def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
prj_name = self.node.try_get_context("project_name")
env_name = self.node.try_get_context("env")
account_id = core.Aws.ACCOUNT_ID
#To Store Frontend app
FlaskFrontendBucket = s3.Bucket(self, 'FlaskFrontendWebsite',
#access_control=s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL,
encryption=s3.BucketEncryption.S3_MANAGED,
bucket_name=account_id+'-'+env_name+'-frontend',
access_control=s3.BucketAccessControl.PUBLIC_READ,
# block_public_access=s3.BlockPublicAccess(
# block_public_acls=True,
# block_public_policy=True,
# ignore_public_acls=True,
# restrict_public_buckets=True,
# ),
removal_policy=core.RemovalPolicy.DESTROY
)
policy_statement = iam.PolicyStatement(
actions=["s3:GetObject"],
resources=[f"{FlaskFrontendBucket.bucket_arn}/*"],
)
policy_statement.add_any_principal()
static_site_policy_document = iam.PolicyDocument(
statements=[policy_statement]
)
FlaskFrontendBucket.add_to_resource_policy(policy_statement)
# The Origin Access Identity is a way to allow CloudFront
# Access to the Website Bucket
origin_access_identity = cfn.OriginAccessIdentity(
self, "OriginAccessIdentity",
comment="Allows Read-Access from CloudFront"
)
# We tell the website bucket to allow access from CloudFront
FlaskFrontendBucket.grant_read(origin_access_identity)
s3_deploy.BucketDeployment(self, "DeployFlaskFrontendWebsite",
sources=[s3_deploy.Source.asset("./static-content")],
destination_bucket=FlaskFrontendBucket,
# destination_key_prefix=""
)
core.CfnOutput(self, 'S3FlaskFrontendExport',
value = FlaskFrontendBucket.bucket_name,
export_name='FlaskFrontendBucket'
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
prod_configs = self.node.try_get_context('envs')['prod']
custom_vpc = _ec2.Vpc(
self,
"customVpcId",
cidr=prod_configs['vpc_configs']['vpc_cidr'],
max_azs=2,
nat_gateways=1,
subnet_configuration=[
_ec2.SubnetConfiguration(
name="publicSubnet",
cidr_mask=prod_configs['vpc_configs']['cidr_mask'],
subnet_type=_ec2.SubnetType.PUBLIC),
_ec2.SubnetConfiguration(
name="privateSubnet",
cidr_mask=prod_configs['vpc_configs']['cidr_mask'],
subnet_type=_ec2.SubnetType.PRIVATE),
_ec2.SubnetConfiguration(
name="dbSubnet",
cidr_mask=prod_configs['vpc_configs']['cidr_mask'],
subnet_type=_ec2.SubnetType.ISOLATED)
])
core.Tag.add(custom_vpc, "Owner", "Mystique")
core.CfnOutput(self,
"customVpcOutput",
value=custom_vpc.vpc_id,
export_name="customVpcId")
my_bkt = _s3.Bucket(self, "custombktId")
core.Tag.add(my_bkt, "Owner", "Mystique")
# Resource in same account.
bkt1 = _s3.Bucket.from_bucket_name(self, "MyImportedBuket",
"sample-bkt-cdk-010")
bkt2 = _s3.Bucket.from_bucket_arn(self, "crossAccountBucket",
"arn:aws:s3:::SAMPLE-CROSS-BUCKET")
core.CfnOutput(self, "myimportedbucket", value=bkt1.bucket_name)
vpc2 = _ec2.Vpc.from_lookup(
self,
"importedVPC",
# is_default=True,
vpc_id="vpc-d0a193aa")
core.CfnOutput(self, "importedVpc2", value=vpc2.vpc_id)
peer_vpc = _ec2.CfnVPCPeeringConnection(self,
"peerVpc12",
peer_vpc_id=custom_vpc.vpc_id,
vpc_id=vpc2.vpc_id)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
blue_env = self.node.try_get_context("blue_env")
green_env = self.node.try_get_context("green_env")
app_name = self.node.try_get_context("app_name")
