The database is located in an isolated subnet, meaning that it is not accessible from the public internet.
As such, to interact with the database directly, a user must tunnel through a bastion host.
This codebase controls who is allowed to connect to the bastion host. This requires two steps:
ipv4Allowlist
arrayuserdata.yaml
ipv4Allowlist
arrayThe BastionHost
construct takes in an ipv4Allowlist
array as an argument. Find your IP address (eg curl api.ipify.org
) and add that to the array along with the trailing CIDR block (likely /32
to indicate that you are adding a single IP address).
userdata.yaml
Add an entry to the users
array with a username (likely matching your local systems username, which you can get by running the whoami
command in your terminal) and a public key (likely your default public key, which you can get by running cat ~/.ssh/id_*.pub
in your terminal).
Connecting to RDS Instance via SSM
aws ssm start-session --target $INSTANCE_ID \
--document-name AWS-StartPortForwardingSessionToRemoteHost \
--parameters '{
"host": [
"example-db.c5abcdefghij.us-west-2.rds.amazonaws.com"
],
"portNumber": [
"5432"
],
"localPortNumber": [
"9999"
]
}' \
--profile $AWS_PROFILE
psql -h localhost -p 9999 # continue adding username (-U) and db (-d) here...
Connect directly to Bastion Host:
aws ssm start-session --target $INSTANCE_ID --profile $AWS_PROFILE
Setting up an SSH tunnel
In your ~/.ssh/config
file, add an entry like:
Host db-tunnel
Hostname {the-bastion-host-address}
LocalForward 9999 {the-db-hostname}:5432
Then a tunnel can be opened via:
ssh -N db-tunnel
And a connection to the DB can be made via:
psql -h 127.0.0.1 -p 9999 -U {username} -d {database}
Handling REMOTE HOST IDENTIFICATION HAS CHANGED!
error
If you’ve redeployed a bastion host that you’ve previously connected to, you may see an error like:
#### Initializers <a name="Initializers" id="eoapi-cdk.BastionHost.Initializer"></a>
```typescript
import { BastionHost } from 'eoapi-cdk'
new BastionHost(scope: Construct, id: string, props: BastionHostProps)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
No description. |
id |
string |
No description. |
props |
BastionHostProps |
No description. |
scope
Required id
Required props
Required Name | Description |
---|---|
toString |
Returns a string representation of this construct. |
toString
public toString(): string
Returns a string representation of this construct.
Name | Description |
---|---|
isConstruct |
Checks if x is a construct. |
isConstruct
import { BastionHost } from 'eoapi-cdk'
BastionHost.isConstruct(x: any)
Checks if x
is a construct.
Use this method instead of instanceof
to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs
library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct
in each copy of the constructs
library
is seen as a different class, and an instance of one class will not test as
instanceof
the other class. npm install
will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof
will behave
unpredictably. It is safest to avoid using instanceof
, and using
this type-testing method instead.
x
Required Any object.
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
instance |
aws-cdk-lib.aws_ec2.Instance |
No description. |
node
Required public readonly node: Node;
The tree node.
instance
Required public readonly instance: Instance;
import { PgStacApiLambda } from 'eoapi-cdk'
new PgStacApiLambda(scope: Construct, id: string, props: PgStacApiLambdaProps)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
No description. |
id |
string |
No description. |
props |
PgStacApiLambdaProps |
No description. |
scope
Required id
Required props
Required Name | Description |
---|---|
toString |
Returns a string representation of this construct. |
toString
public toString(): string
Returns a string representation of this construct.
Name | Description |
---|---|
isConstruct |
Checks if x is a construct. |
isConstruct
import { PgStacApiLambda } from 'eoapi-cdk'
PgStacApiLambda.isConstruct(x: any)
Checks if x
is a construct.
Use this method instead of instanceof
to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs
library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct
in each copy of the constructs
library
is seen as a different class, and an instance of one class will not test as
instanceof
the other class. npm install
will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof
will behave
unpredictably. It is safest to avoid using instanceof
, and using
this type-testing method instead.
x
Required Any object.
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
url |
string |
No description. |
stacApiLambdaFunction |
aws-cdk-lib.aws_lambda.Function |
No description. |
node
Required public readonly node: Node;
The tree node.
url
Required public readonly url: string;
stacApiLambdaFunction
Required public readonly stacApiLambdaFunction: Function;
An RDS instance with pgSTAC installed.
This is a wrapper around the
rds.DatabaseInstance
higher-level construct making use
of the BootstrapPgStac construct.
import { PgStacDatabase } from 'eoapi-cdk'
new PgStacDatabase(scope: Construct, id: string, props: PgStacDatabaseProps)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
No description. |
id |
string |
No description. |
props |
PgStacDatabaseProps |
No description. |
scope
Required id
Required props
Required Name | Description |
---|---|
toString |
Returns a string representation of this construct. |
getParameters |
No description. |
toString
public toString(): string
Returns a string representation of this construct.
getParameters
public getParameters(instanceType: string, parameters?: {[ key: string ]: string}): DatabaseParameters
instanceType
Required parameters
Optional Name | Description |
---|---|
isConstruct |
Checks if x is a construct. |
isConstruct
import { PgStacDatabase } from 'eoapi-cdk'
PgStacDatabase.isConstruct(x: any)
Checks if x
is a construct.
Use this method instead of instanceof
to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs
library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct
in each copy of the constructs
library
is seen as a different class, and an instance of one class will not test as
instanceof
the other class. npm install
will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof
will behave
unpredictably. It is safest to avoid using instanceof
, and using
this type-testing method instead.
x
Required Any object.
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
connectionTarget |
aws-cdk-lib.aws_ec2.Instance \| aws-cdk-lib.aws_rds.IDatabaseInstance |
No description. |
pgstacVersion |
string |
No description. |
secretBootstrapper |
aws-cdk-lib.CustomResource |
No description. |
securityGroup |
aws-cdk-lib.aws_ec2.SecurityGroup |
No description. |
db |
aws-cdk-lib.aws_rds.DatabaseInstance |
No description. |
pgstacSecret |
aws-cdk-lib.aws_secretsmanager.ISecret |
No description. |
node
Required public readonly node: Node;
The tree node.
connectionTarget
Required public readonly connectionTarget: Instance | IDatabaseInstance;
Type: aws-cdk-lib.aws_ec2.Instance | aws-cdk-lib.aws_rds.IDatabaseInstance |
pgstacVersion
Required public readonly pgstacVersion: string;
secretBootstrapper
Optional public readonly secretBootstrapper: CustomResource;
securityGroup
Optional public readonly securityGroup: SecurityGroup;
db
Required public readonly db: DatabaseInstance;
pgstacSecret
Required public readonly pgstacSecret: ISecret;
import { StacBrowser } from 'eoapi-cdk'
new StacBrowser(scope: Construct, id: string, props: StacBrowserProps)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
No description. |
id |
string |
No description. |
props |
StacBrowserProps |
No description. |
scope
Required id
Required props
Required Name | Description |
---|---|
toString |
Returns a string representation of this construct. |
toString
public toString(): string
Returns a string representation of this construct.
Name | Description |
---|---|
isConstruct |
Checks if x is a construct. |
isConstruct
import { StacBrowser } from 'eoapi-cdk'
StacBrowser.isConstruct(x: any)
Checks if x
is a construct.
Use this method instead of instanceof
to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs
library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct
in each copy of the constructs
library
is seen as a different class, and an instance of one class will not test as
instanceof
the other class. npm install
will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof
will behave
unpredictably. It is safest to avoid using instanceof
, and using
this type-testing method instead.
x
Required Any object.
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
bucket |
aws-cdk-lib.aws_s3.IBucket |
No description. |
bucketDeployment |
aws-cdk-lib.aws_s3_deployment.BucketDeployment |
No description. |
node
Required public readonly node: Node;
The tree node.
bucket
Required public readonly bucket: IBucket;
bucketDeployment
Required public readonly bucketDeployment: BucketDeployment;
import { StacIngestor } from 'eoapi-cdk'
new StacIngestor(scope: Construct, id: string, props: StacIngestorProps)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
No description. |
id |
string |
No description. |
props |
StacIngestorProps |
No description. |
scope
Required id
Required props
Required Name | Description |
---|---|
toString |
Returns a string representation of this construct. |
toString
public toString(): string
Returns a string representation of this construct.
Name | Description |
---|---|
isConstruct |
Checks if x is a construct. |
isConstruct
import { StacIngestor } from 'eoapi-cdk'
StacIngestor.isConstruct(x: any)
Checks if x
is a construct.
Use this method instead of instanceof
to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs
library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct
in each copy of the constructs
library
is seen as a different class, and an instance of one class will not test as
instanceof
the other class. npm install
will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof
will behave
unpredictably. It is safest to avoid using instanceof
, and using
this type-testing method instead.
x
Required Any object.
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
handlerRole |
aws-cdk-lib.aws_iam.Role |
No description. |
table |
aws-cdk-lib.aws_dynamodb.Table |
No description. |
node
Required public readonly node: Node;
The tree node.
handlerRole
Required public readonly handlerRole: Role;
table
Required public readonly table: Table;
AWS CDK Construct for STAC Item Loading Infrastructure.
The StacItemLoader creates a serverless, event-driven system for loading STAC (SpatioTemporal Asset Catalog) items into a PostgreSQL database with the pgstac extension. This construct supports multiple ingestion pathways for flexible STAC item loading.
This construct creates the following AWS resources:
The loader supports two primary data ingestion patterns:
The SQS-to-Lambda integration uses intelligent batching to optimize performance:
batchSize
messages (default: 500)batchSize
messages are available, Lambda
triggers after maxBatchingWindow
minutes (default: 1 minute)maxConcurrency
concurrent executions to prevent database overloadreportBatchItemFailures
to retry only failed itemsThis approach balances throughput (larger batches = fewer database connections) with latency (time-based triggers prevent indefinite waiting).
Failed messages are sent to the dead letter queue after 5 processing attempts. Important: This construct provides NO automated handling of dead letter queue messages - monitoring, inspection, and reprocessing of failed items is the responsibility of the implementing application.
Consider implementing:
Before using this construct, ensure:
// Create database first
const database = new PgStacDatabase(this, 'Database', {
pgstacVersion: '0.9.5'
});
// Create item loader
const loader = new StacItemLoader(this, 'ItemLoader', {
pgstacDb: database,
batchSize: 1000, // Process up to 1000 items per batch
maxBatchingWindowMinutes: 1, // Wait max 1 minute to fill batch
lambdaTimeoutSeconds: 300 // Allow up to 300 seconds for database operations
});
// The topic ARN can be used by other services to publish items
new CfnOutput(this, 'LoaderTopicArn', {
value: loader.topic.topicArn
});
External services can publish STAC items directly to the topic:
aws sns publish --topic-arn $ITEM_LOAD_TOPIC --message '{
"type": "Feature",
"stac_version": "1.0.0",
"id": "example-item",
"properties": {"datetime": "2021-01-01T00:00:00Z"},
"geometry": {"type": "Polygon", "coordinates": [...]},
"collection": "example-collection"
}'
To enable S3 event-driven loading, configure S3 bucket notifications to send events to the SNS topic when STAC items (.json or .geojson files) are uploaded:
// Configure S3 bucket to send notifications to the loader topic
bucket.addEventNotification(
s3.EventType.OBJECT_CREATED,
new s3n.SnsDestination(loader.topic),
{ suffix: '.json' }
);
bucket.addEventNotification(
s3.EventType.OBJECT_CREATED,
new s3n.SnsDestination(loader.topic),
{ suffix: '.geojson' }
);
When STAC items are uploaded to the configured S3 bucket, the loader will:
/aws/lambda/{FunctionName}
Applications must implement their own dead letter queue monitoring:
// Example: CloudWatch alarm for dead letter queue depth
new cloudwatch.Alarm(this, 'DeadLetterAlarm', {
metric: loader.deadLetterQueue.metricApproximateNumberOfVisibleMessages(),
threshold: 1,
evaluationPeriods: 1
});
// Example: Lambda to reprocess dead letter messages
const reprocessFunction = new lambda.Function(this, 'Reprocess', {
// Implementation to fetch and republish failed messages
});
import { StacItemLoader } from 'eoapi-cdk'
new StacItemLoader(scope: Construct, id: string, props: StacItemLoaderProps)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
No description. |
id |
string |
No description. |
props |
StacItemLoaderProps |
No description. |
scope
Required id
Required props
Required Name | Description |
---|---|
toString |
Returns a string representation of this construct. |
toString
public toString(): string
Returns a string representation of this construct.
Name | Description |
---|---|
isConstruct |
Checks if x is a construct. |
isConstruct
import { StacItemLoader } from 'eoapi-cdk'
StacItemLoader.isConstruct(x: any)
Checks if x
is a construct.
Use this method instead of instanceof
to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs
library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct
in each copy of the constructs
library
is seen as a different class, and an instance of one class will not test as
instanceof
the other class. npm install
will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof
will behave
unpredictably. It is safest to avoid using instanceof
, and using
this type-testing method instead.
x
Required Any object.
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
deadLetterQueue |
aws-cdk-lib.aws_sqs.Queue |
Dead letter queue for failed item loading attempts. |
lambdaFunction |
aws-cdk-lib.aws_lambda.Function |
The Lambda function that loads STAC items into the pgstac database. |
queue |
aws-cdk-lib.aws_sqs.Queue |
The SQS queue that buffers messages before processing. |
topic |
aws-cdk-lib.aws_sns.Topic |
The SNS topic that receives STAC items and S3 event notifications for loading. |
node
Required public readonly node: Node;
The tree node.
deadLetterQueue
Required public readonly deadLetterQueue: Queue;
Dead letter queue for failed item loading attempts.
Messages that fail processing after 5 attempts are sent here for inspection and potential replay. Retains messages for 14 days to allow for debugging and manual intervention.
User Responsibility: This construct provides NO automated monitoring, alerting, or reprocessing of dead letter queue messages. Applications using this construct must implement their own:
lambdaFunction
Required public readonly lambdaFunction: Function;
The Lambda function that loads STAC items into the pgstac database.
This Python function receives batches of messages from SQS and processes them based on their type:
The function connects to PostgreSQL using credentials from Secrets Manager and uses pypgstac for efficient database operations.
queue
Required public readonly queue: Queue;
The SQS queue that buffers messages before processing.
This queue collects both direct STAC items from SNS and S3 event notifications, batching them for efficient database operations. Configured with a visibility timeout that accommodates Lambda processing time plus buffer.
topic
Required public readonly topic: Topic;
The SNS topic that receives STAC items and S3 event notifications for loading.
This topic serves as the entry point for two types of events:
The topic fans out to the SQS queue for batched processing.
AWS CDK Construct for STAC Item Generation Infrastructure.
