def on_update_mediapackage_endpoint(self): update_params = { "ChannelId": self.id_channel, "Id": f"endpoint-{self.id_channel}", "Description": f"Endpoint - {self.id_channel}", "HlsPackage": { "SegmentDurationSeconds": 5, "PlaylistWindowSeconds": 59, "StreamSelection": { "MaxVideoBitsPerSecond": 2147483647, "MinVideoBitsPerSecond": 0, "StreamOrder": "ORIGINAL" } } } on_update = AwsSdkCall( action='updateOriginEndpoint', service='MediaPackage', api_version=None, # Uses the latest api parameters=update_params, # Must keep the same physical resource id, otherwise resource is deleted by CloudFormation physical_resource_id=PhysicalResourceId.of( "media-live-stack-endpoint"), ) return on_update
def copy_from_assests_bucket_to_custom_bucket(self, construct_id, asset_bucket, file_name, s3_custom_bucket): asset_bucket_object = s3.Bucket.from_bucket_name( self, "AssetBucketObject", asset_bucket.s3_bucket_name) # Custom Resource Creation to Copy from Asset Bucket to Custom Bucket custom_resource_policy = AwsCustomResourcePolicy.from_sdk_calls( resources=[ f"{asset_bucket_object.bucket_arn}/*", f"{s3_custom_bucket.bucket_arn}/*" ]) custom_resource_lambda_role = _iam.Role( scope=self, id=f'{construct_id}-CustomResourceLambdaRole', assumed_by=_iam.ServicePrincipal('lambda.amazonaws.com'), managed_policies=[ _iam.ManagedPolicy.from_aws_managed_policy_name( "service-role/AWSLambdaBasicExecutionRole"), _iam.ManagedPolicy( scope=self, id=f'{construct_id}-CustomResourceLambdaPolicy', managed_policy_name="AssetsBucketAccessPolicy", statements=[ _iam.PolicyStatement(resources=[ f"{asset_bucket_object.bucket_arn}/*", f"{s3_custom_bucket.bucket_arn}/*" ], actions=[ "s3:List*", "s3:PutObject", "s3:GetObject" ]) ]) ]) on_create = AwsSdkCall(action='copyObject', service='S3', physical_resource_id=PhysicalResourceId.of( f'{asset_bucket.s3_bucket_name}'), parameters={ "Bucket": s3_custom_bucket.bucket_name, "CopySource": asset_bucket.s3_bucket_name + '/' + asset_bucket.s3_object_key, "Key": file_name }) custom_resource_creation = AwsCustomResource( scope=self, id='CustomResourceSyncWithS3', policy=custom_resource_policy, log_retention=logs.RetentionDays.ONE_WEEK, on_create=on_create, on_update=on_create, role=custom_resource_lambda_role, timeout=cdk.Duration.seconds(300)) return custom_resource_creation
def delete_project(self, project_name): return AwsSdkCall( action='deleteProject', service='DeviceFarm', parameters={'arn': self.project_arn}, region= 'us-west-2', # When other endpoints become available for DF, we won't have to do this. physical_resource_id=PhysicalResourceId.from_response( "project.arn"))
def delete_device_pool(self): return AwsSdkCall( action='deleteDevicePool', service='DeviceFarm', parameters={'arn': self.device_pool_arn}, region= 'us-west-2', # When other endpoints become available for DF, we won't have to do this. physical_resource_id=PhysicalResourceId.from_response( "devicePool.arn"))
def delete(self, bucket_name): delete_params = {"Bucket": bucket_name, "Key": "helloWorld.txt"} return AwsSdkCall(action='deleteObject', service='S3', parameters=delete_params, physical_resource_id=PhysicalResourceId.of( 'myAutomationExecution'))
