def on_update_mediapackage_endpoint(self):
update_params = {
"ChannelId": self.id_channel,
"Id": f"endpoint-{self.id_channel}",
"Description": f"Endpoint - {self.id_channel}",
"HlsPackage": {
"SegmentDurationSeconds": 5,
"PlaylistWindowSeconds": 59,
"StreamSelection": {
"MaxVideoBitsPerSecond": 2147483647,
"MinVideoBitsPerSecond": 0,
"StreamOrder": "ORIGINAL"
}
}
}
on_update = AwsSdkCall(
action='updateOriginEndpoint',
service='MediaPackage',
api_version=None, # Uses the latest api
parameters=update_params,
# Must keep the same physical resource id, otherwise resource is deleted by CloudFormation
physical_resource_id=PhysicalResourceId.of(
"media-live-stack-endpoint"),
)
return on_update
def __on_create(self) -> Optional[Dict[Any, Any]]:
"""
Creates an "on_create" command.
:return: A dictionary command.
"""
return {
"service":
self.service_name(),
"action":
"createCommit",
"parameters": {
'branchName':
'master',
'repositoryName':
self.__code_repository.repository_name,
'commitMessage':
'Initial appspec and taskdef files.',
'putFiles': [{
'filePath': 'taskdef.json',
'fileMode': 'NORMAL',
'fileContent': self.__task_definition,
}, {
'filePath': 'appspec.yaml',
'fileMode': 'NORMAL',
'fileContent': self.__app_spec,
}]
},
"physical_resource_id":
PhysicalResourceId.of(self.__prefix + 'CreateCommit')
}
def copy_from_assests_bucket_to_custom_bucket(self, construct_id,
asset_bucket, file_name,
s3_custom_bucket):
asset_bucket_object = s3.Bucket.from_bucket_name(
self, "AssetBucketObject", asset_bucket.s3_bucket_name)
# Custom Resource Creation to Copy from Asset Bucket to Custom Bucket
custom_resource_policy = AwsCustomResourcePolicy.from_sdk_calls(
resources=[
f"{asset_bucket_object.bucket_arn}/*",
f"{s3_custom_bucket.bucket_arn}/*"
])
custom_resource_lambda_role = _iam.Role(
scope=self,
id=f'{construct_id}-CustomResourceLambdaRole',
assumed_by=_iam.ServicePrincipal('lambda.amazonaws.com'),
managed_policies=[
_iam.ManagedPolicy.from_aws_managed_policy_name(
"service-role/AWSLambdaBasicExecutionRole"),
_iam.ManagedPolicy(
scope=self,
id=f'{construct_id}-CustomResourceLambdaPolicy',
managed_policy_name="AssetsBucketAccessPolicy",
statements=[
_iam.PolicyStatement(resources=[
f"{asset_bucket_object.bucket_arn}/*",
f"{s3_custom_bucket.bucket_arn}/*"
],
actions=[
"s3:List*", "s3:PutObject",
"s3:GetObject"
])
])
])
on_create = AwsSdkCall(action='copyObject',
service='S3',
physical_resource_id=PhysicalResourceId.of(
f'{asset_bucket.s3_bucket_name}'),
parameters={
"Bucket":
s3_custom_bucket.bucket_name,
"CopySource":
asset_bucket.s3_bucket_name + '/' +
asset_bucket.s3_object_key,
"Key":
file_name
})
custom_resource_creation = AwsCustomResource(
scope=self,
id='CustomResourceSyncWithS3',
policy=custom_resource_policy,
log_retention=logs.RetentionDays.ONE_WEEK,
on_create=on_create,
on_update=on_create,
role=custom_resource_lambda_role,
timeout=cdk.Duration.seconds(300))
return custom_resource_creation
def delete_project(self, project_name):
return AwsSdkCall(
action='deleteProject',
service='DeviceFarm',
parameters={'arn': self.project_arn},
region=
'us-west-2', # When other endpoints become available for DF, we won't have to do this.
physical_resource_id=PhysicalResourceId.from_response(
"project.arn"))
def delete_device_pool(self):
return AwsSdkCall(
action='deleteDevicePool',
service='DeviceFarm',
parameters={'arn': self.device_pool_arn},
region=
'us-west-2', # When other endpoints become available for DF, we won't have to do this.
