def traverse_dir_recur(root, assets): for root, dirs, files in os.walk(root): for filename in files: location = os.path.join(root, filename) print(location) asset = pulumi.FileAsset(path=location) assets[filename] = asset for dirname in dirs: asset = pulumi.FileArchive(os.path.join(root, dirname)) asset[dirname] = asset
def create_lambda(depends_on_resource): # Create Lambda IAM lambda_role lambda_role = aws.iam.Role('lambdaRole', assume_role_policy="""{ "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": {"Service": "lambda.amazonaws.com"}, "Effect": "Allow", "Sid": "" } ] }""") lambda_layer = aws.lambda_.LayerVersion( "lambdaLayer", compatible_runtimes=["python3.8"], code=pulumi.FileArchive("lambda_layer"), layer_name="lambda_layer_name") func = aws.lambda_.Function( resource_name='ServerlessFunction', role=lambda_role.arn, runtime="python3.8", handler="lambda_code.lambda_handler", environment={ "variables": { "M3DB_URI": depends_on_resource.service_uri } }, code=pulumi.AssetArchive({'.': pulumi.FileArchive('lambda_func')}), opts=pulumi.ResourceOptions(depends_on=[depends_on_resource]), layers=[lambda_layer.arn], ) pulumi.export('lambda_name', func.name) return func
def _deserialize_archive(prop: Dict[str, Any]) -> pulumi.Archive: if "assets" in prop: assets: Dict[str, Union[pulumi.Asset, pulumi.Archive]] = {} for key in prop["assets"]: a = _deserialize_property(prop["assets"][key]) if not isinstance(a, pulumi.Asset) and not isinstance( a, pulumi.Archive): raise AssertionError( "Expected an AssetArchive's assets to be unmarshaled Asset or Archive objects" ) assets[key] = a return pulumi.AssetArchive(assets) if "path" in prop: return pulumi.FileArchive(prop["path"]) if "uri" in prop: return pulumi.RemoteArchive(prop["uri"]) raise AssertionError( "Invalid archive encountered when unmarshaling resource property")
def main(): hello_world_lambda = lambda_.Function( "hello_world", runtime="python3.7", role=iam.lambda_role.arn, description="pulumi lambda hello world", handler="main.handler", code=pulumi.AssetArchive({".": pulumi.FileArchive("./lambda")}), ) hello_world_api = apigw.APIGateway("hello_world", hello_world_lambda) hello_world_api = hello_world_api.build() lambda_.Permission( "hello_world", function=hello_world_lambda.name, action="lambda:InvokeFunction", principal="apigateway.amazonaws.com", source_arn=hello_world_api.execution_arn.apply(lambda s: f"{s}/*/*"), )
def __init__(self, name: str, args: FuncArgs, opts: ResourceOptions = None): super().__init__('custom:resource:CloudFunction', name, {}, opts) bucket_name = f'{name}-bucket' self.bucket = storage.Bucket(bucket_name, labels=args.tags, opts=ResourceOptions(parent=self)) bucket_object_name = f'{name}-bucketobject' self.bucket_object = storage.BucketObject( bucket_object_name, bucket=self.bucket.name, source=pulumi.FileArchive("./pythonfunction"), metadata=args.tags, opts=ResourceOptions(parent=self.bucket)) function_name = f'{name}-cloudfunction' self.function = cloudfunctions.Function( function_name, description="Serverless Function in GCP via Pulumi", runtime=args.runtime, available_memory_mb=args.available_memory_mb, source_archive_bucket=self.bucket.name, source_archive_object=self.bucket_object.name, trigger_http=args.trigger_http, entry_point=args.entry_point, #labels = args.tags, opts=ResourceOptions(parent=self)) iam_member_name = f'{name}-functioniammember' self.invoker = cloudfunctions.FunctionIamMember( iam_member_name, cloud_function=self.function.name, role=args.role, member=args.member, opts=ResourceOptions(parent=self.function)) self.register_outputs({})
