internal Role LambdaAirRole()
{
if (_role != null)
{
return(_role);
}
// TODO: create roles with required permissions
_role = new Role(this, $"lrole-{Guid.NewGuid().ToString()}", new RoleProps {
RoleName = $"lrole-{Guid.NewGuid().ToString()}",
Description = @"THis is role is to be used by lambda functions within AirQuality project",
AssumedBy = new ServicePrincipal("lambda.amazonaws.com")
});
// Adding permissions
_role.AddToPolicy(SQSFullAccess);
_role.AddToPolicy(SNSFullAccess);
_role.AddToPolicy(LambdaFullAccess);
_role.AddToPolicy(DynamoFullAccess);
_role.AddToPolicy(CloudWatchFullAccess);
return(_role);
}
public static Role GetRole(TodoInfraStack stack, string roleId,
string[] ManagedPolicyArns,
string[] PrincipalServices,
string PolicyName, string[] Actions, string resources)
{
var roleProps = new RoleProps {
Path = "/",
AssumedBy = new ServicePrincipal(PrincipalServices[0])
};
if (PrincipalServices.Length > 0)
{
List <PrincipalBase> principalBases = new List <PrincipalBase>();
foreach (string service in PrincipalServices)
{
PrincipalBase principalBase = new ServicePrincipal(service);
principalBases.Add(principalBase);
}
var compositePrincipal = new CompositePrincipal(principalBases.ToArray());
roleProps = new RoleProps {
Path = "/",
AssumedBy = compositePrincipal
};
}
var iamRole = new Role(stack, roleId, roleProps);
foreach (string arn in ManagedPolicyArns)
{
iamRole.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName(arn));
}
PolicyStatement policyStatement = new PolicyStatement(new PolicyStatementProps {
Actions = Actions,
Resources = new string[] { resources },
Effect = Effect.ALLOW
});
iamRole.AddToPolicy(policyStatement);
return(iamRole);
}
internal CdkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
var startState = new Pass(this, "StartState");
var logGroup = new LogGroup(this, "HttpExpressWorkflowLogGroup");
var stepFunction = new StateMachine(this, "HttpExpressWorkflow", new StateMachineProps()
{
StateMachineName = "HttpExpressWorkflowExample",
StateMachineType = StateMachineType.EXPRESS,
Definition = startState,
Logs = new LogOptions()
{
Destination = logGroup,
Level = LogLevel.ALL
},
TracingEnabled = true
});
var apiGatewayRole = new Role(this, "ApiGatewayRole", new RoleProps()
{
AssumedBy = new ServicePrincipal("apigateway.amazonaws.com")
});
apiGatewayRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps()
{
Effect = Effect.ALLOW,
Sid = "AllowStepFunctionExecution",
Actions = new string[1] {
"states:StartSyncExecution"
},
Resources = new string[1] {
stepFunction.StateMachineArn
}
}));
var httpApi = new CfnHttpApi(this, "HttpApi", new CfnHttpApiProps()
{
StageName = "Main",
});
var integration = new CfnIntegration(this, "StepFunctionIntegration", new CfnIntegrationProps()
{
ApiId = httpApi.Ref,
IntegrationType = "AWS_PROXY",
IntegrationSubtype = "StepFunctions-StartSyncExecution",
CredentialsArn = apiGatewayRole.RoleArn,
RequestParameters = new Dictionary <string, string>(2)
{
{ "Input", "$request.body" },
{ "StateMachineArn", stepFunction.StateMachineArn }
},
PayloadFormatVersion = "1.0",
ConnectionType = "INTERNET"
});
var route = new CfnRoute(this, "StepFunctionRoute", new CfnRouteProps()
{
ApiId = httpApi.Ref,
RouteKey = "POST /execute",
Target = $"integrations/{integration.Ref}"
});
}
internal ApigwHttpApiEventbridgeDotnetCdkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
