def __init__(self, app: core.App, id: str, **kwargs) -> None: super().__init__(app, id, **kwargs) stack_name = core.Stack.of(self).stack_name env_type = stack_name.split("-")[1] # prod, stage, qa, dev, etc. layer = aws_lambda.LayerVersion(self, "BaseLayer", code=aws_lambda.Code.asset("/app/layer"), ) # Use only one asset instance, so we aren't using extra cloudformation parameters, # if we create many lambdas from it. app_code = aws_lambda.Code.asset("/app/code") lambda_fn = aws_lambda.Function(self, "Lambda", function_name=f"{stack_name}-CronLambda", code=app_code, layers=[layer], handler="main.main", runtime=aws_lambda.Runtime.PYTHON_3_7, memory_size=768, timeout=core.Duration.seconds(60), log_retention=aws_logs.RetentionDays.ONE_MONTH, ) self.enable_cron(lambda_fn)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # lambda_layer layer = aws_lambda.LayerVersion( self, "LambdaLayerLayer", compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_8], code=aws_lambda.AssetCode("layers/lambda_layer"), ) # lambda common_lambda_params = dict( runtime=aws_lambda.Runtime.PYTHON_3_8, handler="lambda_function.lambda_handler", timeout=core.Duration.seconds(10), memory_size=128, ) lambda_ = aws_lambda.Function( self, "LambdaLayerLambda", code=aws_lambda.Code.asset("lambdas/lambda_layer"), layers=[layer], **common_lambda_params, )
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) layer = _lambda.LayerVersion( self, 'PythonModuleLayer', code=_lambda.Code.asset('layer'), compatible_runtimes=[_lambda.Runtime.PYTHON_3_8], ) webhook_url = _ssm.StringParameter.from_string_parameter_name( self, 'TargetUrl', string_parameter_name='slack-webhook-url-number09-test' ).string_value my_lambda = _lambda.Function(self, 'NotificationHandler', runtime=_lambda.Runtime.PYTHON_3_8, code=_lambda.Code.asset('src/lambda'), handler='handler.notification.handler', layers=[layer], environment={ 'webhook_url': webhook_url, })
def __init__(self, scope: core.Construct, id: str, environment: dict, **kwargs) -> None: super().__init__(scope, id, **kwargs) layer = _lambda.LayerVersion( self, 'config-helper', code=_lambda.Code.asset('layer'), compatible_runtimes=[_lambda.Runtime.PYTHON_3_6], description='Helper functionns for config', layer_version_name='helper') # Create config-setup-# Lambda resource lambda_config_setup = _lambda.Function( self, 'lambda_function_config-setup-', runtime=_lambda.Runtime.PYTHON_3_6, code=_lambda.Code.asset('lambda'), handler='config-setup.main', function_name='config-setup-' + STAGE, memory_size=DEFAULT_MEMORY_SIZE_LAMBDA_FUNCTION, layers=[layer], environment=environment, timeout=core.Duration.seconds(900)) config_role_statement = _iam.PolicyStatement( actions=['sts:AssumeRole'], effect=_iam.Effect.ALLOW, resources=["arn:aws:iam::*:role/ConfigRole"]) lambda_config_setup.add_to_role_policy(config_role_statement)
def __init__(self, app: core.App, id: str) -> None: super().__init__(app, id) # IAM permissions for the Lambda functions configCustomResourcePermission = iam.PolicyStatement(actions=[ 'config:ListDiscoveredResources', 'config:DeleteResourceConfig', 'config:PutResourceConfig', 'cloudformation:DescribeType' ], resources=['*']) configRuleLambdaPermission = iam.PolicyStatement( actions=['config:PutEvaluations'], resources=['*']) secretManagerPermission = iam.PolicyStatement( actions=['secretsmanager:GetSecretValue'], resources=[secret_manager_arn]) # Lambda Layer lambdaLayer = lambda_.LayerVersion( self, "ConfigADConnectorLayer", code=lambda_.Code.from_asset( os.path.join(dirname, f'../.build/{lambda_layer_file_name}')), compatible_runtimes=[lambda_.Runtime.PYTHON_3_6]) # Lambda function and periodic trigger for Config - AD connector configAdLambdaFn = lambda_.Function( self, "ConfigADConnector", code=lambda_.Code.from_asset( os.path.join(dirname, f'../.build/{lambda_code_file_name}')), handler=f"{connector_function_name}.lambda_handler", timeout=core.Duration.seconds(300), runtime=lambda_.Runtime.PYTHON_3_6, layers=[lambdaLayer], initial_policy=[ configCustomResourcePermission, secretManagerPermission ], environment=lambda_env_map) rule = events.Rule( self, "Rule", schedule=events.Schedule.rate(duration=core.Duration.minutes(1))) rule.add_target(targets.LambdaFunction(configAdLambdaFn)) # Custom Config Rule with a Lambda function for AD user evaluation ruleEvaluationLambdaFn = lambda_.Function( self, "ADUserPasswdExpiresCheck", code=lambda_.Code.from_asset( os.path.join(dirname, f'../.build/{lambda_code_file_name}')), handler=f"{config_rule_function_name}.lambda_handler", timeout=core.Duration.seconds(300), runtime=lambda_.Runtime.PYTHON_3_6, layers=[lambdaLayer], initial_policy=[configRuleLambdaPermission], environment=lambda_env_map) configRule = config.CustomRule(self, "ADUserPasswdExpires", lambda_function=ruleEvaluationLambdaFn, configuration_changes=True) configRule.scope_to_resources(os.environ['RESOURCE_TYPE'])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) service_role = iam.Role( self, "BashFunctionServiceRole", assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"), managed_policies=[ iam.ManagedPolicy.from_aws_managed_policy_name( "service-role/AWSLambdaBasicExecutionRole") ]) lambda_layer = aws_lambda.LayerVersion( self, "BashLayer", code=aws_lambda.Code.from_asset("./src/layer"), description="Bash runtime") lambda_fn = aws_lambda.Function( self, "BashFunction", code=aws_lambda.Code.from_asset("./src/function"), layers=[lambda_layer], handler="function.handler", timeout=core.Duration.seconds(300), runtime=aws_lambda.Runtime.PROVIDED, memory_size=128, role=service_role)
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) resource_layer = l.LayerVersion( self, 'ResourceLayer', code=l.Code.asset('./repos/resources'), compatible_runtimes=[l.Runtime.PYTHON_3_8], layer_version_name="resource_layer", license="MIT") request_movers = l.Function( self, "RetrieveMovers", runtime=l.Runtime.PYTHON_3_8, code=l.Code.asset("./repos/python"), handler="retrieve_movers.handler", layers=[resource_layer], ) request_movers.role.add_managed_policy( iam.ManagedPolicy.from_managed_policy_arn( self, id="AWSLambda_FullAccess", managed_policy_arn= "arn:aws:iam::aws:policy/AWSLambda_FullAccess"))
def __init__(self, scope: core.Construct, id: str, props: dict, **kwargs) -> None: super().__init__(scope, id, **kwargs) lambda_role = iam.Role( self, 'ValidationLambdaRole', assumed_by=iam.ServicePrincipal('lambda.amazonaws.com'), managed_policies=[ iam.ManagedPolicy.from_aws_managed_policy_name( 'service-role/AWSLambdaBasicExecutionRole'), iam.ManagedPolicy.from_aws_managed_policy_name( 'AmazonSSMReadOnlyAccess'), # TODO: restrict! iam.ManagedPolicy.from_aws_managed_policy_name( 'AmazonS3ReadOnlyAccess') # TODO: restrict! ]) pandas_layer = lmbda.LayerVersion( self, "PandasLambdaLayer", code=lmbda.Code.from_asset( "lambdas/layers/pandas/python37-pandas.zip"), compatible_runtimes=[lmbda.Runtime.PYTHON_3_7], description="A pandas layer for python 3.7") scipy_layer = lmbda.LayerVersion.from_layer_version_arn( self, id="SciPyLambdaLayer", layer_version_arn= 'arn:aws:lambda:ap-southeast-2:817496625479:layer:AWSLambda-Python37-SciPy1x:20' ) lmbda.Function(self, 'ValidationLambda', function_name=f"{props['namespace']}_validation_lambda", handler='validation.lambda_handler', runtime=lmbda.Runtime.PYTHON_3_7, code=lmbda.Code.from_asset('lambdas/validation'), environment={ 'STAGING_BUCKET': props['staging_bucket'], 'SLACK_HOST': props['slack_host'], 'SLACK_CHANNEL': props['slack_channel'] }, role=lambda_role) lmbda.Function(self, 'PlaygroundLambda', function_name=f"{props['namespace']}_playground_lambda", handler='playground.lambda_handler', runtime=lmbda.Runtime.PYTHON_3_7, code=lmbda.Code.from_asset('lambdas/playground'), environment={ 'STAGING_BUCKET': props['staging_bucket'], 'SLACK_HOST': props['slack_host'], 'SLACK_CHANNEL': props['slack_channel'] }, role=lambda_role, layers=[pandas_layer, scipy_layer])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Creates VPC vpc = ec2.Vpc(self, id) # Creates RDS Database instance = rds.DatabaseInstance( self, "RDS", database_name="covid", engine=rds.DatabaseInstanceEngine.mysql( version=rds.MysqlEngineVersion.VER_8_0_21 ), vpc=vpc, port=3306, instance_type=ec2.InstanceType.of( ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO, ), removal_policy=core.RemovalPolicy.DESTROY, deletion_protection=False, vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC), ) # Add inbound rule to RDS SG instance.connections.allow_from_any_ipv4(ec2.Port.tcp(3306), "Open to the world") # Defines Lambda layers python_etl_layer = _lambda.LayerVersion( self, "python-etl", code=_lambda.AssetCode('C:\Code\ACG Challenge – AWS ETL\python.zip')) # Defines an AWS Lambda resource my_lambda = _lambda.Function( self, 'etlhandler', runtime=_lambda.Runtime.PYTHON_3_7, code=_lambda.Code.asset('lambda'), handler='etl.extract_csv1', layers=[python_etl_layer], timeout=core.Duration.seconds(30), memory_size=(256) ) # Add Lambda Environment Variables my_lambda.add_environment("RDS_INSTANCE", instance.instance_endpoint.hostname) my_lambda.add_environment("SECRET_NAME", instance.secret.secret_full_arn) # Grant permission to lambda to access RDS Secret instance.secret.grant_read(my_lambda) # Create a Cloudwatch Event rule four_hour_rule = aws_events.Rule( self, "four_hour_rule", schedule=aws_events.Schedule.rate(core.Duration.minutes(240)), ) # Add target to Cloudwatch Event four_hour_rule.add_target(aws_events_targets.LambdaFunction(my_lambda))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) requests_layer = _lambda.LayerVersion( self, "requests", code=_lambda.AssetCode('layers/requests.zip')) pytube_layer = _lambda.LayerVersion( self, "pytube", code=_lambda.AssetCode('layers/pytube.zip')) base_lambda = _lambda.Function( self, APP_NAME, handler='main.handler', runtime=_lambda.Runtime.PYTHON_3_8, code=_lambda.Code.asset('src'), timeout=core.Duration.seconds(30), layers=[requests_layer, pytube_layer], ) base_api = _apigw.RestApi(self, 'ApiGatewayWithCors', rest_api_name=APP_NAME) route_transcribe = base_api.root.add_resource('transcribe') route_transcribe_lambda_integration = _apigw.LambdaIntegration( base_lambda, proxy=True, integration_responses=[{ 'statusCode': '200', 'responseParameters': { 'method.response.header.Access-Control-Allow-Origin': "'*'", } }]) route_transcribe.add_method( 'GET', route_transcribe_lambda_integration, method_responses=[{ 'statusCode': '200', 'responseParameters': { 'method.response.header.Access-Control-Allow-Origin': True, } }]) self.add_cors_options(route_transcribe)
def createLambdaFunctions(self): ## **************** Lambda Layers - Helpers **************** self.lambda_helper_base = _lambda.LayerVersion( self, f'{self.PREFIX}-lambdaHelperLayer', compatible_runtimes = [_lambda.Runtime.PYTHON_3_7], code = _lambda.Code.asset('./assets/lambda_helper'), description = "A Helper layer for supporting code", layer_version_name = f"{self.PREFIX}-lambdaHelperLayer", ) self.lambda_helper_neptune = _lambda.LayerVersion( self, f'{self.PREFIX}-lambdaHelperNeptune', compatible_runtimes = [_lambda.Runtime.PYTHON_3_7], code = _lambda.Code.asset('./assets/lambda_helper_neptune'), description = "A Helper layer for generating neptune triples", layer_version_name = f"{self.PREFIX}-lambdaHelperNeptune", ) self.lambda_layer_spacy = _lambda.LayerVersion( self, f'{self.PREFIX}-lambdaHelperPandasSpacy', compatible_runtimes = [_lambda.Runtime.PYTHON_3_7], code = _lambda.Code.asset('./assets/lambda_helper_spacy/python.zip'), description = "A Helper layer containing spacy, pandas and