eoapi-cdk

API Reference

Constructs

BastionHost

The database is located in an isolated subnet, meaning that it is not accessible from the public internet.

As such, to interact with the database directly, a user must tunnel through a bastion host.

Configuring

This codebase controls who is allowed to connect to the bastion host. This requires two steps:

1. Adding the IP address from which you are connecting to the ipv4Allowlist array
2. Creating a bastion host system user by adding the user’s configuration inform to userdata.yaml

Adding an IP address to the ipv4Allowlist array

The BastionHost construct takes in an ipv4Allowlist array as an argument. Find your IP address (eg curl api.ipify.org) and add that to the array along with the trailing CIDR block (likely /32 to indicate that you are adding a single IP address).

Creating a user via userdata.yaml

Add an entry to the users array with a username (likely matching your local systems username, which you can get by running the whoami command in your terminal) and a public key (likely your default public key, which you can get by running cat ~/.ssh/id_*.pub in your terminal).

Tips & Tricks when using the Bastion Host

Connecting to RDS Instance via SSM

aws ssm start-session --target $INSTANCE_ID \
--document-name AWS-StartPortForwardingSessionToRemoteHost \
--parameters '{
"host": [
"example-db.c5abcdefghij.us-west-2.rds.amazonaws.com"
],
"portNumber": [
"5432"
],
"localPortNumber": [
"9999"
]
}' \
--profile $AWS_PROFILE

psql -h localhost -p 9999 # continue adding username (-U) and db (-d) here...

Connect directly to Bastion Host:

aws ssm start-session --target $INSTANCE_ID --profile $AWS_PROFILE

Setting up an SSH tunnel

In your ~/.ssh/config file, add an entry like:

Host db-tunnel
Hostname {the-bastion-host-address}
LocalForward 9999 {the-db-hostname}:5432

Then a tunnel can be opened via:

ssh -N db-tunnel

And a connection to the DB can be made via:

psql -h 127.0.0.1 -p 9999 -U {username} -d {database}

Handling REMOTE HOST IDENTIFICATION HAS CHANGED! error

If you’ve redeployed a bastion host that you’ve previously connected to, you may see an error like:

#### Initializers <a name="Initializers" id="eoapi-cdk.BastionHost.Initializer"></a>

```typescript
import { BastionHost } from 'eoapi-cdk'

new BastionHost(scope: Construct, id: string, props: BastionHostProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	BastionHostProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: BastionHostProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { BastionHost } from 'eoapi-cdk'

BastionHost.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
instance	aws-cdk-lib.aws_ec2.Instance	No description.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

instance^Required

public readonly instance: Instance;

• Type: aws-cdk-lib.aws_ec2.Instance

---

PgStacApiLambda

Initializers

import { PgStacApiLambda } from 'eoapi-cdk'

new PgStacApiLambda(scope: Construct, id: string, props: PgStacApiLambdaProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	PgStacApiLambdaProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: PgStacApiLambdaProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { PgStacApiLambda } from 'eoapi-cdk'

PgStacApiLambda.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
url	string	No description.
stacApiLambdaFunction	aws-cdk-lib.aws_lambda.Function	No description.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

url^Required

public readonly url: string;

• Type: string

---

stacApiLambdaFunction^Required

public readonly stacApiLambdaFunction: Function;

• Type: aws-cdk-lib.aws_lambda.Function

---

PgStacDatabase

An RDS instance with pgSTAC installed.

This is a wrapper around the rds.DatabaseInstance higher-level construct making use of the BootstrapPgStac construct.

Initializers

import { PgStacDatabase } from 'eoapi-cdk'

new PgStacDatabase(scope: Construct, id: string, props: PgStacDatabaseProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	PgStacDatabaseProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: PgStacDatabaseProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.
getParameters	No description.

---

toString

public toString(): string

Returns a string representation of this construct.

getParameters

public getParameters(instanceType: string, parameters?: {[ key: string ]: string}): DatabaseParameters

instanceType^Required

• Type: string

---

parameters^Optional

• Type: {[ key: string ]: string}

---

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { PgStacDatabase } from 'eoapi-cdk'

PgStacDatabase.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
connectionTarget	aws-cdk-lib.aws_ec2.Instance \| aws-cdk-lib.aws_rds.IDatabaseInstance	No description.
pgstacVersion	string	No description.
secretBootstrapper	aws-cdk-lib.CustomResource	No description.
securityGroup	aws-cdk-lib.aws_ec2.SecurityGroup	No description.
db	aws-cdk-lib.aws_rds.DatabaseInstance	No description.
pgstacSecret	aws-cdk-lib.aws_secretsmanager.ISecret	No description.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

connectionTarget^Required

public readonly connectionTarget: Instance | IDatabaseInstance;

• Type: aws-cdk-lib.aws_ec2.Instance

  aws-cdk-lib.aws_rds.IDatabaseInstance

---

pgstacVersion^Required

public readonly pgstacVersion: string;

• Type: string

---

secretBootstrapper^Optional

public readonly secretBootstrapper: CustomResource;

• Type: aws-cdk-lib.CustomResource

---

securityGroup^Optional

public readonly securityGroup: SecurityGroup;

• Type: aws-cdk-lib.aws_ec2.SecurityGroup

---

db^Required

public readonly db: DatabaseInstance;

• Type: aws-cdk-lib.aws_rds.DatabaseInstance

---

pgstacSecret^Required

public readonly pgstacSecret: ISecret;

• Type: aws-cdk-lib.aws_secretsmanager.ISecret

---

StacBrowser

Initializers

import { StacBrowser } from 'eoapi-cdk'

new StacBrowser(scope: Construct, id: string, props: StacBrowserProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	StacBrowserProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: StacBrowserProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { StacBrowser } from 'eoapi-cdk'

StacBrowser.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
bucket	aws-cdk-lib.aws_s3.IBucket	No description.
bucketDeployment	aws-cdk-lib.aws_s3_deployment.BucketDeployment	No description.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

bucket^Required

public readonly bucket: IBucket;

• Type: aws-cdk-lib.aws_s3.IBucket

---

bucketDeployment^Required

public readonly bucketDeployment: BucketDeployment;

• Type: aws-cdk-lib.aws_s3_deployment.BucketDeployment

---

StacIngestor

Initializers

import { StacIngestor } from 'eoapi-cdk'

new StacIngestor(scope: Construct, id: string, props: StacIngestorProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	StacIngestorProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: StacIngestorProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { StacIngestor } from 'eoapi-cdk'

StacIngestor.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
handlerRole	aws-cdk-lib.aws_iam.Role	No description.
table	aws-cdk-lib.aws_dynamodb.Table	No description.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

handlerRole^Required

public readonly handlerRole: Role;

• Type: aws-cdk-lib.aws_iam.Role

---

table^Required

public readonly table: Table;

• Type: aws-cdk-lib.aws_dynamodb.Table

---

StacItemLoader

AWS CDK Construct for STAC Item Loading Infrastructure.

The StacItemLoader creates a serverless, event-driven system for loading STAC (SpatioTemporal Asset Catalog) items into a PostgreSQL database with the pgstac extension. This construct supports multiple ingestion pathways for flexible STAC item loading.

Architecture Overview

This construct creates the following AWS resources:

• SNS Topic: Entry point for STAC items and S3 event notifications
• SQS Queue: Buffers and batches messages before processing (60-second visibility timeout)
• Dead Letter Queue: Captures failed loading attempts after 5 retries
• Lambda Function: Python function that processes batches and inserts items into pgstac

Data Flow

The loader supports two primary data ingestion patterns:

Direct STAC Item Publishing

1. STAC items (JSON) are published directly to the SNS topic in message bodies
2. The SQS queue collects messages and batches them (up to {batchSize} items or 1 minute window)
3. The Lambda function receives batches, validates items, and inserts into pgstac

S3 Event-Driven Loading

1. An S3 bucket is configured to send notifications to the SNS topic when json files are created
2. STAC items are uploaded to S3 buckets as JSON/GeoJSON files
3. S3 event notifications are sent to the SNS topic when items are uploaded
4. The Lambda function receives S3 events in the SQS message batch, fetches items from S3, and loads into pgstac

Batching Behavior

The SQS-to-Lambda integration uses intelligent batching to optimize performance:

• Batch Size: Lambda waits to receive up to batchSize messages (default: 500)
• Batching Window: If fewer than batchSize messages are available, Lambda triggers after maxBatchingWindow minutes (default: 1 minute)
• Trigger Condition: Lambda executes when EITHER condition is met first
• Concurrency: Limited to maxConcurrency concurrent executions to prevent database overload
• Partial Failures: Uses reportBatchItemFailures to retry only failed items

This approach balances throughput (larger batches = fewer database connections) with latency (time-based triggers prevent indefinite waiting).

Error Handling and Dead Letter Queue

Failed messages are sent to the dead letter queue after 5 processing attempts. Important: This construct provides NO automated handling of dead letter queue messages - monitoring, inspection, and reprocessing of failed items is the responsibility of the implementing application.

Consider implementing:

• CloudWatch alarms on dead letter queue depth
• Manual or automated reprocessing workflows
• Logging and alerting for failed items
• Regular cleanup of old dead letter messages (14-day retention)

Operational Characteristics

• Scalability: Lambda scales automatically based on queue depth
• Reliability: Dead letter queue captures failures for debugging
• Efficiency: Batching optimizes database operations for high throughput
• Security: Database credentials accessed via AWS Secrets Manager
• Observability: CloudWatch logs retained for one week

Prerequisites

Before using this construct, ensure:

• The pgstac database has collections loaded (items require existing collection IDs)
• Database credentials are stored in AWS Secrets Manager
• The pgstac extension is properly installed and configured

Usage Example

// Create database first
const database = new PgStacDatabase(this, 'Database', {
  pgstacVersion: '0.9.5'
});

// Create item loader
const loader = new StacItemLoader(this, 'ItemLoader', {
  pgstacDb: database,
  batchSize: 1000,          // Process up to 1000 items per batch
  maxBatchingWindowMinutes: 1, // Wait max 1 minute to fill batch
  lambdaTimeoutSeconds: 300     // Allow up to 300 seconds for database operations
});

// The topic ARN can be used by other services to publish items
new CfnOutput(this, 'LoaderTopicArn', {
  value: loader.topic.topicArn
});

Direct Item Publishing

External services can publish STAC items directly to the topic:

aws sns publish --topic-arn $ITEM_LOAD_TOPIC --message '{
  "type": "Feature",
  "stac_version": "1.0.0",
  "id": "example-item",
  "properties": {"datetime": "2021-01-01T00:00:00Z"},
  "geometry": {"type": "Polygon", "coordinates": [...]},
  "collection": "example-collection"
}'

S3 Event Configuration

To enable S3 event-driven loading, configure S3 bucket notifications to send events to the SNS topic when STAC items (.json or .geojson files) are uploaded:

// Configure S3 bucket to send notifications to the loader topic
bucket.addEventNotification(
  s3.EventType.OBJECT_CREATED,
