def parse(cls, value):
# type: (str) -> Tuple[str, Dict[str, str]]
"""Parse the value passed to a lookup in a standardized way.
Args:
value: The raw value passed to a lookup.
Returns:
The lookup query and a dict of arguments
"""
raw_value = read_value_from_path(value)
colon_split = raw_value.split("::", 1)
query = colon_split.pop(0)
args = cls._parse_args(colon_split[0]) if colon_split else {}
return query, args
def _get_replicated_lambda_remover_lambda(self):
# type: () -> Dict[str, Any]
res = {}
res['role'] = self.template.add_resource(
iam.Role(
'ReplicatedLambdaRemoverRole',
AssumeRolePolicyDocument=make_simple_assume_policy(
'lambda.amazonaws.com'),
Policies=[
iam.Policy(PolicyName="LambdaLogCreation",
PolicyDocument=PolicyDocument(
Version='2012-10-17',
Statement=[
Statement(
Action=[
awacs.logs.CreateLogGroup,
awacs.logs.CreateLogStream,
awacs.logs.PutLogEvents
],
Effect=Allow,
Resource=[
Join('', [
'arn:', Partition,
':logs:*:', AccountId,
':log-group:/aws/lambda/',
StackName,
'-ReplicatedLambdaRemover-*'
])
])
])),
iam.Policy(PolicyName="DeleteLambda",
PolicyDocument=PolicyDocument(
Version="2012-10-17",
Statement=[
Statement(Action=[
awacs.awslambda.DeleteFunction
],
Effect=Allow,
Resource=self.get_variables()
['function_arns'])
]))
],
))
self.template.add_output(
Output(
'ReplicatedLambdaRemoverRole',
Description='The name of the Replicated Lambda Remover Role',
Value=res['role'].ref()))
res['function'] = self.template.add_resource(
awslambda.Function(
'ReplicatedLambdaRemover',
Code=awslambda.Code(
ZipFile=read_value_from_path('file://' + os.path.join(
os.path.dirname(__file__),
'templates/replicated_lambda_remover.template.py'))),
Description=
"Checks for Replicated Lambdas created during the main stack and "
"deletes them when they are ready.",
Handler='index.handler',
Role=res['role'].get_att('Arn'),
Runtime='python3.7'))
self.template.add_output(
Output('ReplicatedLambdaRemoverArn',
Description='The ARN of the Replicated Function',
Value=res['function'].get_att('Arn')))
return res
def _get_self_destruct(self, replicated_lambda_remover):
# type: (Dict[str, Union[awslambda.Function, Any]]) -> Dict[str, Any]
res = {}
variables = self.get_variables()
res['role'] = self.template.add_resource(
iam.Role(
'SelfDestructRole',
AssumeRolePolicyDocument=make_simple_assume_policy(
'lambda.amazonaws.com'),
Policies=[
iam.Policy(PolicyName="LambdaLogCreation",
PolicyDocument=PolicyDocument(
Version='2012-10-17',
Statement=[
Statement(
Action=[
awacs.logs.CreateLogGroup,
awacs.logs.CreateLogStream,
awacs.logs.PutLogEvents
],
Effect=Allow,
Resource=[
Join('', [
'arn:', Partition,
':logs:*:', AccountId,
':log-group:/aws/lambda/',
StackName, '-SelfDestruct-*'
])
])
])),
iam.Policy(
PolicyName="DeleteStateMachine",
PolicyDocument=PolicyDocument(
Version="2012-10-17",
Statement=[
Statement(
Action=[awacs.states.DeleteStateMachine],
Effect=Allow,
Resource=[
# StateMachine
Join('', [
'arn:', Partition, ':states:',
Region, ':', AccountId,
':stateMachine:StaticSiteCleanup-',
variables['stack_name']
])
])
])),
iam.Policy(PolicyName="DeleteRolesAndPolicies",
PolicyDocument=PolicyDocument(
Version="2012-10-17",
Statement=[
Statement(
Action=[
awacs.iam.DeleteRolePolicy,
awacs.iam.DeleteRole
],
Effect=Allow,
Resource=[
Join('', [
'arn:', Partition, ':iam::',
AccountId, ':role/',
StackName, '-*'
]),
])
])),
iam.Policy(
PolicyName="DeleteLambdas",
PolicyDocument=PolicyDocument(
Version="2012-10-17",
Statement=[
Statement(
Action=[awacs.awslambda.DeleteFunction],
Effect=Allow,
Resource=[
Join('', [
'arn:', Partition, ':lambda:',
Region, ':', AccountId,
':function:%s-SelfDestruct-*' %
(variables['stack_name'])
]),
replicated_lambda_remover['function'].
