def on_update_mediapackage_endpoint(self):
update_params = {
"ChannelId": self.id_channel,
"Id": f"endpoint-{self.id_channel}",
"Description": f"Endpoint - {self.id_channel}",
"HlsPackage": {
"SegmentDurationSeconds": 5,
"PlaylistWindowSeconds": 59,
"StreamSelection": {
"MaxVideoBitsPerSecond": 2147483647,
"MinVideoBitsPerSecond": 0,
"StreamOrder": "ORIGINAL"
}
}
}
on_update = AwsSdkCall(
action='updateOriginEndpoint',
service='MediaPackage',
api_version=None, # Uses the latest api
parameters=update_params,
# Must keep the same physical resource id, otherwise resource is deleted by CloudFormation
physical_resource_id=PhysicalResourceId.of(
"media-live-stack-endpoint"),
)
return on_update
def copy_from_assests_bucket_to_custom_bucket(self, construct_id,
asset_bucket, file_name,
s3_custom_bucket):
asset_bucket_object = s3.Bucket.from_bucket_name(
self, "AssetBucketObject", asset_bucket.s3_bucket_name)
# Custom Resource Creation to Copy from Asset Bucket to Custom Bucket
custom_resource_policy = AwsCustomResourcePolicy.from_sdk_calls(
resources=[
f"{asset_bucket_object.bucket_arn}/*",
f"{s3_custom_bucket.bucket_arn}/*"
])
custom_resource_lambda_role = _iam.Role(
scope=self,
id=f'{construct_id}-CustomResourceLambdaRole',
assumed_by=_iam.ServicePrincipal('lambda.amazonaws.com'),
managed_policies=[
_iam.ManagedPolicy.from_aws_managed_policy_name(
"service-role/AWSLambdaBasicExecutionRole"),
_iam.ManagedPolicy(
scope=self,
id=f'{construct_id}-CustomResourceLambdaPolicy',
managed_policy_name="AssetsBucketAccessPolicy",
statements=[
_iam.PolicyStatement(resources=[
f"{asset_bucket_object.bucket_arn}/*",
f"{s3_custom_bucket.bucket_arn}/*"
],
actions=[
"s3:List*", "s3:PutObject",
"s3:GetObject"
])
])
])
on_create = AwsSdkCall(action='copyObject',
service='S3',
physical_resource_id=PhysicalResourceId.of(
f'{asset_bucket.s3_bucket_name}'),
parameters={
"Bucket":
s3_custom_bucket.bucket_name,
"CopySource":
asset_bucket.s3_bucket_name + '/' +
asset_bucket.s3_object_key,
"Key":
file_name
})
custom_resource_creation = AwsCustomResource(
scope=self,
id='CustomResourceSyncWithS3',
policy=custom_resource_policy,
log_retention=logs.RetentionDays.ONE_WEEK,
on_create=on_create,
on_update=on_create,
role=custom_resource_lambda_role,
timeout=cdk.Duration.seconds(300))
return custom_resource_creation
def delete_project(self, project_name):
return AwsSdkCall(
action='deleteProject',
service='DeviceFarm',
parameters={'arn': self.project_arn},
region=
'us-west-2', # When other endpoints become available for DF, we won't have to do this.
physical_resource_id=PhysicalResourceId.from_response(
"project.arn"))
def delete_device_pool(self):
return AwsSdkCall(
action='deleteDevicePool',
service='DeviceFarm',
parameters={'arn': self.device_pool_arn},
region=
'us-west-2', # When other endpoints become available for DF, we won't have to do this.
