Merge pull request #36 from guardian/jw-upgrade-cdk

Upgrade to cdk version 0.26.0

Author: jacobwinch

cdk/lib/__snapshots__/cdk-stack.test.ts.snap

@@ -7,6 +7,11 @@ Object {
       "Description": "BucketName",
       "Type": "String",
     },
+    "PrivateSubnets": Object {
+      "Default": "/account/vpc/primary/subnets/private",
+      "Description": "A list of private subnets",
+      "Type": "AWS::SSM::Parameter::Value<List<AWS::EC2::Subnet::Id>>",
+    },
     "Stack": Object {
       "Default": "deploy",
       "Description": "Name of this stack",
@@ -21,6 +26,11 @@ Object {
       "Description": "Stage name",
       "Type": "String",
     },
+    "VpcId": Object {
+      "Default": "/account/vpc/primary/id",
+      "Description": "Virtual Private Cloud to run EC2 instances within",
+      "Type": "AWS::SSM::Parameter::Value<AWS::EC2::VPC::Id>",
+    },
     "accountsAllowList": Object {
       "Description": "A comma separated list of account numbers to include",
       "Type": "String",
@@ -29,18 +39,10 @@ Object {
       "Description": "Base URL for Prism",
       "Type": "String",
     },
-    "subnetIds": Object {
-      "Description": "The subnet IDs for the lambda to live in (this allows it to talk to Prism)",
-      "Type": "List<AWS::EC2::Subnet::Id>",
-    },
     "topicArn": Object {
       "Description": "The ARN of the SNS topic to send messages to",
       "Type": "String",
     },
-    "vpcId": Object {
-      "Description": "The VPC ID for the lambda to live in (this allows it to talk to Prism)",
-      "Type": "AWS::EC2::VPC::Id",
-    },
   },
   "Resources": Object {
     "tagjanitorlambda3E6E11A1": Object {
@@ -135,7 +137,7 @@ Object {
             },
           ],
           "SubnetIds": Object {
-            "Ref": "subnetIds",
+            "Ref": "PrivateSubnets",
           },
         },
       },
@@ -170,7 +172,7 @@ Object {
           },
         ],
         "VpcId": Object {
-          "Ref": "vpcId",
+          "Ref": "VpcId",
         },
       },
       "Type": "AWS::EC2::SecurityGroup",
@@ -321,7 +323,6 @@ Object {
     },
     "tagjanitorlambdatagjanitorlambdarate7days0B5F68379": Object {
       "Properties": Object {
-        "Description": "Run tag-janitor every 7 days",
         "ScheduleExpression": "rate(7 days)",
         "State": "ENABLED",
         "Targets": Array [

cdk/lib/cdk-stack.ts

@@ -4,9 +4,9 @@ import { Runtime } from "@aws-cdk/aws-lambda";
 import type { App } from "@aws-cdk/core";
 import { Duration } from "@aws-cdk/core";
 import type { GuStackProps } from "@guardian/cdk/lib/constructs/core";
-import { GuStack, GuStringParameter, GuSubnetListParameter, GuVpcParameter } from "@guardian/cdk/lib/constructs/core";
+import { GuStack, GuStringParameter } from "@guardian/cdk/lib/constructs/core";
 import { GuVpc } from "@guardian/cdk/lib/constructs/ec2";
-import { GuLambdaFunction } from "@guardian/cdk/lib/constructs/lambda";
+import { GuScheduledLambda } from "@guardian/cdk/lib/patterns/scheduled-lambda";
 
 export class CdkStack extends GuStack {
   constructor(scope: App, id: string, props: GuStackProps) {
@@ -19,12 +19,6 @@ export class CdkStack extends GuStack {
       topic: new GuStringParameter(this, "topicArn", {
         description: "The ARN of the SNS topic to send messages to",
       }),
-      vpc: new GuVpcParameter(this, "vpcId", {
-        description: "The VPC ID for the lambda to live in (this allows it to talk to Prism)",
-      }), // TODO: Look this up in SSM https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html#aws-ssm-parameter-types
-      subnets: new GuSubnetListParameter(this, "subnetIds", {
-        description: "The subnet IDs for the lambda to live in (this allows it to talk to Prism)",
-      }), // TODO: Look this up in SSM https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html#aws-ssm-parameter-types
       accountsAllowList: new GuStringParameter(this, "accountsAllowList", {
         description: "A comma separated list of account numbers to include",
       }),
@@ -35,7 +29,7 @@ export class CdkStack extends GuStack {
 
     const lambdaFrequency = Duration.days(7);
 
