Exemple #1
 internal Role LambdaAirRole()
     if (_role != null)
     // TODO: create roles with required permissions
     _role = new Role(this, $"lrole-{Guid.NewGuid().ToString()}", new RoleProps {
         RoleName    = $"lrole-{Guid.NewGuid().ToString()}",
         Description = @"THis is role is to be used by lambda functions within AirQuality project",
         AssumedBy   = new ServicePrincipal("lambda.amazonaws.com")
     // Adding permissions
        public static Role GetRole(TodoInfraStack stack, string roleId,
                                   string[] ManagedPolicyArns,
                                   string[] PrincipalServices,
                                   string PolicyName, string[] Actions, string resources)
            var roleProps = new RoleProps {
                Path      = "/",
                AssumedBy = new ServicePrincipal(PrincipalServices[0])

            if (PrincipalServices.Length > 0)
                List <PrincipalBase> principalBases = new List <PrincipalBase>();
                foreach (string service in PrincipalServices)
                    PrincipalBase principalBase = new ServicePrincipal(service);
                var compositePrincipal = new CompositePrincipal(principalBases.ToArray());
                roleProps = new RoleProps {
                    Path      = "/",
                    AssumedBy = compositePrincipal

            var iamRole = new Role(stack, roleId, roleProps);

            foreach (string arn in ManagedPolicyArns)

            PolicyStatement policyStatement = new PolicyStatement(new PolicyStatementProps {
                Actions   = Actions,
                Resources = new string[] { resources },
                Effect    = Effect.ALLOW

Exemple #3
        internal CdkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
            var startState = new Pass(this, "StartState");

            var logGroup = new LogGroup(this, "HttpExpressWorkflowLogGroup");

            var stepFunction = new StateMachine(this, "HttpExpressWorkflow", new StateMachineProps()
                StateMachineName = "HttpExpressWorkflowExample",
                StateMachineType = StateMachineType.EXPRESS,
                Definition       = startState,
                Logs             = new LogOptions()
                    Destination = logGroup,
                    Level       = LogLevel.ALL
                TracingEnabled = true

            var apiGatewayRole = new Role(this, "ApiGatewayRole", new RoleProps()
                AssumedBy = new ServicePrincipal("apigateway.amazonaws.com")

            apiGatewayRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps()
                Effect  = Effect.ALLOW,
                Sid     = "AllowStepFunctionExecution",
                Actions = new string[1] {
                Resources = new string[1] {

            var httpApi = new CfnHttpApi(this, "HttpApi", new CfnHttpApiProps()
                StageName = "Main",

            var integration = new CfnIntegration(this, "StepFunctionIntegration", new CfnIntegrationProps()
                ApiId              = httpApi.Ref,
                IntegrationType    = "AWS_PROXY",
                IntegrationSubtype = "StepFunctions-StartSyncExecution",
                CredentialsArn     = apiGatewayRole.RoleArn,
                RequestParameters  = new Dictionary <string, string>(2)
                    { "Input", "$request.body" },
                    { "StateMachineArn", stepFunction.StateMachineArn }
                PayloadFormatVersion = "1.0",
                ConnectionType       = "INTERNET"

            var route = new CfnRoute(this, "StepFunctionRoute", new CfnRouteProps()
                ApiId    = httpApi.Ref,
                RouteKey = "POST /execute",
                Target   = $"integrations/{integration.Ref}"
        internal ApigwHttpApiEventbridgeDotnetCdkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
            var eventBus = new EventBus(this, "MyEventBus", new EventBusProps
                EventBusName = "MyEventBus"

            // Logging
            var eventLoggerRule = new Rule(this, "EventLoggerRule", new RuleProps
                Description  = "Log all events",
                EventPattern = new EventPattern
                    Region = new string[] { "us-west-2" }
                EventBus = eventBus

            var logGroup = new LogGroup(this, "EventLogGroup", new LogGroupProps
                LogGroupName = "/aws/events/MyEventBus",

            eventLoggerRule.AddTarget(new EventTargets.CloudWatchLogGroup(logGroup));