physical_resource_id=PhysicalResourceId.from_response(
"devicePool.arn"))
def delete(self, bucket_name):
delete_params = {"Bucket": bucket_name, "Key": "helloWorld.txt"}
return AwsSdkCall(action='deleteObject',
service='S3',
parameters=delete_params,
physical_resource_id=PhysicalResourceId.of(
'myAutomationExecution'))
def add_contact_api(stack: CDKMasterStack, project_name: str, domain: str,
forwarding_email: str):
module_path = os.path.dirname(__file__)
lambda_path = os.path.join(module_path, "lambda")
api_path = "contact"
base_lambda = aws_lambda.Function(
stack,
'ContactFormLambda',
handler='lambda_handler.handler',
runtime=aws_lambda.Runtime.PYTHON_3_7,
environment={
"TARGET_EMAIL":
forwarding_email,
"SENDER_EMAIL":
f"contact@{domain}",
"SENDER_NAME":
f"{project_name.capitalize()}",
"SENDER":
f"{project_name.capitalize()} Contact Form <contact@{domain}>"
},
code=aws_lambda.Code.asset(lambda_path),
)
base_lambda.add_to_role_policy(
aws_iam.PolicyStatement(effect=aws_iam.Effect.ALLOW,
resources=["*"],
actions=["ses:SendEmail", "ses:SendRawEmail"]))
verify_domain_create_call = AwsSdkCall(
service="SES",
action="verifyDomainIdentity",
parameters={"Domain": domain},
physical_resource_id=PhysicalResourceId.from_response(
"VerificationToken"))
policy_statement = PolicyStatement(actions=["ses:VerifyDomainIdentity"],
resources=["*"])
verify_domain_identity = AwsCustomResource(
stack,
"VerifyDomainIdentity",
on_create=verify_domain_create_call,
policy=AwsCustomResourcePolicy.from_statements(
statements=[policy_statement]))
aws_route53.TxtRecord(
stack,
"SESVerificationRecord",
zone=stack.zone,
record_name=f"_amazonses.{domain}",
values=[
verify_domain_identity.get_response_field("VerificationToken")
])
stack.add_api_method(api_path, "POST", base_lambda)
def _get_on_update_func(self, id: str, parameter_name: str):
return AwsSdkCall(
action="getParameter",
service="SSM",
parameters={
"Name": parameter_name,
},
region="us-east-1",
physical_resource_id=PhysicalResourceId.of(f"LEF-{id}"),
)
def get_sdk_operation(self, resource_id: str,
create_params: Dict[str, Any], action_name: str):
#api_version=None uses the latest api
action = AwsSdkCall(
action=action_name,
service='Iot',
parameters=create_params,
# Must keep the same physical resource id, otherwise resource is deleted by CF
physical_resource_id=PhysicalResourceId.of(id=resource_id),
)
return action
def get_on_delete(self, bucket_name, object_key):
delete_params = {
"Bucket": bucket_name,
"Key": object_key,
}
on_delete = AwsSdkCall(
action='deleteObject',
service='S3',
parameters=delete_params,
)
return on_delete
def on_delete_mediapackage(self):
delete_params = {"Id": self.id_channel}
on_delete = AwsSdkCall(
action='deleteChannel',
service='MediaPackage',
api_version=None, # Uses the latest api
parameters=delete_params,
# Must keep the same physical resource id, otherwise resource is deleted by CloudFormation
physical_resource_id=PhysicalResourceId.of("media-live-stack"),
)
return on_delete
def create(self, bucket_name):
create_params = {
"Body": "Hello world",
"Bucket": bucket_name,
"Key": "helloWorld.txt"
}
return AwsSdkCall(action='putObject',
service='S3',
parameters=create_params,
physical_resource_id=PhysicalResourceId.of(
'myAutomationExecution'))
def delete_qsuser(self):
params = {
"UserName": self.quicksight_migration_target_assume_role.role_name
+ "/quicksight",
"AwsAccountId": core.Aws.ACCOUNT_ID,
"Namespace": "default",
}
return AwsSdkCall(
action="deleteUser",
service="QuickSight",
parameters=params,
physical_resource_id=PhysicalResourceId.of("cdksdk_qsuser"),
)
def delete_policy_assignment(self):
delete_params = {
"AssignmentName": "QuickSightMigration",
"AwsAccountId": core.Aws.ACCOUNT_ID,
"Namespace": "default",
}
return AwsSdkCall(
action="deleteIAMPolicyAssignment",
service="QuickSight",
assumed_role_arn=self.quicksight_migration_target_assume_role.role_arn,
parameters=delete_params,
physical_resource_id=PhysicalResourceId.of("cdksdk_policyassignment"),
)
def update_device_pool(self, device_pool_name, platform, max_devices,
os_version, manufacturer):
return AwsSdkCall(
action='updateDevicePool',
service='DeviceFarm',
parameters={
'arn': self.device_pool_arn,
'name': device_pool_name,
'rules': self._build_rules(platform, os_version, manufacturer),
'maxDevices': max_devices
},
region=
'us-west-2', # When other endpoints become available for DF, we won't have to do this.
