Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Testing - Update Weathertop with new data ingestion pipeline #5384

Merged
merged 30 commits into from
Oct 11, 2023
Merged
Show file tree
Hide file tree
Changes from 26 commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
b595a9a
updated config
ford-at-aws Sep 8, 2023
0c57c2f
Error
ford-at-aws Sep 11, 2023
ae0cc7e
Error
ford-at-aws Sep 11, 2023
92159b9
Adding new data stack for streaming log data cross-account
ford-at-aws Sep 12, 2023
10a6bdb
CDK updates
ford-at-aws Sep 12, 2023
3f58bad
Data stack fully operational
ford-at-aws Sep 12, 2023
5653f9f
fully working data streams
ford-at-aws Sep 14, 2023
bbe4ca8
Adding log processing feature in Consumer Stack
ford-at-aws Sep 15, 2023
5455ac9
Both stacks fully operational
ford-at-aws Sep 15, 2023
c073dc3
working versions of everything
ford-at-aws Sep 19, 2023
8bf306c
Reformatting with black
ford-at-aws Sep 19, 2023
9f938d1
isort
ford-at-aws Sep 19, 2023
396b14a
isort
ford-at-aws Sep 19, 2023
9a601bf
removing hardcoded ARN's
ford-at-aws Sep 19, 2023
999e36f
updates for weathertop working, tweaks
ford-at-aws Sep 20, 2023
5ea6877
updated diagrams
ford-at-aws Sep 20, 2023
520e8ab
Delete test/sqs_lambda_to_batch_fargate/test.txt
ford-at-aws Sep 22, 2023
cbeaace
changes for David
ford-at-aws Oct 6, 2023
1160b0f
changes for David
ford-at-aws Oct 6, 2023
16217ab
changes for David
ford-at-aws Oct 6, 2023
1e7e259
changes for David
ford-at-aws Oct 6, 2023
1b7864a
Merge branch 'main' into weathertop-updated
ford-at-aws Oct 9, 2023
1958310
updates
ford-at-aws Oct 9, 2023
b28155d
updates
ford-at-aws Oct 9, 2023
27fa0f6
status into variable
ford-at-aws Oct 9, 2023
98ffbf5
status into variable
ford-at-aws Oct 9, 2023
64f6a9a
changes
ford-at-aws Oct 10, 2023
0df6d5e
changes
ford-at-aws Oct 10, 2023
4acbf79
changes
ford-at-aws Oct 10, 2023
9dcf6f3
updates to text
ford-at-aws Oct 11, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file modified test/architecture_diagrams/pdf/weathertop-comp-1.pdf
Binary file not shown.
Binary file modified test/architecture_diagrams/pdf/weathertop-comp-2.pdf
Binary file not shown.
Binary file not shown.
Binary file modified test/architecture_diagrams/png/weathertop-comp-2.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
4 changes: 4 additions & 0 deletions test/config/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Config
This directory contains the names of AWS resource shared across this testing stack. See [resources.yaml](resources.yaml).

It also contains the names of specific SDK languages and whether their respective tests are actively running using this stack. See [targets.yaml](targets.yaml).
2 changes: 2 additions & 0 deletions test/config/resources.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
topic_name: "aws-weathertop-central-sns-fanout-topic"
bucket_name: "aws-weathertop-central-log-bucket"
36 changes: 36 additions & 0 deletions test/config/targets.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
cpp:
account_id: "770244195820"
enabled: false
dotnetv3:
account_id: "441997275833"
enabled: false
gov2:
account_id: "234521034040"
enabled: false
javascriptv3:
account_id: "875008041426"
enabled: false
javav2:
account_id: "814548047983" # back-up "667348412466"
enabled: false
kotlin:
account_id: "814548047983" # back-up "667348412466"
enabled: false
php:
account_id: "733931915187"
enabled: false
python:
account_id: "664857444588"
enabled: false
ruby:
account_id: "616362385685"
enabled: false
rust_dev_preview:
account_id: "050288538048"
enabled: false
sap-abap:
account_id: "099736152523"
enabled: false
swift:
account_id: "637397754108"
enabled: false
7 changes: 2 additions & 5 deletions test/eventbridge_rule_with_sns_fanout/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,10 @@ Specifically, it deploys a scheduled Amazon EventBridge rule that publishes a me
* AWS access key and secret for AWS user with permissions to create the preceding resources
* Successfully written [system parameters](#storing-system-parameters)

### Storing system parameters
### Updating configuration data

Before you get started, execute [store_system_parameters.py](store_system_params.py) as described in the code comments:
Before you get started, update [config/resources.yaml](config/resources.yaml) and [config/targets.yaml](config/targets.yaml) to include logical names representing test targets and their corresponding AWS Account ID and enabled status.

```
python3 store_system_parameters.py
```
---
## AWS CDK setup and deployment

