Jackie/rentall-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

infrastructure updates

Browse Source
This commit is contained in:
jackiettran
2026-01-15 17:17:06 -05:00
parent a3ef343326
commit 826e4f2ed5
4 changed files with 288 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
infrastructure/cdk/lib/image-processor-lambda-stack.ts
View File

@@ -4,6 +4,7 @@ import * as iam from "aws-cdk-lib/aws-iam";
import * as s3 from "aws-cdk-lib/aws-s3";
import * as s3n from "aws-cdk-lib/aws-s3-notifications";
import * as sqs from "aws-cdk-lib/aws-sqs";
import * as ec2 from "aws-cdk-lib/aws-ec2";
import { Construct } from "constructs";
import * as path from "path";
@@ -22,6 +23,16 @@ interface ImageProcessorLambdaStackProps extends cdk.StackProps {
* Frontend URL for CORS configuration
*/
frontendUrl: string;
/**
* VPC for Lambda function (required for network isolation)
*/
vpc: ec2.IVpc;
/**
* Security group for Lambda function
*/
lambdaSecurityGroup: ec2.ISecurityGroup;
}
export class ImageProcessorLambdaStack extends cdk.Stack {
@@ -47,7 +58,7 @@ export class ImageProcessorLambdaStack extends cdk.Stack {
) {
super(scope, id, props);
const { environment, databaseUrl, frontendUrl } = props;
const { environment, databaseUrl, frontendUrl, vpc, lambdaSecurityGroup } = props;
// Dead Letter Queue for failed Lambda invocations
this.deadLetterQueue = new sqs.Queue(this, "ImageProcessorDLQ", {
@@ -143,6 +154,13 @@ export class ImageProcessorLambdaStack extends cdk.Stack {
})
);
// VPC permissions - use AWS managed policy for Lambda VPC access
lambdaRole.addManagedPolicy(
iam.ManagedPolicy.fromAwsManagedPolicyName(
"service-role/AWSLambdaVPCAccessExecutionRole"
)
);
// Lambda function
this.lambdaFunction = new lambda.Function(this, "ImageProcessorLambda", {
functionName: `image-processor-${environment}`,
@@ -183,6 +201,12 @@ export class ImageProcessorLambdaStack extends cdk.Stack {
retryAttempts: 2,
description:
"Processes uploaded images: extracts metadata and strips EXIF",
// VPC configuration for network isolation
vpc,
vpcSubnets: {
subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
},
securityGroups: [lambdaSecurityGroup],
});
// S3 event notification for staging uploads