add sam template

sebsto · sebsto · commit a88de4765ffb · 2025-06-30T12:05:08.000+02:00
diff --git a/Examples/ServiceLifecycle/.gitignore b/Examples/ServiceLifecycle/.gitignore
@@ -5,4 +5,5 @@ xcuserdata/
 DerivedData/
 .swiftpm/configuration/registries.json
 .swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata
-.netrc
+.netrc
+.amazonq
diff --git a/Examples/ServiceLifecycle/README.md b/Examples/ServiceLifecycle/README.md
@@ -0,0 +1,210 @@
+# ServiceLifecycle Lambda with PostgreSQL
+
+This example demonstrates a Swift Lambda function that uses ServiceLifecycle to manage a PostgreSQL connection. The function connects to a publicly accessible RDS PostgreSQL database and queries user data.
+
+## Architecture
+
+- **Swift Lambda Function**: Uses ServiceLifecycle to manage PostgreSQL client lifecycle
+- **PostgreSQL RDS**: Publicly accessible database instance
+- **API Gateway**: HTTP endpoint to invoke the Lambda function
+- **VPC**: Custom VPC with public subnets for RDS and Lambda
+
+## Prerequisites
+
+- Swift 6.x toolchain
+- Docker (for building Lambda functions)
+- AWS CLI configured with appropriate permissions
+- SAM CLI installed
+
+## Database Schema
+
+The Lambda function expects a `users` table with the following structure:
+
+```sql
+CREATE TABLE users (
+    id SERIAL PRIMARY KEY,
+    username VARCHAR(50) NOT NULL
+);
+
+-- Insert some sample data
+INSERT INTO users (username) VALUES ('alice'), ('bob'), ('charlie');
+```
+
+## Deployment
+
+### Option 1: Using the deployment script
+
+```bash
+./deploy.sh
+```
+
+### Option 2: Manual deployment
+
+1. **Build the Lambda function:**
+   ```bash
+   swift package archive --allow-network-connections docker
+   ```
+
+2. **Deploy with SAM:**
+   ```bash
+   sam deploy
+   ```
+
+### Option 3: Deploy with custom parameters
+
+```bash
+sam deploy --parameter-overrides \
+  DBUsername=myuser \
+  DBPassword=MySecurePassword123! \
+  DBName=mydatabase
+```
+
+## Getting Connection Details
+
+After deployment, get the database connection details:
+
+```bash
+aws cloudformation describe-stacks \
+  --stack-name servicelifecycle-stack \
+  --query 'Stacks[0].Outputs'
+```
+
+The output will include:
+- **DatabaseEndpoint**: Hostname to connect to
+- **DatabasePort**: Port number (5432)
+- **DatabaseName**: Database name
+- **DatabaseUsername**: Username
+- **DatabasePassword**: Password
+- **DatabaseConnectionString**: Complete connection string
+
+## Connecting to the Database
+
+### Using psql
+
+```bash
+# Get the connection details from CloudFormation outputs
+DB_HOST=$(aws cloudformation describe-stacks --stack-name servicelifecycle-stack --query 'Stacks[0].Outputs[?OutputKey==`DatabaseEndpoint`].OutputValue' --output text)
+DB_USER=$(aws cloudformation describe-stacks --stack-name servicelifecycle-stack --query 'Stacks[0].Outputs[?OutputKey==`DatabaseUsername`].OutputValue' --output text)
+DB_NAME=$(aws cloudformation describe-stacks --stack-name servicelifecycle-stack --query 'Stacks[0].Outputs[?OutputKey==`DatabaseName`].OutputValue' --output text)
+DB_PASSWORD=$(aws cloudformation describe-stacks --stack-name servicelifecycle-stack --query 'Stacks[0].Outputs[?OutputKey==`DatabasePassword`].OutputValue' --output text)
+
+# Connect with psql
+psql -h $DB_HOST -U $DB_USER -d $DB_NAME
+```
+
+### Using connection string
+