  new s3n.SnsDestination(loader.topic),
  { suffix: '.json' }
);

bucket.addEventNotification(
  s3.EventType.OBJECT_CREATED,
  new s3n.SnsDestination(loader.topic),
  { suffix: '.geojson' }
);

When STAC items are uploaded to the configured S3 bucket, the loader will:

1. Receive S3 event notifications via SNS
2. Fetch the STAC item JSON from S3
3. Validate and load the item into the pgstac database

Monitoring and Troubleshooting

• Monitor Lambda logs: /aws/lambda/{FunctionName}
• Dead Letter Queue: Check for failed items - no automated handling provided
• Use batch item failure reporting for partial batch processing
• CloudWatch metrics available for queue depth and Lambda performance

Dead Letter Queue Management

Applications must implement their own dead letter queue monitoring:

// Example: CloudWatch alarm for dead letter queue depth
new cloudwatch.Alarm(this, 'DeadLetterAlarm', {
  metric: loader.deadLetterQueue.metricApproximateNumberOfVisibleMessages(),
  threshold: 1,
  evaluationPeriods: 1
});

// Example: Lambda to reprocess dead letter messages
const reprocessFunction = new lambda.Function(this, 'Reprocess', {
  // Implementation to fetch and republish failed messages
});

Initializers

import { StacItemLoader } from 'eoapi-cdk'

new StacItemLoader(scope: Construct, id: string, props: StacItemLoaderProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	StacItemLoaderProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: StacItemLoaderProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { StacItemLoader } from 'eoapi-cdk'

StacItemLoader.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
deadLetterQueue	aws-cdk-lib.aws_sqs.Queue	Dead letter queue for failed item loading attempts.
lambdaFunction	aws-cdk-lib.aws_lambda.Function	The Lambda function that loads STAC items into the pgstac database.
queue	aws-cdk-lib.aws_sqs.Queue	The SQS queue that buffers messages before processing.
topic	aws-cdk-lib.aws_sns.Topic	The SNS topic that receives STAC items and S3 event notifications for loading.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

deadLetterQueue^Required

public readonly deadLetterQueue: Queue;

• Type: aws-cdk-lib.aws_sqs.Queue

Dead letter queue for failed item loading attempts.

Messages that fail processing after 5 attempts are sent here for inspection and potential replay. Retains messages for 14 days to allow for debugging and manual intervention.

User Responsibility: This construct provides NO automated monitoring, alerting, or reprocessing of dead letter queue messages. Applications using this construct must implement their own:

• Dead letter queue depth monitoring and alerting
• Failed message inspection and debugging workflows
• Manual or automated reprocessing mechanisms
• Cleanup procedures for old failed messages

---

lambdaFunction^Required

public readonly lambdaFunction: Function;

• Type: aws-cdk-lib.aws_lambda.Function

The Lambda function that loads STAC items into the pgstac database.

This Python function receives batches of messages from SQS and processes them based on their type:

• Direct STAC items: Validates and loads directly into pgstac
• S3 events: Fetches STAC items from S3, validates, and loads into pgstac

The function connects to PostgreSQL using credentials from Secrets Manager and uses pypgstac for efficient database operations.

---

queue^Required

public readonly queue: Queue;

• Type: aws-cdk-lib.aws_sqs.Queue

The SQS queue that buffers messages before processing.

This queue collects both direct STAC items from SNS and S3 event notifications, batching them for efficient database operations. Configured with a visibility timeout that accommodates Lambda processing time plus buffer.

---

topic^Required

public readonly topic: Topic;

• Type: aws-cdk-lib.aws_sns.Topic

The SNS topic that receives STAC items and S3 event notifications for loading.

This topic serves as the entry point for two types of events:

1. Direct STAC item JSON documents published by external services
2. S3 event notifications when STAC items are uploaded to configured buckets

The topic fans out to the SQS queue for batched processing.

---

StactoolsItemGenerator

AWS CDK Construct for STAC Item Generation Infrastructure.

The StactoolsItemGenerator creates a serverless, event-driven system for generating STAC (SpatioTemporal Asset Catalog) items from source data. This construct implements the first phase of a two-stage ingestion pipeline that transforms raw geospatial data into standardized STAC metadata.

Architecture Overview

This construct creates the following AWS resources:

• SNS Topic: Entry point for triggering item generation workflows
• SQS Queue: Buffers generation requests (120-second visibility timeout)
• Dead Letter Queue: Captures failed messages after 5 processing attempts
• Lambda Function: Containerized function that generates STAC items using stactools

Data Flow

1. External systems publish ItemRequest messages to the SNS topic with metadata about assets
2. The SQS queue buffers these messages and triggers the Lambda function
3. The Lambda function:
   • Uses uvx to install the required stactools package
   • Executes the create-item CLI command with provided arguments
   • Publishes generated STAC items to the ItemLoad topic
4. Failed processing attempts are sent to the dead letter queue

Operational Characteristics

• Scalability: Lambda scales automatically based on queue depth (up to maxConcurrency)
• Flexibility: Supports any stactools package through dynamic installation
• Reliability: Dead letter queue captures failed generation attempts
• Isolation: Each generation task runs in a fresh container environment
• Observability: CloudWatch logs retained for one week

Message Schema

The function expects messages matching the ItemRequest model:

{
  "package_name": "stactools-glad-global-forest-change",
  "group_name": "gladglobalforestchange",
  "create_item_args": [
    "https://example.com/data.tif"
  ],
  "collection_id": "glad-global-forest-change-1.11"
}

Usage Example

// Create item loader first (or get existing topic ARN)
const loader = new StacItemLoader(this, 'ItemLoader', {
  pgstacDb: database
});

// Create item generator that feeds the loader
const generator = new StactoolsItemGenerator(this, 'ItemGenerator', {
  itemLoadTopicArn: loader.topic.topicArn,
  lambdaTimeoutSeconds: 120,    // Allow time for package installation
  maxConcurrency: 100,          // Control parallel processing
  batchSize: 10                 // Process 10 requests per invocation
});

// Grant permission to publish to the loader topic
loader.topic.grantPublish(generator.lambdaFunction);

Publishing Generation Requests

Send messages to the generator topic to trigger item creation:

aws sns publish --topic-arn $ITEM_GEN_TOPIC --message '{
  "package_name": "stactools-glad-global-forest-change",
  "group_name": "gladglobalforestchange",
  "create_item_args": [
    "https://storage.googleapis.com/earthenginepartners-hansen/GFC-2023-v1.11/Hansen_GFC-2023-v1.11_gain_40N_080W.tif"
  ],
  "collection_id": "glad-global-forest-change-1.11"
}'

Batch Processing Example

For processing many assets, you can loop through URLs:

while IFS= read -r url; do
  aws sns publish --topic-arn "$ITEM_GEN_TOPIC" --message "{
    \"package_name\": \"stactools-glad-glclu2020\",
    \"group_name\": \"gladglclu2020\",
    \"create_item_args\": [\"$url\"]
  }"
done < urls.txt

Monitoring and Troubleshooting

• Monitor Lambda logs: /aws/lambda/{FunctionName}
• Check dead letter queue for failed generation attempts
• Use CloudWatch metrics to track processing rates and errors
• Failed items can be replayed from the dead letter queue

Supported Stactools Packages

Any package available on PyPI that follows the stactools plugin pattern can be used. Examples include:

• stactools-glad-global-forest-change
• stactools-glad-glclu2020
• stactools-landsat
• stactools-sentinel2

{@link https://stactools.readthedocs.io/} for stactools documentation

Initializers

import { StactoolsItemGenerator } from 'eoapi-cdk'

new StactoolsItemGenerator(scope: Construct, id: string, props: StactoolsItemGeneratorProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	StactoolsItemGeneratorProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: StactoolsItemGeneratorProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { StactoolsItemGenerator } from 'eoapi-cdk'

StactoolsItemGenerator.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
deadLetterQueue	aws-cdk-lib.aws_sqs.Queue	Dead letter queue for failed item generation attempts.
lambdaFunction	aws-cdk-lib.aws_lambda.DockerImageFunction	The containerized Lambda function that generates STAC items.
queue	aws-cdk-lib.aws_sqs.Queue	The SQS queue that buffers item generation requests.
topic	aws-cdk-lib.aws_sns.Topic	The SNS topic that receives item generation requests.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

deadLetterQueue^Required

public readonly deadLetterQueue: Queue;

• Type: aws-cdk-lib.aws_sqs.Queue

Dead letter queue for failed item generation attempts.

Messages that fail processing after 5 attempts are sent here for inspection and potential replay. This helps with debugging stactools package issues, network failures, or malformed requests.

---

lambdaFunction^Required

public readonly lambdaFunction: DockerImageFunction;

• Type: aws-cdk-lib.aws_lambda.DockerImageFunction

The containerized Lambda function that generates STAC items.

This Docker-based function dynamically installs stactools packages using uvx, processes source data, and publishes generated STAC items to the configured ItemLoad SNS topic.

---

queue^Required

public readonly queue: Queue;

• Type: aws-cdk-lib.aws_sqs.Queue

The SQS queue that buffers item generation requests.