physical_resource_id=PhysicalResourceId.from_response(
"devicePool.arn"))
def get_on_create(self, bucket_name, object_key, object_content):
create_params = {
"Body": object_content,
"Bucket": bucket_name,
"Key": object_key,
}
#api_version=None uses the latest api
on_create = AwsSdkCall(
action='putObject',
service='S3',
parameters=create_params,
# to get a unique physicaid: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html
physical_resource_id=PhysicalResourceId.from_response('ETag'),
)
return on_create
def create_qsuser(self):
create_params = {
"IdentityType": "IAM",
"Email": " ",
"UserRole": "ADMIN",
"IamArn": self.quicksight_migration_target_assume_role.role_arn,
"SessionName": "quicksight",
"AwsAccountId": core.Aws.ACCOUNT_ID,
"Namespace": "default",
}
return AwsSdkCall(
action="registerUser",
service="QuickSight",
parameters=create_params,
physical_resource_id=PhysicalResourceId.of("cdksdk_qsuser"),
)
def get_on_create_update(self, bucket_name, object_key, object_content):
create_params = {
"Body": object_content,
"Bucket": bucket_name,
"Key": object_key,
}
# api_version=None uses the latest api
on_create = AwsSdkCall(
action='putObject',
service='S3',
parameters=create_params,
# Must keep the same physical resource id, otherwise resource is deleted by CloudFormation
physical_resource_id=PhysicalResourceId.of(
f'{bucket_name}/{object_key}'),
)
return on_create
def create_policy_assignment(self):
create_params = {
"AssignmentName": "QuickSightMigration",
"AssignmentStatus": "ENABLED",
"AwsAccountId": core.Aws.ACCOUNT_ID,
"Namespace": "default",
"Identities": {
"user": [
self.quicksight_migration_target_assume_role.role_name
+ "/quicksight"
]
},
"PolicyArn": self.quicksight_managed_resources_policy.managed_policy_arn,
}
return AwsSdkCall(
action="createIAMPolicyAssignment",
service="QuickSight",
assumed_role_arn=self.quicksight_migration_target_assume_role.role_arn,
parameters=create_params,
physical_resource_id=PhysicalResourceId.of("cdksdk_policyassignment"),
)
def __init__(self, scope: core.Construct, id: str, es_domain: CfnDomain, kda_role: iam.Role,
source_bucket: s3.Bucket, dest_bucket: s3.Bucket, **kwargs):
super().__init__(scope, id, **kwargs)
stack = Stack.of(self)
kda_role.add_to_policy(PolicyStatement(actions=['cloudwatch:PutMetricData'],
resources=['*']))
artifacts_bucket_arn = 'arn:aws:s3:::' + _config.ARA_BUCKET.replace("s3://", "")
kda_role.add_to_policy(PolicyStatement(actions=['s3:GetObject', 's3:GetObjectVersion'],
resources=[artifacts_bucket_arn, artifacts_bucket_arn + '/binaries/*']))
log_group = logs.LogGroup(scope=self,
id='KdaLogGroup',
retention=logs.RetentionDays.ONE_WEEK,
removal_policy=RemovalPolicy.DESTROY)
log_stream = logs.LogStream(scope=self,
id='KdaLogStream',
log_group=log_group,
removal_policy=RemovalPolicy.DESTROY)
log_stream_arn = stack.format_arn(service='logs',
resource='log-group',
resource_name=log_group.log_group_name + ':log-stream:' +
log_stream.log_stream_name,
sep=':')
# TODO: restrict
kda_role.add_to_policy(PolicyStatement(actions=['logs:*'],
resources=[stack.format_arn(service='logs', resource='*')]))
kda_role.add_to_policy(PolicyStatement(actions=['logs:DescribeLogStreams', 'logs:DescribeLogGroups'],
resources=[log_group.log_group_arn,
