+                conditions: {
+                    StringEquals: {
+                        "aws:PrincipalOrgID": [
+                            "o-aq4agy4d07"  // dmgw
                         ],
-                    })
-                ]
+                    }
+                },
             })
-        }
-    })
-
-    const appDir = path.join(__dirname, "app")
-
-    const handler = new GoFunction(stack, `${prefix}Func`, {
-        functionName: "sample-app",
-        role,
-        logRetention: RetentionDays.THREE_MONTHS,
-        runtime: lambda.Runtime.GO_1_X,
-        entry: path.join(appDir, "main.go"),
-        bundling: {
-            goBuildFlags: [`-ldflags='-s -w'`],
-            cgoEnabled: false,
-        },
-        memorySize: 128,
-        timeout: core.Duration.minutes(1),
-    })
-
-    const integrationV1 = new apiGWv1.LambdaIntegration(handler)
-
-    const integrationV2 = new LambdaProxyIntegration({
-        handler,
-    })
-
-    const restAPI = new apiGWv1.RestApi(stack, `${prefix}API-REST`, {
-        restApiName: "sample-app-rest",
-        cloudWatchRole: false,
-        endpointTypes: [apiGWv1.EndpointType.REGIONAL],
+        ]
     })
+})
 
-    restAPI.root.addProxy({
-        anyMethod: true,
-        defaultIntegration: integrationV1,
-        defaultMethodOptions: {
-            authorizationType: AuthorizationType.IAM,
-        }
-    })
-
-    const httpAPI = new apiGWv2.HttpApi(stack, `${prefix}API-HTTP`, {
-        apiName: "sample-app-http",
-        createDefaultStage: true,
-    })
-
-    httpAPI.addRoutes({
-        path: "/{proxy+}",
-        methods: [
-            apiGWv2.HttpMethod.ANY,
-        ],
-        integration: integrationV2,
-    })
+restAPI.root.addProxy({
+    anyMethod: true,
+    defaultIntegration: integrationV1,
+    defaultMethodOptions: {
+        authorizationType: AuthorizationType.IAM,
+    }
+})
 
-    new apiGWv2.HttpStage(stack, `${prefix}APIStage`, {
-        httpApi: httpAPI,
-        stageName: "test",
-        autoDeploy: true,
-    })
+const deploy = new apiGWv1.Deployment(stack, `${prefix}-API-REST-Deploy`, {
+    api: restAPI,
+})
 
-    const integrationWS = new LambdaWebSocketIntegration({
-        handler,
+const stages = ["dev"].map(stageName => {
+    const stage = new apiGWv1.Stage(stack, `${prefix}-API-REST-Stage-${stageName}`, {
+        stageName,
+        deployment: deploy,
     })
-
-    const webSocketApi = new apiGWv2.WebSocketApi(stack, `${prefix}API-WS`, {
-        apiName: "websocket-api",
-        routeSelectionExpression: "$request.body.action",
-        connectRouteOptions: {
-            integration: integrationWS,
-        },
-        disconnectRouteOptions: {
-            integration: integrationWS,
-        },
-        defaultRouteOptions: {
-            integration: integrationWS,
-        },
-    })
-
-    new apiGWv2.WebSocketStage(stack, `${prefix}API-WS-Prod`, {
-        stageName: "prod",
-        webSocketApi,
-        autoDeploy: true,
+    handler.addPermission(`${prefix}Func-Policy-API-REST-Stage-${stageName}`, {
+        principal: new iam.ServicePrincipal("apigateway.amazonaws.com"),
+        action: "lambda:InvokeFunction",
+        sourceArn: restAPI.arnForExecuteApi("*", "/*", stageName)
     })
-})()
+    return stage
+})
+
+handler.addPermission(`${prefix}Func-Policy-API-REST`, {
+    principal: new iam.ServicePrincipal("apigateway.amazonaws.com"),
+    action: "lambda:InvokeFunction",
+    sourceArn: restAPI.arnForExecuteApi()
+})
+
+const httpAPI = new apiGWv2.HttpApi(stack, `${prefix}API-HTTP`, {
+    apiName: "sample-app-http",
+    createDefaultStage: true,
+})
+
+httpAPI.addRoutes({
+    path: "/{proxy+}",
+    methods: [
+        apiGWv2.HttpMethod.ANY,
+    ],
+    integration: integrationV2,
+})
+
+new apiGWv2.HttpStage(stack, `${prefix}APIStage`, {
+    httpApi: httpAPI,
+    stageName: "test",
+    autoDeploy: true,
+})
+
+const integrationWS = new WebSocketLambdaIntegration("WebsocketAPI", handler)
+
+const webSocketApi = new apiGWv2.WebSocketApi(stack, `${prefix}API-WS`, {
+    apiName: "websocket-api",
+    routeSelectionExpression: "$request.body.action",
+    connectRouteOptions: {
+        integration: integrationWS,
+    },
+    disconnectRouteOptions: {
+        integration: integrationWS,
+    },
+    defaultRouteOptions: {
+        integration: integrationWS,
+    },
+})
+
+new apiGWv2.WebSocketStage(stack, `${prefix}API-WS-Prod`, {
+    stageName: "prod",
+    webSocketApi,
+    autoDeploy: true,
+})
+
+app.synth()