def __init__(self, app: core.App, id: str,
**kwargs) -> None:
super().__init__(app, id, **kwargs)
stack_name = core.Stack.of(self).stack_name
env_type = stack_name.split("-")[1] # prod, stage, qa, dev, etc.
layer = aws_lambda.LayerVersion(self,
"BaseLayer",
code=aws_lambda.Code.asset("/app/layer"),
)
# Use only one asset instance, so we aren't using extra cloudformation parameters,
# if we create many lambdas from it.
app_code = aws_lambda.Code.asset("/app/code")
lambda_fn = aws_lambda.Function(self,
"Lambda",
function_name=f"{stack_name}-CronLambda",
code=app_code,
layers=[layer],
handler="main.main",
runtime=aws_lambda.Runtime.PYTHON_3_7,
memory_size=768,
timeout=core.Duration.seconds(60),
log_retention=aws_logs.RetentionDays.ONE_MONTH,
)
self.enable_cron(lambda_fn)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# lambda_layer
layer = aws_lambda.LayerVersion(
self,
"LambdaLayerLayer",
compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_8],
code=aws_lambda.AssetCode("layers/lambda_layer"),
)
# lambda
common_lambda_params = dict(
runtime=aws_lambda.Runtime.PYTHON_3_8,
handler="lambda_function.lambda_handler",
timeout=core.Duration.seconds(10),
memory_size=128,
)
lambda_ = aws_lambda.Function(
self,
"LambdaLayerLambda",
code=aws_lambda.Code.asset("lambdas/lambda_layer"),
layers=[layer],
**common_lambda_params,
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
layer = _lambda.LayerVersion(
self,
'PythonModuleLayer',
code=_lambda.Code.asset('layer'),
compatible_runtimes=[_lambda.Runtime.PYTHON_3_8],
)
webhook_url = _ssm.StringParameter.from_string_parameter_name(
self,
'TargetUrl',
string_parameter_name='slack-webhook-url-number09-test'
).string_value
my_lambda = _lambda.Function(self,
'NotificationHandler',
runtime=_lambda.Runtime.PYTHON_3_8,
code=_lambda.Code.asset('src/lambda'),
handler='handler.notification.handler',
layers=[layer],
environment={
'webhook_url': webhook_url,
})
def __init__(self, scope: core.Construct, id: str, environment: dict,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
layer = _lambda.LayerVersion(
self,
'config-helper',
code=_lambda.Code.asset('layer'),
compatible_runtimes=[_lambda.Runtime.PYTHON_3_6],
description='Helper functionns for config',
layer_version_name='helper')
# Create config-setup-# Lambda resource
lambda_config_setup = _lambda.Function(
self,
'lambda_function_config-setup-',
runtime=_lambda.Runtime.PYTHON_3_6,
code=_lambda.Code.asset('lambda'),
handler='config-setup.main',
function_name='config-setup-' + STAGE,
memory_size=DEFAULT_MEMORY_SIZE_LAMBDA_FUNCTION,
layers=[layer],
environment=environment,
timeout=core.Duration.seconds(900))
config_role_statement = _iam.PolicyStatement(
actions=['sts:AssumeRole'],
effect=_iam.Effect.ALLOW,
resources=["arn:aws:iam::*:role/ConfigRole"])
lambda_config_setup.add_to_role_policy(config_role_statement)
def __init__(self, app: core.App, id: str) -> None:
super().__init__(app, id)
# IAM permissions for the Lambda functions
configCustomResourcePermission = iam.PolicyStatement(actions=[
'config:ListDiscoveredResources', 'config:DeleteResourceConfig',
'config:PutResourceConfig', 'cloudformation:DescribeType'
],
resources=['*'])
configRuleLambdaPermission = iam.PolicyStatement(
actions=['config:PutEvaluations'], resources=['*'])
secretManagerPermission = iam.PolicyStatement(
