def parse(cls, value): # type: (str) -> Tuple[str, Dict[str, str]] """Parse the value passed to a lookup in a standardized way. Args: value: The raw value passed to a lookup. Returns: The lookup query and a dict of arguments """ raw_value = read_value_from_path(value) colon_split = raw_value.split("::", 1) query = colon_split.pop(0) args = cls._parse_args(colon_split[0]) if colon_split else {} return query, args
def _get_replicated_lambda_remover_lambda(self): # type: () -> Dict[str, Any] res = {} res['role'] = self.template.add_resource( iam.Role( 'ReplicatedLambdaRemoverRole', AssumeRolePolicyDocument=make_simple_assume_policy( 'lambda.amazonaws.com'), Policies=[ iam.Policy(PolicyName="LambdaLogCreation", PolicyDocument=PolicyDocument( Version='2012-10-17', Statement=[ Statement( Action=[ awacs.logs.CreateLogGroup, awacs.logs.CreateLogStream, awacs.logs.PutLogEvents ], Effect=Allow, Resource=[ Join('', [ 'arn:', Partition, ':logs:*:', AccountId, ':log-group:/aws/lambda/', StackName, '-ReplicatedLambdaRemover-*' ]) ]) ])), iam.Policy(PolicyName="DeleteLambda", PolicyDocument=PolicyDocument( Version="2012-10-17", Statement=[ Statement(Action=[ awacs.awslambda.DeleteFunction ], Effect=Allow, Resource=self.get_variables() ['function_arns']) ])) ], )) self.template.add_output( Output( 'ReplicatedLambdaRemoverRole', Description='The name of the Replicated Lambda Remover Role', Value=res['role'].ref())) res['function'] = self.template.add_resource( awslambda.Function( 'ReplicatedLambdaRemover', Code=awslambda.Code( ZipFile=read_value_from_path('file://' + os.path.join( os.path.dirname(__file__), 'templates/replicated_lambda_remover.template.py'))), Description= "Checks for Replicated Lambdas created during the main stack and " "deletes them when they are ready.", Handler='index.handler', Role=res['role'].get_att('Arn'), Runtime='python3.7')) self.template.add_output( Output('ReplicatedLambdaRemoverArn', Description='The ARN of the Replicated Function', Value=res['function'].get_att('Arn'))) return res
def _get_self_destruct(self, replicated_lambda_remover): # type: (Dict[str, Union[awslambda.Function, Any]]) -> Dict[str, Any] res = {} variables = self.get_variables() res['role'] = self.template.add_resource( iam.Role( 'SelfDestructRole', AssumeRolePolicyDocument=make_simple_assume_policy( 'lambda.amazonaws.com'), Policies=[ iam.Policy(PolicyName="LambdaLogCreation", PolicyDocument=PolicyDocument( Version='2012-10-17', Statement=[ Statement( Action=[ awacs.logs.CreateLogGroup, awacs.logs.CreateLogStream, awacs.logs.PutLogEvents ], Effect=Allow, Resource=[ Join('', [ 'arn:', Partition, ':logs:*:', AccountId, ':log-group:/aws/lambda/', StackName, '-SelfDestruct-*' ]) ]) ])), iam.Policy( PolicyName="DeleteStateMachine", PolicyDocument=PolicyDocument( Version="2012-10-17", Statement=[ Statement( Action=[awacs.states.DeleteStateMachine], Effect=Allow, Resource=[ # StateMachine Join('', [ 'arn:', Partition, ':states:', Region, ':', AccountId, ':stateMachine:StaticSiteCleanup-', variables['stack_name'] ]) ]) ])), iam.Policy(PolicyName="DeleteRolesAndPolicies", PolicyDocument=PolicyDocument( Version="2012-10-17", Statement=[ Statement( Action=[ awacs.iam.DeleteRolePolicy, awacs.iam.DeleteRole ], Effect=Allow, Resource=[ Join('', [ 'arn:', Partition, ':iam::', AccountId, ':role/', StackName, '-*' ]), ]) ])), iam.Policy( PolicyName="DeleteLambdas", PolicyDocument=PolicyDocument( Version="2012-10-17", Statement=[ Statement( Action=[awacs.awslambda.DeleteFunction], Effect=Allow, Resource=[ Join('', [ 'arn:', Partition, ':lambda:', Region, ':', AccountId, ':function:%s-SelfDestruct-*' % (variables['stack_name']) ]), replicated_lambda_remover['function']. get_att('Arn') ]) ])), iam.Policy( PolicyName="DeleteStack", PolicyDocument=PolicyDocument( Version="2012-10-17", Statement=[ Statement( Action=[awacs.cloudformation.DeleteStack], Effect=Allow, Resource=[ Join('', [ 'arn:', Partition, ':cloudformation:', Region, ':', AccountId, ':stack/%s/*' % (variables['stack_name']) ]) ]) ])) ], )) self.template.add_output( Output('SelfDestructLambdaRole', Description='The name of the Self Destruct Role', Value=res['role'].ref())) res['function'] = self.template.add_resource( awslambda.Function( 'SelfDestruct', Code=awslambda.Code(ZipFile=read_value_from_path( 'file://' + os.path.join(os.path.dirname(__file__), 'templates/self_destruct.template.py'))), Description= "Issues a Delete Stack command to the Cleanup stack", Handler='index.handler', Role=res['role'].get_att('Arn'), Runtime='python3.7')) self.template.add_output( Output('SelfDestructLambdaArn', Description='The ARN of the Replicated Function', Value=res['function'].get_att('Arn'))) return res
