Elgato_dark/console
1
0
Fork 0
mirror of https://github.com/graphql-hive/console synced 2026-04-21 22:47:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
console/deployment/services/aws-artifacts-lambda-function.ts
Laurin Quast 9c19215cab
feat: aws lambda cdn handler (#7292)
2025-11-24 11:04:22 +01:00

74 lines
2.3 KiB
TypeScript
Raw Blame History

import { readFileSync } from 'node:fs';
import { resolve } from 'node:path';
import * as aws from '@pulumi/aws';
import * as pulumi from '@pulumi/pulumi';
import { Environment } from './environment';
import { S3 } from './s3';
export function deployAWSArtifactsLambdaFunction(args: {
environment: Environment;
/** Note: We run this mirror only on the AWS S3 Bucket on purpose. */
s3Mirror: S3;
}) {
const lambdaRole = new aws.iam.Role('awsLambdaArtifactsHandlerRole', {
assumeRolePolicy: {
Version: '2012-10-17',
Statement: [
{
Effect: 'Allow',
Principal: { Service: 'lambda.amazonaws.com' },
Action: 'sts:AssumeRole',
},
],
},
});
new aws.iam.RolePolicyAttachment('lambdaBasicExecution', {
role: lambdaRole.name,
policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole,
});
const awsLambdaArtifactsHandler = new aws.lambda.Function('awsLambdaArtifactsHandler', {
name: `hive-artifacts-handler-${args.environment.envName}`,
runtime: aws.lambda.Runtime.NodeJS22dX,
handler: 'index.handler',
packageType: 'Zip',
architectures: ['arm64'],
code: new pulumi.asset.AssetArchive({
'index.mjs': new pulumi.asset.StringAsset(
readFileSync(
process.env.AWS_LAMBDA_ARTIFACT_PATH ||
resolve(__dirname, '../../packages/services/cdn-worker/dist/index.lambda.mjs'),
'utf-8',
),
),
}),
role: lambdaRole.arn,
region: 'us-east-2',
environment: {
variables: {
// This could be done better with secrets manager etc.
// But it adds a lot of complexity and overhead and runtime logic
AWS_S3_ENDPOINT: args.s3Mirror.secret.raw.endpoint,
AWS_S3_BUCKET_NAME: args.s3Mirror.secret.raw.bucket,
AWS_S3_ACCESS_KEY_ID: args.s3Mirror.secret.raw.accessKeyId,
AWS_S3_ACCESSS_KEY_SECRET: args.s3Mirror.secret.raw.secretAccessKey,
},
},
// 448mb
memorySize: 448,
// 10 seconds
timeout: 10,
});
const example = new aws.lambda.FunctionUrl('awsLambdaArtifactsHandlerUrl', {
functionName: awsLambdaArtifactsHandler.arn,
authorizationType: 'NONE',
invokeMode: 'BUFFERED',
region: 'us-east-2',
});
return {
functionUrl: example.functionUrl,
};
}
Reference in a new issue View git blame Copy permalink