actions=['secretsmanager:GetSecretValue'],
resources=[secret_manager_arn])
# Lambda Layer
lambdaLayer = lambda_.LayerVersion(
self,
"ConfigADConnectorLayer",
code=lambda_.Code.from_asset(
os.path.join(dirname, f'../.build/{lambda_layer_file_name}')),
compatible_runtimes=[lambda_.Runtime.PYTHON_3_6])
# Lambda function and periodic trigger for Config - AD connector
configAdLambdaFn = lambda_.Function(
self,
"ConfigADConnector",
code=lambda_.Code.from_asset(
os.path.join(dirname, f'../.build/{lambda_code_file_name}')),
handler=f"{connector_function_name}.lambda_handler",
timeout=core.Duration.seconds(300),
runtime=lambda_.Runtime.PYTHON_3_6,
layers=[lambdaLayer],
initial_policy=[
configCustomResourcePermission, secretManagerPermission
],
environment=lambda_env_map)
rule = events.Rule(
self,
"Rule",
schedule=events.Schedule.rate(duration=core.Duration.minutes(1)))
rule.add_target(targets.LambdaFunction(configAdLambdaFn))
# Custom Config Rule with a Lambda function for AD user evaluation
ruleEvaluationLambdaFn = lambda_.Function(
self,
"ADUserPasswdExpiresCheck",
code=lambda_.Code.from_asset(
os.path.join(dirname, f'../.build/{lambda_code_file_name}')),
handler=f"{config_rule_function_name}.lambda_handler",
timeout=core.Duration.seconds(300),
runtime=lambda_.Runtime.PYTHON_3_6,
layers=[lambdaLayer],
initial_policy=[configRuleLambdaPermission],
environment=lambda_env_map)
configRule = config.CustomRule(self,
"ADUserPasswdExpires",
lambda_function=ruleEvaluationLambdaFn,
configuration_changes=True)
configRule.scope_to_resources(os.environ['RESOURCE_TYPE'])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
service_role = iam.Role(
self,
"BashFunctionServiceRole",
assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
"service-role/AWSLambdaBasicExecutionRole")
])
lambda_layer = aws_lambda.LayerVersion(
self,
"BashLayer",
code=aws_lambda.Code.from_asset("./src/layer"),
description="Bash runtime")
lambda_fn = aws_lambda.Function(
self,
"BashFunction",
code=aws_lambda.Code.from_asset("./src/function"),
layers=[lambda_layer],
handler="function.handler",
timeout=core.Duration.seconds(300),
runtime=aws_lambda.Runtime.PROVIDED,
memory_size=128,
role=service_role)
def __init__(self, scope: core.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
resource_layer = l.LayerVersion(
self,
'ResourceLayer',
code=l.Code.asset('./repos/resources'),
compatible_runtimes=[l.Runtime.PYTHON_3_8],
layer_version_name="resource_layer",
license="MIT")
request_movers = l.Function(
self,
"RetrieveMovers",
runtime=l.Runtime.PYTHON_3_8,
code=l.Code.asset("./repos/python"),
handler="retrieve_movers.handler",
layers=[resource_layer],
)
request_movers.role.add_managed_policy(
iam.ManagedPolicy.from_managed_policy_arn(
self,
id="AWSLambda_FullAccess",
managed_policy_arn=
"arn:aws:iam::aws:policy/AWSLambda_FullAccess"))
def __init__(self, scope: core.Construct, id: str, props: dict,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
lambda_role = iam.Role(
self,
'ValidationLambdaRole',
assumed_by=iam.ServicePrincipal('lambda.amazonaws.com'),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
'service-role/AWSLambdaBasicExecutionRole'),
iam.ManagedPolicy.from_aws_managed_policy_name(
'AmazonSSMReadOnlyAccess'), # TODO: restrict!
iam.ManagedPolicy.from_aws_managed_policy_name(
'AmazonS3ReadOnlyAccess') # TODO: restrict!
