logemann · July 20, 2020 11:38
diff --git a/recaptcha-stack.ts b/recaptcha-stack.ts
 import * as cdk from '@aws-cdk/core';
 import * as lambda from '@aws-cdk/aws-lambda';
 import * as lambdanode from '@aws-cdk/aws-lambda-nodejs';
 import * as logs from '@aws-cdk/aws-logs';
 import * as iam from '@aws-cdk/aws-iam';
 import {EndpointType, LambdaRestApi, DomainName, SecurityPolicy} from "@aws-cdk/aws-apigateway";
 import {Certificate} from "@aws-cdk/aws-certificatemanager";
 import * as route53 from '@aws-cdk/aws-route53';
 import * as sns from '@aws-cdk/aws-sns';
 import * as targets from '@aws-cdk/aws-route53-targets';
 import {EmailSubscription} from '@aws-cdk/aws-sns-subscriptions';

 export class OkaycloudCdkStack extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    let myDomain : string = "mydomain.de";
    let myEmail : string = `me@${myDomain}`;
    let certArn : string = "arn:aws:acm:us-east-1:XXXXXXXXX:certificate/YYYYYYYYY";
    let route53ZoneId : string = "XXXXXXXXX";
    
    const topic = new sns.Topic(this, 'CformTopic', {
      displayName: 'web cform topic',
      topicName: "CformTopic"
    });
    topic.addSubscription(new EmailSubscription(myEmail));

    let contactFormFunction = this.createContactFormFunction(topic.topicArn);

    let domainName = new DomainName(this, 'custom-domain', {
      domainName: `api.${myDomain}`,
      certificate: Certificate.fromCertificateArn(
          this,
          'apiGwCert',
          certArn
      ),
      endpointType: EndpointType.EDGE, // default is REGIONAL
      securityPolicy: SecurityPolicy.TLS_1_2
    });

    let api = new LambdaRestApi(this, 'contactFormGw', {
      handler: contactFormFunction,
    });

    domainName?.addBasePathMapping(api, {basePath: "cform"});
    this.createARecordForApiGw(myDomain, domainName, route53ZoneId);
  }

  private createARecordForApiGw(myDomain: string, domainName: DomainName, route53ZoneId : string) {
    let hostedZone = route53.HostedZone.fromHostedZoneAttributes(this, 'okaycloudComZone', {
      zoneName: myDomain,
      hostedZoneId: route53ZoneId,
    })
    new route53.ARecord(this, 'CustomDomainAliasRecord', {
      zone: hostedZone,
      recordName: "api",
      target: route53.RecordTarget.fromAlias(new targets.ApiGatewayDomain(domainName))
    });
  }

  private createContactFormFunction(topicArn: string) : lambda.IFunction {
    let func = new lambdanode.NodejsFunction(this, 'MyFunctionNew', {
      entry: 'content/lambda/contactForm.ts', // accepts .js, .jsx, .ts and .tsx files
      handler: 'handler',
      environment: {TOPIC_ARN: topicArn},
      runtime: lambda.Runtime.NODEJS_12_X,
      logRetention: logs.RetentionDays.ONE_WEEK,
      description: "Contact Form Handler",
      functionName: "contactForm",
    });

    func.addToRolePolicy(new iam.PolicyStatement({
      effect: iam.Effect.ALLOW,
      resources: ["*"],
      actions: ["cloudwatch:*",
        "logs:*",
        "lambda:*",
        "sns:*"],
    }));

    return func;
  }
 }
	import * as cdk from '@aws-cdk/core';
	import * as lambda from '@aws-cdk/aws-lambda';
	import * as lambdanode from '@aws-cdk/aws-lambda-nodejs';
	import * as logs from '@aws-cdk/aws-logs';
	import * as iam from '@aws-cdk/aws-iam';
	import {EndpointType, LambdaRestApi, DomainName, SecurityPolicy} from "@aws-cdk/aws-apigateway";
	import {Certificate} from "@aws-cdk/aws-certificatemanager";
	import * as route53 from '@aws-cdk/aws-route53';
	import * as sns from '@aws-cdk/aws-sns';
	import * as targets from '@aws-cdk/aws-route53-targets';
	import {EmailSubscription} from '@aws-cdk/aws-sns-subscriptions';

	export class OkaycloudCdkStack extends cdk.Stack {
	constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
	super(scope, id, props);

	let myDomain : string = "mydomain.de";
	let myEmail : string = `me@${myDomain}`;
	let certArn : string = "arn:aws:acm:us-east-1:XXXXXXXXX:certificate/YYYYYYYYY";
	let route53ZoneId : string = "XXXXXXXXX";

	const topic = new sns.Topic(this, 'CformTopic', {
	displayName: 'web cform topic',
	topicName: "CformTopic"
	});
	topic.addSubscription(new EmailSubscription(myEmail));

	let contactFormFunction = this.createContactFormFunction(topic.topicArn);

	let domainName = new DomainName(this, 'custom-domain', {
	domainName: `api.${myDomain}`,
	certificate: Certificate.fromCertificateArn(
	this,
	'apiGwCert',
	certArn
	),
	endpointType: EndpointType.EDGE, // default is REGIONAL
	securityPolicy: SecurityPolicy.TLS_1_2
	});

	let api = new LambdaRestApi(this, 'contactFormGw', {
	handler: contactFormFunction,
	});

	domainName?.addBasePathMapping(api, {basePath: "cform"});
	this.createARecordForApiGw(myDomain, domainName, route53ZoneId);
	}

	private createARecordForApiGw(myDomain: string, domainName: DomainName, route53ZoneId : string) {
	let hostedZone = route53.HostedZone.fromHostedZoneAttributes(this, 'okaycloudComZone', {
	zoneName: myDomain,
	hostedZoneId: route53ZoneId,
	})
	new route53.ARecord(this, 'CustomDomainAliasRecord', {
	zone: hostedZone,
	recordName: "api",
	target: route53.RecordTarget.fromAlias(new targets.ApiGatewayDomain(domainName))
	});
	}

	private createContactFormFunction(topicArn: string) : lambda.IFunction {
	let func = new lambdanode.NodejsFunction(this, 'MyFunctionNew', {
	entry: 'content/lambda/contactForm.ts', // accepts .js, .jsx, .ts and .tsx files
	handler: 'handler',
	environment: {TOPIC_ARN: topicArn},
	runtime: lambda.Runtime.NODEJS_12_X,
	logRetention: logs.RetentionDays.ONE_WEEK,
	description: "Contact Form Handler",
	functionName: "contactForm",
	});

	func.addToRolePolicy(new iam.PolicyStatement({
	effect: iam.Effect.ALLOW,
	resources: ["*"],
	actions: ["cloudwatch:*",
	"logs:*",
	"lambda:*",
	"sns:*"],
	}));

	return func;
	}
	}