fix(cdk): use default VPC (#19)

Because we do not need a custom VPC, the default can be used.

Fixes #17

Author: coderbyheart

cdk/backend.ts

@@ -1,7 +1,7 @@
 import { ECRClient } from '@aws-sdk/client-ecr'
 import { IAMClient } from '@aws-sdk/client-iam'
 import { IoTClient } from '@aws-sdk/client-iot'
-import { GetCallerIdentityCommand, STS } from '@aws-sdk/client-sts'
+import { STS } from '@aws-sdk/client-sts'
 import path from 'node:path'
 import { getIoTEndpoint } from '../aws/getIoTEndpoint.js'
 import { getOrBuildDockerImage } from '../aws/getOrBuildDockerImage.js'
@@ -12,6 +12,7 @@ import { debug } from '../cli/log.js'
 import pJSON from '../package.json'
 import { BackendApp } from './BackendApp.js'
 import { ensureGitHubOIDCProvider } from './ensureGitHubOIDCProvider.js'
+import { env } from './helpers/env.js'
 import { packLayer } from './helpers/lambdas/packLayer.js'
 import { packBackendLambdas } from './packBackendLambdas.js'
 import { ECR_NAME } from './stacks/stackConfig.js'
@@ -27,6 +28,8 @@ const sts = new STS({})
 const ecr = new ECRClient({})
 const iam = new IAMClient({})
 
+const accountEnv = await env({ sts })
+
 const packagesInLayer: string[] = [
 	'@nordicsemiconductor/from-env',
 	'@nordicsemiconductor/timestream-helpers',
@@ -38,9 +41,7 @@ const packagesInLayer: string[] = [
 	'lodash-es',
 	'@middy/core',
 ]
-const accountId = (await sts.send(new GetCallerIdentityCommand({})))
-	.Account as string
-const certsDir = path.join(process.cwd(), 'certificates', accountId)
+const certsDir = path.join(process.cwd(), 'certificates', accountEnv.account)
 const mqttBridgeCertificate = await ensureMQTTBridgeCredentials({
 	iot,
 	certsDir,
@@ -86,10 +87,9 @@ new BackendApp({
 		imageTag,
 		repositoryUri,
 	},
-	region:
-		process.env.AWS_REGION ?? process.env.AWS_DEFAULT_REGION ?? 'eu-west-1',
 	repository,
 	gitHubOICDProviderArn: await ensureGitHubOIDCProvider({
 		iam,
 	}),
+	env: accountEnv,
 })

cdk/helpers/env.ts

@@ -0,0 +1,16 @@
+import { GetCallerIdentityCommand, STSClient } from '@aws-sdk/client-sts'
+import type { Environment } from 'aws-cdk-lib'
+
+export const env = async ({
+	sts,
+}: {
+	sts: STSClient
+}): Promise<Required<Environment>> => {
+	const { Account } = await sts.send(new GetCallerIdentityCommand({}))
+	if (Account === undefined) throw new Error(`Failed to get caller identity!`)
+	return {
+		account: Account,
+		region:
+			process.env.AWS_REGION ?? process.env.AWS_DEFAULT_REGION ?? 'eu-west-1',
+	}
+}

cdk/resources/Integration.ts

@@ -5,7 +5,6 @@ import {
 	aws_iot as IoT,
 	Stack,
 } from 'aws-cdk-lib'
-import type { IVpc } from 'aws-cdk-lib/aws-ec2'
 import type { IRepository } from 'aws-cdk-lib/aws-ecr'
 import { LogDriver, type ICluster } from 'aws-cdk-lib/aws-ecs'
 import { RetentionDays } from 'aws-cdk-lib/aws-logs'
@@ -132,12 +131,10 @@ export class Integration extends Construct {
 			principal: this.bridgeCertificate.attrArn,
 		})
 
-		const vpc = new EC2.Vpc(this, `vpc`, {
-			maxAzs: 1,
-		})
+		const vpc = EC2.Vpc.fromLookup(this, 'DefaultVPC', { isDefault: true })
 
 		const cluster = new ECS.Cluster(this, `cluster`, {
-			vpc: vpc as IVpc,
+			vpc,
 		})
 
 		const mqttBridgeTask = new ECS.FargateTaskDefinition(this, 'mqttBridge')
@@ -270,7 +267,8 @@ export class Integration extends Construct {
 				cluster: cluster as ICluster,
 				taskDefinition: mqttBridgeTask,
 				desiredCount: 1,
-				assignPublicIp: this.node.tryGetContext('isTest') ?? false,
+				// Required for shared VPC and access to SSM Parameters
+				assignPublicIp: true,
 			},
 		)
 		// Add inbound port to security group