])
pandas_layer = lmbda.LayerVersion(
self,
"PandasLambdaLayer",
code=lmbda.Code.from_asset(
"lambdas/layers/pandas/python37-pandas.zip"),
compatible_runtimes=[lmbda.Runtime.PYTHON_3_7],
description="A pandas layer for python 3.7")
scipy_layer = lmbda.LayerVersion.from_layer_version_arn(
self,
id="SciPyLambdaLayer",
layer_version_arn=
'arn:aws:lambda:ap-southeast-2:817496625479:layer:AWSLambda-Python37-SciPy1x:20'
)
lmbda.Function(self,
'ValidationLambda',
function_name=f"{props['namespace']}_validation_lambda",
handler='validation.lambda_handler',
runtime=lmbda.Runtime.PYTHON_3_7,
code=lmbda.Code.from_asset('lambdas/validation'),
environment={
'STAGING_BUCKET': props['staging_bucket'],
'SLACK_HOST': props['slack_host'],
'SLACK_CHANNEL': props['slack_channel']
},
role=lambda_role)
lmbda.Function(self,
'PlaygroundLambda',
function_name=f"{props['namespace']}_playground_lambda",
handler='playground.lambda_handler',
runtime=lmbda.Runtime.PYTHON_3_7,
code=lmbda.Code.from_asset('lambdas/playground'),
environment={
'STAGING_BUCKET': props['staging_bucket'],
'SLACK_HOST': props['slack_host'],
'SLACK_CHANNEL': props['slack_channel']
},
role=lambda_role,
layers=[pandas_layer, scipy_layer])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Creates VPC
vpc = ec2.Vpc(self, id)
# Creates RDS Database
instance = rds.DatabaseInstance(
self, "RDS",
database_name="covid",
engine=rds.DatabaseInstanceEngine.mysql(
version=rds.MysqlEngineVersion.VER_8_0_21
),
vpc=vpc,
port=3306,
instance_type=ec2.InstanceType.of(
ec2.InstanceClass.BURSTABLE2,
ec2.InstanceSize.MICRO,
),
removal_policy=core.RemovalPolicy.DESTROY,
deletion_protection=False,
vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
)
# Add inbound rule to RDS SG
instance.connections.allow_from_any_ipv4(ec2.Port.tcp(3306), "Open to the world")
# Defines Lambda layers
python_etl_layer = _lambda.LayerVersion(
self, "python-etl",
code=_lambda.AssetCode('C:\Code\ACG Challenge – AWS ETL\python.zip'))
# Defines an AWS Lambda resource
my_lambda = _lambda.Function(
self, 'etlhandler',
runtime=_lambda.Runtime.PYTHON_3_7,
code=_lambda.Code.asset('lambda'),
handler='etl.extract_csv1',
layers=[python_etl_layer],
timeout=core.Duration.seconds(30),
memory_size=(256)
)
# Add Lambda Environment Variables
my_lambda.add_environment("RDS_INSTANCE", instance.instance_endpoint.hostname)
my_lambda.add_environment("SECRET_NAME", instance.secret.secret_full_arn)
# Grant permission to lambda to access RDS Secret
instance.secret.grant_read(my_lambda)
# Create a Cloudwatch Event rule
four_hour_rule = aws_events.Rule(
self, "four_hour_rule",
schedule=aws_events.Schedule.rate(core.Duration.minutes(240)),
)
# Add target to Cloudwatch Event
four_hour_rule.add_target(aws_events_targets.LambdaFunction(my_lambda))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
requests_layer = _lambda.LayerVersion(
self, "requests", code=_lambda.AssetCode('layers/requests.zip'))
pytube_layer = _lambda.LayerVersion(
self, "pytube", code=_lambda.AssetCode('layers/pytube.zip'))
base_lambda = _lambda.Function(
self,
APP_NAME,
handler='main.handler',
runtime=_lambda.Runtime.PYTHON_3_8,
code=_lambda.Code.asset('src'),
