def __init__(self, scope: Construct, id: str, settings, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self.id = id
# cdk deploy --parameters StageName=v1
stage = CfnParameter(
self, "StageName",
default="v1",
description="The name of the API Gateway Stage.",
type="String",
).value_as_string
table_name = f"{id}Table"
# Create a dynamodb table
table = self.create_dynamodb_table(table_name)
# Create function and role for OAuth
func_oauth_role = self.create_func_oauth_execution_role(f"{id}-OAuth", table_arn=table.table_arn)
func_oauth = self.create_lambda("OAuth", custom_role=func_oauth_role)
func_oauth.add_environment("SlackAppClientIdParameterKey", CLIENT_ID_PARAMETER_NAME)
func_oauth.add_environment("SlackAppClientSecretParameterKey", CLIENT_SECRET_PARAMETER_NAME)
func_oauth.add_environment("SlackAppOAuthDynamoDBTable", table_name)
func_oauth.add_environment("SlackChannelIds", ",".join(get_channel_ids(settings)))
func_oauth.add_environment("SlackTeamIds", ",".join(get_team_ids(settings)))
api = apigw_.LambdaRestApi(
self, f"{id}-API",
description=f"{id} API",
endpoint_configuration=apigw_.EndpointConfiguration(types=[apigw_.EndpointType.REGIONAL]),
handler=func_oauth,
deploy=False,
proxy=False,
)
item = api.root.add_resource("oauth2")
item.add_method("ANY", apigw_.LambdaIntegration(func_oauth))
# Create APIGW Loggroup for setting retention
LogGroup(
self, f"{id}-API-LogGroup",
log_group_name=f"API-Gateway-Execution-Logs_{api.rest_api_id}/{stage}",
retention=RetentionDays.ONE_DAY,
)
# Do a new deployment on specific stage
new_deployment = apigw_.Deployment(self, f"{id}-API-Deployment", api=api)
apigw_.Stage(
self, f"{id}-API-Stage",
data_trace_enabled=True,
description=f"{stage} environment",
deployment=new_deployment,
logging_level=apigw_.MethodLoggingLevel.INFO,
metrics_enabled=True,
stage_name=stage,
tracing_enabled=False,
)
def __init__(self, scope: Construct, _id: str, **kwargs) -> None:
super().__init__(scope, _id, **kwargs)
task_definition = FargateTaskDefinition(
self,
'TaskDefinition',
cpu=256,
memory_limit_mib=512,
execution_role=Role(
self,
'ExecutionRole',
assumed_by=cast(IPrincipal, ServicePrincipal('ecs-tasks.amazonaws.com'))
),
task_role=Role(
self,
'TaskRole',
assumed_by=cast(IPrincipal, ServicePrincipal('ecs-tasks.amazonaws.com')),
managed_policies=[
ManagedPolicy.from_aws_managed_policy_name('AmazonSESFullAccess')
]
)
)
task_definition.add_container(
'Container',
image=ContainerImage.from_asset(
getcwd(),
file='Dockerfile',
repository_name='jqbx-bot',
exclude=['cdk.out']
),
command=['pipenv', 'run', 'python', '-u', '-m', 'src.main'],
environment={
'SPOTIFY_USER_ID': environ.get('SPOTIFY_USER_ID'),
'JQBX_ROOM_ID': environ.get('JQBX_ROOM_ID'),
'JQBX_BOT_DISPLAY_NAME': environ.get('JQBX_BOT_DISPLAY_NAME'),
'JQBX_BOT_IMAGE_URL': environ.get('JQBX_BOT_IMAGE_URL'),
'DATA_SERVICE_BASE_URL': environ.get('DATA_SERVICE_BASE_URL')
},
logging=AwsLogDriver(
stream_prefix='jqbx-bot',
log_group=LogGroup(self, 'LogGroup')
)
)
cluster = Cluster(self, '%sCluster' % _id)
FargateService(self, '%sService' % _id, cluster=cluster, task_definition=task_definition, desired_count=1)
def add_cw_statsd_container(self, container_name, worker_task_def):
namespace = f"airflow/{self.deploy_env}/cwagent"
worker_task_def.add_container(
f"cw_agent_{container_name}",
image=ecs.ContainerImage.from_registry(
"public.ecr.aws/cloudwatch-agent/cloudwatch-agent:latest"),
environment={
"CW_CONFIG_CONTENT":
'{"metrics": {"namespace":"' + namespace +
'","metrics_collected":{"statsd":{}}}}'
},
logging=ecs.LogDrivers.aws_logs(log_group=LogGroup(
self, "ecs/airflow", retention=RetentionDays.ONE_DAY),
stream_prefix=container_name))
for managed_policy in [
aws_iam.ManagedPolicy.from_aws_managed_policy_name(
"CloudWatchAgentServerPolicy"),
aws_iam.ManagedPolicy.from_aws_managed_policy_name(
"AWSXRayDaemonWriteAccess")
]:
worker_task_def.execution_role.add_managed_policy(managed_policy)