bucket = s3.Bucket(
self,
'BlueGreenBucket',
# The default removal policy is RETAIN, which means that cdk
# destroy will not attempt to delete the new bucket, and it will
# remain in your account until manually deleted. By setting the
# policy to DESTROY, cdk destroy will attempt to delete the bucket,
# but will error if the bucket is not empty.
removal_policy=core.RemovalPolicy.DESTROY
# NOT recommended for production code
)
handler = lmbda.Function(self,
'BlueGreenLambda',
runtime=lmbda.Runtime.PYTHON_3_6,
code=lmbda.Code.asset('resources'),
handler='blue_green.lambda_handler',
environment={'BUCKET': bucket.bucket_name})
bucket.grant_read_write(handler)
repo = cc.Repository(
self,
'Repository',
repository_name='MyRepositoryName',
)
pipeline = cp.Pipeline(self, 'MyFirstPipeline')
source_stage = pipeline.add_stage(stage_name='Source')
source_artifact = cp.Artifact('Source')
source_action = cpactions.CodeCommitSourceAction(
action_name='CodeCommit', repository=repo, output=source_artifact)
source_stage.add_action(source_action)
deploy_stage = pipeline.add_stage(stage_name='Deploy')
lambda_action = cpactions.LambdaInvokeAction(
action_name='InvokeAction',
lambda_=handler,
user_parameters={
'blueEnvironment': blue_env,
'greenEnvironment': green_env,
'application': app_name
},
inputs=[source_artifact])
deploy_stage.add_action(lambda_action)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Add your stack resources below):
# Create an S3 Bucket for storing our web store assets
kk_store = _s3.Bucket(self, "kkStore", versioned=True)
# DynamoDB Table
kk_store_assets_table = _dynamodb.Table(
self,
"kkStoreAssetsDDBTable",
table_name="kk_store_assets_tables",
partition_key=_dynamodb.Attribute(
name="_id", type=_dynamodb.AttributeType.STRING),
removal_policy=core.RemovalPolicy.DESTROY)
# Read Lambda Code
try:
with open("advanced_use_cases/lambda_src/s3_event_processor.py",
mode="r") as f:
kk_store_processor_fn_code = f.read()
except OSError:
print("Unable to read Lambda Function Code")
# Deploy the lambda function
kk_store_processor_fn = _lambda.Function(
self,
"kkStoreProcessorFn",
function_name="kk_store_processor_fn",
description="Process store events and update DDB",
runtime=_lambda.Runtime.PYTHON_3_7,
handler="index.lambda_handler",
code=_lambda.InlineCode(kk_store_processor_fn_code),
timeout=core.Duration.seconds(3),
reserved_concurrent_executions=1,
environment={
"LOG_LEVEL": "INFO",
"DDB_TABLE_NAME": f"{kk_store_assets_table.table_name}"
})
# Add DynamoDB Write Privileges To Lambda
kk_store_assets_table.grant_read_write_data(kk_store_processor_fn)
# Create Custom Loggroup
kk_store_lg = _logs.LogGroup(
self,
"kkStoreLogGroup",
log_group_name=f"/aws/lambda/{kk_store_processor_fn.function_name}",
removal_policy=core.RemovalPolicy.DESTROY,
retention=_logs.RetentionDays.ONE_DAY)
# Create s3 notification for lambda function
kk_store_backend = _s3_notifications.LambdaDestination(
kk_store_processor_fn)
# Assign notification for the s3 event type (ex: OBJECT_CREATED)
kk_store.add_event_notification(_s3.EventType.OBJECT_CREATED,
kk_store_backend)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
s3_bucket = aws_s3.Bucket(self,
id='qa-app-client',
bucket_name='qa-app-client',
public_read_access=True,
website_error_document='index.html',
website_index_document='index.html')
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
bucket = aws_s3.Bucket(
self,
"mjls3Bucket1992323",
public_read_access=True
)
bucket
def __init__(self, scope: core.Construct, id: builtins.str,
landing_zone: IVpcLandingZone) -> None:
super().__init__(scope, id)
self.__landing_zone = landing_zone
# Setup DNS...
self.trader_dns_zone = r53.PrivateHostedZone(
self,
'Trader',
zone_name='trader.fsi'.format(landing_zone.zone_name.lower()),
vpc=landing_zone.vpc,
comment='HomeNet Financial Services Domain')
# Create a key and delegate access to IAM...
self.key = kms.Key(
self,
'Key',
alias='homenet/fsi',
enable_key_rotation=True,
policy=iam.PolicyDocument(statements=[
iam.PolicyStatement(effect=iam.Effect.ALLOW,
principals=[
iam.AccountPrincipal(
core.Stack.of(self).account)
],
actions=['kms:*'],
resources=['*'])
]))
# Create central resources...
self.tda_secret = sm.Secret(
self,
'AmeritradeSecrets',
removal_policy=core.RemovalPolicy.DESTROY,
secret_name='HomeNet-{}-Ameritrade-Secrets'.format(
self.landing_zone.zone_name))
self.bucket = s3.Bucket(self,
'Bucket',
bucket_name='homenet-{}.{}.trader.fsi'.format(
self.landing_zone.zone_name,
core.Stack.of(self).region).lower(),
versioned=True)
r53.ARecord(self,
'BucketAlias',
zone=self.trader_dns_zone,
record_name=self.bucket.bucket_domain_name,
target=r53.RecordTarget.from_alias(
dns_targets.BucketWebsiteTarget(self.bucket)))
# self.fspace = space.CfnEnvironment(self,'Finspace',
# name='HomeNet-FsiCoreSvc',
# kms_key_id= self.key.key_id,
# description="HomeNet Financial Servicing Catalog")
self.finspace = FinSpaceEnvironment()
self.key.grant_admin(iam.ServicePrincipal(service='finspace'))
def __init__(self, scope: cdk.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
name = "bucket-belisco-turma-5-cdk"
s3.Bucket(self,
id=name,
bucket_name=name,
block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
encryption=s3.BucketEncryption.S3_MANAGED)
def __init__(self, scope: core.Construct, construct_id: str,
bucket: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
# The code that defines your stack goes here
s3.Bucket(self,'bucket-id',
bucket_name='demo-'+bucket+'-865'
)
def create_asset_bucket(self):
"""
Create S3 Bucket for assets"
"""
return s3.Bucket(
self,
self.config.get("stack_name") + "_s3",
removal_policy=core.RemovalPolicy.DESTROY
)
def create_redirect_bucket(self):
return s3.Bucket(
self,
self.config.get("stack_name") + "_redirect",
website_redirect={"host_name": self.sub_domain,
"protocol": s3.RedirectProtocol.HTTPS},
removal_policy=core.RemovalPolicy.DESTROY,
public_read_access=True
)
def __init__(self, scope: core.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
# The code that defines your stack goes here
_s3.Bucket(
self,
"myBucketID",
)
def __init__(self, scope: core.Construct, id: str, bucket_name: str, **kwargs) -> None:
"""
deploys AWS S3 bucket
Resources:
AWS::S3::Bucket with your details
"""
super().__init__(scope, id, **kwargs)
s3.Bucket(self, id, bucket_name=bucket_name)
def __init__(self, scope: cdk.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
bucket = s3.Bucket(scope=self,
id="MyFirstBucket",
public_read_access=True,
removal_policy=cdk.RemovalPolicy.DESTROY,
versioned=True)
def __init__(self, scope: cdk.Construct, id: str, **kwargs):
super().__init__(scope, id, **kwargs)
bucket = s3.Bucket(self,
"Bucket",
removal_policy=cdk.RemovalPolicy.DESTROY)
# npm add @mobileposse/auto-delete-bucket # to empty contents first
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
_s3.Bucket(self,
"myBucketId",
bucket_name="cdk-project6676",
versioned=True,
encryption=_s3.BucketEncryption.KMS_MANAGED)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Create S3 bucket here.
bucket = aws_s3.Bucket(self, image_bucket_name)
# CFN output for S3 bucket creation.
core.CfnOutput(
self,
"image-bucket",
value=bucket.bucket_name,
description="Bucket for uploading images",
)
# Create dynamodb table for storing image labels here.
table = aws_dynamodb.Table(
self,
"image-lables",
partition_key=aws_dynamodb.Attribute(
name="image", type=aws_dynamodb.AttributeType.STRING
),
)
# CFN output for dynamodb table creation.
core.CfnOutput(
self,
"image-lables-ddb-table",
value=table.table_name,
description="DDB table for storing image lables.",
)
function = aws_lambda.Function(
self,
"rekognitionFunction",
runtime=aws_lambda.Runtime.PYTHON_3_7,
handler="handler.main",
code=aws_lambda.Code.asset("./rekognitionLambda"),
timeout=core.Duration.seconds(30),
memory_size=1024,
)
function.add_environment("TABLE", table.table_name)
function.add_environment("BUCKET", bucket.bucket_name)
function.add_event_source(
aws_lambda_event_sources.S3EventSource(
bucket=bucket, events=[aws_s3.EventType.OBJECT_CREATED]
)
)
bucket.grant_read(function)
table.grant_write_data(function)
function.add_to_role_policy(
statement=aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["rekognition:DetectLabels"],
resources=["*"],
)
)
def __init__(self, scope: core.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
_s3.Bucket(self,
"myBucketID",
bucket_name="myfirstcdkprojectbkt1004",
versioned=False,
encryption=_s3.BucketEncryption.S3_MANAGED,
block_public_access=_s3.BlockPublicAccess.BLOCK_ALL)
mybucket = _s3.Bucket(self, "myBucketId1")
print(mybucket.bucket_name)
output_1 = core.CfnOutput(self,
"myBucketOutput1",
value=mybucket.bucket_name,
description=f"My first cdk bucket",
export_name="myBucketOutput1")
def __init__(self, scope: cdk.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
bucket = s3.Bucket(self,
"MyFirstBucket",
versioned=True,
removal_policy=core.RemovalPolicy.DESTROY,
auto_delete_objects=True)
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
#template = cfn_inc.CfnInclude(self, id='Template', template_file='template.yaml')
# The code that defines your stack goes here
bucket_names = 'config-1' + str(core.Aws.ACCOUNT_ID)
sns_topic = _sns.Topic(self, id='topic-config', topic_name='config-topic')
sns_topic.add_subscription(subscriptions.EmailSubscription("*****@*****.**"))
bucket = s3.Bucket(self, id='s3cdkbuckets',bucket_name=bucket_names,versioned=True)
bucket_arn2 = str(bucket.bucket_arn) + "/AWSLogs/" + str(core.Aws.ACCOUNT_ID) + "/Config/*"
bucket_policy = bucket.add_to_resource_policy(iam.PolicyStatement(effect=iam.Effect.ALLOW,
resources=[bucket.bucket_arn],
actions=["s3:GetBucketAcl"],
sid = "AWSConfigBucketPermissionsCheck",
principals=[iam.ServicePrincipal("config.amazonaws.com")]
))
bucket_policy2 = bucket.add_to_resource_policy(iam.PolicyStatement(effect=iam.Effect.ALLOW,
resources=[bucket_arn2],
actions=["s3:PutObject"],
sid = "AWSConfigBucketDelivery",