This queue receives messages from the SNS topic containing ItemRequest payloads. It’s configured with a visibility timeout that matches the Lambda timeout plus buffer time to prevent duplicate processing.

---

topic^Required

public readonly topic: Topic;

• Type: aws-cdk-lib.aws_sns.Topic

The SNS topic that receives item generation requests.

External systems publish ItemRequest messages to this topic to trigger STAC item generation. The topic fans out to the SQS queue for processing.

---

TiPgApiLambda

Initializers

import { TiPgApiLambda } from 'eoapi-cdk'

new TiPgApiLambda(scope: Construct, id: string, props: TiPgApiLambdaProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	TiPgApiLambdaProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: TiPgApiLambdaProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { TiPgApiLambda } from 'eoapi-cdk'

TiPgApiLambda.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
url	string	No description.
tiPgLambdaFunction	aws-cdk-lib.aws_lambda.Function	No description.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

url^Required

public readonly url: string;

• Type: string

---

tiPgLambdaFunction^Required

public readonly tiPgLambdaFunction: Function;

• Type: aws-cdk-lib.aws_lambda.Function

---

TitilerPgstacApiLambda

Initializers

import { TitilerPgstacApiLambda } from 'eoapi-cdk'

new TitilerPgstacApiLambda(scope: Construct, id: string, props: TitilerPgStacApiLambdaProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	TitilerPgStacApiLambdaProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: TitilerPgStacApiLambdaProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { TitilerPgstacApiLambda } from 'eoapi-cdk'

TitilerPgstacApiLambda.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
url	string	No description.
titilerPgstacLambdaFunction	aws-cdk-lib.aws_lambda.Function	No description.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

url^Required

public readonly url: string;

• Type: string

---

titilerPgstacLambdaFunction^Required

public readonly titilerPgstacLambdaFunction: Function;

• Type: aws-cdk-lib.aws_lambda.Function

---

Structs

BastionHostProps

Initializer

import { BastionHostProps } from 'eoapi-cdk'

const bastionHostProps: BastionHostProps = { ... }

Properties

Name	Type	Description
db	aws-cdk-lib.aws_rds.IDatabaseInstance	No description.
ipv4Allowlist	string[]	No description.
userData	aws-cdk-lib.aws_ec2.UserData	No description.
vpc	aws-cdk-lib.aws_ec2.IVpc	No description.
createElasticIp	boolean	Whether or not an elastic IP should be created for the bastion host.
sshPort	number	No description.

---

db^Required

public readonly db: IDatabaseInstance;

• Type: aws-cdk-lib.aws_rds.IDatabaseInstance

---

ipv4Allowlist^Required

public readonly ipv4Allowlist: string[];

• Type: string[]

---

userData^Required

public readonly userData: UserData;

• Type: aws-cdk-lib.aws_ec2.UserData

---

vpc^Required

public readonly vpc: IVpc;

• Type: aws-cdk-lib.aws_ec2.IVpc

---

createElasticIp^Optional

public readonly createElasticIp: boolean;

• Type: boolean
• Default: false

Whether or not an elastic IP should be created for the bastion host.

---

sshPort^Optional

public readonly sshPort: number;

• Type: number

---

DatabaseParameters

Initializer

import { DatabaseParameters } from 'eoapi-cdk'

const databaseParameters: DatabaseParameters = { ... }

Properties

Name	Type	Description
effectiveCacheSize	string	No description.
maintenanceWorkMem	string	No description.
maxConnections	string	No description.
maxLocksPerTransaction	string	No description.
randomPageCost	string	No description.
seqPageCost	string	No description.
sharedBuffers	string	Note: This value is measured in 8KB blocks.
tempBuffers	string	No description.
workMem	string	No description.

---

effectiveCacheSize^Required

public readonly effectiveCacheSize: string;

• Type: string
• Default: 75% of instance memory

---

maintenanceWorkMem^Required

public readonly maintenanceWorkMem: string;

• Type: string
• Default: 25% of shared buffers

---

maxConnections^Required

public readonly maxConnections: string;

• Type: string
• Default: LEAST({DBInstanceClassMemory/9531392}, 5000)

---

maxLocksPerTransaction^Required

public readonly maxLocksPerTransaction: string;

• Type: string
• Default: 1024

---

randomPageCost^Required

public readonly randomPageCost: string;

• Type: string
• Default: 1.1

---

seqPageCost^Required

public readonly seqPageCost: string;

• Type: string
• Default: 1

---

sharedBuffers^Required

public readonly sharedBuffers: string;

• Type: string
• Default: ‘{DBInstanceClassMemory/32768}’ 25% of instance memory, ie {(DBInstanceClassMemory/(1024*8)) * 0.25}

Note: This value is measured in 8KB blocks.

---

tempBuffers^Required

public readonly tempBuffers: string;

• Type: string
• Default: 131172 (128 * 1024)

---

workMem^Required

public readonly workMem: string;

• Type: string
• Default: shared buffers divided by max connections

---

PgStacApiLambdaProps

Initializer

import { PgStacApiLambdaProps } from 'eoapi-cdk'

const pgStacApiLambdaProps: PgStacApiLambdaProps = { ... }

Properties

Name	Type	Description
db	aws-cdk-lib.aws_rds.IDatabaseInstance \| aws-cdk-lib.aws_ec2.IInstance	RDS Instance with installed pgSTAC or pgbouncer server.
dbSecret	aws-cdk-lib.aws_secretsmanager.ISecret	Secret containing connection information for pgSTAC database.
apiEnv	{[ key: string ]: string}	Customized environment variables to send to fastapi-pgstac runtime.
enabledExtensions	string[]	List of STAC API extensions to enable.
lambdaFunctionOptions	any	Can be used to override the default lambda function properties.
stacApiDomainName	aws-cdk-lib.aws_apigatewayv2.IDomainName	Custom Domain Name Options for STAC API,.
subnetSelection	aws-cdk-lib.aws_ec2.SubnetSelection	Subnet into which the lambda should be deployed.
vpc	aws-cdk-lib.aws_ec2.IVpc	VPC into which the lambda should be deployed.

---

db^Required

public readonly db: IDatabaseInstance | IInstance;

• Type: aws-cdk-lib.aws_rds.IDatabaseInstance

  aws-cdk-lib.aws_ec2.IInstance

RDS Instance with installed pgSTAC or pgbouncer server.

---

dbSecret^Required

public readonly dbSecret: ISecret;

• Type: aws-cdk-lib.aws_secretsmanager.ISecret

Secret containing connection information for pgSTAC database.

---

apiEnv^Optional

public readonly apiEnv: {[ key: string ]: string};

• Type: {[ key: string ]: string}

Customized environment variables to send to fastapi-pgstac runtime.

---

enabledExtensions^Optional

public readonly enabledExtensions: string[];

• Type: string[]
• Default: query, sort, fields, filter, free_text, pagniation, collection_search

List of STAC API extensions to enable.

---

lambdaFunctionOptions^Optional

public readonly lambdaFunctionOptions: any;

• Type: any
• Default: defined in the construct.

Can be used to override the default lambda function properties.

---

stacApiDomainName^Optional

public readonly stacApiDomainName: IDomainName;

• Type: aws-cdk-lib.aws_apigatewayv2.IDomainName

Custom Domain Name Options for STAC API,.

---

subnetSelection^Optional

public readonly subnetSelection: SubnetSelection;

• Type: aws-cdk-lib.aws_ec2.SubnetSelection

Subnet into which the lambda should be deployed.

---

vpc^Optional

public readonly vpc: IVpc;

• Type: aws-cdk-lib.aws_ec2.IVpc

VPC into which the lambda should be deployed.

---

PgStacDatabaseProps

Initializer

import { PgStacDatabaseProps } from 'eoapi-cdk'

const pgStacDatabaseProps: PgStacDatabaseProps = { ... }

Properties

Name	Type	Description
vpc	aws-cdk-lib.aws_ec2.IVpc	The VPC network where the DB subnet group should be created.
applyImmediately	boolean	Specifies whether changes to the DB instance and any pending modifications are applied immediately, regardless of the preferredMaintenanceWindow setting.
autoMinorVersionUpgrade	boolean	Indicates that minor engine upgrades are applied automatically to the DB instance during the maintenance window.
availabilityZone	string	The name of the Availability Zone where the DB instance will be located.
backupRetention	aws-cdk-lib.Duration	The number of days during which automatic DB snapshots are retained.
caCertificate	aws-cdk-lib.aws_rds.CaCertificate	The identifier of the CA certificate for this DB instance.
cloudwatchLogsExports	string[]	The list of log types that need to be enabled for exporting to CloudWatch Logs.
cloudwatchLogsRetention	aws-cdk-lib.aws_logs.RetentionDays	The number of days log events are kept in CloudWatch Logs.
cloudwatchLogsRetentionRole	aws-cdk-lib.aws_iam.IRole	The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
copyTagsToSnapshot	boolean	Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance.
deleteAutomatedBackups	boolean	Indicates whether automated backups should be deleted or retained when you delete a DB instance.
deletionProtection	boolean	Indicates whether the DB instance should have deletion protection enabled.
domain	string	The Active Directory directory ID to create the DB instance in.
domainRole	aws-cdk-lib.aws_iam.IRole	The IAM role to be used when making API calls to the Directory Service.
enablePerformanceInsights	boolean	Whether to enable Performance Insights for the DB instance.
iamAuthentication	boolean	Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts.
instanceIdentifier	string	A name for the DB instance.
iops	number	The number of I/O operations per second (IOPS) that the database provisions.
maxAllocatedStorage	number	Upper limit to which RDS can scale the storage in GiB(Gibibyte).
monitoringInterval	aws-cdk-lib.Duration	The interval, in seconds, between points when Amazon RDS collects enhanced monitoring metrics for the DB instance.
monitoringRole	aws-cdk-lib.aws_iam.IRole	Role that will be used to manage DB instance monitoring.
multiAz	boolean	Specifies if the database instance is a multiple Availability Zone deployment.