# Copyright 2016-2018, Pulumi Corporation. All rights reserved. import iam import pulumi from pulumi_aws import lambda_, sfn hello_world_fn = lambda_.Function( 'helloWorldFunction', role=iam.lambda_role.arn, runtime="python2.7", handler="hello_step.hello", code=pulumi.AssetArchive({'.': pulumi.FileArchive('./step_hello')})) state_defn = state_machine = sfn.StateMachine( 'stateMachine', role_arn=iam.sfn_role.arn, definition=hello_world_fn.arn.apply(lambda arn: """{ "Comment": "A Hello World example of the Amazon States Language using an AWS Lambda Function", "StartAt": "HelloWorld", "States": { "HelloWorld": { "Type": "Task", "Resource": "%s", "End": true } } }""" % arn)) pulumi.export('state_machine_arn', state_machine.id)
import pulumi import pulumi_aws as aws iam_for_lambda = aws.iam.Role("iamForLambda") test_lambda = aws.lambda_.Function( "testLambda", code=pulumi.FileArchive("lambda_function_payload.zip"), role=iam_for_lambda.arn, handler="index.test", runtime="nodejs12.x", environment=aws.lambda_.FunctionEnvironmentArgs(variables={ "foo": "bar", }, ))
import pulumi import pulumi_aws as aws from infrastructure.dynamodb.table import books_dynamodb_table from infrastructure.lambda_crud.role import role config = pulumi.Config() lambda_name = config.get('lambda_name') lambda_crud = aws.lambda_.Function( lambda_name, runtime="python3.8", memory_size=256, timeout=5, handler="lambda.handler", code=pulumi.FileArchive("application/lambda_crud"), environment={ "variables": { "TABLE": books_dynamodb_table.name, }, }, role=role.arn, opts=pulumi.ResourceOptions(depends_on=[role]), )
}), ) # Read the config of whether to provision fixed concurrency for Lambda config = pulumi.Config() provisioned_concurrent_executions = config.get_float('provisionedConcurrency') # Create a Lambda function, using code from the `./app` folder. lambda_func = aws.lambda_.Function( "mylambda", opts=pulumi.ResourceOptions(depends_on=[policy]), runtime="dotnetcore3.1", code=pulumi.AssetArchive({ ".": pulumi.FileArchive(dotnet_application_publish_folder), }), timeout=300, handler=dotnet_application_entry_point, role=role.arn, publish=bool(provisioned_concurrent_executions), # Versioning required for provisioned concurrency environment={ "variables": { "COUNTER_TABLE": counter_table.name, }, }, ) if provisioned_concurrent_executions: concurrency = aws.lambda_.ProvisionedConcurrencyConfig(
"apigw", statement_id="AllowAPIGatewayInvoke", action="lambda:InvokeFunction", function=scan_fn, principal="apigateway.amazonaws.com", source_arn=scan_dep.execution_arn.apply(lambda x: f"{x}/*/*") ) # Lambda function for S3 trigger lambda_rekognition = lambda_.Function( resource_name='ImagesRekognition', role=iam.lambda_role.arn, runtime="python3.7", handler="lambda_rekognition.lambda_handler", code=pulumi.AssetArchive({ '.': pulumi.FileArchive('./lambda_rekognition') }), environment={"variables": {"DYNAMODB_TABLE": db.id}} ) # Give bucket permission to invoke Lambda lambda_event = lambda_.Permission( resource_name="lambda_img_event", action="lambda:InvokeFunction", principal="s3.amazonaws.com", source_arn=web_bucket.arn, function=lambda_rekognition.arn ) # Bucket notification that triggers Lambda on Put operation - For JPG bucket_notification = s3.BucketNotification(
