def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Model all required resources
## IAM Roles
lambda_role = _iam.Role(
self,
id='lab1-bdc-lambda-role',
assumed_by=_iam.ServicePrincipal('lambda.amazonaws.com'))
## EventBridge
eb = _eb.EventBus(self,
id="lab1-bdc-eventbus",
event_bus_name="lab1-bdc-eventbus")
eb_pattern = _eb.EventPattern(detail_type=["message-received"], )
## AWS Lambda Functions
fnLambda_dispatch = _lambda.Function(
self,
"lab1-bdc-function-dispatch",
code=_lambda.AssetCode("../lambda-functions/dispatch-function"),
handler="app.handler",
timeout=core.Duration.seconds(60),
role=lambda_role,
runtime=_lambda.Runtime.PYTHON_3_8)
fnLambda_dispatch.add_environment("EVENT_BUS_NAME", eb.event_bus_name)
fnLambda_consume = _lambda.Function(
self,
"lab1-bdc-function-consume",
code=_lambda.AssetCode("../lambda-functions/consume-function"),
handler="app.handler",
role=lambda_role,
timeout=core.Duration.seconds(60),
runtime=_lambda.Runtime.PYTHON_3_8)
cw_policy_statement = _iam.PolicyStatement(effect=_iam.Effect.ALLOW)
cw_policy_statement.add_actions("logs:CreateLogGroup")
cw_policy_statement.add_actions("logs:CreateLogStream")
cw_policy_statement.add_actions("logs:PutLogEvents")
cw_policy_statement.add_actions("logs:DescribeLogStreams")
cw_policy_statement.add_resources("*")
lambda_role.add_to_policy(cw_policy_statement)
eb_policy_statement = _iam.PolicyStatement(effect=_iam.Effect.ALLOW)
eb_policy_statement.add_actions("events:PutEvents")
eb_policy_statement.add_resources(eb.event_bus_arn)
lambda_role.add_to_policy(eb_policy_statement)
_eb.Rule(self,
id="lab1-bdc-eventRule",
description="A basic rule sample",
enabled=True,
event_bus=eb,
event_pattern=eb_pattern,
rule_name="BDC-BasicDispatchConsume",
targets=[_ebt.LambdaFunction(handler=fnLambda_consume)])
def __init__(self, scope: core.Construct, id: str, stack_prefix: str,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
# IAM Roles
lambda_role = _iam.Role(
self,
id='{}-lambda-role'.format(stack_prefix),
assumed_by=_iam.ServicePrincipal('lambda.amazonaws.com'))
cw_policy_statement = _iam.PolicyStatement(effect=_iam.Effect.ALLOW)
cw_policy_statement.add_actions("logs:CreateLogGroup")
cw_policy_statement.add_actions("logs:CreateLogStream")
cw_policy_statement.add_actions("logs:PutLogEvents")
cw_policy_statement.add_actions("logs:DescribeLogStreams")
cw_policy_statement.add_resources("*")
lambda_role.add_to_policy(cw_policy_statement)
# AWS Lambda Functions
fnLambda_secureAPI = _lambda.Function(
self,
"{}-function-secureApi".format(stack_prefix),
code=_lambda.AssetCode("../lambda-functions/secure-api"),
handler="app.handler",
timeout=core.Duration.seconds(60),
role=lambda_role,
runtime=_lambda.Runtime.PYTHON_3_8)
fnLambda_authorizer = _lambda.Function(
self,
"{}-function-tokenAuthorizer".format(stack_prefix),
code=_lambda.AssetCode("../lambda-functions/token-authorizer"),
handler="app.handler",
timeout=core.Duration.seconds(60),
role=lambda_role,
runtime=_lambda.Runtime.PYTHON_3_8)
api = _ag.RestApi(
self,
id="{}-api-gateway".format(stack_prefix),
)
api_authorizer = _ag.TokenAuthorizer(
self,
id="{}-authorizer".format(stack_prefix),
handler=fnLambda_authorizer)
int_secure_api = _ag.LambdaIntegration(fnLambda_secureAPI)
res_data = api.root.add_resource('api')
res_data.add_method('GET', int_secure_api, authorizer=api_authorizer)
core.CfnOutput(self,
"{}-output-apiEndpointURL".format(stack_prefix),
value=api.url,
export_name="{}-apiEndpointURL".format(stack_prefix))
def _lambda_glue_crawler_task(self):
root_path = Path(os.path.dirname(os.path.abspath(__file__)))
lambda_handler = root_path.joinpath('lambdas',
'trigger_glue_crawler').as_posix()
func = lambda_.Function(
self,
"TriggerGlueCrawlerLambdaHandler",
handler="lambda.lambda_handler",
code=lambda_.AssetCode(lambda_handler),
environment={"crawlerName": f"{self.glue_crawler.name}"},
initial_policy=[
iam.PolicyStatement(
actions=["glue:StartCrawler"],
resources=["*"],
),
],
timeout=core.Duration.seconds(30),
runtime=lambda_.Runtime.PYTHON_3_7,
)
# turn the lambda into a stepfunction task so we can use it in our state machine
task = sfn.Task(
self,
"TriggerGlueCrawlerLambda",
task=sfnt.InvokeFunction(func),
)
return task
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
lambdaFn = lambda_.Function(
self,
"Singleton",
code=lambda_.AssetCode(path="./lambda"),
handler="handler.main",
timeout=core.Duration.seconds(300),
runtime=lambda_.Runtime.PYTHON_3_7,
environment={"PYTHONPATH": "/var/task/packages:/var/runtime"},
)
# Run every 1 hour
# See https://docs.aws.amazon.com/lambda/latest/dg/tutorial-scheduled-events-schedule-expressions.html
rule = events.Rule(
self,
"Rule",
schedule=events.Schedule.cron(minute='0',
hour='0/1',
month='*',