timeout=core.Duration.seconds(30),
layers=[requests_layer, pytube_layer],
)
base_api = _apigw.RestApi(self,
'ApiGatewayWithCors',
rest_api_name=APP_NAME)
route_transcribe = base_api.root.add_resource('transcribe')
route_transcribe_lambda_integration = _apigw.LambdaIntegration(
base_lambda,
proxy=True,
integration_responses=[{
'statusCode': '200',
'responseParameters': {
'method.response.header.Access-Control-Allow-Origin':
"'*'",
}
}])
route_transcribe.add_method(
'GET',
route_transcribe_lambda_integration,
method_responses=[{
'statusCode': '200',
'responseParameters': {
'method.response.header.Access-Control-Allow-Origin': True,
}
}])
self.add_cors_options(route_transcribe)
def createLambdaFunctions(self):
## **************** Lambda Layers - Helpers ****************
self.lambda_helper_base = _lambda.LayerVersion(
self, f'{self.PREFIX}-lambdaHelperLayer',
compatible_runtimes = [_lambda.Runtime.PYTHON_3_7],
code = _lambda.Code.asset('./assets/lambda_helper'),
description = "A Helper layer for supporting code",
layer_version_name = f"{self.PREFIX}-lambdaHelperLayer",
)
self.lambda_helper_neptune = _lambda.LayerVersion(
self, f'{self.PREFIX}-lambdaHelperNeptune',
compatible_runtimes = [_lambda.Runtime.PYTHON_3_7],
code = _lambda.Code.asset('./assets/lambda_helper_neptune'),
description = "A Helper layer for generating neptune triples",
layer_version_name = f"{self.PREFIX}-lambdaHelperNeptune",
)
self.lambda_layer_spacy = _lambda.LayerVersion(
self, f'{self.PREFIX}-lambdaHelperPandasSpacy',
compatible_runtimes = [_lambda.Runtime.PYTHON_3_7],
code = _lambda.Code.asset('./assets/lambda_helper_spacy/python.zip'),
description = "A Helper layer containing spacy, pandas and numpy",
layer_version_name = f"{self.PREFIX}-lambdaHelperPandasSpacy",
)
## **************** Lambda Function ****************
# Function to load triples
self.generate_triples_lambda = _lambda.Function(
self, f'{self.PREFIX}-genTriplesAndLoadNeptune',
runtime = _lambda.Runtime.PYTHON_3_7,
code = _lambda.Code.asset('./assets/lambda'),
handler = 'genTriplesAndLoadNeptune.lambda_handler',
function_name = f'{self.PREFIX}-genTriplesAndLoadNeptune',
memory_size = 1024,
# retry_attempts = 1,
timeout = core.Duration.seconds(EXECUTE_COMPREHEND_TIMEOUT),
environment = {
'NEPTUNE_TRIPLES_FOLDER': NEPTUNE_TRIPLES_FOLDER
},
role = self.service_role,
layers = [self.lambda_helper_base, self.lambda_layer_spacy, self.lambda_helper_neptune],
vpc = self.vpc,
security_groups = [self.lambda_sg]
)
def __init__(self, scope: core.Construct, stack_id: str, *,
layer_code: lambda_.Code, layer_name: str, **kwargs):
super().__init__(scope, stack_id, **kwargs)
self.dependencies_layer = lambda_.LayerVersion(
self,
'DependenciesLayer',
code=layer_code,
compatible_runtimes=[lambda_.Runtime.PYTHON_3_8],
layer_version_name=layer_name)
def create_dependencies_layer(self, id: str, requirements_path: str,
output_dir: str) -> aws_lambda.LayerVersion:
# Install requirements for layer
if not os.environ.get("SKIP_PIP"):
subprocess.check_call(
# Note: Pip will create the output dir if it does not exist
f"pip install -r {requirements_path} -t {output_dir}/python".
