def __init__(self, scope: core.Construct, id: str, ** kwargs) -> None: super().__init__(scope, id, **kwargs) # Import an S3 Bucket), get existing bucket: konstone_bkt = _s3.Bucket.from_bucket_attributes(self, "konstoneAssetsBucket", bucket_name="konstone-assets-bkt") # Create Lambda function with source code from S3 Bucket konstone_fn = _lambda.Function(self, "konstoneFunction", function_name="konstone_fn", runtime=_lambda.Runtime.PYTHON_3_7, handler="konstone_processor.lambda_handler", code=_lambda.S3Code( bucket=konstone_bkt, key="lambda_src/konstone_processor.zip" ), timeout=core.Duration.seconds(2), reserved_concurrent_executions=1 ) # Create Custom Loggroup # when lambda gets deleted, log group also is deleted # /aws/lambda/function-name konstone_lg = _logs.LogGroup(self, "konstoneLoggroup", log_group_name=f"/aws/lambda/{konstone_fn.function_name}", removal_policy=core.RemovalPolicy.DESTROY, retention=_logs.RetentionDays.ONE_WEEK )
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Read Lambda Code): try: with open("serverless_stacks/lambda_src/konstone_processor.py", mode="r") as f: konstone_fn_code = f.read() except OSError: print("Unable to read Lambda Function Code") konstone_fn = _lambda.Function( self, "konstoneFunction", function_name="konstone_function", runtime=_lambda.Runtime.PYTHON_3_7, handler="index.lambda_handler", code=_lambda.InlineCode(konstone_fn_code), timeout=core.Duration.seconds(3), reserved_concurrent_executions=1, environment={"LOG_LEVEL": "INFO"}) # Create Custom Loggroup # /aws/lambda/function-name konstone_lg = _logs.LogGroup( self, "konstoneLoggroup", log_group_name=f"/aws/lambda/{konstone_fn.function_name}", removal_policy=core.RemovalPolicy.DESTROY)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) self.max_azs = 3 vpc = ec2.Vpc( self, f"{id}-{kwargs['env']['deploy_env']}-vpc", cidr=kwargs['env']['cidr'], default_instance_tenancy=ec2.DefaultInstanceTenancy.DEFAULT, enable_dns_hostnames=kwargs['env']['aws_dns'], enable_dns_support=kwargs['env']['aws_dns'], max_azs=self.max_azs, nat_gateways=self.max_azs if kwargs['env']['ha'] else 1, subnet_configuration=[ ec2.SubnetConfiguration(name='public', subnet_type=ec2.SubnetType.PUBLIC, cidr_mask=20), ec2.SubnetConfiguration(name='app', subnet_type=ec2.SubnetType.PRIVATE, cidr_mask=20), ec2.SubnetConfiguration(name='data', subnet_type=ec2.SubnetType.PRIVATE, cidr_mask=20) ]) flowlog_log_group = logs.LogGroup( self, f"{id}-{kwargs['env']['deploy_env']}-flowlog-log-group", log_group_name=f"/flowlogs/{kwargs['env']['deploy_env']}", retention=logs.RetentionDays.ONE_MONTH) iam_policy = iam.PolicyDocument( assign_sids=True, statements=[ iam.PolicyStatement( actions=[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogGroups", "logs:DescribeLogStreams" ], effect=iam.Effect.ALLOW, resources=[flowlog_log_group.log_group_arn]) ]) iam_role = iam.Role( self, f"{id}-{kwargs['env']['deploy_env']}-flowlog-role", assumed_by=iam.ServicePrincipal('vpc-flow-logs.amazonaws.com'), inline_policies={ f"{id}-{kwargs['env']['deploy_env']}-flowlogs": iam_policy }) flowlog = ec2.CfnFlowLog( self, f"{id}-{kwargs['env']['deploy_env']}-flowlog", deliver_logs_permission_arn=iam_role.role_arn, log_destination_type='cloud-watch-logs', log_group_name=f"/flowlogs/{kwargs['env']['deploy_env']}", traffic_type='ALL', resource_type='VPC', resource_id=vpc.vpc_id)
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) # Create SNS Topic # SNS topic topic = sns.Topic(self, 'sns-to-lambda-topic', display_name='My SNS topic') # Create Lambda function lambdaFn = _lambda.Function(self, "SNSPublisher", runtime=_lambda.Runtime.PYTHON_3_9, code=_lambda.Code.from_asset("lambda"), handler="handler.main", timeout=cdk.Duration.seconds(10)) # Set Lambda Logs Retention and Removal Policy logs.LogGroup(self, 'logs', log_group_name=f"/aws/lambda/{lambdaFn.function_name}", removal_policy=cdk.RemovalPolicy.DESTROY, retention=logs.RetentionDays.ONE_DAY) # Grant publish to lambda function topic.grant_publish(lambdaFn) cdk.CfnOutput(self, 'snsTopicArn', value=topic.topic_arn, description='The arn of the SNS topic') cdk.CfnOutput(self, 'functionName', value=lambdaFn.function_name, description='The name of the handler function')
