def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
self.wwwBucket = s3.Bucket(
self,
"HtmlBucket",
access_control=s3.BucketAccessControl.PUBLIC_READ,
bucket_name="music-suite-www-dev",
website_index_document="index.html",
website_error_document="404.html")
s3_deployment.BucketDeployment(
self,
"HtmlDeployment",
destination_bucket=self.wwwBucket,
sources=[s3_deployment.Source.asset("html")])
self.publicReadStatement = iam.PolicyStatement()
self.publicReadStatement.add_actions("s3:GetObject")
self.publicReadStatement.add_resources("%s/*" %
self.wwwBucket.bucket_arn)
self.publicReadStatement.add_principals(iam.AnyPrincipal())
self.wwwBucket.add_to_resource_policy(self.publicReadStatement)
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
#s3 bucket
static_bucket = aws_s3.Bucket(
self,
"StaticBucket",
versioned=True,
public_read_access=True,
website_index_document="index.html",
website_error_document="404.html",
removal_policy=core.RemovalPolicy.DESTROY
)
#import html files
add_assets = aws_s3_deployment.BucketDeployment(
self,
"AssetsDeploy",
sources=[
aws_s3_deployment.Source.asset(
"deployments/assets"
)
],
destination_bucket=static_bucket
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# create s3 bucket
bucket = s3.Bucket(self,
"cdkdemobucket",
public_read_access=True,
bucket_name="cdkdemobucket")
# upload local file to s3 bucket
deploy = s3deploy.BucketDeployment(
self,
'DeployLocal',
sources=[s3deploy.Source.asset('resources/s3')],
destination_bucket=bucket)
# create lambda function
handler = lambda_.Function(
self,
"toppage",
runtime=lambda_.Runtime.PYTHON_3_7,
code=lambda_.Code.asset("resources/webapp/artifact"),
handler="webapp.main",
environment=dict(BUCKET=bucket.bucket_name))
bucket.grant_read_write(handler)
#api gateway
api = apigateway.RestApi(self, "demo page", rest_api_name="demo page")
get_top_page = apigateway.LambdaIntegration(
handler,
request_templates={"application/json": '{ "statusCode": "200" }'})
api.root.add_method("GET", get_top_page)
def __init__(self, scope: cdk.Construct, construct_id: str,
user_pool=None,
web_bucket=None,
api_gateway=None,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
dirname = os.path.dirname(__file__)
client = cognito.UserPoolClient(self, "UserPoolClient",
user_pool=user_pool,
auth_flows={
"user_password": True
},
o_auth={
"flows": {
"implicit_code_grant": True
},
"callback_urls": ["{}/web/token.html".format(api_gateway.url)]
}
)
directory = Path("{}/target".format(dirname))
directory.mkdir(parents=True, exist_ok=True)
for child in directory.iterdir():
os.remove(str(child))
with open("{}/target/client_id.json".format(dirname), "w") as text_file:
text_file.write(json.dumps({'clientId': client.user_pool_client_id}))
src_dir = Path("{}/src".format(dirname))
for child in src_dir.iterdir():
shutil.copy(str(child), str(directory))
s3_deployment.BucketDeployment(self, "WebDeployment",
destination_bucket=web_bucket,
sources=[s3_deployment.Source.asset(str(directory))]
)
def S3_FRONTENDDEPLOY(self):
bucket = s3.Bucket(
self,
"FrontendBucket",
removal_policy=core.RemovalPolicy.DESTROY,
versioned=True,
)
distribution = cloudfront.Distribution(
self,
"FrontendDistribution",
# TODO: The domain and cert info should be env vars
domain_names=["www.seanfischer.io"],
certificate=certificates.Certificate.from_certificate_arn(
self,
"DomainCertificateEast1",
"arn:aws:acm:us-east-1:261392311630:certificate/859dc9d1-7a5f-4474-bcad-bcba1607a5ed",
),
default_root_object="index.html",
default_behavior=cloudfront.BehaviorOptions(
origin=origins.S3Origin(bucket, ),
viewer_protocol_policy=cloudfront.ViewerProtocolPolicy.