            // API
            var httpApi = new HttpApi(this, "MyHttpApi");

            // There"s no Eventbridge integration available as CDK L2 yet, so we have to use L1 and create Role, Integration and Route
            var apiRole = new Role(this, "EventBridgeIntegrationRole", new RoleProps
                AssumedBy = new ServicePrincipal("apigateway.amazonaws.com"),

                new PolicyStatement(new PolicyStatementProps
                Effect    = Effect.ALLOW,
                Resources = new string[] { eventBus.EventBusArn },
                Actions   = new string[] { "events:PutEvents" },

            var eventbridgeIntegration = new CfnIntegration(
                new CfnIntegrationProps
                ApiId              = httpApi.HttpApiId,
                IntegrationType    = "AWS_PROXY",
                IntegrationSubtype = "EventBridge-PutEvents",
                CredentialsArn     = apiRole.RoleArn,
                RequestParameters  = new Dictionary <string, object>
                    ["Source"]       = "WebApp",
                    ["DetailType"]   = "MyDetailType",
                    ["Detail"]       = "$request.body",
                    ["EventBusName"] = eventBus.EventBusArn
                PayloadFormatVersion = "1.0",
                TimeoutInMillis      = 10000,

            new CfnRoute(this, "EventRoute", new CfnRouteProps
                ApiId    = httpApi.HttpApiId,
                RouteKey = "POST /",
                Target   = $"integrations/{eventbridgeIntegration.Ref}",

            new CfnOutput(this, "apiUrl", new CfnOutputProps {
                Value = httpApi.Url !, Description = "HTTP API endpoint URL"
Exemple #5
        public KinesisFirehoseStack(Construct parent, string id, KinesisFirehoseStackProps props) : base(parent, id,
            var clicksDestinationBucket = new Bucket(this, "Bucket", new BucketProps
                Versioned = true

            var firehoseDeliveryRole = new Role(this, "FirehoseDeliveryRole", new RoleProps
                RoleName    = "FirehoseDeliveryRole",
                AssumedBy   = new ServicePrincipal("firehose.amazonaws.com"),
                ExternalIds = new string[]

            var firehoseDeliveryPolicyS3Stm = new PolicyStatement();


            var lambdaFunctionPolicy = new PolicyStatement();

            var LambdaFunctionPolicyStmXRay = new PolicyStatement();

                //  Allows the Lambda function to interact with X-Ray
            var mysfitsClicksProcessor = new Function(this, "Function", new FunctionProps
                Handler     = "streaming_lambda::streaming_lambda.function::FunctionHandlerAsync",
                Runtime     = Runtime.DOTNET_CORE_2_1,
                Description = "An Amazon Kinesis Firehose stream processor that enriches click records" +
                              " to not just include a mysfitId, but also other attributes that can be analyzed later.",
                MemorySize    = 128,
                Code          = Code.FromAsset("../lambda/stream/bin/Debug/netcoreapp2.1/Publish"),
                Timeout       = Duration.Seconds(30),
                Tracing       = Tracing.ACTIVE,
                InitialPolicy = new PolicyStatement[]
                Environment = new Dictionary <string, string>()

            var firehoseDeliveryPolicyLambdaStm = new PolicyStatement();


            var mysfitsFireHoseToS3 = new CfnDeliveryStream(this, "DeliveryStream", new CfnDeliveryStreamProps
                ExtendedS3DestinationConfiguration = new CfnDeliveryStream.ExtendedS3DestinationConfigurationProperty()
                    BucketArn      = clicksDestinationBucket.BucketArn,
                    BufferingHints = new CfnDeliveryStream.BufferingHintsProperty
                        IntervalInSeconds = 60,
                        SizeInMBs         = 50
                    CompressionFormat       = "UNCOMPRESSED",
                    Prefix                  = "firehose/",
                    RoleArn                 = firehoseDeliveryRole.RoleArn,
                    ProcessingConfiguration = new CfnDeliveryStream.ProcessingConfigurationProperty
                        Enabled    = true,
                        Processors = new CfnDeliveryStream.ProcessorProperty[]
                            new CfnDeliveryStream.ProcessorProperty()
                                Type       = "Lambda",
                                Parameters = new CfnDeliveryStream.ProcessorParameterProperty
                                    ParameterName  = "LambdaArn",
                                    ParameterValue = mysfitsClicksProcessor.FunctionArn

