def update_parameters_for_auth_section(
self,
user_pool_client: aws_cognito.CfnUserPoolClient,
user_pool_client_secret: custom_resources.AwsCustomResource,
user_pool_domain: Optional[aws_cognito.CfnUserPoolDomain],
tag: str,
):
"""
This contains nearly identical info as the "HostedUI" section above, but
is organized differently for the AWSMobileClient.
"""
if not user_pool_domain:
return
app_client_id = user_pool_client.ref
app_client_secret = user_pool_client_secret.get_response_field(
"UserPoolClient.ClientSecret"
)
web_domain = f"{user_pool_domain.domain}.auth.{self.region}.amazoncognito.com"
scopes_string = self._secrets["hostedui.scopes"]
scopes = scopes_string.split()
sign_in_uri = self._secrets["hostedui.sign_in_redirect"]
sign_out_uri = self._secrets["hostedui.sign_out_redirect"]
self._parameters_to_save.update(
{
f"awsconfiguration/Auth/{tag}/OAuth/WebDomain": web_domain,
f"awsconfiguration/Auth/{tag}/OAuth/AppClientId": app_client_id,
f"awsconfiguration/Auth/{tag}/OAuth/AppClientSecret": app_client_secret,
f"awsconfiguration/Auth/{tag}/OAuth/SignInRedirectURI": sign_in_uri,
f"awsconfiguration/Auth/{tag}/OAuth/SignOutRedirectURI": sign_out_uri,
f"awsconfiguration/Auth/{tag}/OAuth/Scopes": scopes,
}
)
def add_contact_api(stack: CDKMasterStack, project_name: str, domain: str,
forwarding_email: str):
module_path = os.path.dirname(__file__)
lambda_path = os.path.join(module_path, "lambda")
api_path = "contact"
base_lambda = aws_lambda.Function(
stack,
'ContactFormLambda',
handler='lambda_handler.handler',
runtime=aws_lambda.Runtime.PYTHON_3_7,
environment={
"TARGET_EMAIL":
forwarding_email,
"SENDER_EMAIL":
f"contact@{domain}",
"SENDER_NAME":
f"{project_name.capitalize()}",
"SENDER":
f"{project_name.capitalize()} Contact Form <contact@{domain}>"
},
code=aws_lambda.Code.asset(lambda_path),
)
base_lambda.add_to_role_policy(
aws_iam.PolicyStatement(effect=aws_iam.Effect.ALLOW,
resources=["*"],
actions=["ses:SendEmail", "ses:SendRawEmail"]))
verify_domain_create_call = AwsSdkCall(
service="SES",
action="verifyDomainIdentity",
parameters={"Domain": domain},
physical_resource_id=PhysicalResourceId.from_response(
"VerificationToken"))
policy_statement = PolicyStatement(actions=["ses:VerifyDomainIdentity"],
resources=["*"])
verify_domain_identity = AwsCustomResource(
stack,
"VerifyDomainIdentity",
on_create=verify_domain_create_call,
policy=AwsCustomResourcePolicy.from_statements(
statements=[policy_statement]))
aws_route53.TxtRecord(
stack,
"SESVerificationRecord",
zone=stack.zone,
record_name=f"_amazonses.{domain}",
values=[
verify_domain_identity.get_response_field("VerificationToken")
])
stack.add_api_method(api_path, "POST", base_lambda)
def update_parameters_for_userpool(
self,
user_pool: aws_cognito.CfnUserPool,
user_pool_client: aws_cognito.CfnUserPoolClient,
user_pool_client_secret: custom_resources.AwsCustomResource,
user_pool_domain: Optional[aws_cognito.CfnUserPoolDomain],
tag: str,
custom_endpoint: Optional[str] = None,
):
pool_id = user_pool.ref
app_client_id = user_pool_client.ref
app_client_secret = user_pool_client_secret.get_response_field(
"UserPoolClient.ClientSecret")
self._parameters_to_save.update({
f"awsconfiguration/CognitoUserPool/{tag}/PoolId":
pool_id,
f"awsconfiguration/CognitoUserPool/{tag}/AppClientId":
app_client_id,
f"awsconfiguration/CognitoUserPool/{tag}/AppClientSecret":
app_client_secret,
f"awsconfiguration/CognitoUserPool/{tag}/Region":
self.region,
})
if custom_endpoint:
self._parameters_to_save.update({
f"awsconfiguration/CognitoUserPool/{tag}/Endpoint":
custom_endpoint,
})
if user_pool_domain:
url = f"https://{user_pool_domain.domain}.auth.{self.region}.amazoncognito.com"
scopes_string = self._secrets["hostedui.scopes"]
scopes = scopes_string.split()
sign_in_uri = self._secrets["hostedui.sign_in_redirect"]
sign_out_uri = self._secrets["hostedui.sign_out_redirect"]
self._parameters_to_save.update({
f"awsconfiguration/CognitoUserPool/{tag}/HostedUI/WebDomain":
url,
f"awsconfiguration/CognitoUserPool/{tag}/HostedUI/AppClientId":
app_client_id,
f"awsconfiguration/CognitoUserPool/{tag}/HostedUI/AppClientSecret":
app_client_secret, # noqa: E501
f"awsconfiguration/CognitoUserPool/{tag}/HostedUI/SignInRedirectURI":
sign_in_uri, # noqa: E501
f"awsconfiguration/CognitoUserPool/{tag}/HostedUI/SignOutRedirectURI":
sign_out_uri, # noqa: E501
f"awsconfiguration/CognitoUserPool/{tag}/HostedUI/Scopes":
scopes,
})
def create_package(self):
"""
First step:
- Define lambda role to ger ResourceToken
- Define policy. In this step policy might be overpermissive, but we don't know the ARN resource \
So we will use ANY_RESOURCE tricl
"""
lambda_role_mediapackage = self.get_provisioning_lambda_role(
role_name=f'stack-the-media-live')
custom_policy = AwsCustomResourcePolicy.from_sdk_calls(
resources=AwsCustomResourcePolicy.ANY_RESOURCE)
"""
Second step:
- Define create/update/delete method for both: MediaPackageChannel and MediaPackageOriginEndpoint
"""
on_create_mediapackage = self.on_create_mediapackage()
on_update_mediapackage = self.on_update_mediapackage()
on_delete_mediapackage = self.on_delete_mediapackage()
on_create_mediapackage_endpoint = self.on_create_mediapackage_endpoint(
)
on_update_mediapackage_endpoint = self.on_update_mediapackage_endpoint(
)
on_delete_mediapackage_endpoint = self.on_delete_mediapackage_endpoint(
)
"""
Third step:
- Create MediaPackageChannel
"""
channel = AwsCustomResource(
scope=self.scope,
id=f'{self.id_channel}-MediaPackage-AWSCustomResource',
policy=custom_policy,
log_retention=None, # We don't need log at this moment
on_create=on_create_mediapackage,
on_update=on_update_mediapackage,
on_delete=on_delete_mediapackage,
resource_type='Custom::MediaPackageChannel',
role=lambda_role_mediapackage,
timeout=None
) # Timeout of the Lambda implementing this custom resource. Default: Duration.minutes(2)
"""
Fourth step:
- Create MediaPackageOriginEndpoint
By default HLS endpoint is the most common endpoint used, so we will create it
You can choose your own endpoint here:
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/MediaPackage.html#createOriginEndpoint-property
"""
hls_endpoint = AwsCustomResource(
scope=self.scope,
id=f'{self.id_channel}-MediaPackageEndpoint-AWSCustomResource',
policy=custom_policy,
log_retention=None, # We don't need log at this moment
on_create=on_create_mediapackage_endpoint,
on_update=on_update_mediapackage_endpoint,
on_delete=on_delete_mediapackage_endpoint,
resource_type='Custom::MediaPackageHlsEndpoint',
role=lambda_role_mediapackage,
timeout=None
) # Timeout of the Lambda implementing this custom resource. Default: Duration.minutes(2)
""" Must fix the dependency among custom resources """
mediadep = core.ConcreteDependable()
mediadep.add(channel)
hls_endpoint.node.add_dependency(mediadep)
core.CfnOutput(scope=self,
id="media-package-url-strem",
value=hls_endpoint.get_response_field("Url"))
return hls_endpoint.get_response_field("Url")