feat: ✨ aws-s3+lambda+eventBridge+dynamoDB Event-Driven Pub/Sub website

Author: Falltrades

README.md

@@ -20,3 +20,5 @@ This is an example repository to showcase some IaC usage with different cloud pr
     - [aws-ecs+rds](html-db-website/aws-ecs+rds)
     - [aws-eks](html-db-website/aws-eks)
     - [aws-s3+lambda+rds](html-db-website/aws-s3+lambda+rds)
+- event-driven-website
+    - [aws-s3+lambda+eventBridge+dynamoDB](event-driven-website/aws-s3+lambda+eventBridge+dynamoDB)

event-driven-website/aws-s3+lambda+eventBridge+dynamoDB/README.md

@@ -0,0 +1,100 @@
+# AWS-S3+Lambda+eventBridge+RDS
+
+This is an example repository containing Terraform code. It contains the code to deploy a demo Event-Driven Pub/Sub application with S3, Lambda, eventBridge and DynamoDB.  
+We are using Api gateway and Cloudfront to expose the application.
+
+## Tree
+```
+.
+├── app
+│   ├── lambda.zip
+│   ├── on_connect.py
+│   ├── requirements.txt
+│   ├── trigger_event.py
+│   └── zip.sh                # Helper script to run to generate lambda.zip
+├── misc
+│   └── architecture.dot.png  # Generated with https://github.com/patrickchugh/terravision.
+├── README.md
+└── terraform
+    ├── iam.tf
+    ├── main.tf
+    ├── outputs.tf
+    ├── provider.tf
+    ├── s3.tf
+    ├── templates
+    │   └── index.html.tftpl
+    └── variables.tf
+```
+
+## Architecture diagram
+
+<img src="./misc/architecture.dot.png">
+
+## Infracost
+
+```shell
+ Name                                                      Monthly Qty  Unit                        Monthly Cost
+
+ aws_apigatewayv2_api.event_ws
+ ├─ Messages (first 1B)                            Monthly cost depends on usage: $1.00 per 1M messages
+ └─ Connection duration                            Monthly cost depends on usage: $0.25 per 1M minutes
+
+ aws_cloudfront_distribution.s3_distribution
+ ├─ Invalidation requests (first 1k)               Monthly cost depends on usage: $0.00 per paths
+ └─ US, Mexico, Canada
+    ├─ Data transfer out to internet (first 10TB)  Monthly cost depends on usage: $0.085 per GB
+    ├─ Data transfer out to origin                 Monthly cost depends on usage: $0.02 per GB
+    ├─ HTTP requests                               Monthly cost depends on usage: $0.0075 per 10k requests
+    └─ HTTPS requests                              Monthly cost depends on usage: $0.01 per 10k requests
+
+ aws_dynamodb_table.connections
+ ├─ Write request unit (WRU)                       Monthly cost depends on usage: $0.000000625 per WRUs
+ ├─ Read request unit (RRU)                        Monthly cost depends on usage: $0.000000125 per RRUs
+ ├─ Data storage                                   Monthly cost depends on usage: $0.25 per GB
+ ├─ On-demand backup storage                       Monthly cost depends on usage: $0.10 per GB
+ ├─ Table data restored                            Monthly cost depends on usage: $0.15 per GB
+ └─ Streams read request unit (sRRU)               Monthly cost depends on usage: $0.0000002 per sRRUs
+
+ aws_dynamodb_table.event_history
+ ├─ Write request unit (WRU)                       Monthly cost depends on usage: $0.000000625 per WRUs
+ ├─ Read request unit (RRU)                        Monthly cost depends on usage: $0.000000125 per RRUs
+ ├─ Data storage                                   Monthly cost depends on usage: $0.25 per GB
+ ├─ On-demand backup storage                       Monthly cost depends on usage: $0.10 per GB
+ ├─ Table data restored                            Monthly cost depends on usage: $0.15 per GB
+ └─ Streams read request unit (sRRU)               Monthly cost depends on usage: $0.0000002 per sRRUs
+
+ aws_lambda_function.on_connect
+ ├─ Requests                                       Monthly cost depends on usage: $0.20 per 1M requests
+ ├─ Ephemeral storage                              Monthly cost depends on usage: $0.0000000309 per GB-seconds
+ └─ Duration (first 6B)                            Monthly cost depends on usage: $0.0000166667 per GB-seconds
+
+ aws_lambda_function.trigger
+ ├─ Requests                                       Monthly cost depends on usage: $0.20 per 1M requests
+ ├─ Ephemeral storage                              Monthly cost depends on usage: $0.0000000309 per GB-seconds
+ └─ Duration (first 6B)                            Monthly cost depends on usage: $0.0000166667 per GB-seconds
+
+ aws_s3_bucket.frontend
+ └─ Standard
+    ├─ Storage                                     Monthly cost depends on usage: $0.023 per GB
+    ├─ PUT, COPY, POST, LIST requests              Monthly cost depends on usage: $0.005 per 1k requests
+    ├─ GET, SELECT, and all other requests         Monthly cost depends on usage: $0.0004 per 1k requests
+    ├─ Select data scanned                         Monthly cost depends on usage: $0.002 per GB
+    └─ Select data returned                        Monthly cost depends on usage: $0.0007 per GB
+
+ OVERALL TOTAL                                                                                            $0.00
+
+*Usage costs can be estimated by updating Infracost Cloud settings, see docs for other options.
+
+──────────────────────────────────
+23 cloud resources were detected:
+∙ 7 were estimated
+∙ 16 were free
+
+┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━┓
+┃ Project                                            ┃ Baseline cost ┃ Usage cost* ┃ Total cost ┃
+┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━╋━━━━━━━━━━━━┫
+┃ main                                               ┃         $0.00 ┃           - ┃      $0.00 ┃
+┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━┻━━━━━━━━━━━━┛
+```
+
+## Helpful informations

