eoapi-cdk

API Reference

Constructs

BastionHost

The database is located in an isolated subnet, meaning that it is not accessible from the public internet.

As such, to interact with the database directly, a user must tunnel through a bastion host.

Configuring

This codebase controls who is allowed to connect to the bastion host. This requires two steps:

  1. Adding the IP address from which you are connecting to the ipv4Allowlist array
  2. Creating a bastion host system user by adding the user’s configuration inform to userdata.yaml

Adding an IP address to the ipv4Allowlist array

The BastionHost construct takes in an ipv4Allowlist array as an argument. Find your IP address (eg curl api.ipify.org) and add that to the array along with the trailing CIDR block (likely /32 to indicate that you are adding a single IP address).

Creating a user via userdata.yaml

Add an entry to the users array with a username (likely matching your local systems username, which you can get by running the whoami command in your terminal) and a public key (likely your default public key, which you can get by running cat ~/.ssh/id_*.pub in your terminal).

Tips & Tricks when using the Bastion Host

Connecting to RDS Instance via SSM

aws ssm start-session --target $INSTANCE_ID \
--document-name AWS-StartPortForwardingSessionToRemoteHost \
--parameters '{
"host": [
"example-db.c5abcdefghij.us-west-2.rds.amazonaws.com"
],
"portNumber": [
"5432"
],
"localPortNumber": [
"9999"
]
}' \
--profile $AWS_PROFILE
psql -h localhost -p 9999 # continue adding username (-U) and db (-d) here...

Connect directly to Bastion Host:

aws ssm start-session --target $INSTANCE_ID --profile $AWS_PROFILE

Setting up an SSH tunnel

In your ~/.ssh/config file, add an entry like:

Host db-tunnel
Hostname {the-bastion-host-address}
LocalForward 9999 {the-db-hostname}:5432

Then a tunnel can be opened via:

ssh -N db-tunnel

And a connection to the DB can be made via:

psql -h 127.0.0.1 -p 9999 -U {username} -d {database}

Handling REMOTE HOST IDENTIFICATION HAS CHANGED! error

If you’ve redeployed a bastion host that you’ve previously connected to, you may see an error like:


#### Initializers <a name="Initializers" id="eoapi-cdk.BastionHost.Initializer"></a>

```typescript
import { BastionHost } from 'eoapi-cdk'

new BastionHost(scope: Construct, id: string, props: BastionHostProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props BastionHostProps No description.

scopeRequired

idRequired

propsRequired

Methods

Name Description
toString Returns a string representation of this construct.

toString
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.

isConstruct
import { BastionHost } from 'eoapi-cdk'

BastionHost.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired

Any object.


Properties

Name Type Description
node constructs.Node The tree node.
instance aws-cdk-lib.aws_ec2.Instance No description.

nodeRequired
public readonly node: Node;

The tree node.


instanceRequired
public readonly instance: Instance;

PgStacApiLambda

Initializers

import { PgStacApiLambda } from 'eoapi-cdk'

new PgStacApiLambda(scope: Construct, id: string, props: PgStacApiLambdaProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props PgStacApiLambdaProps No description.

scopeRequired

idRequired

propsRequired

Methods

Name Description
toString Returns a string representation of this construct.

toString
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.

isConstruct
import { PgStacApiLambda } from 'eoapi-cdk'

PgStacApiLambda.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired

Any object.


Properties

Name Type Description
node constructs.Node The tree node.
url string No description.
stacApiLambdaFunction aws-cdk-lib.aws_lambda.Function No description.

nodeRequired
public readonly node: Node;

The tree node.


urlRequired
public readonly url: string;

stacApiLambdaFunctionRequired
public readonly stacApiLambdaFunction: Function;

PgStacDatabase

An RDS instance with pgSTAC installed.

This is a wrapper around the rds.DatabaseInstance higher-level construct making use of the BootstrapPgStac construct.

Initializers

import { PgStacDatabase } from 'eoapi-cdk'

new PgStacDatabase(scope: Construct, id: string, props: PgStacDatabaseProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props PgStacDatabaseProps No description.

scopeRequired

idRequired

propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
getParameters No description.

toString
public toString(): string

Returns a string representation of this construct.

getParameters
public getParameters(instanceType: string, parameters?: {[ key: string ]: string}): DatabaseParameters
instanceTypeRequired

parametersOptional

Static Functions

Name Description
isConstruct Checks if x is a construct.

isConstruct
import { PgStacDatabase } from 'eoapi-cdk'

PgStacDatabase.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired

Any object.


Properties

Name Type Description
node constructs.Node The tree node.
connectionTarget aws-cdk-lib.aws_ec2.Instance \| aws-cdk-lib.aws_rds.IDatabaseInstance No description.
pgstacVersion string No description.
secretBootstrapper aws-cdk-lib.CustomResource No description.
securityGroup aws-cdk-lib.aws_ec2.SecurityGroup No description.
db aws-cdk-lib.aws_rds.DatabaseInstance No description.
pgstacSecret aws-cdk-lib.aws_secretsmanager.ISecret No description.

nodeRequired
public readonly node: Node;

The tree node.


connectionTargetRequired
public readonly connectionTarget: Instance | IDatabaseInstance;

pgstacVersionRequired
public readonly pgstacVersion: string;

secretBootstrapperOptional
public readonly secretBootstrapper: CustomResource;

securityGroupOptional
public readonly securityGroup: SecurityGroup;

dbRequired
public readonly db: DatabaseInstance;

pgstacSecretRequired
public readonly pgstacSecret: ISecret;

StacBrowser

Initializers

import { StacBrowser } from 'eoapi-cdk'

new StacBrowser(scope: Construct, id: string, props: StacBrowserProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props StacBrowserProps No description.

scopeRequired

idRequired

propsRequired

Methods

Name Description
toString Returns a string representation of this construct.

toString
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.

isConstruct
import { StacBrowser } from 'eoapi-cdk'

StacBrowser.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired

Any object.


Properties

Name Type Description
node constructs.Node The tree node.
bucket aws-cdk-lib.aws_s3.IBucket No description.
bucketDeployment aws-cdk-lib.aws_s3_deployment.BucketDeployment No description.

nodeRequired
public readonly node: Node;

The tree node.


bucketRequired
public readonly bucket: IBucket;

bucketDeploymentRequired
public readonly bucketDeployment: BucketDeployment;

StacIngestor

Initializers

import { StacIngestor } from 'eoapi-cdk'

new StacIngestor(scope: Construct, id: string, props: StacIngestorProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props StacIngestorProps No description.

scopeRequired

idRequired

propsRequired

Methods

Name Description
toString Returns a string representation of this construct.

toString
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.

isConstruct
import { StacIngestor } from 'eoapi-cdk'

StacIngestor.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired

Any object.


Properties

Name Type Description
node constructs.Node The tree node.
handlerRole aws-cdk-lib.aws_iam.Role No description.
table aws-cdk-lib.aws_dynamodb.Table No description.

nodeRequired
public readonly node: Node;

The tree node.


handlerRoleRequired
public readonly handlerRole: Role;

tableRequired
public readonly table: Table;

StacItemLoader

AWS CDK Construct for STAC Item Loading Infrastructure.

The StacItemLoader creates a serverless, event-driven system for loading STAC (SpatioTemporal Asset Catalog) items into a PostgreSQL database with the pgstac extension. This construct supports multiple ingestion pathways for flexible STAC item loading.

Architecture Overview

This construct creates the following AWS resources:

Data Flow

The loader supports two primary data ingestion patterns:

Direct STAC Item Publishing

  1. STAC items (JSON) are published directly to the SNS topic in message bodies
  2. The SQS queue collects messages and batches them (up to {batchSize} items or 1 minute window)
  3. The Lambda function receives batches, validates items, and inserts into pgstac

S3 Event-Driven Loading

  1. An S3 bucket is configured to send notifications to the SNS topic when json files are created
  2. STAC items are uploaded to S3 buckets as JSON/GeoJSON files
  3. S3 event notifications are sent to the SNS topic when items are uploaded
  4. The Lambda function receives S3 events in the SQS message batch, fetches items from S3, and loads into pgstac

Batching Behavior

The SQS-to-Lambda integration uses intelligent batching to optimize performance:

This approach balances throughput (larger batches = fewer database connections) with latency (time-based triggers prevent indefinite waiting).

Error Handling and Dead Letter Queue

Failed messages are sent to the dead letter queue after 5 processing attempts. Important: This construct provides NO automated handling of dead letter queue messages - monitoring, inspection, and reprocessing of failed items is the responsibility of the implementing application.

Consider implementing:

Operational Characteristics

Prerequisites

Before using this construct, ensure:

Usage Example

// Create database first
const database = new PgStacDatabase(this, 'Database', {
  pgstacVersion: '0.9.5'
});

// Create item loader
const loader = new StacItemLoader(this, 'ItemLoader', {
  pgstacDb: database,
  batchSize: 1000,          // Process up to 1000 items per batch
  maxBatchingWindowMinutes: 1, // Wait max 1 minute to fill batch
  lambdaTimeoutSeconds: 300     // Allow up to 300 seconds for database operations
});

// The topic ARN can be used by other services to publish items
new CfnOutput(this, 'LoaderTopicArn', {
  value: loader.topic.topicArn
});

Direct Item Publishing

External services can publish STAC items directly to the topic:

aws sns publish --topic-arn $ITEM_LOAD_TOPIC --message '{
  "type": "Feature",
  "stac_version": "1.0.0",
