Upload
others
View
43
Download
0
Embed Size (px)
Citation preview
AWS Solutions ConstructsAWS Solutions
AWS Solutions Constructs AWS Solutions
AWS Solutions Constructs: AWS SolutionsCopyright © 2020 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is notAmazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages ordiscredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who mayor may not be affiliated with, connected to, or sponsored by Amazon.
AWS Solutions Constructs AWS Solutions
Table of ContentsOverview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
What is AWS Solutions Constructs? ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Why use AWS Solutions Constructs? ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Getting Started .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Prerequisites ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Installing the AWS CDK .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Working with AWS Solutions Constructs ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Walkthrough - Part 1 .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Hello Constructs ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Creating the App Directory and Initializing the AWS CDK .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Update project base dependencies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Lambda handler code .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Install the AWS CDK and AWS Solutions Constructs dependencies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Add an Amazon API Gateway/AWS Lambda pattern to your stack .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8cdk deploy .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Stack outputs .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Testing your app .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Walkthrough - Part 2 .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Hit Counter Lambda code .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Install the new dependencies .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Define the resources .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Review the changes .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24cdk deploy .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Stack outputs .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Testing your app .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Sample Use Cases .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27AWS Static S3 Website .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28AWS Simple Serverless Image Handler ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28AWS Serverless Web App .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
API Reference .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Modules .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Module Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29aws-apigateway-dynamodb .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
aws-apigateway-iot ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Examples .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
aws-apigateway-kinesisstreams .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Sample API Usage .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
iii
AWS Solutions Constructs AWS Solutions
Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42aws-apigateway-lambda .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
aws-apigateway-sagemakerendpoint ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Sample API Usage .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
aws-apigateway-sqs .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Sample API Usage .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
aws-cloudfront-apigateway .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
aws-cloudfront-apigateway-lambda .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
aws-cloudfront-mediastore .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
aws-cloudfront-s3 .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
aws-cognito-apigateway-lambda .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
aws-dynamodb-stream-lambda .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
iv
AWS Solutions Constructs AWS Solutions
Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Lambda function .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
aws-dynamodb-stream-lambda-elasticsearch-kibana .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75Lambda function .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
aws-events-rule-kinesisfirehose-s3 .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
aws-events-rule-kinesisstreams .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
aws-events-rule-lambda .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
aws-events-rule-sns .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86Overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
aws-events-rule-sqs .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
aws-events-rule-step-function .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
aws-iot-kinesisfirehose-s3 .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
v
AWS Solutions Constructs AWS Solutions
aws-iot-lambda .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
aws-iot-lambda-dynamodb .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
aws-kinesisfirehose-s3 .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
aws-kinesisfirehose-s3-and-kinesisanalytics ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
aws-kinesisstreams-kinesisfirehose-s3 .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
aws-kinesisstreams-lambda .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
aws-lambda-dynamodb .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
aws-lambda-elasticsearch-kibana .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123Lambda function .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
aws-lambda-s3 .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
aws-lambda-sns .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
vi
AWS Solutions Constructs AWS Solutions
Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
aws-lambda-sqs .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
aws-lambda-sqs-lambda .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
aws-lambda-step-function .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
aws-s3-lambda .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
aws-s3-sqs .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
aws-s3-step-function .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
aws-sns-lambda .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
aws-sns-sqs .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
aws-sqs-lambda .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159Initializer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160Pattern Construct Props .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160Pattern Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Default settings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
vii
AWS Solutions Constructs AWS Solutions
Architecture .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162core .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Default Properties for AWS CDK Constructs ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162Override the default properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163Property override warnings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Document Revisions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165Notices .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
viii
AWS Solutions Constructs AWS SolutionsWhat is AWS Solutions Constructs?
AWS Solutions ConstructsPublication date: December 2020 (Document Revisions (p. 165))
What is AWS Solutions Constructs?AWS Solutions Constructs (Constructs) is an open-source extension of the AWS Cloud Development Kit(AWS CDK) that provides multi-service, well-architected patterns for quickly defining solutions in code tocreate predictable and repeatable infrastructure. The goal is to accelerate the experience for developersto build solutions of any size using pattern-based definitions for their architecture.
Use the AWS Solutions Constructs to define your solutions in a familiar programming language. The AWSSolutions Constructs supports TypeScript, JavaScript, Python, and Java at this time.
To browse the full catalog of AWS Solutions Constructs patterns, click here.
Why use AWS Solutions Constructs?With the rate of innovation of cloud providers, knowing and understanding best practices and ensuringthey are implemented correctly across your solution can be daunting. Constructs allows you to combinepre-built, well-architected patterns and use cases that perform common actions using cloud services in ascalable and secure manner. Because Constructs provides a library for modern programming languages,you can apply existing development skills and familiar tools to the task of building well-architectedcloud infrastructure for your solutions.
Other advantages of AWS Solutions Constructs include:
• It is built upon the AWS Cloud Development Kit (AWS CDK) open source software developmentframework.
• Use logic (if statements, for-loops, etc.) when defining your solution infrastructure.• Use object-oriented techniques to create a model of your system.• Define high level abstractions, share them, and publish them to your team, company, or community.• Organize your solutions into logical modules.• Share and reuse your solution as a library.• Test your infrastructure code using industry-standard protocols.• Use your existing code review workflow.
The aim of AWS Solutions Constructs is to reduce the complexity and glue logic required whenintegrating common well-architected patterns to achieve your solution goals on AWS.
1
AWS Solutions Constructs AWS SolutionsPrerequisites
Getting Started with AWS SolutionsConstructs
This topic describes how to install and configure AWS Cloud Development Kit (AWS CDK), AWS SolutionsConstructs, and create your first AWS CDK app using AWS Solutions Constructs patterns.
NoteAWS Solutions Constructs is supported on AWS CDK versions ≥ 1.46.0.
TipWant to dig deeper? Try the CDK Workshop for a more in-depth tour of a real-world project.
TipFor more information about getting started with the AWS Cloud Development Kit (AWS CDK),refer to the AWS CDK Developer Guide.
PrerequisitesAWS Solutions Constructs is built upon the AWS CDK, so you need to install Node.js (>= 10.3.0), eventhose working in languages other than TypeScript or JavaScript. This is because the AWS CDK and AWSSolutions Constructs are developed in TypeScript and run on Node.js. The bindings for other supportedlanguages use this backend and toolset.
You must provide your credentials and an AWS Region to use the AWS CDK CLI, as described inSpecifying Your Credentials and Region.
Other prerequisites depend on your development language, as follows.
Language Prerequisites
Python
Python >= 3.6
TypeScript
TypeScript >= 2.7
Java
Java >= 1.8
Installing the AWS CDKTo install and configure the AWS CDK, please refer to the AWS CDK Developer Guide - Installing the AWSCDK.
2
AWS Solutions Constructs AWS SolutionsWorking with AWS Solutions Constructs
Working with AWS Solutions ConstructsThe typical workflow for creating a new app when working with AWS Solutions Constructs follows thesame approach as the AWS CDK.
1. Create the app directory.2. Initialize the app.3. Add the AWS Solutions Constructs pattern dependencies.4. Add additional code to the app.5. Compile the app, if necessary.6. Deploy the resources defined in the app.7. Test the app.
If there are any issues, loop through modify, compile (if necessary), deploy, and test again.