            new CfnPermission(this, "Permission", new CfnPermissionProps
                Action        = "lambda:InvokeFunction",
                FunctionName  = mysfitsClicksProcessor.FunctionArn,
                Principal     = "firehose.amazonaws.com",
                SourceAccount = Amazon.CDK.Aws.ACCOUNT_ID,
                SourceArn     = mysfitsFireHoseToS3.AttrArn

            var clickProcessingApiRole = new Role(this, "ClickProcessingApiRole", new RoleProps
                AssumedBy = new ServicePrincipal("apigateway.amazonaws.com")

            var apiPolicy = new PolicyStatement();

            new Policy(this, "ClickProcessingApiPolicy", new PolicyProps
                PolicyName = "api_gateway_firehose_proxy_role",
                Statements = new PolicyStatement[]
                Roles = new[] { clickProcessingApiRole }

            var api = new RestApi(this, "APIEndpoint", new RestApiProps
                RestApiName    = "ClickProcessing API Service",
                CloudWatchRole = false,
                EndpointTypes  = new EndpointType[]

            var clicks = api.Root.AddResource("clicks");

            clicks.AddMethod("PUT", new AwsIntegration(new AwsIntegrationProps
                Service = "firehose",
                IntegrationHttpMethod = "POST",
                Action  = "PutRecord",
                Options = new IntegrationOptions
                    ConnectionType       = ConnectionType.INTERNET,
                    CredentialsRole      = clickProcessingApiRole,
                    IntegrationResponses = new IntegrationResponse[]
                        new IntegrationResponse()
                            StatusCode        = "200",
                            ResponseTemplates =
                                { "application/json", "{\"status\":\"OK\"}" }
                            ResponseParameters =
                                { "method.response.header.Access-Control-Allow-Headers", "'Content-Type'" },
                                { "method.response.header.Access-Control-Allow-Methods", "'OPTIONS,PUT'"  },
                                { "method.response.header.Access-Control-Allow-Origin",  "'*'"            }
                    RequestParameters =
                        { "integration.request.header.Content-Type", "'application/x-amz-json-1.1'" }
                    RequestTemplates =
                            "{\"DeliveryStreamName\":\"" + mysfitsFireHoseToS3.Ref +
                            "\", \"Record\": { \"Data\": \"$util.base64Encode($input.json('$'))\"}"
                             new MethodOptions
                MethodResponses = new MethodResponse[]
                    new MethodResponse
                        StatusCode         = "200",
                        ResponseParameters =
                            { "method.response.header.Access-Control-Allow-Headers", true },
                            { "method.response.header.Access-Control-Allow-Methods", true },
                            { "method.response.header.Access-Control-Allow-Origin",  true }

            clicks.AddMethod("OPTIONS", new MockIntegration(new IntegrationOptions
                IntegrationResponses = new IntegrationResponse[]
                    new IntegrationResponse
                        StatusCode         = "200",
                        ResponseParameters = new Dictionary <string, string>
                            { "method.response.header.Access-Control-Allow-Origin", "'*'" },
                            { "method.response.header.Access-Control-Allow-Credentials", "'false'" },
                            { "method.response.header.Access-Control-Allow-Methods", "'OPTIONS,GET,PUT,POST,DELETE'" }
                PassthroughBehavior = PassthroughBehavior.NEVER,
                RequestTemplates    = new Dictionary <string, string>
                    { "application/json", "{\"statusCode\": 200}" }
                             new MethodOptions
                MethodResponses = new MethodResponse[]
                    new MethodResponse
                        StatusCode         = "200",
                        ResponseParameters = new Dictionary <string, bool>
                            { "method.response.header.Access-Control-Allow-Headers", true },
                            { "method.response.header.Access-Control-Allow-Methods", true },
                            { "method.response.header.Access-Control-Allow-Credentials", true },
                            { "method.response.header.Access-Control-Allow-Origin", true }
        public void CreateLogConsumerResources()
            var firehoseLambdaRole = new Role(this, "FirehoseLambdaRole", new RoleProps
                AssumedBy = new ServicePrincipal("lambda.amazonaws.com"),
                Path      = "/",

            firehoseLambdaRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
                Effect    = Effect.ALLOW,
                Resources = new string[] { "arn:aws:logs:*:*:*" },
                Actions   = new string[] { "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" },

            var handler = new Function(this, "FirehoseDataProcessorFunction", new FunctionProps
                FunctionName = "data-processor-function",
                Runtime      = Runtime.NODEJS_12_X,
                Code         = Code.FromAsset("resources"),
                Handler      = "index.handler",
                Role         = firehoseLambdaRole,
                Timeout      = Duration.Minutes(2)

            //FirehoseDeliveryRole & Policies
            var firehoseDeliveryRole = new Role(this, "FirehoseDeliveryRole", new RoleProps
                AssumedBy = new ServicePrincipal("firehose.amazonaws.com"),
                Path      = "/"

            //S3 permissions
            firehoseDeliveryRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
                Effect    = Effect.ALLOW,
                Resources = new string[] { _logsBucket.BucketArn, _logsBucket.BucketArn + "/*" },
                Actions   = new string[] { "s3:AbortMultipartUpload", "s3:GetBucketLocation", "s3:GetObject"
                                           , "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutObject" },

            //Lambda permissions
            firehoseDeliveryRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
                Effect    = Effect.ALLOW,
                Resources = new string[] { handler.FunctionArn },
                Actions   = new string[] { "lambda:GetFunctionConfiguration", "lambda:InvokeFunction" },

            //Log group for Firehose logs.
            var firehoseloggroup = new LogGroup(this, "firehoseloggroup", new LogGroupProps
                LogGroupName = "central-logs-delivery-group"
            var logstream = new LogStream(this, "logstream", new LogStreamProps
                LogStreamName = "central-logs-delivery-stream",
                LogGroup      = firehoseloggroup

            firehoseDeliveryRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
                Effect    = Effect.ALLOW,
                Resources = new string[] { firehoseloggroup.LogGroupArn },
                Actions   = new string[] { "logs:PutLogEvents" },

            //FirehoseLoggingDeliveryStream - Start
            CfnDeliveryStream.ExtendedS3DestinationConfigurationProperty s3config = new CfnDeliveryStream.ExtendedS3DestinationConfigurationProperty();
            s3config.BucketArn      = _logsBucket.BucketArn;
            s3config.BufferingHints = new CfnDeliveryStream.BufferingHintsProperty
                SizeInMBs         = 50,
                IntervalInSeconds = 300
            s3config.CompressionFormat = "UNCOMPRESSED";
            s3config.RoleArn           = firehoseDeliveryRole.RoleArn;
            s3config.Prefix            = "CentralLogs/AWSLogs/";
            s3config.ErrorOutputPrefix = "CentralLogs/AWSLogs/Error/";

            var parameters = new CfnDeliveryStream.ProcessorParameterProperty();

            parameters.ParameterName  = "LambdaArn";
            parameters.ParameterValue = handler.FunctionArn;

            var paramsArray1 = new CfnDeliveryStream.ProcessorParameterProperty[] { parameters };

            var processorProperty = new CfnDeliveryStream.ProcessorProperty();

            processorProperty.Parameters = paramsArray1;
            processorProperty.Type       = "Lambda";

            var paramsArray = new CfnDeliveryStream.ProcessorProperty[] { processorProperty };

            s3config.ProcessingConfiguration = new CfnDeliveryStream.ProcessingConfigurationProperty
                Enabled    = true,
                Processors = paramsArray

            s3config.CloudWatchLoggingOptions = new CfnDeliveryStream.CloudWatchLoggingOptionsProperty
                Enabled       = true,
                LogGroupName  = firehoseloggroup.LogGroupName,
                LogStreamName = logstream.LogStreamName