REDIRECT_TO_HTTPS,
),
)
s3deploy.BucketDeployment(
self,
"FrontendS3Deployment",
sources=[s3deploy.Source.asset("./src")],
destination_bucket=bucket,
distribution=distribution,
)
return bucket
def __init__(self, app: core.App, cfn_name: str, stack_env):
super().__init__(scope=app, id=f"{cfn_name}-{stack_env}")
s3_bucket = s3.Bucket(scope=self,
id=f"{cfn_name}-{stack_env}-bucket",
website_index_document="index.html")
# upload files in `./html` to the bucket defined above
_ = s3_deploy.BucketDeployment(
scope=self,
id=f"{cfn_name}-{stack_env}-deployments",
sources=[s3_deploy.Source.asset("./html")],
destination_bucket=s3_bucket,
destination_key_prefix=self.ORIGIN_PATH)
# set S3 as origin
s3_origin = origin.S3Origin(bucket=s3_bucket,
origin_path=self.ORIGIN_PATH)
# create CloudFront Distribution
_ = cloud_front.Distribution(
scope=self,
id=f"{cfn_name}-{stack_env}",
default_behavior=cloud_front.BehaviorOptions(
# may warning here, for type mismatched.
origin=s3_origin))
def __init__(self, scope: core.Construct, construct_id: str, public_bucket_name, api) -> None:
super().__init__(scope, construct_id)
public_bucket = aws_s3.Bucket(self,
'public_bucket',
bucket_name=public_bucket_name,
public_read_access=True,
removal_policy=core.RemovalPolicy.DESTROY,
website_index_document='index.html')
# TODO paste deployment url here, getting it from the passed api entity doesn't work
api_url = ''
static_template_file_name = 'static_upload_site/index-template.html'
with open(static_template_file_name, 'r') as f:
src = Template(f.read())
prepared_site_content = src.substitute({"api_url": api_url})
with open('static_upload_site/index.html', 'w') as f:
f.write(prepared_site_content)
# static site hosted on s3 allowing uploads
static_upload_site = aws_s3_deployment.BucketDeployment(
self,
"deployStaticWebsite",
sources=[aws_s3_deployment.Source.asset("static_upload_site")],
destination_bucket=public_bucket
)
def __init__(self, scope: core.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
bucket_name = 'devassoc-storage'
bucket = s3.Bucket(self,
'bucket',
bucket_name=bucket_name,
removal_policy=core.RemovalPolicy.DESTROY,
auto_delete_objects=True)
s3deploy.BucketDeployment(
self,
'DeployFiles',
destination_bucket=bucket,
sources=[
s3deploy.Source.asset('./study_guide_exercises/polly_file')
],
storage_class=s3deploy.StorageClass.ONEZONE_IA)
core.CfnOutput(self, 'new-bucket', value=bucket.bucket_name)
encrypt_enforce_bucket_name = 'devassoc-encrypted-storage'
encrypt_enforce_bucket = s3.Bucket(
self,
'encrypt-enforced-bucket',
bucket_name=encrypt_enforce_bucket_name,
removal_policy=core.RemovalPolicy.DESTROY,
auto_delete_objects=True)
deny_incorrect_statement = {
"Sid": "DenyIncorrectEncryption",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": f"{encrypt_enforce_bucket.bucket_arn}/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
}
encrypt_enforce_bucket.add_to_resource_policy(
iam.PolicyStatement.from_json(deny_incorrect_statement))
deny_missing_statement = {
"Sid": "DenyMissingEncryption",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": f"{encrypt_enforce_bucket.bucket_arn}/*",
"Condition": {
"Null": {
"s3:x-amz-server-side-encryption": True
}
}
}
encrypt_enforce_bucket.add_to_resource_policy(
iam.PolicyStatement.from_json(deny_missing_statement))
core.CfnOutput(self,
'new-encrypt-enforce-bucket',
value=encrypt_enforce_bucket.bucket_name)
def __init__(
self,
scope: core.Construct,
id: str,
**kwargs,
) -> None:
super().__init__(scope, id, **kwargs)
# Upload application code to S3 bucket
artifact_bucket = s3.Bucket(
self,
id,
block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
encryption=s3.BucketEncryption.KMS_MANAGED,
removal_policy=core.RemovalPolicy.DESTROY,
auto_delete_objects=True,
server_access_logs_prefix="bucketAccessLog")
code_path = path.dirname(path.abspath(__file__))
s3deploy.BucketDeployment(
self,
"DeployCode",
sources=[
s3deploy.Source.asset(code_path + "/../../deployment/app_code")
],
destination_bucket=artifact_bucket,
destination_key_prefix="app_code")
self._code_bucket = artifact_bucket.bucket_name
def _deploy_glue_job_code(self, context: DataJobContext,
glue_job_name: str,
path_to_glue_job: str) -> str:
"""deploy the code of this glue job to the deployment bucket
(can be found in the glue context object)"""
glue_job_dir, glue_job_file_name = GlueJob._get_glue_job_dir_and_file_name(
path_to_glue_job=path_to_glue_job)
logger.debug(f"deploying glue job folder {glue_job_dir}")