get_att('Arn')
])
])),
iam.Policy(
PolicyName="DeleteStack",
PolicyDocument=PolicyDocument(
Version="2012-10-17",
Statement=[
Statement(
Action=[awacs.cloudformation.DeleteStack],
Effect=Allow,
Resource=[
Join('', [
'arn:', Partition,
':cloudformation:', Region, ':',
AccountId,
':stack/%s/*' %
(variables['stack_name'])
])
])
]))
],
))
self.template.add_output(
Output('SelfDestructLambdaRole',
Description='The name of the Self Destruct Role',
Value=res['role'].ref()))
res['function'] = self.template.add_resource(
awslambda.Function(
'SelfDestruct',
Code=awslambda.Code(ZipFile=read_value_from_path(
'file://' +
os.path.join(os.path.dirname(__file__),
'templates/self_destruct.template.py'))),
Description=
"Issues a Delete Stack command to the Cleanup stack",
Handler='index.handler',
Role=res['role'].get_att('Arn'),
Runtime='python3.7'))
self.template.add_output(
Output('SelfDestructLambdaArn',
Description='The ARN of the Replicated Function',
Value=res['function'].get_att('Arn')))
return res
def _get_replicated_lambda_remover_lambda(self):
# type: () -> Dict[str, Any]
res = {}
variables = self.get_variables()
res["role"] = self.template.add_resource(
iam.Role(
"ReplicatedLambdaRemoverRole",
AssumeRolePolicyDocument=make_simple_assume_policy(
"lambda.amazonaws.com"
),
PermissionsBoundary=(
variables["RoleBoundaryArn"]
if self.role_boundary_specified
else NoValue
),
Policies=[
iam.Policy(
PolicyName="LambdaLogCreation",
PolicyDocument=PolicyDocument(
Version="2012-10-17",
Statement=[
Statement(
Action=[
awacs.logs.CreateLogGroup,
awacs.logs.CreateLogStream,
awacs.logs.PutLogEvents,
],
Effect=Allow,
Resource=[
Join(
"",
[
"arn:",
Partition,
":logs:*:",
AccountId,
":log-group:/aws/lambda/",
StackName,
"-ReplicatedLambdaRemover-*",
],
)
],
)
],
),
),
iam.Policy(
PolicyName="DeleteLambda",
PolicyDocument=PolicyDocument(
Version="2012-10-17",
Statement=[
Statement(
Action=[awacs.awslambda.DeleteFunction],
Effect=Allow,
Resource=self.get_variables()["function_arns"],
)
],
),
),
],
)
)
self.template.add_output(
Output(
"ReplicatedLambdaRemoverRole",
Description="The name of the Replicated Lambda Remover Role",
Value=res["role"].ref(),
)
)
res["function"] = self.template.add_resource(
awslambda.Function(
"ReplicatedLambdaRemover",
Code=awslambda.Code(
ZipFile=read_value_from_path(
"file://"
+ os.path.join(
os.path.dirname(__file__),
"templates/replicated_lambda_remover.template.py",
)
)
),
Description="Checks for Replicated Lambdas created during the main stack and "
"deletes them when they are ready.",
Handler="index.handler",
Role=res["role"].get_att("Arn"),
Runtime="python3.7",
)
)
self.template.add_output(
Output(
"ReplicatedLambdaRemoverArn",
Description="The ARN of the Replicated Function",
Value=res["function"].get_att("Arn"),
)
)
return res
def _get_self_destruct(self, replicated_lambda_remover):