stack.format_arn(service='logs', resource='log-group',
resource_name='*')]))
kda_role.add_to_policy(PolicyStatement(actions=['logs:PutLogEvents'],
resources=[log_stream_arn]))
kda_role.add_to_policy(PolicyStatement(actions=['es:ESHttp*'],
resources=[stack.format_arn(service='es', resource='domain',
resource_name=es_domain.domain_name + '/*')]))
# TODO: restrict
kda_role.add_to_policy(PolicyStatement(actions=['s3:*'],
resources=['arn:aws:s3::::*']))
# Define delivery stream
# delivery_stream_name = 'clean_delivery_stream'
#
# s3_configuration = {
# 'bucketArn': '',
# 'compressionFormat': 'Snappy',
# 'dataFormatConversionConfiguration': {
# 'enabled': True,
# 'inputFormatConfiguration': {'deserializer': },
# 'outputFormatConfiguration': {'serializer': {'parquetSerDe': }},
# 'schemaConfiguration': {}
# },
# 'prefix': 'streaming'
# }
#
# delivery_stream = CfnDeliveryStream(scope=self,
# id='Firehose Delivery Stream',
# delivery_stream_name=delivery_stream_name,
# delivery_stream_type='DirectPut',
# extended_s3_destination_configuration=s3_configuration
# )
# Define KDA application
application_configuration = {
'environmentProperties': {
'propertyGroups': [
{
'propertyGroupId': 'ConsumerConfigProperties',
'propertyMap': {
'CustomerStream': scope.customer_stream.stream_name,
'AddressStream': scope.address_stream.stream_name,
'SaleStream': scope.sale_stream.stream_name,
'PromoDataPath': source_bucket.s3_url_for_object('promo'),
'ItemDataPath': source_bucket.s3_url_for_object('item'),
'aws.region': scope.region
}
},
{
'propertyGroupId': 'ProducerConfigProperties',
'propertyMap': {
'ElasticsearchHost': 'https://' + es_domain.attr_domain_endpoint + ':443',
'Region': scope.region,
'DenormalizedSalesS3Path': dest_bucket.s3_url_for_object() + '/',
'IndexName': 'ara-write'
}
}
]
},
'applicationCodeConfiguration': {
'codeContent': {
's3ContentLocation': {
'bucketArn': artifacts_bucket_arn,
'fileKey': 'binaries/stream-processing-1.1.jar'
}
},
'codeContentType': 'ZIPFILE'
},
'flinkApplicationConfiguration': {
'parallelismConfiguration': {
'configurationType': 'DEFAULT'
},
'checkpointConfiguration': {
'configurationType': 'DEFAULT'
},
'monitoringConfiguration': {
'logLevel': 'DEBUG',
'metricsLevel': 'TASK',
'configurationType': 'CUSTOM'
}
},
'applicationSnapshotConfiguration': {
'snapshotsEnabled': False
}
}
self.__app = CfnApplicationV2(scope=self,
id='KDA application',
runtime_environment='FLINK-1_11',
application_name='KDA-application',
service_execution_role=kda_role.role_arn,
application_configuration=application_configuration)
logging = CfnApplicationCloudWatchLoggingOptionV2(scope=self, id='KDA application logging',
application_name=self.__app.ref,
cloud_watch_logging_option={'logStreamArn': log_stream_arn})
logging.apply_removal_policy(policy=RemovalPolicy.RETAIN, apply_to_update_replace_policy=True,
default=RemovalPolicy.RETAIN)
# Use a custom resource to start the application
create_params = {
'ApplicationName': self.__app.ref,
'RunConfiguration': {
'ApplicationRestoreConfiguration': {
'ApplicationRestoreType': 'SKIP_RESTORE_FROM_SNAPSHOT'
},
'FlinkRunConfiguration': {
'AllowNonRestoredState': True
}
}
}
# See https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/ for service name, actions and parameters
create_action = AwsSdkCall(service='KinesisAnalyticsV2',