def __init__(self, scope: core.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
role = iam.Role(
scope=self,
id='AwsCustomResourceRole',
assumed_by=iam.ServicePrincipal('lambda.amazonaws.com'))
role.add_to_policy(
iam.PolicyStatement(actions=['iam:PassRole'], resources=['*']))
my_custom_resource = cr.AwsCustomResource(
scope=self,
id='MyAwsCustomResource',
role=role,
policy=cr.AwsCustomResourcePolicy.from_sdk_calls(resources=['*']),
on_create=cr.AwsSdkCall(
action='listBuckets',
service='s3',
physical_resource_id=cr.PhysicalResourceId.of('BucketsList'),
))
vpc = VPCConstruct(self, id_='test-vpc', num_of_azs=2)
security_group = SecurityGroup(
self,
id='test-security-group',
vpc=vpc,
security_group_name='test-security-group')
security_group.add_ingress_rule(connection=Port.tcp(443),
peer=vpc.lambdas_sg)
domain = es.Domain(
scope=self,
id='Domain',
version=es.ElasticsearchVersion.V7_9,
domain_name="es-domain-name",
enable_version_upgrade=False,
enforce_https=True,
fine_grained_access_control=None,
node_to_node_encryption=True,
tls_security_policy=es.TLSSecurityPolicy.TLS_1_0,
logging=es.LoggingOptions(
app_log_enabled=True,
slow_index_log_enabled=True,
slow_search_log_enabled=True,
app_log_group=LogGroup(
scope=self,
id="app-log-group",
log_group_name=f'/aws/aes/domains/esdomain/app-log-group',
removal_policy=core.RemovalPolicy.DESTROY),
slow_index_log_group=LogGroup(
scope=self,
id="slow-index-log-group",
log_group_name=
f'/aws/aes/domains/esdomain/slow-index-log-group',
removal_policy=core.RemovalPolicy.DESTROY),
slow_search_log_group=LogGroup(
scope=self,
id="slow-search-log-group",
log_group_name=
f'/aws/aes/domains/esdomain/slow-search-log-group',
removal_policy=core.RemovalPolicy.DESTROY)),
removal_policy=core.RemovalPolicy.DESTROY,
zone_awareness=es.ZoneAwarenessConfig(availability_zone_count=2,
enabled=True),
vpc_options=es.VpcOptions(
security_groups=[security_group],
subnets=vpc.audit_vpc.select_subnets(
subnet_group_name=PRIVATE_SUBNET_GROUP).subnets))
def __init__(self, scope: Construct, id: str, settings, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self.id = id
# cdk deploy --parameters StageName=v1
stage = CfnParameter(
self,
"StageName",
default="v1",
description="The name of the API Gateway Stage.",
type="String",
).value_as_string
# Create function AsyncWorker
self.func_async_worker = self.create_lambda("AsyncWorker",
custom_role=None)
# Create function SyncWorker
self.func_sync_worker = self.create_lambda("SyncWorker",
custom_role=None)
# Create function and role for ImmediateResponse
func_immediate_response_role = self.create_immediate_response_execution_role(
f"{id}-ImmediateResponse", settings["ssmparametertokenkey"])
func_immediate_response = self.create_lambda(
"ImmediateResponse", custom_role=func_immediate_response_role)
func_immediate_response.add_environment(
"SlackAppTokenParameterKey", settings["ssmparametertokenkey"])
func_immediate_response.add_environment("SlackCommand",
settings["command"])
func_immediate_response.add_environment(
"AsyncWorkerLambdaFunctionName", f"{id}-AsyncWorker")
func_immediate_response.add_environment("SyncWorkerLambdaFunctionName",
f"{id}-SyncWorker")
func_immediate_response.add_environment(
"SlackChannelIds", ",".join(get_channel_ids(settings)))
func_immediate_response.add_environment(
"SlackDomains", ",".join(get_team_domains(settings)))
func_immediate_response.add_environment(
"SlackTeamIds", ",".join(get_team_ids(settings)))
api = apigw_.LambdaRestApi(
self,
f"{id}-API",
description=f"{id} API",
endpoint_configuration=apigw_.EndpointConfiguration(
types=[apigw_.EndpointType.EDGE]),
handler=func_immediate_response,
deploy=False,
)
# Create APIGW Loggroup for setting retention
LogGroup(
self,
f"{id}-API-LogGroup",
log_group_name=
f"API-Gateway-Execution-Logs_{api.rest_api_id}/{stage}",
retention=RetentionDays.ONE_DAY,
)