Walkthrough - Part 1NoteAWS Solutions Constructs is supported on AWS CDK versions ≥ 1.46.0.
This tutorial walks you through how to create and deploy a simple "Hello Constructs" AWS CDK app thatuses a pattern from AWS Solutions Constructs, from initializing the project to deploying the resultingAWS CloudFormation template. The Hello Constructs app will create the following simple solution:
3
AWS Solutions Constructs AWS SolutionsHello Constructs
Hello ConstructsLet’s get started building our first AWS CDK App using pattern based development.
NoteThis is a sample modification of Hello CDK! from the CDK Workshop. If this is your first timeusing the AWS CDK, we recommend starting with this workshop for a hands-on walkthroughand how to leverage the CDK in building a real-world project.
Creating the App Directory and Initializing the AWSCDKCreate a directory for your CDK app, and then create a AWS CDK app in that directory.
TypeScript
mkdir hello-constructs cd hello-constructs cdk init --language typescript
Python
mkdir hello-constructs cd hello-constructs cdk init --language python
TipNow's a good time to open the project in your favorite IDE and explore. To learn more about theproject structure, select the appropriate link:
• TypeScript
• Python
Update project base dependenciesWarningTo ensure proper functionality, AWS Solutions Constructs and AWS CDK packages must usethe same version number within your project. For example, if you are using AWS SolutionsConstructs v.1.52.0, you must also use AWS CDK v.1.52.0.
TipTake note of the most recent version of AWS Solutions Constructs, and apply that versionnumber to the VERSION_NUMBER placeholders in the steps below (for both AWS SolutionsConstructs and AWS CDK packages). To check all the public releases of the Constructs library, click here .
TypeScript
Edit the package.json file with the following information:
4
AWS Solutions Constructs AWS SolutionsUpdate project base dependencies
"devDependencies": { "@aws-cdk/assert": "VERSION_NUMBER", "@types/jest": "^24.0.22", "@types/node": "10.17.5", "jest": "^24.9.0", "ts-jest": "^24.1.0", "aws-cdk": "VERSION_NUMBER", "ts-node": "^8.1.0", "typescript": "~3.7.2" }, "dependencies": { "@aws-cdk/core": "VERSION_NUMBER", "source-map-support": "^0.5.16" }
Python
Edit the setup.py file with the following information:
install_requires=[ "aws-cdk.core==VERSION_NUMBER",],
Install the projects base dependencies.
TypeScript
npm install
Python
source .env/bin/activatepip install -r requirements.txt
Build and run the app and confirm that it creates an empty stack.
TypeScript
npm run build cdk synth
Python
cdk synth
5
AWS Solutions Constructs AWS SolutionsLambda handler code
You should see a stack like the following, where CDK-VERSION is the version of the CDK. (Your outputmay differ slightly from what’s shown here.)
TypeScript
Resources: CDKMetadata: Type: AWS::CDK::Metadata Properties: Modules: aws-cdk=CDK-VERSION,@aws-cdk/core=VERSION_NUMBER,@aws-cdk/cx-api=VERSION_NUMBER,jsii-runtime=node.js/10.17.0
Python
Resources: CDKMetadata: Type: AWS::CDK::Metadata Properties: Modules: aws-cdk=CDK-VERSION,@aws-cdk/core=VERSION_NUMBER,@aws-cdk/cx-api=VERSION_NUMBER,jsii-runtime=Python/3.7.7
Lambda handler codeWe’ll start with the AWS Lambda handler code.
Create a directory lambda in the root of your project tree.
TypeScript
Add a file called lambda/hello.js with the following contents:
exports.handler = async function(event) { console.log("request:", JSON.stringify(event, null, 2)); return { statusCode: 200, headers: { "Content-Type": "text/plain" }, body: `Hello, AWS Solutions Constructs! You've hit ${event.path}\n` };};
Python
Add a file called lambda/hello.py with the following contents:
import json
def handler(event, context): print('request: {}'.format(json.dumps(event))) return { 'statusCode': 200, 'headers': {
6
AWS Solutions Constructs AWS SolutionsInstall the AWS CDK and AWS
Solutions Constructs dependencies
'Content-Type': 'text/plain' }, 'body': 'Hello, CDK! You have hit {}\n'.format(event['path']) }
This is a simple Lambda function which returns the text "Hello, Constructs! You’ve hit [url path]". Thefunction’s output also includes the HTTP status code and HTTP headers. These are used by API Gatewayto formulate the HTTP response to the user.
This Lambda is provided in JavaScript. For more information on writing Lambda functions in yourlanguage of choice, refer to the AWS Lambda documentation.
Install the AWS CDK and AWS Solutions ConstructsdependenciesThe AWS Solutions Constructs is shipped with an extensive library of constructs. The library is dividedinto modules, one for each well-architected pattern. For example, if you want to define an AmazonAPI Gateway Rest API to an AWS Lambda function, we will need to use the aws-apigateway-lambdapattern library.
We also need to add the AWS Lambda and Amazon API Gateway construct library from the AWS CDK.
Install the AWS Lambda module and all its dependencies into our project:
NoteRemember to substitute the correct, matching version to be used for both AWS SolutionsConstructs and the AWS CDK into the VERSION_NUMBER placeholder fields for each command.Mismatching versions between packages may cause errors.
TypeScript
npm install -s @aws-cdk/aws-lambda@VERSION_NUMBER
Python
pip install aws_cdk.aws_lambda==VERSION_NUMBER
Next, install the Amazon API Gateway module and all its dependencies into our project:
TypeScript
npm install -s @aws-cdk/aws-apigateway@VERSION_NUMBER
Python
pip install aws_cdk.aws_apigateway==VERSION_NUMBER
7
AWS Solutions Constructs AWS SolutionsAdd an Amazon API Gateway/
AWS Lambda pattern to your stack
Finally, install the AWS Solutions Constructs aws-apigateway-lambda module and all its dependenciesinto our project:
TypeScript
npm install -s @aws-solutions-constructs/aws-apigateway-lambda@VERSION_NUMBER
Python
pip install aws_solutions_constructs.aws_apigateway_lambda==VERSION_NUMBER
Add an Amazon API Gateway/AWS Lambda patternto your stackNow, let’s define the AWS Solutions Constructs pattern for implementing an Amazon API Gateway withan AWS Lambda proxy.
