Merge branch 'master' into 'moveServiceToDataGroups'

# Conflicts:
#   src/cloud/config.ts

.gitignore

@@ -29,5 +29,8 @@ keys
 # newman junit output
 newman
 
+.DS_Store
+.idea
+
 # backup files
 *.bak
\ No newline at end of file

.gitlab-ci.yml

@@ -5,8 +5,17 @@ variables:
   PORT: 80
   REPLICA: 1
   UTEST_RUNTIME_IMAGE: seistore-svc-runtime
+
   #aws variables
-  #azure variables  
+  AWS_SERVICE: seismic-store
+  AWS_BUILD_SUBDIR: src/cloud/providers/aws/build-aws
+  AWS_TEST_SUBDIR: tests
+  AWS_ENVIRONMENT: dev
+  AWS_BUILDER_DOCKERFILE_PATH: src/cloud/providers/aws/build-aws/builder.Dockerfile
+  AWS_RUNTIME_DOCKERFILE_PATH: src/cloud/providers/aws/build-aws/runtime.Dockerfile
+  # skipping tests here. Using a local file to run tests
+  AWS_SKIP_TESTS: "true"
+  #azure variables
   AZURE_SERVICE: seismic-store-service
   #gcp variables
   GCP_APPLICATION_NAME: os-seismic-store-service
@@ -30,7 +39,13 @@ include:
   # containerize
   - project: "osdu/platform/ci-cd-pipelines"
     file: "containerize/seismic-store-service.yml"
-    
+
+  # aws
+  - project: "osdu/platform/ci-cd-pipelines"
+    file: "cloud-providers/aws.yml"
+
+  - local: "/devops/aws/awstest.yml"
+
   # deploy
     #azure
   - project: "osdu/platform/ci-cd-pipelines"
@@ -39,7 +54,8 @@ include:
     #ibm  
   - project: "osdu/platform/ci-cd-pipelines"
     file: "cloud-providers/ibm-seismic-store-service.yml"
-    
+
+
     #gcp
   - project: "osdu/platform/ci-cd-pipelines"
     file: "cloud-providers/gcp-seismic-store-service.yml"

devops/aws/awstest.yml

+aws-test-newman:
+  extends:
+    - .aws
+    - .aws_base_variables
+    - .aws_variables
+  stage: integration
+  image: node
+  needs: ['aws-update-ecs']
+  script:
+    - apt-get update
+    - apt-get install -y python
+    - apt-get install -y python-pip
+    - pip install -r devops/aws/requirements.txt
+    - svctoken=$(python devops/scripts/aws_jwt_client.py)
+    - echo $svctoken
+    - npm install -g newman
+    - chmod +x ./tests/e2e/run_e2e_tests.sh
+    - ./tests/e2e/run_e2e_tests.sh --seistore-svc-url=${SEISMICSTORE_SVC_URL} --seistore-svc-api-key="NA" --user-idtoken="$svctoken" --user-idtoken="$svctoken" --tenant=opendes --subproject=awsdemosubproject --admin-email="${AWS_COGNITO_AUTH_PARAMS_USER}" --datapartition=opendes --legaltag01=opendes-sdmstestlegaltag --legaltag02=opendes-sdmstestlegaltag --subproject-long-name=subprojectlonggggggggggggggggggggggname --VCS-Provider="${ISGITLAB}"
+  only:
+    variables:
+      -  $AWS == 'true'
+  artifacts:
+    when: always
+    paths:
+      - $INTEGRATION_TEST_DIR
+    expire_in: 14 days

devops/aws/requirements.txt

+adal==1.2.2
+boto3==1.14.40
+botocore==1.17.54
+certifi==2019.11.28
+cffi==1.14.0
+chardet==3.0.4
+cryptography==2.8
+docutils==0.15.2
+idna==2.9
+jmespath==0.10.0
+pycparser==2.20
+PyJWT==1.7.1
+python-dateutil==2.8.1
+requests==2.23.0
+s3transfer==0.3.3
+six==1.14.0
+urllib3==1.25.8
+xmlrunner==1.7.7
\ No newline at end of file

devops/scripts/aws_jwt_client.py

+import os;
+import boto3;
+import jwt;
+
+def get_id_token():
+    client = boto3.client('cognito-idp', region_name=os.environ["AWS_REGION"])
+    userAuth = client.initiate_auth(
+        ClientId= os.environ['AWS_COGNITO_CLIENT_ID'],
+        AuthFlow= os.environ['AWS_COGNITO_AUTH_FLOW'],
+        AuthParameters= {
+            "USERNAME": os.environ['AWS_COGNITO_AUTH_PARAMS_USER'],
+            "PASSWORD": os.environ['AWS_COGNITO_AUTH_PARAMS_PASSWORD']
+        })
+
+    print(userAuth['AuthenticationResult']['AccessToken'])
+
+
+def get_invalid_token():
+    #generate a dummy jwt
+    return jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256').decode("utf-8")
+
+if __name__ == '__main__':
+    get_id_token()

devops/scripts/ibm_jwt_client.py

@@ -5,8 +5,8 @@ import json
 url = os.getenv('KEYCLOAK_URL')
 client_id = os.getenv('KEYCLOAK_CLIENT_ID')
 client_secret = os.getenv('KEYCLOAK_CLIENT_SECRET')
-user = os.getenv('AUTH_USER_ACCESS')
-password = os.getenv('AUTH_USER_ACCESS_PASSWORD')
+user = os.getenv('IBM_SEISMIC_AUTH_USER_ACCESS')
+password = os.getenv('IBM_SEISMIC_AUTH_USER_ACCESS_PASSWORD')
 
 payload = "grant_type=password&client_id="+client_id+"&client_secret="+client_secret+"&username="+user+"&password="+password+"&scope=openid"
 headers = {

devops/scripts/utest_build_run.sh

@@ -18,6 +18,7 @@ npm install fs-jetpack
 npm install inline-css
 
 npm run test-automation
+if [ $? -ne 0 ]; then exit 1; fi
 node devops/scripts/cssfix.js
 if [ $? -ne 0 ]; then exit 1; fi
 

docs/templates/.env-sample-aws

+#cloud provider is set to aws 
+CLOUDPROVIDER= "aws"
+
+#specify service port, default is 5000
+PORT= 5000
+
+API_BASE_PATH=/api/seismic-store/v3
+SERVICE_ENV=evd
+ENVIRONMENT=
+IMP_SERVICE_ACCOUNT_SIGNER=
+AWS_REGION=
+
+# redis instance url (defautl port 6379)
+LOCKSMAP_REDIS_INSTANCE_ADDRESS=
+LOCKSMAP_REDIS_INSTANCE_PORT= 6379
+LOCKSMAP_REDIS_INSTANCE_KEY=
+
+DES_REDIS_INSTANCE_ADDRESS=
+DES_REDIS_INSTANCE_PORT=
+DES_REDIS_INSTANCE_KEY=
+DES_SERVICE_HOST=
+DES_SERVICE_APPKEY=
+
+JWKS_URL=
+JWT_EXCLUDE_PATHS=
+JWT_AUDIENCE=
+
+
+# Features to disable ONLY the service run locally
+JWT_ENABLE_FEATURE= "false"
+FEATURE_FLAG_AUTHORIZATION= "false"
+FEATURE_FLAG_LEGALTAG= "false"
+FEATURE_FLAG_SEISMICMETA_STORAGE= "false"
+FEATURE_FLAG_IMPTOKEN= "false"
+FEATURE_FLAG_STORAGE_CREDENTIALS= "false"
+FEATURE_FLAG_TRACE= "false"
+FEATURE_FLAG_LOGGING= "false"
+FEATURE_FLAG_STACKDRIVER_EXPORTER= "false"

npm-shrinkwrap.json

@@ -9053,9 +9053,9 @@
          }
       },
       "typescript": {
-         "version": "3.8.3",
-         "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.8.3.tgz",
-         "integrity": "sha512-MYlEfn5VrLNsgudQTVJeNaQFUAI7DkhnOjdpAp4T+ku1TfQClewlbSuTVHiA+8skNBgaf02TL/kLOvig4y3G8w=="
+         "version": "4.2.3",
+         "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.2.3.tgz",
+         "integrity": "sha512-qOcYwxaByStAWrBf4x0fibwZvMRG+r4cQoTjbPtUlrWjBHbmCAww1i448U0GJ+3cNNEtebDteo/cHOR3xJ4wEw=="
       },
       "uglify-js": {
          "version": "3.7.7",

package.json

@@ -14,7 +14,7 @@
     "setup:dev": "(nohup redis-server > /tmp/redis.log 2>&1 &) && (npm i)",
     "test": "env UTEST=true mocha -r ts-node/register tests/utest/test.ts",
     "test-coverage": "env UTEST=true nyc mocha -r ts-node/register --reporter mocha-junit-reporter tests/utest/test.ts",
-    "test-automation": "npm run clean && npm install && npm run test-coverage",
+    "test-automation": "npm run clean && npm install && npm run build && npm run test-coverage",
     "test-e2e-parallel": "node ./tests/e2e/parallel/run_e2e_tests_parallel.js"
   },
   "nyc": {
@@ -77,7 +77,7 @@
     "replace-in-file": "^6.1.0",
     "request": "2.88.2",
     "request-promise": "4.2.6",
-    "typescript": "^3.8.3",
+    "typescript": "4.2.3",
     "uuid": "^8.3.2",
     "winston": "3.3.3",
     "xss-filters": "1.2.7",

src/cloud/config.ts

@@ -44,6 +44,9 @@ export interface ConfigModel {
     JWT_ENABLE_FEATURE: boolean;
     API_BASE_PATH: string;
     TENANT_JOURNAL_ON_DATA_PARTITION: boolean;
+    SSL_ENABLED?: boolean;
+    SSL_KEY_PATH?: string;
+    SSL_CERT_PATH?: string;
     FEATURE_FLAG_AUTHORIZATION: boolean;
     FEATURE_FLAG_LEGALTAG: boolean;
     FEATURE_FLAG_SEISMICMETA_STORAGE: boolean;
@@ -128,6 +131,11 @@ export abstract class Config implements IConfig {
     // DataGroups prefix
     public static DATAGROUPS_PREFIX = 'data.sdms'
 
+    // Server SSL
+    public static SSL_ENABLED = false;
+    public static SSL_KEY_PATH: string;
+    public static SSL_CERT_PATH: string;
+
     // WriteLock Skip
     // This is an open issue to discuss.
     // Checking the write lock is the correct behaviour and this varialbe shoudl be set to "false".
@@ -190,6 +198,10 @@ export abstract class Config implements IConfig {
 
         Config.TENANT_JOURNAL_ON_DATA_PARTITION = model.TENANT_JOURNAL_ON_DATA_PARTITION || false;
 
+        Config.SSL_ENABLED = model.SSL_ENABLED || false;
+        Config.SSL_KEY_PATH = model.SSL_KEY_PATH;
+        Config.SSL_CERT_PATH = model.SSL_CERT_PATH;
+
         Config.checkRequiredConfig(Config.CLOUDPROVIDER, 'CLOUDPROVIDER');
         Config.checkRequiredConfig(Config.SERVICE_ENV, 'SERVICE_ENV');
         Config.checkRequiredConfig(Config.IMP_SERVICE_ACCOUNT_SIGNER, 'IMP_SERVICE_ACCOUNT_SIGNER');

src/cloud/dataecosystem.ts

@@ -45,7 +45,7 @@ export interface IDataEcosystemCore {
 
 export abstract class AbstractDataEcosystemCore implements IDataEcosystemCore {
     public abstract getDataPartitionIDRestHeaderName(): string;
-    public abstract async getAuthorizationHeader(userToken: string): Promise<string>;
+    public abstract getAuthorizationHeader(userToken: string): Promise<string>;
     public abstract getEntitlementBaseUrlPath(): string;
     public abstract getComplianceBaseUrlPath(): string;
     public abstract getStorageBaseUrlPath(): string;

src/cloud/journal.ts

@@ -57,27 +57,27 @@ export interface IJournalTransaction {
 
 export abstract class AbstractJournal implements IJournal {
     public abstract KEY: symbol;
-    public abstract async get(key: any): Promise<[any | any[]]>;
-    public abstract async save(entity: any): Promise<void>;
-    public abstract async delete(key: any): Promise<void>;
+    public abstract get(key: any): Promise<[any | any[]]>;
+    public abstract save(entity: any): Promise<void>;
+    public abstract delete(key: any): Promise<void>;
     public abstract createQuery(namespace: string, kind: string): IJournalQueryModel;
-    public abstract async runQuery(query: IJournalQueryModel): Promise<[any[], {endCursor?: string}]>;
+    public abstract runQuery(query: IJournalQueryModel): Promise<[any[], {endCursor?: string}]>;
     public abstract createKey(specs: any): object;
     public abstract getTransaction(): IJournalTransaction;
-    public abstract  getQueryFilterSymbolContains(): string;
+    public abstract getQueryFilterSymbolContains(): string;
 }
 
 export abstract class AbstractJournalTransaction implements IJournalTransaction {
     public abstract KEY: symbol;
-    public abstract async get(key: any): Promise<[any | any[]]>;;
-    public abstract async save(entity: any): Promise<void>;
-    public abstract async delete(key: any): Promise<void>;
+    public abstract get(key: any): Promise<[any | any[]]>;;
+    public abstract save(entity: any): Promise<void>;
+    public abstract delete(key: any): Promise<void>;
     public abstract createQuery(namespace: string, kind: string): IJournalQueryModel;
-    public abstract async runQuery(query: IJournalQueryModel): Promise<[any[], {endCursor?: string}]>;
-    public abstract async run(): Promise<void>;
-    public abstract async rollback(): Promise<void>;
-    public abstract async commit(): Promise<void>;
-    public abstract  getQueryFilterSymbolContains(): string;
+    public abstract runQuery(query: IJournalQueryModel): Promise<[any[], {endCursor?: string}]>;
+    public abstract run(): Promise<void>;
+    public abstract rollback(): Promise<void>;
+    public abstract commit(): Promise<void>;
+    public abstract getQueryFilterSymbolContains(): string;
 }
 
 export class JournalFactory extends CloudFactory {

src/cloud/providers/aws/build-aws/build-info.py

+# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import boto3
+import json
+import os
+import argparse
+
+# Create the build-info.json
+parser = argparse.ArgumentParser(description="")
+
+# env - CODEBUILD_SOURCE_VERSION
+parser.add_argument("--branch", type=str, help="")
+
+# env - CODEBUILD_RESOLVED_SOURCE_VERSION
+parser.add_argument("--commit", type=str,  help="")
+
+# env - CODEBUILD_BUILD_ID
+parser.add_argument("--buildid", type=str,  help="")
+
+# env - CODEBUILD_BUILD_NUMBER
+parser.add_argument("--buildnumber", type=str,  help="")
+
+# Get from directory name
+parser.add_argument("--reponame", type=str,  help="")
+
+# env OUTPUT_DIR
+parser.add_argument("--outdir", type=str,  help="")
+
+# full ecr image and tag, and any other artifacts
+parser.add_argument("--artifact", type=str, action="append", help="")
+
+
+
+args = parser.parse_args()
+
+branch = args.branch
+commitId = args.commit
+buildId = args.buildid
+buildNumber = args.buildnumber
+repoName = args.reponame
+outputDir = args.outdir
+artifacts = args.artifact
+
+buildInfoFilePath = os.path.join(".", outputDir, "build-info.json")
+
+print(buildInfoFilePath)
+
+commitArgs = {
+    "repositoryName": repoName,
+    "commitId": commitId
+}
+
+commitDetail = {
+    "commit": ""
+}
+
+# get the commit detail
+try:
+    codecommit = boto3.client("codecommit")
+    commitDetail = codecommit.get_commit(**commitArgs)
+except Exception as e:
+    print("Getting commit information from codecommit failed")
+
+buildInfo = {
+    "branch": branch,
+    "build-id": buildId,
+    "build-number": buildNumber,
+    "repo": repoName,
+    "artifacts": artifacts,
+    "commit": commitDetail["commit"]
+}
+print(json.dumps(buildInfo, sort_keys=True, indent=4))
+
+# write the build.json file to dist
+f = open(buildInfoFilePath, "w")
+f.write(json.dumps(buildInfo, sort_keys=True, indent=4))
+f.close()

src/cloud/providers/aws/build-aws/builder.Dockerfile

+
+# ============================================================================
+# Copyright 2017-2019, Schlumberger
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============================================================================
+
+# [seistore builder image]
+
+# use ubuntu as base image
+FROM ubuntu:bionic
+
+# nodejs version
+ARG nodesecure_version=10
+
+# update package list and install required packages
+RUN apt-get update
+RUN apt-get install -y curl
+RUN apt-get install -y gnupg
+RUN apt-get install -y git
+
+# setup node from secure package
+RUN curl -sL https://deb.nodesource.com/setup_${nodesecure_version}.x -o tmp/nodesource_setup.sh
+RUN bash tmp/nodesource_setup.sh
+RUN rm -f tmp/nodesource_setup.sh
+
+# install nodejs and typescript globally
+RUN apt-get install -y nodejs
+RUN npm install -g typescript

src/cloud/providers/aws/build-aws/buildspec.yaml

+# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html
+
+# https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html
+version: 0.2
+
+env:
+  secrets-manager:
+    DOCKER_USERNAME: /osdu/devops/docker_credentials:username
+    DOCKER_PASSWORD: /osdu/devops/docker_credentials:password
+
+phases:
+  install:
+    commands:
+      # fix error noted here: https://github.com/yarnpkg/yarn/issues/7866
+      - curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
+      - apt-get update -y
+      - npm install
+
+  pre_build:
+    commands:
+      - echo "Logging in to Amazon ECR..."
+      - $(aws ecr get-login --no-include-email --region $AWS_REGION) # authenticate with ECR via the AWS CLI
+  build:
+    commands:
+      - export REPO_NAME=${PWD##*/}
+      - export OUTPUT_DIR="dist"
+      - export BRANCH_NAME=`echo ${CODEBUILD_SOURCE_VERSION} | awk '{gsub("refs/heads/","");gsub("\\.","-");gsub("[[:space:]]","-")}1' | sed 's/\//-/g' | awk '{print tolower($0)}'`
+      - export ECR_TAG_BUILDER=`echo build.builder.${BRANCH_NAME}.${CODEBUILD_BUILD_NUMBER}.${CODEBUILD_RESOLVED_SOURCE_VERSION} | cut -c 1-120`
+      - export ECR_TAG_PROD=`echo build.${BRANCH_NAME}.${CODEBUILD_BUILD_NUMBER}.${CODEBUILD_RESOLVED_SOURCE_VERSION} | cut -c 1-120`
+      - export ECR_IMAGE_BUILDER=${ECR_REGISTRY}:${ECR_TAG_BUILDER}
+      - export ECR_IMAGE_PROD=${ECR_REGISTRY}:${ECR_TAG_PROD}
+      - export ECR_IMAGE_BRANCH_LATEST=${ECR_REGISTRY}:${BRANCH_NAME}
+      - export INTEGRATION_TEST_OUTPUT=${OUTPUT_DIR}/testing/integration
+      - export INTEGRATION_TEST_OUTPUT_BIN=${INTEGRATION_TEST_OUTPUT}/bin
+      - mkdir -p ${OUTPUT_DIR}/bin
+      - mkdir -p ${OUTPUT_DIR}/testing && mkdir -p ${INTEGRATION_TEST_OUTPUT}  && mkdir -p ${INTEGRATION_TEST_OUTPUT}/bin
+      - echo "Placeholder" >> ${OUTPUT_DIR}/build-info.json # touched so that the output directory has some content incase the build fails so that testing reports are uploaded
+      - printenv
+      - node_modules/.bin/tslint -c tslint.json 'src/cloud/providers/aws/**/*.ts'
+      - echo "Building seismic-store-service"
+      - npm run build
+
+      - echo "Building integration testing assemblies and gathering artifacts..."
+      - ./tests/aws-test/build-aws/prepare-dist.sh
+
+      - echo "Logging into Docker Hub..."
+      - docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
+
+      - echo "Building docker image..."
+      #- docker build -f src/cloud/providers/aws/build-aws/Dockerfile -t ${ECR_IMAGE} .
+      - docker build -f src/cloud/providers/aws/build-aws/builder.Dockerfile -t ${ECR_IMAGE_BUILDER} .
+      - docker build -f src/cloud/providers/aws/build-aws/runtime.Dockerfile -t ${ECR_IMAGE_PROD} --build-arg docker_builder_image=${ECR_IMAGE_BUILDER} .
+      - docker tag  ${ECR_IMAGE_PROD} ${ECR_IMAGE_BRANCH_LATEST}
+      - echo "Pushing docker image..."
+      - docker push ${ECR_IMAGE_PROD}
+      - docker push ${ECR_IMAGE_BRANCH_LATEST}
+
+      - echo "Generate build-info.json"
+      - |
+        python src/cloud/providers/aws/build-aws/build-info.py --branch ${CODEBUILD_SOURCE_VERSION} --commit ${CODEBUILD_RESOLVED_SOURCE_VERSION} \
+          --buildid ${CODEBUILD_BUILD_ID} --buildnumber ${CODEBUILD_BUILD_NUMBER} --reponame ${REPO_NAME} --outdir ${OUTPUT_DIR} \
+          --artifact ${ECR_IMAGE_PROD}
+artifacts:
+  files:
+    - "**/*"
+  base-directory: "dist"
+  name: ${REPO_NAME}_${BRANCH_NAME}_$(date +%F)_${CODEBUILD_BUILD_NUMBER}.zip

src/cloud/providers/aws/build-aws/entrypoint.sh

+
+./ssl.sh;
+
+node ./dist/server/server-start.js

src/cloud/providers/aws/build-aws/runtime.Dockerfile

+# ============================================================================
+# Copyright 2017-2019, Schlumberger
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============================================================================
+
+# [seistore runtime image]
+
+ARG docker_node_image_version=12.18.2
+ARG docker_builder_image
+
+# build the service (require builder image)
+FROM ${docker_builder_image} as runtime-builder
+
+RUN apt-get install -yqq --no-install-recommends openssl
+
+ADD ./ /service
+WORKDIR /service
+RUN npm run clean && rm -rf node_modules && rm -rf artifact && mkdir artifact
+RUN npm install
+RUN npm run build
+RUN cp -r package.json npm-shrinkwrap.json dist artifact
+
+# Create the runtime image (require base image)
+FROM node:${docker_node_image_version} as release
+
+#Default to using self signed generated TLS cert
+ENV USE_SELF_SIGNED_SSL_CERT true
+ENV SSL_CERT_PATH "/src/cloud/providers/aws/certs/cert.crt" 
+ENV SSL_KEY_PATH "/src/cloud/providers/aws/certs/cert.key"
+ENV SSL_ENABLED "true"
+
+COPY --from=runtime-builder /service/artifact /seistore-service
+WORKDIR /seistore-service
+COPY src/cloud/providers/aws/build-aws/ssl.sh /seistore-service/ssl.sh
+COPY src/cloud/providers/aws/build-aws/entrypoint.sh /seistore-service/entrypoint.sh
+RUN npm install --production
+ENTRYPOINT ["/bin/sh", "-c", "/seistore-service/entrypoint.sh"]
\ No newline at end of file

src/cloud/providers/aws/build-aws/ssl.sh

+#!/usr/bin/env bash
+
+#Future: Support for using Amazon Cert Manager
+# if [ "$1" == "webserver" ] && [ -n $ACM_CERTIFICATE_ARN ];
+# then
+
+#   if [ -z $SSL_CERT_PATH ] || [ -z $SSL_KEY_PATH ];
+#   then
+#     echo "SSL_CERT_PATH and SSL_KEY_PATH must be set as environment variables when using ACM_CERTIFICATE_ARN"
+#     exit 1
+#   fi
+
+#   aws acm export-certificate --certificate-arn $ACM_CERTIFICATE_ARN --passphrase $(echo -n 'aws123' | openssl base64 -e) | jq -r '"\(.PrivateKey)"' > ${SSL_KEY_PATH}.enc
+#   openssl rsa -in ${SSL_KEY_PATH}.enc -out $SSL_KEY_PATH -passin pass:aws123
+#   aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.CertificateChain)"' > $SSL_CERT_PATH
+#   aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.Certificate)"' >> $SSL_CERT_PATH
+
+# fi
+
+if [ -n $USE_SELF_SIGNED_SSL_CERT ];
+then
+    if [ -z $SSL_CERT_PATH ] || [ -z $SSL_KEY_PATH ];
+    then
+      echo "SSL_CERT_PATH and SSL_KEY_PATH must be set as environment variables when using USE_SELF_SIGNED_SSL_CERT"
+      exit 1
+    fi
+