event-driven-website/aws-s3+lambda+eventBridge+dynamoDB/app/lambda.zip

@@ -0,0 +1,43 @@
+import json
+import boto3
+import os
+from decimal import Decimal
+
+class DecimalEncoder(json.JSONEncoder):
+    def default(self, obj):
+        if isinstance(obj, Decimal): return int(obj)
+        return super(DecimalEncoder, self).default(obj)
+
+db = boto3.resource('dynamodb')
+hist_table = db.Table(os.environ['HIST_TABLE'])
+conn_table = db.Table(os.environ['CONN_TABLE'])
+
+def handler(event, context):
+    route_key = event['requestContext']['routeKey']
+    connection_id = event['requestContext']['connectionId']
+    
+    # 1. If it's just the initial connection, just save and exit
+    if route_key == "$connect":
+        conn_table.put_item(Item={'connectionId': connection_id})
+        return {'statusCode': 200}
+
+    # 2. If it's the history request, fetch and send
+    domain = event['requestContext']['domainName']
+    stage = event['requestContext']['stage']
+    gatewayapi = boto3.client('apigatewaymanagementapi', 
+                              endpoint_url=f"https://{domain}/{stage}")
+
+    response = hist_table.scan()
+    items = response.get('Items', [])
+    items.sort(key=lambda x: x.get('unix_time', 0))
+    history_to_send = items[-20:]
+
+    try:
+        gatewayapi.post_to_connection(
+            ConnectionId=connection_id,
+            Data=json.dumps({"action": "history", "data": history_to_send}, cls=DecimalEncoder)
+        )
+    except Exception as e:
+        print(f"Error: {e}")
+
+    return {'statusCode': 200}