def __init__(self, app: App, id: str) -> None: super().__init__(app, id) # Lambda Function lambdaFn = _lambda.Function(self, "SNSEventHandler", runtime=_lambda.Runtime.PYTHON_3_9, code=_lambda.Code.from_asset("lambda"), handler="handler.main", timeout=Duration.seconds(10)) # Set Lambda Logs Retention and Removal Policy logs.LogGroup(self, 'logs', log_group_name=f"/aws/lambda/{lambdaFn.function_name}", removal_policy=RemovalPolicy.DESTROY, retention=logs.RetentionDays.ONE_DAY) # SNS topic topic = sns.Topic(self, 'sns-to-lambda-topic-test', display_name='My SNS topic') # subscribe Lambda to SNS topic topic.add_subscription(subs.LambdaSubscription(lambdaFn)) # Output information about the created resources CfnOutput(self, 'snsTopicArn', value=topic.topic_arn, description='The arn of the SNS topic') CfnOutput(self, 'functionName', value=lambdaFn.function_name, description='The name of the handler function')
def __init__(self, app: App, id: str) -> None: super().__init__(app, id) # Lambda Function with open("lambda-handler.py", encoding="utf8") as fp: handler_code = fp.read() lambdaFn = lambda_.Function( self, "Singleton", code=lambda_.InlineCode(handler_code), handler="index.main", timeout=Duration.seconds(10), runtime=lambda_.Runtime.PYTHON_3_9, ) # Set Lambda Logs Retention and Removal Policy logs.LogGroup( self, 'logs', log_group_name = f"/aws/lambda/{lambdaFn.function_name}", removal_policy = RemovalPolicy.DESTROY, retention = logs.RetentionDays.ONE_DAY ) # EventBridge Rule rule = events.Rule( self, "Rule", ) rule.add_event_pattern( source=["cdk.myApp"], detail_type=["transaction"] ) rule.add_target(targets.LambdaFunction(lambdaFn))
def _create_api_log_group(self, gw): return _logs.LogGroup(self, gw["gw_log_group_name"], log_group_name="/aws/apigateway/" + gw["gw_log_group_name"], retention=LOG_RETENTION_PERIOD, removal_policy=core.RemovalPolicy.DESTROY)
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) #import s3 test_s3 = aws_s3.Bucket.from_bucket_attributes( self, "tests3", bucket_name="manuja-test1" ) #lambda test_func01 = aws_lambda.Function( self, "testlambda", function_name="lambdaFromS3", runtime=aws_lambda.Runtime.PYTHON_3_6, handler="function.lambda_handler", code=aws_lambda.S3Code( bucket=test_s3, key="lambda/function.zip" ), timeout=core.Duration.seconds(5), reserved_concurrent_executions=1 ) #attached cloudwatch log group log_group01 = aws_logs.LogGroup( self, "cloudwatchlog01", log_group_name=f"/aws/lambda/{test_func01.function_name}", retention=aws_logs.RetentionDays.ONE_DAY, removal_policy=core.RemovalPolicy.DESTROY )
def get_fargate_container( scope: core.Construct, construct_id: str, task: aws_ecs.TaskDefinition, mem_limit: str, environment: Optional[Mapping] = None) -> aws_ecs.ContainerDefinition: container_log_group = aws_logs.LogGroup( scope, f"{construct_id}-container-log-group", log_group_name=f"/aws/ecs/{construct_id}", retention=DEFAULT_LOG_RETENTION, removal_policy=core.RemovalPolicy.DESTROY, ) return task.add_container( f"{construct_id}-task-container", image=aws_ecs.ContainerImage.from_asset( # pylint: disable=no-value-for-parameter directory=f"lib/stacks/{construct_id}/docker".replace("-", "_")), memory_limit_mib=int(mem_limit), working_directory="/tmp", logging=aws_ecs.LogDrivers.aws_logs( # pylint: disable=no-value-for-parameter log_group=container_log_group, stream_prefix=construct_id, ), environment=environment, )