networkType	aws-cdk-lib.aws_rds.NetworkType	The network type of the DB instance.
optionGroup	aws-cdk-lib.aws_rds.IOptionGroup	The option group to associate with the instance.
parameterGroup	aws-cdk-lib.aws_rds.IParameterGroup	The DB parameter group to associate with the instance.
performanceInsightEncryptionKey	aws-cdk-lib.aws_kms.IKey	The AWS KMS key for encryption of Performance Insights data.
performanceInsightRetention	aws-cdk-lib.aws_rds.PerformanceInsightRetention	The amount of time, in days, to retain Performance Insights data.
port	number	The port for the instance.
preferredBackupWindow	string	The daily time range during which automated backups are performed.
preferredMaintenanceWindow	string	The weekly time range (in UTC) during which system maintenance can occur.
processorFeatures	aws-cdk-lib.aws_rds.ProcessorFeatures	The number of CPU cores and the number of threads per core.
publiclyAccessible	boolean	Indicates whether the DB instance is an internet-facing instance.
removalPolicy	aws-cdk-lib.RemovalPolicy	The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update.
s3ExportBuckets	aws-cdk-lib.aws_s3.IBucket[]	S3 buckets that you want to load data into.
s3ExportRole	aws-cdk-lib.aws_iam.IRole	Role that will be associated with this DB instance to enable S3 export.
s3ImportBuckets	aws-cdk-lib.aws_s3.IBucket[]	S3 buckets that you want to load data from.
s3ImportRole	aws-cdk-lib.aws_iam.IRole	Role that will be associated with this DB instance to enable S3 import.
securityGroups	aws-cdk-lib.aws_ec2.ISecurityGroup[]	The security groups to assign to the DB instance.
storageThroughput	number	The storage throughput, specified in mebibytes per second (MiBps).
storageType	aws-cdk-lib.aws_rds.StorageType	The storage type.
subnetGroup	aws-cdk-lib.aws_rds.ISubnetGroup	Existing subnet group for the instance.
vpcSubnets	aws-cdk-lib.aws_ec2.SubnetSelection	The type of subnets to add to the created DB subnet group.
engine	aws-cdk-lib.aws_rds.IInstanceEngine	The database engine.
allocatedStorage	number	The allocated storage size, specified in gibibytes (GiB).
allowMajorVersionUpgrade	boolean	Whether to allow major version upgrades.
databaseName	string	The name of the database.
instanceType	aws-cdk-lib.aws_ec2.InstanceType	The name of the compute and memory capacity for the instance.
licenseModel	aws-cdk-lib.aws_rds.LicenseModel	The license model.
parameters	{[ key: string ]: string}	The parameters in the DBParameterGroup to create automatically.
timezone	string	The time zone of the instance.
characterSetName	string	For supported engines, specifies the character set to associate with the DB instance.
credentials	aws-cdk-lib.aws_rds.Credentials	Credentials for the administrative user.
storageEncrypted	boolean	Indicates whether the DB instance is encrypted.
storageEncryptionKey	aws-cdk-lib.aws_kms.IKey	The KMS key that’s used to encrypt the DB instance.
addPgbouncer	boolean	Add pgbouncer instance for managing traffic to the pgSTAC database.
bootstrapperLambdaFunctionOptions	any	Can be used to override the default lambda function properties.
customResourceProperties	{[ key: string ]: any}	Lambda function Custom Resource properties.
pgbouncerInstanceProps	any	Properties for the pgbouncer ec2 instance.
pgstacDbName	string	Name of database that is to be created and onto which pgSTAC will be installed.
pgstacUsername	string	Name of user that will be generated for connecting to the pgSTAC database.
pgstacVersion	string	Version of pgstac to install on the database.
secretsPrefix	string	Prefix to assign to the generated secrets_manager.Secret.

---

vpc^Required

public readonly vpc: IVpc;

• Type: aws-cdk-lib.aws_ec2.IVpc

The VPC network where the DB subnet group should be created.

---

applyImmediately^Optional

public readonly applyImmediately: boolean;

• Type: boolean
• Default: Changes will be applied immediately

Specifies whether changes to the DB instance and any pending modifications are applied immediately, regardless of the preferredMaintenanceWindow setting.

If set to false, changes are applied during the next maintenance window.

Until RDS applies the changes, the DB instance remains in a drift state. As a result, the configuration doesn’t fully reflect the requested modifications and temporarily diverges from the intended state.

This property also determines whether the DB instance reboots when a static parameter is modified in the associated DB parameter group.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html

---

autoMinorVersionUpgrade^Optional

public readonly autoMinorVersionUpgrade: boolean;

• Type: boolean
• Default: true

Indicates that minor engine upgrades are applied automatically to the DB instance during the maintenance window.

---

availabilityZone^Optional

public readonly availabilityZone: string;

• Type: string
• Default: no preference

The name of the Availability Zone where the DB instance will be located.

---

backupRetention^Optional

public readonly backupRetention: Duration;

• Type: aws-cdk-lib.Duration
• Default: Duration.days(1) for source instances, disabled for read replicas

The number of days during which automatic DB snapshots are retained.

Set to zero to disable backups. When creating a read replica, you must enable automatic backups on the source database instance by setting the backup retention to a value other than zero.

---

caCertificate^Optional

public readonly caCertificate: CaCertificate;

• Type: aws-cdk-lib.aws_rds.CaCertificate
• Default: RDS will choose a certificate authority

The identifier of the CA certificate for this DB instance.

Specifying or updating this property triggers a reboot.

For RDS DB engines:

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html

---

cloudwatchLogsExports^Optional

public readonly cloudwatchLogsExports: string[];

• Type: string[]
• Default: no log exports

The list of log types that need to be enabled for exporting to CloudWatch Logs.

---

cloudwatchLogsRetention^Optional

public readonly cloudwatchLogsRetention: RetentionDays;

• Type: aws-cdk-lib.aws_logs.RetentionDays
• Default: logs never expire

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn’t remove the log retention policy. To remove the retention policy, set the value to Infinity.

---

cloudwatchLogsRetentionRole^Optional

public readonly cloudwatchLogsRetentionRole: IRole;

• Type: aws-cdk-lib.aws_iam.IRole
• Default: a new role is created.

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

---

copyTagsToSnapshot^Optional

public readonly copyTagsToSnapshot: boolean;

• Type: boolean
• Default: true

Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance.

---

deleteAutomatedBackups^Optional

public readonly deleteAutomatedBackups: boolean;

• Type: boolean
• Default: true

Indicates whether automated backups should be deleted or retained when you delete a DB instance.

---

deletionProtection^Optional

public readonly deletionProtection: boolean;

• Type: boolean
• Default: true if removalPolicy is RETAIN, false otherwise

Indicates whether the DB instance should have deletion protection enabled.

---

domain^Optional

public readonly domain: string;

• Type: string
• Default: Do not join domain

The Active Directory directory ID to create the DB instance in.

---

domainRole^Optional

public readonly domainRole: IRole;

• Type: aws-cdk-lib.aws_iam.IRole
• Default: The role will be created for you if DatabaseInstanceNewProps#domain is specified

The IAM role to be used when making API calls to the Directory Service.

The role needs the AWS-managed policy AmazonRDSDirectoryServiceAccess or equivalent.

---

enablePerformanceInsights^Optional

public readonly enablePerformanceInsights: boolean;

• Type: boolean
• Default: false, unless performanceInsightRetention or performanceInsightEncryptionKey is set.

Whether to enable Performance Insights for the DB instance.

---

iamAuthentication^Optional

public readonly iamAuthentication: boolean;

• Type: boolean
• Default: false

Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts.

---

instanceIdentifier^Optional

public readonly instanceIdentifier: string;

• Type: string
• Default: a CloudFormation generated name

A name for the DB instance.

If you specify a name, AWS CloudFormation converts it to lowercase.

---

iops^Optional

public readonly iops: number;

• Type: number
• Default: no provisioned iops if storage type is not specified. For GP3: 3,000 IOPS if allocated storage is less than 400 GiB for MariaDB, MySQL, and PostgreSQL, less than 200 GiB for Oracle and less than 20 GiB for SQL Server. 12,000 IOPS otherwise (except for SQL Server where the default is always 3,000 IOPS).

The number of I/O operations per second (IOPS) that the database provisions.

The value must be equal to or greater than 1000.

---

maxAllocatedStorage^Optional

public readonly maxAllocatedStorage: number;

• Type: number
• Default: No autoscaling of RDS instance

Upper limit to which RDS can scale the storage in GiB(Gibibyte).

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling

---

monitoringInterval^Optional

public readonly monitoringInterval: Duration;

• Type: aws-cdk-lib.Duration
• Default: no enhanced monitoring

The interval, in seconds, between points when Amazon RDS collects enhanced monitoring metrics for the DB instance.

---

monitoringRole^Optional

public readonly monitoringRole: IRole;

• Type: aws-cdk-lib.aws_iam.IRole
• Default: A role is automatically created for you

Role that will be used to manage DB instance monitoring.

---

multiAz^Optional

public readonly multiAz: boolean;

• Type: boolean
• Default: false

Specifies if the database instance is a multiple Availability Zone deployment.

---

networkType^Optional

public readonly networkType: NetworkType;

• Type: aws-cdk-lib.aws_rds.NetworkType