-    const tagJanitorLambda = new GuLambdaFunction(this, `${this.app}-lambda`, {
+    const tagJanitorLambda = new GuScheduledLambda(this, `${this.app}-lambda`, {
       handler: "dist/src/handler.handler",
       functionName: `${this.app}-${this.stage}`,
       runtime: Runtime.NODEJS_12_X,
@@ -50,18 +44,13 @@ export class CdkStack extends GuStack {
         PRISM_URL: parameters.prismUrl.valueAsString,
       },
       description: "Lambda to notify about instances with missing tags",
-      timeout: Duration.seconds(30),
-      memorySize: 512,
-      vpc: GuVpc.fromId(this, "vpc", parameters.vpc.valueAsString),
+      // This lambda needs access to the Deploy Tools VPC so that it can talk to Prism
+      vpc: GuVpc.fromIdParameter(this, "vpc"),
       vpcSubnets: {
-        subnets: GuVpc.subnets(this, parameters.subnets.valueAsList),
+        subnets: GuVpc.subnetsfromParameter(this),
       },
-      rules: [
-        {
-          schedule: Schedule.rate(lambdaFrequency),
-          description: `Run tag-janitor every ${lambdaFrequency.toHumanString()}`,
-        },
-      ],
+      schedule: Schedule.rate(lambdaFrequency),
+      monitoringConfiguration: { noMonitoring: true },
     });
 
     tagJanitorLambda.addToRolePolicy(

cdk/package.json

@@ -13,13 +13,13 @@
     "lint": "eslint lib/** bin/** --ext .ts --no-error-on-unmatched-pattern"
   },
   "devDependencies": {
-    "@aws-cdk/assert": "~1.74.0",
+    "@aws-cdk/assert": "1.86.0",
     "@guardian/eslint-config-typescript": "^0.4.1",
     "@types/jest": "^26.0.20",
     "@types/node": "10.17.27",
     "@typescript-eslint/eslint-plugin": "^4.14.0",
     "@typescript-eslint/parser": "^4.14.0",
-    "aws-cdk": "~1.74.0",
+    "aws-cdk": "1.86.0",
     "eslint": "^7.18.0",
     "eslint-config-prettier": "^6.15.0",
     "eslint-plugin-eslint-comments": "^3.2.0",
@@ -32,14 +32,14 @@
     "typescript": "~4.1.3"
   },
   "dependencies": {
-    "@aws-cdk/assert": "~1.74.0",
-    "@aws-cdk/aws-ec2": "~1.74.0",
-    "@aws-cdk/aws-events-targets": "~1.74.0",
-    "@aws-cdk/aws-iam": "~1.74.0",
-    "@aws-cdk/aws-lambda": "~1.74.0",
-    "@aws-cdk/aws-s3": "~1.74.0",
-    "@aws-cdk/core": "~1.74.0",
-    "@guardian/cdk": "^0.11.0",
+    "@aws-cdk/assert": "1.86.0",
+    "@aws-cdk/aws-ec2": "1.86.0",
+    "@aws-cdk/aws-events-targets": "1.86.0",
+    "@aws-cdk/aws-iam": "1.86.0",
+    "@aws-cdk/aws-lambda": "1.86.0",
+    "@aws-cdk/aws-s3": "1.86.0",
+    "@aws-cdk/core": "1.86.0",
+    "@guardian/cdk": "0.26.0",
     "source-map-support": "^0.5.16"
   }
 }