var eventBus = new EventBus(this, "MyEventBus", new EventBusProps
{
EventBusName = "MyEventBus"
});
// Logging
var eventLoggerRule = new Rule(this, "EventLoggerRule", new RuleProps
{
Description = "Log all events",
EventPattern = new EventPattern
{
Region = new string[] { "us-west-2" }
},
EventBus = eventBus
});
var logGroup = new LogGroup(this, "EventLogGroup", new LogGroupProps
{
LogGroupName = "/aws/events/MyEventBus",
});
eventLoggerRule.AddTarget(new EventTargets.CloudWatchLogGroup(logGroup));
// API
var httpApi = new HttpApi(this, "MyHttpApi");
// There"s no Eventbridge integration available as CDK L2 yet, so we have to use L1 and create Role, Integration and Route
var apiRole = new Role(this, "EventBridgeIntegrationRole", new RoleProps
{
AssumedBy = new ServicePrincipal("apigateway.amazonaws.com"),
});
apiRole.AddToPolicy(
new PolicyStatement(new PolicyStatementProps
{
Effect = Effect.ALLOW,
Resources = new string[] { eventBus.EventBusArn },
Actions = new string[] { "events:PutEvents" },
})
);
var eventbridgeIntegration = new CfnIntegration(
this,
"EventBridgeIntegration",
new CfnIntegrationProps
{
ApiId = httpApi.HttpApiId,
IntegrationType = "AWS_PROXY",
IntegrationSubtype = "EventBridge-PutEvents",
CredentialsArn = apiRole.RoleArn,
RequestParameters = new Dictionary <string, object>
{
["Source"] = "WebApp",
["DetailType"] = "MyDetailType",
["Detail"] = "$request.body",
["EventBusName"] = eventBus.EventBusArn
},
PayloadFormatVersion = "1.0",
TimeoutInMillis = 10000,
}
);
new CfnRoute(this, "EventRoute", new CfnRouteProps
{
ApiId = httpApi.HttpApiId,
RouteKey = "POST /",
Target = $"integrations/{eventbridgeIntegration.Ref}",
});
new CfnOutput(this, "apiUrl", new CfnOutputProps {
Value = httpApi.Url !, Description = "HTTP API endpoint URL"
});
public KinesisFirehoseStack(Construct parent, string id, KinesisFirehoseStackProps props) : base(parent, id,
props)
{
var clicksDestinationBucket = new Bucket(this, "Bucket", new BucketProps
{
Versioned = true
});
var firehoseDeliveryRole = new Role(this, "FirehoseDeliveryRole", new RoleProps
{
RoleName = "FirehoseDeliveryRole",
AssumedBy = new ServicePrincipal("firehose.amazonaws.com"),
ExternalIds = new string[]
{
Aws.ACCOUNT_ID
}
});
var firehoseDeliveryPolicyS3Stm = new PolicyStatement();
firehoseDeliveryPolicyS3Stm.AddActions("s3:AbortMultipartUpload",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutObject");
firehoseDeliveryPolicyS3Stm.AddResources(clicksDestinationBucket.BucketArn);
firehoseDeliveryPolicyS3Stm.AddResources(clicksDestinationBucket.ArnForObjects("*"));
var lambdaFunctionPolicy = new PolicyStatement();
lambdaFunctionPolicy.AddActions("dynamodb:GetItem");
lambdaFunctionPolicy.AddResources(props.TableArn);
var LambdaFunctionPolicyStmXRay = new PolicyStatement();
LambdaFunctionPolicyStmXRay.AddActions(
// Allows the Lambda function to interact with X-Ray
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingRules",
"xray:GetSamplingTargets",
"xray:GetSamplingStatisticSummaries"
);
LambdaFunctionPolicyStmXRay.AddAllResources();
var mysfitsClicksProcessor = new Function(this, "Function", new FunctionProps
{
Handler = "streaming_lambda::streaming_lambda.function::FunctionHandlerAsync",
Runtime = Runtime.DOTNET_CORE_2_1,
Description = "An Amazon Kinesis Firehose stream processor that enriches click records" +