"ReplicationLambdaAllowDynamoPolicy", role=lambdaRole.name, policy=getAllowDynamoStreamPolicyDocument( dynamoTable.stream_arn).apply(lambda d: json.dumps(d))) lambdaRoleAllowFirehosePutPolicy = iam.RolePolicy( "ReplicationLambdaAllowFirehosePolicy", role=lambdaRole.name, policy=getAllowFirehosePutPolicyDocument( deliveryStream.arn).apply(lambda d: json.dumps(d))) dynamoTriggerFunction = lambda_.Function( 'ReplicationLambdaFunction', role=lambdaRole.arn, runtime='python3.7', handler='dynamoTriggerLambda.handler', code=pulumi.FileArchive("./dynamoTriggerLambda"), environment={"Variables": { "DELIVERY_STREAM_NAME": deliveryStream.name }}) dynamoTrigger = lambda_.EventSourceMapping( "ReplicationDynamoTriggerMapping", event_source_arn=dynamoTable.stream_arn, function_name=dynamoTriggerFunction.arn, starting_position='LATEST') pulumi.export('table_name', dynamoTable.name) pulumi.export('bucket_name', bucket.id) pulumi.export('delivery_stream_name', deliveryStream.name)
region = aws.config.region custom_stage_name = 'example' ################## ## Lambda Function ################## # Create a Lambda function, using code from the `./app` folder. lambda_func = aws.lambda_.Function( "mylambda", role=iam.lambda_role.arn, runtime="python3.7", handler="hello.handler", code=pulumi.AssetArchive({'.': pulumi.FileArchive('./hello_lambda')})) #################################################################### ## ## API Gateway REST API (API Gateway V1 / original) ## /{proxy+} - passes all requests through to the lambda function ## #################################################################### # Create a single Swagger spec route handler for a Lambda function. def swagger_route_handler(arn): return ({ "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { "uri":
"""An AWS Python Pulumi program""" import pulumi import pulumi_aws as aws instance_assume_role_policy = aws.iam.get_policy_document(statements=[ aws.iam.GetPolicyDocumentStatementArgs( actions=["sts:AssumeRole"], principals=[ aws.iam.GetPolicyDocumentStatementPrincipalArgs( type="Service", identifiers=["lambda.amazonaws.com"], ), aws.iam.GetPolicyDocumentStatementPrincipalArgs( type="Service", identifiers=["logs.eu-central-1.amazonaws.com"], ) ], ) ]) lambda_role = aws.iam.Role("lambda_role", path="/system/", assume_role_policy=instance_assume_role_policy.json) lambda_function = aws.lambda_.Function("example_lambda_function", code=pulumi.FileArchive('./handler'), role=lambda_role.arn, runtime='nodejs12.x', handler='index.handler')
}, "Resource": "arn:aws:sqs:%s:%s:ConnectOutboundCallData" % ( current_region.name, caller_ident.account_id, ) }] })) # Lambda lambda_exec_connect = aws.lambda_.Function( resource_name="exec_connect_contact_flow", description="Lambda for execute Connect contact flow", code=pulumi.AssetArchive( {".": pulumi.FileArchive("./source/exec_contact_flow")}), role=iam_role.arn, runtime="python3.7", handler="exec_contact_flow.lambda_handler", tags=label("tags"), environment={ "variables": { "SOURCE_PHONE_NUMBER": appconfig["source_phone_number"], "CONTACT_FLOW_ID": appconfig["contact_flow_id"], "INSTANCE_ID": appconfig["instance_id"], } }) lambda_send_sqs = aws.lambda_.Function( resource_name="send_message_to_sqs", description="Lambda for send message to SQS queue",
def __init__(self, name, datalake_bucket: s3.Bucket = None, datalake_raw_path: str = None, fileproc_bucket: s3.Bucket = None, managed_policy_arns: List[str] = None, package_dir: str = None, tags: Dict[str, str] = None, opts: pulumi.ResourceOptions = None): super().