  "id": "example-item",
  "properties": {"datetime": "2021-01-01T00:00:00Z"},
  "geometry": {"type": "Polygon", "coordinates": [...]},
  "collection": "example-collection"
}'

S3 Event Configuration

To enable S3 event-driven loading, configure S3 bucket notifications to send events to the SNS topic when STAC items (.json or .geojson files) are uploaded:

// Configure S3 bucket to send notifications to the loader topic
bucket.addEventNotification(
  s3.EventType.OBJECT_CREATED,
  new s3n.SnsDestination(loader.topic),
  { suffix: '.json' }
);

bucket.addEventNotification(
  s3.EventType.OBJECT_CREATED,
  new s3n.SnsDestination(loader.topic),
  { suffix: '.geojson' }
);

When STAC items are uploaded to the configured S3 bucket, the loader will:

  1. Receive S3 event notifications via SNS
  2. Fetch the STAC item JSON from S3
  3. Validate and load the item into the pgstac database

Monitoring and Troubleshooting

Dead Letter Queue Management

Applications must implement their own dead letter queue monitoring:

// Example: CloudWatch alarm for dead letter queue depth
new cloudwatch.Alarm(this, 'DeadLetterAlarm', {
  metric: loader.deadLetterQueue.metricApproximateNumberOfVisibleMessages(),
  threshold: 1,
  evaluationPeriods: 1
});

// Example: Lambda to reprocess dead letter messages
const reprocessFunction = new lambda.Function(this, 'Reprocess', {
  // Implementation to fetch and republish failed messages
});

Initializers

import { StacItemLoader } from 'eoapi-cdk'

new StacItemLoader(scope: Construct, id: string, props: StacItemLoaderProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props StacItemLoaderProps No description.

scopeRequired

idRequired

propsRequired

Methods

Name Description
toString Returns a string representation of this construct.

toString
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.

isConstruct
import { StacItemLoader } from 'eoapi-cdk'

StacItemLoader.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired

Any object.


Properties

Name Type Description
node constructs.Node The tree node.
deadLetterQueue aws-cdk-lib.aws_sqs.Queue Dead letter queue for failed item loading attempts.
lambdaFunction aws-cdk-lib.aws_lambda.Function The Lambda function that loads STAC items into the pgstac database.
queue aws-cdk-lib.aws_sqs.Queue The SQS queue that buffers messages before processing.
topic aws-cdk-lib.aws_sns.Topic The SNS topic that receives STAC items and S3 event notifications for loading.

nodeRequired
public readonly node: Node;

The tree node.


deadLetterQueueRequired
public readonly deadLetterQueue: Queue;

Dead letter queue for failed item loading attempts.

Messages that fail processing after 5 attempts are sent here for inspection and potential replay. Retains messages for 14 days to allow for debugging and manual intervention.

User Responsibility: This construct provides NO automated monitoring, alerting, or reprocessing of dead letter queue messages. Applications using this construct must implement their own:


lambdaFunctionRequired
public readonly lambdaFunction: Function;

The Lambda function that loads STAC items into the pgstac database.

This Python function receives batches of messages from SQS and processes them based on their type:

The function connects to PostgreSQL using credentials from Secrets Manager and uses pypgstac for efficient database operations.


queueRequired
public readonly queue: Queue;

The SQS queue that buffers messages before processing.

This queue collects both direct STAC items from SNS and S3 event notifications, batching them for efficient database operations. Configured with a visibility timeout that accommodates Lambda processing time plus buffer.


topicRequired
public readonly topic: Topic;

The SNS topic that receives STAC items and S3 event notifications for loading.

This topic serves as the entry point for two types of events:

  1. Direct STAC item JSON documents published by external services
  2. S3 event notifications when STAC items are uploaded to configured buckets

The topic fans out to the SQS queue for batched processing.


StactoolsItemGenerator

AWS CDK Construct for STAC Item Generation Infrastructure.

The StactoolsItemGenerator creates a serverless, event-driven system for generating STAC (SpatioTemporal Asset Catalog) items from source data. This construct implements the first phase of a two-stage ingestion pipeline that transforms raw geospatial data into standardized STAC metadata.

Architecture Overview

This construct creates the following AWS resources:

Data Flow

  1. External systems publish ItemRequest messages to the SNS topic with metadata about assets
  2. The SQS queue buffers these messages and triggers the Lambda function
  3. The Lambda function:
    • Uses uvx to install the required stactools package
    • Executes the create-item CLI command with provided arguments
    • Publishes generated STAC items to the ItemLoad topic
  4. Failed processing attempts are sent to the dead letter queue

Operational Characteristics

Message Schema

The function expects messages matching the ItemRequest model:

{
  "package_name": "stactools-glad-global-forest-change",
  "group_name": "gladglobalforestchange",
  "create_item_args": [
    "https://example.com/data.tif"
  ],
  "collection_id": "glad-global-forest-change-1.11"
}

Usage Example

// Create item loader first (or get existing topic ARN)
const loader = new StacItemLoader(this, 'ItemLoader', {
  pgstacDb: database
});

// Create item generator that feeds the loader
const generator = new StactoolsItemGenerator(this, 'ItemGenerator', {
  itemLoadTopicArn: loader.topic.topicArn,
  lambdaTimeoutSeconds: 120,    // Allow time for package installation
  maxConcurrency: 100,          // Control parallel processing
  batchSize: 10                 // Process 10 requests per invocation
});

// Grant permission to publish to the loader topic
loader.topic.grantPublish(generator.lambdaFunction);

Publishing Generation Requests

Send messages to the generator topic to trigger item creation:

aws sns publish --topic-arn $ITEM_GEN_TOPIC --message '{
  "package_name": "stactools-glad-global-forest-change",
  "group_name": "gladglobalforestchange",
  "create_item_args": [
    "https://storage.googleapis.com/earthenginepartners-hansen/GFC-2023-v1.11/Hansen_GFC-2023-v1.11_gain_40N_080W.tif"
  ],
  "collection_id": "glad-global-forest-change-1.11"
}'

Batch Processing Example

For processing many assets, you can loop through URLs:

while IFS= read -r url; do
  aws sns publish --topic-arn "$ITEM_GEN_TOPIC" --message "{
    \"package_name\": \"stactools-glad-glclu2020\",
    \"group_name\": \"gladglclu2020\",
    \"create_item_args\": [\"$url\"]
  }"
done < urls.txt

Monitoring and Troubleshooting

Supported Stactools Packages

Any package available on PyPI that follows the stactools plugin pattern can be used. Examples include:

{@link https://stactools.readthedocs.io/} for stactools documentation

Initializers

import { StactoolsItemGenerator } from 'eoapi-cdk'

new StactoolsItemGenerator(scope: Construct, id: string, props: StactoolsItemGeneratorProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props StactoolsItemGeneratorProps No description.

scopeRequired

idRequired

propsRequired

Methods

Name Description
toString Returns a string representation of this construct.

toString
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.

isConstruct
import { StactoolsItemGenerator } from 'eoapi-cdk'

StactoolsItemGenerator.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired

Any object.


Properties

Name Type Description
node constructs.Node The tree node.
deadLetterQueue aws-cdk-lib.aws_sqs.Queue Dead letter queue for failed item generation attempts.
lambdaFunction aws-cdk-lib.aws_lambda.DockerImageFunction The containerized Lambda function that generates STAC items.
queue aws-cdk-lib.aws_sqs.Queue The SQS queue that buffers item generation requests.
topic aws-cdk-lib.aws_sns.Topic The SNS topic that receives item generation requests.

nodeRequired
public readonly node: Node;

The tree node.


deadLetterQueueRequired
public readonly deadLetterQueue: Queue;

