acm-uiuc
diff --git a/‎Makefile
Lines changed: 4 additions & 0 deletions b/‎Makefile
Lines changed: 4 additions & 0 deletions
diff --git a/‎cloudformation/iam.yml
Lines changed: 22 additions & 33 deletions b/‎cloudformation/iam.yml
Lines changed: 22 additions & 33 deletions
diff --git a/‎cloudformation/main.yml
Lines changed: 107 additions & 27 deletions b/‎cloudformation/main.yml
Lines changed: 107 additions & 27 deletions
diff --git a/‎cloudformation/sqs.yml
Lines changed: 19 additions & 0 deletions b/‎cloudformation/sqs.yml
Lines changed: 19 additions & 0 deletions
diff --git a/‎src/api/esbuild.config.js
Lines changed: 5 additions & 1 deletion b/‎src/api/esbuild.config.js
Lines changed: 5 additions & 1 deletion
@@ -80,9 +80,13 @@ deploy_dev: check_account_dev build
 invalidate_cloudfront:
 	@echo "Creating CloudFront invalidation..."
 	$(eval DISTRIBUTION_ID := $(shell aws cloudformation describe-stacks --stack-name $(application_key) --query "Stacks[0].Outputs[?OutputKey=='CloudfrontDistributionId'].OutputValue" --output text))
+	$(eval DISTRIBUTION_ID_2 := $(shell aws cloudformation describe-stacks --stack-name $(application_key) --query "Stacks[0].Outputs[?OutputKey=='CloudfrontSecondaryDistributionId'].OutputValue" --output text))
 	$(eval INVALIDATION_ID := $(shell aws cloudfront create-invalidation --distribution-id $(DISTRIBUTION_ID) --paths "/*" --query 'Invalidation.Id' --output text --no-cli-page))
+	$(eval INVALIDATION_ID_2 := $(shell aws cloudfront create-invalidation --distribution-id $(DISTRIBUTION_ID_2) --paths "/*" --query 'Invalidation.Id' --output text --no-cli-page))
 	@echo "Waiting on job $(INVALIDATION_ID)..."
 	aws cloudfront wait invalidation-completed --distribution-id $(DISTRIBUTION_ID) --id $(INVALIDATION_ID)
+	@echo "Waiting on job $(INVALIDATION_ID_2)..."
+	aws cloudfront wait invalidation-completed --distribution-id $(DISTRIBUTION_ID_2) --id $(INVALIDATION_ID_2)
 	@echo "CloudFront invalidation completed!"
 
 install:
 
@@ -16,6 +16,9 @@ Parameters:
   SqsQueueArn:
     Type: String
 
+Conditions:
+  IsDev: !Equals [!Ref RunEnvironment, "dev"]
+
 Resources:
   # Managed Policy for Common Lambda Permissions
   CommonLambdaManagedPolicy:
@@ -73,8 +76,6 @@ Resources:
           - Sid: DynamoDBCacheAccess
             Effect: Allow
             Action:
-              - dynamodb:BatchGetItem
-              - dynamodb:BatchWriteItem
               - dynamodb:ConditionCheckItem
               - dynamodb:PutItem
               - dynamodb:DescribeTable
@@ -84,15 +85,6 @@ Resources:
               - dynamodb:UpdateItem
             Resource:
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-cache
-            Condition:
-              ForAllValues:StringEquals:
-                dynamodb:LeadingKeys:
-                  - testing # add any keys that must be accessible
-              ForAllValues:StringLike:
-                dynamodb:Attributes:
-                  - primaryKey
-                  - expireAt
-                  - "*"
 
           - Sid: DynamoDBRateLimitTableAccess
             Effect: Allow
@@ -185,28 +177,6 @@ Resources:
                 Effect: Allow
                 Resource:
                   - Fn::Sub: arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:infra-core-api-entra*
-              - Action:
-                  - dynamodb:BatchGetItem
-                  - dynamodb:GetItem
-                  - dynamodb:Query
-                  - dynamodb:DescribeTable
-                  - dynamodb:BatchWriteItem
-                  - dynamodb:ConditionCheckItem
-                  - dynamodb:PutItem
-                  - dynamodb:DeleteItem
-                  - dynamodb:UpdateItem
-                Effect: Allow
-                Resource:
-                  - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-cache
-                Condition:
-                  ForAllValues:StringEquals:
-                    dynamodb:LeadingKeys:
-                      - entra_id_access_token # add any keys that must be accessible
-                  ForAllValues:StringLike:
-                    dynamodb:Attributes:
-                      - primaryKey
-                      - expireAt
-                      - "*"
 
   # SQS Lambda IAM Role
   SqsLambdaIAMRole:
@@ -241,6 +211,25 @@ Resources:
                   ForAllValues:StringLike:
                     ses:Recipients:
                       - "*@illinois.edu"
+        - PolicyName: ses-sales
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Action:
+                  - ses:SendEmail
+                  - ses:SendRawEmail
+                Effect: Allow
+                Resource: "*"
+                Condition:
+                  StringEquals:
+                    ses:FromAddress:
+                      Fn::Sub: "sales@${SesEmailDomain}"
+                  ForAllValues:StringLike:
+                    ses:Recipients:
+                      - !If
+                        - IsDev
+                        - "*@illinois.edu"
+                        - "*"
 
 
   EdgeLambdaIAMRole:
 
@@ -7,9 +7,13 @@ Parameters:
     Type: String
     AllowedValues: ["dev", "prod"]
   AlertSNSArn:
-    Description: SNS Queue to send alarm alerts to (prod only)
+    Description: SNS Queue to send general alarm alerts to (prod only)
     Type: String
     Default: arn:aws:sns:us-east-1:298118738376:infra-monitor-alerts
+  PriorityAlertSNSArn:
+    Description: SNS Queue to send priority alarm alerts to (prod only)
+    Type: String
+    Default: arn:aws:sns:us-east-1:298118738376:infra-core-api-priority-alerts
   ApplicationPrefix:
     Type: String
     Description: Application prefix, no ending dash
@@ -24,11 +28,11 @@ Parameters:
     AllowedValues: [true, false]
   SqsLambdaTimeout:
     Description: How long the SQS lambda is permitted to run (in seconds)
-    Default: 300
+    Default: 180
     Type: Number
   SqsMessageTimeout:
-    Description: MessageVisibilityTimeout for the SQS Lambda queue (should be at least 6xSqsLambdaTimeout)
-    Default: 1800
+    Description: MessageVisibilityTimeout for the SQS Lambda queue (should be at least (numMaxRetry + 1)*SqsLambdaTimeout)
+    Default: 720
     Type: Number
   S3BucketPrefix:
     Description: S3 bucket prefix which will ensure global uniqueness
@@ -119,7 +123,7 @@ Resources:
         GWApiId: !Ref AppApiGateway
         GWHostedZoneId:
           !FindInMap [ApiGwConfig, !Ref RunEnvironment, HostedZoneId]
-        CloudfrontDomain: !GetAtt [AppFrontendCloudfrontDistribution, DomainName]
+        CloudfrontDomain: !GetAtt [AppIcalCloudfrontDistribution, DomainName]
 
   LinkryDomainProxy:
     Type: AWS::Serverless::Application
@@ -139,7 +143,7 @@ Resources:
         GWApiId: !Ref AppApiGateway
         GWHostedZoneId:
           !FindInMap [ApiGwConfig, !Ref RunEnvironment, HostedZoneId]
-        CloudfrontDomain: !GetAtt [AppFrontendCloudfrontDistribution, DomainName]
+        CloudfrontDomain: !GetAtt [AppIcalCloudfrontDistribution, DomainName]
 
   CoreUrlProd:
     Type: AWS::Serverless::Application
@@ -258,6 +262,17 @@ Resources:
       FunctionResponseTypes:
         - ReportBatchItemFailures
 
+  SQSLambdaEventMappingSales:
+    Type: AWS::Lambda::EventSourceMapping
+    DependsOn:
+      - AppSqsLambdaFunction
+    Properties:
+      BatchSize: 5
+      EventSourceArn: !GetAtt AppSQSQueues.Outputs.SalesEmailQueueArn
+      FunctionName: !Sub ${ApplicationPrefix}-sqs-lambda
+      FunctionResponseTypes:
+        - ReportBatchItemFailures
+
   MembershipRecordsTable:
     Type: "AWS::DynamoDB::Table"
     DeletionPolicy: "Retain"
@@ -515,7 +530,7 @@ Resources:
       ComparisonOperator: "LessThanThreshold"
       Threshold: "1"
       AlarmActions:
-        - !Ref AlertSNSArn
+        - !Ref PriorityAlertSNSArn
       Dimensions:
         - Name: "ApiName"
           Value: !Sub ${ApplicationPrefix}-gateway
@@ -534,7 +549,7 @@ Resources:
       ComparisonOperator: "GreaterThanThreshold"
       Threshold: "2"
       AlarmActions:
-        - !Ref AlertSNSArn
+        - !Ref PriorityAlertSNSArn
       Dimensions:
         - Name: "ApiName"
           Value: !Sub ${ApplicationPrefix}-gateway
@@ -547,13 +562,16 @@ Resources:
       AlarmDescription: "Items are present in the application DLQ, meaning some messages failed to process."
       Namespace: "AWS/SQS"
       MetricName: "ApproximateNumberOfMessagesVisible"
-      Statistic: "Sum"
-      Period: "60"
-      EvaluationPeriods: "1"
+      Statistic: "Maximum"
+      Period: 60
+      EvaluationPeriods: 1
       ComparisonOperator: "GreaterThanThreshold"
-      Threshold: "0"
+      Threshold: 0
+      Dimensions:
+        - Name: QueueName
+          Value: !Sub ${ApplicationPrefix}-sqs-dlq
       AlarmActions:
-        - !Ref AlertSNSArn
+        - !Ref PriorityAlertSNSArn
 
   APILambdaPermission:
     Type: AWS::Lambda::Permission
@@ -608,20 +626,6 @@ Resources:
             - ApiGwConfig
             - !Ref RunEnvironment
             - UiDomainName
-          - !Join
-            - ""
-            - - "go."
-              - !FindInMap
-                - ApiGwConfig
-                - !Ref RunEnvironment
-                - EnvDomainName
-          - !Join
-            - ""
-            - - "ical."
-              - !FindInMap
-                - ApiGwConfig
-                - !Ref RunEnvironment
-                - EnvDomainName
 
         DefaultCacheBehavior:
           TargetOriginId: S3WebsiteOrigin
@@ -749,19 +753,95 @@ Resources:
     Properties:
       FunctionName: !Ref AppFrontendEdgeLambda
 
