Added CloudFront for Fargate Service, with other fixes

Author: arya23065

README.md

@@ -74,22 +74,20 @@ cdk deploy --parameters SesBankEmail={email} --parameters SesCustomerEmail={emai
 
 Example usage:
 ```
-cdk deploy --parameters SesBankEmail=owner@anybank.com --parameters SesCustomerEmail=anup.ravi@test.com --parameters LLMImageTag=20240307_111334
+cdk deploy --parameters SesBankEmail=owner@anybank.com --parameters SesCustomerEmail=anup@test.com --parameters LLMImageTag=20240307_123456
 ```
 
 * Once your deployment is complete:
   * An email will be sent to the `SesBankEmail` and `SesCustomerEmail` you supplied to verify the new SES identities created. Please make sure to click the verification link provided in the email.
-  * Visit the ECS Cluster created by the stack, open the running service and visit its task. The public IP address is your LLM endpoints.
-  * Go to the Console and search for Elastic Container Service (ECS). Click on the cluster that was created and choose the task that is currently running. In the Configuration section for that task, you will find the Public IP address which is going to be your LLM endpoint (will be used in the next step).
-
+  * Copy the `CloudFrontDomainName` outputted by the CloudFormation Stack
 
 > Note: If the CloudFormation Stack gets stuck on waiting for the completion of the LLMDeployment, it is possible that your ECS task has failed. This may be because the architecture of the machine you built the image on does not match what we have configured to be used in our project (ARM64). In that case, manually update the architecture the ECS Task Definition utilises (to possibly use X86 instead).
 
 ### Deploy the Demo Application to AWS Account
 
 To deploy the demo application to your AWS account, follow the instructions below:
 
-* Copy the LLM endpoint from the previous step. Update the `LLM_API_ENDPOINT` constant in `App.js` within `./penny-ui/src/`
+* Replace the value of `LLM_API_ENDPOINT` constant in `App.js` within `./penny-ui/src/` with `CloudFrontDomainName` outputted by the CloudFormation Stack.
 * Navigate to `./penny-ui`
 * Run the below commands to deploy the application amplify:
 ```
@@ -98,7 +96,6 @@ amplify init
 amplify add hosting
 amplify publish
 ```
-> Note:  In chrome or some other browsers, you may not receive any response from the agent for very long. This is due to a Mixed Content error in the console as the ECS public endpoint is in http while the react app is deployed to https. To solve this in Chrome, press of the icon near the URL > Site settings > Insecure content > Allow
 
 * Visit the outputted domain where your application has been deployed. Congratulations you can not start talking to the digital assistant!
 

api/llm/app/penny/tools.py

@@ -30,7 +30,6 @@ def setup_knowledge_base():
             "top_k": 250,
             "top_p": 0.999,
             "stop_sequences": ["\\n\\nHuman:", "\\n\\System:"],
-            "anthropic_version": "bedrock-2023-05-31"
         }
     )
 
@@ -71,7 +70,7 @@ def _run(self, query):
 
             url = API_ENDPOINT + '/account'
             params = {'email': email.lower()}
-            r = requests.get(url = url, params = params)
+            r = requests.get(url = url, params = params, timeout=300)
 
             print(r.json())
             if r.json()["statusCode"] != 200:
@@ -102,7 +101,7 @@ def _run(self, input=""):
             'file_name': file_name,
             'required_field_values': required_field_values
         }
-        r = requests.post(url=url, json=body)
+        r = requests.post(url=url, json=body, timeout=300)
 
         print(r.json())
         if r.json()["statusCode"] != 200:
@@ -132,7 +131,7 @@ def _run(self, input=""):
             'id_file_name': id_file_name,
             'selfie_file_name': selfie_file_name
         }
-        r = requests.post(url=url, json=body)
+        r = requests.post(url=url, json=body, timeout=300)
 
         if r.json()["statusCode"] != 200:
             return "Respond that our onboarding service is currently unavailable and to try again later."
@@ -175,7 +174,7 @@ def _run(self, input=""):
             'selfie_file_name': selfie_file_name
         }
         print(body)
-        r = requests.post(url=url, json=body)
+        r = requests.post(url=url, json=body, timeout=300)
         print(r)
 
         if r.status_code != 200:

api/llm/requirements.txt

@@ -1,10 +1,10 @@
 fastapi==0.109.1
 uvicorn==0.24.0.post1
 pydantic==2.5.2
-langchain==0.1.12
+langchain==0.2.16
 langchain-community==0.2.5
-torch==2.1.1
-torchvision==0.16.1
+torch==2.4.1
+torchvision==0.19.1
 sentence-transformers==2.2.2
 faiss-cpu==1.7.4
 email-validator==2.1.0

infra/cdk.json

@@ -44,7 +44,6 @@
     "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
     "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
     "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
-    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
     "@aws-cdk/aws-redshift:columnId": true,
     "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
     "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,

infra/lib/infra-stack.ts

@@ -12,6 +12,10 @@ import * as ec2 from "aws-cdk-lib/aws-ec2";
 import * as kendra from "aws-cdk-lib/aws-kendra";
 import * as ses from "aws-cdk-lib/aws-ses";
 import * as s3deploy from 'aws-cdk-lib/aws-s3-deployment';
+import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
+import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
+import * as origins from 'aws-cdk-lib/aws-cloudfront-origins';
+
 
 export class PennyInfraStack extends cdk.Stack {
   private customerTable: dynamodb.Table
@@ -394,5 +398,53 @@ export class PennyInfraStack extends cdk.Stack {
       securityGroups: [sg],
       serviceName: 'LLMFargateService'
     })    
+
+    const lb = new elbv2.ApplicationLoadBalancer(this, 'PennyALB', {
+      vpc: vpc,
+      internetFacing: true,
+    })
+  
+    const httpListener = lb.addListener('PennyHttpListener', {
+      port: 80,
+      open: true,
+    })
+  
+    httpListener.addTargets('PennyECS', {
+      port: 80,
+      targets: [this.llmService],
+      healthCheck: {
+        path: '/',
+        interval: cdk.Duration.seconds(60),
+      },
+    })
+
+    const corsHeadersPolicy = new cloudfront.ResponseHeadersPolicy(this, 'CorsHeadersPolicy', {
+      responseHeadersPolicyName: 'CorsHeadersPolicy',
+      corsBehavior: {
+        accessControlAllowOrigins: ['*'],
+        accessControlAllowMethods: ['GET', 'HEAD', 'OPTIONS', 'PUT', 'POST', 'PATCH', 'DELETE'],
+        accessControlAllowHeaders: ['*'],
+        accessControlAllowCredentials: false,
+        originOverride: true,
+      },
+    });
+  
+    const distribution = new cloudfront.Distribution(this, 'PennyDistribution', {
+      defaultBehavior: {
+        origin: new origins.HttpOrigin(lb.loadBalancerDnsName, {
+          protocolPolicy: cloudfront.OriginProtocolPolicy.HTTP_ONLY,
+        }),
+        viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+        allowedMethods: cloudfront.AllowedMethods.ALLOW_ALL,
+        cachePolicy: cloudfront.CachePolicy.CACHING_DISABLED,
+        originRequestPolicy: cloudfront.OriginRequestPolicy.ALL_VIEWER,
+        responseHeadersPolicy: corsHeadersPolicy,
+      },
+    });
+  
+    new cdk.CfnOutput(this, 'CloudFrontDomainName', {
+      value: distribution.distributionDomainName,
+    });
+
   }
 }

infra/package-lock.json

@@ -11,17 +11,16 @@
     "cdk": "cdk"
   },
   "devDependencies": {
-    "@types/jest": "^29.5.5",
     "@types/node": "20.7.1",
-    "jest": "^29.7.0",
-    "ts-jest": "^29.1.1",
+    "jest": "29.7.0",
+    "ts-jest": "29.1.1",
     "aws-cdk": "2.101.1",
-    "ts-node": "^10.9.1",
-    "typescript": "~5.2.2"
+    "ts-node": "10.9.1",
+    "typescript": "5.2.2"
   },
   "dependencies": {
     "aws-cdk-lib": "2.101.1",
-    "constructs": "^10.0.0",
-    "source-map-support": "^0.5.21"
+    "constructs": "10.0.0",
+    "source-map-support": "0.5.21"
   }
 }

infra/package.json

@@ -43,3 +43,7 @@ amplifytools.xcconfig
 .secret-*
 **.sample
 #amplify-do-not-edit-end
+
+
+/amplify
+