numpy", layer_version_name = f"{self.PREFIX}-lambdaHelperPandasSpacy", ) ## **************** Lambda Function **************** # Function to load triples self.generate_triples_lambda = _lambda.Function( self, f'{self.PREFIX}-genTriplesAndLoadNeptune', runtime = _lambda.Runtime.PYTHON_3_7, code = _lambda.Code.asset('./assets/lambda'), handler = 'genTriplesAndLoadNeptune.lambda_handler', function_name = f'{self.PREFIX}-genTriplesAndLoadNeptune', memory_size = 1024, # retry_attempts = 1, timeout = core.Duration.seconds(EXECUTE_COMPREHEND_TIMEOUT), environment = { 'NEPTUNE_TRIPLES_FOLDER': NEPTUNE_TRIPLES_FOLDER }, role = self.service_role, layers = [self.lambda_helper_base, self.lambda_layer_spacy, self.lambda_helper_neptune], vpc = self.vpc, security_groups = [self.lambda_sg] )
def __init__(self, scope: core.Construct, stack_id: str, *, layer_code: lambda_.Code, layer_name: str, **kwargs): super().__init__(scope, stack_id, **kwargs) self.dependencies_layer = lambda_.LayerVersion( self, 'DependenciesLayer', code=layer_code, compatible_runtimes=[lambda_.Runtime.PYTHON_3_8], layer_version_name=layer_name)
def create_dependencies_layer(self, id: str, requirements_path: str, output_dir: str) -> aws_lambda.LayerVersion: # Install requirements for layer if not os.environ.get("SKIP_PIP"): subprocess.check_call( # Note: Pip will create the output dir if it does not exist f"pip install -r {requirements_path} -t {output_dir}/python". split()) return aws_lambda.LayerVersion( self, id, code=aws_lambda.Code.from_asset(output_dir))
def __init__(self, app: core.App, id: str, **kwargs) -> None: super().__init__(app, id, **kwargs) jsonloggingLayer = aws_lambda.LayerVersion(self, 'jsonloggingLayer', code=aws_lambda.AssetCode('layers/json_logging'), compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7], layer_version_name="clean-lambda-versions-json_logging") pytzLayer = aws_lambda.LayerVersion(self, 'pytzLayer', code=aws_lambda.AssetCode('layers/pytz'), compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7], layer_version_name="clean-lambda-versions-ptyz") lambdaFn = aws_lambda.Function( self, "Singleton", code=aws_lambda.AssetCode('./src'), handler="handler.clean_lambda_versions", function_name="clean-lambda-versions", layers=[jsonloggingLayer, pytzLayer], log_retention=aws_logs.RetentionDays.ONE_YEAR, timeout=core.Duration.seconds(300), runtime=aws_lambda.Runtime.PYTHON_3_7, ) lambdaFn.add_to_role_policy( aws_iam.PolicyStatement( actions=['lambda:ListFunctions', 'lambda:ListVersionsByFunction', 'lambda:DeleteFunction'], resources=['*'], ) ) # Run every monday at 08:01 AM UTC rule = aws_events.Rule( self, "Rule", schedule=aws_events.Schedule.cron( minute='01', hour='08', month='*', week_day='MON', year='*'), ) rule.add_target(aws_events_targets.LambdaFunction(lambdaFn))
def create_lambda_layer(self, scope, name: str) -> lmbda.LayerVersion: # NOTE: currently requires manual packaging # TODO: switch to aws_cdk.aws_lambda_python -> PythonLayerVersion id = camel_case_upper(f"{self.namespace}_{name}_Layer") return lmbda.LayerVersion( scope=scope, id=id, code=lmbda.Code.from_asset(f"lambdas/layers/{name}.zip"), compatible_runtimes=[lmbda.Runtime.PYTHON_3_8], description=f"Lambda layer {name} for python 3.8" )
def __init__(self, scope: core.Construct, id: str, props: dict, **kwargs) -> None: super().