week_day='*',
year='*'),
)
rule.add_target(targets.LambdaFunction(lambdaFn))
def __init__(self, scope: core.Construct, id: str,
props: CustomResourceProps, **kwargs) -> None:
super().__init__(scope, id)
name = props.name
lambda_directory = props.lambda_directory
handler = props.handler
timeout = props.timeout
runtime = props.runtime
environment = props.environment
resource_properties = props.resource_properties
lambda_uuid = str(uuid.uuid5(uuid.NAMESPACE_DNS, name + handler))
resource = cfn.CustomResource(
self,
"Resource",
provider=cfn.CustomResourceProvider.lambda_(
lambda_.SingletonFunction(
self,
"Singleton",
environment=environment,
function_name=name,
uuid=lambda_uuid,
code=lambda_.AssetCode(lambda_directory),
handler=handler,
timeout=core.Duration.seconds(timeout),
runtime=runtime,
)),
properties=resource_properties,
)
self.resource = resource
self.response = resource.get_att("Response").to_string()
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# lambda_layer
layer = aws_lambda.LayerVersion(
self,
"LambdaLayerLayer",
compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_8],
code=aws_lambda.AssetCode("layers/lambda_layer"),
)
# lambda
common_lambda_params = dict(
runtime=aws_lambda.Runtime.PYTHON_3_8,
handler="lambda_function.lambda_handler",
timeout=core.Duration.seconds(10),
memory_size=128,
)
lambda_ = aws_lambda.Function(
self,
"LambdaLayerLambda",
code=aws_lambda.Code.asset("lambdas/lambda_layer"),
layers=[layer],
**common_lambda_params,
)
def __init__(self, scope: core.Construct, id: str,
kafkaClientFirewall: ec2.ISecurityGroup, vpc: ec2.IVpc,
kafkaCloudMap: cloudmap.Service, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Kafka data producer
lambdaFn = lambda_.Function(
self,
"KafkaProducer",
code=lambda_.AssetCode('fargate_workshop_cdk/function.zip'),
handler="kafka-producer.main",
timeout=core.Duration.seconds(300),
runtime=lambda_.Runtime.PYTHON_3_7,
description='Simple Kafka producer for Fargate workshop',
environment={
'NAMESPACE': kafkaCloudMap.namespace.namespace_name,
'SERVICE': kafkaCloudMap.service_name,
'TOPIC_NAME': 'MyTopic'
},
memory_size=512,
security_group=kafkaClientFirewall,
vpc=vpc)
lambdaFn.add_to_role_policy(statement=iam.PolicyStatement(
resources=['*'], actions=['servicediscovery:DiscoverInstances']))
lambdaFn.add_to_role_policy(statement=iam.PolicyStatement(
resources=['*'], actions=['kafka:GetBootstrapBrokers']))
# Run every 5 minutes
# See https://docs.aws.amazon.com/lambda/latest/dg/tutorial-scheduled-events-schedule-expressions.html
rule = events.Rule(
self,
"Rule",
schedule=events.Schedule.rate(duration=core.Duration.minutes(5), ),
)
rule.add_target(targets.LambdaFunction(lambdaFn))
def create_lambda_build_image(self) -> Resource:
"""Greengrassのコンポーネント用に推論アプリのdockerイメージをビルドするcodebuildを実行するLambda
Returns:
Resource: lambda
"""
lambdaFn_name = self.get_lambda_name("build_image")
role_name = self.get_role_name("build_image")
lambda_role = aws_iam.Role(
self,
id=role_name,
assumed_by=aws_iam.ServicePrincipal("lambda.amazonaws.com"),
role_name=role_name,
path="/service-role/",
managed_policies=[
aws_iam.ManagedPolicy.from_aws_managed_policy_name(
"service-role/AWSLambdaBasicExecutionRole"),
aws_iam.ManagedPolicy.from_aws_managed_policy_name(
"AWSCodeBuildDeveloperAccess")
])
lambda_role.attach_inline_policy(
aws_iam.Policy(
self,
"AllowDynamoDBAccess",
document=aws_iam.PolicyDocument(statements=[
aws_iam.PolicyStatement(actions=[
"dynamodb:PutItem", "dynamodb:GetItem",
"dynamodb:UpdateItem"
],
resources=[self._table.table_arn])
])))
lambdaFn_path = self.get_lambda_path("build_image")
lambdaFn = aws_lambda.Function(
self,
id=lambdaFn_name,
function_name=lambdaFn_name,
code=aws_lambda.AssetCode(path=lambdaFn_path),
handler="lambda_handler.handler",
timeout=Duration.seconds(10),
runtime=aws_lambda.Runtime.PYTHON_3_9,
description="コンポーネント用のイメージを作成",
role=lambda_role,
environment={
"TABLE_NAME":
self._table.table_name,
"CODEBUILD_PROJECT_NAME":
self._docker_image_buildproject.project_name,
"COMPONENT_IMAGE_REPOSITORY":
self._component_ecr.repository_name,
"COMPONENT_APP_SOURCE_REPOSITORY":
self._component_source_repository.repository_clone_url_grc,
"COMPONENT_BASE_IMAGE_REPOSITORY":
self._component_base_ecr.repository_uri
})
self._table.grant_read_write_data(lambdaFn)
return lambdaFn
def create_lambda_function(self,
boto3_lambda_layer,
source_path,
identifier,
is_inline,
environment={}):
lambda_function = None
lambda_code = None
lambda_handler = None
if is_inline:
with open(f"{source_path}/app.py", encoding="utf8") as fp:
handler_code = fp.read()
lambda_code = aws_lambda.InlineCode(handler_code)
lambda_handler = "index.handler"
else:
lambda_code = aws_lambda.AssetCode(source_path)
lambda_handler = "app.handler"