__init__('hca:GlueNotificationLambda', name, None, opts) merged_tags = tags.copy() if tags else {} merged_tags.update({'hca:dataclassification': 'pii'}) role = iam.Role(f"{name}-role", path="/lambda/", description=f"role for glue notification lambda", assume_role_policy=json.dumps({ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "sts:AssumeRole", "Principal": { "Service": "lambda.amazonaws.com" } }] }), force_detach_policies=True, tags=merged_tags, opts=pulumi.ResourceOptions(parent=self)) # attach managed policies if managed_policy_arns: for index, policy in enumerate(managed_policy_arns): iam.RolePolicyAttachment( f"{name}-attach-policy-{index}", policy_arn=policy, role=role, opts=pulumi.ResourceOptions(parent=self)) fileprocpolicy = iam.RolePolicy( f"{name}-inline-policy", role=role, policy=pulumi.Output.all(datalake_bucket.bucket, fileproc_bucket.bucket).apply( lambda b: inline_policy(b[0], b[1])), opts=pulumi.ResourceOptions(parent=self)) self.function = lambda_.Function( f"{name}-function", runtime='python3.6', description= 'copy files from fileproc bucket to datalake raw bucket and trigger glue jobs', handler='glue_notification.main', environment={ 'variables': { 'S3_DATALAKE_BUCKET': datalake_bucket, 'S3_RAW_PATH': datalake_raw_path, 'PULUMI_STACK': pulumi.get_stack(), 'PULUMI_PROJECT': pulumi.get_project() } }, memory_size=256, timeout=60, code=pulumi.AssetArchive({ # use lambda-glue-notification created with build.py '.': pulumi.FileArchive(package_dir), }), role=role.arn, tags=merged_tags, opts=pulumi.ResourceOptions(parent=self)) lambda_.Permission(f"{name}-permission", action='lambda:InvokeFunction', principal='s3.amazonaws.com', function=self.function, source_arn=fileproc_bucket.arn, opts=pulumi.ResourceOptions(parent=self))
import pulumi from pulumi_aws import lambda_, sfn import iam import json find_instance = lambda_.Function( "ce-find-instance", role=iam.lambda_role.arn, runtime="python3.7", handler="find_instance.lambda_handler", code=pulumi.AssetArchive({".": pulumi.FileArchive("./lambda")}), ) get_instance_status = lambda_.Function( "ce-get-instance-status", role=iam.lambda_role.arn, runtime="python3.7", handler="get_instance_status.lambda_handler", code=pulumi.AssetArchive({".": pulumi.FileArchive("./lambda")}), ) create_image = lambda_.Function( "ce-create-image", role=iam.lambda_role.arn, runtime="python3.7", handler="create_image.lambda_handler", code=pulumi.AssetArchive({".": pulumi.FileArchive("./lambda")}), ) get_image_status = lambda_.Function( "ce-get-image-status",
import pulumi import pulumi_aws as aws from iam import lambdaRole config = pulumi.Config() startQueryExecutionFunction = aws.lambda_.Function( resource_name="start-query-execution", code=pulumi.AssetArchive( {".": pulumi.FileArchive("lambda/start_query_execution")}), description="Starts the execution of an Amazon Athena query", environment=aws.lambda_.FunctionEnvironmentArgs( variables={"AWS_ACCOUNT_ID": config.require("awsAccountId")}), handler="start_query_execution.handler", name="start-query-execution", role=lambdaRole.arn, runtime="python3.8", ) getQueryExecutionFunction = aws.lambda_.Function( resource_name="get-query-execution", code=pulumi.AssetArchive( {".": pulumi.FileArchive("lambda/get_query_execution")}), description= "Gets information about the execution of an Amazon Athena query", handler="get_query_execution.handler", name="get-query-execution", role=lambdaRole.arn, runtime="python3.8", )
#you can set the confid by pulumi confif set mykey myvalue config = pulumi.Config(name=None) config_values = {"epic_secret_key": config.get("epic_secret_key")} bucket = None assets = {} function_dictionary = { "hello_function": "handle_hello_function", } #traverse_dir_recur(PATH_TO_SOURCE_CODE,assets) archive = pulumi.FileArchive(PATH_TO_SOURCE_CODE) def enable_apis(services): projects.Services(project=project_name, services=services, disable_on_destroy=False, resource_name="enable_dataorc_api_resources") def create_function_and_output_end_url(function_name, entry_point): source_archive_object = storage.BucketObject(function_name, name="main.py-%f" % time.time(), bucket=bucket.name, source=archive)