event-driven-website/aws-s3+lambda+eventBridge+dynamoDB/app/on_connect.py

@@ -0,0 +1 @@
+boto3==1.28.0

event-driven-website/aws-s3+lambda+eventBridge+dynamoDB/app/requirements.txt

@@ -0,0 +1,55 @@
+import json
+import boto3
+import os
+import time
+import uuid
+from decimal import Decimal
+
+# Helper to convert DynamoDB Decimals to standard Integers
+class DecimalEncoder(json.JSONEncoder):
+    def default(self, obj):
+        if isinstance(obj, Decimal):
+            return int(obj)
+        return super(DecimalEncoder, self).default(obj)
+
+db = boto3.resource('dynamodb')
+conn_table = db.Table(os.environ['CONN_TABLE'])
+hist_table = db.Table(os.environ['HIST_TABLE'])
+
+def handler(event, context):
+    try:
+        domain = event['requestContext']['domainName']
+        stage = event['requestContext']['stage']
+        gatewayapi = boto3.client('apigatewaymanagementapi', 
+                                  endpoint_url=f"https://{domain}/{stage}")
+
+        body = json.loads(event.get('body', '{}'))
+        
+        event_payload = {
+            "id": str(uuid.uuid4())[:4],
+            "type": body.get('event_type', 'System Update'),
+            "timestamp": time.strftime('%H:%M:%S'),
+            "unix_time": int(time.time())
+        }
+
+        # 1. Save to history
+        hist_table.put_item(Item=event_payload)
+
+        # 2. Get all connections
+        connections = conn_table.scan(ProjectionExpression="connectionId")['Items']
+        
+        # 3. Broadcast - Use the encoder to prevent "Internal Server Error"
+        message = json.dumps(event_payload, cls=DecimalEncoder)
+        
+        for conn in connections:
+            cid = conn['connectionId']
+            try:
+                gatewayapi.post_to_connection(ConnectionId=cid, Data=message)
+            except gatewayapi.exceptions.GoneException:
+                conn_table.delete_item(Key={'connectionId': cid})
+
+        return {'statusCode': 200}
+    
+    except Exception as e:
+        print(f"CRASH: {e}") # This will show up in CloudWatch Logs
+        return {'statusCode': 500, 'body': str(e)}

event-driven-website/aws-s3+lambda+eventBridge+dynamoDB/app/trigger_event.py

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -euo pipefail
+
+rm -rf build lambda.zip
+mkdir build
+
+cp *.py build/
+
+# Build dependencies for Lambda using Docker
+docker run --rm \
+    -v "$(pwd)/build":/var/task \
+    -v "$(pwd)/requirements.txt":/var/requirements.txt \
+    --entrypoint "" \
+    public.ecr.aws/lambda/python:3.11 \
+    python3.11 -m pip install -r /var/requirements.txt -t /var/task
+
+cd build
+zip -r ../lambda.zip .
+cd ..

event-driven-website/aws-s3+lambda+eventBridge+dynamoDB/app/zip.sh

@@ -0,0 +1,70 @@
+resource "aws_iam_role" "lambda_exec" {
+  name = "event_dashboard_lambda_role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Action = "sts:AssumeRole"
+      Effect = "Allow"
+      Principal = { Service = "lambda.amazonaws.com" }
+    }]
+  })
+}
+
+# Attach policy to allow Lambda to access DynamoDB and API Gateway
+resource "aws_iam_role_policy" "lambda_policy" {
+  role = aws_iam_role.lambda_exec.id
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = [
+          "dynamodb:PutItem",
+          "dynamodb:DeleteItem",
+          "dynamodb:Scan",
+          "dynamodb:GetItem"
+        ],
+        Effect = "Allow",
+        Resource = "*"
+      },
+      {
+        Action = ["execute-api:ManageConnections"],
+        Effect = "Allow",
+        Resource = "arn:aws:execute-api:*:*:*/*"
+      }
+    ]
+  })
+}
+
+resource "aws_s3_bucket_policy" "allow_access_from_cloudfront" {
+  bucket = aws_s3_bucket.frontend.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Sid    = "AllowCloudFrontServicePrincipalReadOnly"
+        Effect = "Allow"
+        Principal = {
+          Service = "cloudfront.amazonaws.com"
+        }
+        Action   = "s3:GetObject"
+        Resource = "${aws_s3_bucket.frontend.arn}/*"
+        Condition = {
+          StringEquals = {
+            "AWS:SourceArn" = aws_cloudfront_distribution.s3_distribution.arn
+          }
+        }
+      }
+    ]
+  })
+}
+
+resource "aws_s3_bucket_public_access_block" "frontend_secure" {
+  bucket = aws_s3_bucket.frontend.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}