The StactoolsItemGenerator creates a serverless, event-driven system for generating STAC (SpatioTemporal Asset Catalog) items from source data. This construct implements the first phase of a two-stage ingestion pipeline that transforms raw geospatial data into standardized STAC metadata.
This construct creates the following AWS resources:
uvx
to install the required stactools packagecreate-item
CLI command with provided argumentsThe function expects messages matching the ItemRequest model:
{
"package_name": "stactools-glad-global-forest-change",
"group_name": "gladglobalforestchange",
"create_item_args": [
"https://example.com/data.tif"
],
"collection_id": "glad-global-forest-change-1.11"
}
// Create item loader first (or get existing topic ARN)
const loader = new StacItemLoader(this, 'ItemLoader', {
pgstacDb: database
});
// Create item generator that feeds the loader
const generator = new StactoolsItemGenerator(this, 'ItemGenerator', {
itemLoadTopicArn: loader.topic.topicArn,
lambdaTimeoutSeconds: 120, // Allow time for package installation
maxConcurrency: 100, // Control parallel processing
batchSize: 10 // Process 10 requests per invocation
});
// Grant permission to publish to the loader topic
loader.topic.grantPublish(generator.lambdaFunction);
Send messages to the generator topic to trigger item creation:
aws sns publish --topic-arn $ITEM_GEN_TOPIC --message '{
"package_name": "stactools-glad-global-forest-change",
"group_name": "gladglobalforestchange",
"create_item_args": [
"https://storage.googleapis.com/earthenginepartners-hansen/GFC-2023-v1.11/Hansen_GFC-2023-v1.11_gain_40N_080W.tif"
],
"collection_id": "glad-global-forest-change-1.11"
}'
For processing many assets, you can loop through URLs:
while IFS= read -r url; do
aws sns publish --topic-arn "$ITEM_GEN_TOPIC" --message "{
\"package_name\": \"stactools-glad-glclu2020\",
\"group_name\": \"gladglclu2020\",
\"create_item_args\": [\"$url\"]
}"
done < urls.txt
/aws/lambda/{FunctionName}
Any package available on PyPI that follows the stactools plugin pattern can be used. Examples include:
stactools-glad-global-forest-change
stactools-glad-glclu2020
stactools-landsat
stactools-sentinel2
{@link https://stactools.readthedocs.io/} for stactools documentation
import { StactoolsItemGenerator } from 'eoapi-cdk'
new StactoolsItemGenerator(scope: Construct, id: string, props: StactoolsItemGeneratorProps)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
No description. |
id |
string |
No description. |
props |
StactoolsItemGeneratorProps |
No description. |
scope
Required id
Required props
Required Name | Description |
---|---|
toString |
Returns a string representation of this construct. |
toString
public toString(): string
Returns a string representation of this construct.
Name | Description |
---|---|
isConstruct |
Checks if x is a construct. |
isConstruct
import { StactoolsItemGenerator } from 'eoapi-cdk'
StactoolsItemGenerator.isConstruct(x: any)
Checks if x
is a construct.
Use this method instead of instanceof
to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs
library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct
in each copy of the constructs
library
is seen as a different class, and an instance of one class will not test as
instanceof
the other class. npm install
will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof
will behave
unpredictably. It is safest to avoid using instanceof
, and using
this type-testing method instead.
x
Required Any object.
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
deadLetterQueue |
aws-cdk-lib.aws_sqs.Queue |
Dead letter queue for failed item generation attempts. |
lambdaFunction |
aws-cdk-lib.aws_lambda.DockerImageFunction |
The containerized Lambda function that generates STAC items. |
queue |
aws-cdk-lib.aws_sqs.Queue |
The SQS queue that buffers item generation requests. |
topic |
aws-cdk-lib.aws_sns.Topic |
The SNS topic that receives item generation requests. |
node
Required public readonly node: Node;
The tree node.
deadLetterQueue
Required public readonly deadLetterQueue: Queue;
Dead letter queue for failed item generation attempts.
Messages that fail processing after 5 attempts are sent here for inspection and potential replay. This helps with debugging stactools package issues, network failures, or malformed requests.
lambdaFunction
Required public readonly lambdaFunction: DockerImageFunction;
The containerized Lambda function that generates STAC items.
This Docker-based function dynamically installs stactools packages using uvx, processes source data, and publishes generated STAC items to the configured ItemLoad SNS topic.
queue
Required public readonly queue: Queue;
The SQS queue that buffers item generation requests.
This queue receives messages from the SNS topic containing ItemRequest payloads. It’s configured with a visibility timeout that matches the Lambda timeout plus buffer time to prevent duplicate processing.
topic
Required public readonly topic: Topic;
The SNS topic that receives item generation requests.
External systems publish ItemRequest messages to this topic to trigger STAC item generation. The topic fans out to the SQS queue for processing.
import { TiPgApiLambda } from 'eoapi-cdk'
new TiPgApiLambda(scope: Construct, id: string, props: TiPgApiLambdaProps)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
No description. |
id |
string |
No description. |
props |
TiPgApiLambdaProps |
No description. |
scope
Required id
Required props
Required Name | Description |
---|---|
toString |
Returns a string representation of this construct. |
toString
public toString(): string
Returns a string representation of this construct.
Name | Description |
---|---|
isConstruct |
Checks if x is a construct. |
isConstruct
import { TiPgApiLambda } from 'eoapi-cdk'
TiPgApiLambda.isConstruct(x: any)
Checks if x
is a construct.
Use this method instead of instanceof
to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs
library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct
in each copy of the constructs
library
is seen as a different class, and an instance of one class will not test as
instanceof
the other class. npm install
will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof
will behave
unpredictably. It is safest to avoid using instanceof
, and using
this type-testing method instead.
x
Required Any object.
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
url |
string |
No description. |
tiPgLambdaFunction |
aws-cdk-lib.aws_lambda.Function |
No description. |
node
Required public readonly node: Node;
The tree node.
url
Required public readonly url: string;
tiPgLambdaFunction
Required public readonly tiPgLambdaFunction: Function;
import { TitilerPgstacApiLambda } from 'eoapi-cdk'
new TitilerPgstacApiLambda(scope: Construct, id: string, props: TitilerPgStacApiLambdaProps)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
No description. |
id |
string |
No description. |
props |
TitilerPgStacApiLambdaProps |
No description. |
scope
Required id
Required props
Required Name | Description |
---|---|
toString |
Returns a string representation of this construct. |
toString
public toString(): string
Returns a string representation of this construct.
Name | Description |
---|---|
isConstruct |
Checks if x is a construct. |
isConstruct
import { TitilerPgstacApiLambda } from 'eoapi-cdk'
TitilerPgstacApiLambda.isConstruct(x: any)
Checks if x
is a construct.
Use this method instead of instanceof
to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs
library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct
in each copy of the constructs
library
is seen as a different class, and an instance of one class will not test as
instanceof
the other class. npm install
will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof
will behave
unpredictably. It is safest to avoid using instanceof
, and using
this type-testing method instead.
x
Required Any object.