lambda_function = aws_lambda.Function(
self,
identifier,
runtime=aws_lambda.Runtime.PYTHON_3_8,
handler=lambda_handler,
code=lambda_code,
environment=environment,
)
if boto3_lambda_layer:
lambda_function.add_layers(boto3_lambda_layer)
return lambda_function
def __init__(self,
scope: core.Construct,
id: str,
idp_name: str,
idp_url: str,
*,
cfn_lambda: str = None,
cfn_resources_path: str = None,
debug=False):
"""Create an IAM SAML Identity Provider
Args:
scope (core.Construct): [description]
id (str): [description]
idp_name (str): IAM Idp name
idp_url (str): Your SAML Identity provider URL
"""
rdir = sys.prefix + '/share/aviv-cdk/iam-idp/'
if not cfn_lambda:
p = os.path.dirname(os.path.dirname(__file__))
cfn_lambda = p + '/lambdas/iam_idp/saml.py'
lambda_attrs = dict(code=aws_lambda.InlineCode(
CDKLambda._code_inline(cfn_lambda)),
handler='index.handler',
timeout=core.Duration.seconds(20),
runtime=aws_lambda.Runtime.PYTHON_3_7)
if not cfn_resources_path:
cfn_resources_path = rdir + 'artifacts-cfn_resources.zip'
layer_attrs = dict(description='cfn_resources layer for idp',
code=aws_lambda.AssetCode(cfn_resources_path))
super().__init__(scope,
id,
lambda_attrs=lambda_attrs,
layer_attrs=layer_attrs,
remote_account_grant=False)
# Add required policies for the lambda to create an IAM idp
self._lambda.add_to_role_policy(
iam.PolicyStatement(actions=[
'iam:CreateSAMLProvider', 'iam:UpdateSAMLProvider',
'iam:DeleteSAMLProvider'
],
effect=iam.Effect.ALLOW,
resources=['*']))
self._idp = cfn.CustomResource(
self,
"identityProvider",
resource_type='Custom::SAMLProvider',
provider=cfn.CustomResourceProvider.lambda_(self._lambda),
properties=dict(Name=idp_name, URL=idp_url))
self.response = self._idp.get_att("Response").to_string()
# Export
ssm_name = '/' + id.replace('-', '/')
ssm.StringParameter(self,
'ssm',
string_value=self._idp.ref,
parameter_name=ssm_name)
core.CfnOutput(self, 'IAMIdpSAMLArn', value=self._idp.ref)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Creates VPC
vpc = ec2.Vpc(self, id)
# Creates RDS Database
instance = rds.DatabaseInstance(
self, "RDS",
database_name="covid",
engine=rds.DatabaseInstanceEngine.mysql(
version=rds.MysqlEngineVersion.VER_8_0_21
),
vpc=vpc,
port=3306,
instance_type=ec2.InstanceType.of(
ec2.InstanceClass.BURSTABLE2,
ec2.InstanceSize.MICRO,
),
removal_policy=core.RemovalPolicy.DESTROY,
deletion_protection=False,
vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
)
# Add inbound rule to RDS SG
instance.connections.allow_from_any_ipv4(ec2.Port.tcp(3306), "Open to the world")
# Defines Lambda layers
python_etl_layer = _lambda.LayerVersion(
self, "python-etl",
code=_lambda.AssetCode('C:\Code\ACG Challenge – AWS ETL\python.zip'))
# Defines an AWS Lambda resource
my_lambda = _lambda.Function(
self, 'etlhandler',
runtime=_lambda.Runtime.PYTHON_3_7,
code=_lambda.Code.asset('lambda'),
handler='etl.extract_csv1',
layers=[python_etl_layer],
timeout=core.Duration.seconds(30),
memory_size=(256)
)
# Add Lambda Environment Variables
my_lambda.add_environment("RDS_INSTANCE", instance.instance_endpoint.hostname)
my_lambda.add_environment("SECRET_NAME", instance.secret.secret_full_arn)
# Grant permission to lambda to access RDS Secret
instance.secret.grant_read(my_lambda)
# Create a Cloudwatch Event rule
four_hour_rule = aws_events.Rule(
self, "four_hour_rule",
schedule=aws_events.Schedule.rate(core.Duration.minutes(240)),
)
# Add target to Cloudwatch Event
four_hour_rule.add_target(aws_events_targets.LambdaFunction(my_lambda))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
requests_layer = _lambda.LayerVersion(
self, "requests", code=_lambda.AssetCode('layers/requests.zip'))
pytube_layer = _lambda.LayerVersion(
self, "pytube", code=_lambda.AssetCode('layers/pytube.zip'))
base_lambda = _lambda.Function(
self,
APP_NAME,
handler='main.handler',
runtime=_lambda.Runtime.PYTHON_3_8,
code=_lambda.Code.asset('src'),
timeout=core.Duration.seconds(30),
layers=[requests_layer, pytube_layer],
)
base_api = _apigw.RestApi(self,
'ApiGatewayWithCors',
rest_api_name=APP_NAME)
route_transcribe = base_api.root.add_resource('transcribe')
route_transcribe_lambda_integration = _apigw.LambdaIntegration(
base_lambda,
proxy=True,
integration_responses=[{
'statusCode': '200',
'responseParameters': {
'method.response.header.Access-Control-Allow-Origin':
"'*'",
}
}])
route_transcribe.add_method(
'GET',
route_transcribe_lambda_integration,
method_responses=[{
'statusCode': '200',
'responseParameters': {
'method.response.header.Access-Control-Allow-Origin': True,
}
}])
self.add_cors_options(route_transcribe)
def __init__(self, app: core.App, id: str, **kwargs) -> None:
super().__init__(app, id, **kwargs)
jsonloggingLayer = aws_lambda.LayerVersion(self, 'jsonloggingLayer',