aws_s3_deployment.BucketDeployment(
self,
f"{glue_job_name}-CodeDeploy",
sources=[
# we can either sync dirs or zip files.
# To keep it easy for now we agreed to sync the full dir.
# todo - sync only the glue job itself.
aws_s3_deployment.Source.asset(glue_job_dir)
],
destination_bucket=context.deployment_bucket,
destination_key_prefix=glue_job_name,
)
return GlueJob._create_s3_url_for_job(
context=context,
glue_job_id=glue_job_name,
glue_job_file_name=glue_job_file_name,
)
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
# The code that defines your stack goes here
bucket = _s3.Bucket(
self, '_s3-site-bucket',
website_index_document='index.html',
public_read_access=True,
removal_policy=core.RemovalPolicy.DESTROY
)
deployment = _deployment.BucketDeployment(
self, '_s3-asset',
destination_bucket=bucket,
sources=[_deployment.Source.asset('./static/')]
)
cloudfrontorigin = _cloudfront_origins.S3Origin(
bucket,
)
cloudfront = _cloudfront.Distribution(
self, 'cloudfront_dist',
default_behavior=cloudfrontorigin
)
core.CfnOutput(self, 'Cloudfront-DomainName', value=cloudfront.distribution_domain_name)
def __init__(self, scope: core.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
queue = sqs.Queue(self,
"sqsqueue",
visibility_timeout=core.Duration.seconds(300))
topic = sns.Topic(self, "snstopic")
topic.add_subscription(subs.SqsSubscription(queue))
bucket = s3.Bucket(
self,
"s3Bucket",
encryption=s3.BucketEncryption.KMS_MANAGED,
block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
removal_policy=core.RemovalPolicy.DESTROY,
)
bucket.add_event_notification(s3.EventType.OBJECT_CREATED_PUT,
s3n.SnsDestination(topic))
s3deploy.BucketDeployment(
self,
"DeployFile",
sources=[s3deploy.Source.asset("./assets")],
destination_bucket=bucket,
retain_on_delete=False,
)
def __init__(self, app: core.App, id: str, **kwargs) -> None:
"""Deploy the frontend to an S3 bucket
Sets up:
- An S3 with public access, static website hosting, and a bucket policy
that allows anonymous GetObject calls
"""
super().__init__(app, id, **kwargs)
bucket = _s3.Bucket(self,
"guestbook",
public_read_access=True,
website_index_document="index.html")
bucket_policy = _iam.PolicyStatement(
effect=_iam.Effect.ALLOW,
actions=["s3:GetObject"],
principals=[_iam.AnyPrincipal()],
resources=[bucket.bucket_arn + "/*"])
bucket.add_to_resource_policy(bucket_policy)
_s3_deploy.BucketDeployment(self,
"DeployWebsite",
sources=[_s3_deploy.Source.asset("./src")],
destination_bucket=bucket)
core.CfnOutput(self,
'BucketDomainName',
value=bucket.bucket_website_domain_name)
def __init__(self,scope: core.Construct, id: str, **kwargs,) -> None:
super().__init__(scope, id, **kwargs)
# Upload application code to S3 bucket
self._artifact_bucket=s3.Bucket(self, id,
block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
encryption=s3.BucketEncryption.KMS_MANAGED,
removal_policy=core.RemovalPolicy.RETAIN,
access_control = s3.BucketAccessControl.LOG_DELIVERY_WRITE,
versioned=True #required by codebuild
)
proj_dir=os.path.split(os.environ['VIRTUAL_ENV'])[0]
self.deploy=s3deploy.BucketDeployment(self, "DeployCode",
sources=[s3deploy.Source.asset(proj_dir+'/deployment/app_code')],
destination_bucket= self.artifact_bucket,
destination_key_prefix="app_code"
)
self.bucket_name = self.artifact_bucket.bucket_name
# # Override Cfn_Nag rule for S3 access logging
self.artifact_bucket.node.default_child.add_metadata('cfn_nag',{
"rules_to_suppress": [
{
"id": "W35",
"reason": "bucket access log stops bucket removal, disable for now"
},
{
"id": "W51",
"reason": "bucket access is controled by IAM level"
}
]
})
def __init__(self, scope: cdk.Construct, construct_id: str,