__init__(scope, id, **kwargs) lambda_role = iam.Role( self, 'ValidationLambdaRole', assumed_by=iam.ServicePrincipal('lambda.amazonaws.com'), managed_policies=[ iam.ManagedPolicy.from_aws_managed_policy_name( 'service-role/AWSLambdaBasicExecutionRole'), iam.ManagedPolicy.from_aws_managed_policy_name( 'AmazonSSMReadOnlyAccess'), iam.ManagedPolicy.from_aws_managed_policy_name( 'AmazonS3ReadOnlyAccess'), iam.ManagedPolicy.from_aws_managed_policy_name( 'IAMReadOnlyAccess') ]) lambda_role.add_to_policy( iam.PolicyStatement(actions=["ses:SendEmail", "ses:SendRawEmail"], resources=["*"])) pandas_layer = lmbda.LayerVersion( self, "PandasLambdaLayer", code=lmbda.Code.from_asset( "lambdas/layers/pandas/python37-pandas.zip"), compatible_runtimes=[lmbda.Runtime.PYTHON_3_7], description="A pandas layer for python 3.7") scipy_layer = lmbda.LayerVersion.from_layer_version_arn( self, id="SciPyLambdaLayer", layer_version_arn= 'arn:aws:lambda:ap-southeast-2:817496625479:layer:AWSLambda-Python37-SciPy1x:20' ) lmbda.Function(self, 'ValidationLambda', function_name=f"{props['namespace']}_validation_lambda", handler='validation.lambda_handler', runtime=lmbda.Runtime.PYTHON_3_7, timeout=core.Duration.seconds(10), code=lmbda.Code.from_asset('lambdas/validation'), environment={ 'STAGING_BUCKET': props['staging_bucket'], 'SLACK_HOST': props['slack_host'], 'SLACK_CHANNEL': props['slack_channel'], 'MANAGER_EMAIL': props['manager_email'], 'SENDER_EMAIL': props['sender_email'] }, role=lambda_role, layers=[pandas_layer, scipy_layer])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # The code that defines your stack goes here lambda_layer = aws_lambda.LayerVersion( self, "pillow_layer", code=aws_lambda.Code.asset("./python-pillow-6.2.1.zip"), compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7], description="Pillow_upload_from_cdk") # aws_lambda.LayerVersion.from_layer_version_arn(self, "pillow_layer", # layer_version_arn="arn:aws-cn:lambda:cn-northwest-1:313497334385:layer:pillow:4" # ) # The code that defines your stack goes here mylambda = aws_lambda.Function( self, "myfunction_id", description="lambda trigger by S3 to convert image", # function_name="img-process-cdk-deploy", # the name will be auto create code=aws_lambda.Code.asset("./lambda"), handler="lambda_function.lambda_handler", runtime=aws_lambda.Runtime.PYTHON_3_7, timeout=core.Duration.seconds(60), memory_size=256, reserved_concurrent_executions=10, layers=[lambda_layer], dead_letter_queue_enabled=True, # cdk will create a new SQS for this # role = aws_iam.Role.from_role_arn(self, "mylambda_role", # role_arn="arn:aws-cn:iam::313497334385:role/Lambda-access-img-process-S3bucket" # ) # cdk will create a role for this ) with open('./env.js', 'r') as f: env = json.load(f) for (k, v) in env.items(): mylambda.add_environment(k, v) #create a new bucket, Import bucket can not add event trigger s3_bucket = aws_s3.Bucket( self, "mybucket", # bucket name will be auto created or define here # bucket_name="img-process-cdk-created" ) mylambda.add_event_source( aws_lambda_event_sources.S3EventSource( s3_bucket, events=[aws_s3.EventType.OBJECT_CREATED], filters=[aws_s3.NotificationKeyFilter(prefix='input/')])) s3_bucket.grant_read_write(mylambda)
def create_dependencies_layer(self, project_name, function_name: str) -> _lambda.LayerVersion: requirements_file = f'../requirements.{function_name}.txt' output_dir = f'../.build/{function_name}' if not os.environ.get('SKIP_PIP'): subprocess.check_call( f'pip install -r {requirements_file} -t {output_dir}/python'. split()) layer_id = f'{project_name}-{function_name}-dependencies' layer_code = _lambda.Code.from_asset(output_dir) return _lambda.LayerVersion(self, layer_id, code=layer_code)
def create_dependencies_layer(self, project_name) -> aws_lambda.LayerVersion: requirements_file = f'./handlers/requirements.txt' output_dir = f'./.build/packages' if not os.environ.get('SKIP_PIP'): subprocess.check_call( f'pip install -r {requirements_file} -t {output_dir}/python'. split()) layer_id = f'{project_name}-dependencies' layer_code = aws_lambda.Code.from_asset(output_dir) return aws_lambda.LayerVersion(self, layer_id, code=layer_code)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) layer = aws_lambda.LayerVersion( self, "dependencies", code=aws_lambda.AssetCode("python.zip")) aws_lambda.Function( self, "Hello World", code=aws_lambda.Code.from_asset("lambda/"), handler="main.handler", runtime=aws_lambda.Runtime.PYTHON_3_7, layers=[layer], )
