def dynamodb_table(table_name):
return dynamodb.Table(
table_name,
attributes=[{
"name": "Id",
"type": "S"
}],
hash_key="Id",
read_capacity=1,
write_capacity=1)
import json
from pulumi import export
from pulumi_aws import dynamodb, iam, appsync
## Dynamo DB table to hold data for the GraphQL endpoint
table = dynamodb.Table("tenants",
name="Tenant",
hash_key="id",
attributes=[{
"name": "id",
"type": "S"
}],
read_capacity=1,
write_capacity=1)
## Create IAM role and policy wiring
role = iam.Role("iam-role",
assume_role_policy=json.dumps({
"Version":
"2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "appsync.amazonaws.com"
},
"Effect": "Allow",
}]
}))
policy = iam.Policy(
"iam-policy",
def generate_dynamo_data_source(self, graphql_api, type_name):
"""
Generates a DynamoDB data source for the given GraphQL type. This includes the
Dynamo table, the AppSync data source, a data source role, and the resolvers.
NOTE: This function generates Dynamo tables with a hash key called `id`, but no
other keys.
:param type_name The name of the GraphQL type. This is the identifier which
appears after the `type` keyword in the schema.
"""
table = dynamodb.Table(
f"{self.stack_name}_{type_name}_table",
name=f"{self.stack_name}_{self.random_chars}.{type_name}",
hash_key="id",
attributes=[{"name": "id", "type": "S"}],
# stream_view_type="NEW_AND_OLD_IMAGES",
billing_mode="PAY_PER_REQUEST",
)
data_source_iam_role = iam.Role(
f"{self.stack_name}_{type_name}_role",
assume_role_policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}""",
)
aws_region = config.region
account_id = get_caller_identity().account_id
data_source_iam_role_policy = iam.RolePolicy(
f"{self.stack_name}_{type_name}_role_policy",
role=data_source_iam_role.name,
name="MyDynamoDBAccess",
policy=table.name.apply(
lambda table_name: f"""{{
"Version": "2012-10-17",
"Statement": [
{{
"Effect": "Allow",
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:BatchWriteItem",
"dynamodb:PutItem",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:Scan",
"dynamodb:Query",
"dynamodb:UpdateItem"
],
"Resource": [
"arn:aws:dynamodb:{aws_region}:{account_id}:table/{table_name}",
"arn:aws:dynamodb:{aws_region}:{account_id}:table/{table_name}/*"
]
}}
]
}}"""
),
)
data_source = appsync.DataSource(
f"{self.stack_name}_{type_name}_data_source",
api_id=graphql_api.id,
name=f"{type_name}TableDataSource_{self.random_chars}",
type="AMAZON_DYNAMODB",
service_role_arn=data_source_iam_role.arn,
dynamodb_config={"table_name": table.name},
opts=ResourceOptions(depends_on=[data_source_iam_role]),
)
resolvers = self.generate_resolvers(graphql_api, type_name, data_source)
return {
"table": table,
"data_source_iam_role": data_source_iam_role,
"data_source_iam_role_policy": data_source_iam_role_policy,
"data_source": data_source,
"resolvers": resolvers,
}
import json
import pulumi
from firehosePolicy import getFirehoseRolePolicyDocument, getFirehoseRoleTrustPolicyDocument
from lambdaPolicy import getLambdaRoleTrustPolicyDocument, getAllowDynamoStreamPolicyDocument, getAllowFirehosePutPolicyDocument
from pulumi_aws import dynamodb, s3, kinesis, iam, lambda_, get_caller_identity, get_region, config
accountId = get_caller_identity().account_id
region = config.region
dynamoTable = dynamodb.Table('ReplicationTable',
attributes=[{
'Name': 'Id',
'Type': 'S'
}],
hash_key='Id',
billing_mode='PAY_PER_REQUEST',
stream_enabled=True,
stream_view_type='NEW_IMAGE')
bucket = s3.Bucket('ReplicationBucket')
firehoseRole = iam.Role(
'ReplicationFirehoseRole',
assume_role_policy=getFirehoseRoleTrustPolicyDocument(accountId))
deliveryStream = kinesis.FirehoseDeliveryStream('ReplicationDeliveryStream',
destination='extended_s3',
extended_s3_configuration={
'bucketArn': bucket.arn,
'role_arn':
firehoseRole.arn,
import pulumi
from pulumi_aws import dynamodb
raw_table = dynamodb.Table(
"raw-table",
attributes=[dynamodb.TableAttributeArgs(name="x", type="S")],
billing_mode="PAY_PER_REQUEST",
hash_key="x")
pulumi.export("raw_table_name", raw_table.name)
pulumi.export("raw_table_arn", raw_table.arn) # Explicit output property
# Input properties act as implicit output properties
pulumi.export("raw_table_hash_key", raw_table.hash_key)
pulumi.export("raw_table_billing_mode", raw_table.billing_mode)
item = dynamodb.TableItem(
"test-item",
table_name=raw_table.name,
hash_key=raw_table.hash_key, # <-- implicit output property
item='{"x": {"S": "hello world"}}')
