First Commit

Author: sagarsinha7777

Diff for: .gitignore

@@ -0,0 +1,8 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

Diff for: .npmignore

@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

Diff for: CODE_OF_CONDUCT.md

@@ -0,0 +1,4 @@
+## Code of Conduct
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
+[email protected] with any additional questions or comments.

Diff for: CONTRIBUTING.md

@@ -0,0 +1,59 @@
+# Contributing Guidelines
+
+Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
+documentation, we greatly value feedback and contributions from our community.
+
+Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
+information to effectively respond to your bug report or contribution.
+
+
+## Reporting Bugs/Feature Requests
+
+We welcome you to use the GitHub issue tracker to report bugs or suggest features.
+
+When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already
+reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
+
+* A reproducible test case or series of steps
+* The version of our code being used
+* Any modifications you've made relevant to the bug
+* Anything unusual about your environment or deployment
+
+
+## Contributing via Pull Requests
+Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
+
+1. You are working against the latest source on the *develop* branch.
+2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
+3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
+
+To send us a pull request, please:
+
+1. Fork the repository.
+2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
+3. Ensure local tests pass.
+4. Commit to your fork using clear commit messages.
+5. Send us a pull request, answering any default questions in the pull request interface.
+6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
+
+GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
+[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
+
+
+## Finding contributions to work on
+Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start.
+
+
+## Code of Conduct
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
+[email protected] with any additional questions or comments.
+
+
+## Security issue notifications
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
+
+
+## Licensing
+
+See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.

Diff for: LICENSE

@@ -0,0 +1,16 @@
+MIT No Attribution
+
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Diff for: README.md

