fix: optimizing deploymnets

.gitignore

@@ -7,6 +7,7 @@ dist/
 dist-electron/
 release/
 dist-ssr/
+Dockerfile.tmp
 
 # macOS system files
 .DS_Store

lib/index.ts

@@ -14,7 +14,6 @@ export * from "./osml/osml_account";
 export * from "./osml/osml_bucket";
 export * from "./osml/osml_queue";
 export * from "./osml/osml_repository";
-export * from "./osml/osml_ecr_deployment";
 export * from "./osml/model_endpoint/me_test_endpoints";
 export * from "./osml/model_endpoint/me_sm_endpoint";
 export * from "./osml/model_endpoint/me_http_endpoint";
@@ -30,5 +29,3 @@ export * from "./osml/data_catalog/dc_dataplane";
 export * from "./osml/data_catalog/roles/dc_lambda_role";
 export * from "./osml/tile_server/ts_dataplane";
 export * from "./osml/tile_server/roles/ts_task_role";
-export * from "./osml/tile_server/testing/ts_test_runner_container";
-export * from "./osml/tile_server/testing/ts_test_runner";

lib/osml/authorizer/authorizor_function.ts

@@ -1,10 +1,13 @@
 /*
  * Copyright 2024 Amazon.com, Inc. or its affiliates.
  */
+import { SecurityGroup } from "aws-cdk-lib/aws-ec2";
+import { IRole } from "aws-cdk-lib/aws-iam";
 import { Code, Function, Runtime } from "aws-cdk-lib/aws-lambda";
 import { Construct } from "constructs";
 
 import { OSMLAuth } from "../osml_auth";
+import { OSMLVpc } from "../osml_vpc";
 
 /**
  * Represents the properties required to configure the OSMLAuthorizer Construct.
@@ -24,15 +27,42 @@ export interface OSMLAuthorizerProps {
    * @type {string}
    */
   name: string;
+
+  /**
+   * The OSML VPC (Virtual Private Cloud) configuration for the Dataplane.
+   * @type {OSMLVpc}
+   */
+  osmlVpc: OSMLVpc;
+
+  /**
+   * The optional security group ID to use for this resource.
+   * @type {string}
+   */
+  securityGroup?: string;
+
+  /**
+   * The optional IAM role for the Lambda function.
+   */
+  lambdaRole?: IRole;
 }
 
 /**
  * Represents the construct that creates Authorizer Lambda function
  */
 export class OSMLAuthorizer extends Construct {
+  /**
+   * The Lambda function used as the Authorizer.
+   * @type {Function}
+   */
   // eslint-disable-next-line @typescript-eslint/ban-types
   public authorizerFunction: Function;
 
+  /**
+   * The ID of the security group associated with the Authorizer function.
+   * @type {string}
+   */
+  public securityGroupId: string;
+
   /**
    * Creates an instance of OSMLAuthorizer Lambda Function
    * @param {Construct} scope - The scope/stack in which to define this construct.
@@ -42,11 +72,23 @@ export class OSMLAuthorizer extends Construct {
   constructor(scope: Construct, id: string, props: OSMLAuthorizerProps) {
     super(scope, id);
 
+    this.securityGroupId =
+      props.securityGroup ?? props.osmlVpc.vpcDefaultSecurityGroup;
     this.authorizerFunction = new Function(this, `AuthorizerFunction${id}`, {
       functionName: `${props.name}-AuthorizerFunction`,
       runtime: Runtime.PYTHON_3_11,
+      vpc: props.osmlVpc.vpc,
+      securityGroups: [
+        SecurityGroup.fromSecurityGroupId(
+          this,
+          "AuthorizorImportSecurityGroup",
+          this.securityGroupId
+        )
+      ],
+      vpcSubnets: props.osmlVpc.selectedSubnets,
+      role: props.lambdaRole,
       code: Code.fromAsset(
-        "lib/osml-cdk-constructs/lib/osml/osml_authorizer/lambda",
+        "lib/osml-cdk-constructs/lib/osml/authorizer/lambda",
         {
           bundling: {
             image: Runtime.PYTHON_3_11.bundlingImage,

lib/osml/data_catalog/dc_dataplane.ts

@@ -174,7 +174,7 @@ export class DCDataplaneConfig extends BaseConfig {
   public STAC_CONTAINER_BUILD_TARGET: string;
 