" to not just include a mysfitId, but also other attributes that can be analyzed later.",
MemorySize = 128,
Code = Code.FromAsset("../lambda/stream/bin/Debug/netcoreapp2.1/Publish"),
Timeout = Duration.Seconds(30),
Tracing = Tracing.ACTIVE,
InitialPolicy = new PolicyStatement[]
{
lambdaFunctionPolicy,
LambdaFunctionPolicyStmXRay
},
Environment = new Dictionary <string, string>()
{
{
"mysfits_api_url",
string.Format($"https://${props.APIid}.execute-api.{Amazon.CDK.Aws.REGION}.amazonaws.com/prod/")
}
}
});
var firehoseDeliveryPolicyLambdaStm = new PolicyStatement();
firehoseDeliveryPolicyLambdaStm.AddActions("lambda:InvokeFunction");
firehoseDeliveryPolicyLambdaStm.AddResources(mysfitsClicksProcessor.FunctionArn);
firehoseDeliveryRole.AddToPolicy(firehoseDeliveryPolicyS3Stm);
firehoseDeliveryRole.AddToPolicy(firehoseDeliveryPolicyLambdaStm);
var mysfitsFireHoseToS3 = new CfnDeliveryStream(this, "DeliveryStream", new CfnDeliveryStreamProps
{
ExtendedS3DestinationConfiguration = new CfnDeliveryStream.ExtendedS3DestinationConfigurationProperty()
{
BucketArn = clicksDestinationBucket.BucketArn,
BufferingHints = new CfnDeliveryStream.BufferingHintsProperty
{
IntervalInSeconds = 60,
SizeInMBs = 50
},
CompressionFormat = "UNCOMPRESSED",
Prefix = "firehose/",
RoleArn = firehoseDeliveryRole.RoleArn,
ProcessingConfiguration = new CfnDeliveryStream.ProcessingConfigurationProperty
{
Enabled = true,
Processors = new CfnDeliveryStream.ProcessorProperty[]
{
new CfnDeliveryStream.ProcessorProperty()
{
Type = "Lambda",
Parameters = new CfnDeliveryStream.ProcessorParameterProperty
{
ParameterName = "LambdaArn",
ParameterValue = mysfitsClicksProcessor.FunctionArn
}
}
}
}
}
});
new CfnPermission(this, "Permission", new CfnPermissionProps
{
Action = "lambda:InvokeFunction",
FunctionName = mysfitsClicksProcessor.FunctionArn,
Principal = "firehose.amazonaws.com",
SourceAccount = Amazon.CDK.Aws.ACCOUNT_ID,
SourceArn = mysfitsFireHoseToS3.AttrArn
});
var clickProcessingApiRole = new Role(this, "ClickProcessingApiRole", new RoleProps
{
AssumedBy = new ServicePrincipal("apigateway.amazonaws.com")
});
var apiPolicy = new PolicyStatement();
apiPolicy.AddActions("firehose:PutRecord");
apiPolicy.AddResources(mysfitsFireHoseToS3.AttrArn);
new Policy(this, "ClickProcessingApiPolicy", new PolicyProps
{
PolicyName = "api_gateway_firehose_proxy_role",
Statements = new PolicyStatement[]
{
apiPolicy
},
Roles = new[] { clickProcessingApiRole }
});
var api = new RestApi(this, "APIEndpoint", new RestApiProps
{
RestApiName = "ClickProcessing API Service",
CloudWatchRole = false,
EndpointTypes = new EndpointType[]
{
EndpointType.REGIONAL
}
});
var clicks = api.Root.AddResource("clicks");
clicks.AddMethod("PUT", new AwsIntegration(new AwsIntegrationProps
{
Service = "firehose",
IntegrationHttpMethod = "POST",
Action = "PutRecord",
Options = new IntegrationOptions
{
ConnectionType = ConnectionType.INTERNET,
CredentialsRole = clickProcessingApiRole,
IntegrationResponses = new IntegrationResponse[]
{
new IntegrationResponse()
{
StatusCode = "200",
ResponseTemplates =
{
{ "application/json", "{\"status\":\"OK\"}" }
},
ResponseParameters =
{
{ "method.response.header.Access-Control-Allow-Headers", "'Content-Type'" },
{ "method.response.header.Access-Control-Allow-Methods", "'OPTIONS,PUT'" },
{ "method.response.header.Access-Control-Allow-Origin", "'*'" }
}
}
},
RequestParameters =