def _get_replicated_lambda_remover_lambda(self): # type: () -> Dict[str, Any] res = {} variables = self.get_variables() res["role"] = self.template.add_resource( iam.Role( "ReplicatedLambdaRemoverRole", AssumeRolePolicyDocument=make_simple_assume_policy( "lambda.amazonaws.com" ), PermissionsBoundary=( variables["RoleBoundaryArn"] if self.role_boundary_specified else NoValue ), Policies=[ iam.Policy( PolicyName="LambdaLogCreation", PolicyDocument=PolicyDocument( Version="2012-10-17", Statement=[ Statement( Action=[ awacs.logs.CreateLogGroup, awacs.logs.CreateLogStream, awacs.logs.PutLogEvents, ], Effect=Allow, Resource=[ Join( "", [ "arn:", Partition, ":logs:*:", AccountId, ":log-group:/aws/lambda/", StackName, "-ReplicatedLambdaRemover-*", ], ) ], ) ], ), ), iam.Policy( PolicyName="DeleteLambda", PolicyDocument=PolicyDocument( Version="2012-10-17", Statement=[ Statement( Action=[awacs.awslambda.DeleteFunction], Effect=Allow, Resource=self.get_variables()["function_arns"], ) ], ), ), ], ) ) self.template.add_output( Output( "ReplicatedLambdaRemoverRole", Description="The name of the Replicated Lambda Remover Role", Value=res["role"].ref(), ) ) res["function"] = self.template.add_resource( awslambda.Function( "ReplicatedLambdaRemover", Code=awslambda.Code( ZipFile=read_value_from_path( "file://" + os.path.join( os.path.dirname(__file__), "templates/replicated_lambda_remover.template.py", ) ) ), Description="Checks for Replicated Lambdas created during the main stack and " "deletes them when they are ready.", Handler="index.handler", Role=res["role"].get_att("Arn"), Runtime="python3.7", ) ) self.template.add_output( Output( "ReplicatedLambdaRemoverArn", Description="The ARN of the Replicated Function", Value=res["function"].get_att("Arn"), ) ) return res
def _get_self_destruct(self, replicated_lambda_remover): # type: (Dict[str, Union[awslambda.Function, Any]]) -> Dict[str, Any] res = {} variables = self.get_variables() res["role"] = self.template.add_resource( iam.Role( "SelfDestructRole", AssumeRolePolicyDocument=make_simple_assume_policy( "lambda.amazonaws.com" ), PermissionsBoundary=( variables["RoleBoundaryArn"] if self.role_boundary_specified else NoValue ), Policies=[ iam.Policy( PolicyName="LambdaLogCreation", PolicyDocument=PolicyDocument( Version="2012-10-17", Statement=[ Statement( Action=[ awacs.logs.CreateLogGroup, awacs.logs.CreateLogStream, awacs.logs.PutLogEvents, ], Effect=Allow, Resource=[ Join( "", [ "arn:", Partition, ":logs:*:", AccountId, ":log-group:/aws/lambda/", StackName, "-SelfDestruct-*", ], ) ], ) ], ), ), iam.Policy( PolicyName="DeleteStateMachine", PolicyDocument=PolicyDocument( Version="2012-10-17", Statement=[ Statement( Action=[awacs.states.DeleteStateMachine], Effect=Allow, Resource=[ # StateMachine Join( "", [ "arn:", Partition, ":states:", Region, ":", AccountId, ":stateMachine:StaticSiteCleanup-", variables["stack_name"], ], ) ], ) ], ), ), iam.Policy( PolicyName="DeleteRolesAndPolicies", PolicyDocument=PolicyDocument( Version="2012-10-17", Statement=[ Statement( Action=[ awacs.iam.DeleteRolePolicy, awacs.iam.DeleteRole, ], Effect=Allow, Resource=[ Join( "", [ "arn:", Partition, ":iam::", AccountId, ":role/", StackName, "-*", ], ), ], ) ], ), ), iam.Policy( PolicyName="DeleteLambdas", PolicyDocument=PolicyDocument( Version="2012-10-17", Statement=[ Statement( Action=[awacs.awslambda.DeleteFunction], Effect=Allow, Resource=[ Join( "", [ "arn:", Partition, ":lambda:", Region, ":", AccountId, ":function:%s-SelfDestruct-*" % (variables["stack_name"]), ], ), replicated_lambda_remover["function"].get_att( "Arn" ), ], ) ], ), ), iam.Policy( PolicyName="DeleteStack", PolicyDocument=PolicyDocument( Version="2012-10-17", Statement=[ Statement( Action=[awacs.cloudformation.DeleteStack], Effect=Allow, Resource=[ Join( "", [ "arn:", Partition, ":cloudformation:", Region, ":", AccountId, ":stack/%s/*" % (variables["stack_name"]), ], ) ], ) ], ), ), ], ) ) self.template.add_output( Output( "SelfDestructLambdaRole", Description="The name of the Self Destruct Role", Value=res["role"].ref(), ) ) res["function"] = self.template.add_resource( awslambda.Function( "SelfDestruct", Code=awslambda.Code( ZipFile=read_value_from_path( "file://" + os.path.join( os.path.dirname(__file__), "templates/self_destruct.template.py", ) ) ), Description="Issues a Delete Stack command to the Cleanup stack", Handler="index.handler", Role=res["role"].get_att("Arn"), Runtime="python3.7", ) ) self.template.add_output( Output( "SelfDestructLambdaArn", Description="The ARN of the Replicated Function", Value=res["function"].get_att("Arn"), ) ) return res