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
url |
string |
No description. |
titilerPgstacLambdaFunction |
aws-cdk-lib.aws_lambda.Function |
No description. |
node
Required public readonly node: Node;
The tree node.
url
Required public readonly url: string;
titilerPgstacLambdaFunction
Required public readonly titilerPgstacLambdaFunction: Function;
import { BastionHostProps } from 'eoapi-cdk'
const bastionHostProps: BastionHostProps = { ... }
Name | Type | Description |
---|---|---|
db |
aws-cdk-lib.aws_rds.IDatabaseInstance |
No description. |
ipv4Allowlist |
string[] |
No description. |
userData |
aws-cdk-lib.aws_ec2.UserData |
No description. |
vpc |
aws-cdk-lib.aws_ec2.IVpc |
No description. |
createElasticIp |
boolean |
Whether or not an elastic IP should be created for the bastion host. |
sshPort |
number |
No description. |
db
Required public readonly db: IDatabaseInstance;
ipv4Allowlist
Required public readonly ipv4Allowlist: string[];
userData
Required public readonly userData: UserData;
vpc
Required public readonly vpc: IVpc;
createElasticIp
Optional public readonly createElasticIp: boolean;
Whether or not an elastic IP should be created for the bastion host.
sshPort
Optional public readonly sshPort: number;
import { DatabaseParameters } from 'eoapi-cdk'
const databaseParameters: DatabaseParameters = { ... }
Name | Type | Description |
---|---|---|
effectiveCacheSize |
string |
No description. |
maintenanceWorkMem |
string |
No description. |
maxConnections |
string |
No description. |
maxLocksPerTransaction |
string |
No description. |
randomPageCost |
string |
No description. |
seqPageCost |
string |
No description. |
sharedBuffers |
string |
Note: This value is measured in 8KB blocks. |
tempBuffers |
string |
No description. |
workMem |
string |
No description. |
effectiveCacheSize
Required public readonly effectiveCacheSize: string;
maintenanceWorkMem
Required public readonly maintenanceWorkMem: string;
maxConnections
Required public readonly maxConnections: string;
maxLocksPerTransaction
Required public readonly maxLocksPerTransaction: string;
randomPageCost
Required public readonly randomPageCost: string;
seqPageCost
Required public readonly seqPageCost: string;
sharedBuffers
Required public readonly sharedBuffers: string;
{(DBInstanceClassMemory/(1024*8)) * 0.25}
Note: This value is measured in 8KB blocks.
tempBuffers
Required public readonly tempBuffers: string;
workMem
Required public readonly workMem: string;
import { PgStacApiLambdaProps } from 'eoapi-cdk'
const pgStacApiLambdaProps: PgStacApiLambdaProps = { ... }
Name | Type | Description |
---|---|---|
db |
aws-cdk-lib.aws_rds.IDatabaseInstance \| aws-cdk-lib.aws_ec2.IInstance |
RDS Instance with installed pgSTAC or pgbouncer server. |
dbSecret |
aws-cdk-lib.aws_secretsmanager.ISecret |
Secret containing connection information for pgSTAC database. |
apiEnv |
{[ key: string ]: string} |
Customized environment variables to send to fastapi-pgstac runtime. |
enabledExtensions |
string[] |
List of STAC API extensions to enable. |
lambdaFunctionOptions |
any |
Can be used to override the default lambda function properties. |
stacApiDomainName |
aws-cdk-lib.aws_apigatewayv2.IDomainName |
Custom Domain Name Options for STAC API,. |
subnetSelection |
aws-cdk-lib.aws_ec2.SubnetSelection |
Subnet into which the lambda should be deployed. |
vpc |
aws-cdk-lib.aws_ec2.IVpc |
VPC into which the lambda should be deployed. |
db
Required public readonly db: IDatabaseInstance | IInstance;
Type: aws-cdk-lib.aws_rds.IDatabaseInstance | aws-cdk-lib.aws_ec2.IInstance |
RDS Instance with installed pgSTAC or pgbouncer server.
dbSecret
Required public readonly dbSecret: ISecret;
Secret containing connection information for pgSTAC database.
apiEnv
Optional public readonly apiEnv: {[ key: string ]: string};
Customized environment variables to send to fastapi-pgstac runtime.
enabledExtensions
Optional public readonly enabledExtensions: string[];
List of STAC API extensions to enable.
lambdaFunctionOptions
Optional public readonly lambdaFunctionOptions: any;
Can be used to override the default lambda function properties.
stacApiDomainName
Optional public readonly stacApiDomainName: IDomainName;
Custom Domain Name Options for STAC API,.
subnetSelection
Optional public readonly subnetSelection: SubnetSelection;
Subnet into which the lambda should be deployed.
vpc
Optional public readonly vpc: IVpc;
VPC into which the lambda should be deployed.
import { PgStacDatabaseProps } from 'eoapi-cdk'
const pgStacDatabaseProps: PgStacDatabaseProps = { ... }
Name | Type | Description |
---|---|---|
vpc |
aws-cdk-lib.aws_ec2.IVpc |
The VPC network where the DB subnet group should be created. |
applyImmediately |
boolean |
Specifies whether changes to the DB instance and any pending modifications are applied immediately, regardless of the preferredMaintenanceWindow setting. |
autoMinorVersionUpgrade |
boolean |
Indicates that minor engine upgrades are applied automatically to the DB instance during the maintenance window. |
availabilityZone |
string |
The name of the Availability Zone where the DB instance will be located. |
backupRetention |
aws-cdk-lib.Duration |
The number of days during which automatic DB snapshots are retained. |
caCertificate |
aws-cdk-lib.aws_rds.CaCertificate |
The identifier of the CA certificate for this DB instance. |
cloudwatchLogsExports |
string[] |
The list of log types that need to be enabled for exporting to CloudWatch Logs. |
cloudwatchLogsRetention |
aws-cdk-lib.aws_logs.RetentionDays |
The number of days log events are kept in CloudWatch Logs. |
cloudwatchLogsRetentionRole |
aws-cdk-lib.aws_iam.IRole |
The IAM role for the Lambda function associated with the custom resource that sets the retention policy. |
copyTagsToSnapshot |
boolean |
Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance. |
deleteAutomatedBackups |
boolean |
Indicates whether automated backups should be deleted or retained when you delete a DB instance. |
deletionProtection |
boolean |
Indicates whether the DB instance should have deletion protection enabled. |
domain |
string |
The Active Directory directory ID to create the DB instance in. |
domainRole |
aws-cdk-lib.aws_iam.IRole |
The IAM role to be used when making API calls to the Directory Service. |
enablePerformanceInsights |
boolean |
Whether to enable Performance Insights for the DB instance. |
iamAuthentication |
boolean |
Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. |
instanceIdentifier |
string |
A name for the DB instance. |
iops |
number |
The number of I/O operations per second (IOPS) that the database provisions. |
maxAllocatedStorage |
number |
Upper limit to which RDS can scale the storage in GiB(Gibibyte). |
monitoringInterval |
aws-cdk-lib.Duration |
The interval, in seconds, between points when Amazon RDS collects enhanced monitoring metrics for the DB instance. |
monitoringRole |
aws-cdk-lib.aws_iam.IRole |
Role that will be used to manage DB instance monitoring. |
multiAz |
boolean |
Specifies if the database instance is a multiple Availability Zone deployment. |
networkType |
aws-cdk-lib.aws_rds.NetworkType |
The network type of the DB instance. |
optionGroup |
aws-cdk-lib.aws_rds.IOptionGroup |
The option group to associate with the instance. |
parameterGroup |
aws-cdk-lib.aws_rds.IParameterGroup |
The DB parameter group to associate with the instance. |
performanceInsightEncryptionKey |
aws-cdk-lib.aws_kms.IKey |
The AWS KMS key for encryption of Performance Insights data. |
performanceInsightRetention |
aws-cdk-lib.aws_rds.PerformanceInsightRetention |
The amount of time, in days, to retain Performance Insights data. |
port |
number |
The port for the instance. |
preferredBackupWindow |
string |
The daily time range during which automated backups are performed. |
preferredMaintenanceWindow |
string |
The weekly time range (in UTC) during which system maintenance can occur. |
processorFeatures |
aws-cdk-lib.aws_rds.ProcessorFeatures |
The number of CPU cores and the number of threads per core. |
publiclyAccessible |
boolean |
