Initial commit

Author: ScopatGames

AWS_CDK/.gitignore

@@ -0,0 +1,138 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+.pnpm-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+.cache
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out/
+.idea
+outfile*
+

AWS_CDK/.npmignore

@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

AWS_CDK/README.md

@@ -0,0 +1,41 @@
+# Amazon API Gateway WebSocket API demo
+
+This is the Amazon Web Services (AWS) Cloud Development Kit (CDK) backend for a Unity game that uses an authenticated WebSocket connection to pass game actions between players.
+
+![Alt](../docs/img/websocket-api-architecture.jpg "Amazon API Gateway WebSocket API architecture diagram showing the AWS Lambda integrations and Amazon DynamoDB database.")<br />
+*Reference architecture for the WebSocket API*
+
+The sample AWS CDK code deploys an API Gateway WebSockets API with the following routes:
+* $connect – handles client connections
+* $default – default route that doesn’t perform any function
+* heartbeat – prevents idle timeout by keeping the connection alive
+* message – handles client messages to other connected clients
+* $disconnect – handles client disconnections
+
+Each route has a Lambda function integration which receives the request information and performs an action. Connection state is maintained inside a DynamoDB table. When a client connects via the $connect route, the Lambda integration is executed and the connection ID is stored in the table. When a client disconnects, the $disconnect Lambda integration is executed and the connection ID is removed from the table. When a client sends a message to the message route, the Lambda integration retrieves all connection IDs from the DynamoDB table and broadcasts the message to all other connected clients.
+
+In addition to the WebSocket API architecture, Amazon Cognito is used to authenticate users when connecting to the WebSocket API. A configuration file is generated when this code is deployed, which provides a local credentials cache for the associated Unity application's Cognito login process.
+
+
+## Prerequisites
+* An [AWS Account](https://aws.amazon.com/) 
+* [AWS CLI](https://github.com/aws/aws-cli#getting-started) installed and configured.
+* [Node.js](https://nodejs.org/en/download/) v14.15.0+
+* [AWS CDK](https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html)
+
+## Steps to create the backend on your AWS Account
+1. Navigate to the AWS_CDK directory.
+2. ```npm run install-all``` to install all dependencies.
+4. ```export CDK_DEFAULT_REGION=<your-desired-region>``` to set the default AWS region, e.g. `us-east-1`.
+5. ```export CDK_DEFAULT_ACCOUNT=<your-aws-account>``` to set the default AWS account, e.g. `123456789012`.
+6. ```cdk bootstrap``` to bootstrap your AWS Account.
+7. ```cdk deploy WebSocketDemoStack --parameters AdminEmailAddress="<insert-your-email>"``` to deploy.
+8. Download the `aws-config.json` from the Config S3 bucket in your account. This will be used to authenticate users to the Amazon API Gateway WebSocket API.
+9. ```aws cognito-idp admin-set-user-password --user-pool-id <User Pool from Config file> --username <insert-your-email> --password <insert-your-password> --permanent``` to set the password for your admin account.
+10. [Return to the application setup README.](../README.md)
+
+## Clean up
+When you are finished with this demo you should destroy the deployed AWS resources to avoid unwanted costs. To destroy the resources:
+1. Navigate to the AWS_CDK directory.
+2. ```cdk destroy``` to destroy all deployed resources.
+

AWS_CDK/bin/unity-websocket-demo.ts

@@ -0,0 +1,26 @@
+#!/usr/bin/env node
+
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import { WebSocketDemoStack } from '../lib/websocket-demo-stack';
+import {AwsSolutionsChecks} from 'cdk-nag';
+
+const app = new cdk.App();
+
+cdk.Aspects.of(app).add(new AwsSolutionsChecks({ verbose: true }));
+
+new WebSocketDemoStack(app, 'WebSocketDemoStack', {
+  /* If you don't specify 'env', this stack will be environment-agnostic.
+   * Account/Region-dependent features and context lookups will not work,
+   * but a single synthesized template can be deployed anywhere. */
+
+  /* Uncomment the next line to specialize this stack for the AWS Account
+   * and Region that are implied by the current CLI configuration. */
+  env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
+
+  /* Uncomment the next line if you know exactly what Account and Region you
+   * want to deploy the stack to. */
+  // env: { account: '123456789012', region: 'us-east-1' },
+
+  /* For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html */
+});

AWS_CDK/cdk.json

@@ -0,0 +1,57 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/unity-websocket-demo.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true
+  }
+}

AWS_CDK/jest.config.js

@@ -0,0 +1,8 @@
+module.exports = {
+  testEnvironment: 'node',
+  roots: ['<rootDir>/test'],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.tsx?$': 'ts-jest'
+  }
+};

AWS_CDK/lib/cognito-stack.ts

@@ -0,0 +1,81 @@
+/*!
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: MIT-0
+ */
+
+import * as cdk from 'aws-cdk-lib';
+import { RemovalPolicy } from 'aws-cdk-lib';
+import { Construct } from 'constructs';
+
+import * as cognito from 'aws-cdk-lib/aws-cognito'
+import { NagSuppressions } from 'cdk-nag';
+
+export class CognitoStack extends cdk.NestedStack {
+    public AWS_Region: string;
+    public UserPool: cognito.UserPool;
+    public UserPoolId: string;
+    public AppClient: cognito.UserPoolClient;
+    public AppClientId: string;
+    public IdentityPool: cognito.CfnIdentityPool;
+    public IdentityPoolId: string;
+
+    constructor(scope: Construct, id: string, props?: cdk.StackProps) {
+        super(scope, id, props);
+        this.AWS_Region = this.region;
+        this.UserPool = new cognito.UserPool(this, 'websocket-api-demo-user-pool', {
+            userPoolName: 'websocket-api-demo-user-pool',
+            selfSignUpEnabled: false,
+            removalPolicy: RemovalPolicy.DESTROY,
+            passwordPolicy: {
+                minLength: 8,
+                requireDigits: true,
+                requireLowercase: true,
+                requireSymbols: true,
+                requireUppercase: true
+            },
+            advancedSecurityMode: cognito.AdvancedSecurityMode.ENFORCED
+        });
+        this.UserPoolId = this.UserPool.userPoolId;
+        this.AppClient = this.UserPool.addClient('unity-client', {
+            supportedIdentityProviders: [
+                cognito.UserPoolClientIdentityProvider.COGNITO
+            ],
+            authFlows: {
+                userPassword: true,
+                userSrp: true
+            }
+        });
+        this.AppClientId = this.AppClient.userPoolClientId;
+        this.IdentityPool = new cognito.CfnIdentityPool(this, id + "IdentityPool", {
+            allowUnauthenticatedIdentities: false,
+            cognitoIdentityProviders: [
+                {
+                    clientId: this.AppClientId,
+                    providerName: this.UserPool.userPoolProviderName
+                }
+            ]
+        });
+        this.IdentityPoolId = this.IdentityPool.ref;
+
+        // CDK Nag Suppressions
+
+        NagSuppressions.addResourceSuppressions(this.UserPool, [
+            {
+                id: 'AwsSolutions-COG2',
+                reason: 'MFA should be added in a production environment.'
+            }
+        ]);
+
+    }
+
+    exportConfig() {
+        const config = {
+            'AWS_Region': this.AWS_Region,
+            'CognitoUserPool': this.UserPool.userPoolId,
+            'CognitoIdentityPool': this.IdentityPoolId,
+            'AppClientId': this.AppClient.userPoolClientId
+        }
+        return config;
+    }
+
+}