"dynamodb:PutItem", "dynamodb:UpdateItem" ], "Effect": "Allow", "Sid": "dynamoAccess", "Resource": "*" }] }""") # Create a Lambda function, using code from the `./app` folder. lambda_func = aws.lambda_.Function( "mention-processing-lambda", role=iam.lambda_role.arn, runtime="python3.7", handler="mention_processing_lambda.webhook_handler", code=pulumi.AssetArchive({'.': pulumi.FileArchive('.')}), environment={ "variables": { 'SLACK_TOKEN': slack_token, 'SLACK_VERIFICATION_CODE': verification_token, # TODO: is this "apply" necessary? 'SUBSCRIPTIONS_TABLE_NAME': subscriptions_table.name.apply(lambda name: name), } }) ############################################# ## APIGateway RestAPI # Provide webhooks for slack to send events
"Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" }] }""") # Create a Lambda function to validate request authorization auth_lambda = aws.lambda_.Function( "auth-lambda", role=lambda_role.arn, runtime=aws.lambda_.Runtime.PYTHON3D8, code=pulumi.AssetArchive({ ".": pulumi.FileArchive("./authorizer"), }), handler="handler.handler", ) # Create a Lambda function to respond to HTTP requests hello_handler = aws.lambda_.Function( "hello-handler", role=lambda_role.arn, runtime=aws.lambda_.Runtime.PYTHON3D8, code=pulumi.AssetArchive({ ".": pulumi.FileArchive("./handler"), }), handler="handler.handler", )
import pulumi import pulumi_aws as aws site_bucket = aws.s3.Bucket("siteBucket") test_file_asset = aws.s3.BucketObject("testFileAsset", bucket=site_bucket.id, source=pulumi.FileAsset("file.txt")) test_string_asset = aws.s3.BucketObject("testStringAsset", bucket=site_bucket.id, source=pulumi.StringAsset("<h1>File contents</h1>")) test_remote_asset = aws.s3.BucketObject("testRemoteAsset", bucket=site_bucket.id, source=pulumi.remoteAsset("https://pulumi.test")) test_file_archive = aws.s3.BucketObject("testFileArchive", bucket=site_bucket.id, source=pulumi.FileArchive("file.tar.gz")) test_remote_archive = aws.s3.BucketObject("testRemoteArchive", bucket=site_bucket.id, source=pulumi.RemoteArchive("https://pulumi.test/foo.tar.gz")) test_asset_archive = aws.s3.BucketObject("testAssetArchive", bucket=site_bucket.id, source=pulumi.AssetArchive({ "file.txt": pulumi.FileAsset("file.txt"), "string.txt": pulumi.StringAsset("<h1>File contents</h1>"), "remote.txt": pulumi.remoteAsset("https://pulumi.test"), "file.tar": pulumi.FileArchive("file.tar.gz"), "remote.tar": pulumi.RemoteArchive("https://pulumi.test/foo.tar.gz"), ".nestedDir": pulumi.AssetArchive({ "file.txt": pulumi.FileAsset("file.txt"), "string.txt": pulumi.StringAsset("<h1>File contents</h1>"), "remote.txt": pulumi.remoteAsset("https://pulumi.test"),
"Version": "2012-10-17", "Statement": [{ "Action": ["logs:*", "cloudwatch:*"], "Resource": "*", "Effect": "Allow", }, { "Action": ["s3:*"], "Resource": model_bucket.arn.apply(lambda b: f"{b}/*"), "Effect": "Allow", }], }), ) lambda_func = lambda_.Function("classifier-fn", code=pulumi.AssetArchive({ ".": pulumi.FileArchive("./app"), }), role=role.arn, timeout=300, memory_size=512, runtime="python3.6", handler="app.lambda_handler", layers=["arn:aws:lambda:us-west-2:934676248949:layer:pytorchv1-py36:2"], environment={ "variables": { "MODEL_BUCKET": model_bucket.bucket, "MODEL_KEY": model_object.key, } } )