{
{ "integration.request.header.Content-Type", "'application/x-amz-json-1.1'" }
},
RequestTemplates =
{
{
"application/json",
"{\"DeliveryStreamName\":\"" + mysfitsFireHoseToS3.Ref +
"\", \"Record\": { \"Data\": \"$util.base64Encode($input.json('$'))\"}"
}
}
}
}),
new MethodOptions
{
MethodResponses = new MethodResponse[]
{
new MethodResponse
{
StatusCode = "200",
ResponseParameters =
{
{ "method.response.header.Access-Control-Allow-Headers", true },
{ "method.response.header.Access-Control-Allow-Methods", true },
{ "method.response.header.Access-Control-Allow-Origin", true }
}
}
}
});
clicks.AddMethod("OPTIONS", new MockIntegration(new IntegrationOptions
{
IntegrationResponses = new IntegrationResponse[]
{
new IntegrationResponse
{
StatusCode = "200",
ResponseParameters = new Dictionary <string, string>
{
{
"method.response.header.Access-Control-Allow-Headers",
"'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'"
},
{ "method.response.header.Access-Control-Allow-Origin", "'*'" },
{ "method.response.header.Access-Control-Allow-Credentials", "'false'" },
{ "method.response.header.Access-Control-Allow-Methods", "'OPTIONS,GET,PUT,POST,DELETE'" }
}
}
},
PassthroughBehavior = PassthroughBehavior.NEVER,
RequestTemplates = new Dictionary <string, string>
{
{ "application/json", "{\"statusCode\": 200}" }
}
}),
new MethodOptions
{
MethodResponses = new MethodResponse[]
{
new MethodResponse
{
StatusCode = "200",
ResponseParameters = new Dictionary <string, bool>
{
{ "method.response.header.Access-Control-Allow-Headers", true },
{ "method.response.header.Access-Control-Allow-Methods", true },
{ "method.response.header.Access-Control-Allow-Credentials", true },
{ "method.response.header.Access-Control-Allow-Origin", true }
}
}
}
});
}
public void CreateLogConsumerResources()
{
//LambdaRole
var firehoseLambdaRole = new Role(this, "FirehoseLambdaRole", new RoleProps
{
AssumedBy = new ServicePrincipal("lambda.amazonaws.com"),
Path = "/",
});
firehoseLambdaRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
{
Effect = Effect.ALLOW,
Resources = new string[] { "arn:aws:logs:*:*:*" },
Actions = new string[] { "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" },
}));
//FirehoseDataProcessingFunction
var handler = new Function(this, "FirehoseDataProcessorFunction", new FunctionProps
{
FunctionName = "data-processor-function",
Runtime = Runtime.NODEJS_12_X,
Code = Code.FromAsset("resources"),
Handler = "index.handler",
Role = firehoseLambdaRole,
Timeout = Duration.Minutes(2)
});
//FirehoseDeliveryRole & Policies
var firehoseDeliveryRole = new Role(this, "FirehoseDeliveryRole", new RoleProps
{
AssumedBy = new ServicePrincipal("firehose.amazonaws.com"),
Path = "/"
});
//S3 permissions
firehoseDeliveryRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
{
Effect = Effect.ALLOW,
Resources = new string[] { _logsBucket.BucketArn, _logsBucket.BucketArn + "/*" },
Actions = new string[] { "s3:AbortMultipartUpload", "s3:GetBucketLocation", "s3:GetObject"
, "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutObject" },
}));
//Lambda permissions
firehoseDeliveryRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
{
Effect = Effect.ALLOW,
Resources = new string[] { handler.FunctionArn },
Actions = new string[] { "lambda:GetFunctionConfiguration", "lambda:InvokeFunction" },
}));
//Log group for Firehose logs.