def create_dependencies_layer(self, project_name, function_name: str) -> _lambda.LayerVersion: requirements_file = function_name + "/" + "requirements.txt" output_dir = ".lambda_dependencies/" + function_name # Install requirements for layer in the output_dir if not os.environ.get("SKIP_PIP"): # Note: Pip will create the output dir if it does not exist subprocess.check_call( f"pip install -r {requirements_file} -t {output_dir}/python".split() ) return _lambda.LayerVersion( self, project_name + "-" + function_name + "-dependencies", code=_lambda.Code.from_asset(output_dir) )
def create_lambda_dependency_layer(self) -> None: dependency_asset = aws_lambda.Code.from_asset( path='./', bundling=core.BundlingOptions( image=core.BundlingDockerImage.from_asset('./'))) self.dependency_layer = aws_lambda.LayerVersion( self, 'DependencyLayer', code=dependency_asset, compatible_runtimes=[ aws_lambda.Runtime.PYTHON_3_6, aws_lambda.Runtime.PYTHON_3_7, aws_lambda.Runtime.PYTHON_3_8, ], description='A layer containing all Python dependencies', )
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) lm = lamda.Function(self, 'Lamna', handler='index.handler', runtime=lamda.Runtime.DOTNET_CORE_1, code=MyCode()) layer = lamda.LayerVersion( self, 'LV1', code=MyCode(), compatible_runtimes=[lamda.Runtime.DOTNET_CORE_1]) assert is_called
def get_or_build(scope: core.Construct) -> aws_lambda.LayerVersion: code = aws_lambda.Code.from_asset( _lambda_path('layers/emr_config_utils')) stack = core.Stack.of(scope) layer = stack.node.try_find_child('EMRConfigUtilsLayer') if layer is None: layer = aws_lambda.LayerVersion( stack, 'EMRConfigUtilsLayer', layer_version_name='EMRLaunch_EMRUtilities_EMRConfigUtilsLayer', code=code, compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7], description='EMR configuration utility functions') BaseBuilder.tag_construct(layer) return layer
def sagemaker_layer(scope, blueprint_bucket): """ sagemaker_layer creates a Lambda layer with Sagemaker SDK installed in it to allow Lambda functions call Sagemaker SDK's methods such as create_model(), etc. :blueprint_bucket: CDK object of the blueprint bucket that contains resources for BYOM pipeline :scope: CDK Construct scope that's needed to create CDK resources :return: Lambda layer version in a form of a CDK object """ # Lambda sagemaker layer for sagemaker sdk that is used in create sagemaker model step return lambda_.LayerVersion( scope, "sagemakerlayer", code=lambda_.Code.from_bucket(blueprint_bucket, "blueprints/byom/lambdas/sagemaker_layer.zip"), compatible_runtimes=[lambda_.Runtime.PYTHON_3_8], )
def base_lambda_layer(construct, **kwargs): """ Function that generates a Lambda Layer. Using the parameter 'layer_code_path' it gets the code from a path set for the user or a preset path. :param construct: Custom construct that will use this function. From the external construct is usually 'self'. :param kwargs: Consist of required 'layer_name', 'layer_runtimes', and optionals 'layer_code_path', 'description', 'license'. :return: Lambda Layer Construct. """ layer_runtimes = list() for runtime in kwargs["layer_runtimes"]: try: layer_runtime = getattr(lambda_.Runtime, runtime) except Exception: raise WrongRuntimePassed( detail=f"Wrong function runtime {runtime} specified", tb=traceback.format_exc()) else: layer_runtimes.append(layer_runtime) obtainer_code_path = kwargs.get("layer_code_path") if obtainer_code_path is not None: layer_code_path = obtainer_code_path elif obtainer_code_path is None and DEFAULT_LAMBDA_LAYER_CODE_PATH_EXISTS is True: layer_code_path = DEFAULT_LAMBDA_LAYER_CODE_PATH else: print( f"Code path for Lambda Function {kwargs['layer_name']} is not valid!" ) raise RuntimeError # Defining Lambda Layer _lambda_layer = lambda_.LayerVersion( construct, id=construct.prefix + "_" + kwargs["layer_name"] + "_" + construct.environment_, layer_version_name=construct.prefix + "_" + kwargs["layer_name"] + "_" + construct.environment_, description=kwargs.get("description"), code=lambda_.Code.from_asset(path=layer_code_path, exclude=kwargs.get( "exclude", ["aws_cdk"])), compatible_runtimes=layer_runtimes, license=kwargs.get("license"), ) return _lambda_layer