Expand Down
19 changes: 11 additions & 8 deletions test/eventbridge_rule_with_sns_fanout/app.py
Original file line number Diff line number Diff line change
@@ -1,15 +1,18 @@
#!/usr/bin/env python3

from aws_cdk import App
import aws_cdk as cdk
import os

import aws_cdk as cdk
from aws_cdk import App
from producer_stack.producer_stack import ProducerStack

import os

app = App()
ProducerStack(app, "ProducerStack",
env=cdk.Environment(account=os.getenv('CDK_DEFAULT_ACCOUNT'), region=os.getenv('CDK_DEFAULT_REGION')),
)
ProducerStack(
app,
"ProducerStack",
env=cdk.Environment(
account=os.getenv("CDK_DEFAULT_ACCOUNT"), region=os.getenv("CDK_DEFAULT_REGION")
),
)

app.synth()
app.synth()
Empty file.
139 changes: 79 additions & 60 deletions test/eventbridge_rule_with_sns_fanout/producer_stack/producer_stack.py
Original file line number Diff line number Diff line change
@@ -1,96 +1,115 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0

import boto3
from aws_cdk import (
aws_iam as iam,
aws_events as events,
aws_events_targets as targets,
aws_sns as sns,
aws_kinesis as kinesis,
aws_sns_subscriptions as subscriptions,
aws_logs as logs,
Aws,
Stack
)
import yaml
from aws_cdk import Aws, CfnOutput, Duration, Size, Stack
from aws_cdk import aws_events as events
from aws_cdk import aws_events_targets as targets
from aws_cdk import aws_iam as iam
from aws_cdk import aws_s3 as s3
from aws_cdk import aws_sns as sns
from constructs import Construct


class ProducerStack(Stack):
def __init__(self, scope: Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
acct_config = self.get_yaml_config("config/targets.yaml")
resource_config = self.get_yaml_config("config/resources.yaml")
topic_name = resource_config["topic_name"]
bucket_name = resource_config["bucket_name"]
topic = self.init_get_topic(topic_name)
self.sns_permissions(topic)
self.init_subscribe_permissions(topic, acct_config)
self.init_publish_permissions(topic, acct_config)
bucket = self.init_create_bucket(bucket_name)
self.init_cross_account_log_role(acct_config, bucket)

client = boto3.client('ssm')

onboarded_languages = [
'ruby',
'javav2',
# 'javascriptv3'
'gov2',
'python',
'dotnetv3',
# 'kotlin'
# 'rust_dev_preview'
# 'swift'
# 'cpp'
# 'gov2'
# 'sap-abap'
]

account_ids = []
for language_name in onboarded_languages:
response = client.get_parameter(Name=f'/account-mappings/{language_name}', WithDecryption=True)
account_ids.append(response['Parameter']['Value'])
def get_yaml_config(self, filepath):
with open(filepath, "r") as file:
data = yaml.safe_load(file)
return data

# Create a new Amazon Simple Notification Service (Amazon SNS) topic.
topic = sns.Topic(self, "fanout-topic")
def init_get_topic(self, topic_name):
topic = sns.Topic(self, "fanout-topic", topic_name=topic_name)
return topic

# Create a new Amazon EventBridge rule.
def init_rule(self, topic):
rule = events.Rule(
self,
"trigger-rule",
schedule=events.Schedule.cron(
# Uncomment after testing.
# minute="0",
# hour="22",
# week_day="FRI",
minute="0",
hour="22",
week_day="FRI",
),
)

# Add a target to the EventBridge rule to publish a message to the SNS topic.
rule.add_target(targets.SnsTopic(topic))

def sns_permissions(self, topic):
# Set up base Amazon SNS permissions.
sns_permissions = iam.PolicyStatement()
sns_permissions.add_any_principal()
sns_permissions.add_actions(
"SNS:Publish",
"SNS:RemovePermission",
"SNS:SetTopicAttributes",
"SNS:DeleteTopic",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:AddPermission",
"SNS:Subscribe"
)
"SNS:AddPermission",
"SNS:DeleteTopic",
"SNS:GetTopicAttributes",
"SNS:ListSubscriptionsByTopic",
"SNS:SetTopicAttributes",
"SNS:Subscribe",
"SNS:RemovePermission",
"SNS:Publish",
)
sns_permissions.add_resources(topic.topic_arn)
sns_permissions.add_condition("StringEquals", {"AWS:SourceOwner": Aws.ACCOUNT_ID})
sns_permissions.add_condition(
"StringEquals", {"AWS:SourceOwner": Aws.ACCOUNT_ID}
)
topic.add_to_resource_policy(sns_permissions)

# Set up cross-account Subscription permissions for every onboarded language.
def init_subscribe_permissions(self, topic, target_accts):
subscribe_permissions = iam.PolicyStatement()
subscribe_permissions.add_arn_principal(f'arn:aws:iam::{Aws.ACCOUNT_ID}:root')
for id in account_ids:
subscribe_permissions.add_arn_principal(f'arn:aws:iam::{id}:root')
subscribe_permissions.add_arn_principal(f"arn:aws:iam::{Aws.ACCOUNT_ID}:root")
for language in target_accts.keys():
if "true" in str(target_accts[language]["enabled"]):
subscribe_permissions.add_arn_principal(
f"arn:aws:iam::{str(target_accts[language]['account_id'])}:root"
)
subscribe_permissions.add_actions("SNS:Subscribe")
subscribe_permissions.add_resources(topic.topic_arn)
topic.add_to_resource_policy(subscribe_permissions)