def add_contact_api(stack: CDKMasterStack, project_name: str, domain: str, forwarding_email: str): module_path = os.path.dirname(__file__) lambda_path = os.path.join(module_path, "lambda") api_path = "contact" base_lambda = aws_lambda.Function( stack, 'ContactFormLambda', handler='lambda_handler.handler', runtime=aws_lambda.Runtime.PYTHON_3_7, environment={ "TARGET_EMAIL": forwarding_email, "SENDER_EMAIL": f"contact@{domain}", "SENDER_NAME": f"{project_name.capitalize()}", "SENDER": f"{project_name.capitalize()} Contact Form <contact@{domain}>" }, code=aws_lambda.Code.asset(lambda_path), ) base_lambda.add_to_role_policy( aws_iam.PolicyStatement(effect=aws_iam.Effect.ALLOW, resources=["*"], actions=["ses:SendEmail", "ses:SendRawEmail"])) verify_domain_create_call = AwsSdkCall( service="SES", action="verifyDomainIdentity", parameters={"Domain": domain}, physical_resource_id=PhysicalResourceId.from_response( "VerificationToken")) policy_statement = PolicyStatement(actions=["ses:VerifyDomainIdentity"], resources=["*"]) verify_domain_identity = AwsCustomResource( stack, "VerifyDomainIdentity", on_create=verify_domain_create_call, policy=AwsCustomResourcePolicy.from_statements( statements=[policy_statement])) aws_route53.TxtRecord( stack, "SESVerificationRecord", zone=stack.zone, record_name=f"_amazonses.{domain}", values=[ verify_domain_identity.get_response_field("VerificationToken") ]) stack.add_api_method(api_path, "POST", base_lambda)
def _get_on_update_func(self, id: str, parameter_name: str): return AwsSdkCall( action="getParameter", service="SSM", parameters={ "Name": parameter_name, }, region="us-east-1", physical_resource_id=PhysicalResourceId.of(f"LEF-{id}"), )
def get_sdk_operation(self, resource_id: str, create_params: Dict[str, Any], action_name: str): #api_version=None uses the latest api action = AwsSdkCall( action=action_name, service='Iot', parameters=create_params, # Must keep the same physical resource id, otherwise resource is deleted by CF physical_resource_id=PhysicalResourceId.of(id=resource_id), ) return action
def get_on_delete(self, bucket_name, object_key): delete_params = { "Bucket": bucket_name, "Key": object_key, } on_delete = AwsSdkCall( action='deleteObject', service='S3', parameters=delete_params, ) return on_delete
def on_delete_mediapackage(self): delete_params = {"Id": self.id_channel} on_delete = AwsSdkCall( action='deleteChannel', service='MediaPackage', api_version=None, # Uses the latest api parameters=delete_params, # Must keep the same physical resource id, otherwise resource is deleted by CloudFormation physical_resource_id=PhysicalResourceId.of("media-live-stack"), ) return on_delete
def create(self, bucket_name): create_params = { "Body": "Hello world", "Bucket": bucket_name, "Key": "helloWorld.txt" } return AwsSdkCall(action='putObject', service='S3', parameters=create_params, physical_resource_id=PhysicalResourceId.of( 'myAutomationExecution'))
def delete_qsuser(self): params = { "UserName": self.quicksight_migration_target_assume_role.role_name + "/quicksight", "AwsAccountId": core.Aws.ACCOUNT_ID, "Namespace": "default", } return AwsSdkCall( action="deleteUser", service="QuickSight", parameters=params, physical_resource_id=PhysicalResourceId.of("cdksdk_qsuser"), )
def delete_policy_assignment(self): delete_params = { "AssignmentName": "QuickSightMigration", "AwsAccountId": core.Aws.ACCOUNT_ID, "Namespace": "default", } return AwsSdkCall( action="deleteIAMPolicyAssignment", service="QuickSight", assumed_role_arn=self.quicksight_migration_target_assume_role.role_arn, parameters=delete_params, physical_resource_id=PhysicalResourceId.of("cdksdk_policyassignment"), )