action='startApplication',
parameters=create_params,
physical_resource_id=PhysicalResourceId.of(self.__app.ref + '-start'))
delete_action = AwsSdkCall(service='KinesisAnalyticsV2',
action='stopApplication',
parameters={'ApplicationName': self.__app.ref, 'Force': True})
custom_resource = AwsCustomResource(scope=self,
id='KdaStartAndStop',
on_create=create_action,
on_delete=delete_action,
policy=AwsCustomResourcePolicy.from_statements([PolicyStatement(
actions=['kinesisanalytics:StartApplication',
'kinesisanalytics:StopApplication',
'kinesisanalytics:DescribeApplication',
'kinesisanalytics:UpdateApplication'], resources=[
stack.format_arn(service='kinesisanalytics', resource='application',
resource_name=self.app.application_name)])]))
custom_resource.node.add_dependency(self.app)
def __init__(self, scope: core.Construct, id: str, **kwargs):
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
this_dir = path.dirname(__file__)
handler = lmb.Function(self,
'Handler',
runtime=lmb.Runtime.PYTHON_3_7,
handler='handler.handler',
code=lmb.Code.from_asset(
path.join(this_dir, 'lambda')))
alias = lmb.Alias(self,
"HandlerAlias",
alias_name="Current",
version=handler.current_version)
gw = apigw.LambdaRestApi(
self,
'Gateway',
description='Endpoint for a singple Lambda-powered web service',
handler=alias,
endpoint_types=[EndpointType.REGIONAL])
failure_alarm = cloudwatch.Alarm(
self,
"FailureAlarm",
alarm_name=self.stack_name + '-' + '500Alarm',
metric=cloudwatch.Metric(metric_name="5XXError",
namespace="AWS/ApiGateway",
dimensions={
"ApiName": "Gateway",
},
statistic="Sum",
period=core.Duration.minutes(1)),
threshold=1,
evaluation_periods=1)
alarm500topic = sns.Topic(self,
"Alarm500Topic",
topic_name=self.stack_name + '-' +
'Alarm500TopicSNS')
alarm500topic.add_subscription(
subscriptions.EmailSubscription("*****@*****.**"))
failure_alarm.add_alarm_action(cw_actions.SnsAction(alarm500topic))
codedeploy.LambdaDeploymentGroup(
self,
"DeploymentGroup",
alias=alias,
deployment_config=codedeploy.LambdaDeploymentConfig.
CANARY_10_PERCENT_10_MINUTES,
alarms=[failure_alarm])
# Create a dynamodb table
table_name = self.stack_name + '-' + 'HelloCdkTable'
table = dynamodb.Table(self,
"TestTable",
table_name=table_name,
partition_key=Attribute(
name="id",
type=dynamodb.AttributeType.STRING))
table_name_id = cr.PhysicalResourceId.of(table.table_name)
on_create_action = AwsSdkCall(
action='putItem',
service='DynamoDB',
physical_resource_id=table_name_id,
parameters={
'Item': {
'id': {
'S': 'HOLA_CREATE'
},
'date': {
'S': datetime.today().strftime('%Y-%m-%d')
},
'epoch': {
'N': str(int(time.time()))
}
},
'TableName': table_name
})
on_update_action = AwsSdkCall(
action='putItem',
service='DynamoDB',
physical_resource_id=table_name_id,
parameters={
'Item': {
'id': {
'S': 'HOLA_UPDATE'
},
'date': {
'S': datetime.today().strftime('%Y-%m-%d')
},
'epoch': {
'N': str(int(time.time()))
}
},
'TableName': table_name
})
cr.AwsCustomResource(
self,
"TestTableCustomResource",
on_create=on_create_action,
on_update=on_update_action,
policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE))
# OUTPUT
self.url_output = core.CfnOutput(self, 'Url', value=gw.url)