+```bash
+# Get the complete connection string
+CONNECTION_STRING=$(aws cloudformation describe-stacks --stack-name servicelifecycle-stack --query 'Stacks[0].Outputs[?OutputKey==`DatabaseConnectionString`].OutputValue' --output text)
+
+# Connect with psql
+psql "$CONNECTION_STRING"
+```
+
+## Setting up the Database
+
+Once connected to the database, create the required table and sample data:
+
+```sql
+-- Create the users table
+CREATE TABLE users (
+    id SERIAL PRIMARY KEY,
+    username VARCHAR(50) NOT NULL
+);
+
+-- Insert sample data
+INSERT INTO users (username) VALUES 
+    ('alice'), 
+    ('bob'), 
+    ('charlie'),
+    ('diana'),
+    ('eve');
+```
+
+## Testing the Lambda Function
+
+Get the API Gateway endpoint and test the function:
+
+```bash
+# Get the API endpoint
+API_ENDPOINT=$(aws cloudformation describe-stacks --stack-name servicelifecycle-stack --query 'Stacks[0].Outputs[?OutputKey==`APIGatewayEndpoint`].OutputValue' --output text)
+
+# Test the function
+curl "$API_ENDPOINT"
+```
+
+The function will:
+1. Connect to the PostgreSQL database
+2. Query the `users` table
+3. Log the results
+4. Return "Done"
+
+## Monitoring
+
+Check the Lambda function logs:
+
+```bash
+sam logs -n ServiceLifecycleLambda --stack-name servicelifecycle-stack --tail
+```
+
+## Security Considerations
+
+⚠️ **Important**: This example creates a publicly accessible PostgreSQL database for demonstration purposes. In production:
+
+1. **Use private subnets** and VPC endpoints
+2. **Implement proper authentication** (IAM database authentication)
+3. **Use AWS Secrets Manager** for password management
+4. **Enable encryption** at rest and in transit
+5. **Configure proper security groups** with minimal required access
+6. **Enable database logging** and monitoring
+
+## Cost Optimization
+
+The template uses:
+- `db.t3.micro` instance (eligible for free tier)
+- Minimal storage allocation (20GB)
+- No Multi-AZ deployment
+- No automated backups
+
+For production workloads, adjust these settings based on your requirements.
+
+## Cleanup
+
+To delete all resources:
+
+```bash
+sam delete --stack-name servicelifecycle-stack
+```
+
+## Troubleshooting
+
+### Lambda can't connect to database
+
+1. Check security groups allow traffic on port 5432
+2. Verify the database is publicly accessible
+3. Check VPC configuration and routing
+4. Verify database credentials in environment variables
+
+### Database connection timeout
+
+The PostgreSQL client may hang if the database is unreachable. This is a known issue with PostgresNIO. Ensure:
+1. Database is running and accessible
+2. Security groups are properly configured
+3. Network connectivity is available
+
+### Build failures
+
+Ensure you have:
+1. Swift 6.x toolchain installed
+2. Docker running
+3. Proper network connectivity for downloading dependencies
+
+## Files
+
+- `template.yaml`: SAM template defining all AWS resources
+- `samconfig.toml`: SAM configuration file
+- `deploy.sh`: Deployment script
+- `Sources/Lambda.swift`: Swift Lambda function code
+- `Sources/RootRDSCert.swift`: RDS root certificate for SSL connections
+- `Package.swift`: Swift package definition
diff --git a/Examples/ServiceLifecycle/Sources/Lambda.swift b/Examples/ServiceLifecycle/Sources/Lambda.swift
@@ -21,33 +21,34 @@ import ServiceLifecycle
 struct LambdaFunction {
 