TypeScript
Edit the file lib/hello-constructs.ts with the following:
import * as cdk from '@aws-cdk/core';import * as lambda from '@aws-cdk/aws-lambda';import * as api from '@aws-cdk/aws-apigateway';import { ApiGatewayToLambda, ApiGatewayToLambdaProps } from '@aws-solutions-constructs/aws-apigateway-lambda';
export class HelloConstructsStack extends cdk.Stack { constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) { super(scope, id, props);
// The code that defines your stack goes here const api_lambda_props: ApiGatewayToLambdaProps = { lambdaFunctionProps: { code: lambda.Code.fromAsset('lambda'), runtime: lambda.Runtime.NODEJS_12_X, handler: 'hello.handler' }, apiGatewayProps: { defaultMethodOptions: { authorizationType: api.AuthorizationType.NONE } } };
new ApiGatewayToLambda(this, 'ApiGatewayToLambda', api_lambda_props); }}
8
AWS Solutions Constructs AWS SolutionsAdd an Amazon API Gateway/
AWS Lambda pattern to your stack
Python
Edit the file hello_constructs/hello_constructs_stack.py with the following:
from aws_cdk import ( aws_lambda as _lambda, aws_apigateway as apigw, core,)
from aws_solutions_constructs import ( aws_apigateway_lambda as apigw_lambda)
class HelloConstructsStack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
apigw_lambda.ApiGatewayToLambda( self, 'ApiGatewayToLambda', deploy_lambda=True, lambda_function_props=_lambda.FunctionProps( runtime=_lambda.Runtime.PYTHON_3_7, code=_lambda.Code.asset('lambda'), handler='hello.handler', ), api_gateway_props=apigw.RestApiProps( default_method_options=apigw.MethodOptions( authorization_type=apigw.AuthorizationType.NONE ) ) )
That’s it. This is all you need to do in order to define an API Gateway which proxies all requests to anAWS Lambda function. Let's rebuild our project to reflect the changes we made to the stack above:
npm run build
Now, let's compare our new stack to the original one:
cdk diff
The output should look like this:
Stack HelloConstructsStackIAM Statement Changes######################################################################################################################################## # Resource # Effect # Action # Principal # Condition #
9
AWS Solutions Constructs AWS SolutionsAdd an Amazon API Gateway/
AWS Lambda pattern to your stack
######################################################################################################################################## + # ${LambdaFunction.Arn} # Allow # lambda:InvokeFunction # Service:apigateway.amazonaw # "ArnLike": { ## # # # # s.com # "AWS:SourceArn": "arn:${AW ## # # # # # S::Partition}:execute-api:${ ## # # # # # AWS::Region}:${AWS::AccountI ## # # # # # d}:${RestApi0C43BF4B}/${Rest ## # # # # # Api/DeploymentStage.prod}/*/ ## # # # # # {proxy+}" ## # # # # # } ## + # ${LambdaFunction.Arn} # Allow # lambda:InvokeFunction # Service:apigateway.amazonaw # "ArnLike": { ## # # # # s.com # "AWS:SourceArn": "arn:${AW ## # # # # # S::Partition}:execute-api:${ ## # # # # # AWS::Region}:${AWS::AccountI ## # # # # # d}:${RestApi0C43BF4B}/test-i ## # # # # # nvoke-stage/*/{proxy+}" ## # # # # # } ## + # ${LambdaFunction.Arn} # Allow # lambda:InvokeFunction # Service:apigateway.amazonaw # "ArnLike": { ## # # # # s.com # "AWS:SourceArn": "arn:${AW ## # # # # # S::Partition}:execute-api:${ ## # # # # # AWS::Region}:${AWS::AccountI ## # # # # # d}:${RestApi0C43BF4B}/${Rest ## # # # # # Api/DeploymentStage.prod}/*/ ## # # # # # " ## # # # # # } ## + # ${LambdaFunction.Arn} # Allow # lambda:InvokeFunction # Service:apigateway.amazonaw # "ArnLike": { ## # # # # s.com # "AWS:SourceArn": "arn:${AW ## # # # # # S::Partition}:execute-api:${ ## # # # # # AWS::Region}:${AWS::AccountI ## # # # # # d}:${RestApi0C43BF4B}/test-i ## # # # # # nvoke-stage/*/" ## # # # # # } ######################################################################################################################################### + # ${LambdaFunctionServiceRole # Allow # sts:AssumeRole # Service:lambda.amazonaws.co # ## # .Arn} # # # m # #
10
AWS Solutions Constructs AWS SolutionsAdd an Amazon API Gateway/
AWS Lambda pattern to your stack
######################################################################################################################################## + # ${LambdaRestApiCloudWatchRo # Allow # sts:AssumeRole # Service:apigateway.amazonaw # ## # le.Arn} # # # s.com # ######################################################################################################################################### + # arn:aws:logs:${AWS::Region} # Allow # logs:CreateLogGroup # AWS:${LambdaRestApiCloudWat # ## # :${AWS::AccountId}:* # # logs:CreateLogStream # chRole} # ## # # # logs:DescribeLogGroups # # ## # # # logs:DescribeLogStreams # # ## # # # logs:FilterLogEvents # # ## # # # logs:GetLogEvents # # ## # # # logs:PutLogEvents # # ######################################################################################################################################### + # arn:aws:logs:${AWS::Region} # Allow # logs:CreateLogGroup # AWS:${LambdaFunctionService # ## # :${AWS::AccountId}:log-grou # # logs:CreateLogStream # Role} # ## # p:/aws/lambda/* # # logs:PutLogEvents # # ########################################################################################################################################(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
Parameters[+] Parameter AssetParameters/ba91444ebd644d9419e8cfee417f3aaa728507dd428788a2fc40574646c4340a/S3Bucket AssetParametersba91444ebd644d9419e8cfee417f3aaa728507dd428788a2fc40574646c4340aS3Bucket9780A3BC: {"Type":"String","Description":"S3 bucket for asset \"ba91444ebd644d9419e8cfee417f3aaa728507dd428788a2fc40574646c4340a\""}[+] Parameter AssetParameters/ba91444ebd644d9419e8cfee417f3aaa728507dd428788a2fc40574646c4340a/S3VersionKey AssetParametersba91444ebd644d9419e8cfee417f3aaa728507dd428788a2fc40574646c4340aS3VersionKey37F36FFB: {"Type":"String","Description":"S3 key for asset version \"ba91444ebd644d9419e8cfee417f3aaa728507dd428788a2fc40574646c4340a\""}[+] Parameter AssetParameters/ba91444ebd644d9419e8cfee417f3aaa728507dd428788a2fc40574646c4340a/ArtifactHash AssetParametersba91444ebd644d9419e8cfee417f3aaa728507dd428788a2fc40574646c4340aArtifactHash80199FBC: {"Type":"String","Description":"Artifact hash for asset \"ba91444ebd644d9419e8cfee417f3aaa728507dd428788a2fc40574646c4340a\""}
Conditions[+] Condition CDKMetadataAvailable: {"Fn::Or":[{"Fn::Or":[{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-east-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-northeast-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-northeast-2"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-south-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-southeast-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-southeast-2"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ca-central-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"cn-north-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"cn-northwest-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-central-1"]}]},{"Fn::Or":[{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-north-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-west-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-west-2"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-west-3"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"me-south-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"sa-east-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"us-east-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"us-east-2"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"us-west-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"us-west-2"]}]}]}
Resources
11
AWS Solutions Constructs AWS Solutionscdk deploy
[+] AWS::Logs::LogGroup ApiGatewayToLambda/ApiAccessLogGroup ApiGatewayToLambdaApiAccessLogGroupE2B41502 [+] AWS::IAM::Role LambdaFunctionServiceRole LambdaFunctionServiceRole0C4CDE0B [+] AWS::Lambda::Function LambdaFunction LambdaFunctionBF21E41F [+] AWS::ApiGateway::RestApi RestApi RestApi0C43BF4B [+] AWS::ApiGateway::Deployment RestApi/Deployment RestApiDeployment180EC503d2c6df3c8dc8b7193b98c1a0bff4e677 [+] AWS::ApiGateway::Stage RestApi/DeploymentStage.prod RestApiDeploymentStageprod3855DE66 [+] AWS::ApiGateway::Resource RestApi/Default/{proxy+} RestApiproxyC95856DD [+] AWS::Lambda::Permission RestApi/Default/{proxy+}/ANY/ApiPermission.HelloConstructsStackRestApiFDB18C2E.ANY..{proxy+} RestApiproxyANYApiPermissionHelloConstructsStackRestApiFDB18C2EANYproxyE43D39B3 [+] AWS::Lambda::Permission RestApi/Default/{proxy+}/ANY/ApiPermission.Test.HelloConstructsStackRestApiFDB18C2E.ANY..{proxy+} RestApiproxyANYApiPermissionTestHelloConstructsStackRestApiFDB18C2EANYproxy0B23CDC7 [+] AWS::ApiGateway::Method RestApi/Default/{proxy+}/ANY RestApiproxyANY1786B242 [+] AWS::Lambda::Permission RestApi/Default/ANY/ApiPermission.HelloConstructsStackRestApiFDB18C2E.ANY.. RestApiANYApiPermissionHelloConstructsStackRestApiFDB18C2EANY5684C1E6 [+] AWS::Lambda::Permission RestApi/Default/ANY/ApiPermission.Test.HelloConstructsStackRestApiFDB18C2E.ANY.. RestApiANYApiPermissionTestHelloConstructsStackRestApiFDB18C2EANY81DBDF56 [+] AWS::ApiGateway::Method RestApi/Default/ANY RestApiANYA7C1DC94 [+] AWS::ApiGateway::UsagePlan RestApi/UsagePlan RestApiUsagePlan6E1C537A [+] AWS::Logs::LogGroup ApiAccessLogGroup ApiAccessLogGroupCEA70788 [+] AWS::IAM::Role LambdaRestApiCloudWatchRole LambdaRestApiCloudWatchRoleF339D4E6 [+] AWS::ApiGateway::Account LambdaRestApiAccount LambdaRestApiAccount
Outputs[+] Output RestApi/Endpoint RestApiEndpoint0551178A: {"Value":{"Fn::Join":["",["https://",{"Ref":"RestApi0C43BF4B"},".execute-api.",{"Ref":"AWS::Region"},".",{"Ref":"AWS::URLSuffix"},"/",{"Ref":"RestApiDeploymentStageprod3855DE66"},"/"]]}}
That’s nice. This simple example with one well-architected pattern from the AWS Solutions Constructsadded 21 new resources to your stack.
cdk deployTipBefore you can deploy your first AWS CDK app containing a Lambda function, you mustbootstrap your AWS environment. This creates a staging bucket that the AWS CDK uses todeploy stacks containing assets. If this is the first time you are using the AWS CDK to deployassets, you will need to run the cdk bootstrap to deploy the CDK toolkit stack into your AWSenvironment.
Okay, ready to deploy?
cdk deploy
Stack outputsWhen deployment is complete, you’ll notice this line:
Outputs:HelloConstructsStack.RestApiEndpoint0551178A = https://xxxxxxxxxx.execute-api.us-east-1.amazonaws.com/prod/
12
AWS Solutions Constructs AWS SolutionsTesting your app
This is a stack output that’s automatically added by the AWS Solutions Constructs pattern and includesthe URL of the API Gateway endpoint.
Testing your appLet’s try to hit this endpoint with curl. Copy the URL and execute (your prefix and Region will likely bedifferent).
curl https://xxxxxxxxxx.execute-api.us-east-1.amazonaws.com/prod/
Output should look like this:
Hello, AWS Solutions Constructs! You've hit /
If this is the output you received, your app works!
Walkthrough - Part 2NoteAWS Solutions Constructs is supported on AWS CDK versions ≥ 1.46.0.
This tutorial walks you through how to modify the "Hello Constructs" app created in part 1 (p. 3).Our modification will add a site hit counter using the AWS Lambda to DynamoDB pattern from AWSSolutions Constructs. Modifying the Hello Constructs app will result in the following solution:
13
AWS Solutions Constructs AWS SolutionsHit Counter Lambda code
Hit Counter Lambda codeLet's get started by writing the code for the Hit Counter AWS Lambda function. This function will:
• increment a counter related to the API path in a Amazon DynamoDB table,
• invoke the downstream Hello AWS Lambda function,
• and return the response to end user.
TypeScript
Add a file called lambda/hitcounter.js with the following contents:
const { DynamoDB, Lambda } = require('aws-sdk');
exports.handler = async function(event) { console.log("request:", JSON.stringify(event, undefined, 2));
// create AWS SDK clients const dynamo = new DynamoDB(); const lambda = new Lambda();
// update dynamo entry for "path" with hits++ await dynamo.updateItem({ TableName: process.env.DDB_TABLE_NAME, Key: { path: { S: event.path } }, UpdateExpression: 'ADD hits :incr', ExpressionAttributeValues: { ':incr': { N: '1' } } }).promise();
// call downstream function and capture response const resp = await lambda.invoke({ FunctionName: process.env.DOWNSTREAM_FUNCTION_NAME, Payload: JSON.stringify(event) }).promise();
console.log('downstream response:', JSON.stringify(resp, undefined, 2));
// return response back to upstream caller return JSON.parse(resp.Payload);};
Python
Add a file called lambda/hitcounter.py with the following contents:
import jsonimport osimport boto3
ddb = boto3.resource('dynamodb')table = ddb.Table(os.environ['DDB_TABLE_NAME'])_lambda = boto3.client('lambda')
def handler(event, context): print('request: {}'.format(json.dumps(event))) table.update_item(
14
AWS Solutions Constructs AWS SolutionsInstall the new dependencies
Key={'path': event['path']}, UpdateExpression='ADD hits :incr', ExpressionAttributeValues={':incr': 1} )
resp = _lambda.invoke( FunctionName=os.environ['DOWNSTREAM_FUNCTION_NAME'], Payload=json.dumps(event), )
body = resp['Payload'].read()
print('downstream response: {}'.format(body)) return json.loads(body)
Install the new dependenciesNoteRemember to substitute the correct, matching version to be used for both AWS SolutionsConstructs and the AWS CDK into the VERSION_NUMBER placeholder fields for each command.This should be identical to the version number used for dependencies in the first part of thiswalkthrough. Mismatching versions between packages may cause errors.
As usual, we first need to install the dependencies we need for our solution update. First, we need toinstall the DynamoDB construct library:
TypeScript
npm install -s @aws-cdk/aws-dynamodb@VERSION_NUMBER
Python
pip install aws_cdk.aws_dynamodb==VERSION_NUMBER
Finally, install the AWS Solutions Constructs aws-lambda-dynamodb module and all its dependenciesinto our project:
TypeScript
npm install -s @aws-solutions-constructs/aws-lambda-dynamodb@VERSION_NUMBER
Python
pip install aws_solutions_constructs.aws_lambda_dynamodb==VERSION_NUMBER
15
AWS Solutions Constructs AWS SolutionsDefine the resources
Define the resourcesNow, let's update our stack code to accomodate our new architecture.
First, we are going to import our new dependencies and move the "Hello" function outside of the aws-apigateway-lambda pattern we created in part 1.
