Merge pull request #1273 from aligent/feature/DO-1394_use_SecretsMana…

…ger_for_integrated_API_key

Feature/do 1394 use secrets manager for integrated api key

packages/prerender-fargate/README.md

@@ -1,17 +1,21 @@
 # PrerenderFargate Construct
 
-The PrerenderFargate construct sets up an AWS Fargate service to run a [Prerender] service in an ECS Fargate cluster.  
+The PrerenderFargate construct sets up an AWS Fargate service to run a [Prerender] service in an ECS Fargate cluster.
 
 The Prerender server listens for an HTTP request, takes the URL, and loads it in Headless Chrome, waits for the page to finish loading, and then returns your content to the requesting client.
 
 ## AWS Resources Created/Configured by this Construct
 
-- **S3 Bucket:** For storing prerendered web pages.
-- **Fargate Service:** For running the Prerender service.
+- **S3 Bucket:** For storing pre-rendered web pages.
+- **ECS Fargate Service:** For running the Prerender service.
 - **ECR Asset:** For managing the Docker image of the Prerender service.
 - **VPC & VPC Endpoints:** For network configuration and enabling direct access to S3.
 - **Recache API:** (optional) To trigger recaching of URLs.
 
+## AWS Resource that needs to be pre-configured
+
+- **SecretsManager Secret:** For Prerender and Recaching service authentication.
+
 ## Usage and PrerenderFargateOptions
 
 To use the PrerenderFargate construct, you can instantiate it with suitable PrerenderFargateOptions and place it within a CDK stack. The PrerenderOptions parameter allows the developer to customize various aspects of the Prerender service.
@@ -22,67 +26,77 @@ To use the PrerenderFargate construct, you can instantiate it with suitable Prer
 
 ### `domainName` (string)
 
-- The domain name to prerender.
+- The domain name to Prerender service.
+
+### `tokenSecret` (strings)
+
+- A pre-configured AWS SecretsManager Secret name with the value being in the format of `Map<String: String[]>`, for example, `{"token1": "https://www.example1.com,https://www.mydomain1.com", "token2":"https://www.example2.com,https://www.mydomain2.com"}`. This map is referenced for Prerender and Recaching service authentication.
+
+![Example Secret](./tokenSecret.png "Example Secret")
 
 ### `vpcId` (string, optional)
 
-- The ID of the VPC to deploy the Fargate service in.
+- The ID of the VPC to deploy the Fargate service in. Default: environment-default VPC.
 
 ### `bucketName` (string, optional)
 
-- The name of the S3 bucket to store prerendered pages in.
+- The name of the S3 bucket to store pre-rendered cache pages in. Default: randomly generated bucket name.
 
 ### `expirationDays` (number, optional)
 
-- The number of days to keep prerendered pages in the S3 bucket before expiring them.
-
-### `tokenList` (Array of strings, deprecated)
-
-- A list of tokens to use for authentication with the Prerender service. (This parameter is deprecated and will be removed in a future release. Please use the `tokenUrlAssociation` parameter instead. If `tokenUrlAssociation` is provided, `tokenList` will be ignored.)
+- The number of days to keep pre-rendered cache pages in the S3 bucket before expiring them. Default: 7 days.
 
 ### `certificateArn` (string)
 
-- The ARN of the SSL certificate to use for HTTPS connections.
+- The ARN of the SSL certificate to use for HTTPS connections to the Prerender service.
 
 ### `desiredInstanceCount` (number, optional)
 
-- The desired number of Fargate instances to run.
+- The desired number of Fargate instances to run. Default: 1
 
 ### `maxInstanceCount` (number, optional)
 
-- The maximum number of Fargate instances to run.
+- The maximum number of Fargate instances to run. Default: 2
 
 ### `minInstanceCount` (number, optional)
 
-- The minimum number of Fargate instances to run.
+- The minimum number of Fargate instances to run. Default: 1
 
 ### `instanceCPU` (number, optional)
 
-- The amount of CPU to allocate to each Fargate instance.
+- The amount of CPU to allocate to each Fargate instance, with 1024 being 1 vCPU. Default: 512, i.e. 0.5 vCPU
 