split())
return aws_lambda.LayerVersion(
self, id, code=aws_lambda.Code.from_asset(output_dir))
def __init__(self, app: core.App, id: str, **kwargs) -> None:
super().__init__(app, id, **kwargs)
jsonloggingLayer = aws_lambda.LayerVersion(self, 'jsonloggingLayer',
code=aws_lambda.AssetCode('layers/json_logging'),
compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7],
layer_version_name="clean-lambda-versions-json_logging")
pytzLayer = aws_lambda.LayerVersion(self, 'pytzLayer',
code=aws_lambda.AssetCode('layers/pytz'),
compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7],
layer_version_name="clean-lambda-versions-ptyz")
lambdaFn = aws_lambda.Function(
self, "Singleton",
code=aws_lambda.AssetCode('./src'),
handler="handler.clean_lambda_versions",
function_name="clean-lambda-versions",
layers=[jsonloggingLayer, pytzLayer],
log_retention=aws_logs.RetentionDays.ONE_YEAR,
timeout=core.Duration.seconds(300),
runtime=aws_lambda.Runtime.PYTHON_3_7,
)
lambdaFn.add_to_role_policy(
aws_iam.PolicyStatement(
actions=['lambda:ListFunctions',
'lambda:ListVersionsByFunction',
'lambda:DeleteFunction'],
resources=['*'],
)
)
# Run every monday at 08:01 AM UTC
rule = aws_events.Rule(
self, "Rule",
schedule=aws_events.Schedule.cron(
minute='01',
hour='08',
month='*',
week_day='MON',
year='*'),
)
rule.add_target(aws_events_targets.LambdaFunction(lambdaFn))
def create_lambda_layer(self, scope, name: str) -> lmbda.LayerVersion:
# NOTE: currently requires manual packaging
# TODO: switch to aws_cdk.aws_lambda_python -> PythonLayerVersion
id = camel_case_upper(f"{self.namespace}_{name}_Layer")
return lmbda.LayerVersion(
scope=scope,
id=id,
code=lmbda.Code.from_asset(f"lambdas/layers/{name}.zip"),
compatible_runtimes=[lmbda.Runtime.PYTHON_3_8],
description=f"Lambda layer {name} for python 3.8"
)
def __init__(self, scope: core.Construct, id: str, props: dict,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
lambda_role = iam.Role(
self,
'ValidationLambdaRole',
assumed_by=iam.ServicePrincipal('lambda.amazonaws.com'),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
'service-role/AWSLambdaBasicExecutionRole'),
iam.ManagedPolicy.from_aws_managed_policy_name(
'AmazonSSMReadOnlyAccess'),
iam.ManagedPolicy.from_aws_managed_policy_name(
'AmazonS3ReadOnlyAccess'),
iam.ManagedPolicy.from_aws_managed_policy_name(
'IAMReadOnlyAccess')
])
lambda_role.add_to_policy(
iam.PolicyStatement(actions=["ses:SendEmail", "ses:SendRawEmail"],
resources=["*"]))
pandas_layer = lmbda.LayerVersion(
self,
"PandasLambdaLayer",
code=lmbda.Code.from_asset(
"lambdas/layers/pandas/python37-pandas.zip"),
compatible_runtimes=[lmbda.Runtime.PYTHON_3_7],
description="A pandas layer for python 3.7")
scipy_layer = lmbda.LayerVersion.from_layer_version_arn(
self,
id="SciPyLambdaLayer",
layer_version_arn=
'arn:aws:lambda:ap-southeast-2:817496625479:layer:AWSLambda-Python37-SciPy1x:20'
)
lmbda.Function(self,
'ValidationLambda',
function_name=f"{props['namespace']}_validation_lambda",
handler='validation.lambda_handler',
runtime=lmbda.Runtime.PYTHON_3_7,
timeout=core.Duration.seconds(10),
code=lmbda.Code.from_asset('lambdas/validation'),
environment={
'STAGING_BUCKET': props['staging_bucket'],
'SLACK_HOST': props['slack_host'],
'SLACK_CHANNEL': props['slack_channel'],
'MANAGER_EMAIL': props['manager_email'],
'SENDER_EMAIL': props['sender_email']
