CDK Construct Development

# CDK Construct Development Rules

## Compute

### AWS Lambda Functions

- Separate business logic from infrastructure code.
- Add the function handler code in a file with a `.lambda.ts` suffix.
- Group function handlers in a `functions` folder.
- Configure appropriate memory and timeout settings.
- Use environment variables for configuration.
- Set up appropriate IAM permissions with least privilege.

### ECS / Fargate

- Use appropriate task definitions and container configurations
- If needed, configure auto-scaling based on metrics
- Set up proper networking and security groups
- Implement health checks and monitoring

## Storage

### Amazon S3

- Configure appropriate encryption and access controls
- Set up lifecycle rules for cost optimization
- Implement versioning for critical data
- Configure logging and monitoring
- Configure backup and retention policies

### Amazon DynamoDB

- Configure appropriate capacity mode (on-demand or provisioned)
- Set up auto-scaling for provisioned capacity
- Implement proper key schema and indexes
- Configure backup and point-in-time recovery

## APIs

- Configure appropriate authentication and authorization
- Set up request validation and throttling
- Implement CORS for cross-origin requests
- Configure logging and monitoring

### Amazon API Gateway

- Configure appropriate authentication and authorization
- Set up request validation and throttling
- Implement CORS for cross-origin requests
- Configure logging and monitoring

## Networking

### VPC

- Design VPCs with appropriate subnet architecture
- Configure security groups with least privilege
- Set up VPC endpoints for AWS services when possible

### Cloudfront

- Configure appropriate cache behaviors for different content types
- Set up proper origin configurations
- Implement security headers and CORS
- Configure logging and monitoring

## Observability

### Cloudwatch

- Set up alarms for critical metrics
- Configure appropriate thresholds and actions
- Create dashboards for monitoring