Sharone Zitzman shar1z

## retry.py
MAX_RETRY_COUNT = 7
DELAY_SECONDS = 5


@exception_handler
def handler(event, context):
    if 'Records' in event:  # SQS
        records = event.get('Records', [])
        logger.info(f'Received events from SQS with {len(records)} records')

## test.py
def test_task_completed_arrived_before_task_started():
    # First of all, send a task_completed event
    _send_task_completed_event()

    # Now wait a bit, and send a task_started event
    time.sleep(3)
    _send_task_started_event()

    completed = False
    with time_limit(MAX_RETRY_COUNT * 10):  # Limit the time the test can run

## context-manager.py
@contextlib.contextmanager
def time_limit(seconds):
    def raise_timeout(signum, frame):
        raise TimeoutError('Timed out!')

    signal.signal(signal.SIGALRM, raise_timeout)
    signal.alarm(seconds)

    yield

## context-var.py
"""
data_layer.py - how to use the credentials
"""
from decorators import get_dynamodb_session_keys

def some_data_access_method():
   session = boto3.Session(**get_dynamodb_session_keys())
   dynamodb = session.resource("dynamodb")
   table = dynamodb.Table(TABLE_NAME)
   # now we can use 'table' to access with tenant_id restrictions

## decorator.py
"""
decorators.py - creating the credentials
"""
import functools
from contextvars import ContextVar, copy_context

dynamodb_session_keys = ContextVar("dynamodb_session_keys", default=None)

def dynamodb_tenant_isolation(func):
   @functools.wraps(func)

## import.py
import boto3

def generate_credentials(event):
   tenant_id = extract_tenant_from_auth_header(event)
   dynamic_policy = generate_dynamodb_policy(tenant_id)
   sts_client = boto3.client("sts")
   assumed_role = sts_client.assume_role(
       RoleArn="arn:aws:iam::<account-id>:role/DynamodbRoleToAssume",
       RoleSessionName="<name-to-identify-the-assumed-role-session>",
       Policy=dynamic_policy,

## policy.py
def generate_dynamodb_policy(tenant_id):
  return {
      "Version": "2012-10-17",
      "Statement": [{
          "Effect": "Allow",
          "Action": ["dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query"],
          "Resource": [
              f"arn:aws:dynamodb:<region>:<account-id>:table/TableName",
              f"arn:aws:dynamodb:<region>:<account-id>:table/TableName/index/*",
          ],

## query_meetupSZ.py
#!/usr/bin/env python
"""
Query meetup.com API
"""

import os
import time
import argparse
import sys
import datetime

## gist:7f0fdaaea16c4473c3f052938e22d784
<html>

...

    <body>

        <img id="catImage" src="https://thecatapi.com/api/images/get?format=src&type=gif">

        <br/>

## iam.yml
iamRoleStatements:
    - Effect: Allow
      Action:
        - dynamodb:Query
        - dynamodb:Scan
        - dynamodb:GetItem
        - dynamodb:PutItem
        - dynamodb:UpdateItem
        - dynamodb:DeleteItem
      Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.DYNAMODB_TABLE}"
	MAX_RETRY_COUNT = 7
	DELAY_SECONDS = 5


	@exception_handler
	def handler(event, context):
	if 'Records' in event: # SQS
	records = event.get('Records', [])
	logger.info(f'Received events from SQS with {len(records)} records')
	def test_task_completed_arrived_before_task_started():
	# First of all, send a task_completed event
	_send_task_completed_event()

	# Now wait a bit, and send a task_started event
	time.sleep(3)
	_send_task_started_event()

	completed = False
	with time_limit(MAX_RETRY_COUNT * 10): # Limit the time the test can run
	"""
	decorators.py - creating the credentials
	"""
	import functools
	from contextvars import ContextVar, copy_context

	dynamodb_session_keys = ContextVar("dynamodb_session_keys", default=None)

	def dynamodb_tenant_isolation(func):
	@functools.wraps(func)
	import boto3

	def generate_credentials(event):
	tenant_id = extract_tenant_from_auth_header(event)
	dynamic_policy = generate_dynamodb_policy(tenant_id)
	sts_client = boto3.client("sts")
	assumed_role = sts_client.assume_role(
	RoleArn="arn:aws:iam::<account-id>:role/DynamodbRoleToAssume",
	RoleSessionName="<name-to-identify-the-assumed-role-session>",
	Policy=dynamic_policy,
	def generate_dynamodb_policy(tenant_id):
	return {
	"Version": "2012-10-17",
	"Statement": [{
	"Effect": "Allow",
	"Action": ["dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query"],
	"Resource": [
	f"arn:aws:dynamodb:<region>:<account-id>:table/TableName",
	f"arn:aws:dynamodb:<region>:<account-id>:table/TableName/index/*",
	],
	#!/usr/bin/env python
	"""
	Query meetup.com API
	"""

	import os
	import time
	import argparse
	import sys
	import datetime
	<html>

	...

	<body>

	<img id="catImage" src="https://thecatapi.com/api/images/get?format=src&type=gif">

	<br/>
	iamRoleStatements:
	- Effect: Allow
	Action:
	- dynamodb:Query
	- dynamodb:Scan
	- dynamodb:GetItem
	- dynamodb:PutItem
	- dynamodb:UpdateItem
	- dynamodb:DeleteItem
	Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.DYNAMODB_TABLE}"