feature: improve tests, update docs (#580)

Author: ran-isenberg

.github/FUNDING.yml

@@ -9,5 +9,4 @@ community_bridge: # Replace with a single Community Bridge project-name e.g., cl
 liberapay: # Replace with a single Liberapay username
 issuehunt: # Replace with a single IssueHunt username
 otechie: # Replace with a single Otechie username
-lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
 custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

.github/dependabot.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
       - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
-      - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
+      - run: echo "🐧 This job is now running on a ${{  runner.os }} server hosted by GitHub!"
       - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
       - name: Check out repository code
         uses: actions/checkout@v3
@@ -56,6 +56,9 @@ jobs:
       - name: Unit tests
         run: |
           make unit
+      - name: Infrastructure tests
+        run: |
+          make infra-tests
       - name: Deploy to AWS
         run: make deploy
       - name: Integration tests

.github/workflows/serverless-service.yml

@@ -4,7 +4,9 @@
         "Codecov",
         "getuid",
         "mkdocs",
+        "mypy",
         "ranisenberg",
-        "runtimes"
+        "runtimes",
+        "yapf"
     ]
 }

.vscode/settings.json

@@ -1,4 +1,4 @@
-.PHONY: dev lint complex coverage pre-commit yapf sort deploy destroy deps unit integration e2e pipeline-tests docs lint-docs
+.PHONY: dev lint complex coverage pre-commit yapf sort deploy destroy deps unit infra-tests integration e2e pipeline-tests docs lint-docs build
 
 
 
@@ -36,6 +36,15 @@ deps:
 unit:
 	pytest tests/unit  --cov-config=.coveragerc --cov=service --cov-report xml
 
+build:
+	make deps
+	mkdir -p .build/lambdas ; cp -r service .build/lambdas
+	mkdir -p .build/common_layer ; poetry export --without=dev --without-hashes --format=requirements.txt > .build/common_layer/requirements.txt
+
+infra-tests:
+	make build
+	pytest tests/infrastructure
+
 integration:
 	pytest tests/integration  --cov-config=.coveragerc --cov=service --cov-report xml
 
@@ -51,9 +60,7 @@ pipeline-tests:
 	pytest tests/unit tests/integration  --cov-config=.coveragerc --cov=service --cov-report xml
 
 deploy:
-	make deps
-	mkdir -p .build/lambdas ; cp -r service .build/lambdas
-	mkdir -p .build/common_layer ; poetry export --without=dev --without-hashes --format=requirements.txt > .build/common_layer/requirements.txt
+	make build
 	cdk deploy --app="python3 ${PWD}/app.py" --require-approval=never
 
 destroy:

Makefile

@@ -7,7 +7,7 @@
 
 setup(
     name='service-cdk',
-    version='3.0',
+    version='3.1',
     description='CDK code for deploying an AWS Lambda handler that implements the best practices described at https://www.ranthebuilder.cloud',
     classifiers=[
         'Intended Audience :: Developers',
@@ -21,10 +21,5 @@
     package_data={'': ['*.json']},
     include_package_data=True,
     python_requires='>=3.9',
-    install_requires=[
-        'aws-cdk-lib>=2.0.0',
-        'constructs>=10.0.0',
-        'cdk-nag>2.0.0',
-        'aws-cdk.aws-lambda-python-alpha==2.63.0-alpha.0',
-    ],
+    install_requires=[],
 )

cdk/setup.py

@@ -6,7 +6,8 @@ description: AWS Lambda Cookbook CDK Project
 
 - Follow this [getting started with CDK guide](https://docs.aws.amazon.com/cdk/v1/guide/getting_started.html){:target="_blank" rel="noopener"}
 - Make sure your AWS account and machine can deploy an AWS Cloudformation stack and have all the tokens and configuration as described in the page above.
-- CDK Best practices [blog](https://github.com/ran-isenberg/aws-lambda-handler-cookbook){:target="_blank" rel="noopener"}
+- CDK Best practices [blog](https://www.ranthebuilder.cloud/post/aws-cdk-best-practices-from-the-trenches){:target="_blank" rel="noopener"}
+- Lambda layers best practices [blog](https://www.ranthebuilder.cloud/post/aws-lambda-layers-best-practice){:target="_blank" rel="noopener"}
 
 ## **CDK Deployment**
 
@@ -39,16 +40,16 @@ All ASW Lambda function configurations are saved as constants at the `cdk.my_ser
 
 - AWS Cloudformation stack: **cdk.my_service.service_stack.py** which is consisted of one construct
 - Construct: **cdk.my_service.api_construct.py** which includes:
-    - **Lambda Layer** - deployment optimization meant to be used with multiple handlers under the same API GW, sharing code logic and dependencies. You can read more about it in Yan - Cui's [blog](https://medium.com/theburningmonk-com/lambda-layer-not-a-package-manager-but-a-deployment-optimization-85ddcae40a96){:target="_blank" rel="noopener"}
+    - **Lambda Layer** - deployment optimization meant to be used with multiple handlers under the same API GW, sharing code logic and dependencies. You can read more about it [here.](https://www.ranthebuilder.cloud/post/aws-lambda-layers-best-practice){:target="_blank" rel="noopener"}
     - **Lambda Function** - The Lambda handler function itself. Handler code is taken from the service `folder`.
     - **Lambda Role** - The role of the Lambda function.
     - **API GW with Lambda Integration** - API GW with a Lambda integration POST /api/orders that triggers the Lambda function.
     - **AWS DynamoDB table** - stores request data. Created in its own construct: api_db_construct.py
 
-### **CDK Tests**
+### **Infrastructure CDK & Security Tests**
 
-Under E2E tests there is a folder `test_infra` for infrastructure tests.
+Under tests there is an `infrastructure` folder for CDK & security infrastructure tests.
 
-First test 'test_cdk' uses CDK's testing framework which asserts that required resources exists so the application will not break anything upon deployment.
+The first test, 'test_cdk' uses CDK's testing framework which asserts that required resources exists so the application will not break anything upon deployment.
 
-Second test 'test_cdk_nag' checks your cloudformation output for security best practices. For more information click [here](https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/check-aws-cdk-applications-or-cloudformation-templates-for-best-practices-by-using-cdk-nag-rule-packs.html){:target="_blank" rel="noopener"}.
+The second test, 'test_cdk_nag' checks your cloudformation output for security best practices. For more information click [here](https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/check-aws-cdk-applications-or-cloudformation-templates-for-best-practices-by-using-cdk-nag-rule-packs.html){:target="_blank" rel="noopener"}.

docs/cdk.md

@@ -18,6 +18,7 @@ All steps can be run locally using the makefile. See details below:
 - Python formatter Yapf as defined in `.style`  - run `make yapf` in the IDE
 - Python complexity checks: radon and xenon  - run `make complex` in the IDE
 - Unit tests. Run `make unit` to run unit tests in the IDE
+- Infrastructure test. Run `make infra-tests` to run the CDK & security infrastructure tests in the IDE
 - Code coverage by [codecov.io](https://about.codecov.io/)
 - Deploy CDK - not run in GitHub yet (add your own AWS secrets), can be run locally at this moment - run `make deploy` in the IDE
 - E2E tests  - not run in GitHub yet (add your own AWS secrets), can be run locally at this moment - run `make e2e` in the IDE