Merge prod to main

.github/workflows/dev-deployment.yml

@@ -1,8 +1,10 @@
-name: Find and Replace Dev Deployment
+name: Push changes from Dev to Stage
 
 on:
   push:
     branches: [ dev ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
 
 jobs:
   build:
@@ -13,8 +15,8 @@ jobs:
     - name: Initiate - Dev
       uses: actions/checkout@v3
       with:
-        token: ${{ secrets.PAT }}
+        token: ${{ secrets.GITHUB_TOKEN }}
         ref: ${{ github.head_ref }}
 
     - name: Push changes - Init Stage
-      run: git push origin -f dev:stage 
+      run: git push origin -f dev:stage 

.github/workflows/stage-deployment.yml

@@ -1,8 +1,10 @@
-name: Find and Replace Stage Deployment
+name: Push changes from Stage to Prod
 
 on:
   push:
     branches: [ stage ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
 
 jobs:
   build:
@@ -13,8 +15,8 @@ jobs:
     - name: Initiate - Stage
       uses: actions/checkout@v3
       with:
-        token: ${{ secrets.PAT }}
+        token: ${{ secrets.GITHUB_TOKEN }}
         ref: ${{ github.head_ref }}
 
     - name: Push changes - Init Prod
-      run: git push origin -f stage:prod
+      run: git push origin -f stage:prod

docs/cloudformation/app-geo-ca-stack.yml

@@ -9,7 +9,7 @@ Parameters:
   SslCertArn:
     Type: AWS::SSM::Parameter::Value<String>
     Default: /webpresence/app-geo-ca/ssl-cert-arn
-    Description: SSM parameter name for app.geo.ca ACM SSL Cert ARN     
+    Description: SSM parameter name for app.geo.ca ACM SSL Cert ARN
   WebAclArn:
     Type: String
     Description: ARN of the WAF web ACL to use for CloudFront
@@ -100,7 +100,7 @@ Resources:
                   - 'logs:CreateLogGroup'
                   - 'logs:CreateLogStream'
                   - 'logs:PutLogEvents'
-                Resource: '*'              
+                Resource: '*'
 
 
   AppCodeBuildProject:
@@ -313,7 +313,7 @@ Resources:
                 - Name: AppBuild
               RunOrder: 1
               Configuration:
-                ProjectName: !Ref AppCodeBuildProject                
+                ProjectName: !Ref AppCodeBuildProject
         - Name: Deploy
           Actions:
             - Name: Deploy
@@ -371,6 +371,9 @@ Resources:
           LambdaFunctionAssociations:
             - EventType: origin-response
               LambdaFunctionARN: !Ref SecHeadersLambdaEdgeArn
+          FunctionAssociations:
+            - EventType: viewer-request
+              FunctionARN: !GetAtt CloudfrontAppHandler.FunctionMetadata.FunctionARN
         DefaultRootObject: index.html
         HttpVersion: http2
         WebACLId: !Ref WebAclArn
@@ -398,4 +401,35 @@ Resources:
             ResponsePagePath: /index.html
             ResponseCode: 200
 
-
+  CloudfrontAppHandler:
+    Type: AWS::CloudFront::Function
+    Properties: 
+      AutoPublish: true
+      FunctionCode: >
+        function handler(event) {
+          var request = event.request;
+          // Redirects requests to the www. url to the non www. url.
+          if (request.headers && request.headers.host && request.headers.host.value.includes('www.')) {
+            var newurl = request.headers.host.value.replace('www.', '')
+            var qs = ''
+            Object.keys(request.querystring).forEach((e) => {
+              if (qs === '') {
+                qs += '?';
+              } else { qs += '&' };
+              qs += e + '=' + request.querystring[e].value;
+            })
+            var response = {
+              statusCode: 301,
+              statusDescription: 'Moved Permanently',
+              headers:
+                { "location": { "value": 'https://' + newurl + request.uri + qs } }
+            }
+            return response;
+          }
+
+          return request;
+        }
+      FunctionConfig: 
+        Comment: A function run on every request to app.geo.ca
+        Runtime: cloudfront-js-1.0
+      Name: app-handler

docs/cloudformation/common-stack.yml

@@ -12,8 +12,12 @@ Metadata:
           - GeocoreSslCertArn
           - GeocoreMetadataSslCertArn
           - GeocoreHarvestSslCertArn
+          - GeocorePygeoapiSslCertArn
+          - GeolocatorSslCertArn
+          - TiTilerSslCertArn
           - GeoCaSslCertArn
           - AppGeoCaSslCertArn
+          - SearchSslCertArn
           - GithubUsername
           - GithubKey
 