Dead letter queue for failed item generation attempts.

Messages that fail processing after 5 attempts are sent here for inspection and potential replay. This helps with debugging stactools package issues, network failures, or malformed requests.


lambdaFunctionRequired
public readonly lambdaFunction: DockerImageFunction;

The containerized Lambda function that generates STAC items.

This Docker-based function dynamically installs stactools packages using uvx, processes source data, and publishes generated STAC items to the configured ItemLoad SNS topic.


queueRequired
public readonly queue: Queue;

The SQS queue that buffers item generation requests.

This queue receives messages from the SNS topic containing ItemRequest payloads. It’s configured with a visibility timeout that matches the Lambda timeout plus buffer time to prevent duplicate processing.


topicRequired
public readonly topic: Topic;

The SNS topic that receives item generation requests.

External systems publish ItemRequest messages to this topic to trigger STAC item generation. The topic fans out to the SQS queue for processing.


TiPgApiLambda

Initializers

import { TiPgApiLambda } from 'eoapi-cdk'

new TiPgApiLambda(scope: Construct, id: string, props: TiPgApiLambdaProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props TiPgApiLambdaProps No description.

scopeRequired

idRequired

propsRequired

Methods

Name Description
toString Returns a string representation of this construct.

toString
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.

isConstruct
import { TiPgApiLambda } from 'eoapi-cdk'

TiPgApiLambda.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired

Any object.


Properties

Name Type Description
node constructs.Node The tree node.
url string No description.
tiPgLambdaFunction aws-cdk-lib.aws_lambda.Function No description.

nodeRequired
public readonly node: Node;

The tree node.


urlRequired
public readonly url: string;

tiPgLambdaFunctionRequired
public readonly tiPgLambdaFunction: Function;

TitilerPgstacApiLambda

Initializers

import { TitilerPgstacApiLambda } from 'eoapi-cdk'

new TitilerPgstacApiLambda(scope: Construct, id: string, props: TitilerPgStacApiLambdaProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props TitilerPgStacApiLambdaProps No description.

scopeRequired

idRequired

propsRequired

Methods

Name Description
toString Returns a string representation of this construct.

toString
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.

isConstruct
import { TitilerPgstacApiLambda } from 'eoapi-cdk'

TitilerPgstacApiLambda.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired

Any object.


Properties

Name Type Description
node constructs.Node The tree node.
url string No description.
titilerPgstacLambdaFunction aws-cdk-lib.aws_lambda.Function No description.

nodeRequired
public readonly node: Node;

The tree node.


urlRequired
public readonly url: string;

titilerPgstacLambdaFunctionRequired
public readonly titilerPgstacLambdaFunction: Function;

Structs

BastionHostProps

Initializer

import { BastionHostProps } from 'eoapi-cdk'

const bastionHostProps: BastionHostProps = { ... }

Properties

Name Type Description
db aws-cdk-lib.aws_rds.IDatabaseInstance No description.
ipv4Allowlist string[] No description.
userData aws-cdk-lib.aws_ec2.UserData No description.
vpc aws-cdk-lib.aws_ec2.IVpc No description.
createElasticIp boolean Whether or not an elastic IP should be created for the bastion host.
sshPort number No description.

dbRequired
public readonly db: IDatabaseInstance;

ipv4AllowlistRequired
public readonly ipv4Allowlist: string[];

userDataRequired
public readonly userData: UserData;

vpcRequired
public readonly vpc: IVpc;

createElasticIpOptional
public readonly createElasticIp: boolean;

Whether or not an elastic IP should be created for the bastion host.


sshPortOptional
public readonly sshPort: number;

DatabaseParameters

Initializer

import { DatabaseParameters } from 'eoapi-cdk'

const databaseParameters: DatabaseParameters = { ... }

Properties

Name Type Description
effectiveCacheSize string No description.
maintenanceWorkMem string No description.
maxConnections string No description.
maxLocksPerTransaction string No description.
randomPageCost string No description.
seqPageCost string No description.
sharedBuffers string Note: This value is measured in 8KB blocks.
tempBuffers string No description.
workMem string No description.

effectiveCacheSizeRequired
public readonly effectiveCacheSize: string;

maintenanceWorkMemRequired
public readonly maintenanceWorkMem: string;

maxConnectionsRequired
public readonly maxConnections: string;

maxLocksPerTransactionRequired
public readonly maxLocksPerTransaction: string;

randomPageCostRequired
public readonly randomPageCost: string;

seqPageCostRequired
public readonly seqPageCost: string;

sharedBuffersRequired
public readonly sharedBuffers: string;

Note: This value is measured in 8KB blocks.


tempBuffersRequired
public readonly tempBuffers: string;

workMemRequired
public readonly workMem: string;

PgStacApiLambdaProps

Initializer

import { PgStacApiLambdaProps } from 'eoapi-cdk'

const pgStacApiLambdaProps: PgStacApiLambdaProps = { ... }

Properties

Name Type Description
db aws-cdk-lib.aws_rds.IDatabaseInstance \| aws-cdk-lib.aws_ec2.IInstance RDS Instance with installed pgSTAC or pgbouncer server.
dbSecret aws-cdk-lib.aws_secretsmanager.ISecret Secret containing connection information for pgSTAC database.
apiEnv {[ key: string ]: string} Customized environment variables to send to fastapi-pgstac runtime.
enabledExtensions string[] List of STAC API extensions to enable.
lambdaFunctionOptions any Can be used to override the default lambda function properties.
stacApiDomainName aws-cdk-lib.aws_apigatewayv2.IDomainName Custom Domain Name Options for STAC API,.
subnetSelection aws-cdk-lib.aws_ec2.SubnetSelection Subnet into which the lambda should be deployed.
vpc aws-cdk-lib.aws_ec2.IVpc VPC into which the lambda should be deployed.

dbRequired
public readonly db: IDatabaseInstance | IInstance;

RDS Instance with installed pgSTAC or pgbouncer server.


dbSecretRequired
public readonly dbSecret: ISecret;

Secret containing connection information for pgSTAC database.


apiEnvOptional
public readonly apiEnv: {[ key: string ]: string};

Customized environment variables to send to fastapi-pgstac runtime.


enabledExtensionsOptional
public readonly enabledExtensions: string[];

List of STAC API extensions to enable.


lambdaFunctionOptionsOptional
public readonly lambdaFunctionOptions: any;

Can be used to override the default lambda function properties.


stacApiDomainNameOptional
public readonly stacApiDomainName: IDomainName;

Custom Domain Name Options for STAC API,.


subnetSelectionOptional
public readonly subnetSelection: SubnetSelection;

Subnet into which the lambda should be deployed.


vpcOptional
public readonly vpc: IVpc;

VPC into which the lambda should be deployed.


PgStacDatabaseProps

Initializer

import { PgStacDatabaseProps } from 'eoapi-cdk'

const pgStacDatabaseProps: PgStacDatabaseProps = { ... }

Properties

Name Type Description
vpc aws-cdk-lib.aws_ec2.IVpc The VPC network where the DB subnet group should be created.
applyImmediately boolean Specifies whether changes to the DB instance and any pending modifications are applied immediately, regardless of the preferredMaintenanceWindow setting.
autoMinorVersionUpgrade boolean Indicates that minor engine upgrades are applied automatically to the DB instance during the maintenance window.
availabilityZone string The name of the Availability Zone where the DB instance will be located.
backupRetention aws-cdk-lib.Duration The number of days during which automatic DB snapshots are retained.
caCertificate aws-cdk-lib.aws_rds.CaCertificate The identifier of the CA certificate for this DB instance.
cloudwatchLogsExports string[] The list of log types that need to be enabled for exporting to CloudWatch Logs.
cloudwatchLogsRetention aws-cdk-lib.aws_logs.RetentionDays The number of days log events are kept in CloudWatch Logs.
