def traverse_dir_recur(root, assets):
for root, dirs, files in os.walk(root):
for filename in files:
location = os.path.join(root, filename)
print(location)
asset = pulumi.FileAsset(path=location)
assets[filename] = asset
for dirname in dirs:
asset = pulumi.FileArchive(os.path.join(root, dirname))
asset[dirname] = asset
def create_lambda(depends_on_resource):
# Create Lambda IAM lambda_role
lambda_role = aws.iam.Role('lambdaRole',
assume_role_policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {"Service": "lambda.amazonaws.com"},
"Effect": "Allow",
"Sid": ""
}
]
}""")
lambda_layer = aws.lambda_.LayerVersion(
"lambdaLayer",
compatible_runtimes=["python3.8"],
code=pulumi.FileArchive("lambda_layer"),
layer_name="lambda_layer_name")
func = aws.lambda_.Function(
resource_name='ServerlessFunction',
role=lambda_role.arn,
runtime="python3.8",
handler="lambda_code.lambda_handler",
environment={
"variables": {
"M3DB_URI": depends_on_resource.service_uri
}
},
code=pulumi.AssetArchive({'.': pulumi.FileArchive('lambda_func')}),
opts=pulumi.ResourceOptions(depends_on=[depends_on_resource]),
layers=[lambda_layer.arn],
)
pulumi.export('lambda_name', func.name)
return func
def _deserialize_archive(prop: Dict[str, Any]) -> pulumi.Archive:
if "assets" in prop:
assets: Dict[str, Union[pulumi.Asset, pulumi.Archive]] = {}
for key in prop["assets"]:
a = _deserialize_property(prop["assets"][key])
if not isinstance(a, pulumi.Asset) and not isinstance(
a, pulumi.Archive):
raise AssertionError(
"Expected an AssetArchive's assets to be unmarshaled Asset or Archive objects"
)
assets[key] = a
return pulumi.AssetArchive(assets)
if "path" in prop:
return pulumi.FileArchive(prop["path"])
if "uri" in prop:
return pulumi.RemoteArchive(prop["uri"])
raise AssertionError(
"Invalid archive encountered when unmarshaling resource property")
def main():
hello_world_lambda = lambda_.Function(
"hello_world",
runtime="python3.7",
role=iam.lambda_role.arn,
description="pulumi lambda hello world",
handler="main.handler",
code=pulumi.AssetArchive({".": pulumi.FileArchive("./lambda")}),
)
hello_world_api = apigw.APIGateway("hello_world", hello_world_lambda)
hello_world_api = hello_world_api.build()
lambda_.Permission(
"hello_world",
function=hello_world_lambda.name,
action="lambda:InvokeFunction",
principal="apigateway.amazonaws.com",
source_arn=hello_world_api.execution_arn.apply(lambda s: f"{s}/*/*"),
)
def __init__(self,
name: str,
args: FuncArgs,
opts: ResourceOptions = None):
super().__init__('custom:resource:CloudFunction', name, {}, opts)
bucket_name = f'{name}-bucket'
self.bucket = storage.Bucket(bucket_name,
labels=args.tags,
opts=ResourceOptions(parent=self))
bucket_object_name = f'{name}-bucketobject'
self.bucket_object = storage.BucketObject(
bucket_object_name,
bucket=self.bucket.name,
source=pulumi.FileArchive("./pythonfunction"),
metadata=args.tags,
opts=ResourceOptions(parent=self.bucket))
function_name = f'{name}-cloudfunction'
self.function = cloudfunctions.Function(
function_name,
description="Serverless Function in GCP via Pulumi",
runtime=args.runtime,
available_memory_mb=args.available_memory_mb,
source_archive_bucket=self.bucket.name,
source_archive_object=self.bucket_object.name,
trigger_http=args.trigger_http,
entry_point=args.entry_point,
#labels = args.tags,
opts=ResourceOptions(parent=self))
iam_member_name = f'{name}-functioniammember'
self.invoker = cloudfunctions.FunctionIamMember(
iam_member_name,
cloud_function=self.function.name,
role=args.role,
member=args.member,
opts=ResourceOptions(parent=self.function))
self.register_outputs({})
