Feat/including certificate (#3)

* Refactor: update solution name to 'prebid-server-deployment-on-aws' across multiple files
* Feat: add CloudFront and DataSync configurations with conditional settings
* Feat: update CloudFront configuration with new domain name and SSL certificate
* Feat: add AWS CDK deployment workflow for pull requests

Author: ajorquera

.github/workflows/infra-deployment.yml

@@ -59,7 +59,6 @@ jobs:
         run: |
           . $VENV
           cd infrastructure
-          cdk bootstrap --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess
           cdk synth
       
       - name: Deploy

.github/workflows/infra-pr.yml

@@ -0,0 +1,62 @@
+name: AWS CDK PR
+
+on:
+  pull_request:
+    branches: [longitude]
+
+permissions:
+  contents: read
+  
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  pr-test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with: 
+          aws-region: ${{ secrets.AWS_REGION }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_ACCESS_SECRET }}
+          aws-session-token: ${{ secrets.AWS_ACCESS_TOKEN }}
+        
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+
+      - name: Install and configure Poetry
+        uses: snok/install-poetry@v1
+        with:
+          virtualenvs-create: true
+          virtualenvs-in-project: true
+          installer-parallel: true
+
+      - name: Install Dependencies
+        working-directory: ./source
+        run: |
+          npm install -g aws-cdk
+          poetry install
+
+      - name: Run tests
+        working-directory: ./deployment
+        run: bash ./run-unit-tests.sh --in-venv 1
+      
+      - name: Build
+        working-directory: ./source
+        run: |
+          . $VENV
+          cd infrastructure
+          cdk synth

solution-manifest.yaml

@@ -1,5 +1,5 @@
 id: SO0248
-name: longitude-s2s
+name: prebid-server-deployment-on-aws
 version: v1.1.1
 cloudformation_templates:
   - template: prebid-server-deployment-on-aws.template

source/infrastructure/cdk.json

@@ -28,7 +28,7 @@
             "aws-cn"
         ],
         "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
-        "SOLUTION_NAME": "longitude-s2s",
+        "SOLUTION_NAME": "Prebid Server Deployment on AWS",
         "SOLUTION_ID": "SO0248",
         "SOLUTION_VERSION": "v1.1.1",
         "METRICS_NAMESPACE": "prebid-server-deployment-on-aws-metrics",

source/infrastructure/prebid_server/cloudfront_waf_construct.py

@@ -7,7 +7,8 @@
     aws_kms as kms,
     aws_s3 as s3,
     aws_cloudfront_origins as cloudfront_origins,
-    aws_iam as iam
+    aws_iam as iam,
+    aws_certificatemanager as certificatemanager
 )
 
 from aws_cdk import Aws, CustomResource, Duration, RemovalPolicy
@@ -258,6 +259,8 @@ def __init__(
             default_behavior=default_behavior,
             web_acl_id=waf_webacl_arn,
             enable_logging=True,
+            domain_names=globals.DOMAIN_NAMES,
+            certificate=certificatemanager.Certificate.from_certificate_arn(self, "sslCertificate", globals.SSL_CERTIFICATE_ARN),
             log_bucket=cloudfront_access_logs_bucket,
         )
 

source/infrastructure/prebid_server/prebid_datasync_constructs.py

@@ -590,7 +590,8 @@ def __init__(
             destination_location_arn=self.s3_location.s3_location.attr_location_arn,
             source_location_arn=self.efs_location.efs_location.attr_location_arn,
             schedule=datasync.CfnTask.TaskScheduleProperty(
-                schedule_expression=self.task_schedule
+                schedule_expression=self.task_schedule,
+                status="DISABLED" if globals.DATASYNC_DISABLE else "ENABLED",
             ),
             options=datasync.CfnTask.OptionsProperty(
                 transfer_mode="CHANGED",

source/infrastructure/prebid_server/prebid_server_stack.py

@@ -23,6 +23,7 @@
 from .prebid_glue_constructs import GlueEtl
 from .cloudtrail_construct import CloudTrailConstruct
 
+import prebid_server.stack_constants as globals
 
 class PrebidServerStack(SolutionStack):
     name = "longitude-s2s"
@@ -47,7 +48,7 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
             id="SSLCertificateARN",
             description="The ARN of an SSL certificate in AWS Certificate Manager associated with a domain name. This field is only required if InstallCloudFrontAndWAF is set to \"No\".",
             type="String",
-            default=""
+            default=globals.SSL_CERTIFICATE_ARN,
         )
         self.solutions_template_options.add_parameter(deploy_cloudfront_and_waf_param, label="",
                                                       group="Content Delivery Network (CDN) Settings")

source/infrastructure/prebid_server/stack_constants.py

@@ -43,6 +43,7 @@
 FARGATE_MAX_HEALTHY_PERCENT = 200
 HEALTH_CHECK_GRACE_PERIOD = 120
 
+DATASYNC_DISABLE=True
 DATASYNC_METRICS_SCHEDULE = "cron(30 * * * ? *)"  # hourly on the half hour
 DATASYNC_LOGS_SCHEDULE = "cron(30 * * * ? *)"  # hourly on the half hour
 DATASYNC_REPORT_LIFECYCLE_DAYS = 1
@@ -62,3 +63,7 @@
 
 CLOUD_FRONT_NAMESPACE = "AWS/CloudFront"
 RESOURCE_NAMESPACE = "aws:ResourceAccount"
+
+# CloudFront settings
+SSL_CERTIFICATE_ARN = "arn:aws:acm:us-east-1:463470947511:certificate/e5848f93-debb-473d-a307-97b8d1fabe75"
+DOMAIN_NAMES = ["s2s.lngtd.com"]

source/pyproject.toml

@@ -1,5 +1,5 @@
 [tool.poetry]
-name = "longitude-s2s"
+name = "prebid-server-deployment-on-aws"
 version = "1.1.1"
 description = "Prebid Server Deployment on AWS - Easily deploy and operate a scalable Prebid Server for programmatic advertising auctions"
 license = "MIT"

source/tests/unit_tests/test_app.py

@@ -50,8 +50,8 @@ def build_app_fix():
     ]
 )
 def test_build_app(build_app_fix):
-    app_stack = build_app_fix.get_stack_by_name("prebid-server-deployment-on-aws")
+    app_stack = build_app_fix.get_stack_by_name("longitude-s2s")
     assert app_stack is not None
-    assert app_stack.stack_name == "prebid-server-deployment-on-aws"
+    assert app_stack.stack_name == "longitude-s2s"
     assert app_stack.template is not None
     assert app_stack.template["Description"] == "(SO9999test) - Prebid Server Deployment on AWS. Version v99.99.99"