@@ -26,6 +30,13 @@ Parameters:
       - prod
     Default: dev
     Description: Type of App Environment - dev stage prod
+  DynamoDBCreationBool:
+    Type: String
+    AllowedValues:
+      - true
+      - false
+    Default: false
+    Description: True or false to recreate all dynamodb tables
   DeploymentBucket:
     Description: S3 bucket where all the deployment related files are
     Type: String
@@ -38,20 +49,36 @@ Parameters:
     Type: String    
   GeocoreHarvestSslCertArn:
     Description: ARN of the SSL cert stored in ACM to be used for Geocore HNAP JSON Harvester
-    Type: String    
+    Type: String
+  GeocorePygeoapiSslCertArn:
+    Description: ARN of the SSL cert stored in ACM to be used for Geocore pygeoapi
+    Type: String
+  GeolocatorSslCertArn:
+    Description: ARN of the SSL cert stored in ACM to be used for Geolocator
+    Type: String
+  TiTilerSslCertArn:
+    Description: ARN of the SSL cert stored in ACM to be used for TiTiler
+    Type: String
   GeoCaSslCertArn:
     Description: ARN of the SSL cert stored in ACM to be used for geo.ca
     Type: String    
   AppGeoCaSslCertArn:
     Description: ARN of the SSL cert stored in ACM to be used for app.geo.ca
     Type: String    
+  SearchSslCertArn:
+    Description: ARN of the SSL cert stored in ACM to be used for search-recherche.geocore.api.geo.ca
+    Type: String    
   GithubUsername: 
     Description: Github Username for accessing Canadian Geospatial Platform
     Type: String
   GithubKey: 
     Description: Github Key for accessing Canadian Geospatial Platform 
     Type: String  
 
+Conditions: 
+  IsProd: !Equals [prod, !Ref Environment]
+  IsStage: !Equals [stage, !Ref Environment]
+  IsDev: !Equals [dev, !Ref Environment]
 
 Resources:
 
@@ -145,13 +172,46 @@ Resources:
       Type: String
       Value: !Ref Environment
 
+  DynamoDBCreationParam:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Description: True or false to recreate all dynamodb tables
+      Name: /webpresence/dynamodb_creation
+      Type: String
+      Value: !Ref DynamoDBCreationBool
+
   GeocoreHarvestSslCertArnParam:
     Type: AWS::SSM::Parameter
     Properties:
       Description: ARN of the SSL cert stored in ACM to be used for Geocore HNAP JSON harvester
       Name: /webpresence/geocore-hnap-harvest/ssl-cert-arn
       Type: String
       Value: !Ref GeocoreHarvestSslCertArn
+
+  GeocorePygeoapiSslCertArnParam:
+    Condition: IsDev
+    Type: AWS::SSM::Parameter
+    Properties:
+      Description: ARN of the SSL cert stored in ACM to be used for Geocore pygeoapi
+      Name: /webpresence/geocore-pygeoapi/ssl-cert-arn
+      Type: String
+      Value: !Ref GeocorePygeoapiSslCertArn
+
+  GeolocatorSslCertArnParam:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Description: ARN of the SSL cert stored in ACM to be used for Geolocator
+      Name: /webpresence/geolocator/ssl-cert-arn
+      Type: String
+      Value: !Ref GeolocatorSslCertArn
+
+  TiTilerSslCertArnParam:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Description: ARN of the SSL cert stored in ACM to be used for TiTiler
+      Name: /webpresence/titiler/ssl-cert-arn
+      Type: String
+      Value: !Ref TiTilerSslCertArn
 