var firehoseloggroup = new LogGroup(this, "firehoseloggroup", new LogGroupProps
{
LogGroupName = "central-logs-delivery-group"
});
var logstream = new LogStream(this, "logstream", new LogStreamProps
{
LogStreamName = "central-logs-delivery-stream",
LogGroup = firehoseloggroup
});
firehoseDeliveryRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
{
Effect = Effect.ALLOW,
Resources = new string[] { firehoseloggroup.LogGroupArn },
Actions = new string[] { "logs:PutLogEvents" },
}));
//FirehoseLoggingDeliveryStream - Start
CfnDeliveryStream.ExtendedS3DestinationConfigurationProperty s3config = new CfnDeliveryStream.ExtendedS3DestinationConfigurationProperty();
s3config.BucketArn = _logsBucket.BucketArn;
s3config.BufferingHints = new CfnDeliveryStream.BufferingHintsProperty
{
SizeInMBs = 50,
IntervalInSeconds = 300
};
s3config.CompressionFormat = "UNCOMPRESSED";
s3config.RoleArn = firehoseDeliveryRole.RoleArn;
s3config.Prefix = "CentralLogs/AWSLogs/";
s3config.ErrorOutputPrefix = "CentralLogs/AWSLogs/Error/";
var parameters = new CfnDeliveryStream.ProcessorParameterProperty();
parameters.ParameterName = "LambdaArn";
parameters.ParameterValue = handler.FunctionArn;
var paramsArray1 = new CfnDeliveryStream.ProcessorParameterProperty[] { parameters };
var processorProperty = new CfnDeliveryStream.ProcessorProperty();
processorProperty.Parameters = paramsArray1;
processorProperty.Type = "Lambda";
var paramsArray = new CfnDeliveryStream.ProcessorProperty[] { processorProperty };
s3config.ProcessingConfiguration = new CfnDeliveryStream.ProcessingConfigurationProperty
{
Enabled = true,
Processors = paramsArray
};
s3config.CloudWatchLoggingOptions = new CfnDeliveryStream.CloudWatchLoggingOptionsProperty
{
Enabled = true,
LogGroupName = firehoseloggroup.LogGroupName,
LogStreamName = logstream.LogStreamName
};
CfnDeliveryStream firehoseDeliveryStream = new CfnDeliveryStream(this, "FirehoseLoggingDeliveryStream", new CfnDeliveryStreamProps
{
DeliveryStreamType = "DirectPut",
ExtendedS3DestinationConfiguration = s3config
});
//FirehoseLoggingDeliveryStream - End
//Policy Statements for LogDestination- start
var policyStmt = new PolicyStatement(new PolicyStatementProps()
{
Actions = new string[] { "firehose:PutRecord" },
Resources = new string[] { "*" },
Effect = Effect.ALLOW
});
var policyDoc = new PolicyDocument();
policyDoc.AddStatements(new PolicyStatement[] { policyStmt });
var policyProp = new CfnRole.PolicyProperty();
policyProp.PolicyName = "logDestinationPolicy";
policyProp.PolicyDocument = policyDoc;
//Policy Statements - end
//AssumeRolePolicyDocument for LogDestination - start
var principal = new ServicePrincipal("logs.amazonaws.com");
var assumePolicyStatement = new PolicyStatement(new PolicyStatementProps
{
Actions = new string[] { "sts:AssumeRole" },
Effect = Effect.ALLOW,
Principals = new IPrincipal[] { principal }
});
var assumePolicyDoc = new PolicyDocument();
assumePolicyDoc.AddStatements(new PolicyStatement[] { assumePolicyStatement });
//AssumeRolePolicyDocument - end
var roleProps = new CfnRoleProps {
Path = "/",
AssumeRolePolicyDocument = assumePolicyDoc,
Policies = new CfnRole.PolicyProperty[] { policyProp }
};
CfnRole cfnRole = new CfnRole(this, "CfnRole", roleProps);
CfnDestination logDestination = new CfnDestination(this, "LogDestination", new CfnDestinationProps
{
DestinationName = "Central-Log-Destination",
RoleArn = cfnRole.AttrArn,
TargetArn = firehoseDeliveryStream.AttrArn,
DestinationPolicy = "{\"Version\" : \"2012-10-17\",\"Statement\" : [{\"Effect\" : \"Allow\", \"Principal\" : {\"AWS\" : [\"" + SourceLogAccountId + "\"]},\"Action\" : \"logs:PutSubscriptionFilter\", \"Resource\" : \"arn:aws:logs:" + this.Region + ":"
+ DestinationAccountId + ":destination:Central-Log-Destination\"}]}"
});
logDestination.AddDependsOn(firehoseDeliveryStream);