rest_api: apigw.Resource, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
asset_bucket = s3.Bucket(self,
'AssetBucket',
website_index_document='index.html',
public_read_access=True,
removal_policy=cdk.RemovalPolicy.DESTROY)
s3_deployment.BucketDeployment(
self,
'BucketDeployment',
sources=[s3_deployment.Source.asset('ui-static')],
destination_bucket=asset_bucket,
retain_on_delete=False)
cdk.CfnOutput(self,
'BucketDomain',
value=asset_bucket.bucket_website_domain_name)
s3_integration_role = iam.Role(self,
'AwsIntegrationRole',
assumed_by=iam.ServicePrincipal(
service='apigateway.amazonaws.com'))
asset_bucket.grant_read(s3_integration_role)
self.ui_resource = self._add_get_integration(rest_api, asset_bucket,
s3_integration_role)
self._add_item_integration(self.ui_resource, asset_bucket,
s3_integration_role)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# S3 bucket for website content
websiteBucket = aws_s3.Bucket(
self,
"websiteBucket",
public_read_access=True,
website_index_document="index.html",
access_control=aws_s3.BucketAccessControl.PUBLIC_READ)
# S3 bucket for uploaded image and video content. This is setup to be used to upload content which is to be viewed by the
# public. This can't be the same bucket as the website if you're using aws_s3_deployment as aws_s3_deployment clears the
# bucket out before deploying
imagesBucket = aws_s3.Bucket(
self,
"imagesBucket",
public_read_access=True,
access_control=aws_s3.BucketAccessControl.PUBLIC_READ)
# Used to enable uploading to the S3 bucket directly from client side code. Pretty unnecessary otherwise, unless you want to get
# bucket listings from client side code
imagesBucket.add_cors_rule(allowed_methods=[
aws_s3.HttpMethods.GET, aws_s3.HttpMethods.PUT,
aws_s3.HttpMethods.HEAD, aws_s3.HttpMethods.POST,
aws_s3.HttpMethods.DELETE
],
allowed_origins=["*"],
allowed_headers=["*"],
exposed_headers=["ETag"])
# CloudFront distribution. Creates a combined front for the two buckets. The second bucket must have a folder called /media
# (name can be changed) containing all the stuff you want distributed. The content will appear under /media in the
# distribution. The one pitfall with this is that subfolders of the website bucket (e.g. /admin) don't redirect to their
# index.html properly. So, if /admin contains a index.html, navigating to /admin would get a 404 but /admin/index.html works
# fine
distribution = aws_cloudfront.CloudFrontWebDistribution(
self,
"S3BucketDistribution",
origin_configs=[
aws_cloudfront.SourceConfiguration(
s3_origin_source=aws_cloudfront.S3OriginConfig(
s3_bucket_source=websiteBucket),
behaviors=[
aws_cloudfront.Behavior(is_default_behavior=True)
]),
aws_cloudfront.SourceConfiguration(
s3_origin_source=aws_cloudfront.S3OriginConfig(
s3_bucket_source=imagesBucket),
behaviors=[
aws_cloudfront.Behavior(path_pattern="/media/*")
])
])
# Code to automatically deploy the frontend code to the website bucket
deployment = aws_s3_deployment.BucketDeployment(
self,
"deployStaticWebsite",
sources=[aws_s3_deployment.Source.asset("PATH_TO_FRONTEND_CODE")],
destination_bucket=websiteBucket,
distribution=distribution)
def create_bucket_deployment(self):
assets_directory = self.gather_assets()
return s3deploy.BucketDeployment(
self,
self.config.get("stack_name") + "_deploy",
sources=[s3deploy.Source.asset(assets_directory)],
destination_bucket=self.bucket_assets,
)
def __init__(self, scope: core.Construct, _id: str, bucket_para,
**kwargs) -> None:
super().__init__(scope, _id, **kwargs)
self.ddb_file_list = ddb.Table(
self,
"s3_migrate_ddb",
partition_key=ddb.Attribute(name="Key",
type=ddb.AttributeType.STRING),
billing_mode=ddb.BillingMode.PAY_PER_REQUEST)