},
role=lambda_role,
layers=[pandas_layer, scipy_layer])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
lambda_layer = aws_lambda.LayerVersion(
self,
"pillow_layer",
code=aws_lambda.Code.asset("./python-pillow-6.2.1.zip"),
compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7],
description="Pillow_upload_from_cdk")
# aws_lambda.LayerVersion.from_layer_version_arn(self, "pillow_layer",
# layer_version_arn="arn:aws-cn:lambda:cn-northwest-1:313497334385:layer:pillow:4"
# )
# The code that defines your stack goes here
mylambda = aws_lambda.Function(
self,
"myfunction_id",
description="lambda trigger by S3 to convert image",
# function_name="img-process-cdk-deploy", # the name will be auto create
code=aws_lambda.Code.asset("./lambda"),
handler="lambda_function.lambda_handler",
runtime=aws_lambda.Runtime.PYTHON_3_7,
timeout=core.Duration.seconds(60),
memory_size=256,
reserved_concurrent_executions=10,
layers=[lambda_layer],
dead_letter_queue_enabled=True, # cdk will create a new SQS for this
# role = aws_iam.Role.from_role_arn(self, "mylambda_role",
# role_arn="arn:aws-cn:iam::313497334385:role/Lambda-access-img-process-S3bucket"
# ) # cdk will create a role for this
)
with open('./env.js', 'r') as f:
env = json.load(f)
for (k, v) in env.items():
mylambda.add_environment(k, v)
#create a new bucket, Import bucket can not add event trigger
s3_bucket = aws_s3.Bucket(
self,
"mybucket",
# bucket name will be auto created or define here
# bucket_name="img-process-cdk-created"
)
mylambda.add_event_source(
aws_lambda_event_sources.S3EventSource(
s3_bucket,
events=[aws_s3.EventType.OBJECT_CREATED],
filters=[aws_s3.NotificationKeyFilter(prefix='input/')]))
s3_bucket.grant_read_write(mylambda)
def create_dependencies_layer(self, project_name,
function_name: str) -> _lambda.LayerVersion:
requirements_file = f'../requirements.{function_name}.txt'
output_dir = f'../.build/{function_name}'
if not os.environ.get('SKIP_PIP'):
subprocess.check_call(
f'pip install -r {requirements_file} -t {output_dir}/python'.
split())
layer_id = f'{project_name}-{function_name}-dependencies'
layer_code = _lambda.Code.from_asset(output_dir)
return _lambda.LayerVersion(self, layer_id, code=layer_code)
def create_dependencies_layer(self,
project_name) -> aws_lambda.LayerVersion:
requirements_file = f'./handlers/requirements.txt'
output_dir = f'./.build/packages'
if not os.environ.get('SKIP_PIP'):
subprocess.check_call(
f'pip install -r {requirements_file} -t {output_dir}/python'.
split())
layer_id = f'{project_name}-dependencies'
layer_code = aws_lambda.Code.from_asset(output_dir)
return aws_lambda.LayerVersion(self, layer_id, code=layer_code)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
layer = aws_lambda.LayerVersion(
self, "dependencies", code=aws_lambda.AssetCode("python.zip"))
aws_lambda.Function(
self,
"Hello World",
code=aws_lambda.Code.from_asset("lambda/"),
handler="main.handler",
runtime=aws_lambda.Runtime.PYTHON_3_7,
layers=[layer],
)
def create_dependencies_layer(self, project_name, function_name: str) -> _lambda.LayerVersion:
requirements_file = function_name + "/" + "requirements.txt"
output_dir = ".lambda_dependencies/" + function_name
# Install requirements for layer in the output_dir
if not os.environ.get("SKIP_PIP"):
# Note: Pip will create the output dir if it does not exist
subprocess.check_call(