principals=[iam.ServicePrincipal("config.amazonaws.com")],
conditions={"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"}
}))
recorder = config.CfnConfigurationRecorder(self,
id='recorder',
role_arn='arn:aws:iam::306646308112:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig',
recording_group=None)
channel = config.CfnDeliveryChannel(self,
id='channel',
s3_bucket_name=bucket.bucket_name,
sns_topic_arn=sns_topic.topic_arn)
time.sleep(20)
srule = config.CfnConfigRule(self,
id='rule1',
source=config.CfnConfigRule.SourceProperty(owner="AWS",
source_identifier="REQUIRED_TAGS"),
input_parameters={"tag1Key":"tagVal"})
srule2 = config.CfnConfigRule(self, id='rule2',
source=config.CfnConfigRule.SourceProperty(owner="AWS",
source_identifier="S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED"))
srule3 = config.CfnConfigRule(self, id='rule3',
source=config.CfnConfigRule.SourceProperty(owner="AWS",
source_identifier="VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS"))
srule.add_depends_on(recorder)
srule2.add_depends_on(recorder)
srule3.add_depends_on(recorder)
event_rule = _events.Rule(self, id='event_rule', event_pattern = {
"source": ["aws.config"],
"detail": {
"messageType": ["ConfigurationItemChangeNotification"],
"newEvaluationResult": {
"compliance_type": ["NON_COMPLIANT"]
}
}
})
event_rule.add_target(targets.SnsTopic(sns_topic))
def __init__(self, scope: core.Construct, _id: str, **kwargs) -> None:
super().__init__(scope, _id, **kwargs)
ddb_file_list = ddb.Table(self, "ddb",
partition_key=ddb.Attribute(name="Key", type=ddb.AttributeType.STRING),
billing_mode=ddb.BillingMode.PAY_PER_REQUEST)
sqs_queue_DLQ = sqs.Queue(self, "sqs_DLQ",
visibility_timeout=core.Duration.minutes(15),
retention_period=core.Duration.days(14)
)
sqs_queue = sqs.Queue(self, "sqs_queue",
visibility_timeout=core.Duration.minutes(15),
retention_period=core.Duration.days(14),
dead_letter_queue=sqs.DeadLetterQueue(
max_receive_count=100,
queue=sqs_queue_DLQ
)
)
handler = lam.Function(self, "lambdaFunction",
code=lam.Code.asset("./lambda"),
handler="lambda_function.lambda_handler",
runtime=lam.Runtime.PYTHON_3_8,
memory_size=1024,
timeout=core.Duration.minutes(15),
environment={
'table_name': ddb_file_list.table_name,
'queue_name': sqs_queue.queue_name,
'Des_bucket_default': Des_bucket_default,
'Des_prefix_default': Des_prefix_default,
'Des_region': Des_region,
'StorageClass': StorageClass,
'aws_access_key_id': aws_access_key_id,
'aws_secret_access_key': aws_secret_access_key
})
ddb_file_list.grant_read_write_data(handler)
handler.add_event_source(SqsEventSource(sqs_queue))
s3bucket = s3.Bucket(self, "s3bucket")
s3bucket.grant_read(handler)
s3bucket.add_event_notification(s3.EventType.OBJECT_CREATED,
s3n.SqsDestination(sqs_queue))