   /**
-   * The relative Dockerfile to use to build the STAC API Lambda container.
+   * The relative Dockerfile.stac to use to build the STAC API Lambda container.
    * @default "docker/Dockerfile.stac"
    */
   public STAC_CONTAINER_DOCKERFILE: string;
@@ -185,6 +185,12 @@ export class DCDataplaneConfig extends BaseConfig {
    */
   public STAC_CONTAINER_REPOSITORY: string;
 
+  /**
+   * Whether to build container resources from source.
+   * @default "false"
+   */
+  public BUILD_FROM_SOURCE: boolean;
+
   /**
    * Creates an instance of DCDataplaneConfig.
    * @param config - The configuration object for DCDataplane.
@@ -213,12 +219,11 @@ export class DCDataplaneConfig extends BaseConfig {
       CONTAINER_BUILD_PATH: "lib/osml-data-intake/",
       INGEST_CONTAINER_URI: "awsosml/osml-data-intake-ingest:latest",
       INGEST_CONTAINER_BUILD_TARGET: "ingest",
-      INGEST_CONTAINER_REPOSITORY: "data-intake-ingest",
       INGEST_CONTAINER_DOCKERFILE: "docker/Dockerfile.ingest",
       STAC_CONTAINER_URI: "awsosml/osml-data-intake-stac:latest",
       STAC_CONTAINER_BUILD_TARGET: "stac",
-      STAC_CONTAINER_REPOSITORY: "data-intake-stac",
       STAC_CONTAINER_DOCKERFILE: "docker/Dockerfile.stac",
+      BUILD_FROM_SOURCE: false,
       ...config
     });
   }
@@ -263,11 +268,6 @@ export interface DCDataplaneProps {
    */
   auth?: OSMLAuth;
 
-  /**
-   * Optional flag to instruct building data intake container from source.
-   */
-  buildFromSource?: boolean;
-
   /**
    * Custom configuration for the DCDataplane Construct (optional).
    * @type {DCDataplaneConfig | undefined}
@@ -354,27 +354,25 @@ export class DCDataplane extends Construct {
     // Build the ingest Lambda container
     this.ingestContainer = new OSMLContainer(this, "DCIngestContainer", {
       account: props.account,
-      buildFromSource: props.buildFromSource,
-      osmlVpc: props.osmlVpc,
+      buildDockerImageCode: true,
+      buildFromSource: this.config.BUILD_FROM_SOURCE,
       config: {
         CONTAINER_URI: this.config.INGEST_CONTAINER_URI,
         CONTAINER_BUILD_PATH: this.config.CONTAINER_BUILD_PATH,
         CONTAINER_BUILD_TARGET: this.config.INGEST_CONTAINER_BUILD_TARGET,
-        CONTAINER_REPOSITORY: this.config.INGEST_CONTAINER_REPOSITORY,
         CONTAINER_DOCKERFILE: this.config.INGEST_CONTAINER_DOCKERFILE
       }
     });
 
     // Build the STAC API Lambda container
     this.stacContainer = new OSMLContainer(this, "DCSTACContainer", {
       account: props.account,
-      buildFromSource: props.buildFromSource,
-      osmlVpc: props.osmlVpc,
+      buildDockerImageCode: true,
+      buildFromSource: this.config.BUILD_FROM_SOURCE,
       config: {
         CONTAINER_URI: this.config.STAC_CONTAINER_URI,
         CONTAINER_BUILD_PATH: this.config.CONTAINER_BUILD_PATH,
         CONTAINER_BUILD_TARGET: this.config.STAC_CONTAINER_BUILD_TARGET,
-        CONTAINER_REPOSITORY: this.config.STAC_CONTAINER_REPOSITORY,
         CONTAINER_DOCKERFILE: this.config.STAC_CONTAINER_DOCKERFILE
       }
     });
@@ -448,7 +446,9 @@ export class DCDataplane extends Construct {
         name: this.config.SERVICE_NAME_ABBREVIATION,
         apiStageName: this.config.STAC_FASTAPI_ROOT_PATH,
         integration: new LambdaIntegration(this.stacFunction),
-        auth: props.auth
+        auth: props.auth,
+        osmlVpc: props.osmlVpc,
+        lambdaRole: this.lambdaRole
       });
     }
 