TypeScript
Edit the file lib/hello-constructs.ts with the following:
import * as cdk from '@aws-cdk/core';import * as lambda from '@aws-cdk/aws-lambda';import * as api from '@aws-cdk/aws-apigateway';import * as dynamodb from '@aws-cdk/aws-dynamodb';import { ApiGatewayToLambda, ApiGatewayToLambdaProps } from '@aws-solutions-constructs/aws-apigateway-lambda';import { LambdaToDynamoDB, LambdaToDynamoDBProps } from '@aws-solutions-constructs/aws-lambda-dynamodb';
export class HelloConstructsStack extends cdk.Stack { constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) { super(scope, id, props);
// The code that defines your stack goes here
const helloFunc = new lambda.Function(this, 'HelloHandler', { runtime: lambda.Runtime.NODEJS_12_X, code: lambda.Code.fromAsset('lambda'), handler: 'hello.handler' });
const api_lambda_props: ApiGatewayToLambdaProps = { lambdaFunctionProps: { code: lambda.Code.fromAsset('lambda'), runtime: lambda.Runtime.NODEJS_12_X, handler: 'hello.handler' }, apiGatewayProps: { defaultMethodOptions: { authorizationType: api.AuthorizationType.NONE } } };
new ApiGatewayToLambda(this, 'ApiGatewayToLambda', api_lambda_props); }}
Python
Edit the file hello_constructs/hello_constructs_stack.py with the following:
from aws_cdk import ( aws_lambda as _lambda, aws_apigateway as apigw, aws_dynamodb as ddb, core,)
16
AWS Solutions Constructs AWS SolutionsDefine the resources
from aws_solutions_constructs import ( aws_apigateway_lambda as apigw_lambda, aws_lambda_dynamodb as lambda_ddb)
class HelloConstructsStack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
self._handler = _lambda.Function( self, 'HelloHandler', runtime=_lambda.Runtime.PYTHON_3_7, handler='hello.handler', code=_lambda.Code.asset('lambda'), )
apigw_lambda.ApiGatewayToLambda( self, 'ApiGatewayToLambda', deploy_lambda=True, lambda_function_props=_lambda.FunctionProps( runtime=_lambda.Runtime.PYTHON_3_7, code=_lambda.Code.asset('lambda'), handler='hello.handler', ), api_gateway_props=apigw.RestApiProps( default_method_options=apigw.MethodOptions( authorization_type=apigw.AuthorizationType.NONE ) ) )
Next, we are going to add the aws-lambda-dynamodb pattern to build out the hit counter service forour updated architecture.
17
AWS Solutions Constructs AWS SolutionsDefine the resources
The next update below defines the properties for the aws-lambda-dynamodb pattern by definingthe AWS Lambda function with the Hit Counter handler. Additionally, the Amazon DynamoDB table isdefined with a name of Hits and a partition key of path.
TypeScript
Edit the file lib/hello-constructs.ts with the following:
import * as cdk from '@aws-cdk/core';import * as lambda from '@aws-cdk/aws-lambda';import * as api from '@aws-cdk/aws-apigateway';import * as dynamodb from '@aws-cdk/aws-dynamodb';import { ApiGatewayToLambda, ApiGatewayToLambdaProps } from '@aws-solutions-constructs/aws-apigateway-lambda';import { LambdaToDynamoDB, LambdaToDynamoDBProps } from '@aws-solutions-constructs/aws-lambda-dynamodb';
export class HelloConstructsStack extends cdk.Stack { constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) { super(scope, id, props);
// The code that defines your stack goes here
const helloFunc = new lambda.Function(this, 'HelloHandler', { runtime: lambda.Runtime.NODEJS_12_X, code: lambda.Code.fromAsset('lambda'), handler: 'hello.handler' });
// hit counter, aws-lambda-dynamodb pattern const lambda_ddb_props: LambdaToDynamoDBProps = {
18
AWS Solutions Constructs AWS SolutionsDefine the resources
lambdaFunctionProps: { code: lambda.Code.asset(`lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'hitcounter.handler', environment: { DOWNSTREAM_FUNCTION_NAME: helloFunc.functionName } }, dynamoTableProps: { tableName: 'Hits', partitionKey: { name: 'path', type: dynamodb.AttributeType.STRING } } };
const hitcounter = new LambdaToDynamoDB(this, 'LambdaToDynamoDB', lambda_ddb_props);
const api_lambda_props: ApiGatewayToLambdaProps = { lambdaFunctionProps: { code: lambda.Code.fromAsset('lambda'), runtime: lambda.Runtime.NODEJS_12_X, handler: 'hello.handler' }, apiGatewayProps: { defaultMethodOptions: { authorizationType: api.AuthorizationType.NONE } } };
new ApiGatewayToLambda(this, 'ApiGatewayToLambda', api_lambda_props); }}
Python
Edit the file hello_constructs/hello_constructs_stack.py with the following:
from aws_cdk import ( aws_lambda as _lambda, aws_apigateway as apigw, aws_dynamodb as ddb, core,)
from aws_solutions_constructs import ( aws_apigateway_lambda as apigw_lambda, aws_lambda_dynamodb as lambda_ddb)
class HelloConstructsStack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
self.hello_func = _lambda.Function( self, 'HelloHandler', runtime=_lambda.Runtime.PYTHON_3_7, handler='hello.handler', code=_lambda.Code.asset('lambda'), )
19
AWS Solutions Constructs AWS SolutionsDefine the resources
# hit counter, aws-lambda-dynamodb pattern self.hit_counter = lambda_ddb.LambdaToDynamoDB( self, 'LambdaToDynamoDB', deploy_lambda=True, lambda_function_props=_lambda.FunctionProps( runtime=_lambda.Runtime.PYTHON_3_7, code=_lambda.Code.asset('lambda'), handler='hitcounter.handler', environment={ 'DOWNSTREAM_FUNCTION_NAME': self.hello_func.function_name } ), dynamo_table_props=ddb.TableProps( table_name='Hits', partition_key={ 'name': 'path', 'type': ddb.AttributeType.STRING } ) )
apigw_lambda.ApiGatewayToLambda( self, 'ApiGatewayToLambda', deploy_lambda=True, lambda_function_props=_lambda.FunctionProps( runtime=_lambda.Runtime.PYTHON_3_7, code=_lambda.Code.asset('lambda'), handler='hello.handler', ), api_gateway_props=apigw.RestApiProps( default_method_options=apigw.MethodOptions( authorization_type=apigw.AuthorizationType.NONE ) ) )
Next, we need to grant the Hit Counter function created from the aws-lambda-dynamodb patternadded above permission to invoke our Hello function.