self.sqs_queue_DLQ = sqs.Queue(
self,
"s3_migrate_sqs_DLQ",
visibility_timeout=core.Duration.hours(1),
retention_period=core.Duration.days(14))
self.sqs_queue = sqs.Queue(self,
"s3_migrate_sqs_queue",
visibility_timeout=core.Duration.hours(1),
retention_period=core.Duration.days(14),
dead_letter_queue=sqs.DeadLetterQueue(
max_receive_count=24,
queue=self.sqs_queue_DLQ))
self.ssm_bucket_para = ssm.StringParameter(self,
"s3_migrate_bucket_para",
string_value=json.dumps(
bucket_para, indent=4))
# You need to manually setup ssm_credential_para in SSM Parameter Store before deploy CDK
# Here import ssm_credential_para, MIND THE VERSION NUMBER MUST BE EXACT THE SAME !!!
# 你需要先手工配置了一个ssm_credential_para,然后在这里导入,注意版本号一致!!!
self.ssm_credential_para = ssm.StringParameter.from_secure_string_parameter_attributes(
self,
"ssm_parameter_credentials",
parameter_name=ssm_parameter_credentials,
version=1)
# New a S3 bucket, new object in this bucket will trigger SQS jobs
# This is not for existing S3 bucket. Jobsender will scan the existing bucket and create sqs jobs.
# 这里新建一个S3 bucket,里面新建Object就会触发SQS启动搬迁工作。
# 对于现有的S3 bucket,不在这里配置,由jobsender进行扫描并生成SQS Job任务。
self.s3bucket = s3.Bucket(self, "s3_migrate_bucket")
self.s3bucket.add_event_notification(
s3.EventType.OBJECT_CREATED, s3n.SqsDestination(self.sqs_queue))
# Deploy code
self.s3_deploy = s3.Bucket(self, "s3_migrate_deploybucket")
s3d.BucketDeployment(self,
"deploy_code",
sources=[s3d.Source.asset("./code")],
destination_bucket=self.s3_deploy)
core.CfnOutput(self,
'NewS3Bucket_MigrateObjects',
value=self.s3bucket.bucket_name)
core.CfnOutput(self,
'NewS3Bucket_deploy_code',
value=self.s3_deploy.bucket_name)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
prj_name = self.node.try_get_context("project_name")
env_name = self.node.try_get_context("env")
account_id = core.Aws.ACCOUNT_ID
#To Store Frontend app
FlaskFrontendBucket = s3.Bucket(self, 'FlaskFrontendWebsite',
#access_control=s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL,
encryption=s3.BucketEncryption.S3_MANAGED,
bucket_name=account_id+'-'+env_name+'-frontend',
access_control=s3.BucketAccessControl.PUBLIC_READ,
# block_public_access=s3.BlockPublicAccess(
# block_public_acls=True,
# block_public_policy=True,
# ignore_public_acls=True,
# restrict_public_buckets=True,
# ),
removal_policy=core.RemovalPolicy.DESTROY
)
policy_statement = iam.PolicyStatement(
actions=["s3:GetObject"],
resources=[f"{FlaskFrontendBucket.bucket_arn}/*"],
)
policy_statement.add_any_principal()
static_site_policy_document = iam.PolicyDocument(
statements=[policy_statement]
)
FlaskFrontendBucket.add_to_resource_policy(policy_statement)
# The Origin Access Identity is a way to allow CloudFront
# Access to the Website Bucket
origin_access_identity = cfn.OriginAccessIdentity(
self, "OriginAccessIdentity",
comment="Allows Read-Access from CloudFront"
)
# We tell the website bucket to allow access from CloudFront
FlaskFrontendBucket.grant_read(origin_access_identity)
s3_deploy.BucketDeployment(self, "DeployFlaskFrontendWebsite",
sources=[s3_deploy.Source.asset("./static-content")],
destination_bucket=FlaskFrontendBucket,
# destination_key_prefix=""
)
core.CfnOutput(self, 'S3FlaskFrontendExport',
value = FlaskFrontendBucket.bucket_name,
export_name='FlaskFrontendBucket'
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Create an S3 Bucket):
static_site_assets_bkt = _s3.Bucket(
self,
"assetsBucket",
versioned=True,
# public_read_access=True,
# website_index_document="index.html",
# website_error_document="404.html",
removal_policy=core.RemovalPolicy.DESTROY)
# Add assets to static site bucket
add_assets_to_site = _s3_deployment.BucketDeployment(
self,
"deployStaticSiteAssets",
sources=[
_s3_deployment.Source.asset("advanced_use_cases/static_assets")
],
destination_bucket=static_site_assets_bkt)
# Create OAI for Cloudfront
static_site_oai = _cloudfront.OriginAccessIdentity(
self,
"staticSiteOai",
comment=f"OAI for static site from stack:{core.Aws.STACK_NAME}")
# Deploy Cloudfront Configuration: Connecting OAI with static asset bucket
cf_source_configuration = _cloudfront.SourceConfiguration(
s3_origin_source=_cloudfront.S3OriginConfig(
s3_bucket_source=static_site_assets_bkt,
origin_access_identity=static_site_oai),
behaviors=[
_cloudfront.Behavior(
is_default_behavior=True,
compress=True,
allowed_methods=_cloudfront.CloudFrontAllowedMethods.ALL,
cached_methods=_cloudfront.CloudFrontAllowedCachedMethods.
GET_HEAD)
])
# Create Cloudfront Distribution
static_site_distribution = _cloudfront.CloudFrontWebDistribution(
self,
"staticSiteCfDistribution",
comment="CDN for static website",
origin_configs=[cf_source_configuration],
price_class=_cloudfront.PriceClass.PRICE_CLASS_100)
# Output Cloudfront Url
output_1 = core.CfnOutput(
self,
"CloudfrontUrl",
value=f"{static_site_distribution.domain_name}",
description="The domain name of the static site")
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
bucket = s3.Bucket(self, "Bucket", website_index_document="index.html")
config = {"comment": "mythical-mysfits"}
origin = cloudfront.CfnCloudFrontOriginAccessIdentity(
self,
"BucketOrigin",
cloud_front_origin_access_identity_config=config)
identity = iam.CanonicalUserPrincipal(
canonical_user_id=origin.attr_s3_canonical_user_id)
bucket.grant_read(identity)
cloudfront_behaviour = cloudfront.Behavior(
max_ttl=core.Duration.seconds(60),
allowed_methods=cloudfront.CloudFrontAllowedMethods.
GET_HEAD_OPTIONS,
is_default_behavior=True)
cloudfront_distribution = cloudfront.CloudFrontWebDistribution(
self,
"CloudFront",
viewer_protocol_policy=cloudfront.ViewerProtocolPolicy.ALLOW_ALL,
price_class=cloudfront.PriceClass.PRICE_CLASS_ALL,
origin_configs=[
cloudfront.SourceConfiguration(
behaviors=[cloudfront_behaviour],
origin_path="/web",
s3_origin_source=cloudfront.S3OriginConfig(
s3_bucket_source=bucket,
origin_access_identity_id=origin.ref),
)
],
)
contentDir = os.path.realpath("../web/")
source = deployment.Source.asset(contentDir)
deployment.BucketDeployment(
self,
"DeployWebsite",
sources=[source],
destination_key_prefix="web/",
destination_bucket=bucket,
distribution=cloudfront_distribution,
retain_on_delete=False,
)
core.CfnOutput(
self,
"CloudFrontURL",
description="The CloudFront distribution URL",
value="http://{}".format(cloudfront_distribution.domain_name),
)
def resolve(self, scope: core.Construct) -> Dict[str, Any]:
# If the same deployment is used multiple times, retain only the first instantiation
if self._bucket_deployment is None:
# Convert BucketDeploymentProps to dict
deployment_props = vars(self._deployment_props)['_values']
self._bucket_deployment = s3_deployment.BucketDeployment(
scope, f'{self._id}_BucketDeployment'
if self._id else 'BucketDeployment', **deployment_props)
return {'S3Path': self.s3_path}
def __init__(self, scope: core.Construct, id: str, ssh_key_name: str,
**kw) -> None:
super().__init__(scope, id, **kw)
# start the web server (EC2 instance) in the default VPC
vpc = ec2.Vpc.from_lookup(self, 'default_vpc', is_default=True)
# create a security group for the web server that allows HTTP and SSH traffic
sg = ec2.SecurityGroup(self,
'we_server_security_group',
vpc=vpc,
description='Allow HTTP ans SSH access',
allow_all_outbound=True)
sg.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(22), 'SSH')
sg.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(80), 'HTTP')
sg.add_ingress_rule(ec2.Peer.any_ipv4(), ec2.Port.tcp(443), 'HTTPS')
# create a bucket with all the web app components so they can be laoded into the
# EC2 server later
app_contents_bucket = s3.Bucket(
self,
'cdk_lamp_server',
public_read_access=True,
removal_policy=core.RemovalPolicy.DESTROY)
s3_deploy.BucketDeployment(
self,
'deploy_webapp',
sources=[s3_deploy.Source.asset('./web_app_contents')],
destination_bucket=app_contents_bucket)
# create an EC2 instance to work as a web server
init_script = EC2_INIT_SCRIPT % dict(
SOURCE_BUCKET_NAME=app_contents_bucket.bucket_name)
web_server = ec2.Instance(
self,
'web_server',
instance_name='cdk_web_app',
instance_type=ec2.InstanceType('t2.micro'),
machine_image=ec2.AmazonLinuxImage(
generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2),
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
security_group=sg,
user_data=ec2.UserData.custom(init_script),
key_name=ssh_key_name)
# grant access to the EC2 instance
app_contents_bucket.grant_read(web_server)
# show the web_server public address as an output
core.CfnOutput(self,
'web-server-address',
description='Web server public address',
value=web_server.instance_public_dns_name)
def prepare_s3_assets(self):
asset_bucket = s3.Bucket(self, "AssetBucket")
s3deploy.BucketDeployment(
self,
"DeployAsset",
sources=[s3deploy.Source.asset("./locust")],
destination_bucket=asset_bucket,
)
return asset_bucket
def __init__(self, scope: core.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
#s3 bucket
static_bucket = aws_s3.Bucket(
self,
"StaticBucket",
versioned=True,
removal_policy=core.RemovalPolicy.DESTROY)
#import html files
add_assets = aws_s3_deployment.BucketDeployment(
self,
"AssetsDeploy",
sources=[aws_s3_deployment.Source.asset("deployments/assets")],
destination_bucket=static_bucket)
#add cloudfront origin access identity
cloudfront_assets = aws_cloudfront.OriginAccessIdentity(
self,
"CloudfrontAssets",
comment=f"CloudFront Assets for:{core.Aws.STACK_NAME}")
#cloudfront configuration
cloudfront_config = aws_cloudfront.SourceConfiguration(
s3_origin_source=aws_cloudfront.S3OriginConfig(
s3_bucket_source=static_bucket,
origin_access_identity=cloudfront_assets),
behaviors=[
aws_cloudfront.Behavior(
is_default_behavior=True,
compress=True,
allowed_methods=aws_cloudfront.CloudFrontAllowedMethods.
ALL,
cached_methods=aws_cloudfront.
CloudFrontAllowedCachedMethods.GET_HEAD)
])
#cloudfront distribution
cloudfront_distribution = aws_cloudfront.CloudFrontWebDistribution(
self,
"CloudfrontDistribution",
comment="CDN for static web",
origin_configs=[cloudfront_config],
price_class=aws_cloudfront.PriceClass.PRICE_CLASS_100)
#cloudfront url
cloudfront_output = core.CfnOutput(
self,
"cloudfrontURL",
value=f"{cloudfront_distribution.domain_name}",
description="Static web page url")
def __init__(self, scope: cdk.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
web_app_root = os.path.abspath('./web')
bucket = _s3.Bucket(self,
'Bucket',
website_index_document='index.html')
origin = cloudfront.OriginAccessIdentity(self,
'BucketOrigin',
comment='mythical-mysfits')
bucket.grant_read(
_iam.CanonicalUserPrincipal(
origin.cloud_front_origin_access_identity_s3_canonical_user_id)
)
cdn = cloudfront.CloudFrontWebDistribution(
self,
'CloudFront',
viewer_protocol_policy=cloudfront.ViewerProtocolPolicy.ALLOW_ALL,
price_class=cloudfront.PriceClass.PRICE_CLASS_ALL,
origin_configs=[
cloudfront.SourceConfiguration(
behaviors=[
cloudfront.Behavior(
is_default_behavior=True,
max_ttl=cdk.Duration.seconds(31536000),
allowed_methods=cloudfront.
CloudFrontAllowedMethods.GET_HEAD_OPTIONS)
],
origin_path='/web',
s3_origin_source=cloudfront.S3OriginConfig(
s3_bucket_source=bucket,
origin_access_identity=origin))
])
s3deploy.BucketDeployment(
self,
'DeployWebsite',
sources=[s3deploy.Source.asset(web_app_root)],
destination_key_prefix='web/',
destination_bucket=bucket,
distribution=cdn,
retain_on_delete=False)
cdk.CfnOutput(self,
'CloudFrontURL',
description='The CloudFront distribution URL',
value='https://' + cdn.domain_name)
def add_static_site(stack: core.Stack):
stack.static_site_bucket = Bucket(stack,
'StaticSiteBucket',
website_index_document="index.html",
website_error_document="error.html",
public_read_access=True,
removal_policy=RemovalPolicy.RETAIN)
stack.static_bucket_deploy = s3_deployment.BucketDeployment(
stack,
"StaticSiteDeploy",
sources=[s3_deployment.Source.asset("./www/static-site-content")],
destination_bucket=stack.static_site_bucket)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
static_bucket = aws_s3.Bucket(
self,
'MiscPublicFilesBucket',
removal_policy=core.RemovalPolicy.RETAIN,
)
origin = aws_cloudfront.OriginAccessIdentity(
self,
'MiscPublicFilesOrigin',
comment='CDN origin for miscellaneous public files',
)
cdn = aws_cloudfront.CloudFrontWebDistribution(
self,
'MiscPublicFilesCDN',
comment='CDN for miscellaneous public files',
origin_configs=[
aws_cloudfront.SourceConfiguration(
s3_origin_source=aws_cloudfront.S3OriginConfig(
s3_bucket_source=static_bucket,
origin_access_identity=origin,
),
behaviors=[
aws_cloudfront.Behavior(
is_default_behavior=True,
min_ttl=core.Duration.days(90),
max_ttl=core.Duration.days(360),
default_ttl=core.Duration.days(180),
compress=True,
)
],
)
],
default_root_object='index.html',
enable_ip_v6=True,
http_version=aws_cloudfront.HttpVersion.HTTP2,
price_class=aws_cloudfront.PriceClass.PRICE_CLASS_100,
viewer_protocol_policy=aws_cloudfront.ViewerProtocolPolicy.
REDIRECT_TO_HTTPS, # NOQA
)
aws_s3_deployment.BucketDeployment(
self,
'MiscPublicFilesDeployment',
sources=[aws_s3_deployment.Source.asset('public')],
destination_bucket=static_bucket,
distribution=cdn,
)
def __init__(self, scope: cdk.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
account = kwargs['env'].account
region = kwargs['env'].region
dirname = os.path.dirname(__file__)
bucket = s3.Bucket(self,
"my-test-bucket-{}-{}".format(account, region))
s3_deploy.BucketDeployment(
self,
"DeployTestFile",
sources=[s3_deploy.Source.asset("{}/content".format(dirname))],
destination_bucket=bucket)
self.bucket_name = bucket.bucket_name
def create_website_bucket(self, deployment_path: typing.Optional[str]):
r"""Creates the S3 buckets required to host the SPA website
Args:
deployment_path: The path to the contents of your deployable assets
"""
self.website_assets_bucket = s3.Bucket(self, self.__website_identifier)
if deployment_path is not None:
s3_deployment.BucketDeployment(
self,
id=f"{self.__website_identifier}-deploy",
sources=[
s3_deployment.Source.asset(deployment_path) # pylint: disable=no-value-for-parameter
],
destination_bucket=self.website_assets_bucket)