 ### `instanceMemory` (number, optional)
 
-- The amount of memory to allocate to each Fargate instance.
+- The amount of memory to allocate to each Fargate instance. Default: 1024, i.e. 1GB
 
-### `enableRedirectCache` (string, optional)
+### `enableRedirectCache` (boolean, optional)
 
-- Whether to enable caching of HTTP redirects.
+- Whether to enable caching of HTTP redirects. Default: false
 
 ### `enableS3Endpoint` (boolean, optional)
 
-- Whether to enable the [VPC endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html) for S3.
-
-### `tokenUrlAssociation` (PrerenderTokenUrlAssociationOptions, optional)
-
-- Configuration for associating tokens with specific domain URLs. During the recaching process, these tokens will be used to validate the request.
+- Whether to enable the [VPC endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html) for S3. Default: false
 
 ### `prerenderFargateScalingOptions` (PrerenderFargateScalingOptions, optional)
 
-- This allows to alter the scaling behavior. The default configuration should be sufficient for most of the cases.
+- This allows to alter the scaling behaviour. The default configuration should be sufficient for most of the cases.
 
 ### `prerenderFargateRecachingOptions` (PrerenderFargateRecachingOptions, optional)
 
-- This allows to alter the re-caching behavior. The default configuration should be sufficient.
+- This allows to alter the re-caching behaviour. The default configuration should be sufficient.
+
+### `enableRecache` (boolean, optional)
+
+- Create Recache API service. Default: true
+
+### `tokenList` (Array of strings, deprecated)
+
+- A list of tokens to use for authentication with the Prerender service. (This parameter is deprecated and removed as of 2.3.0. Please use the `tokenSecret` parameter instead.)
+
+### `tokenUrlAssociation` (PrerenderTokenUrlAssociationOptions, deprecated)
+
+- Configuration for associating tokens with specific domain URLs. During the recaching process, these tokens will be used to validate the request. (This parameter is deprecated and removed as of 2.3.0. Please use the `tokenSecret` parameter instead.)
 