Indicates whether the DB instance is an internet-facing instance. |
removalPolicy |
aws-cdk-lib.RemovalPolicy |
The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update. |
s3ExportBuckets |
aws-cdk-lib.aws_s3.IBucket[] |
S3 buckets that you want to load data into. |
s3ExportRole |
aws-cdk-lib.aws_iam.IRole |
Role that will be associated with this DB instance to enable S3 export. |
s3ImportBuckets |
aws-cdk-lib.aws_s3.IBucket[] |
S3 buckets that you want to load data from. |
s3ImportRole |
aws-cdk-lib.aws_iam.IRole |
Role that will be associated with this DB instance to enable S3 import. |
securityGroups |
aws-cdk-lib.aws_ec2.ISecurityGroup[] |
The security groups to assign to the DB instance. |
storageThroughput |
number |
The storage throughput, specified in mebibytes per second (MiBps). |
storageType |
aws-cdk-lib.aws_rds.StorageType |
The storage type. |
subnetGroup |
aws-cdk-lib.aws_rds.ISubnetGroup |
Existing subnet group for the instance. |
vpcSubnets |
aws-cdk-lib.aws_ec2.SubnetSelection |
The type of subnets to add to the created DB subnet group. |
engine |
aws-cdk-lib.aws_rds.IInstanceEngine |
The database engine. |
allocatedStorage |
number |
The allocated storage size, specified in gibibytes (GiB). |
allowMajorVersionUpgrade |
boolean |
Whether to allow major version upgrades. |
databaseName |
string |
The name of the database. |
instanceType |
aws-cdk-lib.aws_ec2.InstanceType |
The name of the compute and memory capacity for the instance. |
licenseModel |
aws-cdk-lib.aws_rds.LicenseModel |
The license model. |
parameters |
{[ key: string ]: string} |
The parameters in the DBParameterGroup to create automatically. |
timezone |
string |
The time zone of the instance. |
characterSetName |
string |
For supported engines, specifies the character set to associate with the DB instance. |
credentials |
aws-cdk-lib.aws_rds.Credentials |
Credentials for the administrative user. |
storageEncrypted |
boolean |
Indicates whether the DB instance is encrypted. |
storageEncryptionKey |
aws-cdk-lib.aws_kms.IKey |
The KMS key that’s used to encrypt the DB instance. |
addPgbouncer |
boolean |
Add pgbouncer instance for managing traffic to the pgSTAC database. |
bootstrapperLambdaFunctionOptions |
any |
Can be used to override the default lambda function properties. |
customResourceProperties |
{[ key: string ]: any} |
Lambda function Custom Resource properties. |
pgbouncerInstanceProps |
any |
Properties for the pgbouncer ec2 instance. |
pgstacDbName |
string |
Name of database that is to be created and onto which pgSTAC will be installed. |
pgstacUsername |
string |
Name of user that will be generated for connecting to the pgSTAC database. |
pgstacVersion |
string |
Version of pgstac to install on the database. |
secretsPrefix |
string |
Prefix to assign to the generated secrets_manager.Secret . |
vpc
Required public readonly vpc: IVpc;
The VPC network where the DB subnet group should be created.
applyImmediately
Optional public readonly applyImmediately: boolean;
Specifies whether changes to the DB instance and any pending modifications are applied immediately, regardless of the preferredMaintenanceWindow
setting.
If set to false
, changes are applied during the next maintenance window.
Until RDS applies the changes, the DB instance remains in a drift state. As a result, the configuration doesn’t fully reflect the requested modifications and temporarily diverges from the intended state.
This property also determines whether the DB instance reboots when a static parameter is modified in the associated DB parameter group.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html
autoMinorVersionUpgrade
Optional public readonly autoMinorVersionUpgrade: boolean;
Indicates that minor engine upgrades are applied automatically to the DB instance during the maintenance window.
availabilityZone
Optional public readonly availabilityZone: string;
The name of the Availability Zone where the DB instance will be located.
backupRetention
Optional public readonly backupRetention: Duration;
The number of days during which automatic DB snapshots are retained.
Set to zero to disable backups. When creating a read replica, you must enable automatic backups on the source database instance by setting the backup retention to a value other than zero.
caCertificate
Optional public readonly caCertificate: CaCertificate;
The identifier of the CA certificate for this DB instance.
Specifying or updating this property triggers a reboot.
For RDS DB engines:
cloudwatchLogsExports
Optional public readonly cloudwatchLogsExports: string[];
The list of log types that need to be enabled for exporting to CloudWatch Logs.
cloudwatchLogsRetention
Optional public readonly cloudwatchLogsRetention: RetentionDays;
The number of days log events are kept in CloudWatch Logs.
When updating
this property, unsetting it doesn’t remove the log retention policy. To
remove the retention policy, set the value to Infinity
.
cloudwatchLogsRetentionRole
Optional public readonly cloudwatchLogsRetentionRole: IRole;
The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
copyTagsToSnapshot
Optional public readonly copyTagsToSnapshot: boolean;
Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance.
deleteAutomatedBackups
Optional public readonly deleteAutomatedBackups: boolean;
Indicates whether automated backups should be deleted or retained when you delete a DB instance.
deletionProtection
Optional public readonly deletionProtection: boolean;
removalPolicy
is RETAIN, false otherwiseIndicates whether the DB instance should have deletion protection enabled.
domain
Optional public readonly domain: string;
The Active Directory directory ID to create the DB instance in.
domainRole
Optional public readonly domainRole: IRole;
DatabaseInstanceNewProps#domain
is specifiedThe IAM role to be used when making API calls to the Directory Service.
The role needs the AWS-managed policy AmazonRDSDirectoryServiceAccess or equivalent.
enablePerformanceInsights
Optional public readonly enablePerformanceInsights: boolean;
performanceInsightRetention
or performanceInsightEncryptionKey
is set.Whether to enable Performance Insights for the DB instance.
iamAuthentication
Optional public readonly iamAuthentication: boolean;
Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts.
instanceIdentifier
Optional public readonly instanceIdentifier: string;
A name for the DB instance.
If you specify a name, AWS CloudFormation converts it to lowercase.
iops
Optional public readonly iops: number;
The number of I/O operations per second (IOPS) that the database provisions.
The value must be equal to or greater than 1000.
maxAllocatedStorage
Optional public readonly maxAllocatedStorage: number;
Upper limit to which RDS can scale the storage in GiB(Gibibyte).
monitoringInterval
Optional public readonly monitoringInterval: Duration;
The interval, in seconds, between points when Amazon RDS collects enhanced monitoring metrics for the DB instance.
monitoringRole
Optional public readonly monitoringRole: IRole;
Role that will be used to manage DB instance monitoring.
multiAz
Optional public readonly multiAz: boolean;
Specifies if the database instance is a multiple Availability Zone deployment.
networkType
Optional public readonly networkType: NetworkType;
The network type of the DB instance.
optionGroup
Optional public readonly optionGroup: IOptionGroup;
The option group to associate with the instance.
parameterGroup
Optional public readonly parameterGroup: IParameterGroup;
The DB parameter group to associate with the instance.
performanceInsightEncryptionKey
Optional public readonly performanceInsightEncryptionKey: IKey;
The AWS KMS key for encryption of Performance Insights data.
performanceInsightRetention
Optional public readonly performanceInsightRetention: PerformanceInsightRetention;
The amount of time, in days, to retain Performance Insights data.
port
Optional public readonly port: number;
The port for the instance.
preferredBackupWindow
Optional public readonly preferredBackupWindow: string;
The daily time range during which automated backups are performed.