code=aws_lambda.AssetCode('layers/json_logging'),
compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7],
layer_version_name="clean-lambda-versions-json_logging")
pytzLayer = aws_lambda.LayerVersion(self, 'pytzLayer',
code=aws_lambda.AssetCode('layers/pytz'),
compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7],
layer_version_name="clean-lambda-versions-ptyz")
lambdaFn = aws_lambda.Function(
self, "Singleton",
code=aws_lambda.AssetCode('./src'),
handler="handler.clean_lambda_versions",
function_name="clean-lambda-versions",
layers=[jsonloggingLayer, pytzLayer],
log_retention=aws_logs.RetentionDays.ONE_YEAR,
timeout=core.Duration.seconds(300),
runtime=aws_lambda.Runtime.PYTHON_3_7,
)
lambdaFn.add_to_role_policy(
aws_iam.PolicyStatement(
actions=['lambda:ListFunctions',
'lambda:ListVersionsByFunction',
'lambda:DeleteFunction'],
resources=['*'],
)
)
# Run every monday at 08:01 AM UTC
rule = aws_events.Rule(
self, "Rule",
schedule=aws_events.Schedule.cron(
minute='01',
hour='08',
month='*',
week_day='MON',
year='*'),
)
rule.add_target(aws_events_targets.LambdaFunction(lambdaFn))
def _create_lambda(self):
role = iam.Role(
self,
"LambdaPrepareDbRole",
assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"),
description="Role for Lambda preparing RDS",
role_name=f"{self.name_prefix}-lambda-prepare-db-role",
managed_policies=[
#iam.ManagedPolicy.from_aws_managed_policy_name("AWSLambdaBasicExecutionRole"),
iam.ManagedPolicy.from_aws_managed_policy_name(
"service-role/AWSLambdaVPCAccessExecutionRole"),
iam.ManagedPolicy.from_aws_managed_policy_name(
"SecretsManagerReadWrite"),
],
)
lambda_function_id = f"{self.name_prefix}-prepare_db_function"
lambda_function_path = str(pathlib.Path(
__file__).resolve().parent) + "/lambdafn/prepare_db_function/"
lambda_layer_path = str(pathlib.Path(
__file__).resolve().parent) + "/lambdafn/lambda_layer/"
layer = aws_lambda.LayerVersion(
self, 'Layer', code=aws_lambda.AssetCode(lambda_layer_path))
lambda_fn = aws_lambda.Function(
scope=self,
id=lambda_function_id,
function_name=lambda_function_id,
code=aws_lambda.AssetCode(path=lambda_function_path),
handler="lambda_handler.lambda_handler",
layers=[layer],
timeout=Duration.seconds(300),
runtime=aws_lambda.Runtime.PYTHON_3_7,
role=role,
description="write some description for this lambda",
security_groups=[self.security_group],
vpc=self.vpc,
vpc_subnets=self.subnet_selection)
lambda_fn.add_environment('SECRETS_NAME', self.rds.secret.secret_arn)
lambda_fn.add_environment('REGION_NAME', self.region)
def __init__(self, scope: core.Stack, id: str, **kwargs):
super().__init__(scope, id, **kwargs)
self.repo_url = 'https://api.github.com/repos/aws/aws-cdk/releases'
self.dynamo_table = aws_dynamodb.Table(
self,
"DynamoTable",
table_name=self.stack_name,
billing_mode=aws_dynamodb.BillingMode.PAY_PER_REQUEST,
partition_key=aws_dynamodb.Attribute(
name="latest_version", type=aws_dynamodb.AttributeType.STRING))
self.lambda_function = aws_lambda.Function(
self,
"GitHubReleaseMonitor",
code=aws_lambda.AssetCode('github-release-monitor.zip'),
handler="lambda_function.lambda_handler",
runtime=aws_lambda.Runtime.PYTHON_3_7,
description=
"Lambda function that monitors aws-cdk repo for releases and triggers codepipeline when new release is available.",
environment={
"STACK_NAME": self.stack_name,
"DYNAMO_TABLE": self.stack_name,
"REPO_URL": self.repo_url,
"CODEBUILD_PROJECT": 'aws-cdk-docker'
},
log_retention=aws_logs.RetentionDays.ONE_WEEK,
timeout=core.Duration.seconds(10))
self.cron_event = aws_events.Rule(
self,
"CWEventRuleCron",
description=
"Triggers cron every 1 hour to check for new releases to cdk repo",
schedule=aws_events.Schedule.cron(minute="0/60"),
targets=[aws_events_targets.LambdaFunction(self.lambda_function)])
self.dynamo_table.grant_read_write_data(self.lambda_function)
self.codebuild_project = aws_codebuild.Project.from_project_name(
self, "CodeBuildProject", 'aws-cdk-docker')
self.lambda_codebuild_iam_policy = aws_iam.PolicyStatement(
actions=['codebuild:StartBuild'],
resources=[self.codebuild_project.project_arn])
self.lambda_function.add_to_role_policy(
self.lambda_codebuild_iam_policy)
self.ssm_param = aws_ssm.StringParameter.from_secure_string_parameter_attributes(
self,
"SSMParam",
parameter_name='/prod/dockerhub-password',
version=1)
self.ssm_param.grant_read(self.codebuild_project)
def get_lambda(self, lambda_params):
lambda_function = lambda_.Function(
self,
self.lambda_name,
handler=lambda_params['handler'],
role=lambda_params['lambda_role'],
memory_size=lambda_params['memory_size'],
runtime=lambda_params['runtime'],
timeout=core.Duration.seconds(lambda_params['timeout']),
code=lambda_.AssetCode(lambda_params['path']))
