|
| 1 | +import type { App } from 'aws-cdk-lib'; |
| 2 | +import { Duration } from 'aws-cdk-lib'; |
| 3 | +import { Policy, PolicyStatement } from 'aws-cdk-lib/aws-iam'; |
| 4 | +import { Architecture, CfnEventSourceMapping, Runtime } from 'aws-cdk-lib/aws-lambda'; |
| 5 | +import { ApiGatewayToSqs } from './cdk/ApiGatewayToSqs'; |
| 6 | +import { SrSqsLambda } from './cdk/SrSqsLambda'; |
| 7 | +import type { SrStageNames } from './cdk/SrStack'; |
| 8 | +import { SrStack } from './cdk/SrStack'; |
| 9 | + |
| 10 | +export class ZuoraAutoCancel extends SrStack { |
| 11 | + constructor(scope: App, stage: SrStageNames) { |
| 12 | + super(scope, { app: 'zuora-auto-cancel', stack: 'membership', stage }); |
| 13 | + |
| 14 | + const errorImpact = |
| 15 | + 'Zuora auto-cancellations are not being processed. Subscriptions with failed payments may not be cancelled.'; |
| 16 | + |
| 17 | + // SQS-triggered Lambda using SrCDK with Java overrides |
| 18 | + const lambda = new SrSqsLambda(this, 'Lambda', { |
| 19 | + monitoring: { errorImpact }, |
| 20 | + maxReceiveCount: 3, |
| 21 | + visibilityTimeout: Duration.minutes(6), // Must be > Lambda timeout |
| 22 | + lambdaOverrides: { |
| 23 | + description: |
| 24 | + 'Processes auto-cancellation requests from SQS queue (rate-limited)', |
| 25 | + fileName: 'zuora-callout-apis.jar', |
| 26 | + handler: 'com.gu.autoCancel.AutoCancelSqsHandler::handleRequest', |
| 27 | + runtime: Runtime.JAVA_21, |
| 28 | + architecture: Architecture.ARM_64, |
| 29 | + memorySize: 1536, |
| 30 | + timeout: Duration.minutes(5), |
| 31 | + environment: { |
| 32 | + Stage: this.stage, |
| 33 | + }, |
| 34 | + }, |
| 35 | + }); |
| 36 | + |
| 37 | + // Add maxConcurrency to the event source mapping to limit concurrent Zuora API calls |
| 38 | + // SrSqsLambda creates an event source with batchSize: 1, we need to add ScalingConfig |
| 39 | + lambda.node.findAll().forEach((child) => { |
| 40 | + const cfnResource = child.node.defaultChild; |
| 41 | + if (cfnResource instanceof CfnEventSourceMapping) { |
| 42 | + cfnResource.scalingConfig = { maximumConcurrency: 5 }; |
| 43 | + } |
| 44 | + }); |
| 45 | + |
| 46 | + // IAM Policies |
| 47 | + lambda.addPolicies( |
| 48 | + new Policy(this, 'ReadPrivateCredentials', { |
| 49 | + statements: [ |
| 50 | + new PolicyStatement({ |
| 51 | + actions: ['s3:GetObject'], |
| 52 | + resources: [ |
| 53 | + `arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/${this.stage}/zuoraRest-${this.stage}.*.json`, |
| 54 | + `arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/${this.stage}/trustedApi-${this.stage}.*.json`, |
| 55 | + `arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/${this.stage}/exactTarget-${this.stage}.*.json`, |
| 56 | + `arn:aws:s3:::gu-reader-revenue-private/membership/support-service-lambdas/${this.stage}/stripe-${this.stage}.*.json`, |
| 57 | + ], |
| 58 | + }), |
| 59 | + ], |
| 60 | + }), |
| 61 | + new Policy(this, 'SQSSendToEmailQueue', { |
| 62 | + statements: [ |
| 63 | + new PolicyStatement({ |
| 64 | + actions: ['sqs:SendMessage', 'sqs:GetQueueUrl'], |
| 65 | + resources: [ |
| 66 | + `arn:aws:sqs:${this.region}:${this.account}:comms-${this.stage}-EmailQueue`, |
| 67 | + ], |
| 68 | + }), |
| 69 | + ], |
| 70 | + }), |
| 71 | + ); |
| 72 | + |
| 73 | + // API Gateway -> SQS integration (replaces the AutoCancelQueueWriter lambda) |
| 74 | + new ApiGatewayToSqs(this, 'ApiGatewayToSqs', { |
| 75 | + queue: lambda.inputQueue, |
| 76 | + monitoring: { errorImpact }, |
| 77 | + }); |
| 78 | + } |
| 79 | +} |
0 commit comments