cdk/stacks/BackendStack.ts

@@ -1,4 +1,10 @@
-import { App, CfnOutput, aws_lambda as Lambda, Stack } from 'aws-cdk-lib'
+import {
+	App,
+	CfnOutput,
+	aws_lambda as Lambda,
+	Stack,
+	type Environment,
+} from 'aws-cdk-lib'
 import { type CAFiles } from '../../bridge/caLocation.js'
 import type { CertificateFiles } from '../../bridge/mqttBridgeCertificateLocation.js'
 import type { BackendLambdas } from '../BackendLambdas.js'
@@ -26,28 +32,26 @@ export class BackendStack extends Stack {
 			mqttBridgeCertificate,
 			caCertificate,
 			bridgeImageSettings,
-			region,
 			repository,
 			gitHubOICDProviderArn,
+			env,
 		}: {
 			lambdaSources: BackendLambdas
 			layer: PackedLayer
 			iotEndpoint: string
 			mqttBridgeCertificate: CertificateFiles
 			caCertificate: CAFiles
 			bridgeImageSettings: BridgeImageSettings
-			region: string
 			gitHubOICDProviderArn: string
 			repository: {
 				owner: string
 				repo: string
 			}
+			env: Required<Environment>
 		},
 	) {
 		super(parent, STACK_NAME, {
-			env: {
-				region,
-			},
+			env,
 		})
 
 		const baseLayer = new Lambda.LayerVersion(this, 'baseLayer', {

cdk/test-resources.ts

@@ -1,7 +1,11 @@
+import { STSClient } from '@aws-sdk/client-sts'
+import { env } from './helpers/env.js'
 import { packLambdaFromPath } from './helpers/lambdas/packLambdaFromPath.js'
 import { packLayer } from './helpers/lambdas/packLayer.js'
 import { TestResources } from './test-resources/TestResourcesApp.js'
 
+const awsEnv = await env({ sts: new STSClient({}) })
+
 new TestResources({
 	lambdaSources: {
 		httpApiMock: await packLambdaFromPath(
@@ -13,4 +17,5 @@ new TestResources({
 		id: 'testResources',
 		dependencies: ['@aws-sdk/client-dynamodb', '@nordicsemiconductor/from-env'],
 	}),
+	env: awsEnv,
 })

cdk/test-resources/TestResourcesApp.ts

@@ -1,4 +1,4 @@
-import { App } from 'aws-cdk-lib'
+import { App, type Environment } from 'aws-cdk-lib'
 import type { PackedLambda } from '../helpers/lambdas/packLambda'
 import type { PackedLayer } from '../helpers/lambdas/packLayer'
 import { TestResourcesStack } from './TestResourcesStack.js'
@@ -8,14 +8,16 @@ export class TestResources extends App {
 		lambdaSources,
 		context,
 		layer,
+		env,
 	}: {
 		lambdaSources: {
 			httpApiMock: PackedLambda
 		}
 		layer: PackedLayer
 		context?: Record<string, any>
+		env: Required<Environment>
 	}) {
 		super({ context })
-		new TestResourcesStack(this, { lambdaSources, layer })
+		new TestResourcesStack(this, { lambdaSources, layer, env })
 	}
 }

cdk/test-resources/TestResourcesStack.ts

@@ -1,4 +1,10 @@
-import { App, CfnOutput, aws_lambda as Lambda, Stack } from 'aws-cdk-lib'
+import {
+	App,
+	CfnOutput,
+	aws_lambda as Lambda,
+	Stack,
+	type Environment,
+} from 'aws-cdk-lib'
 import type { PackedLambda } from '../helpers/lambdas/packLambda.js'
 import type { PackedLayer } from '../helpers/lambdas/packLayer.js'
 import { TEST_RESOURCES_STACK_NAME } from '../stacks/stackConfig.js'
@@ -13,14 +19,16 @@ export class TestResourcesStack extends Stack {
 		{
 			lambdaSources,
 			layer,
+			env,
 		}: {
 			lambdaSources: {
 				httpApiMock: PackedLambda
 			}
 			layer: PackedLayer
+			env: Required<Environment>
 		},
 	) {
-		super(parent, TEST_RESOURCES_STACK_NAME)
+		super(parent, TEST_RESOURCES_STACK_NAME, { env })
 
 		const baseLayer = new Lambda.LayerVersion(this, 'baseLayer', {
 			code: Lambda.Code.fromAsset(layer.layerZipFile),