# type: (Dict[str, Union[awslambda.Function, Any]]) -> Dict[str, Any]
res = {}
variables = self.get_variables()
res["role"] = self.template.add_resource(
iam.Role(
"SelfDestructRole",
AssumeRolePolicyDocument=make_simple_assume_policy(
"lambda.amazonaws.com"
),
PermissionsBoundary=(
variables["RoleBoundaryArn"]
if self.role_boundary_specified
else NoValue
),
Policies=[
iam.Policy(
PolicyName="LambdaLogCreation",
PolicyDocument=PolicyDocument(
Version="2012-10-17",
Statement=[
Statement(
Action=[
awacs.logs.CreateLogGroup,
awacs.logs.CreateLogStream,
awacs.logs.PutLogEvents,
],
Effect=Allow,
Resource=[
Join(
"",
[
"arn:",
Partition,
":logs:*:",
AccountId,
":log-group:/aws/lambda/",
StackName,
"-SelfDestruct-*",
],
)
],
)
],
),
),
iam.Policy(
PolicyName="DeleteStateMachine",
PolicyDocument=PolicyDocument(
Version="2012-10-17",
Statement=[
Statement(
Action=[awacs.states.DeleteStateMachine],
Effect=Allow,
Resource=[
# StateMachine
Join(
"",
[
"arn:",
Partition,
":states:",
Region,
":",
AccountId,
":stateMachine:StaticSiteCleanup-",
variables["stack_name"],
],
)
],
)
],
),
),
iam.Policy(
PolicyName="DeleteRolesAndPolicies",
PolicyDocument=PolicyDocument(
Version="2012-10-17",
Statement=[
Statement(
Action=[
awacs.iam.DeleteRolePolicy,
awacs.iam.DeleteRole,
],
Effect=Allow,
Resource=[
Join(
"",
[
"arn:",
Partition,
":iam::",
AccountId,
":role/",
StackName,
"-*",
],
),
],
)
],
),
),
iam.Policy(
PolicyName="DeleteLambdas",
PolicyDocument=PolicyDocument(
Version="2012-10-17",
Statement=[
Statement(
Action=[awacs.awslambda.DeleteFunction],
Effect=Allow,
Resource=[
Join(
"",
[
"arn:",
Partition,
":lambda:",
Region,
":",
AccountId,
":function:%s-SelfDestruct-*"
% (variables["stack_name"]),
],
),
replicated_lambda_remover["function"].get_att(
"Arn"
),
],
)
],
),
),
iam.Policy(
PolicyName="DeleteStack",
PolicyDocument=PolicyDocument(
Version="2012-10-17",
Statement=[
Statement(
Action=[awacs.cloudformation.DeleteStack],
Effect=Allow,
Resource=[
Join(
"",
[
"arn:",
Partition,
":cloudformation:",
Region,
":",
AccountId,
":stack/%s/*"
% (variables["stack_name"]),
],
)
],
)
],
),
),
],
)
)
self.template.add_output(
Output(
"SelfDestructLambdaRole",
Description="The name of the Self Destruct Role",
Value=res["role"].ref(),
)
)
res["function"] = self.template.add_resource(
awslambda.Function(
"SelfDestruct",
Code=awslambda.Code(
ZipFile=read_value_from_path(
"file://"
+ os.path.join(
os.path.dirname(__file__),
"templates/self_destruct.template.py",
)
)
),
Description="Issues a Delete Stack command to the Cleanup stack",
Handler="index.handler",
Role=res["role"].get_att("Arn"),
Runtime="python3.7",
)
)
self.template.add_output(
Output(
"SelfDestructLambdaArn",
Description="The ARN of the Replicated Function",
Value=res["function"].get_att("Arn"),
)
)
return res