+  AppIcalCloudfrontDistribution:
+    Type: AWS::CloudFront::Distribution
+    Properties:
+      DistributionConfig:
+        Origins:
+          - Id: ApiGatewayOrigin
+            DomainName: !Sub "${AppApiGateway}.execute-api.${AWS::Region}.amazonaws.com"
+            OriginPath: "/default"
+            CustomOriginConfig:
+              HTTPPort: 80
+              HTTPSPort: 443
+              OriginProtocolPolicy: https-only
+        Enabled: true
+        Aliases:
+          - !Join
+            - ""
+            - - "go."
+              - !FindInMap
+                - ApiGwConfig
+                - !Ref RunEnvironment
+                - EnvDomainName
+          - !Join
+            - ""
+            - - "ical."
+              - !FindInMap
+                - ApiGwConfig
+                - !Ref RunEnvironment
+                - EnvDomainName
+        DefaultCacheBehavior:
+          TargetOriginId: ApiGatewayOrigin
+          ViewerProtocolPolicy: redirect-to-https
+          AllowedMethods:
+            - GET
+            - HEAD
+            - OPTIONS
+            - PUT
+            - POST
+            - DELETE
+            - PATCH
+          CachedMethods:
+            - GET
+            - HEAD
+          ForwardedValues:
+            QueryString: false
+            Cookies:
+              Forward: none
+          CachePolicyId: !Ref CloudfrontCachePolicy
+          OriginRequestPolicyId: 216adef6-5c7f-47e4-b989-5492eafa07d3
+        ViewerCertificate:
+          AcmCertificateArn: !FindInMap
+            - ApiGwConfig
+            - !Ref RunEnvironment
+            - EnvCertificateArn
+          MinimumProtocolVersion: TLSv1.2_2021
+          SslSupportMethod: sni-only
+        HttpVersion: http2
+        PriceClass: PriceClass_100
+
+
 Outputs:
   DomainName:
     Description: Domain name that the UI is hosted at
     Value: !FindInMap
       - ApiGwConfig
       - !Ref RunEnvironment
       - UiDomainName
+
   CloudfrontCnameTarget:
     Description: CNAME record target to create for the domain name above (create the CNAME manually)
     Value:
       Fn::GetAtt:
         - AppFrontendCloudfrontDistribution
         - DomainName
+
+  CloudfrontSecondaryCnameTarget:
+    Description: CNAME record target to create for the secondary domain names (create the CNAME manually)
+    Value:
+      Fn::GetAtt:
+        - AppIcalCloudfrontDistribution
+        - DomainName
+
   CloudfrontDistributionId:
     Description: Cloudfront Distribution ID
     Value: !GetAtt AppFrontendCloudfrontDistribution.Id
+
+  CloudfrontSecondaryDistributionId:
+    Description: Cloudfront Distribution ID
+    Value: !GetAtt AppIcalCloudfrontDistribution.Id
+
+  SalesEmailQueueArn:
+    Description: Sales Email Queue Arn
+    Value: !GetAtt AppSQSQueues.Outputs.SalesEmailQueueArn
@@ -13,6 +13,8 @@ Resources:
     Properties:
       QueueName: !Sub ${QueueName}-dlq
       VisibilityTimeout: !Ref MessageTimeout
+      MessageRetentionPeriod: 1209600
+
   AppQueue:
     Type: AWS::SQS::Queue
     Properties:
@@ -24,6 +26,17 @@ Resources:
             - "AppDLQ"
             - "Arn"
         maxReceiveCount: 3
+  SalesEmailQueue:
+    Type: AWS::SQS::Queue
+    Properties:
+      QueueName: !Sub ${QueueName}-sales
+      VisibilityTimeout: !Ref MessageTimeout
+      RedrivePolicy:
+        deadLetterTargetArn:
+          Fn::GetAtt:
+            - "AppDLQ"
+            - "Arn"
+        maxReceiveCount: 3
 
 Outputs:
   MainQueueArn:
@@ -38,3 +51,9 @@ Outputs:
       Fn::GetAtt:
       - AppDLQ
       - Arn
+  SalesEmailQueueArn:
+    Description: Sales Email Queue Arn
+    Value:
+      Fn::GetAtt:
+      - SalesEmailQueue
+      - Arn
@@ -1,6 +1,7 @@
 import { build, context } from 'esbuild';
 import { readFileSync } from 'fs';
 import { resolve } from 'path';
+import copyStaticFiles from 'esbuild-copy-static-files';
 
 const isWatching = !!process.argv.includes('--watch')
 const nodePackage = JSON.parse(readFileSync(resolve(process.cwd(), 'package.json'), 'utf8'));
@@ -24,14 +25,17 @@ const buildOptions = {
   },
   banner: {
     js: `
-      import path from 'path';
       import { fileURLToPath } from 'url';
       import { createRequire as topLevelCreateRequire } from 'module';
       const require = topLevelCreateRequire(import.meta.url);
       const __filename = fileURLToPath(import.meta.url);
       const __dirname = path.dirname(__filename);
     `.trim(),
   }, // Banner for compatibility with CommonJS
+    plugins: [copyStaticFiles({
+      src: './public',
+      dest: resolve(process.cwd(), '../', '../', 'dist_devel', 'public'),
+    })],
 };
 
 if (isWatching) {