            CfnDeliveryStream firehoseDeliveryStream = new CfnDeliveryStream(this, "FirehoseLoggingDeliveryStream", new CfnDeliveryStreamProps
                DeliveryStreamType = "DirectPut",
                ExtendedS3DestinationConfiguration = s3config
            //FirehoseLoggingDeliveryStream - End

            //Policy Statements for LogDestination- start
            var policyStmt = new PolicyStatement(new PolicyStatementProps()
                Actions   = new string[] { "firehose:PutRecord" },
                Resources = new string[] { "*" },
                Effect    = Effect.ALLOW
            var policyDoc = new PolicyDocument();

            policyDoc.AddStatements(new PolicyStatement[] { policyStmt });

            var policyProp = new CfnRole.PolicyProperty();

            policyProp.PolicyName     = "logDestinationPolicy";
            policyProp.PolicyDocument = policyDoc;
            //Policy Statements - end

            //AssumeRolePolicyDocument for LogDestination - start
            var principal             = new ServicePrincipal("logs.amazonaws.com");
            var assumePolicyStatement = new PolicyStatement(new PolicyStatementProps
                Actions    = new string[] { "sts:AssumeRole" },
                Effect     = Effect.ALLOW,
                Principals = new IPrincipal[] { principal }
            var assumePolicyDoc = new PolicyDocument();

            assumePolicyDoc.AddStatements(new PolicyStatement[] { assumePolicyStatement });
            //AssumeRolePolicyDocument - end

            var roleProps = new CfnRoleProps {
                Path = "/",
                AssumeRolePolicyDocument = assumePolicyDoc,
                Policies = new CfnRole.PolicyProperty[] { policyProp }

            CfnRole cfnRole = new CfnRole(this, "CfnRole", roleProps);

            CfnDestination logDestination = new CfnDestination(this, "LogDestination", new CfnDestinationProps
                DestinationName   = "Central-Log-Destination",
                RoleArn           = cfnRole.AttrArn,
                TargetArn         = firehoseDeliveryStream.AttrArn,
                DestinationPolicy = "{\"Version\" : \"2012-10-17\",\"Statement\" : [{\"Effect\" : \"Allow\", \"Principal\" : {\"AWS\" :  [\"" + SourceLogAccountId + "\"]},\"Action\" : \"logs:PutSubscriptionFilter\", \"Resource\" : \"arn:aws:logs:" + this.Region + ":"
                                    + DestinationAccountId + ":destination:Central-Log-Destination\"}]}"


            LogDestinationArn = logDestination.AttrArn;

            CfnOutput output = new CfnOutput(this, "LogDestinationARN", new CfnOutputProps {
                Description = "LogDestination ARN",
                Value       = logDestination.AttrArn
        internal VotingStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
            var table = new Table(this, "Connections", new TableProps
                PartitionKey = new Attribute
                    Name = "connectionId",
                    Type = AttributeType.STRING
                TableName = "Connections"

            var connectFunc = new Function(this, "onconnectfunction", new FunctionProps
                Tracing     = Tracing.ACTIVE,
                Runtime     = Runtime.DOTNET_CORE_2_1,
                Timeout     = Duration.Seconds(30),
                MemorySize  = 256,
                Environment = new Dictionary <string, string>()
                    { "TABLE_NAME", table.TableName }
                FunctionName = "OnConnect",
                Code         = Code.FromAsset("./assets/OnConnect.zip"),
                Handler      = "OnConnect::OnConnect.Function::FunctionHandler"