@@ -0,0 +1,137 @@
+# AppSync MergedApi CI / CD
+An example pipeline for deploying a Merged API using AWS CDK and AWS CodePipeline
+
+# Overview
+This project includes 3 source AppSync APIs with resolvers written in Typescript:
+
+1. Reviews Service
+2. Books Service
+3. Authors Service
+
+Also, it contains a Merged API which is able to integrate these 3 services into a single endpoint. This is known as the Book Reviews Merged API following the same example as the previous blog (https://aws.amazon.com/blogs/mobile/introducing-merged-apis-on-aws-appsync/).
+
+
+![mergedApi](https://github.com/ndejaco2/MergedApiCICD/assets/54116900/71e8d0fe-0b4a-4d27-bbfa-63cc9ff3593f)
+
+* While this sample configures the stacks in the same repository for simplicity, each API has its own CodePipeline for deployment as these will be managed by separate teams. Each CodePipline has a beta stage, which is recommended for initial integration tests and staging, as well as a production stage.
+* For this sample, all APIs are deployed within the same AWS account.
+* Each source API stack includes a special SourceApiAssociation construct which handles configuring the association to the corresponding Merged API in the corresponding pipeline stage.
+* The construct includes a CustomResource backed by a Lambda function which will propagate changes to the corresponding Merged API whenever the source API stack is updated and verify that the merge is successful. If the merge operation fails, the CustomResource notifies Cloudformation of the failure causing a Rollback and the CodePipeline will halt.
+* Each source API stack includes unit testing using the AppSync EvaluateCode API and integration tests on both the source API and the Merged API after merge occurs.
+
+
+# Deployment Prerequisities
+
+1. The sample requires that you have the [AWS CDK](https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html) installed.
+2. The sample requires that you have Node 16+ and NPM
+3. The sample requires that you have an AWS account with credentials in order to deploy the sample.
+4. Cleanup of the sample requires the [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) to be installed.
+
+# Deploying the Sample
+
+1. Fork the repository on Github to create a repository that you own.
+
+2. Clone the fork locally for your local development
+    ```
+    git clone <your repository fork url>
+    ```
+
+3. Add the forked repository name in `YOUR_REPOSITORY_NAME` in bin/bookReviewsMergedApi.ts to ensure that the pipeline receives notifications when you commit a change to your repository on Github.
+
+4. Install dependencies and build the sample:
+    ```
+    npm ci && npm run build && npx cdk synth
+    ```
+5. Create an [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) secret named "API-848-github-token" containing a fine-grained [Github personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens/) as a plaintext secret. The token requires scopes to include repo and admin:repo_hook.
+
+6. Deploy the AppSync SchemaBreakingChangeDetection stack. This stack is responsible for configuring the Cloudformation Hook which will perform breaking change detection of AppSync schema updates within Cloudformation.
+
+    ```
+    export AWS_DEFAULT_REGION='us-east-1'
+    npx cdk deploy BreakingChangeDetection
+    ```
+
+7. Deploy the BookReviews MergedApi [AWS CodePipeline](https://aws.amazon.com/codepipeline/) Stack. This stack is responsible for configuring the CodePipeline which will handle deploying changes to both the beta and production stage BookReviews Merged API. Note that initially the integration tests in this pipeline are not added initially because they have a dependency on the source APIs being associated.
+    ```
+    npx cdk deploy BookReviewsMergedApiPipeline
+    ```
+8. Sign in to the AWS Management Console and open the [CodePipeline console](https://console.aws.amazon.com/codesuite/codepipeline/home). You should see the BookReviewsMergedApiPipeline resource with an ongoing pipeline execution. Wait for the execution to finish to ensure that the stacks have been deployed.
+
+
+9. Once the Merged API pipeline execution has completed, deploy the source API pipelined and wait for them to finish a pipeline execution to successfully deploy the beta and production stages.
+    ```
+    npx cdk deploy AuthorsServicePipeline ReviewsServicePipeline BooksServicePipeline
+    ```
+
+10. Now that all initial resources are deployed, we can enable the Merged API integration tests. Uncomment the code for adding the Merged API integration tests in lib/mergedApi/book-reviews-mergedapi-pipeline.ts as well as lib/sourceApis/authorsService/authors-service-pipeline-stack.ts, lib/sourceApis/booksService/books-service-pipeline-stack.ts, and lib/sourceApis/reviewsService/reviews-service-pipeline-stack.ts. Commit the code to your branch on Github and the changes will be picked up and automatically enable the integration testing step during the next pipeline execution.
+
+    ```
+       pipeline.addStage(new BookReviewsMergedApiStage(this, "BookReviewsMergedApiBetaStage", {
+            env: {
+                region: region
+            },
+            stageName: 'beta'
+        }), {
+            post: [
+                new CodeBuildStep('Integ-Test-Beta-MergedApi', {
+                    env: {
+                        Stage: 'beta',
+                        AWS_REGION: this.region
+                    },
+                    commands: [
+                        "npm ci",
+                        "npm run build",
+                        "npm test integ-tests/mergedApi"
+                    ],
+                    rolePolicyStatements: [
+                        integTestPolicyStatement,
+                        integTestListExportsPolicyStatement
+                    ]
+                })
+            ]
+        });
+
+        pipeline.addStage(new BookReviewsMergedApiStage(this, "BookReviewsMergedApiProdStage", {
+            env: {
+                region: region
+            },
+            stageName: 'prod'
+        }), {
+            post: [
+                new CodeBuildStep('Integ-Test-Prod-MergedApi', {
+                    env: {
+                        Stage: 'prod',
+                        AWS_REGION: this.region
+                    },
+                    commands: [
+                        "npm ci",
+                        "npm run build",
+                        "npm test integ-tests/mergedApi"
+                    ],
+                    rolePolicyStatements: [
+                        integTestPolicyStatement,
+                        integTestListExportsPolicyStatement
+                    ]
+                })
+            ]
+        });
+
+    ```
+
+    # Cleanup
+
+    1. Clean up all the code pipeline stacks:
+
+    ```
+    npx cdk destroy --all
+    ```
+
+    2. Clean up the Source API stacks created by the code pipeline (Requires AWS CLI):
+    ```
+    ./scripts/cleanup-source-api-beta-and-prod-stages.sh
+    ```
+
+    3. Clean up the Merged API stacks created by the code pipeline (Requires AWS CLI):
+    ```
+    ./scripts/cleanup-merged-api-beta-and-prod-stages.sh
+    ```