# Copyright 2016-2018, Pulumi Corporation. All rights reserved.
import iam
import pulumi
from pulumi_aws import lambda_, sfn
hello_world_fn = lambda_.Function(
'helloWorldFunction',
role=iam.lambda_role.arn,
runtime="python2.7",
handler="hello_step.hello",
code=pulumi.AssetArchive({'.': pulumi.FileArchive('./step_hello')}))
state_defn = state_machine = sfn.StateMachine(
'stateMachine',
role_arn=iam.sfn_role.arn,
definition=hello_world_fn.arn.apply(lambda arn: """{
"Comment": "A Hello World example of the Amazon States Language using an AWS Lambda Function",
"StartAt": "HelloWorld",
"States": {
"HelloWorld": {
"Type": "Task",
"Resource": "%s",
"End": true
}
}
}""" % arn))
pulumi.export('state_machine_arn', state_machine.id)
import pulumi
import pulumi_aws as aws
iam_for_lambda = aws.iam.Role("iamForLambda")
test_lambda = aws.lambda_.Function(
"testLambda",
code=pulumi.FileArchive("lambda_function_payload.zip"),
role=iam_for_lambda.arn,
handler="index.test",
runtime="nodejs12.x",
environment=aws.lambda_.FunctionEnvironmentArgs(variables={
"foo": "bar",
}, ))
import pulumi
import pulumi_aws as aws
from infrastructure.dynamodb.table import books_dynamodb_table
from infrastructure.lambda_crud.role import role
config = pulumi.Config()
lambda_name = config.get('lambda_name')
lambda_crud = aws.lambda_.Function(
lambda_name,
runtime="python3.8",
memory_size=256,
timeout=5,
handler="lambda.handler",
code=pulumi.FileArchive("application/lambda_crud"),
environment={
"variables": {
"TABLE": books_dynamodb_table.name,
},
},
role=role.arn,
opts=pulumi.ResourceOptions(depends_on=[role]),
)
}),
)
# Read the config of whether to provision fixed concurrency for Lambda
config = pulumi.Config()
provisioned_concurrent_executions = config.get_float('provisionedConcurrency')
# Create a Lambda function, using code from the `./app` folder.
lambda_func = aws.lambda_.Function(
"mylambda",
opts=pulumi.ResourceOptions(depends_on=[policy]),
runtime="dotnetcore3.1",
code=pulumi.AssetArchive({
".":
pulumi.FileArchive(dotnet_application_publish_folder),
}),
timeout=300,
handler=dotnet_application_entry_point,
role=role.arn,
publish=bool(provisioned_concurrent_executions),
# Versioning required for provisioned concurrency
environment={
"variables": {
"COUNTER_TABLE": counter_table.name,
},
},
)
if provisioned_concurrent_executions:
concurrency = aws.lambda_.ProvisionedConcurrencyConfig(
"apigw",
statement_id="AllowAPIGatewayInvoke",
action="lambda:InvokeFunction",
function=scan_fn,
principal="apigateway.amazonaws.com",
source_arn=scan_dep.execution_arn.apply(lambda x: f"{x}/*/*")
)
# Lambda function for S3 trigger
lambda_rekognition = lambda_.Function(
resource_name='ImagesRekognition',
role=iam.lambda_role.arn,
runtime="python3.7",
handler="lambda_rekognition.lambda_handler",
code=pulumi.AssetArchive({
'.': pulumi.FileArchive('./lambda_rekognition')
}),
environment={"variables": {"DYNAMODB_TABLE": db.id}}
)
# Give bucket permission to invoke Lambda
lambda_event = lambda_.Permission(
resource_name="lambda_img_event",
action="lambda:InvokeFunction",
principal="s3.amazonaws.com",
source_arn=web_bucket.arn,
function=lambda_rekognition.arn
)
# Bucket notification that triggers Lambda on Put operation - For JPG
bucket_notification = s3.BucketNotification(
"ReplicationLambdaAllowDynamoPolicy",
role=lambdaRole.name,
policy=getAllowDynamoStreamPolicyDocument(
dynamoTable.stream_arn).apply(lambda d: json.dumps(d)))
lambdaRoleAllowFirehosePutPolicy = iam.RolePolicy(
"ReplicationLambdaAllowFirehosePolicy",
role=lambdaRole.name,
policy=getAllowFirehosePutPolicyDocument(
deliveryStream.arn).apply(lambda d: json.dumps(d)))
dynamoTriggerFunction = lambda_.Function(
'ReplicationLambdaFunction',
role=lambdaRole.arn,
runtime='python3.7',
handler='dynamoTriggerLambda.handler',
code=pulumi.FileArchive("./dynamoTriggerLambda"),
environment={"Variables": {
"DELIVERY_STREAM_NAME": deliveryStream.name
}})
dynamoTrigger = lambda_.EventSourceMapping(
"ReplicationDynamoTriggerMapping",
event_source_arn=dynamoTable.stream_arn,
function_name=dynamoTriggerFunction.arn,
starting_position='LATEST')
pulumi.export('table_name', dynamoTable.name)
pulumi.export('bucket_name', bucket.id)
pulumi.export('delivery_stream_name', deliveryStream.name)
region = aws.config.region
custom_stage_name = 'example'
