update cdk code

.dockerignore

@@ -2,3 +2,5 @@
 cdk.out
 .history
 .tox
+.git
+.vscode

Dockerfiles/lambda.package

@@ -20,7 +20,4 @@ RUN find /var/task -type d -a -name 'tests' -print0 | xargs -0 rm -rf
 RUN rm -rdf /var/task/numpy/doc/
 RUN rm -rdf /var/task/stack
 
-RUN cd /var/task && zip -r9q /tmp/package.zip *
-
-COPY lambda/handler.py handler.py
-RUN zip -r9q /tmp/package.zip handler.py
+COPY lambda/handler.py /var/task/handler.py

setup.py

@@ -29,8 +29,6 @@
     "server": ["uvicorn"],
     "lambda": ["mangum>=0.10.0"],
     "deploy": [
-        "docker",
-        "python-dotenv",
         "aws-cdk.core==1.76.0",
         "aws-cdk.aws_lambda==1.76.0",
         "aws-cdk.aws_apigatewayv2==1.76.0",

stack/app.py

@@ -1,9 +1,9 @@
 """Construct App."""
 
 import os
+from copy import deepcopy
 from typing import Any, List, Optional, Union
 
-import docker
 from aws_cdk import aws_apigatewayv2 as apigw
 from aws_cdk import aws_apigatewayv2_integrations as apigw_integrations
 from aws_cdk import aws_ec2 as ec2
@@ -49,7 +49,6 @@ def __init__(
         runtime: aws_lambda.Runtime = aws_lambda.Runtime.PYTHON_3_8,
         concurrent: Optional[int] = None,
         permissions: Optional[List[iam.PolicyStatement]] = None,
-        layer_arn: Optional[str] = None,
         env: dict = {},
         code_dir: str = "./",
         **kwargs: Any,
@@ -59,31 +58,29 @@ def __init__(
 
         permissions = permissions or []
 
-        lambda_env = DEFAULT_ENV.copy()
-        lambda_env.update(env)
-
         lambda_function = aws_lambda.Function(
             self,
             f"{id}-lambda",
             runtime=runtime,
-            code=self.create_package(code_dir),
+            code=aws_lambda.Code.from_asset(
+                path=os.path.abspath(code_dir),
+                bundling=core.BundlingOptions(
+                    image=core.BundlingDockerImage.from_asset(
+                        os.path.abspath(code_dir), file="Dockerfiles/lambda.package",
+                    ),
+                    command=["bash", "-c", "cp -R /var/task/. /asset-output/."],
+                ),
+            ),
             handler="handler.handler",
             memory_size=memory,
             reserved_concurrent_executions=concurrent,
             timeout=core.Duration.seconds(timeout),
-            environment=lambda_env,
+            environment={**DEFAULT_ENV, **env},
         )
 
         for perm in permissions:
             lambda_function.add_to_role_policy(perm)
 
-        if layer_arn:
-            lambda_function.add_layers(
-                aws_lambda.LayerVersion.from_layer_version_arn(
-                    self, layer_arn.split(":")[-2], layer_arn
-                )
-            )
-
         api = apigw.HttpApi(
             self,
             f"{id}-endpoint",
@@ -93,30 +90,6 @@ def __init__(
         )
         core.CfnOutput(self, "Endpoint", value=api.url)
 
-    def create_package(self, code_dir: str) -> aws_lambda.Code:
-        """Build docker image and create package."""
-        print("Creating lambda package [running in Docker]...")
-        client = docker.from_env()
-
-        print("Building docker image...")
-        client.images.build(
-            path=code_dir,
-            dockerfile="Dockerfiles/lambda.package",
-            tag="titiler-lambda:latest",
-            rm=True,
-        )
-
-        print("Copying package.zip ...")
-        client.containers.run(
-            image="titiler-lambda:latest",
-            command="/bin/sh -c 'cp /tmp/package.zip /local/package.zip'",
-            remove=True,
-            volumes={os.path.abspath(code_dir): {"bind": "/local/", "mode": "rw"}},
-            user=0,
-        )
-
-        return aws_lambda.Code.asset(os.path.join(code_dir, "package.zip"))
-
 
 class titilerECSStack(core.Stack):
     """Titiler ECS Fargate Stack."""
@@ -143,7 +116,7 @@ def __init__(
 
         cluster = ecs.Cluster(self, f"{id}-cluster", vpc=vpc)
 
-        task_env = DEFAULT_ENV.copy()
+        task_env = deepcopy(DEFAULT_ENV)
         task_env.update(
             dict(MODULE_NAME="titiler.main", VARIABLE_NAME="app", LOG_LEVEL="error",)
         )
@@ -167,11 +140,9 @@ def __init__(
             desired_count=mincount,
             public_load_balancer=True,
             listener_port=80,
-            task_image_options=dict(
+            task_image_options=ecs_patterns.ApplicationLoadBalancedTaskImageOptions(
                 image=ecs.ContainerImage.from_asset(
-                    code_dir,
-                    exclude=["cdk.out", ".git"],
-                    file="Dockerfiles/ecs/Dockerfile",
+                    os.path.abspath(code_dir), file="Dockerfiles/Dockerfile",
                 ),
                 container_port=80,
                 environment=task_env,
@@ -219,7 +190,23 @@ def __init__(
         )
     )
 
-# # If you use dynamodb mosaic backend you should add IAM roles to read/put Item and maybe create Table
+################################################################################
+# MOSAIC - By default TiTiler has endpoints for write/read mosaics,
+# If you are planning to use thoses your need to add policies for your mosaic backend.
+#
+# AWS S3 backend
+# perms.append(
+#     iam.PolicyStatement(
+#         actions=[
+#             "s3:PutObject", # Write
+#             "s3:HeadObject",
+#             "s3:GetObject"
+#         ],
+#         resources=["arn:aws:s3:::{YOUR-BUCKET}*"],
+#     )
+# )
+#
+# AWS DynamoDB backend
 # stack = core.Stack()
 # perms.append(
 #     iam.PolicyStatement(

stack/config.py

@@ -16,6 +16,7 @@ class StackSettings(pydantic.BaseSettings):
 
     additional_env: Dict = {}
 
+    # add S3 bucket where TiTiler could do HEAD and GET Requests
     buckets: List = []
 
     #########