# You can import an existing bucket and grant access to lambda
# exist_s3bucket = s3.Bucket.from_bucket_name(self, "import_bucket",
# bucket_name="you_bucket_name")
# exist_s3bucket.grant_read(handler)
# But You have to add sqs as imported bucket event notification manually, it doesn't support by CloudFormation
# An work around is to add on_cloud_trail_event for the bucket, but will trigger could_trail first
# 因为是导入的Bucket,需要手工建Bucket Event Trigger SQS,以及设置SQS允许该bucekt触发的Permission
core.CfnOutput(self, "DynamoDB_Table", value=ddb_file_list.table_name)
core.CfnOutput(self, "SQS_Job_Queue", value=sqs_queue.queue_name)
core.CfnOutput(self, "SQS_Job_Queue_DLQ", value=sqs_queue_DLQ.queue_name)
core.CfnOutput(self, "Worker_Lambda_Function", value=handler.function_name)
core.CfnOutput(self, "New_S3_Bucket", value=s3bucket.bucket_name)
def __init__(self, scope: core.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
bucket = s3.Bucket(
self,
"MyFirstBucket",
versioned=True,
)
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
prj_name = self.node.try_get_context("project_name")
env_name = self.node.try_get_context("env")
account_id = core.Aws.ACCOUNT_ID
PROJECT_NUMBER = 2
# To Store Frontend App
frontend_bucket = s3.Bucket(self, "frontend",
access_control=s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL,
bucket_name=account_id + '-' + env_name + '-frontend',
public_read_access=True,
removal_policy=core.RemovalPolicy.DESTROY,
website_index_document='index.html'
)
bucket_name = frontend_bucket.bucket_name
github_token = core.SecretValue.secrets_manager("dev/github-token", json_field='github-from-marsApp')
cb.GitHubSourceCredentials(self, "CodeBuildGitHubCreds",
access_token=github_token
)
git_hub_source = cb.Source.git_hub(
owner="manrodri",
repo="30miniProjects",
webhook=True,
webhook_filters=[
cb.FilterGroup.in_event_of(cb.EventAction.PUSH).and_branch_is(
"master").and_file_path_is('js30Projects/')
]
)
codebuild_project = cb.Project(
self,
"cb-frontend",
source=git_hub_source,
environment=cb.BuildEnvironment(
build_image=cb.LinuxBuildImage.STANDARD_3_0,
environment_variables={
'WEB_BUCKET_NAME': cb.BuildEnvironmentVariable(value=bucket_name),
'PROJECT_NUMBER': cb.BuildEnvironmentVariable(value=str(PROJECT_NUMBER))
}
),
)
allow_object_actions = iam.PolicyStatement(resources=[f"arn:aws:s3:::{bucket_name}/*"],
actions=["s3:*"])
allow_bucket_actions = iam.PolicyStatement(
resources=[f"arn:aws:s3:::{bucket_name}"],
actions=['s3:*'],
)
codebuild_project.add_to_role_policy(allow_object_actions)
codebuild_project.add_to_role_policy(allow_bucket_actions)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
bucket = s3.Bucket(self, "Bucket", website_index_document="index.html")
config = {"comment": "mythical-mysfits"}
origin = cloudfront.CfnCloudFrontOriginAccessIdentity(
self,
"BucketOrigin",
cloud_front_origin_access_identity_config=config)
identity = iam.CanonicalUserPrincipal(
canonical_user_id=origin.attr_s3_canonical_user_id)
bucket.grant_read(identity)
cloudfront_behaviour = cloudfront.Behavior(
max_ttl=core.Duration.seconds(60),
allowed_methods=cloudfront.CloudFrontAllowedMethods.