lib/osml/data_intake/di_dataplane.ts

@@ -95,10 +95,10 @@ export class DIDataplaneConfig extends BaseConfig {
   public CONTAINER_DOCKERFILE: string;
 
   /**
-   * The repository name for the TileServer.
-   * @default "data-intake"
+   * Whether to build container resources from source.
+   * @default "false"
    */
-  public CONTAINER_REPOSITORY: string;
+  public BUILD_FROM_SOURCE: boolean;
 
   /**
    * Constructor for DIDataplane Construct.
@@ -120,7 +120,7 @@ export class DIDataplaneConfig extends BaseConfig {
       CONTAINER_BUILD_PATH: "lib/osml-data-intake",
       CONTAINER_BUILD_TARGET: "intake",
       CONTAINER_DOCKERFILE: "docker/Dockerfile.intake",
-      CONTAINER_REPOSITORY: "data-intake",
+      BUILD_FROM_SOURCE: false,
       ...config
     });
   }
@@ -166,11 +166,6 @@ export interface DIDataplaneProps {
    */
   stacTopic?: ITopic;
 
-  /**
-   * Optional flag to instruct building data intake container from source.
-   */
-  buildFromSource?: boolean;
-
   /**
    * Custom configuration for the DIDataplane Construct (optional).
    * @type {DIDataplaneConfig | undefined}
@@ -257,13 +252,12 @@ export class DIDataplane extends Construct {
     // Build the lambda container image
     this.diContainer = new OSMLContainer(this, "DIContainer", {
       account: props.account,
-      buildFromSource: props.buildFromSource,
-      osmlVpc: props.osmlVpc,
+      buildDockerImageCode: true,
+      buildFromSource: this.config.BUILD_FROM_SOURCE,
       config: {
         CONTAINER_URI: this.config.CONTAINER_SOURCE_URI,
         CONTAINER_BUILD_PATH: this.config.CONTAINER_BUILD_PATH,
         CONTAINER_BUILD_TARGET: this.config.CONTAINER_BUILD_TARGET,
-        CONTAINER_REPOSITORY: this.config.CONTAINER_REPOSITORY,
         CONTAINER_DOCKERFILE: this.config.CONTAINER_DOCKERFILE
       }
     });

lib/osml/model_endpoint/me_sm_endpoint.ts

@@ -38,16 +38,15 @@ export class MESMEndpointConfig extends BaseConfig {
    */
   public SECURITY_GROUP_ID: string;
 
-  /**
-   * The access mode for the model repository (e.g., "ReadWrite" or "ReadOnly").
-   */
-  public REPOSITORY_ACCESS_MODE: string;
-
   /**
    * A JSON object which includes ENV variables to be put into the model container.
    */
   public CONTAINER_ENV: Record<string, unknown>;
 
+  /**
+   * The repository access mode to use for the SageMaker endpoint container.
+   */
+  public REPOSITORY_ACCESS_MODE: string;
   /**
    * Creates an instance of MESMEndpointConfig.
    * @param config - The configuration object for MESMEndpoint.
@@ -82,7 +81,7 @@ export interface MESMEndpointProps {
    *
    * @type {string}
    */
-  ecrContainerUri: string;
+  containerImageUri: string;
 
   /**
    * The name of the machine learning model.
@@ -156,7 +155,7 @@ export class MESMEndpoint extends Construct {
       executionRoleArn: props.roleArn,
       containers: [
         {
-          image: props.ecrContainerUri,
+          image: props.containerImageUri,
           environment: this.config.CONTAINER_ENV,
           imageConfig: {
             repositoryAccessMode: this.config.REPOSITORY_ACCESS_MODE