def __init__(self, app: App, id: str) -> None: super().__init__(app, id) # CloudWatch Logs Group log_group = logs.LogGroup( self, "logs", retention=logs.RetentionDays.ONE_DAY, removal_policy = RemovalPolicy.DESTROY ) # Custom EventBridge Bus custom_bus = events.EventBus( self, "bus", event_bus_name="test-bus-cdk" ) # EventBridge Rule rule = events.Rule( self, "rule", event_bus=custom_bus ) rule.add_event_pattern( source=["my-cdk-application"], detail_type=["message"] ) rule.add_target(targets.CloudWatchLogGroup(log_group)) CfnOutput( self, "LogGroupName", description="Name of CloudWatch Log Group", value=log_group.log_group_name )
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) #import function code try: with open("serverless_stack/functions/function.py", mode="r") as file: function_body = file.read() except OSError: print('File can not read') function_01 = aws_lambda.Function( self, "lambdafunction01", function_name="LambdaTestCDK", runtime=aws_lambda.Runtime.PYTHON_3_6, handler="index.lambda_handler", code=aws_lambda.InlineCode(function_body), timeout=core.Duration.seconds(5), reserved_concurrent_executions=1, environment={'LOG_LEVEL': 'INFO'}) #attached cloudwatch log group log_group01 = aws_logs.LogGroup( self, "cloudwatchlog01", log_group_name=f"/aws/lambda/{function_01.function_name}", removal_policy=core.RemovalPolicy.DESTROY)
def __init__(self, scope: cdk.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) # Lambda function hello_function = lambda_.Function( self, "hello-function", code=lambda_.Code.from_asset("src/hello/"), handler="main.handler", runtime=lambda_.Runtime.PYTHON_3_8, tracing=lambda_.Tracing.ACTIVE) logs.LogGroup( self, "hello-logs", log_group_name=f"/aws/lambda/{hello_function.function_name}", retention=logs.RetentionDays.ONE_WEEK) # API Gateway api_logs = logs.LogGroup(self, "hello-api-logs", retention=logs.RetentionDays.ONE_WEEK) api = apigw.RestApi( self, "hello-api", deploy_options=apigw.StageOptions( access_log_destination=apigw.LogGroupLogDestination(api_logs), access_log_format=apigw.AccessLogFormat. json_with_standard_fields(caller=True, http_method=True, ip=True, protocol=True, request_time=True, resource_path=True, response_length=True, status=True, user=True), throttling_burst_limit=1000, throttling_rate_limit=10, tracing_enabled=True)) hello_integration = apigw.LambdaIntegration(hello_function, proxy=True) api.root.add_method("GET", hello_integration)
def __init__(self, scope: core.Construct, id: str, *, app_env: str, **kwargs): super().__init__(scope, id, kwargs) params = { 'log_group_name': f'open-{app_env}-ecs-log-group', 'retention': logs.RetentionDays.ONE_MONTH, } self._logs = logs.LogGroup(self, 'open-log-group', **params)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Add your stack resources below): # Create an S3 Bucket for storing our web store assets kk_store = _s3.Bucket(self, "kkStore", versioned=True) # DynamoDB Table kk_store_assets_table = _dynamodb.Table( self, "kkStoreAssetsDDBTable", table_name="kk_store_assets_tables", partition_key=_dynamodb.Attribute( name="_id", type=_dynamodb.AttributeType.STRING), removal_policy=core.RemovalPolicy.DESTROY) # Read Lambda Code try: with open("advanced_use_cases/lambda_src/s3_event_processor.py", mode="r") as f: kk_store_processor_fn_code = f.read() except OSError: print("Unable to read Lambda Function Code") # Deploy the lambda function kk_store_processor_fn = _lambda.Function( self, "kkStoreProcessorFn", function_name="kk_store_processor_fn", description="Process store events and update DDB", runtime=_lambda.Runtime.PYTHON_3_7, handler="index.lambda_handler", code=_lambda.InlineCode(kk_store_processor_fn_code), timeout=core.Duration.seconds(3), reserved_concurrent_executions=1, environment={ "LOG_LEVEL": "INFO", "DDB_TABLE_NAME": f"{kk_store_assets_table.table_name}" }) # Add DynamoDB Write Privileges To Lambda kk_store_assets_table.grant_read_write_data(kk_store_processor_fn) # Create Custom Loggroup kk_store_lg = _logs.LogGroup( self, "kkStoreLogGroup", log_group_name=f"/aws/lambda/{kk_store_processor_fn.function_name}", removal_policy=core.RemovalPolicy.DESTROY, retention=_logs.RetentionDays.ONE_DAY) # Create s3 notification for lambda function kk_store_backend = _s3_notifications.LambdaDestination( kk_store_processor_fn) # Assign notification for the s3 event type (ex: OBJECT_CREATED) kk_store.add_event_notification(_s3.EventType.OBJECT_CREATED, kk_store_backend)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id) # Read Lambda Code:) try: with open( "waf_stacks/custom_resources/waf_rate_rule_creator/lambda_src/index.py", encoding="utf-8", mode="r") as f: waf_rate_rule_creator_fn_code = f.read() except OSError: print("Unable to read Lambda Function Code") raise # Create IAM Permission Statements that are required by the Lambda role_stmt1 = _iam.PolicyStatement( effect=_iam.Effect.ALLOW, resources=["*"], actions=["wafv2:GetWebACL", "wafv2:UpdateWebACL"]) role_stmt1.sid = "AllowLambdaToCreateWafRules" waf_rate_rule_creator_fn = _lambda.SingletonFunction( self, "waFRateRuleCreatorSingleton", uuid="mystique30-4ee1-11e8-9c2d-fa7ae01bbebc", code=_lambda.InlineCode(waf_rate_rule_creator_fn_code), handler="index.lambda_handler", timeout=core.Duration.seconds(10), runtime=_lambda.Runtime.PYTHON_3_7, reserved_concurrent_executions=1, environment={ "LOG_LEVEL": "INFO", "APP_ENV": "Production" }, description="Creates a rate based WAF rule") waf_rate_rule_creator_fn.add_to_role_policy(role_stmt1) # Create Custom Log group waf_rate_rule_creator_fn_lg = _logs.LogGroup( self, "wafRateRuleCreatorLogGroup", log_group_name= f"/aws/lambda/{waf_rate_rule_creator_fn.function_name}", retention=_logs.RetentionDays.ONE_WEEK, removal_policy=core.RemovalPolicy.DESTROY) waf_rate_rule_creator = cfn.CustomResource( self, "wafRateRuleCreatorCustomResource", provider=cfn.CustomResourceProvider.lambda_( waf_rate_rule_creator_fn), properties=kwargs, ) self.response = waf_rate_rule_creator.get_att( "rule_add_status").to_string()
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) api_log_group = cwlogs.LogGroup(self, "HelloWorldAPILogs") # Create the api gateway for this lambda set self.target_api = apigw.RestApi( self, 'HelloWorldAPI', rest_api_name='HelloWorld', endpoint_types=[apigw.EndpointType.REGIONAL], deploy_options={ "access_log_destination": apigw.LogGroupLogDestination(api_log_group), "access_log_format": apigw.AccessLogFormat.clf(), "method_options": { "/*/*": { # This special path applies to all resource paths and all HTTP methods "throttling_rate_limit": 100, "throttling_burst_limit": 200 } } }) hello_world = py_lambda.PythonFunction( self, "HelloWorld", entry='thewafapigateway/lambda_fns', index='helloworld.py', handler='lambda_handler', description='Helloworld', timeout=core.Duration.seconds(60)) entity = self.target_api.root.add_resource('helloworld') this_lambda_integration = apigw.LambdaIntegration( hello_world, proxy=False, integration_responses=[{ 'statusCode': '200', 'responseParameters': { 'method.response.header.Access-Control-Allow-Origin': "'*'", } }]) method = entity.add_method( 'GET', this_lambda_integration, method_responses=[{ 'statusCode': '200', 'responseParameters': { 'method.response.header.Access-Control-Allow-Origin': True, } }]) self.resource_arn = f"arn:aws:apigateway:ap-southeast-2::/restapis/{self.target_api.rest_api_id}/stages/{self.target_api.deployment_stage.stage_name}"