Constraints:
hh24:mi-hh24:mi
.preferredMaintenanceWindow
Optional public readonly preferredMaintenanceWindow: string;
The weekly time range (in UTC) during which system maintenance can occur.
Format: ddd:hh24:mi-ddd:hh24:mi
Constraint: Minimum 30-minute window
processorFeatures
Optional public readonly processorFeatures: ProcessorFeatures;
The number of CPU cores and the number of threads per core.
publiclyAccessible
Optional public readonly publiclyAccessible: boolean;
true
if the instance’s vpcSubnets
is subnetType: SubnetType.PUBLIC
, false
otherwiseIndicates whether the DB instance is an internet-facing instance.
If not specified, the instance’s vpcSubnets will be used to determine if the instance is internet-facing or not.
removalPolicy
Optional public readonly removalPolicy: RemovalPolicy;
The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update.
s3ExportBuckets
Optional public readonly s3ExportBuckets: IBucket[];
S3 buckets that you want to load data into.
This property must not be used if s3ExportRole
is used.
For Microsoft SQL Server:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-s3-integration.html
s3ExportRole
Optional public readonly s3ExportRole: IRole;
s3ExportBuckets
is set, no role is defined otherwiseRole that will be associated with this DB instance to enable S3 export.
This property must not be used if s3ExportBuckets
is used.
For Microsoft SQL Server:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-s3-integration.html
s3ImportBuckets
Optional public readonly s3ImportBuckets: IBucket[];
S3 buckets that you want to load data from.
This feature is only supported by the Microsoft SQL Server, Oracle, and PostgreSQL engines.
This property must not be used if s3ImportRole
is used.
For Microsoft SQL Server:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Procedural.Importing.html
s3ImportRole
Optional public readonly s3ImportRole: IRole;
s3ImportBuckets
is set, no role is defined otherwiseRole that will be associated with this DB instance to enable S3 import.
This feature is only supported by the Microsoft SQL Server, Oracle, and PostgreSQL engines.
This property must not be used if s3ImportBuckets
is used.
For Microsoft SQL Server:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Procedural.Importing.html
securityGroups
Optional public readonly securityGroups: ISecurityGroup[];
The security groups to assign to the DB instance.
storageThroughput
Optional public readonly storageThroughput: number;
The storage throughput, specified in mebibytes per second (MiBps).
Only applicable for GP3.
https://docs.aws.amazon.com//AmazonRDS/latest/UserGuide/CHAP_Storage.html#gp3-storage
storageType
Optional public readonly storageType: StorageType;
The storage type.
Storage types supported are gp2, io1, standard.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#Concepts.Storage.GeneralSSD
subnetGroup
Optional public readonly subnetGroup: ISubnetGroup;
Existing subnet group for the instance.
vpcSubnets
Optional public readonly vpcSubnets: SubnetSelection;
The type of subnets to add to the created DB subnet group.
engine
Required public readonly engine: IInstanceEngine;
The database engine.
allocatedStorage
Optional public readonly allocatedStorage: number;
The allocated storage size, specified in gibibytes (GiB).
allowMajorVersionUpgrade
Optional public readonly allowMajorVersionUpgrade: boolean;
Whether to allow major version upgrades.
databaseName
Optional public readonly databaseName: string;
The name of the database.
instanceType
Optional public readonly instanceType: InstanceType;
The name of the compute and memory capacity for the instance.
licenseModel
Optional public readonly licenseModel: LicenseModel;
The license model.
parameters
Optional public readonly parameters: {[ key: string ]: string};
The parameters in the DBParameterGroup to create automatically.
You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBParameterGroup.
timezone
Optional public readonly timezone: string;
The time zone of the instance.
This is currently supported only by Microsoft Sql Server.
characterSetName
Optional public readonly characterSetName: string;
For supported engines, specifies the character set to associate with the DB instance.
credentials
Optional public readonly credentials: Credentials;
Credentials for the administrative user.
storageEncrypted
Optional public readonly storageEncrypted: boolean;
Indicates whether the DB instance is encrypted.
storageEncryptionKey
Optional public readonly storageEncryptionKey: IKey;
The KMS key that’s used to encrypt the DB instance.
addPgbouncer
Optional public readonly addPgbouncer: boolean;
Add pgbouncer instance for managing traffic to the pgSTAC database.
bootstrapperLambdaFunctionOptions
Optional public readonly bootstrapperLambdaFunctionOptions: any;
Can be used to override the default lambda function properties.
customResourceProperties
Optional public readonly customResourceProperties: {[ key: string ]: any};
Lambda function Custom Resource properties.
A custom resource property is going to be created to trigger the boostrapping lambda function. This parameter allows the user to specify additional properties on top of the defaults ones.
pgbouncerInstanceProps
Optional public readonly pgbouncerInstanceProps: any;
Properties for the pgbouncer ec2 instance.
pgstacDbName
Optional public readonly pgstacDbName: string;
Name of database that is to be created and onto which pgSTAC will be installed.
pgstacUsername
Optional public readonly pgstacUsername: string;
Name of user that will be generated for connecting to the pgSTAC database.
pgstacVersion
Optional public readonly pgstacVersion: string;
Version of pgstac to install on the database.
secretsPrefix
Optional public readonly secretsPrefix: string;
Prefix to assign to the generated secrets_manager.Secret
.
import { StacBrowserProps } from 'eoapi-cdk'
const stacBrowserProps: StacBrowserProps = { ... }
Name | Type | Description |
---|---|---|
githubRepoTag |
string |
Tag of the radiant earth stac-browser repo to use to build the app. |
stacCatalogUrl |
string |
STAC catalog URL. |
bucketArn |
string |
Bucket ARN. |
cloneDirectory |
string |
Location in the filesystem where to compile the browser code. |
cloudFrontDistributionArn |
string |
The ARN of the cloudfront distribution that will be added to the bucket policy with read access. |
configFilePath |
string |
Path to config file for the STAC browser. |
websiteIndexDocument |
string |
The name of the index document (e.g. “index.html”) for the website. Enables static website hosting for this bucket. |
githubRepoTag
Required public readonly githubRepoTag: string;
Tag of the radiant earth stac-browser repo to use to build the app.
stacCatalogUrl
Required public readonly stacCatalogUrl: string;
STAC catalog URL.
Overrides the catalog URL in the stac-browser configuration.
bucketArn
Optional public readonly bucketArn: string;
Bucket ARN.
If specified, the identity used to deploy the stack must have the appropriate permissions to create a deployment for this bucket.
In addition, if specified, cloudFrontDistributionArn
is ignored since the policy of an imported resource can’t be modified.
cloneDirectory
Optional public readonly cloneDirectory: string;
Location in the filesystem where to compile the browser code.
cloudFrontDistributionArn
Optional public readonly cloudFrontDistributionArn: string;
The ARN of the cloudfront distribution that will be added to the bucket policy with read access.