GET_HEAD_OPTIONS,
is_default_behavior=True)
cloudfront_distribution = cloudfront.CloudFrontWebDistribution(
self,
"CloudFront",
viewer_protocol_policy=cloudfront.ViewerProtocolPolicy.ALLOW_ALL,
price_class=cloudfront.PriceClass.PRICE_CLASS_ALL,
origin_configs=[
cloudfront.SourceConfiguration(
behaviors=[cloudfront_behaviour],
origin_path="/web",
s3_origin_source=cloudfront.S3OriginConfig(
s3_bucket_source=bucket,
origin_access_identity_id=origin.ref),
)
],
)
contentDir = os.path.realpath("../web/")
source = deployment.Source.asset(contentDir)
deployment.BucketDeployment(
self,
"DeployWebsite",
sources=[source],
destination_key_prefix="web/",
destination_bucket=bucket,
distribution=cloudfront_distribution,
retain_on_delete=False,
)
core.CfnOutput(
self,
"CloudFrontURL",
description="The CloudFront distribution URL",
value="http://{}".format(cloudfront_distribution.domain_name),
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# create s3 bucket for athena data
self.s3_bucket = s3.Bucket(
self,
"s3_bucket",
public_read_access=False,
block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
removal_policy=core.RemovalPolicy.DESTROY,
lifecycle_rules=[
s3.LifecycleRule(
# delete the files after 1800 days (5 years)
expiration=core.Duration.days(1800),
transitions=[
# move files into glacier after 90 days
s3.Transition(
transition_after=core.Duration.days(90),
storage_class=s3.StorageClass.GLACIER,
)
],
)
],
)
# tag the bucket
core.Tag.add(self.s3_bucket, "project", constants["PROJECT_TAG"])
# lambda policies
athena_bucket_empty_policy = [
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=["s3:ListBucket"],
resources=["*"],
),
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=[
"s3:DeleteObject",
],
resources=[f"{self.s3_bucket.bucket_arn}/*"],
),
]
# create the custom resource
athena_bucket_empty = CustomResource(
self,
"athena_bucket_empty",
PhysicalId="athenaBucketEmpty",
Description="Empty athena s3 bucket",
Uuid="f7d4f730-4ee1-11e8-9c2d-fa7ae01bbebc",
HandlerPath=os.path.join(dirname, "../helpers/s3_bucket_empty.py"),
BucketName=self.s3_bucket.bucket_name,
ResourcePolicies=athena_bucket_empty_policy,
)
# needs a dependancy
athena_bucket_empty.node.add_dependency(self.s3_bucket)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self.table_name = 'globaldatatest.global.table'
executelambda = aws_lambda.Function(
self,
id='execute',
runtime=aws_lambda.Runtime.PYTHON_3_8,
handler='execute.lambda_handler',
code=aws_lambda.Code.asset('lambda'))
statsLambda = aws_lambda.Function(
self,
id='stats',
runtime=aws_lambda.Runtime.PYTHON_3_8,
handler='stats.lambda_handler',
code=aws_lambda.Code.asset('lambda'))
resetLambda = aws_lambda.Function(
self,
id='reset',
runtime=aws_lambda.Runtime.PYTHON_3_8,
handler='reset.lambda_handler',
code=aws_lambda.Code.asset('lambda'))
my_bucket = s3.Bucket(self, id='s3buckset3', bucket_name='s3mybucket')
table = aws_dynamodb.Table(self,
'table3',
partition_key={
'name': 'key',
'type':
aws_dynamodb.AttributeType.STRING
},
table_name='commands')
api = apigateway.RestApi(
self,
"web-shell-apii",
rest_api_name="Web Shell",
description="This service serves shell commands.")
executeIntegration = apigateway.LambdaIntegration(executelambda)
statsIntegration = apigateway.LambdaIntegration(statsLambda)
resetIntegration = apigateway.LambdaIntegration(resetLambda)
executeResource = api.root.add_resource('execute')
executeResource.add_method("POST",
executeIntegration,
api_key_required=True)
statsResource = api.root.add_resource('stats')
statsResource.add_method("GET",
statsIntegration,
api_key_required=True)
resetResource = api.root.add_resource('reset')
resetResource.add_method("PUT",
resetIntegration,
api_key_required=True)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Create an S3 Bucket):
static_site_assets_bkt = _s3.Bucket(
self,
"assetsBucket",
versioned=True,
# public_read_access=True,
# website_index_document="index.html",
# website_error_document="404.html",
removal_policy=core.RemovalPolicy.DESTROY)
# Add assets to static site bucket
add_assets_to_site = _s3_deployment.BucketDeployment(
self,
"deployStaticSiteAssets",
sources=[
_s3_deployment.Source.asset("advanced_use_cases/static_assets")
],
destination_bucket=static_site_assets_bkt)
# Create OAI for Cloudfront
static_site_oai = _cloudfront.OriginAccessIdentity(
self,
"staticSiteOai",
comment=f"OAI for static site from stack:{core.Aws.STACK_NAME}")
# Deploy Cloudfront Configuration: Connecting OAI with static asset bucket
cf_source_configuration = _cloudfront.SourceConfiguration(
s3_origin_source=_cloudfront.S3OriginConfig(
s3_bucket_source=static_site_assets_bkt,
origin_access_identity=static_site_oai),
behaviors=[
_cloudfront.Behavior(
is_default_behavior=True,
compress=True,
allowed_methods=_cloudfront.CloudFrontAllowedMethods.ALL,
cached_methods=_cloudfront.CloudFrontAllowedCachedMethods.
GET_HEAD)
])
# Create Cloudfront Distribution
static_site_distribution = _cloudfront.CloudFrontWebDistribution(
self,
"staticSiteCfDistribution",
comment="CDN for static website",
origin_configs=[cf_source_configuration],
price_class=_cloudfront.PriceClass.PRICE_CLASS_100)
# Output Cloudfront Url
output_1 = core.CfnOutput(
self,
"CloudfrontUrl",
value=f"{static_site_distribution.domain_name}",
description="The domain name of the static site")
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# S3 Bucket to store files
myBucket = aws_s3.Bucket(self,
"S3Bucket",
bucket_name="new-app-bucket-example"
)
# Lambda triggered periodically
myScheduledLambda = _lambda.Function(
self,
"scheduled_lambda",
description="Lambda that will be called according to a schedule",
function_name="scheduledLambda",
runtime=_lambda.Runtime.PYTHON_3_7,
handler="scheduled_lambda.handler",
code=_lambda.Code.from_asset("../functions"),
memory_size=128, # Memory in mb
retry_attempts=2,
environment={"S3_BUCKET": myBucket.bucket_name}
)
# Give Lambda access to S3 bucket
myBucket.grant_read(myScheduledLambda)
myBucket.grant_put(myScheduledLambda)
# Create cron Rule for Lambda
myScheduledLambdaEvent = aws_events.Rule(
self,
"scheduled_lambda_event",
schedule=aws_events.Schedule.rate(core.Duration.minutes(2)),
enabled=True,
targets=[aws_events_targets.LambdaFunction(handler=myScheduledLambda)]
)
# API Gateway Proxy Lambda definition
myEndpointLambda = _lambda.Function(
self,
"endpoint_lambda",
description="Lambda Proxy with Api Gateway",
function_name="endpointLambda",
runtime=_lambda.Runtime.PYTHON_3_7,
handler="endpoint_lambda.handler",
code=_lambda.Code.from_asset("../functions"),
memory_size=128, # Memory in mb
retry_attempts=2,
environment={"S3_BUCKET": myBucket.bucket_name}
)
# Give lambda access to S3 Bucket
myBucket.grant_read(myEndpointLambda)
myBucket.grant_put(myEndpointLambda)
# Define API Gateway endpoints
api = aws_apigateway.RestApi(self, "ApiEndpoint")
api.root.resource_for_path("/test").add_method("GET",
aws_apigateway.LambdaIntegration(handler=myEndpointLambda))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
bucket = s3.Bucket(
self,
"MyFirstBucket",
bucket_name="aws-wide-unique-name-CHANGE-THIS",
versioned=True,
removal_policy=core.RemovalPolicy.DESTROY,
)
def __init__(self, app: core.App, id: str, **kwargs) -> None:
super().__init__(app, id)
# The code that defines your stack goes here
bucket = s3.Bucket(
self,
"MyFirstBucket",
versioned=True,
encryption=s3.BucketEncryption.KMS_MANAGED,
)