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) api_log_group = cw_logs.LogGroup(self, "HelloWorldAPILogs") # Create the api gateway for this lambda set self.target_api = api_gw.RestApi( self, 'HelloWorldAPI', rest_api_name='HelloWorld', endpoint_types=[api_gw.EndpointType.REGIONAL], deploy_options=api_gw.StageOptions( access_log_destination=api_gw.LogGroupLogDestination( api_log_group), access_log_format=api_gw.AccessLogFormat.clf(), method_options={ # This special path applies to all resource paths and all HTTP methods "/*/*": api_gw.MethodDeploymentOptions(throttling_rate_limit=100, throttling_burst_limit=200) })) hello_world = _lambda.Function( self, "HelloWorld", runtime=_lambda.Runtime.PYTHON_3_8, handler='helloworld.lambda_handler', code=_lambda.Code.from_asset("lambda_fns"), timeout=core.Duration.seconds(60)) entity = self.target_api.root.add_resource('helloworld') this_lambda_integration = api_gw.LambdaIntegration( hello_world, proxy=False, integration_responses=[ api_gw.IntegrationResponse( status_code='200', response_parameters={ 'method.response.header.Access-Control-Allow-Origin': "'*'" }) ]) entity.add_method( 'GET', this_lambda_integration, method_responses=[ api_gw.MethodResponse( status_code='200', response_parameters={ 'method.response.header.Access-Control-Allow-Origin': True }) ]) self.resource_arn = f"arn:aws:apigateway:{core.Stack.of(self).region}::/restapis/{self.target_api.rest_api_id}/stages/{self.target_api.deployment_stage.stage_name}"
def __init__(self, scope: core.Construct, id: str, common_stack: CommonStack, **kwargs) -> None: super().__init__(scope, id, **kwargs) self._supported_in_region = self.is_service_supported_in_region() logs.LogGroup(self, "android-integ-test-log-group", log_group_name="com/amazonaws/tests") common_stack.add_to_common_role_policies(self)
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) queue = _sqs.Queue(self, "MyQueue", visibility_timeout=Duration.seconds(300)) # Create the AWS Lambda function to subscribe to Amazon SQS queue # The source code is in './lambda' directory lambda_function = _lambda.Function( self, "MyLambdaFunction", runtime=_lambda.Runtime.PYTHON_3_9, handler="get_messages.handler", code=_lambda.Code.from_asset("lambda"), ) # Set Lambda Logs Retention and Removal Policy logs.LogGroup( self, 'logs', log_group_name=f"/aws/lambda/{lambda_function.function_name}", removal_policy=RemovalPolicy.DESTROY, retention=logs.RetentionDays.ONE_DAY) #Grant permission to AWS Lambda function to consume messages from the Amazon SQS queue queue.grant_consume_messages(lambda_function) #Configure the Amazon SQS queue to trigger the AWS Lambda function lambda_function.add_event_source(_event.SqsEventSource(queue)) CfnOutput(self, "FunctionName", value=lambda_function.function_name, export_name='FunctionName', description='Function name') CfnOutput(self, "QueueName", value=queue.queue_name, export_name='QueueName', description='SQS queue name') CfnOutput(self, "QueueArn", value=queue.queue_arn, export_name='QueueArn', description='SQS queue ARN') CfnOutput(self, "QueueUrl", value=queue.queue_url, export_name='QueueUrl', description='SQS queue URL')
def __init__(self, scope: core.Construct, id: builtins.str, action_name: str, resources: FsiSharedResources, function: lambda_.Function) -> None: super().__init__(scope, id) self.__resources = resources state_machine_name = id # Define the state machine definition... invoke_function = sft.LambdaInvoke( self, 'InvokeFunction', lambda_function=function, invocation_type=sft.LambdaInvocationType.REQUEST_RESPONSE, input_path='$.Payload', result_path='$.Result') choice = sf.Choice(self, 'IsComplete', comment='Check if theres more to process') choice.when( sf.Condition.string_equals('$.Result.Payload.Result.RunState', 'RunStatus.MORE_AVAILABLE'), invoke_function) choice.when( sf.Condition.string_equals('$.Result.Payload.Result.RunState', 'RunStatus.COMPLETE'), sf.Pass(self, 'Finalize', comment='Workflow