Last active
August 22, 2023 23:18
-
-
Save duwerq/3483dcbeadd2b7a38d1e488763547547 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "ConfigureESCustom": { | |
| "Type": "Custom::ConfigureES", | |
| "Properties": { | |
| "ServiceToken": { | |
| "Fn::GetAtt": ["ConfigureES", "Arn"] | |
| } | |
| } | |
| }, | |
| "ConfigureES": { | |
| "Type": "AWS::Lambda::Function", | |
| "Properties": { | |
| "Environment": { | |
| "Variables": { | |
| "ES_ENDPOINT": { | |
| "Fn::ImportValue": { | |
| "Fn::Join": [ | |
| ":", | |
| [ | |
| { | |
| "Ref": "AppSyncApiId" | |
| }, | |
| "GetAtt", | |
| "Elasticsearch", | |
| "DomainEndpoint" | |
| ] | |
| ] | |
| } | |
| }, | |
| "ES_REGION": { | |
| "Ref": "AWS::Region" | |
| } | |
| } | |
| }, | |
| "Code": { | |
| "ZipFile": { | |
| "Fn::Join": [ | |
| "\n", | |
| [ | |
| "import base64", | |
| "import json", | |
| "import logging", | |
| "import string", | |
| "import boto3", | |
| "import os", | |
| "import time", | |
| "import datetime", | |
| "import traceback", | |
| "from urllib.parse import urlparse, quote", | |
| "from botocore.vendored import requests", | |
| "from botocore.auth import SigV4Auth", | |
| "from botocore.awsrequest import AWSRequest", | |
| "from botocore.credentials import get_credentials", | |
| "from botocore.httpsession import URLLib3Session", | |
| "from botocore.session import Session", | |
| "import cfnresponse", | |
| " ", | |
| "logger = logging.getLogger()", | |
| "logger.setLevel(logging.INFO)", | |
| " ", | |
| "# The following parameters are required to configure the ES cluster", | |
| "ES_ENDPOINT = os.environ['ES_ENDPOINT']", | |
| "ES_REGION = os.environ['ES_REGION']", | |
| "# DEBUG = True if os.environ['DEBUG'] is not None else False", | |
| " ", | |
| "def es_put(payload, region, creds, host, path, method='PUT', proto='https://'):", | |
| " # Put index data to ES endpoint with SigV4 signed http headers ", | |
| " req = AWSRequest(method=method, url=proto + host + quote(path), data=payload, headers={'Host': host, 'Content-Type': 'application/json'})", | |
| " SigV4Auth(creds, 'es', region).add_auth(req)", | |
| " http_session = URLLib3Session()", | |
| " res = http_session.send(req.prepare())", | |
| " return res._content", | |
| " ", | |
| "def lambda_handler(event, context):", | |
| " logger.info('got event {}'.format(event))", | |
| " if event['RequestType'] == 'Create':", | |
| " # Get aws_region and credentials to post signed URL to ES", | |
| " es_region = ES_REGION or os.environ['AWS_REGION']", | |
| " session = Session()", | |
| " creds = get_credentials(session)", | |
| " es_url = urlparse(ES_ENDPOINT)", | |
| " # Extract the domain name in ES_ENDPOINT", | |
| " es_endpoint = es_url.netloc or es_url.path", | |
| " es_put('', es_region, creds,es_endpoint, '/')", | |
| " action = {\"mappings\": {\"doc\": {\"properties\": {\"gps\": {\"type\": \"geo_point\"}}}}}", | |
| " es_payload = json.dumps(action)", | |
| " es_put(es_payload, es_region, creds, es_endpoint, '/establishment')", | |
| " cfnresponse.send(event, context, cfnresponse.SUCCESS, {})" | |
| ] | |
| ] | |
| } | |
| }, | |
| "FunctionName": { | |
| "Fn::Join": [ | |
| "-", | |
| [ | |
| "ConfigureES", | |
| { | |
| "Ref": "env" | |
| } | |
| ] | |
| ] | |
| }, | |
| "Handler": "index.lambda_handler", | |
| "Timeout": 30, | |
| "Role": { | |
| "Fn::GetAtt": ["LambdaRole", "Arn"] | |
| }, | |
| "Runtime": "python3.6", | |
| "Layers": [ | |
| "arn:aws:lambda:us-east-1:668099181075:layer:AWSLambda-Python-AWS-SDK:4" | |
| ] | |
| } | |
| }, | |
| "LambdaRole": { | |
| "Type": "AWS::IAM::Role", | |
| "Properties": { | |
| "AssumeRolePolicyDocument": { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": ["lambda.amazonaws.com"] | |
| }, | |
| "Action": ["sts:AssumeRole"] | |
| } | |
| ] | |
| }, | |
| "Path": "/", | |
| "Policies": [ | |
| { | |
| "PolicyName": "lambda-logs", | |
| "PolicyDocument": { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "logs:CreateLogGroup", | |
| "logs:CreateLogStream", | |
| "logs:PutLogEvents" | |
| ], | |
| "Resource": ["arn:aws:logs:*:*:*"] | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "PolicyName": "ES", | |
| "PolicyDocument": { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": ["es:*"], | |
| "Resource": { | |
| "Fn::Join": [ | |
| "", | |
| [ | |
| { | |
| "Fn::ImportValue": { | |
| "Fn::Join": [ | |
| ":", | |
| [ | |
| { | |
| "Ref": "AppSyncApiId" | |
| }, | |
| "GetAtt", | |
| "Elasticsearch", | |
| "DomainArn" | |
| ] | |
| ] | |
| } | |
| }, | |
| "/*" | |
| ] | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
nice