Diff for: bin/bookReviewsMergedApi.ts

@@ -0,0 +1,41 @@
+#!/usr/bin/env node
+import * as cdk from 'aws-cdk-lib';
+import { BooksServicePipelineStack } from "../lib/sourceApis/booksService/books-service-pipeline-stack";
+import { BookReviewsMergedApiPipeline } from "../lib/mergedApi/book-reviews-mergedapi-pipeline";
+import { AuthorsServicePipelineStack } from "../lib/sourceApis/authorsService/authors-service-pipeline";
+import { ReviewsServicePipelineStack } from "../lib/sourceApis/reviewsService/reviews-service-pipeline";
+import { SchemaBreakingChangeDetectionStack } from '../lib/breakingChangeDetection/schema-breaking-change-detection-stack';
+
+const app = new cdk.App();
+
+const defaultRegion = 'us-east-1'
+export const YOUR_REPOSITORY_NAME = "sagarsinha7777/aws-appsync-merged-api-ci-cd-sample";
+new SchemaBreakingChangeDetectionStack(app, 'BreakingChangeDetection', {
+    env: {
+        region: defaultRegion
+    }
+});
+
+new BookReviewsMergedApiPipeline(app, 'BookReviewsMergedApiPipeline', {
+    env: {
+        region: defaultRegion
+    }
+});
+
+new AuthorsServicePipelineStack(app, 'AuthorsServicePipeline', {
+    env: {
+        region: defaultRegion
+    }
+});
+
+new ReviewsServicePipelineStack(app, 'ReviewsServicePipeline', {
+    env: {
+        region: defaultRegion
+    },
+});
+
+new BooksServicePipelineStack(app, 'BooksServicePipeline', {
+    env: {
+        region: defaultRegion
+    },
+})

Diff for: build.mjs

@@ -0,0 +1,20 @@
+/* eslint-disable */
+import { build } from 'esbuild'
+import {glob} from 'glob'
+
+for (const microServiceName of ['authorsService', 'booksService', 'reviewsService']) {
+    // Build resolver code for authors service
+    const files_agent = await glob(`lib/sourceApis/${microServiceName}/resolverCode/**/*.ts`)
+    console.log(`Building ${files_agent.length} files from ${microServiceName}`)
+
+    await build({
+        sourcesContent: false,
+        format: 'esm',
+        target: 'esnext',
+        platform: 'node',
+        external: ['@aws-appsync/utils'],
+        outdir: `lib/sourceApis/${microServiceName}/resolverCode`,
+        entryPoints: files_agent,
+        bundle: true,
+    })
+}

Diff for: cdk.json

@@ -0,0 +1,55 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/bookReviewsMergedApi.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true
+  }
+}

Diff for: jest.config.js

@@ -0,0 +1,8 @@
+module.exports = {
+  testEnvironment: 'node',
+  roots: ['<rootDir>/test'],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.tsx?$': 'ts-jest'
+  }
+};

Diff for: lib/breakingChangeDetection/schema-breaking-change-detection-stack.ts

@@ -0,0 +1,30 @@
+import * as cdk from "aws-cdk-lib";
+import { Role, ServicePrincipal, PrincipalWithConditions } from "aws-cdk-lib/aws-iam";
+import { Construct } from "constructs";
+
+export class SchemaBreakingChangeDetectionStack extends cdk.Stack {
+
+    constructor(scope: Construct, id: string, props?: cdk.StackProps) {
+        super(scope, id)
+
+        const executionRole = new Role(this, 'ActivationExecutionRole', {
+            assumedBy: new PrincipalWithConditions(
+                new ServicePrincipal( "hooks.cloudformation.amazonaws.com"), {
+                    StringEquals: { 'aws:SourceAccount':  this.account },
+                    ArnLike: { 'aws:SourceArn':  `arn:aws:cloudformation:${this.region}:${this.account}:type/hook/AwsCommunity-AppSync-BreakingChangeDetection/*`},
+                })
+        });
+
+        const type = new cdk.CfnTypeActivation(this, 'BreakingChangeDetectionHook', {
+            executionRoleArn: executionRole.roleArn,
+            typeName: "AwsCommunity::AppSync::BreakingChangeDetection",
+            type: "HOOK",
+            publisherId: "c830e97710da0c9954d80ba8df021e5439e7134b",
+        })
+
+        new cdk.CfnHookTypeConfig(this, 'BreakingChangeDetectionConfig', {
+            typeArn: type.attrArn,
+            configuration: "{\"CloudFormationConfiguration\":{\"HookConfiguration\":{\"TargetStacks\":\"ALL\",\"FailureMode\":\"FAIL\",\"Properties\":{ \"ConsiderDangerousChangesBreaking\": false}}}}"
+        })
+    }  
+}