self.add_tags(self.lambda_name, lambda_function, lambda_params['tags'])
return lambda_function
def __init__(self,
scope: cdk.Stack,
id: str,
sla_monitor_dynamo_table,
git_hash,
stream_zip='stream-monitor.zip',
**kwargs):
super().__init__(scope, id, **kwargs)
self.sla_monitor_dynamo_table = sla_monitor_dynamo_table
self.stream_zip = git_hash + "-" + stream_zip
self.sla_stream_monitor_lambda_function = aws_lambda.Function(
self,
"StreamMonitorLambdaFunction",
function_name=self.stack_name,
code=aws_lambda.AssetCode(self.stream_zip),
handler="stream_processor.lambda_handler",
runtime=aws_lambda.Runtime.PYTHON37,
#layers=[self.dynamodb_lambda_layer],
description=
"Monitors DynamoDB stream from SLA Monitor and updates a DynamoDB Table with any changes",
environment={
"STACK_NAME": self.stack_name,
"DYNAMO_TABLE_NAME": self.stack_name
},
memory_size=128,
timeout=90,
)
self.sla_stream_monitor_dynamo_table = aws_dynamodb.Table(
self,
"DynamoTable{}".format("SLAStreamMonitor"),
table_name=self.stack_name,
billing_mode=aws_dynamodb.BillingMode.PayPerRequest,
partition_key={
"name": "service_name",
"type": aws_dynamodb.AttributeType.String
},
sort_key={
"name": "last_updated_date",
"type": aws_dynamodb.AttributeType.String
},
)
# Permissions to access stream_monitor dynamo table
self.sla_stream_monitor_dynamo_table.grant_read_write_data(
self.sla_stream_monitor_lambda_function.role)
# Event source for stream monitor lambda function from sla monitor dynamodb stream
self.sla_stream_monitor_lambda_function.add_event_source(
aws_lambda_event_sources.DynamoEventSource(
table=self.sla_monitor_dynamo_table,
starting_position=aws_lambda.StartingPosition.Latest))
def __init__(self, scope: core.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
# The code that defines your stack goes here
lambda_function = _lambda.Function(
self,
'Valhalla-Bot',
runtime=_lambda.Runtime.PYTHON_3_8,
code=_lambda.AssetCode('lambda'),
handler='app.handler',
)
apigw.LambdaRestApi(self, 'Endpoint', handler=lambda_function)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
handler = aws_lambda.Function(
self,
"cdk-lambda-apigateway",
runtime=aws_lambda.Runtime.PYTHON_3_7,
handler="api.main",
code=aws_lambda.AssetCode(path="./lambda"))
api = aws_apigateway.LambdaRestApi(self,
"LambdawithAPIGateway",
handler=handler)
def create_lambda_check_image_status(self) -> Resource:
"""dockerイメージのビルド状況を確認するLambda
Returns:
Resource: lambda
"""
lambdaFn_name = self.get_lambda_name("check_image_status")
role_name = self.get_role_name("check_image_status")
lambda_role = aws_iam.Role(
self,
id=role_name,
assumed_by=aws_iam.ServicePrincipal("lambda.amazonaws.com"),
role_name=role_name,
path="/service-role/",
managed_policies=[
aws_iam.ManagedPolicy.from_aws_managed_policy_name(
"service-role/AWSLambdaBasicExecutionRole")
])
lambda_role.attach_inline_policy(
aws_iam.Policy(
self,
"AllowCodeBuildStatus",
document=aws_iam.PolicyDocument(statements=[
aws_iam.PolicyStatement(
actions=["codebuild:BatchGetBuilds"],
resources=[
self._docker_image_buildproject.project_arn
]),
aws_iam.PolicyStatement(actions=[
"dynamodb:PutItem", "dynamodb:GetItem",
"dynamodb:UpdateItem"
],
resources=[self._table.table_arn])
])))
lambdaFn_path = self.get_lambda_path("check_image_status")
lambdaFn = aws_lambda.Function(
self,
id=lambdaFn_name,
function_name=lambdaFn_name,
code=aws_lambda.AssetCode(path=lambdaFn_path),
handler="lambda_handler.handler",
timeout=Duration.seconds(10),
runtime=aws_lambda.Runtime.PYTHON_3_9,
description="コンポーネント用のイメージのビルド結果を確認",
role=lambda_role,
environment={"TABLE_NAME": self._table.table_name})
return lambdaFn
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
pystache_layer = aws_lambda.LayerVersion(self, 'pystache_layer',
code = aws_lambda.AssetCode('layers/pystache_layer'),
compatible_runtimes = [aws_lambda.Runtime.PYTHON_3_7])
# Dynamically generate HTML for images
socialize_func = aws_lambda.Function(self, "socialize_func",
code = aws_lambda.AssetCode('functions/socialize_func'),
handler = "lambda.handler",
layers = [pystache_layer],
runtime = aws_lambda.Runtime.PYTHON_3_7)
# Uses API Gateway as the endpoint
socialize_api = aws_apigateway.LambdaRestApi(self, 'socialize_api',
handler = socialize_func,
proxy = False)
# Only GETs are supported
socialize_resource = socialize_api.root.add_resource('socialize')
socialize_resource.add_method('GET',
aws_apigateway.LambdaIntegration(socialize_func, proxy = True))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
layer = aws_lambda.LayerVersion(
self, "dependencies", code=aws_lambda.AssetCode("python.zip"))
aws_lambda.Function(
self,
"Hello World",
code=aws_lambda.Code.from_asset("lambda/"),
handler="main.handler",
runtime=aws_lambda.Runtime.PYTHON_3_7,