            var disconnectFunc = new Function(this, "ondisconnectfunction", new FunctionProps
                Tracing     = Tracing.ACTIVE,
                Runtime     = Runtime.DOTNET_CORE_2_1,
                Timeout     = Duration.Seconds(30),
                MemorySize  = 256,
                Environment = new Dictionary <string, string>()
                    { "TABLE_NAME", table.TableName }
                FunctionName = "OnDisconnect",
                Code         = Code.FromAsset("./assets/OnDisconnect.zip"),
                Handler      = "OnDisconnect::OnDisconnect.Function::FunctionHandler"

            var messageFunc = new Function(this, "sendmessagefunction", new FunctionProps
                Tracing     = Tracing.ACTIVE,
                Runtime     = Runtime.DOTNET_CORE_2_1,
                Timeout     = Duration.Seconds(30),
                MemorySize  = 256,
                Environment = new Dictionary <string, string>()
                    { "TABLE_NAME", table.TableName }
                FunctionName = "SendMessage",
                Code         = Code.FromAsset("./assets/SendMessage.zip"),
                Handler      = "SendMessage::SendMessage.Function::FunctionHandler"


            // initialise api
            var name = "voting-api";
            var api  = new CfnApi(this, name, new CfnApiProps {
                ProtocolType             = "WEBSOCKET",
                RouteSelectionExpression = "$request.body.action",

            var policy = new PolicyStatement(new PolicyStatementProps {
                Effect    = Effect.ALLOW,
                Resources = new[] {

            var role = new Role(this, "chatrole-iam-role", new RoleProps {
                AssumedBy = new ServicePrincipal("apigateway.amazonaws.com")


//            var api = new Amazon.CDK.AWS.APIGatewayv2.CfnApi(this, "api", new CfnApiProps
//            {
//                Name = "apicdk",
//                ProtocolType = "WEBSOCKET",
//                RouteSelectionExpression = "$request.body.message",
//            });

//            LAMBDA_URI =
//                $"arn:aws:apigateway:{region}:lambda:path/2015-03-31/functions/{onconnectFunction.FunctionArn}/invocations";
//            var integration =
//                new Amazon.CDK.AWS.APIGatewayv2.CfnIntegration(this, "integration", new CfnIntegrationProps
//                    {
//                        ApiId = api.Ref,
//                        IntegrationType = "AWS_PROXY",
//                        CredentialsArn = CREDENTAILS_ARN,
//                        IntegrationUri = LAMBDA_URI
//                    }
//                );
//            var route = new Amazon.CDK.AWS.APIGatewayv2.CfnRoute(this, "route", new CfnRouteProps
//            {
//                RouteKey = "RouteKey1",
//                AuthorizationType = "NONE",
//                ApiId = api.Ref,
//                Target ="integrations/" + integration.Ref,
//            });
//            var deployment = new Amazon.CDK.AWS.APIGatewayv2.CfnDeployment(this, "deployment", new CfnDeploymentProps
//            {
//                ApiId = api.Ref,
//            });
//            var stage = new Amazon.CDK.AWS.APIGatewayv2.CfnStage(this, "stage", new CfnStageProps {
//                ApiId = api.Ref,
//                StageName = "Prod",
//                DeploymentId = deployment.Ref
//            });

//            new CfnOutput(this, "APIGateWayURL", new CfnOutputProps
//            {
//                Value = $"wss://{stage.ApiId}.execute-api.{region}.amazonaws.com/{stage.StageName}"
//            });