Complete')) choice.otherwise( sf.Fail(self, 'NotImplemented', cause='Unknown Choice', error='NotImplementedException')) definition = invoke_function.next(choice) # Register the definition as StateMachine... zone_name = self.resources.landing_zone.zone_name self.state_machine = sf.StateMachine( self, 'StateMachine', state_machine_name=state_machine_name, state_machine_type=sf.StateMachineType.STANDARD, timeout=core.Duration.hours(2), logs=sf.LogOptions(destination=logs.LogGroup( self, 'LogGroup', removal_policy=core.RemovalPolicy.DESTROY, retention=RetentionDays.TWO_WEEKS, log_group_name='/homenet/fsi-{}/states/{}/{}'.format( zone_name, self.component_name, action_name).lower())), tracing_enabled=True, definition=definition)
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) phoneNumber = CfnParameter(self, "phoneNumber", type="String", description="Recipient phone number") tenDLC = CfnParameter(self, "tenDLC", type="String", description="10DLC origination number") # We create a log group so it will be gracefully cleaned up on a destroy event. By default # logs never expire and won't be removed. lambdaLogGroup = logs.LogGroup( self, 'SMSPublisherFunctionLogGroup', log_group_name='/aws/lambda/SMSPublisherFunction', removal_policy=RemovalPolicy.DESTROY, retention=logs.RetentionDays.FIVE_DAYS, ) SMSPublisherFunction = aws_lambda.Function( self, 'SMSPublisherFunction', code=aws_lambda.Code.from_asset('src'), function_name='SMSPublisherFunction', handler='app.handler', runtime=aws_lambda.Runtime.NODEJS_12_X, timeout=Duration.seconds(3), memory_size=128, environment={ 'phoneNumber': phoneNumber.value_as_string, 'tenDLC': tenDLC.value_as_string }, initial_policy=[ iam.PolicyStatement(actions=['sns:Publish'], effect=iam.Effect.DENY, resources=['arn:aws:sns:*:*:*']), iam.PolicyStatement(actions=['sns:Publish'], effect=iam.Effect.ALLOW, resources=['*']) ], ) # Make sure the log group is created prior to the function so CDK doesn't create a new one SMSPublisherFunction.node.add_dependency(lambdaLogGroup) CfnOutput(self, 'SMSPublisherFunctionName', description='SMSPublisherFunction function name', value=SMSPublisherFunction.function_name)
def __init__(self, scope: cdk.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) queue = sqs.Queue(self, "Queue", queue_name = "Events_DLQ") fn = lambda_.Function(self, "ETL_job_func", runtime=lambda_.Runtime.PYTHON_3_8, handler="lambda_function.handler", code=lambda_.Code.asset('lambda'), dead_letter_queue=queue ) fn_dlq_process = lambda_.Function(self, "DLQ_Process_func", runtime=lambda_.Runtime.PYTHON_3_8, handler="lambda_function.handler", code=lambda_.Code.asset('lambda_dlq') ) rule = events.Rule( self, "Rule", schedule=events.Schedule.cron( minute='0', hour='11') ) rule.add_target(targets.LambdaFunction(fn, dead_letter_queue=queue, # Optional: add a dead letter queue max_event_age=cdk.Duration.hours(2), # Otional: set the maxEventAge retry policy retry_attempts=2 )) rule_dlq = events.Rule( self, "Rule_DLQ", schedule=events.Schedule.cron( minute='0', hour='12') ) rule_dlq.add_target(targets.LambdaFunction(fn_dlq_process)) log_group = logs.LogGroup(self, "EventsLogGroup", log_group_name="EventsLogGroup" ) rule.add_target(targets.CloudWatchLogGroup(log_group))