     static func main() async throws {
-        LambdaFunction().main()
+        try await LambdaFunction().main()
     }
 
     private let pgClient: PostgresClient
     private var logger: Logger
     private init() throws {
         self.logger = Logger(label: "ServiceLifecycleExample")
-        logger.logLevel = .trace
 
-        self.pgClient = try preparePostgresClient(
+        self.pgClient = try LambdaFunction.preparePostgresClient(
             host: Lambda.env("DB_HOST") ?? "localhost",
             user: Lambda.env("DB_USER") ?? "postgres",
             password: Lambda.env("DB_PASSWORD") ?? "secret",
             dbName: Lambda.env("DB_NAME") ?? "test"
         )
     }
-    private func main() {
+    private func main() async throws {
 
-        /// Instantiate LambdaRuntime with a closure handler implementing the business logic of the Lambda function
-        let runtime = LambdaRuntime(logger: logger, body: handler)
+        // Instantiate LambdaRuntime with a handler implementing the business logic of the Lambda function
+        // ok when https://github.com/swift-server/swift-aws-lambda-runtime/pull/523 will be merged
+        //let runtime = LambdaRuntime(logger: logger, body: handler)
+        let runtime = LambdaRuntime(body: handler)
 
         /// Use ServiceLifecycle to manage the initialization and termination
         /// of the PGClient together with the LambdaRuntime
         let serviceGroup = ServiceGroup(
             services: [pgClient, runtime],
-            gracefulShutdownSignals: [.sigterm, .sigint],  // add SIGINT for CTRL+C in local testing
-            // cancellationSignals: [.sigint],
+            // gracefulShutdownSignals: [.sigterm, .sigint],  // add SIGINT for CTRL+C in local testing
+            cancellationSignals: [.sigint],
             logger: logger
         )
         try await serviceGroup.run()
@@ -56,7 +57,7 @@ struct LambdaFunction {
 
     }
 
-    private func handler(event: String, context: LambdaContext) -> String {
+    private func handler(event: String, context: LambdaContext) async -> String {
         do {
             // Use initialized service within the handler
             // IMPORTANT - CURRENTLY WHEN THERE IS AN ERROR, THIS CALL HANGS WHEN DB IS NOT REACHABLE
@@ -68,9 +69,10 @@ struct LambdaFunction {
         } catch {
             logger.error("PG Error: \(error)")
         }
+        return "Done"
     }
 
-    private func preparePostgresClient(
+    private static func preparePostgresClient(
         host: String,
         user: String,
         password: String,
diff --git a/Examples/ServiceLifecycle/deploy.sh b/Examples/ServiceLifecycle/deploy.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# ServiceLifecycle Lambda Deployment Script
+set -e
+
+echo "🚀 Building and deploying ServiceLifecycle Lambda with PostgreSQL..."
+
+# Build the Lambda function
+echo "📦 Building Swift Lambda function..."
+swift package --disable-sandbox archive --allow-network-connections docker
+
+# Deploy with SAM
+echo "🌩️  Deploying with SAM..."
+sam deploy
+
+echo "✅ Deployment complete!"
+echo ""
+echo "📋 To get the database connection details, run:"
+echo "aws cloudformation describe-stacks --stack-name servicelifecycle-stack --query 'Stacks[0].Outputs'"
+echo ""
+echo "🧪 To test the Lambda function:"
+echo "curl \$(aws cloudformation describe-stacks --stack-name servicelifecycle-stack --query 'Stacks[0].Outputs[?OutputKey==\`APIGatewayEndpoint\`].OutputValue' --output text)"
diff --git a/Examples/ServiceLifecycle/samconfig.toml b/Examples/ServiceLifecycle/samconfig.toml
@@ -0,0 +1,29 @@
+# SAM configuration file for ServiceLifecycle example
+version = 0.1
+
+[default.global.parameters]
+stack_name = "servicelifecycle-stack"
+
+[default.build.parameters]
+cached = true
+parallel = true
+
+[default.deploy.parameters]
+capabilities = "CAPABILITY_IAM"
+confirm_changeset = true
+resolve_s3 = true
+s3_prefix = "servicelifecycle"
+region = "us-east-1"
+image_repositories = []
+
+[default.package.parameters]
+resolve_s3 = true
+
+[default.sync.parameters]
+watch = true
+
+[default.local_start_api.parameters]
+warm_containers = "EAGER"
+
+[default.local_start_lambda.parameters]
+warm_containers = "EAGER"
diff --git a/Examples/ServiceLifecycle/template.yaml b/Examples/ServiceLifecycle/template.yaml
