in serverless/ivs_moderation/ivs_moderation_stack.py [0:0]
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Create S3 bucket for the recording
bucket = self.create_s3_bucket("recording-")
# Create CloudFront distribution and attach it with the S3 bucket
cf_distribution = self.create_cf_distribution(bucket)
# Create SNS for alerts
email = core.CfnParameter(self, "email", type="String",
description="Email address to which SNS messages will be sent")
mytopic = self.create_sns_topic(email.value_as_string, 'alerttopic')
# Create database table to store the job status
table = self.create_dynamo_db_table("ledger-")
# Create a database table to keep the channels to be reviewed
review_db_table = self.create_dynamo_db_table("review-")
# Table to keep the settings
settings_db_table = self.create_db_table("settings-", "id")
# Create lamabda function to process the content
# Environment variables
env = {
'CFDOMAIN': cf_distribution.domain_name,
'SNSTOPIC': mytopic.topic_arn,
'STATUSTABLE': table.table_name,
'REVIEWTABLE': review_db_table.table_name,
'SETTINGSTABLE': settings_db_table.table_name
}
lfuncrecog = self.create_lambda_function(
"lfuncrecog", "ivs_moderation/lambdas/lfuncprocessimage", env)
# Giving full access to rekognition
lfuncrecog.role.add_managed_policy(
iam.ManagedPolicy.from_aws_managed_policy_name("AmazonRekognitionFullAccess"))
lfuncrecog.role.add_managed_policy(
iam.ManagedPolicy.from_aws_managed_policy_name("AmazonS3ReadOnlyAccess"))
lfuncrecog.role.add_to_policy(iam.PolicyStatement(
resources=["*"],
actions=["ivs:StopStream",
"ivs:DeleteStreamKey", "ivs:ListStreamKeys",
"ivs:GetChannel", "ivs:GetStream"]
))
# Allow lambda function to publish to the SNS Topic
lfuncrecog.role.add_to_policy(iam.PolicyStatement(
resources=[mytopic.topic_arn],
actions=["sns:Publish"]
))
# Allow lambda function to access the db table
table.grant_full_access(lfuncrecog)
review_db_table.grant_full_access(lfuncrecog)
settings_db_table.grant_full_access(lfuncrecog)
# Connect lambda with S3 event
lfuncrecog.add_event_source(S3EventSource(
bucket=bucket,
events=[s3.EventType.OBJECT_CREATED],
filters=[s3.NotificationKeyFilter(suffix=".jpg")]
))
lambda_layers = self.create_lambda_layer()
# Create lambda function for all the API Calls
lambda_api = self.create_lambda_function(
"lambda_api", "ivs_moderation/lambdas/lambda_api/", env)
# Adding lambda layer to the api lambda function
lambda_api.add_layers(lambda_layers)
# Giving lambda full access to ivs service
lambda_api.role.add_to_policy(iam.PolicyStatement(
resources=["*"],
actions=["ivs:StopStream",
"ivs:DeleteStreamKey", "ivs:ListStreamKeys", "ivs:GetStream"]
))
# Give sns access to the api lambda
lambda_api.role.add_to_policy(iam.PolicyStatement(
resources=[mytopic.topic_arn],
actions=["sns:Publish"]
))
# Api lambda to give access to review and ledger tables
table.grant_full_access(lambda_api)
review_db_table.grant_full_access(lambda_api)
# Create userpool
pool = self.create_user_pool('ivsmoderation-pool')
pool_client = self.create_user_pool_client('ivsmoderation', pool)
# Create identity pool and map it to the userpool created
identity_pool = self.create_identity_pool(
'ivsmoderation-idpool', pool, pool_client)
# API gateway integrated with lambda
self.create_api_gw(lambda_api, pool)
# Create iam role for authenticated users for the identity pool
identity_auth_role = iam.Role(self, 'auth-role', assumed_by=iam.FederatedPrincipal(federated="cognito-identity.amazonaws.com", conditions=({