   GeocoreSslCertArnParam:
     Type: AWS::SSM::Parameter
@@ -185,6 +245,14 @@ Resources:
       Type: String
       Value: !Ref AppGeoCaSslCertArn
 
+  SearchSslCertArnParam:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Description: ARN of the SSL cert stored in ACM to be used for search-recherche.geocore.api.geo.ca 
+      Name: /webpresence/search-geocore-api-geo-ca/ssl-cert-arn
+      Type: String
+      Value: !Ref SearchSslCertArn
+
   GithubUsernameParam:
     Type: AWS::SecretsManager::Secret
     Properties:

docs/cloudformation/geo-ca-stack.yml

@@ -71,6 +71,18 @@ Resources:
             Action: s3:GetObject
             Resource: !Sub 'arn:aws:s3:::webpresence-geo-ca-${Environment}/*'
 
+  GeoCaResponseHeadersPolicy:
+    Type: AWS::CloudFront::ResponseHeadersPolicy
+    Properties:
+      ResponseHeadersPolicyConfig:
+        Name: geoca-response-headers-policy
+        Comment: Add custom response header to set cache-control
+        CustomHeadersConfig:
+          Items:
+            - Header: cache-control
+              Value: public, max-age=31536000
+              Override: true
+
   AppPipelineRole:
     Type: AWS::IAM::Role
     Properties:
@@ -102,7 +114,7 @@ Resources:
                 Resource:
                   - Fn::Sub: arn:aws:lambda:*
 
-  
+
   LambdaExecutionRole:
     Type: AWS::IAM::Role
     Properties:
@@ -273,12 +285,17 @@ Resources:
               OriginAccessIdentity: !Join ['', ['origin-access-identity/cloudfront/', !Ref GeoCaOai]]
         Enabled: 'true'
         DefaultCacheBehavior:
+          Compress: true
           ViewerProtocolPolicy: redirect-to-https
           TargetOriginId: !Ref GeoCaStoreBucket
           CachePolicyId: 658327ea-f89d-4fab-a63d-7e88639e58f6 # https://docs.amazonaws.cn/en_us/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html
+          ResponseHeadersPolicyId: !Ref GeoCaResponseHeadersPolicy
           LambdaFunctionAssociations:
             - EventType: origin-response
               LambdaFunctionARN: !Ref SecHeadersLambdaEdgeArn
+          FunctionAssociations:
+            - EventType: viewer-request
+              FunctionARN: !GetAtt CloudfrontRootHandler.FunctionMetadata.FunctionARN
         DefaultRootObject: index.html
         HttpVersion: http2
         WebACLId: !Ref WebAclArn
@@ -305,3 +322,45 @@ Resources:
             ErrorCode: 404
             ResponsePagePath: /404.html
             ResponseCode: 404
+
+  CloudfrontRootHandler:
+    Type: AWS::CloudFront::Function
+    Properties: 
+      AutoPublish: true
+      FunctionCode: >
+        function handler(event) {
+          var request = event.request;
+          var uri = request.uri;
+
+          // Check whether the URI is missing a file name.
+          if (uri.endsWith('/')) {
+              request.uri += 'index.html';
+          }
+          // Check whether the URI is missing a file extension.
+          else if (!uri.includes('.')) {
+              request.uri += '/index.html';
+          }
+          // Redirects requests to the www. url to the non www. url.
+          if (request.headers && request.headers.host && request.headers.host.value.includes('www.')) {
+            var newurl = request.headers.host.value.replace('www.', '')
+            var qs = ''
+            Object.keys(request.querystring).forEach((e) => {
+              if (qs === '') {
+                qs += '?';
+              } else { qs += '&' };
+              qs += e + '=' + request.querystring[e].value;
+            })
+            var response = {
+              statusCode: 301,
+              statusDescription: 'Moved Permanently',
+              headers:
+                { "location": { "value": 'https://' + newurl + request.uri + qs } }
+            }
+            return response;
+          }
+          return request;
+        }   
+      FunctionConfig: 
+        Comment: A function run on every request to geo.ca
+        Runtime: cloudfront-js-1.0
+      Name: root-handler