cloudwatchLogsRetentionRole aws-cdk-lib.aws_iam.IRole The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
copyTagsToSnapshot boolean Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance.
deleteAutomatedBackups boolean Indicates whether automated backups should be deleted or retained when you delete a DB instance.
deletionProtection boolean Indicates whether the DB instance should have deletion protection enabled.
domain string The Active Directory directory ID to create the DB instance in.
domainRole aws-cdk-lib.aws_iam.IRole The IAM role to be used when making API calls to the Directory Service.
enablePerformanceInsights boolean Whether to enable Performance Insights for the DB instance.
iamAuthentication boolean Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts.
instanceIdentifier string A name for the DB instance.
iops number The number of I/O operations per second (IOPS) that the database provisions.
maxAllocatedStorage number Upper limit to which RDS can scale the storage in GiB(Gibibyte).
monitoringInterval aws-cdk-lib.Duration The interval, in seconds, between points when Amazon RDS collects enhanced monitoring metrics for the DB instance.
monitoringRole aws-cdk-lib.aws_iam.IRole Role that will be used to manage DB instance monitoring.
multiAz boolean Specifies if the database instance is a multiple Availability Zone deployment.
networkType aws-cdk-lib.aws_rds.NetworkType The network type of the DB instance.
optionGroup aws-cdk-lib.aws_rds.IOptionGroup The option group to associate with the instance.
parameterGroup aws-cdk-lib.aws_rds.IParameterGroup The DB parameter group to associate with the instance.
performanceInsightEncryptionKey aws-cdk-lib.aws_kms.IKey The AWS KMS key for encryption of Performance Insights data.
performanceInsightRetention aws-cdk-lib.aws_rds.PerformanceInsightRetention The amount of time, in days, to retain Performance Insights data.
port number The port for the instance.
preferredBackupWindow string The daily time range during which automated backups are performed.
preferredMaintenanceWindow string The weekly time range (in UTC) during which system maintenance can occur.
processorFeatures aws-cdk-lib.aws_rds.ProcessorFeatures The number of CPU cores and the number of threads per core.
publiclyAccessible boolean Indicates whether the DB instance is an internet-facing instance.
removalPolicy aws-cdk-lib.RemovalPolicy The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update.
s3ExportBuckets aws-cdk-lib.aws_s3.IBucket[] S3 buckets that you want to load data into.
s3ExportRole aws-cdk-lib.aws_iam.IRole Role that will be associated with this DB instance to enable S3 export.
s3ImportBuckets aws-cdk-lib.aws_s3.IBucket[] S3 buckets that you want to load data from.
s3ImportRole aws-cdk-lib.aws_iam.IRole Role that will be associated with this DB instance to enable S3 import.
securityGroups aws-cdk-lib.aws_ec2.ISecurityGroup[] The security groups to assign to the DB instance.
storageThroughput number The storage throughput, specified in mebibytes per second (MiBps).
storageType aws-cdk-lib.aws_rds.StorageType The storage type.
subnetGroup aws-cdk-lib.aws_rds.ISubnetGroup Existing subnet group for the instance.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets to add to the created DB subnet group.
engine aws-cdk-lib.aws_rds.IInstanceEngine The database engine.
allocatedStorage number The allocated storage size, specified in gibibytes (GiB).
allowMajorVersionUpgrade boolean Whether to allow major version upgrades.
databaseName string The name of the database.
instanceType aws-cdk-lib.aws_ec2.InstanceType The name of the compute and memory capacity for the instance.
licenseModel aws-cdk-lib.aws_rds.LicenseModel The license model.
parameters {[ key: string ]: string} The parameters in the DBParameterGroup to create automatically.
timezone string The time zone of the instance.
characterSetName string For supported engines, specifies the character set to associate with the DB instance.
credentials aws-cdk-lib.aws_rds.Credentials Credentials for the administrative user.
storageEncrypted boolean Indicates whether the DB instance is encrypted.
storageEncryptionKey aws-cdk-lib.aws_kms.IKey The KMS key that’s used to encrypt the DB instance.
addPgbouncer boolean Add pgbouncer instance for managing traffic to the pgSTAC database.
bootstrapperLambdaFunctionOptions any Can be used to override the default lambda function properties.
customResourceProperties {[ key: string ]: any} Lambda function Custom Resource properties.
pgbouncerInstanceProps any Properties for the pgbouncer ec2 instance.
pgstacDbName string Name of database that is to be created and onto which pgSTAC will be installed.
pgstacUsername string Name of user that will be generated for connecting to the pgSTAC database.
pgstacVersion string Version of pgstac to install on the database.
secretsPrefix string Prefix to assign to the generated secrets_manager.Secret.

vpcRequired
public readonly vpc: IVpc;

The VPC network where the DB subnet group should be created.


applyImmediatelyOptional
public readonly applyImmediately: boolean;

Specifies whether changes to the DB instance and any pending modifications are applied immediately, regardless of the preferredMaintenanceWindow setting.

If set to false, changes are applied during the next maintenance window.

Until RDS applies the changes, the DB instance remains in a drift state. As a result, the configuration doesn’t fully reflect the requested modifications and temporarily diverges from the intended state.

This property also determines whether the DB instance reboots when a static parameter is modified in the associated DB parameter group.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html


autoMinorVersionUpgradeOptional
public readonly autoMinorVersionUpgrade: boolean;

Indicates that minor engine upgrades are applied automatically to the DB instance during the maintenance window.


availabilityZoneOptional
public readonly availabilityZone: string;

The name of the Availability Zone where the DB instance will be located.


backupRetentionOptional
public readonly backupRetention: Duration;

The number of days during which automatic DB snapshots are retained.

Set to zero to disable backups. When creating a read replica, you must enable automatic backups on the source database instance by setting the backup retention to a value other than zero.


caCertificateOptional
public readonly caCertificate: CaCertificate;

The identifier of the CA certificate for this DB instance.

Specifying or updating this property triggers a reboot.

For RDS DB engines:

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html


cloudwatchLogsExportsOptional
public readonly cloudwatchLogsExports: string[];

The list of log types that need to be enabled for exporting to CloudWatch Logs.


cloudwatchLogsRetentionOptional
public readonly cloudwatchLogsRetention: RetentionDays;

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn’t remove the log retention policy. To remove the retention policy, set the value to Infinity.


cloudwatchLogsRetentionRoleOptional
public readonly cloudwatchLogsRetentionRole: IRole;

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.


copyTagsToSnapshotOptional
public readonly copyTagsToSnapshot: boolean;

Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance.


deleteAutomatedBackupsOptional
public readonly deleteAutomatedBackups: boolean;

Indicates whether automated backups should be deleted or retained when you delete a DB instance.


deletionProtectionOptional
public readonly deletionProtection: boolean;

Indicates whether the DB instance should have deletion protection enabled.


domainOptional
public readonly domain: string;

The Active Directory directory ID to create the DB instance in.


domainRoleOptional
public readonly domainRole: IRole;

The IAM role to be used when making API calls to the Directory Service.

The role needs the AWS-managed policy AmazonRDSDirectoryServiceAccess or equivalent.


enablePerformanceInsightsOptional
public readonly enablePerformanceInsights: boolean;

Whether to enable Performance Insights for the DB instance.


iamAuthenticationOptional
public readonly iamAuthentication: boolean;

Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts.


instanceIdentifierOptional
public readonly instanceIdentifier: string;

A name for the DB instance.

If you specify a name, AWS CloudFormation converts it to lowercase.


iopsOptional
public readonly iops: number;

The number of I/O operations per second (IOPS) that the database provisions.

The value must be equal to or greater than 1000.


maxAllocatedStorageOptional
public readonly maxAllocatedStorage: number;

Upper limit to which RDS can scale the storage in GiB(Gibibyte).

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling


monitoringIntervalOptional
public readonly monitoringInterval: Duration;

The interval, in seconds, between points when Amazon RDS collects enhanced monitoring metrics for the DB instance.


monitoringRoleOptional
public readonly monitoringRole: IRole;

Role that will be used to manage DB instance monitoring.


multiAzOptional
public readonly multiAz: boolean;

Specifies if the database instance is a multiple Availability Zone deployment.


networkTypeOptional
public readonly networkType: NetworkType;

The network type of the DB instance.


optionGroupOptional
public readonly optionGroup: IOptionGroup;

The option group to associate with the instance.


parameterGroupOptional
public readonly parameterGroup: IParameterGroup;

The DB parameter group to associate with the instance.


performanceInsightEncryptionKeyOptional
public readonly performanceInsightEncryptionKey: IKey;

The AWS KMS key for encryption of Performance Insights data.


performanceInsightRetentionOptional
public readonly performanceInsightRetention: PerformanceInsightRetention;

The amount of time, in days, to retain Performance Insights data.


portOptional
public readonly port: number;

The port for the instance.


preferredBackupWindowOptional
public readonly preferredBackupWindow: string;

The daily time range during which automated backups are performed.

Constraints:


preferredMaintenanceWindowOptional
public readonly preferredMaintenanceWindow: string;

The weekly time range (in UTC) during which system maintenance can occur.

Format: ddd:hh24:mi-ddd:hh24:mi Constraint: Minimum 30-minute window


processorFeaturesOptional
public readonly processorFeatures: ProcessorFeatures;

The number of CPU cores and the number of threads per core.


publiclyAccessibleOptional
public readonly publiclyAccessible: boolean;

Indicates whether the DB instance is an internet-facing instance.

If not specified, the instance’s vpcSubnets will be used to determine if the instance is internet-facing or not.


removalPolicyOptional
public readonly removalPolicy: RemovalPolicy;

The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update.


s3ExportBucketsOptional
public readonly s3ExportBuckets: IBucket[];

S3 buckets that you want to load data into.

This property must not be used if s3ExportRole is used.

For Microsoft SQL Server:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-s3-integration.html


s3ExportRoleOptional
public readonly s3ExportRole: IRole;

Role that will be associated with this DB instance to enable S3 export.

This property must not be used if s3ExportBuckets is used.

For Microsoft SQL Server:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-s3-integration.html


s3ImportBucketsOptional
public readonly s3ImportBuckets: IBucket[];

S3 buckets that you want to load data from.

This feature is only supported by the Microsoft SQL Server, Oracle, and PostgreSQL engines.

This property must not be used if s3ImportRole is used.

For Microsoft SQL Server:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Procedural.Importing.html


s3ImportRoleOptional
public readonly s3ImportRole: IRole;

Role that will be associated with this DB instance to enable S3 import.

This feature is only supported by the Microsoft SQL Server, Oracle, and PostgreSQL engines.

This property must not be used if s3ImportBuckets is used.

For Microsoft SQL Server:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Procedural.Importing.html


securityGroupsOptional
public readonly securityGroups: ISecurityGroup[];

The security groups to assign to the DB instance.


storageThroughputOptional
public readonly storageThroughput: number;

The storage throughput, specified in mebibytes per second (MiBps).

Only applicable for GP3.

https://docs.aws.amazon.com//AmazonRDS/latest/UserGuide/CHAP_Storage.html#gp3-storage


storageTypeOptional
public readonly storageType: StorageType;

The storage type.

Storage types supported are gp2, io1, standard.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#Concepts.Storage.GeneralSSD


subnetGroupOptional
public readonly subnetGroup: ISubnetGroup;

Existing subnet group for the instance.


vpcSubnetsOptional
public readonly vpcSubnets: SubnetSelection;

The type of subnets to add to the created DB subnet group.


engineRequired
public readonly engine: IInstanceEngine;

The database engine.


allocatedStorageOptional
public readonly allocatedStorage: number;

The allocated storage size, specified in gibibytes (GiB).


allowMajorVersionUpgradeOptional
public readonly allowMajorVersionUpgrade: boolean;

Whether to allow major version upgrades.


databaseNameOptional
public readonly databaseName: string;

The name of the database.


instanceTypeOptional
public readonly instanceType: InstanceType;

The name of the compute and memory capacity for the instance.


licenseModelOptional
public readonly licenseModel: LicenseModel;

The license model.


parametersOptional
public readonly parameters: {[ key: string ]: string};

The parameters in the DBParameterGroup to create automatically.

You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBParameterGroup.


timezoneOptional
public readonly timezone: string;

The time zone of the instance.

This is currently supported only by Microsoft Sql Server.


characterSetNameOptional
public readonly characterSetName: string;

For supported engines, specifies the character set to associate with the DB instance.


credentialsOptional
public readonly credentials: Credentials;

Credentials for the administrative user.


storageEncryptedOptional
public readonly storageEncrypted: boolean;

Indicates whether the DB instance is encrypted.


storageEncryptionKeyOptional
public readonly storageEncryptionKey: IKey;

The KMS key that’s used to encrypt the DB instance.


addPgbouncerOptional
public readonly addPgbouncer: boolean;

Add pgbouncer instance for managing traffic to the pgSTAC database.


bootstrapperLambdaFunctionOptionsOptional
public readonly bootstrapperLambdaFunctionOptions: any;

Can be used to override the default lambda function properties.


customResourcePropertiesOptional
public readonly customResourceProperties: {[ key: string ]: any};

Lambda function Custom Resource properties.

A custom resource property is going to be created to trigger the boostrapping lambda function. This parameter allows the user to specify additional properties on top of the defaults ones.


pgbouncerInstancePropsOptional
public readonly pgbouncerInstanceProps: any;

Properties for the pgbouncer ec2 instance.


pgstacDbNameOptional
public readonly pgstacDbName: string;

Name of database that is to be created and onto which pgSTAC will be installed.


pgstacUsernameOptional
public readonly pgstacUsername: string;

Name of user that will be generated for connecting to the pgSTAC database.


pgstacVersionOptional
public readonly pgstacVersion: string;

Version of pgstac to install on the database.


secretsPrefixOptional
public readonly secretsPrefix: string;

Prefix to assign to the generated secrets_manager.Secret.


StacBrowserProps

Initializer

import { StacBrowserProps } from 'eoapi-cdk'

const stacBrowserProps: StacBrowserProps = { ... }

Properties

Name Type Description
githubRepoTag string Tag of the radiant earth stac-browser repo to use to build the app.
stacCatalogUrl string STAC catalog URL.
bucketArn string Bucket ARN.
cloneDirectory string Location in the filesystem where to compile the browser code.
cloudFrontDistributionArn string The ARN of the cloudfront distribution that will be added to the bucket policy with read access.