physical_resource_id=PhysicalResourceId.from_response(
"devicePool.arn"))
def delete(self, bucket_name):
delete_params = {"Bucket": bucket_name, "Key": "helloWorld.txt"}
return AwsSdkCall(action='deleteObject',
service='S3',
parameters=delete_params,
physical_resource_id=PhysicalResourceId.of(
'myAutomationExecution'))
def add_contact_api(stack: CDKMasterStack, project_name: str, domain: str,
forwarding_email: str):
module_path = os.path.dirname(__file__)
lambda_path = os.path.join(module_path, "lambda")
api_path = "contact"
base_lambda = aws_lambda.Function(
stack,
'ContactFormLambda',
handler='lambda_handler.handler',
runtime=aws_lambda.Runtime.PYTHON_3_7,
environment={
"TARGET_EMAIL":
forwarding_email,
"SENDER_EMAIL":
f"contact@{domain}",
"SENDER_NAME":
f"{project_name.capitalize()}",
"SENDER":
f"{project_name.capitalize()} Contact Form <contact@{domain}>"
},
code=aws_lambda.Code.asset(lambda_path),
)
base_lambda.add_to_role_policy(
aws_iam.PolicyStatement(effect=aws_iam.Effect.ALLOW,
resources=["*"],
actions=["ses:SendEmail", "ses:SendRawEmail"]))
verify_domain_create_call = AwsSdkCall(
service="SES",
action="verifyDomainIdentity",
parameters={"Domain": domain},
physical_resource_id=PhysicalResourceId.from_response(
"VerificationToken"))
policy_statement = PolicyStatement(actions=["ses:VerifyDomainIdentity"],
resources=["*"])
verify_domain_identity = AwsCustomResource(
stack,
"VerifyDomainIdentity",
on_create=verify_domain_create_call,
policy=AwsCustomResourcePolicy.from_statements(
statements=[policy_statement]))
aws_route53.TxtRecord(
stack,
"SESVerificationRecord",
zone=stack.zone,
record_name=f"_amazonses.{domain}",
values=[
verify_domain_identity.get_response_field("VerificationToken")
])
stack.add_api_method(api_path, "POST", base_lambda)
def _get_on_update_func(self, id: str, parameter_name: str):
return AwsSdkCall(
action="getParameter",
service="SSM",
parameters={
"Name": parameter_name,
},
region="us-east-1",
physical_resource_id=PhysicalResourceId.of(f"LEF-{id}"),
)
def get_sdk_operation(self, resource_id: str,
create_params: Dict[str, Any], action_name: str):
#api_version=None uses the latest api
action = AwsSdkCall(
action=action_name,
service='Iot',
parameters=create_params,
# Must keep the same physical resource id, otherwise resource is deleted by CF
physical_resource_id=PhysicalResourceId.of(id=resource_id),
)
return action
def on_delete_mediapackage(self):
delete_params = {"Id": self.id_channel}
on_delete = AwsSdkCall(
action='deleteChannel',
service='MediaPackage',
api_version=None, # Uses the latest api
parameters=delete_params,
# Must keep the same physical resource id, otherwise resource is deleted by CloudFormation
physical_resource_id=PhysicalResourceId.of("media-live-stack"),
)
return on_delete
def __on_create(self) -> Optional[Dict[Any, Any]]:
"""
Creates an "on_create" command.
:return: A dictionary command.
