rbi-oss-awscdk-components-pkg

Release 0.6.0

A collection of AWS CDK constructs and utils written in python

Homepage PyPI Python

License
Apache-2.0
Install
pip install rbi-oss-awscdk-components-pkg==0.6.0

Documentation

Custom AWS CDK Constructs

Upload Python Package PyPI - Status

Contains a set of higher level AWS CDK constructs.

see also AWS CDK

Following components are available:

  • ALB
  • Cognito

Support for HTTPS is implemented. There are additional methods to register target groups of type EC2 and lambda. Create a simple ALB on port 443 with security groups and with "401 Access denied" fix response as default action:

from awscdk_components.elb.alb_https import (
    AlbHttpsConstruct,
    AlbCfg, 
    add_access_denied_fix_response
)

# create the config
app = core.App()
stack = GenericTestStack(app, 'test-stack')
alb_cfg = AlbCfg(
    alb_name='TestALB',
    vpc=stack.vpc,
    subnets=stack.subnets,
    certificate_arns=['arn:aws:acm:us-east-1:023475735288:certificate/ff6967d7-0fdf-4967-bd68-4caffc983447'],
    cidr_ingress_ranges=['10.0.0.0/16'],
    icmp_ranges=['10.0.0.0/16']
)
alb_construct = AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
add_access_denied_fix_response('fix401resp', alb_construct.https_listener)

To add a target group for a given EC2 instance, accessible under /ec2 path, which has a service run also on port 443 (change the port parameter if necessary, i.e. port=8443):

from awscdk_components.elb.alb_utils import (
    register_ec2_as_alb_target
)

alb_construct = AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
ec2 = aws_ec2.Instance(
    scope=stack,
    id='ec2foralb',
    vpc=stack.vpc,
    instance_type=aws_ec2.InstanceType(instance_type_identifier='t3.micro'),
    machine_image=aws_ec2.MachineImage.latest_amazon_linux()
)
register_ec2_as_alb_target(
    stack,
    ec2=ec2,
    listener=alb_construct.https_listener,
    vpc=stack.vpc,
    path_pattern_values=['/ec2'],
    port=443
)
add_access_denied_fix_response('fix401resp', alb_construct.https_listener)

To add authentication rule through AWS Cognito:

from awscdk_components.elb import alb_https, alb_utils

alb_cfg = alb_https.AlbCfg(
    alb_name='TestALB',
    vpc=stack.vpc,
    subnets=stack.subnets,
    certificate_arns=['arn:aws:acm:us-east-1:023475735288:certificate/ff6967d7-0fdf-4967-bd68-4caffc983447'],
    cidr_ingress_ranges=[],
    icmp_ranges=[]
)
alb_construct = alb_https.AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
ec2 = aws_ec2.Instance(
    scope=stack,
    id='ec2foralb',
    vpc=stack.vpc,
    instance_type=aws_ec2.InstanceType(instance_type_identifier='t3.micro'),
    machine_image=aws_ec2.MachineImage.latest_amazon_linux()
)
user_pool = aws_cognito.UserPool(scope=stack, id='userpool', user_pool_name='my-test-pool')
user_pool_cfn = user_pool.node.default_child
user_pool_app_client = user_pool.add_client('my-test-app-client')
user_pool_app_client_cfn = user_pool_app_client.node.default_child
user_pool_domain = user_pool.add_domain(
    'my-test-domain',
    cognito_domain=aws_cognito.CognitoDomainOptions(
        domain_prefix='my-domain'
    )
)
user_pool_domain_cfn = user_pool_domain.node.default_child
alb_utils.register_ec2_as_alb_target_with_authentication_rule(
    scope=stack,
    ec2=ec2,
    listener=alb_construct.https_listener,
    vpc=alb_construct.alb_config.vpc,
    path_pattern_values=['/ec2'],
    port=8443,
    user_pool=user_pool_cfn,
    user_pool_app_client=user_pool_app_client_cfn,
    user_pool_domain=user_pool_domain_cfn
)
alb_https.add_access_denied_fix_response('fix401resp', alb_construct.https_listener)
alb_https.add_favicon_fix_response('favicon', alb_listener=alb_construct.https_listener)

More complicated utility method is registering lambda function behind authentication with AWS Cognito rule (currently the low level Cfn constructs for the UserPool are implemented only):

from awscdk_components.elb.alb_utils import (
    register_lambda_target_group_with_cognito_auth_rule
)

alb_construct = AlbHttpsConstruct(stack, 'albhttps', alb_cfg)
function = aws_lambda.Function(
    stack,
    "lambda_function",
    runtime=aws_lambda.Runtime.PYTHON_3_7,
    handler="index.handler",
    code=aws_lambda.Code.from_inline(
        "def handler(event, context): return { 'statusCode': 200, 'body': 'Lambda was invoked successfully.' }"
    ),
    vpc=stack.vpc
)
register_lambda_target_group_with_cognito_auth_rule(
    scope=stack,
    fn=function,
    vpc=stack.vpc,
    listener=alb_construct.https_listener,
    user_pool=user_pool_cfn,
    user_pool_app_client=user_pool_app_client_cfn,
    user_pool_domain=user_pool_domain_cfn,
    path_pattern_values=['/mylambda', '/mylambda/*']
)
add_access_denied_fix_response('fix401resp', alb_construct.https_listener)

For more details see the unittests in the tests package.

Stats

Dependencies
6
Dependent packages
0
Dependent repositories
0
Total releases
9
Latest release
First release
Stars
0
Forks
0
Watchers
2
Contributors
2
Repository size
51.8 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.6.0
0.5.0
0.4.0
0.3.1
0.3.0
0.2.1
0.2.0
0.1.1
0.1.0

Contributors

ilko-rbi ilkomiliev


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-21 01:35:10 UTC

Login to resync this project