##################
## Lambda Function
##################
# Create a Lambda function, using code from the `./app` folder.
lambda_func = aws.lambda_.Function(
"mylambda",
role=iam.lambda_role.arn,
runtime="python3.7",
handler="hello.handler",
code=pulumi.AssetArchive({'.': pulumi.FileArchive('./hello_lambda')}))
####################################################################
##
## API Gateway REST API (API Gateway V1 / original)
## /{proxy+} - passes all requests through to the lambda function
##
####################################################################
# Create a single Swagger spec route handler for a Lambda function.
def swagger_route_handler(arn):
return ({
"x-amazon-apigateway-any-method": {
"x-amazon-apigateway-integration": {
"uri":
"""An AWS Python Pulumi program"""
import pulumi
import pulumi_aws as aws
instance_assume_role_policy = aws.iam.get_policy_document(statements=[
aws.iam.GetPolicyDocumentStatementArgs(
actions=["sts:AssumeRole"],
principals=[
aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="Service",
identifiers=["lambda.amazonaws.com"],
),
aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="Service",
identifiers=["logs.eu-central-1.amazonaws.com"],
)
],
)
])
lambda_role = aws.iam.Role("lambda_role",
path="/system/",
assume_role_policy=instance_assume_role_policy.json)
lambda_function = aws.lambda_.Function("example_lambda_function",
code=pulumi.FileArchive('./handler'),
role=lambda_role.arn,
runtime='nodejs12.x',
handler='index.handler')
},
"Resource":
"arn:aws:sqs:%s:%s:ConnectOutboundCallData" % (
current_region.name,
caller_ident.account_id,
)
}]
}))
# Lambda
lambda_exec_connect = aws.lambda_.Function(
resource_name="exec_connect_contact_flow",
description="Lambda for execute Connect contact flow",
code=pulumi.AssetArchive(
{".": pulumi.FileArchive("./source/exec_contact_flow")}),
role=iam_role.arn,
runtime="python3.7",
handler="exec_contact_flow.lambda_handler",
tags=label("tags"),
environment={
"variables": {
"SOURCE_PHONE_NUMBER": appconfig["source_phone_number"],
"CONTACT_FLOW_ID": appconfig["contact_flow_id"],
"INSTANCE_ID": appconfig["instance_id"],
}
})
lambda_send_sqs = aws.lambda_.Function(
resource_name="send_message_to_sqs",
description="Lambda for send message to SQS queue",
def __init__(self,
name,
datalake_bucket: s3.Bucket = None,
datalake_raw_path: str = None,
fileproc_bucket: s3.Bucket = None,
managed_policy_arns: List[str] = None,
package_dir: str = None,
tags: Dict[str, str] = None,
opts: pulumi.ResourceOptions = None):
super().__init__('hca:GlueNotificationLambda', name, None, opts)
merged_tags = tags.copy() if tags else {}
merged_tags.update({'hca:dataclassification': 'pii'})
role = iam.Role(f"{name}-role",
path="/lambda/",
description=f"role for glue notification lambda",
assume_role_policy=json.dumps({
"Version":
"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}]
}),
force_detach_policies=True,
tags=merged_tags,
opts=pulumi.ResourceOptions(parent=self))
# attach managed policies
if managed_policy_arns:
for index, policy in enumerate(managed_policy_arns):
iam.RolePolicyAttachment(
f"{name}-attach-policy-{index}",
policy_arn=policy,
role=role,
opts=pulumi.ResourceOptions(parent=self))
fileprocpolicy = iam.RolePolicy(
f"{name}-inline-policy",
role=role,
policy=pulumi.Output.all(datalake_bucket.bucket,
fileproc_bucket.bucket).apply(
