Skip to main content

A collection of AWS CDK constructs and utils written in python

Project description

Custom AWS CDK Constructs

Upload Python Package PyPI - Status

Contains a set of higher level AWS CDK constructs.

see also AWS CDK

Following components are available:

  • ALB
  • Cognito

Support for HTTPS is implemented. There are additional methods to register target groups of type EC2 and lambda. Create a simple ALB on port 443 with security groups and with "401 Access denied" fix response as default action:

from awscdk_components.elb.alb_https import (
    AlbHttpsConstruct,
    AlbCfg, 
    add_access_denied_fix_response
)

# create the config
app = core.App()
stack = GenericTestStack(app, 'test-stack')
alb_cfg = AlbCfg(
    alb_name='TestALB',
    vpc=stack.vpc,
    subnets=stack.subnets,
    certificate_arns=['arn:aws:acm:us-east-1:023475735288:certificate/ff6967d7-0fdf-4967-bd68-4caffc983447'],
    cidr_ingress_ranges=['10.0.0.0/16'],
    icmp_ranges=['10.0.0.0/16']
)
alb_construct = AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
add_access_denied_fix_response('fix401resp', alb_construct.https_listener)

To add a target group for a given EC2 instance, accessible under /ec2 path, which has a service run also on port 443 (change the port parameter if necessary, i.e. port=8443):

from awscdk_components.elb.alb_utils import (
    register_ec2_as_alb_target
)

alb_construct = AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
ec2 = aws_ec2.Instance(
    scope=stack,
    id='ec2foralb',
    vpc=stack.vpc,
    instance_type=aws_ec2.InstanceType(instance_type_identifier='t3.micro'),
    machine_image=aws_ec2.MachineImage.latest_amazon_linux()
)
register_ec2_as_alb_target(
    stack,
    ec2=ec2,
    listener=alb_construct.https_listener,
    vpc=stack.vpc,
    path_pattern_values=['/ec2'],
    port=443
)
add_access_denied_fix_response('fix401resp', alb_construct.https_listener)

To add authentication rule through AWS Cognito:

from awscdk_components.elb import alb_https, alb_utils

alb_cfg = alb_https.AlbCfg(
    alb_name='TestALB',
    vpc=stack.vpc,
    subnets=stack.subnets,
    certificate_arns=['arn:aws:acm:us-east-1:023475735288:certificate/ff6967d7-0fdf-4967-bd68-4caffc983447'],
    cidr_ingress_ranges=[],
    icmp_ranges=[]
)
alb_construct = alb_https.AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
ec2 = aws_ec2.Instance(
    scope=stack,
    id='ec2foralb',
    vpc=stack.vpc,
    instance_type=aws_ec2.InstanceType(instance_type_identifier='t3.micro'),
    machine_image=aws_ec2.MachineImage.latest_amazon_linux()
)
user_pool = aws_cognito.UserPool(scope=stack, id='userpool', user_pool_name='my-test-pool')
user_pool_cfn = user_pool.node.default_child
user_pool_app_client = user_pool.add_client('my-test-app-client')
user_pool_app_client_cfn = user_pool_app_client.node.default_child
user_pool_domain = user_pool.add_domain(
    'my-test-domain',
    cognito_domain=aws_cognito.CognitoDomainOptions(
        domain_prefix='my-domain'
    )
)
user_pool_domain_cfn = user_pool_domain.node.default_child
alb_utils.register_ec2_as_alb_target_with_authentication_rule(
    scope=stack,
    ec2=ec2,
    listener=alb_construct.https_listener,
    vpc=alb_construct.alb_config.vpc,
    path_pattern_values=['/ec2'],
    port=8443,
    user_pool=user_pool_cfn,
    user_pool_app_client=user_pool_app_client_cfn,
    user_pool_domain=user_pool_domain_cfn
)
alb_https.add_access_denied_fix_response('fix401resp', alb_construct.https_listener)
alb_https.add_favicon_fix_response('favicon', alb_listener=alb_construct.https_listener)

More complicated utility method is registering lambda function behind authentication with AWS Cognito rule (currently the low level Cfn constructs for the UserPool are implemented only):

from awscdk_components.elb.alb_utils import (
    register_lambda_target_group_with_cognito_auth_rule
)

alb_construct = AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
function = aws_lambda.Function(
    stack,
    "lambda_function",
    runtime=aws_lambda.Runtime.PYTHON_3_7,
    handler="index.handler",
    code=aws_lambda.Code.from_inline(
        "def handler(event, context): return { 'statusCode': 200, 'body': 'Lambda was invoked successfully.' }"
    ),
    vpc=stack.vpc
)
register_lambda_target_group_with_cognito_auth_rule(
    scope=stack,
    fn=function,
    vpc=stack.vpc,
    listener=alb_construct.https_listener,
    user_pool=user_pool_cfn,
    user_pool_app_client=user_pool_app_client_cfn,
    user_pool_domain=user_pool_domain_cfn,
    path_pattern_values=['/mylambda', '/mylambda/*']
)
add_access_denied_fix_response('fix401resp', alb_construct.https_listener)

For more details see the unittests in the tests package.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for rbi-oss-awscdk-components-pkg, version 0.6.0
Filename, size File type Python version Upload date Hashes
Filename, size rbi_oss_awscdk_components_pkg-0.6.0-py3-none-any.whl (22.3 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size rbi-oss-awscdk-components-pkg-0.6.0.tar.gz (15.1 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page