def _create_lambdas(self): clean_pycache() for root, dirs, files in os.walk(LAMBDAS_DIR): for f in files: if f != "__init__.py": continue parent_folder = os.path.basename(os.path.dirname(root)) lambda_folder = os.path.basename(root) name = f"{parent_folder}-{lambda_folder}" lambda_config = self.lambdas_config[name] layers = [] for layer_name in lambda_config["layers"]: layers.append(self.layers[layer_name]) lambda_role = Role( self, f"{name}_role", assumed_by=ServicePrincipal(service="lambda.amazonaws.com") ) for policy in lambda_config["policies"]: lambda_role.add_to_policy(policy) lambda_role.add_managed_policy( ManagedPolicy.from_aws_managed_policy_name("service-role/AWSLambdaBasicExecutionRole")) lambda_args = { "code": Code.from_asset(root), "handler": "__init__.handle", "runtime": Runtime.PYTHON_3_8, "layers": layers, "function_name": name, "environment": lambda_config["variables"], "role": lambda_role, "timeout": Duration.seconds(lambda_config["timeout"]), "memory_size": lambda_config["memory"], } if "concurrent_executions" in lambda_config: lambda_args["reserved_concurrent_executions"] = lambda_config["concurrent_executions"] self.lambdas[name] = Function(self, name, **lambda_args) self.lambdas["sqs_handlers-post_anime"].add_event_source(SqsEventSource(self.post_anime_queue)) Rule( self, "titles_updater", schedule=Schedule.cron(hour="2", minute="10"), targets=[LambdaFunction(self.lambdas["crons-titles_updater"])] ) Rule( self, "episodes_updater", schedule=Schedule.cron(hour="4", minute="10"), targets=[LambdaFunction(self.lambdas["crons-episodes_updater"])] )
def _create_lambdas(self): for root, dirs, files in os.walk(LAMBDAS_DIR): for f in files: if f != "__init__.py": continue parent_folder = os.path.basename(os.path.dirname(root)) lambda_folder = os.path.basename(root) name = f"{parent_folder}-{lambda_folder}" lambda_config = self.lambdas_config[name] layers = [] for layer_name in lambda_config["layers"]: layers.append(self.layers[layer_name]) lambda_role = Role(self, f"{name}_role", assumed_by=ServicePrincipal( service="lambda.amazonaws.com")) for policy in lambda_config["policies"]: lambda_role.add_to_policy(policy) lambda_role.add_managed_policy( ManagedPolicy.from_aws_managed_policy_name( "service-role/AWSLambdaBasicExecutionRole")) self.lambdas[name] = Function( self, name, code=Code.from_asset(root), handler="__init__.handle", runtime=Runtime.PYTHON_3_8, layers=layers, function_name=name, environment=lambda_config["variables"], role=lambda_role, timeout=Duration.seconds(lambda_config["timeout"]), memory_size=lambda_config["memory"], ) Rule(self, "update_eps", schedule=Schedule.cron(hour="2", minute="10"), targets=[LambdaFunction(self.lambdas["cron-update_eps"])])
def create_default_infrastructure_config( self, construct_id: str) -> CfnInfrastructureConfiguration: """ Create the default infrastructure config, which defines the permissions needed by Image Builder during image creation. """ image_builder_role_name = f"DeadlineMachineImageBuilderRole{construct_id}" image_builder_role = Role( self, image_builder_role_name, assumed_by=ServicePrincipal("ec2.amazonaws.com"), role_name=image_builder_role_name) image_builder_role.add_managed_policy( ManagedPolicy.from_aws_managed_policy_name( 'EC2InstanceProfileForImageBuilder')) image_builder_role.add_managed_policy( ManagedPolicy.from_aws_managed_policy_name( 'AmazonSSMManagedInstanceCore')) image_builder_role.add_to_policy( PolicyStatement(actions=[ 's3:Get*', 's3:List*', ], resources=['arn:aws:s3:::thinkbox-installers/*'])) image_builder_profile_name = f"DeadlineMachineImageBuilderPolicy{construct_id}" image_builder_profile = CfnInstanceProfile( self, image_builder_profile_name, instance_profile_name=image_builder_profile_name, roles=[image_builder_role_name]) image_builder_profile.add_depends_on( image_builder_role.node.default_child) infrastructure_configuration = CfnInfrastructureConfiguration( self, f"InfrastructureConfig{construct_id}", name=f"DeadlineInfrastructureConfig{construct_id}", instance_profile_name=image_builder_profile_name) infrastructure_configuration.add_depends_on(image_builder_profile) return infrastructure_configuration
def attach_iam_policies_to_role(cls, role: Role): """ Attach the necessary policies to read secrets from SSM and SecretsManager :param role: :return: """ # TODO: Extract this in a managed policy secretsmanager_readonly_policy = PolicyStatement( resources=["*"], effect=Effect.ALLOW, actions=[ "secretsmanager:GetResourcePolicy", "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:ListSecretVersionIds", ] ) role.add_to_policy(secretsmanager_readonly_policy) role.add_managed_policy(ManagedPolicy.from_aws_managed_policy_name('AmazonSSMReadOnlyAccess'))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) table_name = 'items' items_graphql_api = CfnGraphQLApi(self, 'ItemsApi', name='items-api', authentication_type='API_KEY') CfnApiKey(self, 'ItemsApiKey', api_id=items_graphql_api.attr_api_id) api_schema = CfnGraphQLSchema(self, 'ItemsSchema', api_id=items_graphql_api.attr_api_id, definition=f"""\ type {table_name} {{ {table_name}Id: ID! name: String }} type Paginated{table_name} {{ items: [{table_name}!]! nextToken: String }} type Query {{ all(limit: Int, nextToken: String): Paginated{table_name}! getOne({table_name}Id: ID!): {table_name} }} type Mutation {{ save(name: String!): {table_name} delete({table_name}Id: ID!): {table_name} }} type Schema {{ query: Query mutation: Mutation }}""") items_table = Table( self, 'ItemsTable', table_name=table_name, partition_key=Attribute(name=f'{table_name}Id', type=AttributeType.STRING), billing_mode=BillingMode.PAY_PER_REQUEST, stream=StreamViewType.NEW_IMAGE, # The default removal policy is RETAIN, which means that cdk # destroy will not attempt to delete the new table, and it will # remain in your account until manually deleted. By setting the # policy to DESTROY, cdk destroy will delete the table (even if it # has data in it) removal_policy=core.RemovalPolicy. DESTROY # NOT recommended for production code ) items_table_role = Role( self, 'ItemsDynamoDBRole', assumed_by=ServicePrincipal('appsync.amazonaws.com')) items_table_role.add_managed_policy( ManagedPolicy.from_aws_managed_policy_name( 'AmazonDynamoDBFullAccess')) data_source = CfnDataSource( self, 'ItemsDataSource', api_id=items_graphql_api.attr_api_id, name='ItemsDynamoDataSource', type='AMAZON_DYNAMODB', dynamo_db_config=CfnDataSource.DynamoDBConfigProperty( table_name=items_table.table_name, aws_region=self.region), service_role_arn=items_table_role.role_arn) get_one_resolver = CfnResolver( self, 'GetOneQueryResolver', api_id=items_graphql_api.attr_api_id, type_name='Query', field_name='getOne', data_source_name=data_source.name, request_mapping_template=f"""\ {{ "version": "2017-02-28", "operation": "GetItem", "key": {{ "{table_name}Id": $util.dynamodb.toDynamoDBJson($ctx.args.{table_name}Id) }} }}""", response_mapping_template="$util.toJson($ctx.result)") get_one_resolver.add_depends_on(api_schema) get_all_resolver = CfnResolver( self, 'GetAllQueryResolver', api_id=items_graphql_api.attr_api_id, type_name='Query', field_name='all', data_source_name=data_source.name, request_mapping_template=f"""\ {{ "version": "2017-02-28", "operation": "Scan", "limit": $util.defaultIfNull($ctx.args.limit, 20), "nextToken": $util.toJson($util.defaultIfNullOrEmpty($ctx.args.nextToken, null)) }}""", response_mapping_template="$util.toJson($ctx.result)") get_all_resolver.add_depends_on(api_schema) save_resolver = CfnResolver( self, 'SaveMutationResolver', api_id=items_graphql_api.attr_api_id, type_name='Mutation', field_name='save', data_source_name=data_source.name, request_mapping_template=f"""\ {{ "version": "2017-02-28", "operation": "PutItem", "key": {{ "{table_name}Id": {{ "S": "$util.autoId()" }} }}, "attributeValues": {{ "name": $util.dynamodb.toDynamoDBJson($ctx.args.name) }} }}""", response_mapping_template="$util.toJson($ctx.result)") save_resolver.add_depends_on(api_schema) delete_resolver = CfnResolver( self, 'DeleteMutationResolver', api_id=items_graphql_api.attr_api_id, type_name='Mutation', field_name='delete', data_source_name=data_source.name, request_mapping_template=f"""\ {{ "version": "2017-02-28", "operation": "DeleteItem", "key": {{ "{table_name}Id": $util.dynamodb.toDynamoDBJson($ctx.args.{table_name}Id) }} }}""", response_mapping_template="$util.toJson($ctx.result)") delete_resolver.add_depends_on(api_schema)
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) # The code that defines your stack goes here table_name = "trainers" trainers_graphql_api = CfnGraphQLApi( self,'trainersApi', name="trainers-api", authentication_type='API_KEY' ) CfnApiKey( self,'TrainersApiKey', api_id = trainers_graphql_api.attr_api_id ) api_schema = CfnGraphQLSchema( self,"TrainersSchema", api_id = trainers_graphql_api.attr_api_id, definition=data_schema ) trainers_table = Table( self, 'TrainersTable', table_name=table_name, partition_key=Attribute( name='id', type=AttributeType.STRING, ), billing_mode=BillingMode.PAY_PER_REQUEST, stream=StreamViewType.NEW_IMAGE, # The default removal policy is RETAIN, which means that cdk # destroy will not attempt to delete the new table, and it will # remain in your account until manually deleted. By setting the # policy to DESTROY, cdk destroy will delete the table (even if it # has data in it) removal_policy=core.RemovalPolicy.DESTROY # NOT recommended for production code ) trainers_table_role = Role( self, 'TrainersDynamoDBRole', assumed_by=ServicePrincipal('appsync.amazonaws.com') ) trainers_table_role.add_managed_policy( ManagedPolicy.from_aws_managed_policy_name( 'AmazonDynamoDBFullAccess' ) ) data_source = CfnDataSource( self, 'TrainersDataSource', api_id=trainers_graphql_api.attr_api_id, name='TrainersDynamoDataSource', type='AMAZON_DYNAMODB', dynamo_db_config=CfnDataSource.DynamoDBConfigProperty( table_name=trainers_table.table_name, aws_region=self.region ), service_role_arn=trainers_table_role.role_arn ) get_Trainer_resolver = CfnResolver( self, 'GetOneQueryResolver', api_id=trainers_graphql_api.attr_api_id, type_name='Query', field_name='getTrainer', data_source_name=data_source.name, request_mapping_template=get_trainer, response_mapping_template="$util.toJson($ctx.result)" ) get_Trainer_resolver.add_depends_on(api_schema) get_all_trainers_resolver = CfnResolver( self, 'GetAllQueryResolver', api_id=trainers_graphql_api.attr_api_id, type_name='Query', field_name='allTrainers', data_source_name=data_source.name, request_mapping_template=all_trainers, response_mapping_template="$util.toJson($ctx.result)" ) get_all_trainers_resolver.add_depends_on(api_schema) create_trainers_resolver = CfnResolver( self, 'CreateTrainerMutationResolver', api_id=trainers_graphql_api.attr_api_id, type_name='Mutation', field_name='createTrainer', data_source_name=data_source.name, request_mapping_template=create_trainer, response_mapping_template="$util.toJson($ctx.result)" ) create_trainers_resolver.add_depends_on(api_schema) update_trainers_resolver = CfnResolver( self,'UpdateMutationResolver', api_id=trainers_graphql_api.attr_api_id, type_name="Mutation", field_name="updateTrainers", data_source_name=data_source.name, request_mapping_template=update_trainer, response_mapping_template="$util.toJson($ctx.result)" ) update_trainers_resolver.add_depends_on(api_schema) delete_trainer_resolver = CfnResolver( self, 'DeleteMutationResolver', api_id=trainers_graphql_api.attr_api_id, type_name='Mutation', field_name='deleteTrainer', data_source_name=data_source.name, request_mapping_template=delete_trainer, response_mapping_template="$util.toJson($ctx.result)" ) #core delete_trainer_resolver.add_depends_on(api_schema)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) graphql_api = CfnGraphQLApi(self, 'WeatherApi', name='weather-api', authentication_type='API_KEY') CfnApiKey(self, 'WeatherApiKey', api_id=graphql_api.attr_api_id) api_schema = CfnGraphQLSchema(self, 'WeatherSchema', api_id=graphql_api.attr_api_id, definition=""" type Destination { id: ID! description: String! state: String! city: String! zip: String! conditions: Weather! } type Mutation { addDestination( id: ID, description: String!, state: String!, city: String!, zip: String! ): Destination! } type Query { getWeather(city: String!): Weather # Get a single value of type 'Post' by primary key. getDestination(id: ID!, zip: String): Destination getAllDestinations: [Destination] getDestinationsByState(state: String!): [Destination] } type Subscription { newDestination: Destination @aws_subscribe(mutations: ["addDestination"]) } type Weather { description: String current: String maxTemp: String minTemp: String } schema { query: Query mutation: Mutation subscription: Subscription } """) table_name = 'destinations' table = Table(self, 'DestinationsTable', table_name=table_name, partition_key=Attribute( name="id", type=AttributeType.STRING, ), billing_mode=BillingMode.PAY_PER_REQUEST, stream=StreamViewType.NEW_IMAGE) table_role = Role(self, 'DestinationsDynamoDBRole', assumed_by=ServicePrincipal('appsync.amazonaws.com')) table_role.add_managed_policy( ManagedPolicy.from_aws_managed_policy_name( 'AmazonDynamoDBFullAccess')) data_source = CfnDataSource( self, 'DestinationsDataSource', api_id=graphql_api.attr_api_id, name='DestinationsDynamoDataSource', type='AMAZON_DYNAMODB', dynamo_db_config=CfnDataSource.DynamoDBConfigProperty( table_name=table.table_name, aws_region=self.region), service_role_arn=table_role.role_arn) lambdaFn = Function(self, "GetWeather", code=Code.asset(os.getcwd() + "/lambdas/weather/"), handler="weather.get", timeout=core.Duration.seconds(900), memory_size=128, runtime=Runtime.NODEJS_10_X, environment={'APPID': os.getenv('APPID')}) lambda_role = Role( self, 'WeatherLambdaRole', assumed_by=ServicePrincipal('appsync.amazonaws.com')) lambda_role.add_managed_policy( ManagedPolicy.from_aws_managed_policy_name('AWSLambdaFullAccess')) lambda_source = CfnDataSource( self, 'WeatherDataSource', api_id=graphql_api.attr_api_id, name='WeatherCondition', type='AWS_LAMBDA', lambda_config=CfnDataSource.LambdaConfigProperty( lambda_function_arn=lambdaFn.function_arn), service_role_arn=lambda_role.role_arn) self.add_resolvers(graphql_api, api_schema, data_source=data_source, lambda_source=lambda_source)