f"pip install -r {requirements_file} -t {output_dir}/python".split()
)
return _lambda.LayerVersion(
self,
project_name + "-" + function_name + "-dependencies",
code=_lambda.Code.from_asset(output_dir)
)
def create_lambda_dependency_layer(self) -> None:
dependency_asset = aws_lambda.Code.from_asset(
path='./',
bundling=core.BundlingOptions(
image=core.BundlingDockerImage.from_asset('./')))
self.dependency_layer = aws_lambda.LayerVersion(
self,
'DependencyLayer',
code=dependency_asset,
compatible_runtimes=[
aws_lambda.Runtime.PYTHON_3_6,
aws_lambda.Runtime.PYTHON_3_7,
aws_lambda.Runtime.PYTHON_3_8,
],
description='A layer containing all Python dependencies',
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
lm = lamda.Function(self,
'Lamna',
handler='index.handler',
runtime=lamda.Runtime.DOTNET_CORE_1,
code=MyCode())
layer = lamda.LayerVersion(
self,
'LV1',
code=MyCode(),
compatible_runtimes=[lamda.Runtime.DOTNET_CORE_1])
assert is_called
def get_or_build(scope: core.Construct) -> aws_lambda.LayerVersion:
code = aws_lambda.Code.from_asset(
_lambda_path('layers/emr_config_utils'))
stack = core.Stack.of(scope)
layer = stack.node.try_find_child('EMRConfigUtilsLayer')
if layer is None:
layer = aws_lambda.LayerVersion(
stack,
'EMRConfigUtilsLayer',
layer_version_name='EMRLaunch_EMRUtilities_EMRConfigUtilsLayer',
code=code,
compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7],
description='EMR configuration utility functions')
BaseBuilder.tag_construct(layer)
return layer
def sagemaker_layer(scope, blueprint_bucket):
"""
sagemaker_layer creates a Lambda layer with Sagemaker SDK installed in it to allow Lambda functions call
Sagemaker SDK's methods such as create_model(), etc.
:blueprint_bucket: CDK object of the blueprint bucket that contains resources for BYOM pipeline
:scope: CDK Construct scope that's needed to create CDK resources
:return: Lambda layer version in a form of a CDK object
"""
# Lambda sagemaker layer for sagemaker sdk that is used in create sagemaker model step
return lambda_.LayerVersion(
scope,
"sagemakerlayer",
code=lambda_.Code.from_bucket(blueprint_bucket, "blueprints/byom/lambdas/sagemaker_layer.zip"),
compatible_runtimes=[lambda_.Runtime.PYTHON_3_8],
)
def base_lambda_layer(construct, **kwargs):
"""
Function that generates a Lambda Layer. Using the parameter 'layer_code_path' it gets the code from a path set for
the user or a preset path.
:param construct: Custom construct that will use this function. From the external construct is usually 'self'.
:param kwargs: Consist of required 'layer_name', 'layer_runtimes', and optionals 'layer_code_path', 'description', 'license'.
:return: Lambda Layer Construct.
"""
layer_runtimes = list()
for runtime in kwargs["layer_runtimes"]:
try:
layer_runtime = getattr(lambda_.Runtime, runtime)
except Exception:
raise WrongRuntimePassed(
detail=f"Wrong function runtime {runtime} specified",
tb=traceback.format_exc())
else:
layer_runtimes.append(layer_runtime)
obtainer_code_path = kwargs.get("layer_code_path")
if obtainer_code_path is not None:
layer_code_path = obtainer_code_path
elif obtainer_code_path is None and DEFAULT_LAMBDA_LAYER_CODE_PATH_EXISTS is True:
layer_code_path = DEFAULT_LAMBDA_LAYER_CODE_PATH
else:
print(
f"Code path for Lambda Function {kwargs['layer_name']} is not valid!"
