コード例 #1
0
ファイル: stack.py プロジェクト: developerDemetri/smol
 def __init__(self, scope: Construct, construct_id: str,
              env: Environment) -> None:
     super().__init__(scope, construct_id, env=env)
     smol_table = SmolTable(self, "SmolTable", table_name=TABLE_NAME)
     smol_vpc = Vpc.from_lookup(self, "CoreVPC", vpc_name=VPC_NAME)
     smol_subnets = SubnetSelection(
         one_per_az=True,
         subnet_type=SubnetType.PRIVATE,
     )
     smol_lambda = Function(
         self,
         "SmolAPI",
         code=Code.from_asset_image(directory=abspath("./")),
         environment={
             "CAPTCHA_KEY": environ["CAPTCHA_KEY"],
             "SAFE_BROWSING_KEY": environ["SAFE_BROWSING_KEY"],
         },
         function_name=FUNCTION_NAME,
         handler=Handler.FROM_IMAGE,
         log_retention=RetentionDays.ONE_WEEK,
         memory_size=MEMORY_ALLOCATION,
         reserved_concurrent_executions=RESERVED_CONCURRENCY,
         runtime=Runtime.FROM_IMAGE,
         timeout=Duration.seconds(TIMEOUT_SEC),
         tracing=Tracing.ACTIVE,
         vpc=smol_vpc,
         vpc_subnets=smol_subnets,
     )
     smol_table.table.grant(smol_lambda, "dynamodb:DescribeTable")
     smol_table.table.grant(smol_lambda, "dynamodb:GetItem")
     smol_table.table.grant(smol_lambda, "dynamodb:PutItem")
     SmolTarget(self, "SmolTarget", smol_lambda, API_HOST)
コード例 #2
0
ファイル: __init__.py プロジェクト: febus982/cdk-platform
    def select_vpc(self, scope: BaseApp) -> Vpc:
        vpc_filters = scope.environment_config.get("vpcSelectionFilter", {})

        return Vpc.from_lookup(
            self,
            scope.prefixed_str("vpc"),
            vpc_id=vpc_filters.get("vpcId"),
            vpc_name=vpc_filters.get("vpcName"),
            is_default=vpc_filters.get("isDefault"),
            tags=vpc_filters.get("tags"),
        )
コード例 #3
0
    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        attribute_tagged_group = Group(self, "Flexible Tagged")
        access_project = core.CfnTag(key="access-project", value="elysian")
        access_team = core.CfnTag(key="access-team", value="webdev")
        access_cost_center = core.CfnTag(key="cost-center", value="2600")

        flexible_boundary_policy = CfnManagedPolicy(
            self,
            "FlexiblePermissionBoundary",
            policy_document=json.loads(flexible_policy_permission_boundary),
        )

        CfnUser(
            self,
            "Developer",
            tags=[access_project, access_team, access_cost_center],
            groups=[attribute_tagged_group.group_name],
            permissions_boundary=flexible_boundary_policy.ref,
        )

        # Add AWS managed policy for EC2 Read Only access for the console.
        attribute_tagged_group.add_managed_policy(
            ManagedPolicy.from_aws_managed_policy_name(
                managed_policy_name="AmazonEC2ReadOnlyAccess"
            )
        )

        # Import a json policy and create CloudFormation Managed Policy
        CfnManagedPolicy(
            self,
            "FlexibleAttributePolicy",
            policy_document=json.loads(full_attribute_based_policy),
            groups=[attribute_tagged_group.group_name],
        )

        vpc = Vpc.from_lookup(self, "AttributeTaggedVPC", is_default=True)
        instance_type = InstanceType("t2.micro")
        ami = MachineImage.latest_amazon_linux()

        blocked_instance = Instance(
            self,
            "Blocked Instance",
            machine_image=ami,
            instance_type=instance_type,
            vpc=vpc,
        )
        # Re-use the AMI from t
        image_id = blocked_instance.instance.image_id

        # Can only add tags to CfnInstance as of cdk v1.31
        valid_instance = CfnInstance(
            self,
            "Valid Instance",
            image_id=image_id,
            instance_type="t2.micro",
            tags=[access_project, access_team, access_cost_center],
        )
        # Empty group as it's not need to complete our tests.
        test_security_group = SecurityGroup(
            self, "EmptySecurityGroup", vpc=vpc)

        core.CfnOutput(
            self,
            "BlockedInstance",
            value=blocked_instance.instance_id,
            export_name="elysian-blocked-instance",
        )

        core.CfnOutput(
            self,
            "ValidInstance",
            value=valid_instance.ref,
            export_name="elysian-valid-instance",
        )
        core.CfnOutput(
            self,
            "TestSecurityGroup",
            value=test_security_group.security_group_id,
            export_name="test-elysian-sg",
        )
        core.CfnOutput(
            self, "DefaultAMI", value=image_id, export_name="default-elysian-ami"
        )
コード例 #4
0
    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        username_tagged = Group(self, "Username Tagged")

        developer = User(self, "Developer")
        developer.add_to_group(username_tagged)

        # Add AWS managed policy for EC2 Read Only access for the console.
        username_tagged.add_managed_policy(
            ManagedPolicy.from_aws_managed_policy_name(
                managed_policy_name="AmazonEC2ReadOnlyAccess"
            )
        )

        # Import a json policy and create CloudFormation Managed Policy
        CfnManagedPolicy(
            self,
            "UserTaggedPolicy",
            policy_document=json.loads(username_based_policy),
            groups=[username_tagged.group_name],
        )

        vpc = Vpc.from_lookup(self, "UsernameTaggedVPC", is_default=True)
        instance_type = InstanceType("t2.micro")
        ami = MachineImage.latest_amazon_linux()

        blocked_instance = Instance(
            self,
            "Blocked Instance",
            machine_image=ami,
            instance_type=instance_type,
            vpc=vpc,
        )
        # Re-use the AMI from t
        image_id = blocked_instance.instance.image_id

        # Can only add tags to CfnInstance as of 1.31
        dev_username_tag = core.CfnTag(
            key="username", value=developer.user_name)
        valid_instance = CfnInstance(
            self,
            "Valid Instance",
            image_id=image_id,
            instance_type="t2.micro",
            tags=[dev_username_tag],
        )
        # Empty group as it's not need to complete our tests.
        test_security_group = SecurityGroup(
            self, "EmptySecurityGroup", vpc=vpc)

        core.CfnOutput(
            self,
            "BlockedInstance",
            value=blocked_instance.instance_id,
            export_name="username-blocked-instance",
        )

        core.CfnOutput(
            self,
            "ValidInstance",
            value=valid_instance.ref,
            export_name="username-valid-instance",
        )
        core.CfnOutput(
            self,
            "TestSecurityGroup",
            value=test_security_group.security_group_id,
            export_name="test-username-sg",
        )
        core.CfnOutput(
            self, "DefaultAMI", value=image_id, export_name="default-username-ami"
        )