             *          var startJobFunction = new Function(this, "StartJobFunction", new FunctionProps
             *          {
             *              Tracing = Tracing.ACTIVE,
             *              Runtime = Runtime.DOTNET_CORE_2_1,
             *              Timeout = Duration.Seconds(30),
             *              MemorySize = 256,
             *              Environment = new Dictionary<string, string>()
             *              {
             *                  { "TRANSCRIBE_OUTPUT_BUCKET", outputBucket.BucketName },
             *                  { "TRANSCRIBE_LANGUAGE_CODE", languageCode }
             *              },
             *              FunctionName = "StartTranscriptionJob",
             *              Code = Code.FromAsset("./assets/StartTranscriptionJob.zip"),
             *              Handler = "StartTranscriptionJob::StartTranscriptionJob.Function::FunctionHandler",
             *              Events = new[]
             *              {
             *                  new Api(inputBucket, new S3EventSourceProps
             *                  {
             *                      Events = new [] { EventType.OBJECT_CREATED }
             *                  })
             *              }
             *          });
             *          var notifyCompletionFunction = new Function(this, "NotifyCompleteFunction", new FunctionProps
             *          {
             *              Tracing = Tracing.ACTIVE,
             *              Runtime = Runtime.DOTNET_CORE_2_1,
             *              Timeout = Duration.Seconds(30),
             *              MemorySize = 256,
             *              Environment = new Dictionary<string, string>()
             *              {
             *                  { "TRANSCRIBE_TOPIC_ARN", notificationTopic.TopicArn }
             *              },
             *              FunctionName = "NotifyTranscriptionJobComplete",
             *              Code = Code.FromAsset("./assets/NotifyTranscriptionJobComplete.zip"),
             *              Handler = "NotifyTranscriptionJobComplete::NotifyTranscriptionJobComplete.Function::FunctionHandler",
             *              Events = new[]
             *              {
             *                  new S3EventSource(outputBucket, new S3EventSourceProps
             *                  {
             *                      Events = new [] { EventType.OBJECT_CREATED }
             *                  })
             *              }
             *          });
             *          new CfnOutput(this, "APIGateWayURL", new CfnOutputProps
             *          {
             *              Value = inputBucket.BucketName
             *          }); */
        internal CensusEtlStack(Construct scope, string id, CensusEtlStackProps props) : base(scope, id, props)
            var securityGroup = SecurityGroup.FromSecurityGroupId(this, "aurora-sg", props.AuroraSeucrityGroupId);

            var censusBucket           = Bucket.FromBucketName(this, "lambdaBucket", props.CensusArtifactBucket);
            var awsManagedLambdaPolicy = ManagedPolicy.FromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole");

            var queue = new Queue(this, "queue", new QueueProps
                QueueName = props.CensusEtlQueue

            new CfnOutput(this, "sqs-queue", new CfnOutputProps
                ExportName = "enqueueSQS",
                Value      = queue.QueueUrl

            var enqueueRole = new Role(this, "enqueue-role", new RoleProps
                AssumedBy = new ServicePrincipal("lambda.amazonaws.com")

            enqueueRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
                Effect    = Effect.ALLOW,
                Resources = new string[] { censusBucket.BucketArn },
                Actions   = new string[] { "s3:ListBucket" }
            enqueueRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
                Effect    = Effect.ALLOW,
                Resources = new string[] { queue.QueueArn },
                Actions   = new string[] { "sqs:SendMessage" }

            new Function(this, "census-etl", new FunctionProps
                Runtime        = Runtime.DOTNET_CORE_3_1,
                Handler        = "EtlEnqueue::EtlEnqueue.Function::FunctionHandler",
                Code           = Code.FromAsset("EtlEnqueue/bin/Debug/netcoreapp3.1/publish"),
                SecurityGroups = new ISecurityGroup[] { securityGroup },
                Role           = enqueueRole

            var workerRole = new Role(this, "worker-role", new RoleProps
                AssumedBy = new ServicePrincipal("lambda.amazonaws.com")

            workerRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
                Effect    = Effect.ALLOW,
                Resources = new string[] { censusBucket.BucketArn },
                Actions   = new string[] { "s3:GetObject" }
            workerRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
                Effect    = Effect.ALLOW,
                Resources = new string[] { queue.QueueArn },
                Actions   = new string[]

            var workerFunction = new Function(this, "worker-function", new FunctionProps
                Runtime        = Runtime.DOTNET_CORE_3_1,
                Handler        = "something",
                Code           = Code.FromAsset("EtlEnqueue/bin/Debug/netcoreapp3.1/publish"),
                SecurityGroups = new ISecurityGroup[] { securityGroup },
                ReservedConcurrentExecutions = 2,
                Role = workerRole

            workerFunction.AddEventSource(new SqsEventSource(queue));