)
raise RuntimeError
# Defining Lambda Layer
_lambda_layer = lambda_.LayerVersion(
construct,
id=construct.prefix + "_" + kwargs["layer_name"] + "_" +
construct.environment_,
layer_version_name=construct.prefix + "_" + kwargs["layer_name"] +
"_" + construct.environment_,
description=kwargs.get("description"),
code=lambda_.Code.from_asset(path=layer_code_path,
exclude=kwargs.get(
"exclude", ["aws_cdk"])),
compatible_runtimes=layer_runtimes,
license=kwargs.get("license"),
)
return _lambda_layer
def LayerVersion(self,
id: str,
*,
remote_account_grant: bool = False,
ssm_param: bool = True,
**attr) -> aws_lambda.LayerVersion:
layv = aws_lambda.LayerVersion(self, id**attr)
if remote_account_grant:
layv.add_permission('remote-account-grant', account_id='*')
if ssm_param:
aws_ssm.StringParameter(
self,
f"{id}-ssm",
string_value=layv.layer_version_arn,
parameter_name=f"/layers/{id.replace('-', '/')}")
CfnOutput(self, f"{id}-cfn", value=layv.from_layer_version_arn)
return layv
def create_all_layers(self) -> None:
"""
All stack layers
"""
# Common utils lambda layer
create_lambda_layer_from_dir(
output_dir="./stack",
tag="common",
layer_dir="./cbers2stac/layers/common",
prefix="python",
)
common_layer_asset = aws_lambda.Code.asset("./stack/common.zip")
self.layers_["common_layer"] = aws_lambda.LayerVersion(
self,
"common_layer",
code=common_layer_asset,
compatible_runtimes=[aws_lambda.Runtime.PYTHON_3_7],
description="Common utils",
)
def __init__(self,
scope: core.Construct,
id: str,
build_prefix: str,
subnet_group_name: str,
context: InfraContext,
handler: str,
securityGroups: typing.Optional[typing.List[
ec2.SecurityGroup]] = None,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
bucket_arn = ssm.StringParameter.from_string_parameter_name(
self,
'artifact_bucket',
string_parameter_name='/app-FinSurf/artifacts/bucket_name')
code_bucket = s3.Bucket.from_bucket_arn(
self, 'code_bucket', bucket_arn=bucket_arn.string_value)
deps_layer = lambda_.LayerVersion(
self,
'Dependencies',
code=lambda_.Code.from_bucket(bucket=code_bucket,
key=build_prefix + '/deps.zip'),
compatible_runtimes=[lambda_.Runtime.PYTHON_3_8],
description='Runtime dependencies for Python Lambda ' + id)
self.function = lambda_.Function(
self,
'Function',
description='Python lambda function for ' + id,
handler=handler,
code=lambda_.Code.from_bucket(bucket=code_bucket,
key=build_prefix + '/app.zip'),
timeout=core.Duration.minutes(1),
layers=[deps_layer],
tracing=lambda_.Tracing.ACTIVE,
runtime=lambda_.Runtime.PYTHON_3_8,
vpc=context.networking.vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_group_name=subnet_group_name),
security_groups=securityGroups)
def __init__(self,
scope: core.Construct,
id: str,
*,
lambda_attrs: aws_lambda.FunctionProps = None,
layer_attrs=None,
remote_account_grant=False,
use_layer=True,
cfn_outputs=False):
"""Provides a CDK Construct for AWS Lambda and Layers
Args:
scope (core.Construct): [description]
id (str): [description]
lambda_attrs (aws_lambda.FunctionProps, optional): [description]. Defaults to None.
layer_attrs (aws_lambda.LayerVersionProps, optional): [description]. Defaults to None.
remote_account_grant (bool, optional): [description]. Defaults to False.
use_layer (bool, optional): [description]. Defaults to True.
"""
super().__init__(scope, id)
if layer_attrs:
self._layer = aws_lambda.LayerVersion(self, "layer", **layer_attrs)
ssm_name = "/{}/layer".format(id.replace('-', '/'))
ssm.StringParameter(self,
'Layer',
string_value=self._layer.layer_version_arn,
parameter_name=ssm_name)
if remote_account_grant:
self._layer.add_permission('remote-account-grant',
account_id='*')
if lambda_attrs:
self._lambda = aws_lambda.Function(self, "lambda", **lambda_attrs)
if self._layer and use_layer:
self._lambda.add_layers(self._layer)
if cfn_outputs:
core.CfnOutput(self, 'LambdaArn', value=self._lambda.function_arn)
if self._layer:
core.CfnOutput(self,
'LayerArn',
value=self._layer.from_layer_version_arn)