TypeScript
Edit the file lib/hello-constructs.ts with the following:
import * as cdk from '@aws-cdk/core';import * as lambda from '@aws-cdk/aws-lambda';import * as api from '@aws-cdk/aws-apigateway';import * as dynamodb from '@aws-cdk/aws-dynamodb';import { ApiGatewayToLambda, ApiGatewayToLambdaProps } from '@aws-solutions-constructs/aws-apigateway-lambda';import { LambdaToDynamoDB, LambdaToDynamoDBProps } from '@aws-solutions-constructs/aws-lambda-dynamodb';
export class HelloConstructsStack extends cdk.Stack { constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) { super(scope, id, props);
// The code that defines your stack goes here
// hello function responding to http requests const helloFunc = new lambda.Function(this, 'HelloHandler', {
20
AWS Solutions Constructs AWS SolutionsDefine the resources
runtime: lambda.Runtime.NODEJS_12_X, code: lambda.Code.fromAsset('lambda'), handler: 'hello.handler' });
// hit counter, aws-lambda-dynamodb pattern const lambda_ddb_props: LambdaToDynamoDBProps = { lambdaFunctionProps: { code: lambda.Code.asset(`lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'hitcounter.handler', environment: { DOWNSTREAM_FUNCTION_NAME: helloFunc.functionName } }, dynamoTableProps: { tableName: 'Hits', partitionKey: { name: 'path', type: dynamodb.AttributeType.STRING } } };
const hitcounter = new LambdaToDynamoDB(this, 'LambdaToDynamoDB', lambda_ddb_props);
// grant the hitcounter lambda role invoke permissions to the hello function helloFunc.grantInvoke(hitcounter.lambdaFunction);
const api_lambda_props: ApiGatewayToLambdaProps = { lambdaFunctionProps: { code: lambda.Code.fromAsset('lambda'), runtime: lambda.Runtime.NODEJS_12_X, handler: 'hello.handler' }, apiGatewayProps: { defaultMethodOptions: { authorizationType: api.AuthorizationType.NONE } } };
new ApiGatewayToLambda(this, 'ApiGatewayToLambda', api_lambda_props); }}
Python
Edit the file hello_constructs/hello_constructs_stack.py with the following:
from aws_cdk import ( aws_lambda as _lambda, aws_apigateway as apigw, aws_dynamodb as ddb, core,)
from aws_solutions_constructs import ( aws_apigateway_lambda as apigw_lambda, aws_lambda_dynamodb as lambda_ddb)
class HelloConstructsStack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
21
AWS Solutions Constructs AWS SolutionsDefine the resources
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
self.hello_func = _lambda.Function( self, 'HelloHandler', runtime=_lambda.Runtime.PYTHON_3_7, handler='hello.handler', code=_lambda.Code.asset('lambda'), )
# hit counter, aws-lambda-dynamodb pattern self.hit_counter = lambda_ddb.LambdaToDynamoDB( self, 'LambdaToDynamoDB', deploy_lambda=True, lambda_function_props=_lambda.FunctionProps( runtime=_lambda.Runtime.PYTHON_3_7, code=_lambda.Code.asset('lambda'), handler='hitcounter.handler', environment={ 'DOWNSTREAM_FUNCTION_NAME': self.hello_func.function_name } ), dynamo_table_props=ddb.TableProps( table_name='Hits', partition_key={ 'name': 'path', 'type': ddb.AttributeType.STRING } ) )
# grant the hitcounter lambda role invoke permissions to the hello function self.hello_func.grant_invoke(self.hit_counter.lambda_function)
apigw_lambda.ApiGatewayToLambda( self, 'ApiGatewayToLambda', deploy_lambda=True, lambda_function_props=_lambda.FunctionProps( runtime=_lambda.Runtime.PYTHON_3_7, code=_lambda.Code.asset('lambda'), handler='hello.handler', ), api_gateway_props=apigw.RestApiProps( default_method_options=apigw.MethodOptions( authorization_type=apigw.AuthorizationType.NONE ) ) )
Finally, we need to update our original aws-apigateway-lambda pattern to utilize our new Hit Counterfunction that was provisioned with the aws-lambda-dynamodb pattern above.
TypeScript
Edit the file lib/hello-constructs.ts with the following:
import * as cdk from '@aws-cdk/core';import * as lambda from '@aws-cdk/aws-lambda';import * as api from '@aws-cdk/aws-apigateway';import * as dynamodb from '@aws-cdk/aws-dynamodb';
22
AWS Solutions Constructs AWS SolutionsDefine the resources
import { ApiGatewayToLambda, ApiGatewayToLambdaProps } from '@aws-solutions-constructs/aws-apigateway-lambda';import { LambdaToDynamoDB, LambdaToDynamoDBProps } from '@aws-solutions-constructs/aws-lambda-dynamodb';
export class HelloConstructsStack extends cdk.Stack { constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) { super(scope, id, props);
// The code that defines your stack goes here
// hello function responding to http requests const helloFunc = new lambda.Function(this, 'HelloHandler', { runtime: lambda.Runtime.NODEJS_12_X, code: lambda.Code.fromAsset('lambda'), handler: 'hello.handler' });
// hit counter, aws-lambda-dynamodb pattern const lambda_ddb_props: LambdaToDynamoDBProps = { lambdaFunctionProps: { code: lambda.Code.asset(`lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'hitcounter.handler', environment: { DOWNSTREAM_FUNCTION_NAME: helloFunc.functionName } }, dynamoTableProps: { tableName: 'Hits', partitionKey: { name: 'path', type: dynamodb.AttributeType.STRING } } };
const hitcounter = new LambdaToDynamoDB(this, 'LambdaToDynamoDB', lambda_ddb_props);
// grant the hitcounter lambda role invoke permissions to the hello function helloFunc.grantInvoke(hitcounter.lambdaFunction);
const api_lambda_props: ApiGatewayToLambdaProps = { existingLambdaObj: hitcounter.lambdaFunction, apiGatewayProps: { defaultMethodOptions: { authorizationType: api.AuthorizationType.NONE } } };
new ApiGatewayToLambda(this, 'ApiGatewayToLambda', api_lambda_props); }}
Python
Edit the file hello_constructs/hello_constructs_stack.py with the following:
from aws_cdk import ( aws_lambda as _lambda, aws_apigateway as apigw, aws_dynamodb as ddb, core,)
23
AWS Solutions Constructs AWS SolutionsReview the changes
from aws_solutions_constructs import ( aws_apigateway_lambda as apigw_lambda, aws_lambda_dynamodb as lambda_ddb)
class HelloConstructsStack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
self.hello_func = _lambda.Function( self, 'HelloHandler', runtime=_lambda.Runtime.PYTHON_3_7, handler='hello.handler', code=_lambda.Code.asset('lambda'), )
# hit counter, aws-lambda-dynamodb pattern self.hit_counter = lambda_ddb.LambdaToDynamoDB( self, 'LambdaToDynamoDB', deploy_lambda=True, lambda_function_props=_lambda.FunctionProps( runtime=_lambda.Runtime.PYTHON_3_7, code=_lambda.Code.asset('lambda'), handler='hitcounter.handler', environment={ 'DOWNSTREAM_FUNCTION_NAME': self.hello_func.function_name } ), dynamo_table_props=ddb.TableProps( table_name='Hits', partition_key={ 'name': 'path', 'type': ddb.AttributeType.STRING } ) )
# grant the hitcounter lambda role invoke permissions to the hello function self.hello_func.grant_invoke(self.hit_counter.lambda_function)
apigw_lambda.ApiGatewayToLambda( self, 'ApiGatewayToLambda', deploy_lambda=False, existing_lambda_obj=self.hit_counter.lambda_function, api_gateway_props=apigw.RestApiProps( default_method_options=apigw.MethodOptions( authorization_type=apigw.AuthorizationType.NONE ) ) )
Review the changesLet’s build our project and review the changes to our resources that will happen when we deploy this:
npm run build
24
AWS Solutions Constructs AWS SolutionsReview the changes
cdk diff
Our output should look like this:
Stack HelloConstructsStackIAM Statement Changes######################################################################################################################################## # Resource # Effect # Action # Principal # Condition ######################################################################################################################################### + # ${HelloHandler.Arn} # Allow # lambda:InvokeFunction # AWS:${LambdaFunctionServiceRole} # ######################################################################################################################################### + # ${HelloHandler/ServiceRole.Arn} # Allow # sts:AssumeRole # Service:lambda.amazonaws.com # ######################################################################################################################################### + # ${LambdaToDynamoDB/DynamoTable.Ar # Allow # dynamodb:BatchGetItem # AWS:${LambdaFunctionServiceRole} # ## # n} # # dynamodb:BatchWriteItem # # ## # # # dynamodb:DeleteItem # # ## # # # dynamodb:GetItem # # ## # # # dynamodb:GetRecords # # ## # # # dynamodb:GetShardIterator # # ## # # # dynamodb:PutItem # # ## # # # dynamodb:Query # # ## # # # dynamodb:Scan # # ## # # # dynamodb:UpdateItem # # ########################################################################################################################################IAM Policy Changes##################################################################################################################### # Resource # Managed Policy ARN ###################################################################################################################### + # ${HelloHandler/ServiceRole} # arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole #####################################################################################################################(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
Resources[+] AWS::IAM::Role HelloHandler/ServiceRole HelloHandlerServiceRole11EF7C63 [+] AWS::Lambda::Function HelloHandler HelloHandler2E4FBA4D [+] AWS::DynamoDB::Table LambdaToDynamoDB/DynamoTable LambdaToDynamoDBDynamoTable53C1442D [+] AWS::IAM::Policy LambdaFunctionServiceRole/DefaultPolicy LambdaFunctionServiceRoleDefaultPolicy126C8897 [~] AWS::Lambda::Function LambdaFunction LambdaFunctionBF21E41F ## [+] Environment # ## {"Variables":{"DOWNSTREAM_FUNCTION_NAME":{"Ref":"HelloHandler2E4FBA4D"},"DDB_TABLE_NAME":{"Ref":"LambdaToDynamoDBDynamoTable53C1442D"}}} ## [~] Handler # ## [-] hello.handler # ## [+] hitcounter.handler ## [~] DependsOn ## @@ -1,3 +1,4 @@
25
AWS Solutions Constructs AWS Solutionscdk deploy
[ ] [ [+] "LambdaFunctionServiceRoleDefaultPolicy126C8897", [ ] "LambdaFunctionServiceRole0C4CDE0B" [ ] ]
cdk deployOkay, ready to deploy?
