Gems/AWSMetrics/cdk/aws_metrics/real_time_data_processing.py [120:197]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - self._stack, id='AnalyticsApplicationName', description='Kinesis Data Analytics application to process the real-time metrics data', export_name=f"{self._application_name}:AnalyticsApplication", value=self._analytics_application.application_name) def _create_analytics_application_role(self) -> iam.Role: """ Generate the IAM role for the Kinesis analytics application to read events from the input stream and send the processed data to the analytics processing lambda. :return: The created IAM role. """ kinesis_access_policy_document = iam.PolicyDocument( statements=[ iam.PolicyStatement( actions=[ 'kinesis:DescribeStream', 'kinesis:GetShardIterator', 'kinesis:GetRecords', 'kinesis:ListShards' ], effect=iam.Effect.ALLOW, sid='ReadKinesisStream', resources=[ self._input_stream_arn ] ) ] ) lambda_access_policy_document = iam.PolicyDocument( statements=[ iam.PolicyStatement( actions=[ 'lambda:InvokeFunction', 'lambda:GetFunctionConfiguration', ], effect=iam.Effect.ALLOW, sid='AnalyticsProcessingInvokePermissions', resources=[ self._analytics_processing_lambda.function_arn ] ) ] ) kinesis_analytics_role = iam.Role( self._stack, id='AnalyticsApplicationRole', role_name=resource_name_sanitizer.sanitize_resource_name( f'{self._stack.stack_name}-AnalyticsApplicationRole', 'iam_role'), assumed_by=iam.ServicePrincipal( service='kinesisanalytics.amazonaws.com' ), inline_policies={ 'KinesisAccess': kinesis_access_policy_document, 'LambdaAccess': lambda_access_policy_document } ) return kinesis_analytics_role def _create_analytics_processing_lambda(self) -> None: """ Generate the analytics processing lambda to send processed data to CloudWatch for visualization. """ analytics_processing_function_name = resource_name_sanitizer.sanitize_resource_name( f'{self._stack.stack_name}-AnalyticsProcessingLambda', 'lambda_function') self._analytics_processing_lambda_role = self._create_analytics_processing_lambda_role( analytics_processing_function_name ) self._analytics_processing_lambda = lambda_.Function( self._stack, id='AnalyticsProcessingLambda', function_name=analytics_processing_function_name, log_retention=logs.RetentionDays.ONE_MONTH, memory_size=aws_metrics_constants.LAMBDA_MEMORY_SIZE_IN_MB, - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gems/AWSMetrics/cdv1/aws_metrics/real_time_data_processing.py [117:194]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - self._stack, id='AnalyticsApplicationName', description='Kinesis Data Analytics application to process the real-time metrics data', export_name=f"{self._application_name}:AnalyticsApplication", value=self._analytics_application.application_name) def _create_analytics_application_role(self) -> iam.Role: """ Generate the IAM role for the Kinesis analytics application to read events from the input stream and send the processed data to the analytics processing lambda. :return: The created IAM role. """ kinesis_access_policy_document = iam.PolicyDocument( statements=[ iam.PolicyStatement( actions=[ 'kinesis:DescribeStream', 'kinesis:GetShardIterator', 'kinesis:GetRecords', 'kinesis:ListShards' ], effect=iam.Effect.ALLOW, sid='ReadKinesisStream', resources=[ self._input_stream_arn ] ) ] ) lambda_access_policy_document = iam.PolicyDocument( statements=[ iam.PolicyStatement( actions=[ 'lambda:InvokeFunction', 'lambda:GetFunctionConfiguration', ], effect=iam.Effect.ALLOW, sid='AnalyticsProcessingInvokePermissions', resources=[ self._analytics_processing_lambda.function_arn ] ) ] ) kinesis_analytics_role = iam.Role( self._stack, id='AnalyticsApplicationRole', role_name=resource_name_sanitizer.sanitize_resource_name( f'{self._stack.stack_name}-AnalyticsApplicationRole', 'iam_role'), assumed_by=iam.ServicePrincipal( service='kinesisanalytics.amazonaws.com' ), inline_policies={ 'KinesisAccess': kinesis_access_policy_document, 'LambdaAccess': lambda_access_policy_document } ) return kinesis_analytics_role def _create_analytics_processing_lambda(self) -> None: """ Generate the analytics processing lambda to send processed data to CloudWatch for visualization. """ analytics_processing_function_name = resource_name_sanitizer.sanitize_resource_name( f'{self._stack.stack_name}-AnalyticsProcessingLambda', 'lambda_function') self._analytics_processing_lambda_role = self._create_analytics_processing_lambda_role( analytics_processing_function_name ) self._analytics_processing_lambda = lambda_.Function( self._stack, id='AnalyticsProcessingLambda', function_name=analytics_processing_function_name, log_retention=logs.RetentionDays.ONE_MONTH, memory_size=aws_metrics_constants.LAMBDA_MEMORY_SIZE_IN_MB, - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -