def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Model all required resources ## IAM Roles lambda_role = _iam.Role( self, id='lab1-bdc-lambda-role', assumed_by=_iam.ServicePrincipal('lambda.amazonaws.com')) ## EventBridge eb = _eb.EventBus(self, id="lab1-bdc-eventbus", event_bus_name="lab1-bdc-eventbus") eb_pattern = _eb.EventPattern(detail_type=["message-received"], ) ## AWS Lambda Functions fnLambda_dispatch = _lambda.Function( self, "lab1-bdc-function-dispatch", code=_lambda.AssetCode("../lambda-functions/dispatch-function"), handler="app.handler", timeout=core.Duration.seconds(60), role=lambda_role, runtime=_lambda.Runtime.PYTHON_3_8) fnLambda_dispatch.add_environment("EVENT_BUS_NAME", eb.event_bus_name) fnLambda_consume = _lambda.Function( self, "lab1-bdc-function-consume", code=_lambda.AssetCode("../lambda-functions/consume-function"), handler="app.handler", role=lambda_role, timeout=core.Duration.seconds(60), runtime=_lambda.Runtime.PYTHON_3_8) cw_policy_statement = _iam.PolicyStatement(effect=_iam.Effect.ALLOW) cw_policy_statement.add_actions("logs:CreateLogGroup") cw_policy_statement.add_actions("logs:CreateLogStream") cw_policy_statement.add_actions("logs:PutLogEvents") cw_policy_statement.add_actions("logs:DescribeLogStreams") cw_policy_statement.add_resources("*") lambda_role.add_to_policy(cw_policy_statement) eb_policy_statement = _iam.PolicyStatement(effect=_iam.Effect.ALLOW) eb_policy_statement.add_actions("events:PutEvents") eb_policy_statement.add_resources(eb.event_bus_arn) lambda_role.add_to_policy(eb_policy_statement) _eb.Rule(self, id="lab1-bdc-eventRule", description="A basic rule sample", enabled=True, event_bus=eb, event_pattern=eb_pattern, rule_name="BDC-BasicDispatchConsume", targets=[_ebt.LambdaFunction(handler=fnLambda_consume)])
def __init__(self, scope: core.Construct, id: str, stack_prefix: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # IAM Roles lambda_role = _iam.Role( self, id='{}-lambda-role'.format(stack_prefix), assumed_by=_iam.ServicePrincipal('lambda.amazonaws.com')) cw_policy_statement = _iam.PolicyStatement(effect=_iam.Effect.ALLOW) cw_policy_statement.add_actions("logs:CreateLogGroup") cw_policy_statement.add_actions("logs:CreateLogStream") cw_policy_statement.add_actions("logs:PutLogEvents") cw_policy_statement.add_actions("logs:DescribeLogStreams") cw_policy_statement.add_resources("*") lambda_role.add_to_policy(cw_policy_statement) # AWS Lambda Functions fnLambda_secureAPI = _lambda.Function( self, "{}-function-secureApi".format(stack_prefix), code=_lambda.AssetCode("../lambda-functions/secure-api"), handler="app.handler", timeout=core.Duration.seconds(60), role=lambda_role, runtime=_lambda.Runtime.PYTHON_3_8) fnLambda_authorizer = _lambda.Function( self, "{}-function-tokenAuthorizer".format(stack_prefix), code=_lambda.AssetCode("../lambda-functions/token-authorizer"), handler="app.handler", timeout=core.Duration.seconds(60), role=lambda_role, runtime=_lambda.Runtime.PYTHON_3_8) api = _ag.RestApi( self, id="{}-api-gateway".format(stack_prefix), ) api_authorizer = _ag.TokenAuthorizer( self, id="{}-authorizer".format(stack_prefix), handler=fnLambda_authorizer) int_secure_api = _ag.LambdaIntegration(fnLambda_secureAPI) res_data = api.root.add_resource('api') res_data.add_method('GET', int_secure_api, authorizer=api_authorizer) core.CfnOutput(self, "{}-output-apiEndpointURL".format(stack_prefix), value=api.url, export_name="{}-apiEndpointURL".format(stack_prefix))
def _lambda_glue_crawler_task(self): root_path = Path(os.path.dirname(os.path.abspath(__file__))) lambda_handler = root_path.joinpath('lambdas', 'trigger_glue_crawler').as_posix() func = lambda_.Function( self, "TriggerGlueCrawlerLambdaHandler", handler="lambda.lambda_handler", code=lambda_.AssetCode(lambda_handler), environment={"crawlerName": f"{self.glue_crawler.name}"}, initial_policy=[ iam.PolicyStatement( actions=["glue:StartCrawler"], resources=["*"], ), ], timeout=core.Duration.seconds(30), runtime=lambda_.Runtime.PYTHON_3_7, ) # turn the lambda into a stepfunction task so we can use it in our state machine task = sfn.Task( self, "TriggerGlueCrawlerLambda", task=sfnt.InvokeFunction(func), ) return task
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) lambdaFn = lambda_.Function( self, "Singleton", code=lambda_.AssetCode(path="./lambda"), handler="handler.main", timeout=core.Duration.seconds(300), runtime=lambda_.Runtime.PYTHON_3_7, environment={"PYTHONPATH": "/var/task/packages:/var/runtime"}, ) # Run every 1 hour # See https://docs.aws.amazon.com/lambda/latest/dg/tutorial-scheduled-events-schedule-expressions.html rule = events.Rule( self, "Rule", schedule=events.Schedule.cron(minute='0', hour='0/1', month='*', week_day='*', year='*'), ) rule.add_target(targets.LambdaFunction(lambdaFn))
def __init__(self, scope: core.Construct, id: str, props: CustomResourceProps, **kwargs) -> None: super().__init__(scope, id) name = props.name lambda_directory = props.lambda_directory handler = props.handler timeout = props.timeout runtime = props.runtime environment = props.environment resource_properties = props.resource_properties lambda_uuid = str(uuid.uuid5(uuid.NAMESPACE_DNS, name + handler)) resource = cfn.CustomResource( self, "Resource", provider=cfn.CustomResourceProvider.lambda_( lambda_.SingletonFunction( self, "Singleton", environment=environment, function_name=name, uuid=lambda_uuid, code=lambda_.AssetCode(lambda_directory), handler=handler, timeout=core.Duration.seconds(timeout), runtime=runtime, )), properties=resource_properties, ) self.resource = resource self.response = resource.get_att("Response").to_string()
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # lambda_layer layer = aws_lambda.LayerVersion( self, "LambdaLayerLayer", compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_8], code=aws_lambda.AssetCode("layers/lambda_layer"), ) # lambda common_lambda_params = dict( runtime=aws_lambda.Runtime.PYTHON_3_8, handler="lambda_function.lambda_handler", timeout=core.Duration.seconds(10), memory_size=128, ) lambda_ = aws_lambda.Function( self, "LambdaLayerLambda", code=aws_lambda.Code.asset("lambdas/lambda_layer"), layers=[layer], **common_lambda_params, )
def __init__(self, scope: core.Construct, id: str, kafkaClientFirewall: ec2.ISecurityGroup, vpc: ec2.IVpc, kafkaCloudMap: cloudmap.Service, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Kafka data producer lambdaFn = lambda_.Function( self, "KafkaProducer", code=lambda_.AssetCode('fargate_workshop_cdk/function.zip'), handler="kafka-producer.main", timeout=core.Duration.seconds(300), runtime=lambda_.Runtime.PYTHON_3_7, description='Simple Kafka producer for Fargate workshop', environment={ 'NAMESPACE': kafkaCloudMap.namespace.namespace_name, 'SERVICE': kafkaCloudMap.service_name, 'TOPIC_NAME': 'MyTopic' }, memory_size=512, security_group=kafkaClientFirewall, vpc=vpc) lambdaFn.add_to_role_policy(statement=iam.PolicyStatement( resources=['*'], actions=['servicediscovery:DiscoverInstances'])) lambdaFn.add_to_role_policy(statement=iam.PolicyStatement( resources=['*'], actions=['kafka:GetBootstrapBrokers'])) # Run every 5 minutes # See https://docs.aws.amazon.com/lambda/latest/dg/tutorial-scheduled-events-schedule-expressions.html rule = events.Rule( self, "Rule", schedule=events.Schedule.rate(duration=core.Duration.minutes(5), ), ) rule.add_target(targets.LambdaFunction(lambdaFn))
def create_lambda_build_image(self) -> Resource: """Greengrassのコンポーネント用に推論アプリのdockerイメージをビルドするcodebuildを実行するLambda Returns: Resource: lambda """ lambdaFn_name = self.get_lambda_name("build_image") role_name = self.get_role_name("build_image") lambda_role = aws_iam.Role( self, id=role_name, assumed_by=aws_iam.ServicePrincipal("lambda.amazonaws.com"), role_name=role_name, path="/service-role/", managed_policies=[ aws_iam.ManagedPolicy.from_aws_managed_policy_name( "service-role/AWSLambdaBasicExecutionRole"), aws_iam.ManagedPolicy.from_aws_managed_policy_name( "AWSCodeBuildDeveloperAccess") ]) lambda_role.attach_inline_policy( aws_iam.Policy( self, "AllowDynamoDBAccess", document=aws_iam.PolicyDocument(statements=[ aws_iam.PolicyStatement(actions=[ "dynamodb:PutItem", "dynamodb:GetItem", "dynamodb:UpdateItem" ], resources=[self._table.table_arn]) ]))) lambdaFn_path = self.get_lambda_path("build_image") lambdaFn = aws_lambda.Function( self, id=lambdaFn_name, function_name=lambdaFn_name, code=aws_lambda.AssetCode(path=lambdaFn_path), handler="lambda_handler.handler", timeout=Duration.seconds(10), runtime=aws_lambda.Runtime.PYTHON_3_9, description="コンポーネント用のイメージを作成", role=lambda_role, environment={ "TABLE_NAME": self._table.table_name, "CODEBUILD_PROJECT_NAME": self._docker_image_buildproject.project_name, "COMPONENT_IMAGE_REPOSITORY": self._component_ecr.repository_name, "COMPONENT_APP_SOURCE_REPOSITORY": self._component_source_repository.repository_clone_url_grc, "COMPONENT_BASE_IMAGE_REPOSITORY": self._component_base_ecr.repository_uri }) self._table.grant_read_write_data(lambdaFn) return lambdaFn
def create_lambda_function(self, boto3_lambda_layer, source_path, identifier, is_inline, environment={}): lambda_function = None lambda_code = None lambda_handler = None if is_inline: with open(f"{source_path}/app.py", encoding="utf8") as fp: handler_code = fp.read() lambda_code = aws_lambda.InlineCode(handler_code) lambda_handler = "index.handler" else: lambda_code = aws_lambda.AssetCode(source_path) lambda_handler = "app.handler" lambda_function = aws_lambda.Function( self, identifier, runtime=aws_lambda.Runtime.PYTHON_3_8, handler=lambda_handler, code=lambda_code, environment=environment, ) if boto3_lambda_layer: lambda_function.add_layers(boto3_lambda_layer) return lambda_function
def __init__(self, scope: core.Construct, id: str, idp_name: str, idp_url: str, *, cfn_lambda: str = None, cfn_resources_path: str = None, debug=False): """Create an IAM SAML Identity Provider Args: scope (core.Construct): [description] id (str): [description] idp_name (str): IAM Idp name idp_url (str): Your SAML Identity provider URL """ rdir = sys.prefix + '/share/aviv-cdk/iam-idp/' if not cfn_lambda: p = os.path.dirname(os.path.dirname(__file__)) cfn_lambda = p + '/lambdas/iam_idp/saml.py' lambda_attrs = dict(code=aws_lambda.InlineCode( CDKLambda._code_inline(cfn_lambda)), handler='index.handler', timeout=core.Duration.seconds(20), runtime=aws_lambda.Runtime.PYTHON_3_7) if not cfn_resources_path: cfn_resources_path = rdir + 'artifacts-cfn_resources.zip' layer_attrs = dict(description='cfn_resources layer for idp', code=aws_lambda.AssetCode(cfn_resources_path)) super().__init__(scope, id, lambda_attrs=lambda_attrs, layer_attrs=layer_attrs, remote_account_grant=False) # Add required policies for the lambda to create an IAM idp self._lambda.add_to_role_policy( iam.PolicyStatement(actions=[ 'iam:CreateSAMLProvider', 'iam:UpdateSAMLProvider', 'iam:DeleteSAMLProvider' ], effect=iam.Effect.ALLOW, resources=['*'])) self._idp = cfn.CustomResource( self, "identityProvider", resource_type='Custom::SAMLProvider', provider=cfn.CustomResourceProvider.lambda_(self._lambda), properties=dict(Name=idp_name, URL=idp_url)) self.response = self._idp.get_att("Response").to_string() # Export ssm_name = '/' + id.replace('-', '/') ssm.StringParameter(self, 'ssm', string_value=self._idp.ref, parameter_name=ssm_name) core.CfnOutput(self, 'IAMIdpSAMLArn', value=self._idp.ref)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Creates VPC vpc = ec2.Vpc(self, id) # Creates RDS Database instance = rds.DatabaseInstance( self, "RDS", database_name="covid", engine=rds.DatabaseInstanceEngine.mysql( version=rds.MysqlEngineVersion.VER_8_0_21 ), vpc=vpc, port=3306, instance_type=ec2.InstanceType.of( ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO, ), removal_policy=core.RemovalPolicy.DESTROY, deletion_protection=False, vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC), ) # Add inbound rule to RDS SG instance.connections.allow_from_any_ipv4(ec2.Port.tcp(3306), "Open to the world") # Defines Lambda layers python_etl_layer = _lambda.LayerVersion( self, "python-etl", code=_lambda.AssetCode('C:\Code\ACG Challenge – AWS ETL\python.zip')) # Defines an AWS Lambda resource my_lambda = _lambda.Function( self, 'etlhandler', runtime=_lambda.Runtime.PYTHON_3_7, code=_lambda.Code.asset('lambda'), handler='etl.extract_csv1', layers=[python_etl_layer], timeout=core.Duration.seconds(30), memory_size=(256) ) # Add Lambda Environment Variables my_lambda.add_environment("RDS_INSTANCE", instance.instance_endpoint.hostname) my_lambda.add_environment("SECRET_NAME", instance.secret.secret_full_arn) # Grant permission to lambda to access RDS Secret instance.secret.grant_read(my_lambda) # Create a Cloudwatch Event rule four_hour_rule = aws_events.Rule( self, "four_hour_rule", schedule=aws_events.Schedule.rate(core.Duration.minutes(240)), ) # Add target to Cloudwatch Event four_hour_rule.add_target(aws_events_targets.LambdaFunction(my_lambda))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) requests_layer = _lambda.LayerVersion( self, "requests", code=_lambda.AssetCode('layers/requests.zip')) pytube_layer = _lambda.LayerVersion( self, "pytube", code=_lambda.AssetCode('layers/pytube.zip')) base_lambda = _lambda.Function( self, APP_NAME, handler='main.handler', runtime=_lambda.Runtime.PYTHON_3_8, code=_lambda.Code.asset('src'), timeout=core.Duration.seconds(30), layers=[requests_layer, pytube_layer], ) base_api = _apigw.RestApi(self, 'ApiGatewayWithCors', rest_api_name=APP_NAME) route_transcribe = base_api.root.add_resource('transcribe') route_transcribe_lambda_integration = _apigw.LambdaIntegration( base_lambda, proxy=True, integration_responses=[{ 'statusCode': '200', 'responseParameters': { 'method.response.header.Access-Control-Allow-Origin': "'*'", } }]) route_transcribe.add_method( 'GET', route_transcribe_lambda_integration, method_responses=[{ 'statusCode': '200', 'responseParameters': { 'method.response.header.Access-Control-Allow-Origin': True, } }]) self.add_cors_options(route_transcribe)
def __init__(self, app: core.App, id: str, **kwargs) -> None: super().__init__(app, id, **kwargs) jsonloggingLayer = aws_lambda.LayerVersion(self, 'jsonloggingLayer', code=aws_lambda.AssetCode('layers/json_logging'), compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7], layer_version_name="clean-lambda-versions-json_logging") pytzLayer = aws_lambda.LayerVersion(self, 'pytzLayer', code=aws_lambda.AssetCode('layers/pytz'), compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7], layer_version_name="clean-lambda-versions-ptyz") lambdaFn = aws_lambda.Function( self, "Singleton", code=aws_lambda.AssetCode('./src'), handler="handler.clean_lambda_versions", function_name="clean-lambda-versions", layers=[jsonloggingLayer, pytzLayer], log_retention=aws_logs.RetentionDays.ONE_YEAR, timeout=core.Duration.seconds(300), runtime=aws_lambda.Runtime.PYTHON_3_7, ) lambdaFn.add_to_role_policy( aws_iam.PolicyStatement( actions=['lambda:ListFunctions', 'lambda:ListVersionsByFunction', 'lambda:DeleteFunction'], resources=['*'], ) ) # Run every monday at 08:01 AM UTC rule = aws_events.Rule( self, "Rule", schedule=aws_events.Schedule.cron( minute='01', hour='08', month='*', week_day='MON', year='*'), ) rule.add_target(aws_events_targets.LambdaFunction(lambdaFn))
def _create_lambda(self): role = iam.Role( self, "LambdaPrepareDbRole", assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"), description="Role for Lambda preparing RDS", role_name=f"{self.name_prefix}-lambda-prepare-db-role", managed_policies=[ #iam.ManagedPolicy.from_aws_managed_policy_name("AWSLambdaBasicExecutionRole"), iam.ManagedPolicy.from_aws_managed_policy_name( "service-role/AWSLambdaVPCAccessExecutionRole"), iam.ManagedPolicy.from_aws_managed_policy_name( "SecretsManagerReadWrite"), ], ) lambda_function_id = f"{self.name_prefix}-prepare_db_function" lambda_function_path = str(pathlib.Path( __file__).resolve().parent) + "/lambdafn/prepare_db_function/" lambda_layer_path = str(pathlib.Path( __file__).resolve().parent) + "/lambdafn/lambda_layer/" layer = aws_lambda.LayerVersion( self, 'Layer', code=aws_lambda.AssetCode(lambda_layer_path)) lambda_fn = aws_lambda.Function( scope=self, id=lambda_function_id, function_name=lambda_function_id, code=aws_lambda.AssetCode(path=lambda_function_path), handler="lambda_handler.lambda_handler", layers=[layer], timeout=Duration.seconds(300), runtime=aws_lambda.Runtime.PYTHON_3_7, role=role, description="write some description for this lambda", security_groups=[self.security_group], vpc=self.vpc, vpc_subnets=self.subnet_selection) lambda_fn.add_environment('SECRETS_NAME', self.rds.secret.secret_arn) lambda_fn.add_environment('REGION_NAME', self.region)
def __init__(self, scope: core.Stack, id: str, **kwargs): super().__init__(scope, id, **kwargs) self.repo_url = 'https://api.github.com/repos/aws/aws-cdk/releases' self.dynamo_table = aws_dynamodb.Table( self, "DynamoTable", table_name=self.stack_name, billing_mode=aws_dynamodb.BillingMode.PAY_PER_REQUEST, partition_key=aws_dynamodb.Attribute( name="latest_version", type=aws_dynamodb.AttributeType.STRING)) self.lambda_function = aws_lambda.Function( self, "GitHubReleaseMonitor", code=aws_lambda.AssetCode('github-release-monitor.zip'), handler="lambda_function.lambda_handler", runtime=aws_lambda.Runtime.PYTHON_3_7, description= "Lambda function that monitors aws-cdk repo for releases and triggers codepipeline when new release is available.", environment={ "STACK_NAME": self.stack_name, "DYNAMO_TABLE": self.stack_name, "REPO_URL": self.repo_url, "CODEBUILD_PROJECT": 'aws-cdk-docker' }, log_retention=aws_logs.RetentionDays.ONE_WEEK, timeout=core.Duration.seconds(10)) self.cron_event = aws_events.Rule( self, "CWEventRuleCron", description= "Triggers cron every 1 hour to check for new releases to cdk repo", schedule=aws_events.Schedule.cron(minute="0/60"), targets=[aws_events_targets.LambdaFunction(self.lambda_function)]) self.dynamo_table.grant_read_write_data(self.lambda_function) self.codebuild_project = aws_codebuild.Project.from_project_name( self, "CodeBuildProject", 'aws-cdk-docker') self.lambda_codebuild_iam_policy = aws_iam.PolicyStatement( actions=['codebuild:StartBuild'], resources=[self.codebuild_project.project_arn]) self.lambda_function.add_to_role_policy( self.lambda_codebuild_iam_policy) self.ssm_param = aws_ssm.StringParameter.from_secure_string_parameter_attributes( self, "SSMParam", parameter_name='/prod/dockerhub-password', version=1) self.ssm_param.grant_read(self.codebuild_project)
def get_lambda(self, lambda_params): lambda_function = lambda_.Function( self, self.lambda_name, handler=lambda_params['handler'], role=lambda_params['lambda_role'], memory_size=lambda_params['memory_size'], runtime=lambda_params['runtime'], timeout=core.Duration.seconds(lambda_params['timeout']), code=lambda_.AssetCode(lambda_params['path'])) self.add_tags(self.lambda_name, lambda_function, lambda_params['tags']) return lambda_function
def __init__(self, scope: cdk.Stack, id: str, sla_monitor_dynamo_table, git_hash, stream_zip='stream-monitor.zip', **kwargs): super().__init__(scope, id, **kwargs) self.sla_monitor_dynamo_table = sla_monitor_dynamo_table self.stream_zip = git_hash + "-" + stream_zip self.sla_stream_monitor_lambda_function = aws_lambda.Function( self, "StreamMonitorLambdaFunction", function_name=self.stack_name, code=aws_lambda.AssetCode(self.stream_zip), handler="stream_processor.lambda_handler", runtime=aws_lambda.Runtime.PYTHON37, #layers=[self.dynamodb_lambda_layer], description= "Monitors DynamoDB stream from SLA Monitor and updates a DynamoDB Table with any changes", environment={ "STACK_NAME": self.stack_name, "DYNAMO_TABLE_NAME": self.stack_name }, memory_size=128, timeout=90, ) self.sla_stream_monitor_dynamo_table = aws_dynamodb.Table( self, "DynamoTable{}".format("SLAStreamMonitor"), table_name=self.stack_name, billing_mode=aws_dynamodb.BillingMode.PayPerRequest, partition_key={ "name": "service_name", "type": aws_dynamodb.AttributeType.String }, sort_key={ "name": "last_updated_date", "type": aws_dynamodb.AttributeType.String }, ) # Permissions to access stream_monitor dynamo table self.sla_stream_monitor_dynamo_table.grant_read_write_data( self.sla_stream_monitor_lambda_function.role) # Event source for stream monitor lambda function from sla monitor dynamodb stream self.sla_stream_monitor_lambda_function.add_event_source( aws_lambda_event_sources.DynamoEventSource( table=self.sla_monitor_dynamo_table, starting_position=aws_lambda.StartingPosition.Latest))
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) # The code that defines your stack goes here lambda_function = _lambda.Function( self, 'Valhalla-Bot', runtime=_lambda.Runtime.PYTHON_3_8, code=_lambda.AssetCode('lambda'), handler='app.handler', ) apigw.LambdaRestApi(self, 'Endpoint', handler=lambda_function)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) handler = aws_lambda.Function( self, "cdk-lambda-apigateway", runtime=aws_lambda.Runtime.PYTHON_3_7, handler="api.main", code=aws_lambda.AssetCode(path="./lambda")) api = aws_apigateway.LambdaRestApi(self, "LambdawithAPIGateway", handler=handler)
def create_lambda_check_image_status(self) -> Resource: """dockerイメージのビルド状況を確認するLambda Returns: Resource: lambda """ lambdaFn_name = self.get_lambda_name("check_image_status") role_name = self.get_role_name("check_image_status") lambda_role = aws_iam.Role( self, id=role_name, assumed_by=aws_iam.ServicePrincipal("lambda.amazonaws.com"), role_name=role_name, path="/service-role/", managed_policies=[ aws_iam.ManagedPolicy.from_aws_managed_policy_name( "service-role/AWSLambdaBasicExecutionRole") ]) lambda_role.attach_inline_policy( aws_iam.Policy( self, "AllowCodeBuildStatus", document=aws_iam.PolicyDocument(statements=[ aws_iam.PolicyStatement( actions=["codebuild:BatchGetBuilds"], resources=[ self._docker_image_buildproject.project_arn ]), aws_iam.PolicyStatement(actions=[ "dynamodb:PutItem", "dynamodb:GetItem", "dynamodb:UpdateItem" ], resources=[self._table.table_arn]) ]))) lambdaFn_path = self.get_lambda_path("check_image_status") lambdaFn = aws_lambda.Function( self, id=lambdaFn_name, function_name=lambdaFn_name, code=aws_lambda.AssetCode(path=lambdaFn_path), handler="lambda_handler.handler", timeout=Duration.seconds(10), runtime=aws_lambda.Runtime.PYTHON_3_9, description="コンポーネント用のイメージのビルド結果を確認", role=lambda_role, environment={"TABLE_NAME": self._table.table_name}) return lambdaFn
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) pystache_layer = aws_lambda.LayerVersion(self, 'pystache_layer', code = aws_lambda.AssetCode('layers/pystache_layer'), compatible_runtimes = [aws_lambda.Runtime.PYTHON_3_7]) # Dynamically generate HTML for images socialize_func = aws_lambda.Function(self, "socialize_func", code = aws_lambda.AssetCode('functions/socialize_func'), handler = "lambda.handler", layers = [pystache_layer], runtime = aws_lambda.Runtime.PYTHON_3_7) # Uses API Gateway as the endpoint socialize_api = aws_apigateway.LambdaRestApi(self, 'socialize_api', handler = socialize_func, proxy = False) # Only GETs are supported socialize_resource = socialize_api.root.add_resource('socialize') socialize_resource.add_method('GET', aws_apigateway.LambdaIntegration(socialize_func, proxy = True))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) layer = aws_lambda.LayerVersion( self, "dependencies", code=aws_lambda.AssetCode("python.zip")) aws_lambda.Function( self, "Hello World", code=aws_lambda.Code.from_asset("lambda/"), handler="main.handler", runtime=aws_lambda.Runtime.PYTHON_3_7, layers=[layer], )
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Slack Webhook Url - from ssm slack_webhook_url = aws_ssm.StringParameter.value_from_lookup( self, 'AGILE_HIYOKO_GENERAL_SLACK_WEBHOOK_URL') # Lambda lambda_function = aws_lambda.Function( self, 'agile-hiyoko-chousei', function_name='agile-hiyoko-chousei', runtime=aws_lambda.Runtime.PYTHON_3_8, handler='chousei.lambda_handler', code=aws_lambda.AssetCode(path='./lambda/artifacts/'), timeout=core.Duration.seconds(10)) lambda_function.add_environment('SLACK_WEBHOOK_URL', slack_webhook_url) # crontab settings cron = aws_events.Schedule.cron( minute='00', hour='16', day='01', month='02/04/06/08/10/12', year='*', ) if self.DEBUG: cron = aws_events.Schedule.cron( minute='*', hour='*', day='*', month='*', year='*', ) # CloudWatchEvent rule = aws_events.Rule( self, 'agile-hiyoko-chousei-rule', # MEMO: 開催月の1日、JST 07:00 schedule=cron, ) rule.add_target(aws_events_targets.LambdaFunction(lambda_function))
def __init__(self, scope, id, *args, **kwargs): super(Stack, self).__init__(scope, id, *args, **kwargs) self.function = aws_lambda.Function( self, "Function", runtime=aws_lambda.Runtime.PROVIDED, timeout=core.Duration.minutes(1), tracing=aws_lambda.Tracing.ACTIVE, code=aws_lambda.AssetCode("lambda"), handler="irr.elevant") self.apigw = aws_apigateway.LambdaRestApi(self, "Api", handler=self.function, proxy=False) self.apigw.root.add_method("GET") self.apigw.root.add_method("POST")
def create_lambda_function(self) -> core.Resource: """ Lambda Function to say hello. Ref: https://github.com/aws-samples/aws-cdk-examples/tree/master/python/lambda-cron """ lambdaFn_id = f"{self.stack_name}-{self.component_id}-" + "lambda_handler" lambdaFn_path = str(pathlib.Path( __file__).resolve().parent) + "/lambdafn/sample_function/" lambdaFn = aws_lambda.Function( scope=self, id=lambdaFn_id, function_name=lambdaFn_id, code=aws_lambda.AssetCode(path=lambdaFn_path), handler="lambda_handler.lambda_handler", timeout=core.Duration.seconds(300), runtime=aws_lambda.Runtime.PYTHON_3_7, description="write some description for this lambda", ) return lambdaFn
def __init__(self, scope: core.Construct, id: str, config: dict, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Model all required resources ## IAM Roles lambda_role = _iam.Role( self, id="{}-iam-lambda".format(id), assumed_by=_iam.ServicePrincipal('lambda.amazonaws.com')) # CloudWatch policy statement cw_policy_statement = _iam.PolicyStatement(effect=_iam.Effect.ALLOW) cw_policy_statement.add_actions("logs:CreateLogGroup") cw_policy_statement.add_actions("logs:CreateLogStream") cw_policy_statement.add_actions("logs:PutLogEvents") cw_policy_statement.add_actions("logs:DescribeLogStreams") cw_policy_statement.add_resources("*") lambda_role.add_to_policy(cw_policy_statement) ## AWS Lambda Functions fnLambda_getLogs = _lambda.Function( self, id="{}-lambda-getLogs".format(id), function_name="{}-lambda-getLogs".format(id), code=_lambda.AssetCode("../lambda-functions/get-logs"), handler="app.handler", timeout=core.Duration.seconds(60), role=lambda_role, runtime=_lambda.Runtime.PYTHON_3_8) fnLambda_getLogs.add_environment( "SLACK_INCOMING_WEBHOOK", config['DEFAULT']['SLACK_INCOMING_WEBHOOK']) core.CfnOutput(self, "{}-output-lambdaLogsArn".format(stack_prefix), value=fnLambda_getLogs.function_name, export_name="{}-lambdaLogsArn".format(stack_prefix))
def _lambda_quality_check_task(self): lambda_role = iam.Role( self, id=f"QualityLambdaRole", assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"), managed_policies=[ iam.ManagedPolicy.from_aws_managed_policy_name( "AmazonS3FullAccess"), iam.ManagedPolicy.from_aws_managed_policy_name( "AmazonAthenaFullAccess"), ], ) root_path = Path(os.path.dirname(os.path.abspath(__file__))) lambda_handler = root_path.joinpath('lambdas', 'quality_check').as_posix() func = lambda_.Function( self, "QualityCheckAthenaLambdaHandler", handler="lambda.lambda_handler", code=lambda_.AssetCode(lambda_handler), environment={"athenaDatabase": f"{self.glue_db_name}"}, role=lambda_role, timeout=core.Duration.seconds(30), runtime=lambda_.Runtime.PYTHON_3_7, ) # turn the lambda into a stepfunction task so we can use it in our state machine task = sfn.Task( self, "QualityCheckAthenaLambda", task=sfnt.InvokeFunction(func), ) return task
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) region = os.environ["CDK_DEFAULT_REGION"] account = os.environ["CDK_DEFAULT_ACCOUNT"] role = iam.Role( self, "export-sales-lambda-role", assumed_by=iam.ServicePrincipal("lambda.amazonaws.com")) role.add_to_policy( iam.PolicyStatement( resources=[ f"arn:aws:ssm:{region}:{account}:parameter/twitter-cotton" ], actions=["ssm:GetParameter", "ssm:GetParameters"])) export_sales = aws_lambda.Function( self, "export-sales", runtime=aws_lambda.Runtime.PYTHON_3_8, handler="handler.main", code=aws_lambda.AssetCode("./functions/export-sales"), timeout=core.Duration.seconds(15), log_retention=aws_logs.RetentionDays.ONE_MONTH, layers=[self.create_dependencies_layer(id, "export-sales")], role=role) # Runs at two different hours to account for daylight savings schedule = aws_events.Rule( self, "schedule", schedule=aws_events.Schedule.expression( "cron(30,33,36,40,50 12,13 ? * MON,TUE,WED,THU,FRI *)")) schedule.add_target(aws_events_targets.LambdaFunction(export_sales))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # The start of the image pipeline imageBucket = aws_s3.Bucket(self, "imageBucket") # Capture API activity with a trail imageBucketTrail = aws_cloudtrail.Trail(self, "imageBucketTrail", is_multi_region_trail=False) # Restrict to S3 data-plane events imageBucketTrail.add_s3_event_selector( include_management_events=False, prefixes=[f"{imageBucket.bucket_arn}/"], read_write_type=aws_cloudtrail.ReadWriteType.WRITE_ONLY) # Filter to just PutObject and CopyObject events imageBucketRule = aws_events.Rule( self, "imageBucketRule", event_pattern={ "source": ["aws.s3"], "detail": { "eventSource": ["s3.amazonaws.com"], "eventName": ["PutObject", "CopyObject"], "requestParameters": { "bucketName": [imageBucket.bucket_name] } } }) #-- # Lambda Layers #--------------------# opencvLayer = aws_lambda.LayerVersion( self, 'opencvLayer', code=aws_lambda.AssetCode('layers/opencvLayer'), compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_6]) boto3Layer = aws_lambda.LayerVersion( self, 'boto3Layer', code=aws_lambda.AssetCode('layers/boto3Layer'), compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_6]) #-- # Lambda Functions #--------------------# # Gather info about an image, name, extension, etc getImageInfoFunc = aws_lambda.Function( self, "getImageInfoFunc", code=aws_lambda.AssetCode('functions/getImageInfoFunc'), handler="lambda.handler", runtime=aws_lambda.Runtime.PYTHON_3_6) # The home for the website webBucket = aws_s3.Bucket(self, "webBucket", website_index_document='index.html') # Copy the image to the web bucket copyImageFunc = aws_lambda.Function( self, "copyImageFunc", code=aws_lambda.AssetCode('functions/copyImageFunc'), handler="lambda.handler", runtime=aws_lambda.Runtime.PYTHON_3_6, layers=[boto3Layer], environment={ 'OUTPUTBUCKET': webBucket.bucket_name, 'OUTPUTPREFIX': 'images/' }) # Grant permissions to read from the source and write to the desination imageBucket.grant_read(copyImageFunc) webBucket.grant_write(copyImageFunc) # Create a thumbnail of the image and place in the web bucket createThumbnailFunc = aws_lambda.Function( self, "createThumbnailFunc", code=aws_lambda.AssetCode('functions/createThumbnailFunc'), handler="lambda.handler", runtime=aws_lambda.Runtime.PYTHON_3_6, layers=[boto3Layer, opencvLayer], timeout=core.Duration.seconds(10), memory_size=256, environment={ 'OUTPUTBUCKET': webBucket.bucket_name, 'OUTPUTPREFIX': 'images/' }) # Grant permissions to read from the source and write to the desination imageBucket.grant_read(createThumbnailFunc) webBucket.grant_write(createThumbnailFunc) # Store page information pageTable = aws_dynamodb.Table( self, 'pageTable', partition_key={ 'name': 'pageName', 'type': aws_dynamodb.AttributeType.STRING }, billing_mode=aws_dynamodb.BillingMode.PAY_PER_REQUEST, stream=aws_dynamodb.StreamViewType.NEW_IMAGE) # Save page and image information updatePageInfoFunc = aws_lambda.Function( self, "updatePageInfoFunc", code=aws_lambda.AssetCode('functions/updatePageInfoFunc'), handler="lambda.handler", runtime=aws_lambda.Runtime.PYTHON_3_6, layers=[boto3Layer], environment={ 'PAGETABLE': pageTable.table_name, 'PAGEPREFIX': 'posts/' }) # Grant permissions to write to the page table pageTable.grant_write_data(updatePageInfoFunc) imagePipelineDone = aws_stepfunctions.Succeed(self, "Done processing image") updatePageInfoJob = aws_stepfunctions.Task( self, 'Update page info', task=aws_stepfunctions_tasks.InvokeFunction(updatePageInfoFunc)) updatePageInfoJob.next(imagePipelineDone) copyImageJob = aws_stepfunctions.Task( self, 'Copy image', task=aws_stepfunctions_tasks.InvokeFunction(copyImageFunc)) createThumbnailJob = aws_stepfunctions.Task( self, 'Create thumbnail', task=aws_stepfunctions_tasks.InvokeFunction(createThumbnailFunc)) # These tasks can be done in parallel processImage = aws_stepfunctions.Parallel(self, 'Process image', result_path="$.images") processImage.branch(copyImageJob) processImage.branch(createThumbnailJob) processImage.next(updatePageInfoJob) # Results of file extension check notPng = aws_stepfunctions.Succeed(self, "Not a PNG") # Verify the file extension checkForPng = aws_stepfunctions.Choice(self, 'Is a PNG?') checkForPng.when( aws_stepfunctions.Condition.string_equals('$.extension', 'png'), processImage) checkForPng.otherwise(notPng) # A single image pipeline job for testing getImageInfoJob = aws_stepfunctions.Task( self, 'Get image info', task=aws_stepfunctions_tasks.InvokeFunction(getImageInfoFunc)) getImageInfoJob.next(checkForPng) # Configure the image pipeline and starting state imagePipeline = aws_stepfunctions.StateMachine( self, "imagePipeline", definition=getImageInfoJob) # Matching events start the image pipline imageBucketRule.add_target( aws_events_targets.SfnStateMachine( imagePipeline, input=aws_events.RuleTargetInput.from_event_path( "$.detail.requestParameters")))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) lambda_role = _iam.Role( self, id='lab3-om-role', assumed_by=_iam.ServicePrincipal('lambda.amazonaws.com')) cloudwatch_policy_statement = _iam.PolicyStatement( effect=_iam.Effect.ALLOW) cloudwatch_policy_statement.add_actions("logs:CreateLogGroup") cloudwatch_policy_statement.add_actions("logs:CreateLogStream") cloudwatch_policy_statement.add_actions("logs:PutLogEvents") cloudwatch_policy_statement.add_actions("logs:DescribeLogStreams") cloudwatch_policy_statement.add_resources("*") lambda_role.add_to_policy(cloudwatch_policy_statement) fn_lambda_approve_reject = aws_lambda.Function( self, "lab3-om-approve-reject", code=aws_lambda.AssetCode( "../lambda-functions/approve-reject-application/"), handler="app.handler", tracing=aws_lambda.Tracing.ACTIVE, timeout=core.Duration.seconds(30), role=lambda_role, runtime=aws_lambda.Runtime.PYTHON_3_8) fn_lambda_verify_identity = aws_lambda.Function( self, "lab3-om-verify-identity", code=aws_lambda.AssetCode("../lambda-functions/verify-identity/"), handler="app.handler", tracing=aws_lambda.Tracing.ACTIVE, timeout=core.Duration.seconds(30), role=lambda_role, runtime=aws_lambda.Runtime.PYTHON_3_8) fn_lambda_check_address = aws_lambda.Function( self, "lab3-om-check-address", code=aws_lambda.AssetCode("../lambda-functions/check-address/"), handler="app.handler", tracing=aws_lambda.Tracing.ACTIVE, timeout=core.Duration.seconds(30), role=lambda_role, runtime=aws_lambda.Runtime.PYTHON_3_8) ''' [INFO] This is a sample how to define the task and integrate with Lambda Functions. You need to create another 2 tasks for respective Lambda functions ''' task_verify_identity = _tasks.LambdaInvoke( self, "Verify Identity Document", lambda_function=fn_lambda_verify_identity, output_path="$.Payload") task_check_address = _tasks.LambdaInvoke( self, "Check Address", lambda_function=fn_lambda_check_address, output_path="$.Payload") task_wait_review = _tasks.LambdaInvoke( self, "Wait for Review", lambda_function=fn_lambda_approve_reject, output_path="$.Payload") state_approve = _sfn.Succeed(self, "Approve Application") state_reject = _sfn.Succeed(self, "Reject Application") # Let's define the State Machine, step by step # First, paralell tasks for verification s_verification = _sfn.Parallel(self, "Verification") s_verification.branch(task_verify_identity) s_verification.branch(task_check_address) # Next, we add a choice state c_human_review = _sfn.Choice(self, "Human review required?") c_human_review.when( _sfn.Condition.and_( _sfn.Condition.boolean_equals("$[0].humanReviewRequired", False), _sfn.Condition.boolean_equals("$[1].humanReviewRequired", True)), state_approve) c_human_review.when( _sfn.Condition.or_( _sfn.Condition.boolean_equals("$[0].humanReviewRequired", True), _sfn.Condition.boolean_equals("$[1].humanReviewRequired", False)), task_wait_review) # Another choice state to check if the application passed the review c_review_approved = _sfn.Choice(self, "Review approved?") c_review_approved.when( _sfn.Condition.boolean_equals("$.reviewApproved", True), state_approve) c_review_approved.when( _sfn.Condition.boolean_equals("$.reviewApproved", False), state_reject) task_wait_review.next(c_review_approved) definition = s_verification.next(c_human_review) _sfn.StateMachine(self, "lab3-statemachine", definition=definition, timeout=core.Duration.minutes(5))