# Set up cross-account Publish permissions for every onboarded language.
def init_publish_permissions(self, topic, target_accts):
publish_permissions = iam.PolicyStatement()
publish_permissions.add_arn_principal(f'arn:aws:iam::{Aws.ACCOUNT_ID}:root')
for id in account_ids:
subscribe_permissions.add_arn_principal(f'arn:aws:iam::{id}:root')
publish_permissions.add_arn_principal(f"arn:aws:iam::{Aws.ACCOUNT_ID}:root")
for language in target_accts.keys():
publish_permissions.add_arn_principal(
f"arn:aws:iam::{str(target_accts[language]['account_id'])}:root"
)
publish_permissions.add_actions("SNS:Publish")
publish_permissions.add_service_principal("events.amazonaws.com")
publish_permissions.add_resources(topic.topic_arn)
topic.add_to_resource_policy(publish_permissions)

def init_create_bucket(self, bucket_name):
bucket = s3.Bucket(
self,
bucket_name,
bucket_name=bucket_name,
versioned=False,
block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
)
return bucket

def init_cross_account_log_role(self, target_accts, bucket):
languages = target_accts.keys()
if len(languages) > 0:
# Define policy that allows cross-account Amazon SNS and Amazon SQS access.
statement = iam.PolicyStatement()
statement.add_actions("s3:PutObject", "s3:PutObjectAcl")
statement.add_resources(f"{bucket.bucket_arn}/*")
for language in languages:
if "true" in str(target_accts[language]["enabled"]):
statement.add_arn_principal(
f"arn:aws:iam::{str(target_accts[language]['account_id'])}:role/LogsLambdaExecutionRole"
)
bucket.add_to_resource_policy(statement)
3 changes: 3 additions & 0 deletions test/eventbridge_rule_with_sns_fanout/requirements.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
boto3
aws-cdk-lib>=2.0.0
constructs>=10.0.0
types-boto3
types-setuptools
random
pyyaml
34 changes: 0 additions & 34 deletions test/eventbridge_rule_with_sns_fanout/store_system_parameters.py

This file was deleted.

14 changes: 9 additions & 5 deletions test/public_ecr_repositories/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,16 @@
import os

import aws_cdk as cdk

from public_ecr_repositories_stack.public_ecr_repositories_stack import PublicEcrRepositoriesStack
from public_ecr_repositories_stack.public_ecr_repositories_stack import \
PublicEcrRepositoriesStack

app = cdk.App()
PublicEcrRepositoriesStack(app, "PublicEcrRepositoriesStack",
env=cdk.Environment(account=os.getenv('CDK_DEFAULT_ACCOUNT'), region=os.getenv('CDK_DEFAULT_REGION')),
)
PublicEcrRepositoriesStack(
app,
"PublicEcrRepositoriesStack",
env=cdk.Environment(
account=os.getenv("CDK_DEFAULT_ACCOUNT"), region=os.getenv("CDK_DEFAULT_REGION")
),
)

app.synth()
Original file line number Diff line number Diff line change
@@ -1,38 +1,37 @@
from aws_cdk import (
Stack,
aws_ecr as ecr
)
from aws_cdk import Stack
from aws_cdk import aws_ecr as ecr
from constructs import Construct

class PublicEcrRepositoriesStack(Stack):

class PublicEcrRepositoriesStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)

languages = [
'ruby',
'javav2',
'javascriptv3',
'gov2',
'python',
'dotnetv3',
'kotlin',
'rust_dev_preview',
'swift',
'cpp',
'sap-abap'
"ruby",
"javav2",
ford-at-aws marked this conversation as resolved.
Show resolved Hide resolved
ford-at-aws marked this conversation as resolved.
Show resolved Hide resolved
"javascriptv3",
"gov2",
"python",
"dotnetv3",
"kotlin",
"rust_dev_preview",
"swift",
"cpp",
"sap-abap",
]

for language in languages:

usage_text = f'This image provides a pre-built SDK for {language} environment and is recommended for local testing of SDK for {language} example code. It is not intended for production usage. For detailed and up-to-date steps on running this image, see https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/{language}/README.md#docker-image-beta.'
usage_text = f"This image provides a pre-built SDK for {language} environment and is recommended for local testing of SDK for {language} example code. It is not intended for production usage. For detailed and up-to-date steps on running this image, see https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/{language}/README.md#docker-image-beta."
repository_description = f'This image provides a pre-built for SDK for {language} environment and is recommended for local testing of SDK for {language} example code."'
ecr.CfnPublicRepository(self, f"{language}",
ecr.CfnPublicRepository(
self,
f"{language}",
repository_name=language,
repository_catalog_data={
"UsageText": usage_text,
"OperatingSystems": ["Linux"],
"Architectures": ["x86", "ARM"],
"RepositoryDescription": repository_description
}
"RepositoryDescription": repository_description,
},
)
Loading
Loading