 ## Example
 
@@ -91,32 +105,31 @@ Here's an example of how to use the PrerenderFargate construct in a TypeScript C
 ```typescript
 import { Stack, StackProps } from "aws-cdk-lib";
 import { Construct } from "constructs";
-import { PrerenderFargate, PrerenderFargateOptions } from "@aligent/cdk-prerender-fargate";
-
+import {
+  PrerenderFargate,
+  PrerenderFargateOptions,
+} from "@aligent/cdk-prerender-fargate";
 
 export class RagPrerenderStackStack extends Stack {
   constructor(scope: Construct, id: string, props: StackProps) {
     super(scope, id, props);
 
     new PrerenderFargate(this, "PrerenderService", {
       prerenderName: "myPrerender",
+      domainName: "prerender.mydomain.com",
+      vpcId: "vpc-xxxxxxxx",
       bucketName: "myPrerenderBucket",
       expirationDays: 7,
-      vpcId: "vpc-xxxxxxxx",
-      desiredInstanceCount: 1,
-      instanceCPU: 512,
-      instanceMemory: 1024,
-      domainName: "prerender.mydomain.com",
       certificateArn:
         "arn:aws:acm:region:account:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
-      enableRedirectCache: "false",
+      tokenSecret: "/prerender/tokens",
+      minInstanceCount: 1,
+      desiredInstanceCount: 1,
       maxInstanceCount: 2,
-      enableS3Endpoint: true,
-      tokenUrlAssociation: {
-        token1: ["https://example.com", "https://acme.example.com"],
-        token2: ["https://example1.com", "https:acme.example1.com"],
-      },
-      ssmPathPrefix: "/prerender/recache/tokens",
+      instanceCPU: 512,
+      instanceMemory: 1024,
+      enableRedirectCache: false,
+      enableS3Endpoint: false,
       prerenderFargateRecachingOptions: {
         maxConcurrentExecutions: 1,
       },
@@ -127,6 +140,7 @@ export class RagPrerenderStackStack extends Stack {
         scaleInCooldown: 120,
         scaleOutCooldown: 60,
       },
+      enableRecache: true,
     });
   }
 }
@@ -136,4 +150,4 @@ export class RagPrerenderStackStack extends Stack {
 
 - [prerender.io](https://prerender.io/) - The Prerender service.
 
-[Prerender]:https://github.com/prerender/prerender
+[Prerender]: https://github.com/prerender/prerender

packages/prerender-fargate/index.ts

@@ -4,12 +4,10 @@ import {
   PrerenderFargateRecachingOptions,
   PrerenderFargateScalingOptions,
 } from "./lib/prerender-fargate-options";
-import { PrerenderTokenUrlAssociationOptions } from "./lib/recaching/prerender-tokens";
 
 export {
   PrerenderFargate,
   PrerenderFargateOptions,
   PrerenderFargateScalingOptions,
   PrerenderFargateRecachingOptions,
-  PrerenderTokenUrlAssociationOptions,
 };

packages/prerender-fargate/lib/prerender-fargate-options.ts

@@ -1,4 +1,3 @@
-import { PrerenderTokenUrlAssociationOptions } from "./recaching/prerender-tokens";
 import * as ec2 from "aws-cdk-lib/aws-ec2";
 
 /**
@@ -29,14 +28,20 @@ export interface PrerenderFargateOptions {
    */
   bucketName?: string;
   /**
-   * The number of days to keep prerendered pages in the S3 bucket before expiring them.
+   * The number of days to keep pre-rendered pages in the S3 bucket before expiring them.
    * @default - 10 days
    */
   expirationDays?: number;
   /**
    * The ARN of the SSL certificate to use for HTTPS connections.
    */
   certificateArn: string;
+  /**
+   * A pre-configured AWS Secrets Manager secret name for Prerender and Recache API authentication.
+   * The format of the secret value is: Map<string, string[]>, e.g.,
+   * {"token1": "https://www.example1.com,https://www.mydomain1.com", "token2":"https://www.example2.com,https://www.mydomain2.com"}
+   */
+  tokenSecret: string;
   /**
    * The minimum number of Fargate instances to run.
    * @default - 1
@@ -66,45 +71,12 @@ export interface PrerenderFargateOptions {
    * Whether to enable caching of HTTP redirects.
    * @default - false
    */
-  enableRedirectCache?: string;
+  enableRedirectCache?: boolean;
   /**
    * Whether to enable the S3 endpoint for the VPC.
    * @default - false
    */
   enableS3Endpoint?: boolean;
-  /**
-   * A pre-configured AWS SSM Parameter Store parameter can be used for Prerender API tokens.
-   * Prerender ECS service checks the [token] value to validate the requests.
-   * Parameter type: StringList
-   * Value: Comma-separated token list
-   */
-  tokenParam?: string;
-  /**
-   * Configuration for associating tokens with specific domain URLs.
-   * During the reacaching process, these tokens will be used to validate the request.
-   * ### Example:
-   * ```typescript
-   * {
-   *    tokenUrlAssociation: {
-   *      token1: [
-   *        "https://example.com",
-   *        "https://acme.example.com"],
-   *      token2: [
-   *        "https://example1.com",
-   *        "https://acme.example1.com"]
-   *    },
-   *    ssmPathPrefix: "/prerender/recache/tokens"
-   * }
-   * ```
-   */
-  tokenUrlAssociation?: PrerenderTokenUrlAssociationOptions;
-  /**
-   * A list of tokens to use for authentication with the Prerender service.
-   * This parameter is deprecated and will be removed in a future release.
-   * Please use the `tokenUrlAssociation` parameter instead.
-   * *If `tokenUrlAssociation` is provided, `tokenList` will be ignored*
-   */
-  tokenList?: Array<string>;
   /**
    * Prerender Fargate Scaling option
    * This allows to alter the scaling behavior. The default configuration should be sufficient
@@ -122,6 +94,12 @@ export interface PrerenderFargateOptions {
    * @default - true
    */
   enableRecache?: boolean;
+  /**
+   * Let Headless Chrome send "x-prerender" header in the request.
+   * Ensure CORS allows the header.
+   * @default - true
+   */
+  enablePrerenderHeader?: boolean;
 }
 
 /**
@@ -179,5 +157,5 @@ export interface PrerenderFargateRecachingOptions {
    * The maximum number of concurrent executions of the Prerender Re-cache API.
    * @default - 1
    */
-  maxConcurrentExecutions: number;
+  maxConcurrentExecutions?: number;
 }