feat: introduced statistics table

GemeenteNijmegen · Oct 26, 2022 · ff58141 · ff58141
1 parent e7e1219
commit ff58141
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 0 deletions.
diff --git a/src/ApiStack.ts b/src/ApiStack.ts
@@ -12,9 +12,11 @@ import { LogoutFunction } from './app/logout/logout-function';
 import { DynamoDbReadOnlyPolicy } from './iam/dynamodb-readonly-policy';
 import { SessionsTable } from './SessionsTable';
 import { Statics } from './statics';
+import { StatisticsTable } from './StatisticsTable';
 
 export interface ApiStackProps extends StackProps {
   sessionsTable: SessionsTable;
+  statisticsTable: StatisticsTable;
   branch: string;
   addNijmegenDomain: boolean;
 }
@@ -26,11 +28,13 @@ export interface ApiStackProps extends StackProps {
  */
 export class ApiStack extends Stack {
   private sessionsTable: Table;
+  private statisticsTable: Table;
   api: apigatewayv2.HttpApi;
 
   constructor(scope: Construct, id: string, props: ApiStackProps) {
     super(scope, id);
     this.sessionsTable = props.sessionsTable.table;
+    this.statisticsTable = props.statisticsTable.table;
     this.api = new apigatewayv2.HttpApi(this, 'irma-issue-api', {
       description: 'IRMA issue webapplicatie',
     });
@@ -124,6 +128,7 @@ export class ApiStack extends Stack {
     secretIrmaApiAccessKeyId.grantRead(issueFunction.lambda);
     secretIrmaApiSecretKey.grantRead(issueFunction.lambda);
     secretIrmaApiKey.grantRead(issueFunction.lambda);
+    this.statisticsTable.grantReadWriteData(issueFunction.lambda.grantPrincipal);
 
     this.api.addRoutes({
       integration: new HttpLambdaIntegration('irma-issue-login', loginFunction.lambda),

diff --git a/src/ApiStage.ts b/src/ApiStage.ts
@@ -6,6 +6,7 @@ import { DNSSECStack } from './DNSSECStack';
 import { DNSStack } from './DNSStack';
 import { KeyStack } from './keystack';
 import { SessionsStack } from './SessionsStack';
+import { StatisticsStack } from './StatisticsStack';
 import { UsEastCertificateStack } from './UsEastCertificateStack';
 import { WafStack } from './WafStack';
 
@@ -29,6 +30,7 @@ export class ApiStage extends Stage {
     }
 
     const sessionsStack = new SessionsStack(this, 'sessions-stack', { key: key });
+    const statisticsStack = new StatisticsStack(this, 'statistics-stack', {});
     const dnsStack = new DNSStack(this, 'dns-stack', { branch: props.branch });
 
     const usEastCertificateStack = new UsEastCertificateStack(this, 'us-cert-stack', {
@@ -47,6 +49,7 @@ export class ApiStage extends Stage {
     const apistack = new ApiStack(this, 'api-stack', {
       branch: props.branch,
       sessionsTable: sessionsStack.sessionsTable,
+      statisticsTable: statisticsStack.statisticsTable,
       addNijmegenDomain: props.addNijmegenDomain,
     });
     const cloudfrontStack = new CloudfrontStack(this, 'cloudfront-stack', {

diff --git a/src/StatisticsStack.ts b/src/StatisticsStack.ts
@@ -0,0 +1,26 @@
+import { Stack, aws_ssm as SSM, StackProps, aws_kms as KMS } from 'aws-cdk-lib';
+import { Construct } from 'constructs';
+import { Statics } from './statics';
+import { StatisticsTable } from './StatisticsTable';
+
+export interface StatisticsStackProps extends StackProps {
+  key?: KMS.Key;
+}
+
+/**
+ * Statistics are stored in dynamo db table. Possibly define lambda / other resources here
+ * for providing insights in the collected statistics
+ */
+export class StatisticsStack extends Stack {
+  statisticsTable : StatisticsTable;
+
+  constructor(scope: Construct, id: string, props: StatisticsStackProps) {
+    super(scope, id);
+    this.statisticsTable = new StatisticsTable(this, 'statistics-table', { key: props.key });
+
+    new SSM.StringParameter(this, 'ssm_sessions_1', {
+      stringValue: this.statisticsTable.table.tableArn,
+      parameterName: Statics.ssmSessionsTableArn,
+    });
+  }
+}
diff --git a/src/StatisticsTable.ts b/src/StatisticsTable.ts
@@ -0,0 +1,29 @@
+import { aws_dynamodb as DynamoDB, aws_kms as KMS, RemovalPolicy, StackProps } from 'aws-cdk-lib';
+import { TableEncryption } from 'aws-cdk-lib/aws-dynamodb';
+import { Construct } from 'constructs';
+import { Statics } from './statics';
+
+export interface StatisticsTableProps extends StackProps {
+  /**
+   * If no key provided use AWS_MANAGED key
+   */
+  key?: KMS.Key;
+}
+
+export class StatisticsTable extends Construct {
+  table: DynamoDB.Table;
+  constructor(scope: Construct, id: string, props: StatisticsTableProps) {
+
+    super(scope, id);
+    this.table = new DynamoDB.Table(this, 'statistics-table', {
+      partitionKey: { name: 'subject', type: DynamoDB.AttributeType.STRING },
+      sortKey: { name: 'timestamp', type: DynamoDB.AttributeType.NUMBER },
+      billingMode: DynamoDB.BillingMode.PAY_PER_REQUEST,
+      tableName: Statics.statisticsTableName,
+      timeToLiveAttribute: 'ttl',
+      removalPolicy: RemovalPolicy.RETAIN,
+      encryptionKey: props.key,
+      encryption: props.key ? TableEncryption.CUSTOMER_MANAGED : TableEncryption.AWS_MANAGED,
+    });
+  }
+}
diff --git a/src/statics.ts b/src/statics.ts
@@ -1,6 +1,7 @@
 export abstract class Statics {
   static readonly projectName: string = 'irma-issue-app';
   static readonly sessionTableName: string = 'irma-issue-sessions';
+  static readonly statisticsTableName: string = 'irma-issue-statistics';
 
   /**
    * Repo information