"StringEquals": {
"cognito-identity.amazonaws.com:aud": identity_pool.ref
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "authenticated"
}
}), assume_role_action="sts:AssumeRoleWithWebIdentity"))
# Create iam role for authenticated users for the identity pool
identity_unauth_role = iam.Role(self, 'unauth-role', assumed_by=iam.FederatedPrincipal(federated="cognito-identity.amazonaws.com", conditions=({
"StringEquals": {
"cognito-identity.amazonaws.com:aud": identity_pool.ref
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "unauthenticated"
}
}), assume_role_action="sts:AssumeRoleWithWebIdentity"))
# attaching identitypool roles
cognito.CfnIdentityPoolRoleAttachment(self, "PoolRoleAttachment", identity_pool_id=identity_pool.ref, roles=({
"authenticated": identity_auth_role.role_arn,
"unauthenticated": identity_unauth_role.role_arn
}))
# Creating appsync endpoints
api = self.create_appsync_api('appsync-api', pool)
review_db_table_source = api.add_dynamo_db_data_source(
'ChannelsTable', review_db_table)
settings_db_table_source = api.add_dynamo_db_data_source(
'SettingsTable', settings_db_table)
# Adding resolvers mapping to the datasource
self.add_resolvers(review_db_table_source, 'getChannels', 'Query',
'ivs_moderation/schemas/resolvers/Query.getChannels.req.vtl')
self.add_resolvers(review_db_table_source, 'listChannelss', 'Query',
'ivs_moderation/schemas/resolvers/Query.listChannelss.req.vtl')
self.add_resolvers(settings_db_table_source, 'getSettings', 'Query',
'ivs_moderation/schemas/resolvers/Query.getSettings.req.vtl')
self.add_resolvers(settings_db_table_source, 'listSettingss', 'Query',
'ivs_moderation/schemas/resolvers/Query.listSettings.req.vtl')
self.add_resolvers(review_db_table_source, 'createChannels', 'Mutation',
'ivs_moderation/schemas/resolvers/Mutation.createChannels.req.vtl')
self.add_resolvers(review_db_table_source, 'updateChannels', 'Mutation',
'ivs_moderation/schemas/resolvers/Mutation.updateChannels.req.vtl')
self.add_resolvers(review_db_table_source, 'deleteChannels', 'Mutation',
'ivs_moderation/schemas/resolvers/Mutation.deleteChannels.req.vtl')
self.add_resolvers(settings_db_table_source, 'createSettings', 'Mutation',
'ivs_moderation/schemas/resolvers/Mutation.createSettings.req.vtl')
self.add_resolvers(settings_db_table_source, 'updateSettings', 'Mutation',
'ivs_moderation/schemas/resolvers/Mutation.updateSettings.req.vtl')
self.add_resolvers(settings_db_table_source, 'deleteSettings', 'Mutation',
'ivs_moderation/schemas/resolvers/Mutation.deleteSettings.req.vtl')
# Exports
core.CfnOutput(self, 's3_bucket', value=bucket.bucket_name,
description="Bucket to store the recordings", export_name='s3-bucket')
core.CfnOutput(self, 'user_pools_id', value=pool.user_pool_id,
description="User pool to access the APIs", export_name='user-pools-id')
core.CfnOutput(self, 'user_pools_webclient_id', value=pool_client.user_pool_client_id,
description="client id for applications", export_name='user-pools-web-client-id')
core.CfnOutput(self, 'identity_pool_id', value=identity_pool.ref,
description="Identity pool name", export_name='identity-pool-id')
core.CfnOutput(self, 'aws_appsync_graphqlEndpoint', value=api.graphql_url,
description='Appsync api url', export_name='appsync-api-url')
core.CfnOutput(self, 'settings_db_table', value=settings_db_table.table_name,
description='Rest API endpoint', export_name='settings-db-table')