This package defines the AWS infrastructure for the Consent Management API, using the AWS Cloud Development Kit (CDK).
The Consent Management API will route traffic through a Web Application Firewall (WAF) that will filter out common forms of malicious traffic to maintain service for legitimate users.
The WAF will pass legitimate traffic through to a REST API Gateway, which will provide API authentication/authorization, per-client rate-limiting, and basic request input validation before passing through to the appropriate Lambda function, which will query backend data stored in DynamoDB and emit application logs and metrics to CloudWatch.
Consent writes will be automatically synced via DynamoDB Streams to an Consent History Ingestor Lambda Function, with an SQS dead letter queue catching any messages that the Lambda fails to process.
The Consent History Ingestor will write consent history items to a Consent History DynamoDB table, with application logs and metrics emitted to CloudWatch.
The Consent History API will have the same architecture as the Consent Management API, with customer traffic routed through a Web Application Firewall to an API Gateway backed by a Lambda function that makes read-only queries against the Consent History DynamoDB table.
AWS Cloud Development Kit (AWS CDK) is used to define AWS infrastructure in code and provision it through AWS CloudFormation.
GitHub Actions are used to automatically run test builds after code changes, synthesize CloudFormation stack templates, and deploy code and infrastructure changes to AWS.
Gradle is used to build the project and manage package dependencies.
The code in this project is released under the GPL-3.0 License.