# Do a new deployment on specific stage
new_deployment = apigw_.Deployment(self,
f"{id}-API-Deployment",
api=api)
apigw_.Stage(
self,
f"{id}-API-Stage",
data_trace_enabled=False,
description=f"{stage} environment",
deployment=new_deployment,
logging_level=apigw_.MethodLoggingLevel.ERROR,
metrics_enabled=True,
stage_name=stage,
tracing_enabled=False,
)
def add_logging(self, name: str) -> LogGroup:
return LogGroup(self, f"LogGroup-{name}")
def __init__(self,
scope: Stack,
id: str,
ws_api: WsApi,
stage_name: str,
access_log_settings: Optional[
CfnStage.AccessLogSettingsProperty] = None,
create_default_access_log_settings: Optional[bool] = None,
auto_deploy: Optional[bool] = None,
client_certificate_id: Optional[str] = None,
default_route_settings: Optional[
CfnStage.RouteSettingsProperty] = None,
description: Optional[str] = None,
route_settings: Optional[Dict[str, Any]] = None,
stage_variables: Optional[Dict[str, Any]] = None,
tags: Optional[Dict[str, Any]] = None,
*args,
**kwargs) -> None:
"""
Constructor.
:param scope: CloudFormation-equivalent stack.
:param id: AWS-CDK-specific id.
:param ws_api: The web socket API for with this stage should be created.
:param stage_name: The stage name. Stage names can only contain alphanumeric characters, hyphens,
and underscores. Maximum length is 128 characters.
:param access_log_settings: Settings for logging access in this stage.
:param create_default_access_log_settings: Indicate whether to create default access log settings.
:param auto_deploy: Specifies whether updates to an API automatically trigger a new deployment.
The default value is false.
:param client_certificate_id: The identifier of a client certificate for a Stage.
:param default_route_settings: The default route settings for the stage.
:param description: The description for the API stage.
:param route_settings: Route settings for the stage.
:param stage_variables: A map that defines the stage variables for a Stage. Variable names can have
alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.
:param tags: The collection of tags. Each tag element is associated with a given resource.
"""
self.__scope = scope
self.__ws_api = ws_api
default_route_settings = default_route_settings or CfnStage.RouteSettingsProperty(
data_trace_enabled=True,
detailed_metrics_enabled=True,
logging_level='INFO',
)
if access_log_settings and create_default_access_log_settings:
raise ValueError(
'Access log settings supplied. Can not request to create default ones.'
)
if create_default_access_log_settings:
log_group = LogGroup(scope=scope,
id=f'{id}LogGroup',
log_group_name=f'{id}LogGroup',
removal_policy=RemovalPolicy.DESTROY,
retention=RetentionDays.ONE_MONTH)
access_log_settings = CfnStage.AccessLogSettingsProperty(
destination_arn=log_group.log_group_arn,
format=("{"
"\"requestId\":\"$context.requestId\", "
"\"ip\": \"$context.identity.sourceIp\", "
"\"caller\":\"$context.identity.caller\", "
"\"user\":\"$context.identity.user\","
"\"requestTime\":\"$context.requestTime\", "
"\"eventType\":\"$context.eventType\","
"\"routeKey\":\"$context.routeKey\", "
"\"status\":\"$context.status\","
"\"connectionId\":\"$context.connectionId\""
"}"))
super().__init__(scope=scope,
id=id,
api_id=ws_api.ref,
stage_name=stage_name,
access_log_settings=access_log_settings,
auto_deploy=auto_deploy,
client_certificate_id=client_certificate_id,
default_route_settings=default_route_settings,
description=description,
route_settings=route_settings,
stage_variables=stage_variables,
tags=tags,
*args,
**kwargs)
CfnOutput(scope=scope,
id=f'{ws_api.name}Url',
value=self.ws_url,
description='A websocket URL.',
export_name=f'{ws_api.name}Url')
CfnOutput(scope=scope,
id=f'{ws_api.name}Id',
value=self.api_id,
description='A websocket ID.',
export_name=f'{ws_api.name}Id')
CfnOutput(scope=scope,
id=f'{ws_api.name}HttpUrl',
value=self.http_url,
description='A websocket http URL.',
export_name=f'{ws_api.name}HttpUrl')