"""
dir_path = os.path.dirname(os.path.realpath(__file__))
path = os.path.join(dir_path, '../files')
return {
"service":
self.service_name(),
"action":
"createCommit",
"parameters": {
'branchName':
'master',
'repositoryName':
self.__code_repository.repository_name,
'commitMessage':
'Initial files.',
'putFiles': [
{
'filePath':
'install.sh',
'fileMode':
'NORMAL',
'fileContent':
open(os.path.join(path, 'install.sh'), 'r').read(),
},
{
'filePath':
'manage.py',
'fileMode':
'NORMAL',
'fileContent':
open(os.path.join(path, 'manage.py'), 'r').read(),
},
{
'filePath':
'test.sh',
'fileMode':
'NORMAL',
'fileContent':
open(os.path.join(path, 'test.sh'), 'r').read(),
},
]
},
"physical_resource_id":
PhysicalResourceId.of(self.__prefix + 'CiCdLambdaCreateCommit'),
}
def create(self, bucket_name):
create_params = {
"Body": "Hello world",
"Bucket": bucket_name,
"Key": "helloWorld.txt"
}
return AwsSdkCall(action='putObject',
service='S3',
parameters=create_params,
physical_resource_id=PhysicalResourceId.of(
'myAutomationExecution'))
def delete_policy_assignment(self):
delete_params = {
"AssignmentName": "QuickSightMigration",
"AwsAccountId": core.Aws.ACCOUNT_ID,
"Namespace": "default",
}
return AwsSdkCall(
action="deleteIAMPolicyAssignment",
service="QuickSight",
assumed_role_arn=self.quicksight_migration_target_assume_role.role_arn,
parameters=delete_params,
physical_resource_id=PhysicalResourceId.of("cdksdk_policyassignment"),
)
def delete_qsuser(self):
params = {
"UserName": self.quicksight_migration_target_assume_role.role_name
+ "/quicksight",
"AwsAccountId": core.Aws.ACCOUNT_ID,
"Namespace": "default",
}
return AwsSdkCall(
action="deleteUser",
service="QuickSight",
parameters=params,
physical_resource_id=PhysicalResourceId.of("cdksdk_qsuser"),
)
def update_device_pool(self, device_pool_name, platform, max_devices,
os_version, manufacturer):
return AwsSdkCall(
action='updateDevicePool',
service='DeviceFarm',
parameters={
'arn': self.device_pool_arn,
'name': device_pool_name,
'rules': self._build_rules(platform, os_version, manufacturer),
'maxDevices': max_devices
},
region=
'us-west-2', # When other endpoints become available for DF, we won't have to do this.
physical_resource_id=PhysicalResourceId.from_response(
"devicePool.arn"))
def get_on_create(self, bucket_name, object_key, object_content):
create_params = {
"Body": object_content,
"Bucket": bucket_name,
"Key": object_key,
}
#api_version=None uses the latest api
on_create = AwsSdkCall(
action='putObject',
service='S3',
parameters=create_params,
# to get a unique physicaid: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html
physical_resource_id=PhysicalResourceId.from_response('ETag'),
)
return on_create
def __on_delete(self) -> Optional[Dict[Any, Any]]:
"""
Creates an "on_delete" command".
:return: A dictionary command.
"""
return {
"service": self.service_name(),
"action": "deleteDeploymentGroup",
"parameters": {
'applicationName': self.__ecs_application.application_name,
'deploymentGroupName': self.__prefix + 'FargateDeploymentGroup',
},
"physical_resource_id": PhysicalResourceId.of(self.__prefix + 'DeploymentGroup'),
}
def create_qsuser(self):
create_params = {
"IdentityType": "IAM",
"Email": " ",
"UserRole": "ADMIN",
"IamArn": self.quicksight_migration_target_assume_role.role_arn,
"SessionName": "quicksight",
"AwsAccountId": core.Aws.ACCOUNT_ID,
"Namespace": "default",
}
return AwsSdkCall(
action="registerUser",
service="QuickSight",
parameters=create_params,
physical_resource_id=PhysicalResourceId.of("cdksdk_qsuser"),
)
def get_on_create_update(self, bucket_name, object_key, object_content):
create_params = {
"Body": object_content,
"Bucket": bucket_name,
"Key": object_key,
}
# api_version=None uses the latest api
on_create = AwsSdkCall(
action='putObject',
service='S3',
parameters=create_params,
# Must keep the same physical resource id, otherwise resource is deleted by CloudFormation
physical_resource_id=PhysicalResourceId.of(
f'{bucket_name}/{object_key}'),
)
return on_create
def create_policy_assignment(self):
create_params = {
"AssignmentName": "QuickSightMigration",
"AssignmentStatus": "ENABLED",
"AwsAccountId": core.Aws.ACCOUNT_ID,
"Namespace": "default",
"Identities": {
"user": [
self.quicksight_migration_target_assume_role.role_name
+ "/quicksight"
]
},
"PolicyArn": self.quicksight_managed_resources_policy.managed_policy_arn,
}
return AwsSdkCall(
action="createIAMPolicyAssignment",
service="QuickSight",
assumed_role_arn=self.quicksight_migration_target_assume_role.role_arn,
parameters=create_params,
physical_resource_id=PhysicalResourceId.of("cdksdk_policyassignment"),
)
def __on_update(self) -> Optional[Dict[Any, Any]]:
"""
Creates an "on_update" command".