configFilePath string Path to config file for the STAC browser.
websiteIndexDocument string The name of the index document (e.g. “index.html”) for the website. Enables static website hosting for this bucket.

githubRepoTagRequired
public readonly githubRepoTag: string;

Tag of the radiant earth stac-browser repo to use to build the app.


stacCatalogUrlRequired
public readonly stacCatalogUrl: string;

STAC catalog URL.

Overrides the catalog URL in the stac-browser configuration.


bucketArnOptional
public readonly bucketArn: string;

Bucket ARN.

If specified, the identity used to deploy the stack must have the appropriate permissions to create a deployment for this bucket. In addition, if specified, cloudFrontDistributionArn is ignored since the policy of an imported resource can’t be modified.


cloneDirectoryOptional
public readonly cloneDirectory: string;

Location in the filesystem where to compile the browser code.


cloudFrontDistributionArnOptional
public readonly cloudFrontDistributionArn: string;

The ARN of the cloudfront distribution that will be added to the bucket policy with read access.

If bucketArn is specified, this parameter is ignored since the policy of an imported bucket can’t be modified.


configFilePathOptional
public readonly configFilePath: string;

Path to config file for the STAC browser.

If not provided, default configuration in the STAC browser repository is used.


websiteIndexDocumentOptional
public readonly websiteIndexDocument: string;

The name of the index document (e.g. “index.html”) for the website. Enables static website hosting for this bucket.


StacIngestorProps

Initializer

import { StacIngestorProps } from 'eoapi-cdk'

const stacIngestorProps: StacIngestorProps = { ... }

Properties

Name Type Description
dataAccessRole aws-cdk-lib.aws_iam.IRole ARN of AWS Role used to validate access to S3 data.
stacDbSecret aws-cdk-lib.aws_secretsmanager.ISecret Secret containing pgSTAC DB connection information.
stacDbSecurityGroup aws-cdk-lib.aws_ec2.ISecurityGroup Security Group used by pgSTAC DB.
stacUrl string URL of STAC API.
stage string Stage of deployment (e.g. dev, prod).
apiEndpointConfiguration aws-cdk-lib.aws_apigateway.EndpointConfiguration API Endpoint Configuration, useful for creating private APIs.
apiEnv {[ key: string ]: string} Environment variables to be sent to Lambda.
apiLambdaFunctionOptions any Can be used to override the default lambda function properties.
apiPolicy aws-cdk-lib.aws_iam.PolicyDocument API Policy Document, useful for creating private APIs.
ingestorDomainNameOptions aws-cdk-lib.aws_apigateway.DomainNameOptions Custom Domain Name Options for Ingestor API.
ingestorLambdaFunctionOptions any Can be used to override the default lambda function properties.
pgstacVersion string pgstac version - must match the version installed on the pgstac database.
subnetSelection aws-cdk-lib.aws_ec2.SubnetSelection Subnet into which the lambda should be deployed if using a VPC.
vpc aws-cdk-lib.aws_ec2.IVpc VPC running pgSTAC DB.

dataAccessRoleRequired
public readonly dataAccessRole: IRole;

ARN of AWS Role used to validate access to S3 data.


stacDbSecretRequired
public readonly stacDbSecret: ISecret;

Secret containing pgSTAC DB connection information.


stacDbSecurityGroupRequired
public readonly stacDbSecurityGroup: ISecurityGroup;

Security Group used by pgSTAC DB.


stacUrlRequired
public readonly stacUrl: string;

URL of STAC API.


stageRequired
public readonly stage: string;

Stage of deployment (e.g. dev, prod).


apiEndpointConfigurationOptional
public readonly apiEndpointConfiguration: EndpointConfiguration;

API Endpoint Configuration, useful for creating private APIs.


apiEnvOptional
public readonly apiEnv: {[ key: string ]: string};

Environment variables to be sent to Lambda.


apiLambdaFunctionOptionsOptional
public readonly apiLambdaFunctionOptions: any;

Can be used to override the default lambda function properties.


apiPolicyOptional
public readonly apiPolicy: PolicyDocument;

API Policy Document, useful for creating private APIs.


ingestorDomainNameOptionsOptional
public readonly ingestorDomainNameOptions: DomainNameOptions;

Custom Domain Name Options for Ingestor API.


ingestorLambdaFunctionOptionsOptional
public readonly ingestorLambdaFunctionOptions: any;

Can be used to override the default lambda function properties.


pgstacVersionOptional
public readonly pgstacVersion: string;

pgstac version - must match the version installed on the pgstac database.


subnetSelectionOptional
public readonly subnetSelection: SubnetSelection;

Subnet into which the lambda should be deployed if using a VPC.


vpcOptional
public readonly vpc: IVpc;

VPC running pgSTAC DB.


StacItemLoaderProps

Configuration properties for the StacItemLoader construct.

The StacItemLoader is part of a two-phase serverless STAC ingestion pipeline that loads STAC items into a pgstac database. This construct creates the infrastructure for receiving STAC items from multiple sources:

  1. SNS messages containing STAC metadata (direct ingestion)
  2. S3 event notifications for STAC items uploaded to S3 buckets

Items from both sources are batched and inserted into PostgreSQL with the pgstac extension.

Example

const loader = new StacItemLoader(this, 'ItemLoader', {
  pgstacDb: database,
  batchSize: 1000,
  maxBatchingWindowMinutes: 1,
  lambdaTimeoutSeconds: 300
});

Initializer

import { StacItemLoaderProps } from 'eoapi-cdk'

const stacItemLoaderProps: StacItemLoaderProps = { ... }

Properties

Name Type Description
pgstacDb PgStacDatabase The PgSTAC database instance to load items into.
batchSize number SQS batch size for lambda event source.
environment {[ key: string ]: string} Additional environment variables for the lambda function.
lambdaRuntime aws-cdk-lib.aws_lambda.Runtime The lambda runtime to use for the item loading function.
lambdaTimeoutSeconds number The timeout for the item load lambda in seconds.
maxBatchingWindowMinutes number Maximum batching window in minutes.
maxConcurrency number Maximum concurrent executions for the StacItemLoader Lambda function.
memorySize number Memory size for the lambda function in MB.

pgstacDbRequired
public readonly pgstacDb: PgStacDatabase;

The PgSTAC database instance to load items into.

This database must have the pgstac extension installed and be properly configured with collections before items can be loaded. The loader will use AWS Secrets Manager to securely access database credentials.


batchSizeOptional
public readonly batchSize: number;

SQS batch size for lambda event source.

This determines the maximum number of STAC items that will be processed together in a single lambda invocation. Larger batch sizes improve database insertion efficiency but require more memory and longer processing time.

Batching Behavior: SQS will wait to accumulate up to this many messages before triggering the Lambda, OR until the maxBatchingWindow timeout is reached, whichever comes first. This creates an efficient balance between throughput and latency.


environmentOptional
public readonly environment: {[ key: string ]: string};

Additional environment variables for the lambda function.

These will be merged with the default environment variables including PGSTAC_SECRET_ARN. Use this for custom configuration or debugging flags.


lambdaRuntimeOptional
public readonly lambdaRuntime: Runtime;

The lambda runtime to use for the item loading function.

The function is implemented in Python and uses pypgstac for database operations. Ensure the runtime version is compatible with the pgstac version specified in the database configuration.


lambdaTimeoutSecondsOptional
public readonly lambdaTimeoutSeconds: number;

The timeout for the item load lambda in seconds.

This should accommodate the time needed to process up to batchSize items and perform database insertions. The SQS visibility timeout will be set to this value plus 10 seconds.


maxBatchingWindowMinutesOptional
public readonly maxBatchingWindowMinutes: number;

Maximum batching window in minutes.