If bucketArn
is specified, this parameter is ignored since the policy of an imported bucket can’t be modified.
configFilePath
Optional public readonly configFilePath: string;
Path to config file for the STAC browser.
If not provided, default configuration in the STAC browser repository is used.
websiteIndexDocument
Optional public readonly websiteIndexDocument: string;
The name of the index document (e.g. “index.html”) for the website. Enables static website hosting for this bucket.
import { StacIngestorProps } from 'eoapi-cdk'
const stacIngestorProps: StacIngestorProps = { ... }
Name | Type | Description |
---|---|---|
dataAccessRole |
aws-cdk-lib.aws_iam.IRole |
ARN of AWS Role used to validate access to S3 data. |
stacDbSecret |
aws-cdk-lib.aws_secretsmanager.ISecret |
Secret containing pgSTAC DB connection information. |
stacDbSecurityGroup |
aws-cdk-lib.aws_ec2.ISecurityGroup |
Security Group used by pgSTAC DB. |
stacUrl |
string |
URL of STAC API. |
stage |
string |
Stage of deployment (e.g. dev , prod ). |
apiEndpointConfiguration |
aws-cdk-lib.aws_apigateway.EndpointConfiguration |
API Endpoint Configuration, useful for creating private APIs. |
apiEnv |
{[ key: string ]: string} |
Environment variables to be sent to Lambda. |
apiLambdaFunctionOptions |
any |
Can be used to override the default lambda function properties. |
apiPolicy |
aws-cdk-lib.aws_iam.PolicyDocument |
API Policy Document, useful for creating private APIs. |
ingestorDomainNameOptions |
aws-cdk-lib.aws_apigateway.DomainNameOptions |
Custom Domain Name Options for Ingestor API. |
ingestorLambdaFunctionOptions |
any |
Can be used to override the default lambda function properties. |
pgstacVersion |
string |
pgstac version - must match the version installed on the pgstac database. |
subnetSelection |
aws-cdk-lib.aws_ec2.SubnetSelection |
Subnet into which the lambda should be deployed if using a VPC. |
vpc |
aws-cdk-lib.aws_ec2.IVpc |
VPC running pgSTAC DB. |
dataAccessRole
Required public readonly dataAccessRole: IRole;
ARN of AWS Role used to validate access to S3 data.
stacDbSecret
Required public readonly stacDbSecret: ISecret;
Secret containing pgSTAC DB connection information.
stacDbSecurityGroup
Required public readonly stacDbSecurityGroup: ISecurityGroup;
Security Group used by pgSTAC DB.
stacUrl
Required public readonly stacUrl: string;
URL of STAC API.
stage
Required public readonly stage: string;
Stage of deployment (e.g. dev
, prod
).
apiEndpointConfiguration
Optional public readonly apiEndpointConfiguration: EndpointConfiguration;
API Endpoint Configuration, useful for creating private APIs.
apiEnv
Optional public readonly apiEnv: {[ key: string ]: string};
Environment variables to be sent to Lambda.
apiLambdaFunctionOptions
Optional public readonly apiLambdaFunctionOptions: any;
Can be used to override the default lambda function properties.
apiPolicy
Optional public readonly apiPolicy: PolicyDocument;
API Policy Document, useful for creating private APIs.
ingestorDomainNameOptions
Optional public readonly ingestorDomainNameOptions: DomainNameOptions;
Custom Domain Name Options for Ingestor API.
ingestorLambdaFunctionOptions
Optional public readonly ingestorLambdaFunctionOptions: any;
Can be used to override the default lambda function properties.
pgstacVersion
Optional public readonly pgstacVersion: string;
pgstac version - must match the version installed on the pgstac database.
subnetSelection
Optional public readonly subnetSelection: SubnetSelection;
Subnet into which the lambda should be deployed if using a VPC.
vpc
Optional public readonly vpc: IVpc;
VPC running pgSTAC DB.
Configuration properties for the StacItemLoader construct.
The StacItemLoader is part of a two-phase serverless STAC ingestion pipeline that loads STAC items into a pgstac database. This construct creates the infrastructure for receiving STAC items from multiple sources:
Items from both sources are batched and inserted into PostgreSQL with the pgstac extension.
Example
const loader = new StacItemLoader(this, 'ItemLoader', {
pgstacDb: database,
batchSize: 1000,
maxBatchingWindowMinutes: 1,
lambdaTimeoutSeconds: 300
});
import { StacItemLoaderProps } from 'eoapi-cdk'
const stacItemLoaderProps: StacItemLoaderProps = { ... }
Name | Type | Description |
---|---|---|
pgstacDb |
PgStacDatabase |
The PgSTAC database instance to load items into. |
batchSize |
number |
SQS batch size for lambda event source. |
environment |
{[ key: string ]: string} |
Additional environment variables for the lambda function. |
lambdaRuntime |
aws-cdk-lib.aws_lambda.Runtime |
The lambda runtime to use for the item loading function. |
lambdaTimeoutSeconds |
number |
The timeout for the item load lambda in seconds. |
maxBatchingWindowMinutes |
number |
Maximum batching window in minutes. |
maxConcurrency |
number |
Maximum concurrent executions for the StacItemLoader Lambda function. |
memorySize |
number |
Memory size for the lambda function in MB. |
pgstacDb
Required public readonly pgstacDb: PgStacDatabase;
The PgSTAC database instance to load items into.
This database must have the pgstac extension installed and be properly configured with collections before items can be loaded. The loader will use AWS Secrets Manager to securely access database credentials.
batchSize
Optional public readonly batchSize: number;
SQS batch size for lambda event source.
This determines the maximum number of STAC items that will be processed together in a single lambda invocation. Larger batch sizes improve database insertion efficiency but require more memory and longer processing time.
Batching Behavior: SQS will wait to accumulate up to this many messages before triggering the Lambda, OR until the maxBatchingWindow timeout is reached, whichever comes first. This creates an efficient balance between throughput and latency.
environment
Optional public readonly environment: {[ key: string ]: string};
Additional environment variables for the lambda function.
These will be merged with the default environment variables including PGSTAC_SECRET_ARN. Use this for custom configuration or debugging flags.
lambdaRuntime
Optional public readonly lambdaRuntime: Runtime;
The lambda runtime to use for the item loading function.
The function is implemented in Python and uses pypgstac for database operations. Ensure the runtime version is compatible with the pgstac version specified in the database configuration.
lambdaTimeoutSeconds
Optional public readonly lambdaTimeoutSeconds: number;
The timeout for the item load lambda in seconds.
This should accommodate the time needed to process up to batchSize
items and perform database insertions. The SQS visibility timeout
will be set to this value plus 10 seconds.
maxBatchingWindowMinutes
Optional public readonly maxBatchingWindowMinutes: number;
Maximum batching window in minutes.
Even if the batch size isn’t reached, the lambda will be triggered after this time period to ensure timely processing of items. This prevents items from waiting indefinitely in low-volume scenarios.
Important: This timeout works in conjunction with batchSize - SQS will trigger the Lambda when EITHER the batch size is reached OR this time window expires, ensuring items are processed in a timely manner regardless of volume.
maxConcurrency
Optional public readonly maxConcurrency: number;
Maximum concurrent executions for the StacItemLoader Lambda function.
This limit will be applied to the Lambda function and will control how many concurrent batches will be released from the SQS queue.
memorySize
Optional public readonly memorySize: number;
Memory size for the lambda function in MB.
Higher memory allocation may improve performance when processing large batches of STAC items, especially for memory-intensive database operations.
