A collection of AWS CDK constructs and utils written in python

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for RBI-OSSINITIATIVE_Admins from gravatar.com RBI-OSSINITIATIVE_Admins

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Project description

Custom AWS CDK Constructs

Upload Python Package PyPI - Status

Contains a set of higher level AWS CDK constructs.

see also AWS CDK

Following components are available:

  • ALB
  • Cognito

Support for HTTPS is implemented. There are additional methods to register target groups of type EC2 and lambda. Create a simple ALB on port 443 with security groups and with "401 Access denied" fix response as default action:

from awscdk_components.elb.alb_https import (
    AlbHttpsConstruct,
    AlbCfg, 
    add_access_denied_fix_response
)

# create the config
app = core.App()
stack = GenericTestStack(app, 'test-stack')
alb_cfg = AlbCfg(
    alb_name='TestALB',
    vpc=stack.vpc,
    subnets=stack.subnets,
    certificate_arns=['arn:aws:acm:us-east-1:023475735288:certificate/ff6967d7-0fdf-4967-bd68-4caffc983447'],
    cidr_ingress_ranges=['10.0.0.0/16'],
    icmp_ranges=['10.0.0.0/16']
)
alb_construct = AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
add_access_denied_fix_response('fix401resp', alb_construct.https_listener)

To add a target group for a given EC2 instance, accessible under /ec2 path, which has a service run also on port 443 (change the port parameter if necessary, i.e. port=8443):

from awscdk_components.elb.alb_utils import (
    register_ec2_as_alb_target
)

alb_construct = AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
ec2 = aws_ec2.Instance(
    scope=stack,
    id='ec2foralb',
    vpc=stack.vpc,
    instance_type=aws_ec2.InstanceType(instance_type_identifier='t3.micro'),
    machine_image=aws_ec2.MachineImage.latest_amazon_linux()
)
register_ec2_as_alb_target(
    stack,
    ec2=ec2,
    listener=alb_construct.https_listener,
    vpc=stack.vpc,
    path_pattern_values=['/ec2'],
    port=443
)
add_access_denied_fix_response('fix401resp', alb_construct.https_listener)

To add authentication rule through AWS Cognito:

from awscdk_components.elb import alb_https, alb_utils

alb_cfg = alb_https.AlbCfg(
    alb_name='TestALB',
    vpc=stack.vpc,
    subnets=stack.subnets,
    certificate_arns=['arn:aws:acm:us-east-1:023475735288:certificate/ff6967d7-0fdf-4967-bd68-4caffc983447'],
    cidr_ingress_ranges=[],
    icmp_ranges=[]
)
alb_construct = alb_https.AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
ec2 = aws_ec2.Instance(
    scope=stack,
    id='ec2foralb',
    vpc=stack.vpc,
    instance_type=aws_ec2.InstanceType(instance_type_identifier='t3.micro'),
    machine_image=aws_ec2.MachineImage.latest_amazon_linux()
)
user_pool = aws_cognito.UserPool(scope=stack, id='userpool', user_pool_name='my-test-pool')
user_pool_cfn = user_pool.node.default_child
user_pool_app_client = user_pool.add_client('my-test-app-client')
user_pool_app_client_cfn = user_pool_app_client.node.default_child
user_pool_domain = user_pool.add_domain(
    'my-test-domain',
    cognito_domain=aws_cognito.CognitoDomainOptions(
        domain_prefix='my-domain'
    )
)
user_pool_domain_cfn = user_pool_domain.node.default_child
alb_utils.register_ec2_as_alb_target_with_authentication_rule(
    scope=stack,
    ec2=ec2,
    listener=alb_construct.https_listener,
    vpc=alb_construct.alb_config.vpc,
    path_pattern_values=['/ec2'],
    port=8443,
    user_pool=user_pool_cfn,
    user_pool_app_client=user_pool_app_client_cfn,
    user_pool_domain=user_pool_domain_cfn
)
alb_https.add_access_denied_fix_response('fix401resp', alb_construct.https_listener)
alb_https.add_favicon_fix_response('favicon', alb_listener=alb_construct.https_listener)

More complicated utility method is registering lambda function behind authentication with AWS Cognito rule (currently the low level Cfn constructs for the UserPool are implemented only):

from awscdk_components.elb.alb_utils import (
    register_lambda_target_group_with_cognito_auth_rule
)

alb_construct = AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
function = aws_lambda.Function(
    stack,
    "lambda_function",
    runtime=aws_lambda.Runtime.PYTHON_3_7,
    handler="index.handler",
    code=aws_lambda.Code.from_inline(
        "def handler(event, context): return { 'statusCode': 200, 'body': 'Lambda was invoked successfully.' }"
    ),
    vpc=stack.vpc
)
register_lambda_target_group_with_cognito_auth_rule(
    scope=stack,
    fn=function,
    vpc=stack.vpc,
    listener=alb_construct.https_listener,
    user_pool=user_pool_cfn,
    user_pool_app_client=user_pool_app_client_cfn,
    user_pool_domain=user_pool_domain_cfn,
    path_pattern_values=['/mylambda', '/mylambda/*']
)
add_access_denied_fix_response('fix401resp', alb_construct.https_listener)

For more details see the unittests in the tests package.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for RBI-OSSINITIATIVE_Admins from gravatar.com RBI-OSSINITIATIVE_Admins

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

This version

0.6.0

0.5.0

0.4.0

0.3.1

0.3.0

0.2.1

0.2.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

rbi-oss-awscdk-components-pkg-0.6.0.tar.gz (15.1 kB view hashes)

Uploaded Source

Built Distribution

rbi_oss_awscdk_components_pkg-0.6.0-py3-none-any.whl (22.3 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page