• Default: IPV4

The network type of the DB instance.

---

optionGroup^Optional

public readonly optionGroup: IOptionGroup;

• Type: aws-cdk-lib.aws_rds.IOptionGroup
• Default: no option group

The option group to associate with the instance.

---

parameterGroup^Optional

public readonly parameterGroup: IParameterGroup;

• Type: aws-cdk-lib.aws_rds.IParameterGroup
• Default: no parameter group

The DB parameter group to associate with the instance.

---

performanceInsightEncryptionKey^Optional

public readonly performanceInsightEncryptionKey: IKey;

• Type: aws-cdk-lib.aws_kms.IKey
• Default: default master key

The AWS KMS key for encryption of Performance Insights data.

---

performanceInsightRetention^Optional

public readonly performanceInsightRetention: PerformanceInsightRetention;

• Type: aws-cdk-lib.aws_rds.PerformanceInsightRetention
• Default: 7 this is the free tier

The amount of time, in days, to retain Performance Insights data.

---

port^Optional

public readonly port: number;

• Type: number
• Default: the default port for the chosen engine.

The port for the instance.

---

preferredBackupWindow^Optional

public readonly preferredBackupWindow: string;

• Type: string
• Default: a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow

The daily time range during which automated backups are performed.

Constraints:

• Must be in the format hh24:mi-hh24:mi.
• Must be in Universal Coordinated Time (UTC).
• Must not conflict with the preferred maintenance window.
• Must be at least 30 minutes.

---

preferredMaintenanceWindow^Optional

public readonly preferredMaintenanceWindow: string;

• Type: string
• Default: a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance

The weekly time range (in UTC) during which system maintenance can occur.

Format: ddd:hh24:mi-ddd:hh24:mi Constraint: Minimum 30-minute window

---

processorFeatures^Optional

public readonly processorFeatures: ProcessorFeatures;

• Type: aws-cdk-lib.aws_rds.ProcessorFeatures
• Default: the default number of CPU cores and threads per core for the chosen instance class. See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor

The number of CPU cores and the number of threads per core.

---

publiclyAccessible^Optional

public readonly publiclyAccessible: boolean;

• Type: boolean
• Default: true if the instance’s vpcSubnets is subnetType: SubnetType.PUBLIC, false otherwise

Indicates whether the DB instance is an internet-facing instance.

If not specified, the instance’s vpcSubnets will be used to determine if the instance is internet-facing or not.

---

removalPolicy^Optional

public readonly removalPolicy: RemovalPolicy;

• Type: aws-cdk-lib.RemovalPolicy
• Default: RemovalPolicy.SNAPSHOT (remove the resource, but retain a snapshot of the data)

The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update.

---

s3ExportBuckets^Optional

public readonly s3ExportBuckets: IBucket[];

• Type: aws-cdk-lib.aws_s3.IBucket[]
• Default: None

S3 buckets that you want to load data into.

This property must not be used if s3ExportRole is used.

For Microsoft SQL Server:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-s3-integration.html

---

s3ExportRole^Optional

public readonly s3ExportRole: IRole;

• Type: aws-cdk-lib.aws_iam.IRole
• Default: New role is created if s3ExportBuckets is set, no role is defined otherwise

Role that will be associated with this DB instance to enable S3 export.

This property must not be used if s3ExportBuckets is used.

For Microsoft SQL Server:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-s3-integration.html

---

s3ImportBuckets^Optional

public readonly s3ImportBuckets: IBucket[];

• Type: aws-cdk-lib.aws_s3.IBucket[]
• Default: None

S3 buckets that you want to load data from.

This feature is only supported by the Microsoft SQL Server, Oracle, and PostgreSQL engines.

This property must not be used if s3ImportRole is used.

For Microsoft SQL Server:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Procedural.Importing.html

---

s3ImportRole^Optional

public readonly s3ImportRole: IRole;

• Type: aws-cdk-lib.aws_iam.IRole
• Default: New role is created if s3ImportBuckets is set, no role is defined otherwise

Role that will be associated with this DB instance to enable S3 import.

This feature is only supported by the Microsoft SQL Server, Oracle, and PostgreSQL engines.

This property must not be used if s3ImportBuckets is used.

For Microsoft SQL Server:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Procedural.Importing.html

---

securityGroups^Optional

public readonly securityGroups: ISecurityGroup[];

• Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
• Default: a new security group is created

The security groups to assign to the DB instance.

---

storageThroughput^Optional

public readonly storageThroughput: number;

• Type: number
• Default: 125 MiBps if allocated storage is less than 400 GiB for MariaDB, MySQL, and PostgreSQL, less than 200 GiB for Oracle and less than 20 GiB for SQL Server. 500 MiBps otherwise (except for SQL Server where the default is always 125 MiBps).

The storage throughput, specified in mebibytes per second (MiBps).

Only applicable for GP3.

https://docs.aws.amazon.com//AmazonRDS/latest/UserGuide/CHAP_Storage.html#gp3-storage

---

storageType^Optional

public readonly storageType: StorageType;

• Type: aws-cdk-lib.aws_rds.StorageType
• Default: GP2

The storage type.

Storage types supported are gp2, io1, standard.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#Concepts.Storage.GeneralSSD

---

subnetGroup^Optional

public readonly subnetGroup: ISubnetGroup;

• Type: aws-cdk-lib.aws_rds.ISubnetGroup
• Default: a new subnet group will be created.

Existing subnet group for the instance.

---

vpcSubnets^Optional

public readonly vpcSubnets: SubnetSelection;

• Type: aws-cdk-lib.aws_ec2.SubnetSelection
• Default: private subnets

The type of subnets to add to the created DB subnet group.

---

engine^Required

public readonly engine: IInstanceEngine;

• Type: aws-cdk-lib.aws_rds.IInstanceEngine

The database engine.

---

allocatedStorage^Optional

public readonly allocatedStorage: number;

• Type: number
• Default: 100

The allocated storage size, specified in gibibytes (GiB).

---

allowMajorVersionUpgrade^Optional

public readonly allowMajorVersionUpgrade: boolean;

• Type: boolean
• Default: false

Whether to allow major version upgrades.

---

databaseName^Optional

public readonly databaseName: string;

• Type: string
• Default: no name

The name of the database.

---

instanceType^Optional

public readonly instanceType: InstanceType;

• Type: aws-cdk-lib.aws_ec2.InstanceType
• Default: m5.large (or, more specifically, db.m5.large)

The name of the compute and memory capacity for the instance.

---

licenseModel^Optional

public readonly licenseModel: LicenseModel;

• Type: aws-cdk-lib.aws_rds.LicenseModel
• Default: RDS default license model

The license model.

---

parameters^Optional

public readonly parameters: {[ key: string ]: string};

• Type: {[ key: string ]: string}
• Default: None

The parameters in the DBParameterGroup to create automatically.

You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBParameterGroup.

---

timezone^Optional

public readonly timezone: string;

• Type: string
• Default: RDS default timezone

The time zone of the instance.

This is currently supported only by Microsoft Sql Server.

---

characterSetName^Optional

public readonly characterSetName: string;

• Type: string
• Default: RDS default character set name

For supported engines, specifies the character set to associate with the DB instance.

---

credentials^Optional

public readonly credentials: Credentials;

• Type: aws-cdk-lib.aws_rds.Credentials
• Default: A username of ‘admin’ (or ‘postgres’ for PostgreSQL) and SecretsManager-generated password

Credentials for the administrative user.

---

storageEncrypted^Optional

public readonly storageEncrypted: boolean;

• Type: boolean
• Default: true if storageEncryptionKey has been provided, false otherwise

Indicates whether the DB instance is encrypted.

---

storageEncryptionKey^Optional

public readonly storageEncryptionKey: IKey;

• Type: aws-cdk-lib.aws_kms.IKey
• Default: default master key if storageEncrypted is true, no key otherwise

The KMS key that’s used to encrypt the DB instance.

---

addPgbouncer^Optional

public readonly addPgbouncer: boolean;

• Type: boolean
• Default: true

Add pgbouncer instance for managing traffic to the pgSTAC database.

---

bootstrapperLambdaFunctionOptions^Optional

public readonly bootstrapperLambdaFunctionOptions: any;

• Type: any
• Default: defined in the construct.

Can be used to override the default lambda function properties.

---

customResourceProperties^Optional

public readonly customResourceProperties: {[ key: string ]: any};

• Type: {[ key: string ]: any}

Lambda function Custom Resource properties.

A custom resource property is going to be created to trigger the boostrapping lambda function. This parameter allows the user to specify additional properties on top of the defaults ones.

---

pgbouncerInstanceProps^Optional

public readonly pgbouncerInstanceProps: any;

• Type: any
• Default: defined in the construct

Properties for the pgbouncer ec2 instance.

---

pgstacDbName^Optional

public readonly pgstacDbName: string;

• Type: string
• Default: pgstac

Name of database that is to be created and onto which pgSTAC will be installed.

---

pgstacUsername^Optional

public readonly pgstacUsername: string;

• Type: string
• Default: pgstac_user

Name of user that will be generated for connecting to the pgSTAC database.

---

pgstacVersion^Optional

public readonly pgstacVersion: string;

• Type: string
• Default: 0.8.5

Version of pgstac to install on the database.

---