def LayerVersion(self, id: str, *, remote_account_grant: bool = False, ssm_param: bool = True, **attr) -> aws_lambda.LayerVersion: layv = aws_lambda.LayerVersion(self, id**attr) if remote_account_grant: layv.add_permission('remote-account-grant', account_id='*') if ssm_param: aws_ssm.StringParameter( self, f"{id}-ssm", string_value=layv.layer_version_arn, parameter_name=f"/layers/{id.replace('-', '/')}") CfnOutput(self, f"{id}-cfn", value=layv.from_layer_version_arn) return layv
def create_all_layers(self) -> None: """ All stack layers """ # Common utils lambda layer create_lambda_layer_from_dir( output_dir="./stack", tag="common", layer_dir="./cbers2stac/layers/common", prefix="python", ) common_layer_asset = aws_lambda.Code.asset("./stack/common.zip") self.layers_["common_layer"] = aws_lambda.LayerVersion( self, "common_layer", code=common_layer_asset, compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7], description="Common utils", )
def __init__(self, scope: core.Construct, id: str, build_prefix: str, subnet_group_name: str, context: InfraContext, handler: str, securityGroups: typing.Optional[typing.List[ ec2.SecurityGroup]] = None, **kwargs) -> None: super().__init__(scope, id, **kwargs) bucket_arn = ssm.StringParameter.from_string_parameter_name( self, 'artifact_bucket', string_parameter_name='/app-FinSurf/artifacts/bucket_name') code_bucket = s3.Bucket.from_bucket_arn( self, 'code_bucket', bucket_arn=bucket_arn.string_value) deps_layer = lambda_.LayerVersion( self, 'Dependencies', code=lambda_.Code.from_bucket(bucket=code_bucket, key=build_prefix + '/deps.zip'), compatible_runtimes=[lambda_.Runtime.PYTHON_3_8], description='Runtime dependencies for Python Lambda ' + id) self.function = lambda_.Function( self, 'Function', description='Python lambda function for ' + id, handler=handler, code=lambda_.Code.from_bucket(bucket=code_bucket, key=build_prefix + '/app.zip'), timeout=core.Duration.minutes(1), layers=[deps_layer], tracing=lambda_.Tracing.ACTIVE, runtime=lambda_.Runtime.PYTHON_3_8, vpc=context.networking.vpc, vpc_subnets=ec2.SubnetSelection( subnet_group_name=subnet_group_name), security_groups=securityGroups)
def __init__(self, scope: core.Construct, id: str, *, lambda_attrs: aws_lambda.FunctionProps = None, layer_attrs=None, remote_account_grant=False, use_layer=True, cfn_outputs=False): """Provides a CDK Construct for AWS Lambda and Layers Args: scope (core.Construct): [description] id (str): [description] lambda_attrs (aws_lambda.FunctionProps, optional): [description]. Defaults to None. layer_attrs (aws_lambda.LayerVersionProps, optional): [description]. Defaults to None. remote_account_grant (bool, optional): [description]. Defaults to False. use_layer (bool, optional): [description]. Defaults to True. """ super().__init__(scope, id) if layer_attrs: self._layer = aws_lambda.LayerVersion(self, "layer", **layer_attrs) ssm_name = "/{}/layer".format(id.replace('-', '/')) ssm.StringParameter(self, 'Layer', string_value=self._layer.layer_version_arn, parameter_name=ssm_name) if remote_account_grant: self._layer.add_permission('remote-account-grant', account_id='*') if lambda_attrs: self._lambda = aws_lambda.Function(self, "lambda", **lambda_attrs) if self._layer and use_layer: self._lambda.add_layers(self._layer) if cfn_outputs: core.CfnOutput(self, 'LambdaArn', value=self._lambda.function_arn) if self._layer: core.CfnOutput(self, 'LayerArn', value=self._layer.from_layer_version_arn)