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) #import function code try: with open("serverless_stack/functions/function.py", mode="r") as file: function_body = file.read() except OSError: print('File can not read') function_01 = aws_lambda.Function( self, "lambdafunction01", function_name="LambdaTestCDK", runtime=aws_lambda.Runtime.PYTHON_3_6, handler="index.lambda_handler", code=aws_lambda.InlineCode(function_body), timeout=core.Duration.seconds(5), reserved_concurrent_executions=1, environment={'LOG_LEVEL': 'INFO'}) #attached cloudwatch log group log_group01 = aws_logs.LogGroup( self, "cloudwatchlog01", log_group_name=f"/aws/lambda/{function_01.function_name}", removal_policy=core.RemovalPolicy.DESTROY) #cloudwatch event trigger on 6am cron_01 = aws_events.Rule(self, "cron01", schedule=aws_events.Schedule.cron( minute="0", hour="6", month="*", week_day="MON-FRI", year="*")) #cloudwatch event trigger every 5min cron_02 = aws_events.Rule(self, "cron02", schedule=aws_events.Schedule.rate( core.Duration.minutes(5))) #add triggers to lambda cron_01.add_target(aws_events_targets.LambdaFunction(function_01)) cron_02.add_target(aws_events_targets.LambdaFunction(function_01))
def __init__(self, scope: core.App, id: str, props, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Setup CloudTrail to stream logs to CloudWatch logs log_group=aws_logs.LogGroup(self, "CloudTrailLogs", log_group_name="CloudTrailLogs", retention=aws_logs.RetentionDays.TWO_WEEKS) aws_cloudtrail.Trail(self, "OpsTrail", cloud_watch_log_group=log_group, cloud_watch_logs_retention=aws_logs.RetentionDays.TWO_WEEKS, send_to_cloud_watch_logs=True, trail_name="OpsTrail") self.config_source_bucket = aws_s3.Bucket(self, "AmplifyConfigBucket", bucket_name=f"amplify-ci-assets-{self.account}", removal_policy=core.RemovalPolicy.DESTROY)
def create_log_group_and_stream(self) -> aws_logs.LogGroup: log_group = aws_logs.LogGroup( self, "integ_test_firehose_delivery_log_group", log_group_name=FirehoseStack.LOG_GROUP_NAME, removal_policy=core.RemovalPolicy.DESTROY, retention=aws_logs.RetentionDays.FIVE_DAYS, ) aws_logs.LogStream( self, "integ_test_firehose_delivery_log_stream", log_group=log_group, log_stream_name=FirehoseStack.LOG_STREAM_NAME, removal_policy=core.RemovalPolicy.DESTROY, ) return log_group
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Create Serverless Event Processor using Lambda): # Read Lambda Code try: with open("serverless_stacks/lambda_src/konstone_hello_world.py", mode="r") as f: konstone_fn_code = f.read() except OSError: print("Unable to read Lambda Function Code") konstone_fn = _lambda.Function( self, "konstoneFunction", function_name="konstone_function", runtime=_lambda.Runtime.PYTHON_3_7, handler="index.lambda_handler", code=_lambda.InlineCode(konstone_fn_code), timeout=core.Duration.seconds(3), reserved_concurrent_executions=1, environment={ "LOG_LEVEL": "INFO", "Environment": "Production" }) # Create Custom Loggroup # /aws/lambda/function-name konstone_lg = _logs.LogGroup( self, "konstoneLoggroup", log_group_name=f"/aws/lambda/{konstone_fn.function_name}", retention=_logs.RetentionDays.ONE_WEEK, removal_policy=core.RemovalPolicy.DESTROY) # Add API GW front end for the Lambda konstone_fn_integration = _apigw.LambdaRestApi(self, "konstoneApiEndpoint", handler=konstone_fn) output_1 = core.CfnOutput( self, "ApiUrl", value=f"{konstone_fn_integration.url}", description="Use a browser to access this url")
def __init__(self, app: App, id: str) -> None: super().__init__(app, id) # Lambda Function with open("lambda-handler.py", encoding="utf8") as fp: handler_code = fp.read() lambdaFn = _lambda.Function( self, "IoTTriggerLambda", code=_lambda.InlineCode(handler_code), handler="index.main", timeout=Duration.seconds(10), runtime=_lambda.Runtime.PYTHON_3_9, ) # Set Lambda Logs Retention and Removal Policy logs.LogGroup(self, 'logs', log_group_name=f"/aws/lambda/{lambdaFn.function_name}", removal_policy=RemovalPolicy.DESTROY, retention=logs.RetentionDays.ONE_DAY) # IoT Thing iot_thing = iot.CfnThing(self, "IoTThing", thing_name="MyIotThing") # IoT Rule with SQL, which invokes a Lambda Function iot_topic_rule_sql = 'SELECT * FROM "$aws/things/MyIotThing/*"' iot_topic_rule = iot.CfnTopicRule( self, "IoTRule", topic_rule_payload=iot.CfnTopicRule.TopicRulePayloadProperty( sql=iot_topic_rule_sql, actions=[ iot.CfnTopicRule.ActionProperty( lambda_=iot.CfnTopicRule.LambdaActionProperty( function_arn=lambdaFn.function_arn)) ])) # Lambda Resource Policy allows invocation from IoT Rule lambdaFn.add_permission( "GrantIoTRule", principal=iam.ServicePrincipal("iot.amazonaws.com"), source_arn=iot_topic_rule.attr_arn)