def update_device_pool(self, device_pool_name, platform, max_devices, os_version, manufacturer): return AwsSdkCall( action='updateDevicePool', service='DeviceFarm', parameters={ 'arn': self.device_pool_arn, 'name': device_pool_name, 'rules': self._build_rules(platform, os_version, manufacturer), 'maxDevices': max_devices }, region= 'us-west-2', # When other endpoints become available for DF, we won't have to do this. physical_resource_id=PhysicalResourceId.from_response( "devicePool.arn"))
def get_on_create(self, bucket_name, object_key, object_content): create_params = { "Body": object_content, "Bucket": bucket_name, "Key": object_key, } #api_version=None uses the latest api on_create = AwsSdkCall( action='putObject', service='S3', parameters=create_params, # to get a unique physicaid: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html physical_resource_id=PhysicalResourceId.from_response('ETag'), ) return on_create
def create_qsuser(self): create_params = { "IdentityType": "IAM", "Email": " ", "UserRole": "ADMIN", "IamArn": self.quicksight_migration_target_assume_role.role_arn, "SessionName": "quicksight", "AwsAccountId": core.Aws.ACCOUNT_ID, "Namespace": "default", } return AwsSdkCall( action="registerUser", service="QuickSight", parameters=create_params, physical_resource_id=PhysicalResourceId.of("cdksdk_qsuser"), )
def get_on_create_update(self, bucket_name, object_key, object_content): create_params = { "Body": object_content, "Bucket": bucket_name, "Key": object_key, } # api_version=None uses the latest api on_create = AwsSdkCall( action='putObject', service='S3', parameters=create_params, # Must keep the same physical resource id, otherwise resource is deleted by CloudFormation physical_resource_id=PhysicalResourceId.of( f'{bucket_name}/{object_key}'), ) return on_create
def create_policy_assignment(self): create_params = { "AssignmentName": "QuickSightMigration", "AssignmentStatus": "ENABLED", "AwsAccountId": core.Aws.ACCOUNT_ID, "Namespace": "default", "Identities": { "user": [ self.quicksight_migration_target_assume_role.role_name + "/quicksight" ] }, "PolicyArn": self.quicksight_managed_resources_policy.managed_policy_arn, } return AwsSdkCall( action="createIAMPolicyAssignment", service="QuickSight", assumed_role_arn=self.quicksight_migration_target_assume_role.role_arn, parameters=create_params, physical_resource_id=PhysicalResourceId.of("cdksdk_policyassignment"), )
def __init__(self, scope: core.Construct, id: str, es_domain: CfnDomain, kda_role: iam.Role, source_bucket: s3.Bucket, dest_bucket: s3.Bucket, **kwargs): super().__init__(scope, id, **kwargs) stack = Stack.of(self) kda_role.add_to_policy(PolicyStatement(actions=['cloudwatch:PutMetricData'], resources=['*'])) artifacts_bucket_arn = 'arn:aws:s3:::' + _config.ARA_BUCKET.replace("s3://", "") kda_role.add_to_policy(PolicyStatement(actions=['s3:GetObject', 's3:GetObjectVersion'], resources=[artifacts_bucket_arn, artifacts_bucket_arn + '/binaries/*'])) log_group = logs.LogGroup(scope=self, id='KdaLogGroup', retention=logs.RetentionDays.ONE_WEEK, removal_policy=RemovalPolicy.DESTROY) log_stream = logs.LogStream(scope=self, id='KdaLogStream', log_group=log_group, removal_policy=RemovalPolicy.DESTROY) log_stream_arn = stack.format_arn(service='logs', resource='log-group', resource_name=log_group.log_group_name + ':log-stream:' + log_stream.log_stream_name, sep=':') # TODO: restrict kda_role.add_to_policy(PolicyStatement(actions=['logs:*'], resources=[stack.format_arn(service='logs', resource='*')])) kda_role.add_to_policy(PolicyStatement(actions=['logs:DescribeLogStreams', 'logs:DescribeLogGroups'], resources=[log_group.log_group_arn, stack.format_arn(service='logs', resource='log-group', resource_name='*')])) kda_role.add_to_policy(PolicyStatement(actions=['logs:PutLogEvents'], resources=[log_stream_arn])) kda_role.add_to_policy(PolicyStatement(actions=['es:ESHttp*'], resources=[stack.format_arn(service='es', resource='domain', resource_name=es_domain.domain_name + '/*')])) # TODO: restrict kda_role.add_to_policy(PolicyStatement(actions=['s3:*'], resources=['arn:aws:s3::::*'])) # Define delivery stream # delivery_stream_name = 'clean_delivery_stream' # # s3_configuration = { # 'bucketArn': '', # 'compressionFormat': 'Snappy', # 'dataFormatConversionConfiguration': { # 'enabled': True, # 'inputFormatConfiguration': {'deserializer': }, # 'outputFormatConfiguration': {'serializer': {'parquetSerDe': }}, # 'schemaConfiguration': {} # }, # 'prefix': 'streaming' # } # # delivery_stream = CfnDeliveryStream(scope=self, # id='Firehose Delivery Stream', # delivery_stream_name=delivery_stream_name, # delivery_stream_type='DirectPut', # extended_s3_destination_configuration=s3_configuration # ) # Define KDA application application_configuration = { 'environmentProperties': { 'propertyGroups': [ { 'propertyGroupId': 'ConsumerConfigProperties', 'propertyMap': { 'CustomerStream': scope.customer_stream.stream_name, 'AddressStream': scope.address_stream.stream_name, 'SaleStream': scope.sale_stream.stream_name, 'PromoDataPath': source_bucket.s3_url_for_object('promo'), 'ItemDataPath': source_bucket.s3_url_for_object('item'), 'aws.region': scope.region } }, { 'propertyGroupId': 'ProducerConfigProperties', 'propertyMap': { 'ElasticsearchHost': 'https://' + es_domain.attr_domain_endpoint + ':443', 'Region': scope.region, 'DenormalizedSalesS3Path': dest_bucket.s3_url_for_object() + '/', 'IndexName': 'ara-write' } } ] }, 'applicationCodeConfiguration': { 'codeContent': { 's3ContentLocation': { 'bucketArn': artifacts_bucket_arn, 'fileKey': 'binaries/stream-processing-1.1.jar' } }, 'codeContentType': 'ZIPFILE' }, 'flinkApplicationConfiguration': { 'parallelismConfiguration': { 'configurationType': 'DEFAULT' }, 'checkpointConfiguration': { 'configurationType': 'DEFAULT' }, 'monitoringConfiguration': { 'logLevel': 'DEBUG', 'metricsLevel': 'TASK', 'configurationType': 'CUSTOM' } }, 'applicationSnapshotConfiguration': { 'snapshotsEnabled': False } } self.__app = CfnApplicationV2(scope=self, id='KDA application', runtime_environment='FLINK-1_11', application_name='KDA-application', service_execution_role=kda_role.role_arn, application_configuration=application_configuration) logging = CfnApplicationCloudWatchLoggingOptionV2(scope=self, id='KDA application logging', application_name=self.__app.ref, cloud_watch_logging_option={'logStreamArn': log_stream_arn}) logging.apply_removal_policy(policy=RemovalPolicy.RETAIN, apply_to_update_replace_policy=True, default=RemovalPolicy.RETAIN) # Use a custom resource to start the application create_params = { 'ApplicationName': self.