A collection of AWS CDK constructs and utils written in python
Project description
Custom AWS CDK Constructs
Contains a set of higher level AWS CDK constructs.
see also AWS CDK
Following components are available:
- ALB
- Cognito
Support for HTTPS is implemented. There are additional methods to register target groups of type EC2 and lambda. Create a simple ALB on port 443 with security groups and with "401 Access denied" fix response as default action:
from awscdk_components.elb.alb_https import (
AlbHttpsConstruct,
AlbCfg,
add_access_denied_fix_response
)
# create the config
app = core.App()
stack = GenericTestStack(app, 'test-stack')
alb_cfg = AlbCfg(
alb_name='TestALB',
vpc=stack.vpc,
subnets=stack.subnets,
certificate_arns=['arn:aws:acm:us-east-1:023475735288:certificate/ff6967d7-0fdf-4967-bd68-4caffc983447'],
cidr_ingress_ranges=['10.0.0.0/16'],
icmp_ranges=['10.0.0.0/16']
)
alb_construct = AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
add_access_denied_fix_response('fix401resp', alb_construct.https_listener)
To add a target group for a given EC2 instance, accessible under /ec2 path, which has a service run also on port 443 (change the port parameter if necessary, i.e. port=8443):
from awscdk_components.elb.alb_utils import (
register_ec2_as_alb_target
)
alb_construct = AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
ec2 = aws_ec2.Instance(
scope=stack,
id='ec2foralb',
vpc=stack.vpc,
instance_type=aws_ec2.InstanceType(instance_type_identifier='t3.micro'),
machine_image=aws_ec2.MachineImage.latest_amazon_linux()
)
register_ec2_as_alb_target(
stack,
ec2=ec2,
listener=alb_construct.https_listener,
vpc=stack.vpc,
path_pattern_values=['/ec2'],
port=443
)
add_access_denied_fix_response('fix401resp', alb_construct.https_listener)
To add authentication rule through AWS Cognito:
from awscdk_components.elb import alb_https, alb_utils
alb_cfg = alb_https.AlbCfg(
alb_name='TestALB',
vpc=stack.vpc,
subnets=stack.subnets,
certificate_arns=['arn:aws:acm:us-east-1:023475735288:certificate/ff6967d7-0fdf-4967-bd68-4caffc983447'],
cidr_ingress_ranges=[],
icmp_ranges=[]
)
alb_construct = alb_https.AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
ec2 = aws_ec2.Instance(
scope=stack,
id='ec2foralb',
vpc=stack.vpc,
instance_type=aws_ec2.InstanceType(instance_type_identifier='t3.micro'),
machine_image=aws_ec2.MachineImage.latest_amazon_linux()
)
user_pool = aws_cognito.UserPool(scope=stack, id='userpool', user_pool_name='my-test-pool')
user_pool_cfn = user_pool.node.default_child
user_pool_app_client = user_pool.add_client('my-test-app-client')
user_pool_app_client_cfn = user_pool_app_client.node.default_child
user_pool_domain = user_pool.add_domain(
'my-test-domain',
cognito_domain=aws_cognito.CognitoDomainOptions(
domain_prefix='my-domain'
)
)
user_pool_domain_cfn = user_pool_domain.node.default_child
alb_utils.register_ec2_as_alb_target_with_authentication_rule(
scope=stack,
ec2=ec2,
listener=alb_construct.https_listener,
vpc=alb_construct.alb_config.vpc,
path_pattern_values=['/ec2'],
port=8443,
user_pool=user_pool_cfn,
user_pool_app_client=user_pool_app_client_cfn,
user_pool_domain=user_pool_domain_cfn
)
alb_https.add_access_denied_fix_response('fix401resp', alb_construct.https_listener)
alb_https.add_favicon_fix_response('favicon', alb_listener=alb_construct.https_listener)
More complicated utility method is registering lambda function behind authentication with AWS Cognito rule (currently the low level Cfn constructs for the UserPool are implemented only):
from awscdk_components.elb.alb_utils import (
register_lambda_target_group_with_cognito_auth_rule
)
alb_construct = AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
function = aws_lambda.Function(
stack,
"lambda_function",
runtime=aws_lambda.Runtime.PYTHON_3_7,
handler="index.handler",
code=aws_lambda.Code.from_inline(
"def handler(event, context): return { 'statusCode': 200, 'body': 'Lambda was invoked successfully.' }"
),
vpc=stack.vpc
)
register_lambda_target_group_with_cognito_auth_rule(
scope=stack,
fn=function,
vpc=stack.vpc,
listener=alb_construct.https_listener,
user_pool=user_pool_cfn,
user_pool_app_client=user_pool_app_client_cfn,
user_pool_domain=user_pool_domain_cfn,
path_pattern_values=['/mylambda', '/mylambda/*']
)
add_access_denied_fix_response('fix401resp', alb_construct.https_listener)
For more details see the unittests in the tests package.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file rbi-oss-awscdk-components-pkg-0.6.0.tar.gz.
File metadata
- Download URL: rbi-oss-awscdk-components-pkg-0.6.0.tar.gz
- Upload date:
- Size: 15.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/47.1.0 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.7.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1a9b12cd7879d92a62ade7b39f643acf59a6e231407681424d3d3d6d0902ce8c
|
|
| MD5 |
47624373733717a2e3bf2d9ed999bd59
|
|
| BLAKE2b-256 |
ab141309072b796720e80ae0b31baf4c0727d02190b96c7b3609f057c0b25a4b
|
File details
Details for the file rbi_oss_awscdk_components_pkg-0.6.0-py3-none-any.whl.
File metadata
- Download URL: rbi_oss_awscdk_components_pkg-0.6.0-py3-none-any.whl
- Upload date:
- Size: 22.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/47.1.0 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.7.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7efe62e3e9de9eedc7a076cfdee8617a0a4a6a81ca594086d620513d97d16076
|
|
| MD5 |
fe534a66b8aec14c0b5fb93be2d23877
|
|
| BLAKE2b-256 |
1a035991fbdeaf5ca507e4c897cc02f6601006f3ad45ca848538900bd917bef6
|