Configuration properties for the StactoolsItemGenerator construct.
The StactoolsItemGenerator is part of a two-phase serverless STAC ingestion pipeline that generates STAC items from source data. This construct creates the infrastructure for the first phase of the pipeline - processing metadata about assets and transforming them into standardized STAC items.
Example
const generator = new StactoolsItemGenerator(this, 'ItemGenerator', {
itemLoadTopicArn: loader.topic.topicArn,
lambdaTimeoutSeconds: 120,
maxConcurrency: 100,
batchSize: 10
});
import { StactoolsItemGeneratorProps } from 'eoapi-cdk'
const stactoolsItemGeneratorProps: StactoolsItemGeneratorProps = { ... }
Name | Type | Description |
---|---|---|
itemLoadTopicArn |
string |
ARN of the SNS topic to publish generated items to. |
batchSize |
number |
SQS batch size for lambda event source. |
environment |
{[ key: string ]: string} |
Additional environment variables for the lambda function. |
lambdaRuntime |
aws-cdk-lib.aws_lambda.Runtime |
The lambda runtime to use for the item generation function. |
lambdaTimeoutSeconds |
number |
The timeout for the item generation lambda in seconds. |
maxConcurrency |
number |
Maximum number of concurrent executions. |
memorySize |
number |
Memory size for the lambda function in MB. |
itemLoadTopicArn
Required public readonly itemLoadTopicArn: string;
ARN of the SNS topic to publish generated items to.
This is typically the topic from a StacItemLoader construct. Generated STAC items will be published here for downstream processing and database insertion.
batchSize
Optional public readonly batchSize: number;
SQS batch size for lambda event source.
This determines how many generation requests are processed together in a single lambda invocation. Unlike the loader, generation typically processes items individually, so smaller batch sizes are common.
environment
Optional public readonly environment: {[ key: string ]: string};
Additional environment variables for the lambda function.
These will be merged with default environment variables including ITEM_LOAD_TOPIC_ARN and LOG_LEVEL. Use this for custom configuration or to pass credentials for external data sources.
lambdaRuntime
Optional public readonly lambdaRuntime: Runtime;
The lambda runtime to use for the item generation function.
The function is containerized using Docker and can accommodate various stactools packages. The runtime version should be compatible with the packages you plan to use for STAC item generation.
lambdaTimeoutSeconds
Optional public readonly lambdaTimeoutSeconds: number;
The timeout for the item generation lambda in seconds.
This should accommodate the time needed to:
The SQS visibility timeout will be set to this value plus 10 seconds.
maxConcurrency
Optional public readonly maxConcurrency: number;
Maximum number of concurrent executions.
This controls how many item generation tasks can run simultaneously. Higher concurrency enables faster processing of large batches but may strain downstream systems or external data sources.
memorySize
Optional public readonly memorySize: number;
Memory size for the lambda function in MB.
Higher memory allocation may be needed for processing large geospatial datasets or when stactools packages have high memory requirements. More memory also provides proportionally more CPU power.
import { TiPgApiLambdaProps } from 'eoapi-cdk'
const tiPgApiLambdaProps: TiPgApiLambdaProps = { ... }
Name | Type | Description |
---|---|---|
db |
aws-cdk-lib.aws_rds.IDatabaseInstance \| aws-cdk-lib.aws_ec2.IInstance |
RDS Instance with installed pgSTAC or pgbouncer server. |
dbSecret |
aws-cdk-lib.aws_secretsmanager.ISecret |
Secret containing connection information for pgSTAC database. |
apiEnv |
{[ key: string ]: string} |
Customized environment variables to send to titiler-pgstac runtime. |
lambdaFunctionOptions |
any |
Can be used to override the default lambda function properties. |
subnetSelection |
aws-cdk-lib.aws_ec2.SubnetSelection |
Subnet into which the lambda should be deployed. |
tipgApiDomainName |
aws-cdk-lib.aws_apigatewayv2.IDomainName |
Custom Domain Name for tipg API. |
vpc |
aws-cdk-lib.aws_ec2.IVpc |
VPC into which the lambda should be deployed. |
db
Required public readonly db: IDatabaseInstance | IInstance;
Type: aws-cdk-lib.aws_rds.IDatabaseInstance | aws-cdk-lib.aws_ec2.IInstance |
RDS Instance with installed pgSTAC or pgbouncer server.
dbSecret
Required public readonly dbSecret: ISecret;
Secret containing connection information for pgSTAC database.
apiEnv
Optional public readonly apiEnv: {[ key: string ]: string};
Customized environment variables to send to titiler-pgstac runtime.
lambdaFunctionOptions
Optional public readonly lambdaFunctionOptions: any;
Can be used to override the default lambda function properties.
subnetSelection
Optional public readonly subnetSelection: SubnetSelection;
Subnet into which the lambda should be deployed.
tipgApiDomainName
Optional public readonly tipgApiDomainName: IDomainName;
Custom Domain Name for tipg API.
If defined, will create the domain name and integrate it with the tipg API.
vpc
Optional public readonly vpc: IVpc;
VPC into which the lambda should be deployed.
import { TitilerPgStacApiLambdaProps } from 'eoapi-cdk'
const titilerPgStacApiLambdaProps: TitilerPgStacApiLambdaProps = { ... }
Name | Type | Description |
---|---|---|
db |
aws-cdk-lib.aws_rds.IDatabaseInstance \| aws-cdk-lib.aws_ec2.IInstance |
RDS Instance with installed pgSTAC or pgbouncer server. |
dbSecret |
aws-cdk-lib.aws_secretsmanager.ISecret |
Secret containing connection information for pgSTAC database. |
apiEnv |
{[ key: string ]: string} |
Customized environment variables to send to titiler-pgstac runtime. |
buckets |
string[] |
list of buckets the lambda will be granted access to. |
lambdaFunctionOptions |
any |
Can be used to override the default lambda function properties. |
subnetSelection |
aws-cdk-lib.aws_ec2.SubnetSelection |
Subnet into which the lambda should be deployed. |
titilerPgstacApiDomainName |
aws-cdk-lib.aws_apigatewayv2.IDomainName |
Custom Domain Name Options for Titiler Pgstac API,. |
vpc |
aws-cdk-lib.aws_ec2.IVpc |
VPC into which the lambda should be deployed. |
db
Required public readonly db: IDatabaseInstance | IInstance;
Type: aws-cdk-lib.aws_rds.IDatabaseInstance | aws-cdk-lib.aws_ec2.IInstance |
RDS Instance with installed pgSTAC or pgbouncer server.
dbSecret
Required public readonly dbSecret: ISecret;
Secret containing connection information for pgSTAC database.
apiEnv
Optional public readonly apiEnv: {[ key: string ]: string};
Customized environment variables to send to titiler-pgstac runtime.
These will be merged with defaultTitilerPgstacEnv
.
The database secret arn is automatically added to the environment variables at deployment.
/
buckets
Optional public readonly buckets: string[];
list of buckets the lambda will be granted access to.
lambdaFunctionOptions
Optional public readonly lambdaFunctionOptions: any;
Can be used to override the default lambda function properties.
subnetSelection
Optional public readonly subnetSelection: SubnetSelection;
Subnet into which the lambda should be deployed.
titilerPgstacApiDomainName
Optional public readonly titilerPgstacApiDomainName: IDomainName;
Custom Domain Name Options for Titiler Pgstac API,.
vpc
Optional public readonly vpc: IVpc;
VPC into which the lambda should be deployed.