logDestination.AddDependsOn(cfnRole);
Console.WriteLine(logDestination.DestinationPolicy);
LogDestinationArn = logDestination.AttrArn;
CfnOutput output = new CfnOutput(this, "LogDestinationARN", new CfnOutputProps {
Description = "LogDestination ARN",
Value = logDestination.AttrArn
});
}
internal VotingStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
var table = new Table(this, "Connections", new TableProps
{
PartitionKey = new Attribute
{
Name = "connectionId",
Type = AttributeType.STRING
},
TableName = "Connections"
});
var connectFunc = new Function(this, "onconnectfunction", new FunctionProps
{
Tracing = Tracing.ACTIVE,
Runtime = Runtime.DOTNET_CORE_2_1,
Timeout = Duration.Seconds(30),
MemorySize = 256,
Environment = new Dictionary <string, string>()
{
{ "TABLE_NAME", table.TableName }
},
FunctionName = "OnConnect",
Code = Code.FromAsset("./assets/OnConnect.zip"),
Handler = "OnConnect::OnConnect.Function::FunctionHandler"
});
var disconnectFunc = new Function(this, "ondisconnectfunction", new FunctionProps
{
Tracing = Tracing.ACTIVE,
Runtime = Runtime.DOTNET_CORE_2_1,
Timeout = Duration.Seconds(30),
MemorySize = 256,
Environment = new Dictionary <string, string>()
{
{ "TABLE_NAME", table.TableName }
},
FunctionName = "OnDisconnect",
Code = Code.FromAsset("./assets/OnDisconnect.zip"),
Handler = "OnDisconnect::OnDisconnect.Function::FunctionHandler"
});
var messageFunc = new Function(this, "sendmessagefunction", new FunctionProps
{
Tracing = Tracing.ACTIVE,
Runtime = Runtime.DOTNET_CORE_2_1,
Timeout = Duration.Seconds(30),
MemorySize = 256,
Environment = new Dictionary <string, string>()
{
{ "TABLE_NAME", table.TableName }
},
FunctionName = "SendMessage",
Code = Code.FromAsset("./assets/SendMessage.zip"),
Handler = "SendMessage::SendMessage.Function::FunctionHandler"
});
table.GrantReadWriteData(connectFunc);
table.GrantReadWriteData(disconnectFunc);
table.GrantReadWriteData(messageFunc);
// initialise api
var name = "voting-api";
var api = new CfnApi(this, name, new CfnApiProps {
ProtocolType = "WEBSOCKET",
RouteSelectionExpression = "$request.body.action",
});
var policy = new PolicyStatement(new PolicyStatementProps {
Effect = Effect.ALLOW,
Resources = new[] {
connectFunc.FunctionArn,
disconnectFunc.FunctionArn,
messageFunc.FunctionArn
}
});
var role = new Role(this, "chatrole-iam-role", new RoleProps {
AssumedBy = new ServicePrincipal("apigateway.amazonaws.com")
});
role.AddToPolicy(policy);
// var api = new Amazon.CDK.AWS.APIGatewayv2.CfnApi(this, "api", new CfnApiProps
// {
// Name = "apicdk",
// ProtocolType = "WEBSOCKET",
// RouteSelectionExpression = "$request.body.message",
// });
// LAMBDA_URI =
// $"arn:aws:apigateway:{region}:lambda:path/2015-03-31/functions/{onconnectFunction.FunctionArn}/invocations";
//
//
// var integration =
// new Amazon.CDK.AWS.APIGatewayv2.CfnIntegration(this, "integration", new CfnIntegrationProps
// {
// ApiId = api.Ref,
// IntegrationType = "AWS_PROXY",
// CredentialsArn = CREDENTAILS_ARN,
// IntegrationUri = LAMBDA_URI
// }
// );
//
// var route = new Amazon.CDK.AWS.APIGatewayv2.CfnRoute(this, "route", new CfnRouteProps
// {
// RouteKey = "RouteKey1",
// AuthorizationType = "NONE",
// ApiId = api.Ref,
// Target ="integrations/" + integration.Ref,
// });
//
//
// var deployment = new Amazon.CDK.AWS.APIGatewayv2.CfnDeployment(this, "deployment", new CfnDeploymentProps
// {
// ApiId = api.Ref,
// });
//
//
// var stage = new Amazon.CDK.AWS.APIGatewayv2.CfnStage(this, "stage", new CfnStageProps {
// ApiId = api.Ref,
// StageName = "Prod",
// DeploymentId = deployment.Ref
// });
// new CfnOutput(this, "APIGateWayURL", new CfnOutputProps
// {
// Value = $"wss://{stage.ApiId}.execute-api.{region}.amazonaws.com/{stage.StageName}"
// });
/*
* var startJobFunction = new Function(this, "StartJobFunction", new FunctionProps
* {
* Tracing = Tracing.ACTIVE,