layers=[layer],
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Slack Webhook Url - from ssm
slack_webhook_url = aws_ssm.StringParameter.value_from_lookup(
self, 'AGILE_HIYOKO_GENERAL_SLACK_WEBHOOK_URL')
# Lambda
lambda_function = aws_lambda.Function(
self,
'agile-hiyoko-chousei',
function_name='agile-hiyoko-chousei',
runtime=aws_lambda.Runtime.PYTHON_3_8,
handler='chousei.lambda_handler',
code=aws_lambda.AssetCode(path='./lambda/artifacts/'),
timeout=core.Duration.seconds(10))
lambda_function.add_environment('SLACK_WEBHOOK_URL', slack_webhook_url)
# crontab settings
cron = aws_events.Schedule.cron(
minute='00',
hour='16',
day='01',
month='02/04/06/08/10/12',
year='*',
)
if self.DEBUG:
cron = aws_events.Schedule.cron(
minute='*',
hour='*',
day='*',
month='*',
year='*',
)
# CloudWatchEvent
rule = aws_events.Rule(
self,
'agile-hiyoko-chousei-rule',
# MEMO: 開催月の1日、JST 07:00
schedule=cron,
)
rule.add_target(aws_events_targets.LambdaFunction(lambda_function))
def __init__(self, scope, id, *args, **kwargs):
super(Stack, self).__init__(scope, id, *args, **kwargs)
self.function = aws_lambda.Function(
self,
"Function",
runtime=aws_lambda.Runtime.PROVIDED,
timeout=core.Duration.minutes(1),
tracing=aws_lambda.Tracing.ACTIVE,
code=aws_lambda.AssetCode("lambda"),
handler="irr.elevant")
self.apigw = aws_apigateway.LambdaRestApi(self,
"Api",
handler=self.function,
proxy=False)
self.apigw.root.add_method("GET")
self.apigw.root.add_method("POST")
def create_lambda_function(self) -> core.Resource:
"""
Lambda Function to say hello.
Ref: https://github.com/aws-samples/aws-cdk-examples/tree/master/python/lambda-cron
"""
lambdaFn_id = f"{self.stack_name}-{self.component_id}-" + "lambda_handler"
lambdaFn_path = str(pathlib.Path(
__file__).resolve().parent) + "/lambdafn/sample_function/"
lambdaFn = aws_lambda.Function(
scope=self,
id=lambdaFn_id,
function_name=lambdaFn_id,
code=aws_lambda.AssetCode(path=lambdaFn_path),
handler="lambda_handler.lambda_handler",
timeout=core.Duration.seconds(300),
runtime=aws_lambda.Runtime.PYTHON_3_7,
description="write some description for this lambda",
)
return lambdaFn
def __init__(self, scope: core.Construct, id: str, config: dict,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Model all required resources
## IAM Roles
lambda_role = _iam.Role(
self,
id="{}-iam-lambda".format(id),
assumed_by=_iam.ServicePrincipal('lambda.amazonaws.com'))
# CloudWatch policy statement
cw_policy_statement = _iam.PolicyStatement(effect=_iam.Effect.ALLOW)
cw_policy_statement.add_actions("logs:CreateLogGroup")
cw_policy_statement.add_actions("logs:CreateLogStream")
cw_policy_statement.add_actions("logs:PutLogEvents")
cw_policy_statement.add_actions("logs:DescribeLogStreams")
cw_policy_statement.add_resources("*")
lambda_role.add_to_policy(cw_policy_statement)
## AWS Lambda Functions
fnLambda_getLogs = _lambda.Function(
self,
id="{}-lambda-getLogs".format(id),
function_name="{}-lambda-getLogs".format(id),
code=_lambda.AssetCode("../lambda-functions/get-logs"),
handler="app.handler",
timeout=core.Duration.seconds(60),
role=lambda_role,
runtime=_lambda.Runtime.PYTHON_3_8)
fnLambda_getLogs.add_environment(
"SLACK_INCOMING_WEBHOOK",
config['DEFAULT']['SLACK_INCOMING_WEBHOOK'])
core.CfnOutput(self,
"{}-output-lambdaLogsArn".format(stack_prefix),
value=fnLambda_getLogs.function_name,
export_name="{}-lambdaLogsArn".format(stack_prefix))
def _lambda_quality_check_task(self):
lambda_role = iam.Role(
self,
id=f"QualityLambdaRole",
assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonS3FullAccess"),
iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonAthenaFullAccess"),
],
)
root_path = Path(os.path.dirname(os.path.abspath(__file__)))
lambda_handler = root_path.joinpath('lambdas',
'quality_check').as_posix()
func = lambda_.Function(
self,
"QualityCheckAthenaLambdaHandler",
handler="lambda.lambda_handler",
code=lambda_.AssetCode(lambda_handler),
environment={"athenaDatabase": f"{self.glue_db_name}"},
role=lambda_role,
timeout=core.Duration.seconds(30),
runtime=lambda_.Runtime.PYTHON_3_7,
)
# turn the lambda into a stepfunction task so we can use it in our state machine
task = sfn.Task(
self,
"QualityCheckAthenaLambda",
task=sfnt.InvokeFunction(func),
)
return task
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
region = os.environ["CDK_DEFAULT_REGION"]
account = os.environ["CDK_DEFAULT_ACCOUNT"]
role = iam.Role(
self,
"export-sales-lambda-role",
assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"))
role.add_to_policy(
iam.PolicyStatement(
resources=[
f"arn:aws:ssm:{region}:{account}:parameter/twitter-cotton"
],
actions=["ssm:GetParameter", "ssm:GetParameters"]))
export_sales = aws_lambda.Function(
self,
"export-sales",