:return: A dictionary command.
"""
return {
"service": self.service_name(),
"action": "updateDeploymentGroup",
"parameters": {
'applicationName': self.__ecs_application.application_name,
'currentDeploymentGroupName': self.__prefix + 'FargateDeploymentGroup',
'deploymentConfigName': 'CodeDeployDefault.ECSAllAtOnce',
'serviceRoleArn': self.__deployment_group_role.role_arn,
'autoRollbackConfiguration': {
'enabled': True,
'events': ['DEPLOYMENT_FAILURE', 'DEPLOYMENT_STOP_ON_ALARM', 'DEPLOYMENT_STOP_ON_REQUEST']
},
'deploymentStyle': {
'deploymentType': 'BLUE_GREEN',
'deploymentOption': 'WITH_TRAFFIC_CONTROL'
},
'blueGreenDeploymentConfiguration': {
'terminateBlueInstancesOnDeploymentSuccess': {
'action': 'TERMINATE',
'terminationWaitTimeInMinutes': 5
},
'deploymentReadyOption': {
'actionOnTimeout': 'CONTINUE_DEPLOYMENT',
},
},
'loadBalancerInfo': {
'targetGroupPairInfoList': [
{
'targetGroups': [
{
'name': self.__production_target_group.attr_target_group_name,
},
{
'name': self.__deployment_target_group.attr_target_group_name,
},
],
'prodTrafficRoute': {
'listenerArns': [
self.__main_listener.ref
]
},
'testTrafficRoute': {
'listenerArns': [
self.__deployments_listener.ref
]
}
},
]
},
'ecsServices': [
{
'serviceName': self.__prefix + 'FargateService',
'clusterName': self.__ecs_cluster.cluster_name
},
],
},
"physical_resource_id": PhysicalResourceId.of(self.__prefix + 'DeploymentGroup'),
}
def __init__(self, scope: core.Construct, id: str, es_domain: CfnDomain, kda_role: iam.Role,
source_bucket: s3.Bucket, dest_bucket: s3.Bucket, **kwargs):
super().__init__(scope, id, **kwargs)
stack = Stack.of(self)
kda_role.add_to_policy(PolicyStatement(actions=['cloudwatch:PutMetricData'],
resources=['*']))
artifacts_bucket_arn = 'arn:aws:s3:::' + _config.ARA_BUCKET.replace("s3://", "")
kda_role.add_to_policy(PolicyStatement(actions=['s3:GetObject', 's3:GetObjectVersion'],
resources=[artifacts_bucket_arn, artifacts_bucket_arn + '/binaries/*']))
log_group = logs.LogGroup(scope=self,
id='KdaLogGroup',
retention=logs.RetentionDays.ONE_WEEK,
removal_policy=RemovalPolicy.DESTROY)
log_stream = logs.LogStream(scope=self,
id='KdaLogStream',
log_group=log_group,
removal_policy=RemovalPolicy.DESTROY)
log_stream_arn = stack.format_arn(service='logs',
resource='log-group',
resource_name=log_group.log_group_name + ':log-stream:' +
log_stream.log_stream_name,
sep=':')
# TODO: restrict
kda_role.add_to_policy(PolicyStatement(actions=['logs:*'],
resources=[stack.format_arn(service='logs', resource='*')]))
kda_role.add_to_policy(PolicyStatement(actions=['logs:DescribeLogStreams', 'logs:DescribeLogGroups'],
resources=[log_group.log_group_arn,
stack.format_arn(service='logs', resource='log-group',
resource_name='*')]))
kda_role.add_to_policy(PolicyStatement(actions=['logs:PutLogEvents'],
resources=[log_stream_arn]))
kda_role.add_to_policy(PolicyStatement(actions=['es:ESHttp*'],
resources=[stack.format_arn(service='es', resource='domain',
resource_name=es_domain.domain_name + '/*')]))
# TODO: restrict
kda_role.add_to_policy(PolicyStatement(actions=['s3:*'],
resources=['arn:aws:s3::::*']))