cdk deploy
Stack outputsWhen deployment is complete, you’ll notice this line:
Outputs:HelloConstructsStack.RestApiEndpoint0551178A = https://xxxxxxxxxx.execute-api.us-east-1.amazonaws.com/prod/
Testing your appLet’s try to hit this endpoint with curl. Copy the URL and execute (your prefix and region will likely bedifferent).
curl https://xxxxxxxxxx.execute-api.us-east-1.amazonaws.com/prod/
Output should look like this:
Hello, AWS Solutions Constructs! You've hit /
Now, let's review the Hits Amazon DynamoDB table.
1. Go to the DynamoDB console.2. Make sure you are in the Region where you created the table.3. Select Tables in the navigation pane and select the Hits table.4. Open the table and select “Items”.5. You should see how many hits you got for each path.
26
AWS Solutions Constructs AWS SolutionsSample Use Cases
6. Try hitting a new path and refresh the Items view. You should see a new item with a hits count ofone.
If this is the output you received, your app works!
Sample Use CasesThis library includes a collection of functional use case implementations to demonstrate the usage ofConstructs architectural patterns. These can be used in the same way as architectural patterns, and canbe conceptualized as an additional "higher-level" abstraction of those patterns. The following use casesare provided as functional examples:
27
AWS Solutions Constructs AWS SolutionsAWS Static S3 Website
AWS Static S3 WebsiteThis use case pattern (aws-s3-static-website) implements an Amazon CloudFront distribution,Amazon S3 bucket, and AWS Lambda-based custom resource to copy the static website content for theWild Rydes demo website (part of the aws-serverless-web-app implementation).
Source Code (aws-s3-static-website)https://github.com/awslabs/aws-solutions-constructs/tree/master/source/use_cases/aws-s3-static-website
AWS Simple Serverless Image HandlerThis use case pattern (aws-serverless-image-handler) implements an Amazon CloudFrontdistribution, an Amazon API Gateway REST API, an AWS Lambda function, and necessary permissions/logic to provision a functional image handler API for serving image content from one or more AmazonS3 buckets within the deployment account.
Source Code (aws-serverless-image-handler)https://github.com/awslabs/aws-solutions-constructs/tree/master/source/use_cases/aws-serverless-image-handler
AWS Serverless Web AppThis use case pattern (aws-serverless-web-app) implements a simple serverless web applicationthat enables users to request unicorn rides from the Wild Rydes fleet. The application will present userswith an HTML based user interface for indicating the location where they would like to be picked up andwill interface on the backend with a RESTful web service to submit the request and dispatch a nearbyunicorn. The application will also provide facilities for users to register with the service and log in beforerequesting rides.
Source Code (aws-serverless-web-app)https://github.com/awslabs/aws-solutions-constructs/tree/master/source/use_cases/aws-serverless-web-app
28
AWS Solutions Constructs AWS SolutionsModules
API ReferenceAWS Solutions Constructs (Constructs) is an open-source extension of the AWS Cloud Development Kit(AWS CDK) that provides multi-service, well-architected patterns for quickly defining solutions in codeto create predictable and repeatable infrastructure. Constructs's goal is to accelerates the experience fordevelopers to build solutions of any size using pattern-based definitions for their architecture.
The patterns defined in Constructs are high level, multi-service abstractions of AWS CDK constructs thathave default configurations based on well-architected best practices. The library is organized into logicalmodules using object-oriented techniques to create each architectural pattern model.
The CDK is available in the following languages:
• JavaScript, TypeScript (Node.js ≥ 10.3.0)• Python (Python ≥ 3.6)• Java (Java ≥ 1.8)
ModulesAWS Solutions Constructs is organized into several modules. They are named like this:
• aws-xxx: Well-architected pattern package for the indicated services. This package will containconstructs that contain multiple AWS CDK service modules to configure the given pattern.
• xxx: Packages that don't start "aws-" are Constructs core modules that are used to configure bestpractice defaults for services used within the pattern library.
Module ContentsModules contain the following types:
• Patterns - All higher-level, multi-services constructs in this library.• Other Types - All non-construct classes, interfaces, structs and enums that exist to support the
patterns.
Patterns take a set of (input) properties in their constructor; the set of properties (and which ones arerequired) can be seen on a pattern's documentation page.
The pattern's documentation page also lists the available methods to call and the properties which canbe used to retrieve information about the pattern after it has been instantiated.
aws-apigateway-dynamodb
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
29
AWS Solutions Constructs AWS SolutionsOverview
Language Package
Python
aws_solutions_constructs.aws_apigateway_dynamodb
Typescript
@aws-solutions-constructs/aws-apigateway-dynamodb
Java
software.amazon.awsconstructs.services.apigatewaydynamodb
OverviewThis AWS Solutions Construct implements an Amazon API Gateway REST API connected to an AmazonDynamoDB table.