secretsPrefix^Optional

public readonly secretsPrefix: string;

• Type: string
• Default: pgstac

Prefix to assign to the generated secrets_manager.Secret.

---

StacBrowserProps

Initializer

import { StacBrowserProps } from 'eoapi-cdk'

const stacBrowserProps: StacBrowserProps = { ... }

Properties

Name	Type	Description
githubRepoTag	string	Tag of the radiant earth stac-browser repo to use to build the app.
stacCatalogUrl	string	STAC catalog URL.
bucketArn	string	Bucket ARN.
cloneDirectory	string	Location in the filesystem where to compile the browser code.
cloudFrontDistributionArn	string	The ARN of the cloudfront distribution that will be added to the bucket policy with read access.
configFilePath	string	Path to config file for the STAC browser.
websiteIndexDocument	string	The name of the index document (e.g. “index.html”) for the website. Enables static website hosting for this bucket.

---

githubRepoTag^Required

public readonly githubRepoTag: string;

• Type: string

Tag of the radiant earth stac-browser repo to use to build the app.

---

stacCatalogUrl^Required

public readonly stacCatalogUrl: string;

• Type: string

STAC catalog URL.

Overrides the catalog URL in the stac-browser configuration.

---

bucketArn^Optional

public readonly bucketArn: string;

• Type: string
• Default: No bucket ARN. A new bucket will be created.

Bucket ARN.

If specified, the identity used to deploy the stack must have the appropriate permissions to create a deployment for this bucket. In addition, if specified, cloudFrontDistributionArn is ignored since the policy of an imported resource can’t be modified.

---

cloneDirectory^Optional

public readonly cloneDirectory: string;

• Type: string
• Default: DEFAULT_CLONE_DIRECTORY

Location in the filesystem where to compile the browser code.

---

cloudFrontDistributionArn^Optional

public readonly cloudFrontDistributionArn: string;

• Type: string
• Default: No cloudfront distribution ARN. The bucket policy will not be modified.

The ARN of the cloudfront distribution that will be added to the bucket policy with read access.

If bucketArn is specified, this parameter is ignored since the policy of an imported bucket can’t be modified.

---

configFilePath^Optional

public readonly configFilePath: string;

• Type: string

Path to config file for the STAC browser.

If not provided, default configuration in the STAC browser repository is used.

---

websiteIndexDocument^Optional

public readonly websiteIndexDocument: string;

• Type: string
• Default: No index document.

The name of the index document (e.g. “index.html”) for the website. Enables static website hosting for this bucket.

---

StacIngestorProps

Initializer

import { StacIngestorProps } from 'eoapi-cdk'

const stacIngestorProps: StacIngestorProps = { ... }

Properties

Name	Type	Description
dataAccessRole	aws-cdk-lib.aws_iam.IRole	ARN of AWS Role used to validate access to S3 data.
stacDbSecret	aws-cdk-lib.aws_secretsmanager.ISecret	Secret containing pgSTAC DB connection information.
stacDbSecurityGroup	aws-cdk-lib.aws_ec2.ISecurityGroup	Security Group used by pgSTAC DB.
stacUrl	string	URL of STAC API.
stage	string	Stage of deployment (e.g. dev, prod).
apiEndpointConfiguration	aws-cdk-lib.aws_apigateway.EndpointConfiguration	API Endpoint Configuration, useful for creating private APIs.
apiEnv	{[ key: string ]: string}	Environment variables to be sent to Lambda.
apiLambdaFunctionOptions	any	Can be used to override the default lambda function properties.
apiPolicy	aws-cdk-lib.aws_iam.PolicyDocument	API Policy Document, useful for creating private APIs.
ingestorDomainNameOptions	aws-cdk-lib.aws_apigateway.DomainNameOptions	Custom Domain Name Options for Ingestor API.
ingestorLambdaFunctionOptions	any	Can be used to override the default lambda function properties.
pgstacVersion	string	pgstac version - must match the version installed on the pgstac database.
subnetSelection	aws-cdk-lib.aws_ec2.SubnetSelection	Subnet into which the lambda should be deployed if using a VPC.
vpc	aws-cdk-lib.aws_ec2.IVpc	VPC running pgSTAC DB.

---

dataAccessRole^Required

public readonly dataAccessRole: IRole;

• Type: aws-cdk-lib.aws_iam.IRole

ARN of AWS Role used to validate access to S3 data.

---

stacDbSecret^Required

public readonly stacDbSecret: ISecret;

• Type: aws-cdk-lib.aws_secretsmanager.ISecret

Secret containing pgSTAC DB connection information.

---

stacDbSecurityGroup^Required

public readonly stacDbSecurityGroup: ISecurityGroup;

• Type: aws-cdk-lib.aws_ec2.ISecurityGroup

Security Group used by pgSTAC DB.

---

stacUrl^Required

public readonly stacUrl: string;

• Type: string

URL of STAC API.

---

stage^Required

public readonly stage: string;

• Type: string

Stage of deployment (e.g. dev, prod).

---

apiEndpointConfiguration^Optional

public readonly apiEndpointConfiguration: EndpointConfiguration;

• Type: aws-cdk-lib.aws_apigateway.EndpointConfiguration

API Endpoint Configuration, useful for creating private APIs.

---

apiEnv^Optional

public readonly apiEnv: {[ key: string ]: string};

• Type: {[ key: string ]: string}

Environment variables to be sent to Lambda.

---

apiLambdaFunctionOptions^Optional

public readonly apiLambdaFunctionOptions: any;

• Type: any
• Default: default settings are defined in the construct.

Can be used to override the default lambda function properties.

---

apiPolicy^Optional

public readonly apiPolicy: PolicyDocument;

• Type: aws-cdk-lib.aws_iam.PolicyDocument

API Policy Document, useful for creating private APIs.

---

ingestorDomainNameOptions^Optional

public readonly ingestorDomainNameOptions: DomainNameOptions;

• Type: aws-cdk-lib.aws_apigateway.DomainNameOptions

Custom Domain Name Options for Ingestor API.

---

ingestorLambdaFunctionOptions^Optional

public readonly ingestorLambdaFunctionOptions: any;

• Type: any
• Default: default settings are defined in the construct.

Can be used to override the default lambda function properties.

---

pgstacVersion^Optional

public readonly pgstacVersion: string;

• Type: string
• Default: default settings are defined in the construct

pgstac version - must match the version installed on the pgstac database.

---

subnetSelection^Optional

public readonly subnetSelection: SubnetSelection;

• Type: aws-cdk-lib.aws_ec2.SubnetSelection

Subnet into which the lambda should be deployed if using a VPC.

---

vpc^Optional

public readonly vpc: IVpc;

• Type: aws-cdk-lib.aws_ec2.IVpc

VPC running pgSTAC DB.

---

StacItemLoaderProps

Configuration properties for the StacItemLoader construct.

The StacItemLoader is part of a two-phase serverless STAC ingestion pipeline that loads STAC items into a pgstac database. This construct creates the infrastructure for receiving STAC items from multiple sources:

1. SNS messages containing STAC metadata (direct ingestion)
2. S3 event notifications for STAC items uploaded to S3 buckets

Items from both sources are batched and inserted into PostgreSQL with the pgstac extension.

Example

const loader = new StacItemLoader(this, 'ItemLoader', {
  pgstacDb: database,
  batchSize: 1000,
  maxBatchingWindowMinutes: 1,
  lambdaTimeoutSeconds: 300
});

Initializer

import { StacItemLoaderProps } from 'eoapi-cdk'

const stacItemLoaderProps: StacItemLoaderProps = { ... }

Properties

Name	Type	Description
pgstacDb	PgStacDatabase	The PgSTAC database instance to load items into.
batchSize	number	SQS batch size for lambda event source.
environment	{[ key: string ]: string}	Additional environment variables for the lambda function.
lambdaRuntime	aws-cdk-lib.aws_lambda.Runtime	The lambda runtime to use for the item loading function.
lambdaTimeoutSeconds	number	The timeout for the item load lambda in seconds.
maxBatchingWindowMinutes	number	Maximum batching window in minutes.
maxConcurrency	number	Maximum concurrent executions for the StacItemLoader Lambda function.
memorySize	number	Memory size for the lambda function in MB.

---

pgstacDb^Required

public readonly pgstacDb: PgStacDatabase;

• Type: PgStacDatabase

The PgSTAC database instance to load items into.

This database must have the pgstac extension installed and be properly configured with collections before items can be loaded. The loader will use AWS Secrets Manager to securely access database credentials.

---

batchSize^Optional

public readonly batchSize: number;

• Type: number
• Default: 500

SQS batch size for lambda event source.

This determines the maximum number of STAC items that will be processed together in a single lambda invocation. Larger batch sizes improve database insertion efficiency but require more memory and longer processing time.

Batching Behavior: SQS will wait to accumulate up to this many messages before triggering the Lambda, OR until the maxBatchingWindow timeout is reached, whichever comes first. This creates an efficient balance between throughput and latency.

---

environment^Optional

public readonly environment: {[ key: string ]: string};

• Type: {[ key: string ]: string}

Additional environment variables for the lambda function.

These will be merged with the default environment variables including PGSTAC_SECRET_ARN. Use this for custom configuration or debugging flags.

---

lambdaRuntime^Optional

public readonly lambdaRuntime: Runtime;

• Type: aws-cdk-lib.aws_lambda.Runtime
• Default: lambda.Runtime.PYTHON_3_11

The lambda runtime to use for the item loading function.

The function is implemented in Python and uses pypgstac for database operations. Ensure the runtime version is compatible with the pgstac version specified in the database configuration.

---

lambdaTimeoutSeconds^Optional

public readonly lambdaTimeoutSeconds: number;

• Type: number
• Default: 300

The timeout for the item load lambda in seconds.

