feature: add best practices refactors (#26)

--------- Co-authored-by: Ran Isenberg <[email protected]>
ran-isenberg · Oct 10, 2024 · 6f58fa9 · 6f58fa9
1 parent 31122d9
commit 6f58fa9
Show file tree

Hide file tree

Showing 11 changed files with 1,096 additions and 1,005 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,7 +1,7 @@
 ---
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
     hooks:
       - id: trailing-whitespace
         name: Ensure that code don't have trailing whitespace
@@ -26,7 +26,7 @@ repos:
         exclude: "^(?!helpers/)"
   - repo: https://github.com/astral-sh/ruff-pre-commit
     # Ruff version.
-    rev: v0.5.3
+    rev: v0.6.9
     hooks:
       # Run the Ruff linter.
       - id: ruff

diff --git a/cdk/blueprint/service_stack.py b/cdk/blueprint/service_stack.py
@@ -26,13 +26,6 @@ def _add_stack_tags(self) -> None:
         Tags.of(self).add(SERVICE_NAME_TAG, SERVICE_NAME)
         Tags.of(self).add(OWNER_TAG, get_username())
 
-    # Define the custom suppression condition
-    def custom_suppression_condition(policy_statement):
-        if 'Action' in policy_statement and 'logs:*' in policy_statement['Action']:
-            if 'Resource' in policy_statement and '*' in policy_statement['Resource']:
-                return True
-        return False
-
     def _add_security_tests(self) -> None:
         Aspects.of(self).add(AwsSolutionsChecks(verbose=True))
         # Suppress a specific rule for this resource
@@ -41,8 +34,7 @@ def _add_security_tests(self) -> None:
             suppressions=[
                 NagPackSuppression(
                     id='AwsSolutions-IAM5',
-                    reason='Suppressed for logs:* and xray permissions on all resources',
-                    applies_to=['Action::logs:*', 'Action::xray:*', 'Resource::*'],
-                )
+                    reason='Suppressed for logs:* and PutObject * for S3  and xray permissions on all resources',
+                ),
             ],
         )
diff --git a/cdk/blueprint/sqs_lambda_s3_blueprint.py b/cdk/blueprint/sqs_lambda_s3_blueprint.py
@@ -16,7 +16,8 @@ def __init__(self, scope: Construct, id_: str, is_production_env: bool) -> None:
         super().__init__(scope, id_)
         self.id_ = id_
         self.common_layer = self._build_common_layer()
-        self.bucket = SecureS3Construct(self, 'destination', is_production_env).bucket
+        self.SecureBucket = SecureS3Construct(self, 'destination', is_production_env)
+        self.bucket = self.SecureBucket.bucket
         self.redrive_queue = RedrivableSQS(
             self,
             identifier='queue',
@@ -41,7 +42,7 @@ def _build_lambda_role(self, bucket: s3.Bucket) -> iam.Role:
                     statements=[
                         iam.PolicyStatement(
                             actions=['s3:PutObject', 's3:PutObjectAcl'],
-                            resources=[bucket.bucket_arn],
+                            resources=[bucket.bucket_arn, f'{bucket.bucket_arn}/*'],
                             effect=iam.Effect.ALLOW,
                         ),
                     ]
@@ -95,8 +96,9 @@ def _create_lambda_function(
             memory_size=constants.API_HANDLER_LAMBDA_MEMORY_SIZE,
             layers=[self.common_layer],
             role=role,
-            log_format=_lambda.LogFormat.JSON.value,
-            system_log_level=_lambda.SystemLogLevel.INFO.value,
+            logging_format=_lambda.LoggingFormat.JSON,
+            system_log_level_v2=_lambda.SystemLogLevel.INFO,
+            application_log_level_v2=_lambda.ApplicationLogLevel.INFO,
         )
 
         # set sqs queue as event source for the lambda functions

diff --git a/cdk/blueprint/sqs_redrive_construct.py b/cdk/blueprint/sqs_redrive_construct.py
@@ -122,8 +122,8 @@ def _create_redrive_function(
 
         return _lambda.Function(
             self,
-            f'{identifier}Func',
-            function_name=f'{identifier}Func'[-64:],
+            f'{identifier}DlqFunc',
+            function_name=f'{identifier}DlqFunc'[-64:],
             runtime=runtime,
             handler='redrive_lambda.redrive_handler',
             code=_lambda.Code.from_asset('cdk/blueprint/_redrive_lambda'),
@@ -136,6 +136,9 @@ def _create_redrive_function(
             tracing=_lambda.Tracing.ACTIVE,
             retry_attempts=0,
             layers=[layer],
+            logging_format=_lambda.LoggingFormat.JSON,
+            system_log_level_v2=_lambda.SystemLogLevel.INFO,
+            application_log_level_v2=_lambda.ApplicationLogLevel.INFO,
         )
 
     def _create_scheduler_cron(

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,5 +1,5 @@
 {
-    "dependencies": {
-        "aws-cdk": "2.149.0"
-    }
-}
+  "dependencies": {
+    "aws-cdk": "^2.161.1"
+  }
+}