__app.ref, 'RunConfiguration': { 'ApplicationRestoreConfiguration': { 'ApplicationRestoreType': 'SKIP_RESTORE_FROM_SNAPSHOT' }, 'FlinkRunConfiguration': { 'AllowNonRestoredState': True } } } # See https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/ for service name, actions and parameters create_action = AwsSdkCall(service='KinesisAnalyticsV2', action='startApplication', parameters=create_params, physical_resource_id=PhysicalResourceId.of(self.__app.ref + '-start')) delete_action = AwsSdkCall(service='KinesisAnalyticsV2', action='stopApplication', parameters={'ApplicationName': self.__app.ref, 'Force': True}) custom_resource = AwsCustomResource(scope=self, id='KdaStartAndStop', on_create=create_action, on_delete=delete_action, policy=AwsCustomResourcePolicy.from_statements([PolicyStatement( actions=['kinesisanalytics:StartApplication', 'kinesisanalytics:StopApplication', 'kinesisanalytics:DescribeApplication', 'kinesisanalytics:UpdateApplication'], resources=[ stack.format_arn(service='kinesisanalytics', resource='application', resource_name=self.app.application_name)])])) custom_resource.node.add_dependency(self.app)
def __init__(self, scope: core.Construct, id: str, **kwargs): super().__init__(scope, id, **kwargs) # The code that defines your stack goes here this_dir = path.dirname(__file__) handler = lmb.Function(self, 'Handler', runtime=lmb.Runtime.PYTHON_3_7, handler='handler.handler', code=lmb.Code.from_asset( path.join(this_dir, 'lambda'))) alias = lmb.Alias(self, "HandlerAlias", alias_name="Current", version=handler.current_version) gw = apigw.LambdaRestApi( self, 'Gateway', description='Endpoint for a singple Lambda-powered web service', handler=alias, endpoint_types=[EndpointType.REGIONAL]) failure_alarm = cloudwatch.Alarm( self, "FailureAlarm", alarm_name=self.stack_name + '-' + '500Alarm', metric=cloudwatch.Metric(metric_name="5XXError", namespace="AWS/ApiGateway", dimensions={ "ApiName": "Gateway", }, statistic="Sum", period=core.Duration.minutes(1)), threshold=1, evaluation_periods=1) alarm500topic = sns.Topic(self, "Alarm500Topic", topic_name=self.stack_name + '-' + 'Alarm500TopicSNS') alarm500topic.add_subscription( subscriptions.EmailSubscription("*****@*****.**")) failure_alarm.add_alarm_action(cw_actions.SnsAction(alarm500topic)) codedeploy.LambdaDeploymentGroup( self, "DeploymentGroup", alias=alias, deployment_config=codedeploy.LambdaDeploymentConfig. CANARY_10_PERCENT_10_MINUTES, alarms=[failure_alarm]) # Create a dynamodb table table_name = self.stack_name + '-' + 'HelloCdkTable' table = dynamodb.Table(self, "TestTable", table_name=table_name, partition_key=Attribute( name="id", type=dynamodb.AttributeType.STRING)) table_name_id = cr.PhysicalResourceId.of(table.table_name) on_create_action = AwsSdkCall( action='putItem', service='DynamoDB', physical_resource_id=table_name_id, parameters={ 'Item': { 'id': { 'S': 'HOLA_CREATE' }, 'date': { 'S': datetime.today().strftime('%Y-%m-%d') }, 'epoch': { 'N': str(int(time.time())) } }, 'TableName': table_name }) on_update_action = AwsSdkCall( action='putItem', service='DynamoDB', physical_resource_id=table_name_id, parameters={ 'Item': { 'id': { 'S': 'HOLA_UPDATE' }, 'date': { 'S': datetime.today().strftime('%Y-%m-%d') }, 'epoch': { 'N': str(int(time.time())) } }, 'TableName': table_name }) cr.AwsCustomResource( self, "TestTableCustomResource", on_create=on_create_action, on_update=on_update_action, policy=cr.AwsCustomResourcePolicy.from_sdk_calls( resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE)) # OUTPUT self.url_output = core.CfnOutput(self, 'Url', value=gw.url)