lambda b: inline_policy(b[0], b[1])),
opts=pulumi.ResourceOptions(parent=self))
self.function = lambda_.Function(
f"{name}-function",
runtime='python3.6',
description=
'copy files from fileproc bucket to datalake raw bucket and trigger glue jobs',
handler='glue_notification.main',
environment={
'variables': {
'S3_DATALAKE_BUCKET': datalake_bucket,
'S3_RAW_PATH': datalake_raw_path,
'PULUMI_STACK': pulumi.get_stack(),
'PULUMI_PROJECT': pulumi.get_project()
}
},
memory_size=256,
timeout=60,
code=pulumi.AssetArchive({
# use lambda-glue-notification created with build.py
'.': pulumi.FileArchive(package_dir),
}),
role=role.arn,
tags=merged_tags,
opts=pulumi.ResourceOptions(parent=self))
lambda_.Permission(f"{name}-permission",
action='lambda:InvokeFunction',
principal='s3.amazonaws.com',
function=self.function,
source_arn=fileproc_bucket.arn,
opts=pulumi.ResourceOptions(parent=self))
import pulumi
from pulumi_aws import lambda_, sfn
import iam
import json
find_instance = lambda_.Function(
"ce-find-instance",
role=iam.lambda_role.arn,
runtime="python3.7",
handler="find_instance.lambda_handler",
code=pulumi.AssetArchive({".": pulumi.FileArchive("./lambda")}),
)
get_instance_status = lambda_.Function(
"ce-get-instance-status",
role=iam.lambda_role.arn,
runtime="python3.7",
handler="get_instance_status.lambda_handler",
code=pulumi.AssetArchive({".": pulumi.FileArchive("./lambda")}),
)
create_image = lambda_.Function(
"ce-create-image",
role=iam.lambda_role.arn,
runtime="python3.7",
handler="create_image.lambda_handler",
code=pulumi.AssetArchive({".": pulumi.FileArchive("./lambda")}),
)
get_image_status = lambda_.Function(
"ce-get-image-status",
import pulumi
import pulumi_aws as aws
from iam import lambdaRole
config = pulumi.Config()
startQueryExecutionFunction = aws.lambda_.Function(
resource_name="start-query-execution",
code=pulumi.AssetArchive(
{".": pulumi.FileArchive("lambda/start_query_execution")}),
description="Starts the execution of an Amazon Athena query",
environment=aws.lambda_.FunctionEnvironmentArgs(
variables={"AWS_ACCOUNT_ID": config.require("awsAccountId")}),
handler="start_query_execution.handler",
name="start-query-execution",
role=lambdaRole.arn,
runtime="python3.8",
)
getQueryExecutionFunction = aws.lambda_.Function(
resource_name="get-query-execution",
code=pulumi.AssetArchive(
{".": pulumi.FileArchive("lambda/get_query_execution")}),
description=
"Gets information about the execution of an Amazon Athena query",
handler="get_query_execution.handler",
name="get-query-execution",
role=lambdaRole.arn,
runtime="python3.8",
)
#you can set the confid by pulumi confif set mykey myvalue
config = pulumi.Config(name=None)
config_values = {"epic_secret_key": config.get("epic_secret_key")}
bucket = None
assets = {}
function_dictionary = {
"hello_function": "handle_hello_function",
}
#traverse_dir_recur(PATH_TO_SOURCE_CODE,assets)
archive = pulumi.FileArchive(PATH_TO_SOURCE_CODE)
def enable_apis(services):
projects.Services(project=project_name,
services=services,
disable_on_destroy=False,
resource_name="enable_dataorc_api_resources")
def create_function_and_output_end_url(function_name, entry_point):
source_archive_object = storage.BucketObject(function_name,
name="main.py-%f" %
time.time(),
bucket=bucket.name,
source=archive)
"dynamodb:PutItem",
"dynamodb:UpdateItem"
],
"Effect": "Allow",
"Sid": "dynamoAccess",
"Resource": "*"
}]
}""")