This should accommodate the time needed to process up to batchSize items and perform database insertions. The SQS visibility timeout will be set to this value plus 10 seconds.

---

maxBatchingWindowMinutes^Optional

public readonly maxBatchingWindowMinutes: number;

• Type: number
• Default: 1

Maximum batching window in minutes.

Even if the batch size isn’t reached, the lambda will be triggered after this time period to ensure timely processing of items. This prevents items from waiting indefinitely in low-volume scenarios.

Important: This timeout works in conjunction with batchSize - SQS will trigger the Lambda when EITHER the batch size is reached OR this time window expires, ensuring items are processed in a timely manner regardless of volume.

---

maxConcurrency^Optional

public readonly maxConcurrency: number;

• Type: number
• Default: 2

Maximum concurrent executions for the StacItemLoader Lambda function.

This limit will be applied to the Lambda function and will control how many concurrent batches will be released from the SQS queue.

---

memorySize^Optional

public readonly memorySize: number;

• Type: number
• Default: 1024

Memory size for the lambda function in MB.

Higher memory allocation may improve performance when processing large batches of STAC items, especially for memory-intensive database operations.

---

StactoolsItemGeneratorProps

Configuration properties for the StactoolsItemGenerator construct.

The StactoolsItemGenerator is part of a two-phase serverless STAC ingestion pipeline that generates STAC items from source data. This construct creates the infrastructure for the first phase of the pipeline - processing metadata about assets and transforming them into standardized STAC items.

Example

const generator = new StactoolsItemGenerator(this, 'ItemGenerator', {
  itemLoadTopicArn: loader.topic.topicArn,
  lambdaTimeoutSeconds: 120,
  maxConcurrency: 100,
  batchSize: 10
});

Initializer

import { StactoolsItemGeneratorProps } from 'eoapi-cdk'

const stactoolsItemGeneratorProps: StactoolsItemGeneratorProps = { ... }

Properties

Name	Type	Description
itemLoadTopicArn	string	ARN of the SNS topic to publish generated items to.
batchSize	number	SQS batch size for lambda event source.
environment	{[ key: string ]: string}	Additional environment variables for the lambda function.
lambdaRuntime	aws-cdk-lib.aws_lambda.Runtime	The lambda runtime to use for the item generation function.
lambdaTimeoutSeconds	number	The timeout for the item generation lambda in seconds.
maxConcurrency	number	Maximum number of concurrent executions.
memorySize	number	Memory size for the lambda function in MB.

---

itemLoadTopicArn^Required

public readonly itemLoadTopicArn: string;

• Type: string

ARN of the SNS topic to publish generated items to.

This is typically the topic from a StacItemLoader construct. Generated STAC items will be published here for downstream processing and database insertion.

---

batchSize^Optional

public readonly batchSize: number;

• Type: number
• Default: 10

SQS batch size for lambda event source.

This determines how many generation requests are processed together in a single lambda invocation. Unlike the loader, generation typically processes items individually, so smaller batch sizes are common.

---

environment^Optional

public readonly environment: {[ key: string ]: string};

• Type: {[ key: string ]: string}

Additional environment variables for the lambda function.

These will be merged with default environment variables including ITEM_LOAD_TOPIC_ARN and LOG_LEVEL. Use this for custom configuration or to pass credentials for external data sources.

---

lambdaRuntime^Optional

public readonly lambdaRuntime: Runtime;

• Type: aws-cdk-lib.aws_lambda.Runtime
• Default: lambda.Runtime.PYTHON_3_11

The lambda runtime to use for the item generation function.

The function is containerized using Docker and can accommodate various stactools packages. The runtime version should be compatible with the packages you plan to use for STAC item generation.

---

lambdaTimeoutSeconds^Optional

public readonly lambdaTimeoutSeconds: number;

• Type: number
• Default: 120

The timeout for the item generation lambda in seconds.

This should accommodate the time needed to:

• Install stactools packages using uvx
• Download and process source data
• Generate STAC metadata
• Publish results to SNS

The SQS visibility timeout will be set to this value plus 10 seconds.

---

maxConcurrency^Optional

public readonly maxConcurrency: number;

• Type: number
• Default: 100

Maximum number of concurrent executions.

This controls how many item generation tasks can run simultaneously. Higher concurrency enables faster processing of large batches but may strain downstream systems or external data sources.

---

memorySize^Optional

public readonly memorySize: number;

• Type: number
• Default: 1024

Memory size for the lambda function in MB.

Higher memory allocation may be needed for processing large geospatial datasets or when stactools packages have high memory requirements. More memory also provides proportionally more CPU power.

---

TiPgApiLambdaProps

Initializer

import { TiPgApiLambdaProps } from 'eoapi-cdk'

const tiPgApiLambdaProps: TiPgApiLambdaProps = { ... }

Properties

Name	Type	Description
db	aws-cdk-lib.aws_rds.IDatabaseInstance \| aws-cdk-lib.aws_ec2.IInstance	RDS Instance with installed pgSTAC or pgbouncer server.
dbSecret	aws-cdk-lib.aws_secretsmanager.ISecret	Secret containing connection information for pgSTAC database.
apiEnv	{[ key: string ]: string}	Customized environment variables to send to titiler-pgstac runtime.
lambdaFunctionOptions	any	Can be used to override the default lambda function properties.
subnetSelection	aws-cdk-lib.aws_ec2.SubnetSelection	Subnet into which the lambda should be deployed.
tipgApiDomainName	aws-cdk-lib.aws_apigatewayv2.IDomainName	Custom Domain Name for tipg API.
vpc	aws-cdk-lib.aws_ec2.IVpc	VPC into which the lambda should be deployed.

---

db^Required

public readonly db: IDatabaseInstance | IInstance;

• Type: aws-cdk-lib.aws_rds.IDatabaseInstance

  aws-cdk-lib.aws_ec2.IInstance

RDS Instance with installed pgSTAC or pgbouncer server.

---

dbSecret^Required

public readonly dbSecret: ISecret;

• Type: aws-cdk-lib.aws_secretsmanager.ISecret

Secret containing connection information for pgSTAC database.

---

apiEnv^Optional

public readonly apiEnv: {[ key: string ]: string};

• Type: {[ key: string ]: string}

Customized environment variables to send to titiler-pgstac runtime.

---

lambdaFunctionOptions^Optional

public readonly lambdaFunctionOptions: any;

• Type: any
• Default: defined in the construct.

Can be used to override the default lambda function properties.

---

subnetSelection^Optional

public readonly subnetSelection: SubnetSelection;

• Type: aws-cdk-lib.aws_ec2.SubnetSelection

Subnet into which the lambda should be deployed.

---

tipgApiDomainName^Optional

public readonly tipgApiDomainName: IDomainName;

• Type: aws-cdk-lib.aws_apigatewayv2.IDomainName
• Default: undefined

Custom Domain Name for tipg API.

If defined, will create the domain name and integrate it with the tipg API.

---

vpc^Optional

public readonly vpc: IVpc;

• Type: aws-cdk-lib.aws_ec2.IVpc

VPC into which the lambda should be deployed.

---

TitilerPgStacApiLambdaProps

Initializer

import { TitilerPgStacApiLambdaProps } from 'eoapi-cdk'

const titilerPgStacApiLambdaProps: TitilerPgStacApiLambdaProps = { ... }

Properties

Name	Type	Description
db	aws-cdk-lib.aws_rds.IDatabaseInstance \| aws-cdk-lib.aws_ec2.IInstance	RDS Instance with installed pgSTAC or pgbouncer server.
dbSecret	aws-cdk-lib.aws_secretsmanager.ISecret	Secret containing connection information for pgSTAC database.
apiEnv	{[ key: string ]: string}	Customized environment variables to send to titiler-pgstac runtime.
buckets	string[]	list of buckets the lambda will be granted access to.
lambdaFunctionOptions	any	Can be used to override the default lambda function properties.
subnetSelection	aws-cdk-lib.aws_ec2.SubnetSelection	Subnet into which the lambda should be deployed.
titilerPgstacApiDomainName	aws-cdk-lib.aws_apigatewayv2.IDomainName	Custom Domain Name Options for Titiler Pgstac API,.
vpc	aws-cdk-lib.aws_ec2.IVpc	VPC into which the lambda should be deployed.

---

db^Required

public readonly db: IDatabaseInstance | IInstance;

• Type: aws-cdk-lib.aws_rds.IDatabaseInstance

  aws-cdk-lib.aws_ec2.IInstance

RDS Instance with installed pgSTAC or pgbouncer server.

---

dbSecret^Required

public readonly dbSecret: ISecret;

• Type: aws-cdk-lib.aws_secretsmanager.ISecret

Secret containing connection information for pgSTAC database.

---

apiEnv^Optional

public readonly apiEnv: {[ key: string ]: string};

• Type: {[ key: string ]: string}

Customized environment variables to send to titiler-pgstac runtime.

These will be merged with defaultTitilerPgstacEnv. The database secret arn is automatically added to the environment variables at deployment. /

---

buckets^Optional

public readonly buckets: string[];

• Type: string[]

list of buckets the lambda will be granted access to.

---

lambdaFunctionOptions^Optional

public readonly lambdaFunctionOptions: any;

• Type: any
• Default: defined in the construct.

Can be used to override the default lambda function properties.

---

subnetSelection^Optional

public readonly subnetSelection: SubnetSelection;

• Type: aws-cdk-lib.aws_ec2.SubnetSelection

Subnet into which the lambda should be deployed.

---

titilerPgstacApiDomainName^Optional

public readonly titilerPgstacApiDomainName: IDomainName;

• Type: aws-cdk-lib.aws_apigatewayv2.IDomainName
• Default: undefined.

Custom Domain Name Options for Titiler Pgstac API,.

---

vpc^Optional

public readonly vpc: IVpc;

• Type: aws-cdk-lib.aws_ec2.IVpc

VPC into which the lambda should be deployed.

---