runtime=aws_lambda.Runtime.PYTHON_3_8,
handler="handler.main",
code=aws_lambda.AssetCode("./functions/export-sales"),
timeout=core.Duration.seconds(15),
log_retention=aws_logs.RetentionDays.ONE_MONTH,
layers=[self.create_dependencies_layer(id, "export-sales")],
role=role)
# Runs at two different hours to account for daylight savings
schedule = aws_events.Rule(
self,
"schedule",
schedule=aws_events.Schedule.expression(
"cron(30,33,36,40,50 12,13 ? * MON,TUE,WED,THU,FRI *)"))
schedule.add_target(aws_events_targets.LambdaFunction(export_sales))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The start of the image pipeline
imageBucket = aws_s3.Bucket(self, "imageBucket")
# Capture API activity with a trail
imageBucketTrail = aws_cloudtrail.Trail(self,
"imageBucketTrail",
is_multi_region_trail=False)
# Restrict to S3 data-plane events
imageBucketTrail.add_s3_event_selector(
include_management_events=False,
prefixes=[f"{imageBucket.bucket_arn}/"],
read_write_type=aws_cloudtrail.ReadWriteType.WRITE_ONLY)
# Filter to just PutObject and CopyObject events
imageBucketRule = aws_events.Rule(
self,
"imageBucketRule",
event_pattern={
"source": ["aws.s3"],
"detail": {
"eventSource": ["s3.amazonaws.com"],
"eventName": ["PutObject", "CopyObject"],
"requestParameters": {
"bucketName": [imageBucket.bucket_name]
}
}
})
#--
# Lambda Layers
#--------------------#
opencvLayer = aws_lambda.LayerVersion(
self,
'opencvLayer',
code=aws_lambda.AssetCode('layers/opencvLayer'),
compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_6])
boto3Layer = aws_lambda.LayerVersion(
self,
'boto3Layer',
code=aws_lambda.AssetCode('layers/boto3Layer'),
compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_6])
#--
# Lambda Functions
#--------------------#
# Gather info about an image, name, extension, etc
getImageInfoFunc = aws_lambda.Function(
self,
"getImageInfoFunc",
code=aws_lambda.AssetCode('functions/getImageInfoFunc'),
handler="lambda.handler",
runtime=aws_lambda.Runtime.PYTHON_3_6)
# The home for the website
webBucket = aws_s3.Bucket(self,
"webBucket",
website_index_document='index.html')
# Copy the image to the web bucket
copyImageFunc = aws_lambda.Function(
self,
"copyImageFunc",
code=aws_lambda.AssetCode('functions/copyImageFunc'),
handler="lambda.handler",
runtime=aws_lambda.Runtime.PYTHON_3_6,
layers=[boto3Layer],
environment={
'OUTPUTBUCKET': webBucket.bucket_name,
'OUTPUTPREFIX': 'images/'
})
# Grant permissions to read from the source and write to the desination
imageBucket.grant_read(copyImageFunc)
webBucket.grant_write(copyImageFunc)
# Create a thumbnail of the image and place in the web bucket
createThumbnailFunc = aws_lambda.Function(
self,
"createThumbnailFunc",
code=aws_lambda.AssetCode('functions/createThumbnailFunc'),
handler="lambda.handler",
runtime=aws_lambda.Runtime.PYTHON_3_6,
layers=[boto3Layer, opencvLayer],
timeout=core.Duration.seconds(10),
memory_size=256,
environment={
'OUTPUTBUCKET': webBucket.bucket_name,
'OUTPUTPREFIX': 'images/'
})
# Grant permissions to read from the source and write to the desination
imageBucket.grant_read(createThumbnailFunc)
webBucket.grant_write(createThumbnailFunc)
# Store page information
pageTable = aws_dynamodb.Table(
self,
'pageTable',
partition_key={
'name': 'pageName',
'type': aws_dynamodb.AttributeType.STRING
},
billing_mode=aws_dynamodb.BillingMode.PAY_PER_REQUEST,
stream=aws_dynamodb.StreamViewType.NEW_IMAGE)
# Save page and image information
updatePageInfoFunc = aws_lambda.Function(
self,
"updatePageInfoFunc",
code=aws_lambda.AssetCode('functions/updatePageInfoFunc'),
handler="lambda.handler",
runtime=aws_lambda.Runtime.PYTHON_3_6,
layers=[boto3Layer],
environment={
'PAGETABLE': pageTable.table_name,
'PAGEPREFIX': 'posts/'
})
# Grant permissions to write to the page table
pageTable.grant_write_data(updatePageInfoFunc)
imagePipelineDone = aws_stepfunctions.Succeed(self,
"Done processing image")
updatePageInfoJob = aws_stepfunctions.Task(
self,
'Update page info',
task=aws_stepfunctions_tasks.InvokeFunction(updatePageInfoFunc))
updatePageInfoJob.next(imagePipelineDone)
copyImageJob = aws_stepfunctions.Task(
self,
'Copy image',
task=aws_stepfunctions_tasks.InvokeFunction(copyImageFunc))
createThumbnailJob = aws_stepfunctions.Task(
self,
'Create thumbnail',
task=aws_stepfunctions_tasks.InvokeFunction(createThumbnailFunc))
# These tasks can be done in parallel
processImage = aws_stepfunctions.Parallel(self,
'Process image',
result_path="$.images")
processImage.branch(copyImageJob)
processImage.branch(createThumbnailJob)
processImage.next(updatePageInfoJob)
# Results of file extension check
notPng = aws_stepfunctions.Succeed(self, "Not a PNG")
# Verify the file extension
checkForPng = aws_stepfunctions.Choice(self, 'Is a PNG?')