# Create a Lambda function, using code from the `./app` folder.
lambda_func = aws.lambda_.Function(
"mention-processing-lambda",
role=iam.lambda_role.arn,
runtime="python3.7",
handler="mention_processing_lambda.webhook_handler",
code=pulumi.AssetArchive({'.': pulumi.FileArchive('.')}),
environment={
"variables": {
'SLACK_TOKEN':
slack_token,
'SLACK_VERIFICATION_CODE':
verification_token,
# TODO: is this "apply" necessary?
'SUBSCRIPTIONS_TABLE_NAME':
subscriptions_table.name.apply(lambda name: name),
}
})
#############################################
## APIGateway RestAPI
# Provide webhooks for slack to send events
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}]
}""")
# Create a Lambda function to validate request authorization
auth_lambda = aws.lambda_.Function(
"auth-lambda",
role=lambda_role.arn,
runtime=aws.lambda_.Runtime.PYTHON3D8,
code=pulumi.AssetArchive({
".": pulumi.FileArchive("./authorizer"),
}),
handler="handler.handler",
)
# Create a Lambda function to respond to HTTP requests
hello_handler = aws.lambda_.Function(
"hello-handler",
role=lambda_role.arn,
runtime=aws.lambda_.Runtime.PYTHON3D8,
code=pulumi.AssetArchive({
".": pulumi.FileArchive("./handler"),
}),
handler="handler.handler",
)
import pulumi
import pulumi_aws as aws
site_bucket = aws.s3.Bucket("siteBucket")
test_file_asset = aws.s3.BucketObject("testFileAsset",
bucket=site_bucket.id,
source=pulumi.FileAsset("file.txt"))
test_string_asset = aws.s3.BucketObject("testStringAsset",
bucket=site_bucket.id,
source=pulumi.StringAsset("<h1>File contents</h1>"))
test_remote_asset = aws.s3.BucketObject("testRemoteAsset",
bucket=site_bucket.id,
source=pulumi.remoteAsset("https://pulumi.test"))
test_file_archive = aws.s3.BucketObject("testFileArchive",
bucket=site_bucket.id,
source=pulumi.FileArchive("file.tar.gz"))
test_remote_archive = aws.s3.BucketObject("testRemoteArchive",
bucket=site_bucket.id,
source=pulumi.RemoteArchive("https://pulumi.test/foo.tar.gz"))
test_asset_archive = aws.s3.BucketObject("testAssetArchive",
bucket=site_bucket.id,
source=pulumi.AssetArchive({
"file.txt": pulumi.FileAsset("file.txt"),
"string.txt": pulumi.StringAsset("<h1>File contents</h1>"),
"remote.txt": pulumi.remoteAsset("https://pulumi.test"),
"file.tar": pulumi.FileArchive("file.tar.gz"),
"remote.tar": pulumi.RemoteArchive("https://pulumi.test/foo.tar.gz"),
".nestedDir": pulumi.AssetArchive({
"file.txt": pulumi.FileAsset("file.txt"),
"string.txt": pulumi.StringAsset("<h1>File contents</h1>"),
"remote.txt": pulumi.remoteAsset("https://pulumi.test"),
"Version": "2012-10-17",
"Statement": [{
"Action": ["logs:*", "cloudwatch:*"],
"Resource": "*",
"Effect": "Allow",
}, {
"Action": ["s3:*"],
"Resource": model_bucket.arn.apply(lambda b: f"{b}/*"),
"Effect": "Allow",
}],
}),
)
lambda_func = lambda_.Function("classifier-fn",
code=pulumi.AssetArchive({
".": pulumi.FileArchive("./app"),
}),
role=role.arn,
timeout=300,
memory_size=512,
runtime="python3.6",
handler="app.lambda_handler",
layers=["arn:aws:lambda:us-west-2:934676248949:layer:pytorchv1-py36:2"],
environment={
"variables": {
"MODEL_BUCKET": model_bucket.bucket,
"MODEL_KEY": model_object.key,
}
}
)
