feat: add serverless silos cdk project

Author: benfriebe

.gitignore

@@ -0,0 +1,8 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

.npmignore

@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

CODE_OF_CONDUCT.md

@@ -1,4 +1,4 @@
 ## Code of Conduct
 This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
 For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
-[email protected] with any additional questions or comments.
+[email protected] with any additional questions or comments.

CONTRIBUTING.md

@@ -56,4 +56,4 @@ If you discover a potential security issue in this project we ask that you notif
 
 ## Licensing
 
-See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
+See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.

LICENSE

@@ -1,17 +1,14 @@
-MIT No Attribution
-
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
+Permission is hereby granted, free of charge, to any person obtaining a copy of this
+software and associated documentation files (the "Software"), to deal in the Software
+without restriction, including without limitation the rights to use, copy, modify,
+merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -1,17 +1,140 @@
-## My Project
+# Serverless Silos
 
-TODO: Fill this README out!
+A reference architecture using services such as CDK and Lambda to demonstrate a hands-on approach to implementing Serverless Silos.
 
-Be sure to:
+This was demonstrated at AWS Summit ANZ 2023: Simplify multi-tenant microservice applications - https://www.youtube.com/watch?v=upfYIB6Rz0o
 
-* Change the title in this README
-* Edit your repository description on GitHub
 
-## Security
 
-See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.
+<p align="center">
+  <img src="/img/architecture.png" />
+</p>
+
+> :warning: This artifact deploys a **public API** resource and should be **deleted** when not in use or a form of **authentication should be added** to the API. You are responsible for the costs associated with deploying this project, it is recommended to **destroy the stack when not in use**.
+
+### Solution Overview
+
+#### Infrastructure Deployment
+
+<p align="center">
+  <img src="/img/template_synth.png" width="500"/>
+</p>
+
+CDK is used to define the infrastructure as code and synthesize CloudFormation templates. The templates are then stored in an S3 bucket for deployment. 
+
+To deploy the CDK application:
+
+1. Clone this repository
+2. Run `cdk bootstrap` to setup CDK toolkit stack
+3. Run `cdk deploy` to deploy the stack (assuming you have AWS credentials in your environment)
+
+#### Tenant Control Plane
+
+The tenant control plane manages tenant lifecycle via API Gateway. Lambda functions handle tenant onboarding/offboarding. DynamoDB stores the state of all tenancies and streams changes to trigger provisioning. Step Functions can be used to orchestrate the provisioning of new tenancies based on DynamoDB state.
+
+**Note**: In the example code the Step Function has been replaced with a single deployment lambda. If you have a multi step deployment process you should use a Step Function to orchestrate it.
+
+<p align="center">
+  <img src="/img/tenant_control_plane.png" width="800"/>
+</p>
+
+#### Tenant Deployment
+
+ The onboarding Lambda retrieves templates from S3, populates parameters, and calls CloudFormation to deploy tenant resources. 
+
+ <p align="center">
+  <img src="/img/tenant_deployment.png" width="800"/>
+</p>
+
+An example tenant stack is then deployed with DynamoDB table, Lambda function, and permissions.
+
+To create, update or delete tenants use the endpoints outlined below.
+
+## Deployed Endpoints
+
+#### Fetch Tenants
+**HTTP Method**: GET
+**Endpoint**: /tenants
+**Description**: Retrieves a list of all tenant records from the system.
+**Request**: No request body required.
+**Response**: An array of tenant objects in JSON format.
+
+```json
+[
+    {
+        "tenantName": "silo_tenant",
+        "status": "running",
+        "tenantId": "12345678-1234-1234-1234-123456789100",
+        "created": "1600000000.000000000000000000000",
+        "deploymentType": "silo",
+        "tenantSafeName": "silo_tenant"
+    }
+    ...
+]
+```
+
+
+#### Create Tenant
+
+**HTTP Method**: POST
+**Endpoint**: /onboarding
+**Description**: Onboards a new tenant with a specified name and deployment type.
+**Request Body**:
+
+
+```json
+{
+  "tenantName": "string",
+  "deploymentType": "string"
+}
+```
+
+
+#### Delete Tenant
+
+**HTTP Method**: POST
+**Endpoint**: /delete
+**Description**: Deletes an existing tenant based on the provided tenant information.
+**Request Body**:
+
+```json
+{
+  "tenantName": "string",
+  "tenantId": "string"
+}
+```
+
+#### Get Tenant Information
+
+**HTTP Method**: POST
+**Endpoint**: /tenant-info
+**Description**: Retrieves detailed information for a specific tenant CloudFormation deployment using the tenant's ID.
+**Request Body**:
+
+```json
+[
+    {
+        "LogicalResourceId": "LambdaTenantSilo123456",
+        "PhysicalResourceId": "12345678-1234-1234-1234-123456789100",
+        "ResourceType": "AWS::Lambda::Function",
+        "LastUpdatedTimestamp": "2000-01-01 00:00:00.000000+00:00",
+        "ResourceStatus": "CREATE_COMPLETE",
+        "DriftInformation": { "StackResourceDriftStatus": "NOT_CHECKED" }
+    }
+]
+```
+
+
+## Useful commands
+ * `cdk synth`       emits the synthesized CloudFormation template
+ * `cdk deploy`      deploy this stack to your default AWS account/region
+ * `cdk destroy`     destroy this stack and remove resources from your AWS account
+
 
 ## License
 
-This library is licensed under the MIT-0 License. See the LICENSE file.
+This library is licensed under the [MIT-0](https://github.com/aws/mit-0) license. For more details, please see [LICENSE](LICENSE) file
+
+## Legal disclaimer
 
+Sample code, software libraries, command line tools, proofs of concept, templates, or other related technology are provided as AWS Content or Third-Party Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content or Third-Party Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content or Third-Party Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content or Third-Party Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.

bin/serverless-silos.ts

@@ -0,0 +1,25 @@
+#!/usr/bin/env node
+
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: MIT-0
+
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import { ServerlessSilosStack } from '../lib/serverless-silos-stack';
+
+const app = new cdk.App();
+new ServerlessSilosStack(app, 'ServerlessSilosStack', {
+  /* If you don't specify 'env', this stack will be environment-agnostic.
+   * Account/Region-dependent features and context lookups will not work,
+   * but a single synthesized template can be deployed anywhere. */
+
+  /* Uncomment the next line to specialize this stack for the AWS Account
+   * and Region that are implied by the current CLI configuration. */
+  // env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
+
+  /* Uncomment the next line if you know exactly what Account and Region you
+   * want to deploy the stack to. */
+  // env: { account: '123456789012', region: 'us-east-1' },
+
+  /* For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html */
+});

cdk.json

@@ -0,0 +1,40 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/serverless-silos.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true
+  }
+}