developmentseed / eoapi-cdk

AWS CDK constructs for deploying eoAPI
https://developmentseed.org/eoapi-cdk
11 stars 4 forks source link
cdk eoapi iac

eoAPI CDK Constructs

eoapi-cdk is a package of AWS CDK constructs designed to encapsulate eoAPI services and best practices as simple reusable components.

For more background on the included services see The Earth Observation API

Included constructs

Detailed API docs for the constructs can be found here.

pgSTAC Database

An RDS instance with pgSTAC installed and the Postgres parameters optimized for the selected instance type.

STAC API

A STAC API implementation using stac-fastapi with a pgSTAC backend. Packaged as a complete runtime for deployment with API Gateway and Lambda.

pgSTAC Titiler API

A complete dynamic tiling API using titiler-pgstac to create dynamic mosaics of assets based on STAC Search queries. Packaged as a complete runtime for deployment with API Gateway and Lambda and fully integrated with the pgSTAC Database construct.

STAC browser

A CDK construct to host a static Radiant Earth STAC browser on S3.

OGC Features/Tiles API

A complete OGC Features/Tiles API using tipg. Packaged as a complete runtime for deployment with API Gateway and Lambda. By default the API will be connected to the Database's public schema.

STAC Ingestor

An API for large scale STAC data ingestion and validation into a pgSTAC instance.

ingestor

Authentication for the STAC Ingestor API can be configured with JWTs authenticated by JWKS. To learn more about securing FastAPI applications with this approach see Securing FastAPI with JWKS (AWS Cognito, Auth0).

A sample Cognito-based authentication system is available at aws-asdi-auth.

Bastion Host

A bastion host is a secure gateway that provides access to resources in a private subnet. In this case it provides the ability to make administrative connections to eoAPI's pgSTAC instance.

Alt text

For more background on bastion hosts in AWS see this article.

And for configuration instructions for this construct see the docs.

Published Packages

Release

Versioning is automatically handled via Conventional Commits and Semantic Release.

Warning: If you rebase main, you must ensure that the commits referenced by tags point to commits that are within the main branch. If a commit references a commit that is no longer on the main branch, Semantic Release will fail to detect the correct version of the project. More information.

Tests

Each pull request to main is added to a merge queue so that a "deployment test" workflow can run before the merge actually happens. If the deployment fails, the merge is cancelled. Here is the definition of this workflow and the tests definition.