* Runtime = Runtime.DOTNET_CORE_2_1,
* Timeout = Duration.Seconds(30),
* MemorySize = 256,
* Environment = new Dictionary<string, string>()
* {
* { "TRANSCRIBE_OUTPUT_BUCKET", outputBucket.BucketName },
* { "TRANSCRIBE_LANGUAGE_CODE", languageCode }
* },
* FunctionName = "StartTranscriptionJob",
* Code = Code.FromAsset("./assets/StartTranscriptionJob.zip"),
* Handler = "StartTranscriptionJob::StartTranscriptionJob.Function::FunctionHandler",
* Events = new[]
* {
* new Api(inputBucket, new S3EventSourceProps
* {
* Events = new [] { EventType.OBJECT_CREATED }
* })
* }
* });
*
* var notifyCompletionFunction = new Function(this, "NotifyCompleteFunction", new FunctionProps
* {
* Tracing = Tracing.ACTIVE,
* Runtime = Runtime.DOTNET_CORE_2_1,
* Timeout = Duration.Seconds(30),
* MemorySize = 256,
* Environment = new Dictionary<string, string>()
* {
* { "TRANSCRIBE_TOPIC_ARN", notificationTopic.TopicArn }
* },
* FunctionName = "NotifyTranscriptionJobComplete",
* Code = Code.FromAsset("./assets/NotifyTranscriptionJobComplete.zip"),
* Handler = "NotifyTranscriptionJobComplete::NotifyTranscriptionJobComplete.Function::FunctionHandler",
* Events = new[]
* {
* new S3EventSource(outputBucket, new S3EventSourceProps
* {
* Events = new [] { EventType.OBJECT_CREATED }
* })
* }
* });
*
* new CfnOutput(this, "APIGateWayURL", new CfnOutputProps
* {
* Value = inputBucket.BucketName
* }); */
}
internal CensusEtlStack(Construct scope, string id, CensusEtlStackProps props) : base(scope, id, props)
{
var securityGroup = SecurityGroup.FromSecurityGroupId(this, "aurora-sg", props.AuroraSeucrityGroupId);
var censusBucket = Bucket.FromBucketName(this, "lambdaBucket", props.CensusArtifactBucket);
var awsManagedLambdaPolicy = ManagedPolicy.FromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole");
var queue = new Queue(this, "queue", new QueueProps
{
QueueName = props.CensusEtlQueue
});
new CfnOutput(this, "sqs-queue", new CfnOutputProps
{
ExportName = "enqueueSQS",
Value = queue.QueueUrl
});
var enqueueRole = new Role(this, "enqueue-role", new RoleProps
{
AssumedBy = new ServicePrincipal("lambda.amazonaws.com")
});
enqueueRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
{
Effect = Effect.ALLOW,
Resources = new string[] { censusBucket.BucketArn },
Actions = new string[] { "s3:ListBucket" }
}));
enqueueRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
{
Effect = Effect.ALLOW,
Resources = new string[] { queue.QueueArn },
Actions = new string[] { "sqs:SendMessage" }
}));
enqueueRole.AddManagedPolicy(awsManagedLambdaPolicy);
new Function(this, "census-etl", new FunctionProps
{
Runtime = Runtime.DOTNET_CORE_3_1,
Handler = "EtlEnqueue::EtlEnqueue.Function::FunctionHandler",
Code = Code.FromAsset("EtlEnqueue/bin/Debug/netcoreapp3.1/publish"),
SecurityGroups = new ISecurityGroup[] { securityGroup },
Role = enqueueRole
});
var workerRole = new Role(this, "worker-role", new RoleProps
{
AssumedBy = new ServicePrincipal("lambda.amazonaws.com")
});
workerRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
{
Effect = Effect.ALLOW,
Resources = new string[] { censusBucket.BucketArn },
Actions = new string[] { "s3:GetObject" }
}));
workerRole.AddManagedPolicy(awsManagedLambdaPolicy);
workerRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
{
Effect = Effect.ALLOW,
Resources = new string[] { queue.QueueArn },
Actions = new string[]
{
"sqs:ReceiveMessage",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
}
}));
var workerFunction = new Function(this, "worker-function", new FunctionProps
{
Runtime = Runtime.DOTNET_CORE_3_1,
Handler = "something",
Code = Code.FromAsset("EtlEnqueue/bin/Debug/netcoreapp3.1/publish"),
SecurityGroups = new ISecurityGroup[] { securityGroup },
ReservedConcurrentExecutions = 2,
Role = workerRole
});
workerFunction.AddEventSource(new SqsEventSource(queue));
}