# Define delivery stream
# delivery_stream_name = 'clean_delivery_stream'
#
# s3_configuration = {
# 'bucketArn': '',
# 'compressionFormat': 'Snappy',
# 'dataFormatConversionConfiguration': {
# 'enabled': True,
# 'inputFormatConfiguration': {'deserializer': },
# 'outputFormatConfiguration': {'serializer': {'parquetSerDe': }},
# 'schemaConfiguration': {}
# },
# 'prefix': 'streaming'
# }
#
# delivery_stream = CfnDeliveryStream(scope=self,
# id='Firehose Delivery Stream',
# delivery_stream_name=delivery_stream_name,
# delivery_stream_type='DirectPut',
# extended_s3_destination_configuration=s3_configuration
# )
# Define KDA application
application_configuration = {
'environmentProperties': {
'propertyGroups': [
{
'propertyGroupId': 'ConsumerConfigProperties',
'propertyMap': {
'CustomerStream': scope.customer_stream.stream_name,
'AddressStream': scope.address_stream.stream_name,
'SaleStream': scope.sale_stream.stream_name,
'PromoDataPath': source_bucket.s3_url_for_object('promo'),
'ItemDataPath': source_bucket.s3_url_for_object('item'),
'aws.region': scope.region
}
},
{
'propertyGroupId': 'ProducerConfigProperties',
'propertyMap': {
'ElasticsearchHost': 'https://' + es_domain.attr_domain_endpoint + ':443',
'Region': scope.region,
'DenormalizedSalesS3Path': dest_bucket.s3_url_for_object() + '/',
'IndexName': 'ara-write'
}
}
]
},
'applicationCodeConfiguration': {
'codeContent': {
's3ContentLocation': {
'bucketArn': artifacts_bucket_arn,
'fileKey': 'binaries/stream-processing-1.1.jar'
}
},
'codeContentType': 'ZIPFILE'
},
'flinkApplicationConfiguration': {
'parallelismConfiguration': {
'configurationType': 'DEFAULT'
},
'checkpointConfiguration': {
'configurationType': 'DEFAULT'
},
'monitoringConfiguration': {
'logLevel': 'DEBUG',
'metricsLevel': 'TASK',
'configurationType': 'CUSTOM'
}
},
'applicationSnapshotConfiguration': {
'snapshotsEnabled': False
}
}
self.__app = CfnApplicationV2(scope=self,
id='KDA application',
runtime_environment='FLINK-1_11',
application_name='KDA-application',
service_execution_role=kda_role.role_arn,
application_configuration=application_configuration)
logging = CfnApplicationCloudWatchLoggingOptionV2(scope=self, id='KDA application logging',
application_name=self.__app.ref,
cloud_watch_logging_option={'logStreamArn': log_stream_arn})
logging.apply_removal_policy(policy=RemovalPolicy.RETAIN, apply_to_update_replace_policy=True,
default=RemovalPolicy.RETAIN)
# Use a custom resource to start the application
create_params = {
'ApplicationName': self.__app.ref,
'RunConfiguration': {
'ApplicationRestoreConfiguration': {
'ApplicationRestoreType': 'SKIP_RESTORE_FROM_SNAPSHOT'
},
'FlinkRunConfiguration': {
'AllowNonRestoredState': True
}
}
}
# See https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/ for service name, actions and parameters
create_action = AwsSdkCall(service='KinesisAnalyticsV2',
action='startApplication',
parameters=create_params,
physical_resource_id=PhysicalResourceId.of(self.__app.ref + '-start'))
delete_action = AwsSdkCall(service='KinesisAnalyticsV2',
action='stopApplication',
parameters={'ApplicationName': self.__app.ref, 'Force': True})
custom_resource = AwsCustomResource(scope=self,
id='KdaStartAndStop',
on_create=create_action,
on_delete=delete_action,
policy=AwsCustomResourcePolicy.from_statements([PolicyStatement(
actions=['kinesisanalytics:StartApplication',
'kinesisanalytics:StopApplication',
'kinesisanalytics:DescribeApplication',
'kinesisanalytics:UpdateApplication'], resources=[
stack.format_arn(service='kinesisanalytics', resource='application',
resource_name=self.app.application_name)])]))
custom_resource.node.add_dependency(self.app)