Initial commit

Author: martenpayne

.gitignore

@@ -0,0 +1,6 @@
+node_modules
+dist
+cdk.out
+.DS_Store
+*.iml
+*.idea

Infra/README.md

@@ -0,0 +1,48 @@
+# Cross Talk Infrastructure
+
+This package defines the infrastructure for the Cross Talk video chat sample using the Cloud Development Kit (CDK).
+
+## Development
+
+### Prerequisites
+
+ - The [aws-cli](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html) must be installed *and* configured with an AWS account on the deployment machine (see https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html for instructions on how to do this on your preferred development platform).
+ - This project requires Node.js ≥ 10.17.0 and NPM.
+[Node](http://nodejs.org/) and [NPM](https://npmjs.org/) are really easy to install.
+To make sure you have them available on your machine, try running the following command.
+```sh
+npm -v && node -v
+```
+ - Install or update the [AWS CDK CLI] from npm.
+```sh
+npm i -g aws-cdk
+```
+
+### Install
+
+#### 1/ Bootstrapping your AWS account
+
+You only need to do this one time per environment where you want to deploy CDK applications.
+If you’re unsure whether your environment has been bootstrapped already, you can always run
+the command again.
+
+Make sure you have credentials for **ACCOUNT** (replace with your AWS account ID) in a profile
+named **account-profile**. For more information, see [Named profiles](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html).
+Run the following command in this `Infra` directory:
+
+```sh
+npm install
+cdk bootstrap \
+  --profile account-profile \
+  --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess \
+  aws://ACCOUNT1/ap-southeast-2
+```
+
+#### 2/ Deploying
+
+A convenience script is provided to deploy all infrastructure to your environment. This builds
+all the lambdas, the website, the infrastructure and then initiates the CDK deployment.
+
+```
+./deployStack.sh --profile <your_account_profile>
+```

Infra/bin/app.ts

@@ -0,0 +1,12 @@
+#!/usr/bin/env node
+
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: MIT-0
+
+import "source-map-support/register";
+import * as cdk from "@aws-cdk/core";
+import { AppStacks } from "../lib/AppStacks";
+
+const app = new cdk.App();
+new AppStacks(app, "CrossTalkStacks");
+app.synth();

Infra/cdk.context.json

@@ -0,0 +1,3 @@
+{
+  "application": "CrossTalk"
+}

Infra/cdk.json

@@ -0,0 +1,8 @@
+{
+  "app": "npx ts-node bin/app.ts",
+  "context": {
+    "@aws-cdk/core:enableStackNameDuplicates": "true",
+    "aws-cdk:enableDiffNoFail": "true",
+    "@aws-cdk/core:newStyleStackSynthesis": "true"
+  }
+}

Infra/deployStack.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: MIT-0
+
+set -e;
+
+CDK_PROFILE=default
+while [[ "$#" -gt 0 ]]; do case $1 in
+  --profile) CDK_PROFILE="$2"; shift;;
+esac; shift; done
+
+# Build all the lambdas
+cd ../Lambdas/Common && npm i && npm run build
+cd ../ChimeCallService && npm i && npm run build
+cd ..
+
+# Build the website
+cd ../Website && npm i && npm run build
+
+# Build the infrastructure cdk code
+cd ../Infra && npm i && npm run build
+
+# Synth and deploy the sandbox stack
+cdk --profile $CDK_PROFILE synth && cdk --profile $CDK_PROFILE deploy '*' --require-approval never

Infra/lib/AppStacks.ts

@@ -0,0 +1,41 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: MIT-0
+
+import {Construct, Stage, StageProps, Tags} from "@aws-cdk/core";
+import {CognitoAuthStack} from "./stack/CognitoAuthStack";
+import {StaticWebsiteStack} from "./stack/StaticWebsiteStack";
+import {ApiStack} from "./stack/ApiStack";
+import {AppSyncStack} from "./stack/AppSyncStack";
+import {UserPoolStack} from "./stack/UserPoolStack";
+
+export class AppStacks extends Construct {
+    constructor(scope: Construct, id: string) {
+        super(scope, id);
+
+        // see comment in source for this stack to understand why we inject this
+        // into the cognito stack instead of doing it sanely...
+        const userPoolStack = new UserPoolStack(this, 'UserPoolStack');
+
+        const appsyncStack = new AppSyncStack(this, 'AppSyncStack', {
+            userPool: userPoolStack.userPool
+        });
+
+        const apiStack = new ApiStack(this, 'ApiStack', {
+            graphqlEndpoint: appsyncStack.graphqlApi.graphqlUrl
+        });
+
+        const authStack = new CognitoAuthStack(this, 'CognitoAuthStack', {
+            meetingProviderApi: apiStack.meetingApi,
+            userPool: userPoolStack.userPool,
+            graphqlApiArn: appsyncStack.graphqlApi.arn
+        });
+
+        new StaticWebsiteStack(this, 'StaticWebsiteStack', {
+            identityPoolId: authStack.identityPoolId,
+            userPoolClientId: authStack.userPoolClientId,
+            userPoolId: userPoolStack.userPool.userPoolId,
+            graphqlEndpoint: appsyncStack.graphqlApi.graphqlUrl,
+            apiUrl: apiStack.meetingApi.api.url
+        });
+    }
+}

Infra/lib/constructs/MeetingProvider.ts

@@ -0,0 +1,82 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: MIT-0
+
+import { Construct, Duration, Stack } from "@aws-cdk/core";
+import * as apigateway from "@aws-cdk/aws-apigateway";
+import * as iam from "@aws-cdk/aws-iam";
+import { AuthorizationType } from "@aws-cdk/aws-apigateway";
+import * as lambda from "@aws-cdk/aws-lambda";
+import { getLambdaPath } from "../utils/lambda";
+
+export interface MeetingProviderProps {
+    lambdaAssetDirectory: string;
+    environment: { [key: string]: string };
+    policyStatements: iam.PolicyStatement[];
+}
+
+export interface MeetingProviderApi {
+    api: apigateway.RestApi;
+    queryPath: string;
+}
+
+export default class MeetingProvider extends Construct {
+    public readonly api: MeetingProviderApi;
+
+    constructor(scope: Stack, id: string, props: MeetingProviderProps) {
+        super(scope, id);
+
+        const apiDefaults = {
+            restApiName: `${id}Api`,
+            description: `${id}Api`,
+            defaultCorsPreflightOptions: {
+                allowOrigins: apigateway.Cors.ALL_ORIGINS,
+                allowMethods: apigateway.Cors.ALL_METHODS,
+            },
+            policy: new iam.PolicyDocument({
+                statements: [
+                    // Allow only callers with credentials from the AWS account
+                    // for this stage
+                    new iam.PolicyStatement({
+                        effect: iam.Effect.ALLOW,
+                        principals: [new iam.AccountPrincipal(scope.account)],
+                        actions: ["execute-api:Invoke"],
+                        resources: ["execute-api:/*"],
+                    }),
+                    // Open up OPTIONS to allow browsers to make unauthenticated
+                    // preflight requests
+                    new iam.PolicyStatement({
+                        effect: iam.Effect.ALLOW,
+                        principals: [new iam.AnyPrincipal()],
+                        actions: ["execute-api:Invoke"],
+                        resources: ["execute-api:/*/OPTIONS/*"],
+                    }),
+                ],
+            }),
+        };
+
+        const api = new apigateway.RestApi(this, `${id}Api`, apiDefaults);
+
+        const lambdaFn = new lambda.Function(scope, `${id}-Handler`, {
+            runtime: lambda.Runtime.NODEJS_12_X,
+            code: lambda.Code.fromAsset(getLambdaPath(props.lambdaAssetDirectory)),
+            handler: `index.chimeCallHandler`,
+            timeout: Duration.seconds(30),
+            environment: props.environment,
+            initialPolicy: props.policyStatements,
+        });
+
+        const apiPath = "call-create";
+        const apiResource = api.root.addResource(apiPath);
+
+        const lambdaIntegration = new apigateway.LambdaIntegration(lambdaFn);
+
+        apiResource.addMethod("GET", lambdaIntegration, {
+            authorizationType: AuthorizationType.IAM,
+        });
+
+        this.api = {
+            api,
+            queryPath: `/${apiPath}`,
+        };
+    }
+}

Infra/lib/custom-resources/upload-website-config/app.py

@@ -0,0 +1,50 @@
+"""
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
+
+import logging
+import boto3
+import json
+from uuid import uuid4
+
+logger = logging.getLogger(__name__)
+logger.setLevel(logging.INFO)
+
+s3_client = boto3.client('s3')
+cloudfront_client = boto3.client('cloudfront')
+
+
+def on_event(event, context):
+    logger.info(f'New event {json.dumps(event, indent=2)}')
+
+    request_type = event['RequestType']
+    if request_type == 'Create' or request_type == 'Update':
+        s3_bucket = event['ResourceProperties']['S3_BUCKET']
+        s3_key = event['ResourceProperties']['S3_CONFIG_FILE_KEY']
+        website_config = event['ResourceProperties']['WEBSITE_CONFIG']
+        distribution_id = event['ResourceProperties']['CLOUDFRONT_DISTRIBUTION_ID']
+        update_website_config(s3_bucket, s3_key, website_config, distribution_id)
+    elif request_type == 'Delete':
+        logger.info("Website config deletion")
+        pass
+    else:
+        raise Exception("Invalid request type: %s" % request_type)
+
+
+def update_website_config(s3_bucket, s3_key, website_config, distribution_id):
+    logger.info(f"Updating config file {s3_key}")
+    s3_client.put_object(Body=website_config, Bucket=s3_bucket, Key=s3_key)
+
+    logger.info(f"Invalidating Cloudfront distribution {distribution_id}")
+    cloudfront_client.create_invalidation(
+        DistributionId=distribution_id,
+        InvalidationBatch={
+            'Paths': {
+                'Quantity': 1,
+                'Items': [f'/{s3_key}']
+            },
+            'CallerReference': str(uuid4()),
+        })
+
+    logger.info(f"Website config updated succesfully")

Infra/lib/graphql/schema.graphql

@@ -0,0 +1,36 @@
+"""
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
+
+type chimeSession @aws_cognito_user_pools @aws_iam {
+    meeting: String
+    attendee: String
+    username: String
+}
+
+type Mutation {
+    startChimeSession(meeting: String!, attendee: String!, username: String!): chimeSession
+        @aws_iam
+    claimChimeSession(meeting: String!): String
+        @aws_iam
+}
+
+type Query {
+    stub: String
+        @deprecated(reason: "this is a None datasource and used only for subscriptions so this is a no-op")
+        @aws_iam
+}
+
+type Subscription {
+    chimeSessionStarted: chimeSession
+        @aws_subscribe(mutations: ["startChimeSession"])
+    chimeSessionClaimed: String
+        @aws_subscribe(mutations: ["claimChimeSession"])
+}
+
+schema {
+    query: Query
+    mutation: Mutation
+    subscription: Subscription
+}