# Everything above works fine.
########################################################################
class DynamoDBTableSubclass(dynamodb.Table):
"""
Subclass of existing Table resource that creates the same kind of table as above.
"""
def __init__(
import json
import pulumi_random as random
from pulumi import export
from pulumi_aws import dynamodb, iam, appsync
## Dynamo DB table to hold data for the GraphQL endpoint
table = dynamodb.Table(
"tenants",
hash_key="id",
attributes=[dynamodb.TableAttributeArgs(name="id", type="S")],
read_capacity=1,
write_capacity=1)
## Create IAM role and policy wiring
role = iam.Role("iam-role",
assume_role_policy=json.dumps({
"Version":
"2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "appsync.amazonaws.com"
},
"Effect": "Allow",
}]
}))
policy = iam.Policy(
"iam-policy",
policy=table.arn.apply(lambda arn: json.dumps({
"Version":
"mymetricalarm",
comparison_operator="GreaterThanOrEqualToThreshold",
evaluation_periods=2,
metric_name="CPUUtilization",
namespace="AWS/EC2",
period=120,
statistic="Average",
threshold=80,
alarm_description="This metric monitors ec2 cpu utilization")
## DynamoDB
db = dynamodb.Table(
"mytable",
attributes=[dynamodb.TableAttributeArgs(
name="Id",
type="S",
)],
hash_key="Id",
read_capacity=1,
write_capacity=1)
## EC2
eip = ec2.Eip("myeip")
security_group = ec2.SecurityGroup("mysecuritygroup",
ingress=[
ec2.SecurityGroupIngressArgs(
protocol="tcp",
from_port=80,
to_port=80,
cidr_blocks=["0.0.0.0/0"])
import pulumi
from pulumi_aws import dynamodb
dynamodb_table = dynamodb.Table(
"characters",
hash_key="character",
read_capacity=5,
write_capacity=5,
attributes=[{
"name": "character",
"type": "S"
}],
stream_enabled=True,
stream_view_type="NEW_AND_OLD_IMAGES",
)
metric_alart = cloudwatch.MetricAlarm(
"mymetricalarm",
comparison_operator="GreaterThanOrEqualToThreshold",
evaluation_periods=2,
metric_name="CPUUtilization",
namespace="AWS/EC2",
period=120,
statistic="Average",
threshold=80,
alarm_description="This metric monitors ec2 cpu utilization")
## DynamoDB
db = dynamodb.Table("mytable",
attributes=[{
"name": "Id",
"type": "S"
}],
hash_key="Id",
read_capacity=1,
write_capacity=1)
## EC2
eip = ec2.Eip("myeip")
security_group = ec2.SecurityGroup("mysecuritygroup",
ingress=[{
"protocol": "tcp",
"from_port": 80,
"to_port": 80,
"cidr_blocks": ["0.0.0.0/0"]
}])