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) #import function code try: with open("serverless_stack/functions/function-helloworld.py", mode="r") as file: function_body = file.read() except OSError: print('File can not read') #lambda function_01 = aws_lambda.Function( self, "lambdafunction01", function_name="LambdaTestAPIGW", runtime=aws_lambda.Runtime.PYTHON_3_6, handler="index.lambda_handler", code=aws_lambda.InlineCode(function_body), timeout=core.Duration.seconds(5), reserved_concurrent_executions=1, environment={ 'LOG_LEVEL': 'INFO', 'Enviroment': 'Production' }) #attached cloudwatch log group log_group01 = aws_logs.LogGroup( self, "cloudwatchlog01", log_group_name=f"/aws/lambda/{function_01.function_name}", retention=aws_logs.RetentionDays.ONE_DAY, removal_policy=core.RemovalPolicy.DESTROY) #add API-GW api_gateway_function = aws_apigateway.LambdaRestApi( self, "apigateway01", handler=function_01) #output apigw_output = core.CfnOutput(self, "apigwOutput", value=f"{api_gateway_function.url}", description="web url for apigw")
def __init__(self, scope: core.Stack, id: str, vpc, cluster, **kwargs) -> None: super().__init__(scope, id, **kwargs) self.vpc = vpc self.cluster = cluster # Building a custom image for jenkins leader. self.container_image = ecr.DockerImageAsset( self, "JenkinsWorkerDockerImage", directory='./docker/worker/') # Security group to connect workers to leader self.worker_security_group = ec2.SecurityGroup( self, "WorkerSecurityGroup", vpc=self.vpc, description="Jenkins Worker access to Jenkins leader", ) # IAM execution role for the workers to pull from ECR and push to CloudWatch logs self.worker_execution_role = iam.Role( self, "WorkerExecutionRole", assumed_by=iam.ServicePrincipal('ecs-tasks.amazonaws.com'), ) self.worker_execution_role.add_managed_policy( iam.ManagedPolicy.from_aws_managed_policy_name( 'service-role/AmazonECSTaskExecutionRolePolicy')) # Task role for worker containers - add to this role for any aws resources that jenkins requires access to self.worker_task_role = iam.Role( self, "WorkerTaskRole", assumed_by=iam.ServicePrincipal('ecs-tasks.amazonaws.com'), ) # Create log group for workers to log self.worker_logs_group = logs.LogGroup( self, "WorkerLogGroup", retention=logs.RetentionDays.ONE_DAY) # Create log stream for worker log group self.worker_log_stream = logs.LogStream( self, "WorkerLogStream", log_group=self.worker_logs_group)
def create_ecs(self, vpc, sg_dictionary, repository): # Cluster cluster = _ecs.Cluster( self, 'Cluster', cluster_name='DEMO-CLUSTER', vpc=vpc ) # Role(task execution) execution_role = _iam.Role( self, 'ExecutionRole', role_name='DEMO-TASK-EXECUTION-ROLE', assumed_by=_iam.ServicePrincipal('ecs-tasks.amazonaws.com') ) execution_role.add_managed_policy(_iam.ManagedPolicy.from_aws_managed_policy_name('service-role/AmazonECSTaskExecutionRolePolicy')) # TaskDefinition task_def = _ecs.TaskDefinition( self, 'TaskDefinition', compatibility=_ecs.Compatibility.FARGATE, cpu='2048', memory_mib='8192', network_mode=_ecs.NetworkMode.AWS_VPC, execution_role=execution_role, family='DEMO-TASK', task_role=execution_role, ) # Container container = task_def.add_container( id='DEMO-CONTAINER', image=_ecs.ContainerImage.from_ecr_repository(repository), logging=_ecs.LogDriver.aws_logs( stream_prefix='ecs', log_group=_logs.LogGroup( self, 'LogGroup', log_group_name='/ecs/'+'DEMO-TASK', retention=_logs.RetentionDays.INFINITE, ) ) ) container.add_port_mappings(_ecs.PortMapping(container_port=8080))