checkForPng.when(
aws_stepfunctions.Condition.string_equals('$.extension', 'png'),
processImage)
checkForPng.otherwise(notPng)
# A single image pipeline job for testing
getImageInfoJob = aws_stepfunctions.Task(
self,
'Get image info',
task=aws_stepfunctions_tasks.InvokeFunction(getImageInfoFunc))
getImageInfoJob.next(checkForPng)
# Configure the image pipeline and starting state
imagePipeline = aws_stepfunctions.StateMachine(
self, "imagePipeline", definition=getImageInfoJob)
# Matching events start the image pipline
imageBucketRule.add_target(
aws_events_targets.SfnStateMachine(
imagePipeline,
input=aws_events.RuleTargetInput.from_event_path(
"$.detail.requestParameters")))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
lambda_role = _iam.Role(
self,
id='lab3-om-role',
assumed_by=_iam.ServicePrincipal('lambda.amazonaws.com'))
cloudwatch_policy_statement = _iam.PolicyStatement(
effect=_iam.Effect.ALLOW)
cloudwatch_policy_statement.add_actions("logs:CreateLogGroup")
cloudwatch_policy_statement.add_actions("logs:CreateLogStream")
cloudwatch_policy_statement.add_actions("logs:PutLogEvents")
cloudwatch_policy_statement.add_actions("logs:DescribeLogStreams")
cloudwatch_policy_statement.add_resources("*")
lambda_role.add_to_policy(cloudwatch_policy_statement)
fn_lambda_approve_reject = aws_lambda.Function(
self,
"lab3-om-approve-reject",
code=aws_lambda.AssetCode(
"../lambda-functions/approve-reject-application/"),
handler="app.handler",
tracing=aws_lambda.Tracing.ACTIVE,
timeout=core.Duration.seconds(30),
role=lambda_role,
runtime=aws_lambda.Runtime.PYTHON_3_8)
fn_lambda_verify_identity = aws_lambda.Function(
self,
"lab3-om-verify-identity",
code=aws_lambda.AssetCode("../lambda-functions/verify-identity/"),
handler="app.handler",
tracing=aws_lambda.Tracing.ACTIVE,
timeout=core.Duration.seconds(30),
role=lambda_role,
runtime=aws_lambda.Runtime.PYTHON_3_8)
fn_lambda_check_address = aws_lambda.Function(
self,
"lab3-om-check-address",
code=aws_lambda.AssetCode("../lambda-functions/check-address/"),
handler="app.handler",
tracing=aws_lambda.Tracing.ACTIVE,
timeout=core.Duration.seconds(30),
role=lambda_role,
runtime=aws_lambda.Runtime.PYTHON_3_8)
'''
[INFO] This is a sample how to define the task and integrate with Lambda Functions. You need to create another 2 tasks for respective Lambda functions
'''
task_verify_identity = _tasks.LambdaInvoke(
self,
"Verify Identity Document",
lambda_function=fn_lambda_verify_identity,
output_path="$.Payload")
task_check_address = _tasks.LambdaInvoke(
self,
"Check Address",
lambda_function=fn_lambda_check_address,
output_path="$.Payload")
task_wait_review = _tasks.LambdaInvoke(
self,
"Wait for Review",
lambda_function=fn_lambda_approve_reject,
output_path="$.Payload")
state_approve = _sfn.Succeed(self, "Approve Application")
state_reject = _sfn.Succeed(self, "Reject Application")
# Let's define the State Machine, step by step
# First, paralell tasks for verification
s_verification = _sfn.Parallel(self, "Verification")
s_verification.branch(task_verify_identity)
s_verification.branch(task_check_address)
# Next, we add a choice state
c_human_review = _sfn.Choice(self, "Human review required?")
c_human_review.when(
_sfn.Condition.and_(
_sfn.Condition.boolean_equals("$[0].humanReviewRequired",
False),
_sfn.Condition.boolean_equals("$[1].humanReviewRequired",
True)), state_approve)
c_human_review.when(
_sfn.Condition.or_(
_sfn.Condition.boolean_equals("$[0].humanReviewRequired",
True),
_sfn.Condition.boolean_equals("$[1].humanReviewRequired",
False)), task_wait_review)
# Another choice state to check if the application passed the review
c_review_approved = _sfn.Choice(self, "Review approved?")
c_review_approved.when(
_sfn.Condition.boolean_equals("$.reviewApproved", True),
state_approve)
c_review_approved.when(
_sfn.Condition.boolean_equals("$.reviewApproved", False),
state_reject)
task_wait_review.next(c_review_approved)
definition = s_verification.next(c_human_review)
_sfn.StateMachine(self,
"lab3-statemachine",
definition=definition,
timeout=core.Duration.minutes(5))