Even if the batch size isn’t reached, the lambda will be triggered after this time period to ensure timely processing of items. This prevents items from waiting indefinitely in low-volume scenarios.

Important: This timeout works in conjunction with batchSize - SQS will trigger the Lambda when EITHER the batch size is reached OR this time window expires, ensuring items are processed in a timely manner regardless of volume.


maxConcurrencyOptional
public readonly maxConcurrency: number;

Maximum concurrent executions for the StacItemLoader Lambda function.

This limit will be applied to the Lambda function and will control how many concurrent batches will be released from the SQS queue.


memorySizeOptional
public readonly memorySize: number;

Memory size for the lambda function in MB.

Higher memory allocation may improve performance when processing large batches of STAC items, especially for memory-intensive database operations.


StactoolsItemGeneratorProps

Configuration properties for the StactoolsItemGenerator construct.

The StactoolsItemGenerator is part of a two-phase serverless STAC ingestion pipeline that generates STAC items from source data. This construct creates the infrastructure for the first phase of the pipeline - processing metadata about assets and transforming them into standardized STAC items.

Example

const generator = new StactoolsItemGenerator(this, 'ItemGenerator', {
  itemLoadTopicArn: loader.topic.topicArn,
  lambdaTimeoutSeconds: 120,
  maxConcurrency: 100,
  batchSize: 10
});

Initializer

import { StactoolsItemGeneratorProps } from 'eoapi-cdk'

const stactoolsItemGeneratorProps: StactoolsItemGeneratorProps = { ... }

Properties

Name Type Description
itemLoadTopicArn string ARN of the SNS topic to publish generated items to.
batchSize number SQS batch size for lambda event source.
environment {[ key: string ]: string} Additional environment variables for the lambda function.
lambdaRuntime aws-cdk-lib.aws_lambda.Runtime The lambda runtime to use for the item generation function.
lambdaTimeoutSeconds number The timeout for the item generation lambda in seconds.
maxConcurrency number Maximum number of concurrent executions.
memorySize number Memory size for the lambda function in MB.

itemLoadTopicArnRequired
public readonly itemLoadTopicArn: string;

ARN of the SNS topic to publish generated items to.

This is typically the topic from a StacItemLoader construct. Generated STAC items will be published here for downstream processing and database insertion.


batchSizeOptional
public readonly batchSize: number;

SQS batch size for lambda event source.

This determines how many generation requests are processed together in a single lambda invocation. Unlike the loader, generation typically processes items individually, so smaller batch sizes are common.


environmentOptional
public readonly environment: {[ key: string ]: string};

Additional environment variables for the lambda function.

These will be merged with default environment variables including ITEM_LOAD_TOPIC_ARN and LOG_LEVEL. Use this for custom configuration or to pass credentials for external data sources.


lambdaRuntimeOptional
public readonly lambdaRuntime: Runtime;

The lambda runtime to use for the item generation function.

The function is containerized using Docker and can accommodate various stactools packages. The runtime version should be compatible with the packages you plan to use for STAC item generation.


lambdaTimeoutSecondsOptional
public readonly lambdaTimeoutSeconds: number;

The timeout for the item generation lambda in seconds.

This should accommodate the time needed to:

The SQS visibility timeout will be set to this value plus 10 seconds.


maxConcurrencyOptional
public readonly maxConcurrency: number;

Maximum number of concurrent executions.

This controls how many item generation tasks can run simultaneously. Higher concurrency enables faster processing of large batches but may strain downstream systems or external data sources.


memorySizeOptional
public readonly memorySize: number;

Memory size for the lambda function in MB.

Higher memory allocation may be needed for processing large geospatial datasets or when stactools packages have high memory requirements. More memory also provides proportionally more CPU power.


TiPgApiLambdaProps

Initializer

import { TiPgApiLambdaProps } from 'eoapi-cdk'

const tiPgApiLambdaProps: TiPgApiLambdaProps = { ... }

Properties

Name Type Description
db aws-cdk-lib.aws_rds.IDatabaseInstance \| aws-cdk-lib.aws_ec2.IInstance RDS Instance with installed pgSTAC or pgbouncer server.
dbSecret aws-cdk-lib.aws_secretsmanager.ISecret Secret containing connection information for pgSTAC database.
apiEnv {[ key: string ]: string} Customized environment variables to send to titiler-pgstac runtime.
lambdaFunctionOptions any Can be used to override the default lambda function properties.
subnetSelection aws-cdk-lib.aws_ec2.SubnetSelection Subnet into which the lambda should be deployed.
tipgApiDomainName aws-cdk-lib.aws_apigatewayv2.IDomainName Custom Domain Name for tipg API.
vpc aws-cdk-lib.aws_ec2.IVpc VPC into which the lambda should be deployed.

dbRequired
public readonly db: IDatabaseInstance | IInstance;

RDS Instance with installed pgSTAC or pgbouncer server.


dbSecretRequired
public readonly dbSecret: ISecret;

Secret containing connection information for pgSTAC database.


apiEnvOptional
public readonly apiEnv: {[ key: string ]: string};

Customized environment variables to send to titiler-pgstac runtime.


lambdaFunctionOptionsOptional
public readonly lambdaFunctionOptions: any;

Can be used to override the default lambda function properties.


subnetSelectionOptional
public readonly subnetSelection: SubnetSelection;

Subnet into which the lambda should be deployed.


tipgApiDomainNameOptional
public readonly tipgApiDomainName: IDomainName;

Custom Domain Name for tipg API.

If defined, will create the domain name and integrate it with the tipg API.


vpcOptional
public readonly vpc: IVpc;

VPC into which the lambda should be deployed.


TitilerPgStacApiLambdaProps

Initializer

import { TitilerPgStacApiLambdaProps } from 'eoapi-cdk'

const titilerPgStacApiLambdaProps: TitilerPgStacApiLambdaProps = { ... }

Properties

Name Type Description
db aws-cdk-lib.aws_rds.IDatabaseInstance \| aws-cdk-lib.aws_ec2.IInstance RDS Instance with installed pgSTAC or pgbouncer server.
dbSecret aws-cdk-lib.aws_secretsmanager.ISecret Secret containing connection information for pgSTAC database.
apiEnv {[ key: string ]: string} Customized environment variables to send to titiler-pgstac runtime.
buckets string[] list of buckets the lambda will be granted access to.
lambdaFunctionOptions any Can be used to override the default lambda function properties.
subnetSelection aws-cdk-lib.aws_ec2.SubnetSelection Subnet into which the lambda should be deployed.
titilerPgstacApiDomainName aws-cdk-lib.aws_apigatewayv2.IDomainName Custom Domain Name Options for Titiler Pgstac API,.
vpc aws-cdk-lib.aws_ec2.IVpc VPC into which the lambda should be deployed.

dbRequired
public readonly db: IDatabaseInstance | IInstance;

RDS Instance with installed pgSTAC or pgbouncer server.


dbSecretRequired
public readonly dbSecret: ISecret;

Secret containing connection information for pgSTAC database.


apiEnvOptional
public readonly apiEnv: {[ key: string ]: string};

Customized environment variables to send to titiler-pgstac runtime.

These will be merged with defaultTitilerPgstacEnv. The database secret arn is automatically added to the environment variables at deployment. /


bucketsOptional
public readonly buckets: string[];

list of buckets the lambda will be granted access to.


lambdaFunctionOptionsOptional
public readonly lambdaFunctionOptions: any;

Can be used to override the default lambda function properties.


subnetSelectionOptional
public readonly subnetSelection: SubnetSelection;

Subnet into which the lambda should be deployed.


titilerPgstacApiDomainNameOptional
public readonly titilerPgstacApiDomainName: IDomainName;

Custom Domain Name Options for Titiler Pgstac API,.


vpcOptional
public readonly vpc: IVpc;

VPC into which the lambda should be deployed.