Skip to main content

CDK constructs to manage Alexa Skills

Project description

cdk-skill-management

License: MIT Build status

Github version npm PyPI version

Since I am only working with Node.js and TypeScript, the Python package is currently not tested / used. Therefore I am looking for someone to use and test it to provide feedback, if the library is actually working and if there are best practices to apply (e.g. namings, module name, etc.).

Your library for creating and managing Alexa Skills via CloudFormation using AWS CDK.

Table of Contents

Installation

Node.js / TypeScript

To install the Node.js version of this library, use npm or yarn:

npm install cdk-skill-management
# or
yarn add cdk-skill-management

Python

To install the Python version of this library, use pip:

pip install cdk-skill-management

Usage

To use this library in your AWS CDK project, import and instantiate the classes you need.

You can find the API-Documentation in GitHub Pages.

Regional restrictions

Skills can be deployed in every AWS regions, but Lambda Endpoints are restricted to

  • North America: arn:aws:lambda:us-east-1:<aws_account_id>:function:<lambda_name>
  • Europe, India: arn:aws:lambda:eu-west-1:<aws_account_id>:function:<lambda_name>
  • Far East: arn:aws:lambda:location<aws_account_id>:function:<lambda_name>

CDK deployment order

  • You can use skillPackage.overrides to patch your lambda function ARN into your skill package.
  • Make sure to call addDependency on your skill instance.

Skill Permissions

In order for Alexa to call the skill endpoint - i.e. the Lambda function - a resource based permission must be added to allow the Alexa Service Principal to call the function. However, this would cause any Alexa Skill to be able to call the endpoint. Therefore, the skill-id should be added as a condition to the permission.

However, when deploying the skill, Alexa immediately checks if the skill endpoint is allowed to be accessed. At this point, we do not have a skill id to add to the resource based permission.

Therefore, this library includes a construct SkillEndpointPermission, which first creates a resource based permission that allows Alexa to call invokeFunction in general.

After the creation of the Skill, the Skill Id can be injected into the Permission. To do this, simply call the configureSkillId method on the SkillEndpointPermission.

Example

Here's an example including the skillPackage.overrides and SkillEndpointPermission.

import * as cdk from 'aws-cdk-lib';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as s3Assets from 'aws-cdk-lib/aws-s3-assets';
import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
import * as ssm from 'aws-cdk-lib/aws-ssm';
import {Construct} from 'constructs';

import * as skill from 'cdk-skill-management';

export class MyStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props: cdk.StackProps = {}) {
    super(scope, id, props);

    const vendorParameter = ssm.StringParameter
      .fromStringParameterName(this, 'VendorIdParameter', 'my-skill-vendor-id');
    const skillCredentials = secretsmanager
      .Secret.fromSecretNameV2(this, 'SkillCredentials', 'my-skill-authentication');
    const asset = new s3Assets.Asset(this, 'SkillPackageAsset', {path: './path/to/my/skill-package'});

    const myFunction = new lambda.Function(this, 'MyEndpointFunction', {...});
    const endpointPermission = new skill.SkillEndpointPermission(this, 'EndpointPermission', {
      handler: myFunction,
      skillType: skill.SkillType.SMART_HOME,
    });

    const mySkill = new skill.Skill(this, 'Skill', {
      skillType: skill.SkillType.SMART_HOME,
      skillStage: 'development',
      vendorId: vendorParameter.stringValue,
      authenticationConfiguration: {
        clientId: skillCredentials.secretValueFromJson('clientId').unsafeUnwrap(),
        clientSecret: skillCredentials.secretValueFromJson('clientSecret').unsafeUnwrap(),
        refreshToken: skillCredentials.secretValueFromJson('refreshToken').unsafeUnwrap(),
      },
      skillPackage: {
        asset,
        overrides: {
          manifest: {
            apis: {
              smartHome: {
                endpoint: {
                  uri: myFunction.functionArn
                }
              }
            }
          }
        }
      },
    });
    mySkill.addDependency(myFunction);
    mySkill.addDependency(endpointPermission);

    endpointPermission.configureSkillId(this, 'EndpointPermissionSkill', mySkill);
  }
}

Contributing

We welcome contributions from the community. To contribute, please follow our contribution guidelines.

License

This library is licensed under the MIT License - see the LICENSE file for details.

This library bundles ask-smapi-sdk and ask-smapi-model into a custom resource lambda function. Those are licensed under the Apache License 2.0 - see the LICENSE-EXTERNAL for details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cdk-skill-management-1.0.40.tar.gz (160.3 kB view details)

Uploaded Source

Built Distribution

cdk_skill_management-1.0.40-py3-none-any.whl (158.4 kB view details)

Uploaded Python 3

File details

Details for the file cdk-skill-management-1.0.40.tar.gz.

File metadata

  • Download URL: cdk-skill-management-1.0.40.tar.gz
  • Upload date:
  • Size: 160.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.11.8

File hashes

Hashes for cdk-skill-management-1.0.40.tar.gz
Algorithm Hash digest
SHA256 4367dfe380fea3e6aa320a32d33e956413be1f849225e6c5db41ec342924f5bf
MD5 114a6173c0b04d8655f641b1f5fc6950
BLAKE2b-256 6acaddebe09dbb7b3f2c7e3ac1596dd10a1bb36b3ab57488fa0d70b5c1b611d9

See more details on using hashes here.

File details

Details for the file cdk_skill_management-1.0.40-py3-none-any.whl.

File metadata

File hashes

Hashes for cdk_skill_management-1.0.40-py3-none-any.whl
Algorithm Hash digest
SHA256 0d5770064790332adfd00756173d1f2729d2ee7615b1be4177cf9e9ad1c82fc5
MD5 958ec9b08e24d03f063488922557a8ee
BLAKE2b-256 f17149ca5a51be5775e4f3103f2c9914b12014db7f0f00e4f2d34557b752e1a6

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page