Here is a minimal deployable pattern definition in TypeScript:
import { ApiGatewayToDynamoDBProps, ApiGatewayToDynamoDB } from "@aws-solutions-constructs/aws-apigateway-dynamodb";
new ApiGatewayToDynamoDB(this, 'test-api-gateway-dynamodb-default', {});
Initializer
new ApiGatewayToDynamoDB(scope: Construct, id: string, props: ApiGatewayToDynamoDBProps);
Parameters
• scope Construct• id string• props ApiGatewayToDynamoDBProps (p. 30)
Pattern Construct Props
Name Type Description
dynamoTableProps dynamodb.TableProps Optional user provided props tooverride the default props forDynamoDB Table
30
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
apiGatewayProps? api.RestApiProps Optional user-provided props tooverride the default props forthe API Gateway.
allowCreateOperation boolean Whether to deploy API GatewayMethod for Create operation onDynamoDB table.
createRequestTemplate string API Gateway Request templatefor Create method, required ifallowCreateOperation set to true
allowReadOperation boolean Whether to deploy API GatewayMethod for Read operation onDynamoDB table.
allowUpdateOperation boolean Whether to deploy API GatewayMethod for Update operation onDynamoDB table.
updateRequestTemplate string API Gateway Request templatefor Update method, required ifallowUpdateOperation set totrue
allowDeleteOperation boolean Whether to deploy API GatewayMethod for Delete operation onDynamoDB table.
Pattern Properties
Name Type Description
apiGateway api.RestApi Returns an instance of the APIGateway REST API created bythe pattern.
apiGatewayCloudWatchRole iam.Role Returns an instance of the IAMrole created by the pattern thatenables access logging fromthe API Gateway REST API toCloudWatch.
apiGatewayLogGroup logs.LogGroup Returns an instance of the loggroup created by the patternthat API Gateway REST APIaccess logs are sent to.
apiGatewayRole iam.Role Returns an instance of the IAMrole created by the pattern forthe API Gateway REST API.
31
AWS Solutions Constructs AWS SolutionsDefault settings
Name Type Description
dynamoTable dynamodb.Table Returns an instance of theDynamoDB table created by thepattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon API Gateway• Deploy an edge-optimized API endpoint• Enable CloudWatch logging for API Gateway• Configure least privilege access IAM role for API Gateway• Set the default authorizationType for all API methods to IAM• Enable X-Ray tracing
Amazon DynamoDB Table• Set the billing mode for DynamoDB Table to On-Demand (Pay per request)• Enable server-side encryption for DynamoDB Table using AWS managed KMS Key• Creates a partition key called 'id' for DynamoDB Table• Retain the Table when deleting the CloudFormation stack• Enable continuous backups and point-in-time recovery
32
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-apigateway-iot
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_apigateway_iot
Typescript
@aws-solutions-constructs/aws-apigateway-iot
software.amazon.awsconstructs.services.apigatewayiot
33
AWS Solutions Constructs AWS SolutionsOverview
Language Package
Java
OverviewThis AWS Solutions Construct implements an Amazon API Gateway REST API connected to AWS IoTpattern.
This construct creates a scalable HTTPS proxy between API Gateway and AWS IoT. This comes in handywhen wanting to allow legacy devices that do not support the MQTT or MQTT/Websocket protocol tointeract with the AWS IoT platform.
This implementation enables write-only messages to be published on given MQTT topics, and alsosupports shadow updates of HTTPS devices to allowed things in the device registry. It does notinvolve Lambda functions for proxying messages, and instead relies on direct API Gateway to AWS IoTintegration which supports both JSON messages as well as binary messages.
Here is a minimal deployable pattern definition in TypeScript:
import { ApiGatewayToIot } from '@aws-solutions-constructs/aws-apigateway-iot';
new ApiGatewayToIot(this, 'ApiGatewayToIotPattern', { iotEndpoint: 'a1234567890123-ats'});
Initializer
new ApiGatewayToIot(scope: Construct, id: string, props: ApiGatewayToIotProps);
Parameters
• scope Construct• id string• props ApiGatewayToIotProps (p. 34)
Pattern Construct Props
Name Type Description
iotEndpoint string The AWS IoT endpointsubdomain to integratethe API Gateway with (e.ga1234567890123-ats).
apiGatewayCreateApiKey? boolean If set to true, an API Key iscreated and associated to aUsagePlan. User should specify`x-api-key` header whileaccessing RestApi. Default valueset to false.
34
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
apiGatewayExecutionRole? iam.Role The IAM Role used by APIGateway to access AWS IoT. Ifnot specified, a default role iscreated with wildcard ('*') accessto all topics and things.
apiGatewayProps? api.restApiProps Optional user-provided props tooverride the default props forthe API Gateway REST API.
Pattern Properties
Name Type Description
apiGateway api.RestApi Returns an instance of the APIGateway REST API created bythe pattern.
apiGatewayCloudWatchRole iam.Role Returns an instance of the IAMrole created by the pattern thatenables access logging fromthe API Gateway REST API toCloudWatch.
apiGatewayLogGroup logs.LogGroup Returns an instance of the loggroup created by the patternthat API Gateway REST APIaccess logs are sent to.
apiGatewayRole iam.Role Returns an instance of the IAMrole created by the pattern forthe API Gateway REST API.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon API Gateway• Deploy an edge-optimized API endpoint• Creates API Resources with POST Method to publish messages to IoT Topics• Creates API Resources with POST Method to publish messages to ThingShadow and NamedShadows• Enable CloudWatch logging for API Gateway• Configure IAM role for API Gateway with access to all topics and things• Set the default authorizationType for all API methods to IAM• Enable X-Ray Tracing• Creates a UsagePlan and associates to prod stage
Below is a description of the different resources and methods exposed by the API Gateway afterdeploying the Construct. See the Examples (p. 37) section for more information on how to easily testthese endpoints using curl.
35
AWS Solutions Constructs AWS SolutionsDefault settings
Method Resource QueryParameter(s)
Return Code(s) Description
POST /message/<topics>
qos 200/403/500 By calling thisendpoint, youneed to pass thetopics on whichyou would liketo publish (e.g`/message/device/foo`).
POST /shadow/<thingName>
None 200/403/500 This route allowsto update theshadow documentof a thing, givenits thingNameusing Unnamed(classic) shadowtype. The bodyshall comply withthe standardshadow stucturecomprising astate nodeand associateddesired andreportednodes. See theUpdating deviceshadows (p. 37)section for anexample.
POST /shadow/<thingName>/<shadowName>
None 200/403/500 This route allowsto update thenamed shadowdocument of athing, given itsthingName andthe shadowNameusing the Namedshadow type. Thebody shall complywith the standardshadow stucturecomprising astate nodeand associateddesired andreportednodes. See theUpdating namedshadows (p. 38)section for anexample.
36
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
ExamplesThe following examples only work with API_KEY authentication types, since IAM authorization requiresa SIGv4 token to be specified as well, make sure the apiGatewayCreateApiKey property of yourConstruct props is set to true while deploying the stack, otherwise the below examples won't work.
Publishing a messageYou can use curl to publish a message on different MQTT topics using the HTTPS API. The belowexample will post a message on the device/foo topic.
curl -XPOST https://<stage-id>.execute-api.<region>.amazonaws.com/prod/message/device/foo -H "x-api-key: <api-key>" -H "Content-Type: application/json" -d '{"Hello": "World"}'
Note: Replace the stage-id, region, and api-key parameters with your deployment values.
You can chain topic names in the URL and the API accepts up to 7 sub-topics that you can publish on. Forinstance, the below example publishes a message on the topic device/foo/bar/abc/xyz.
curl -XPOST https://<stage-id>.execute-api.<region>.amazonaws.com/prod/message/device/foo/bar/abc/xyz -H "x-api-key: <api-key>" -H "Content-Type: application/json" -d '{"Hello": "World"}'
Updating device shadowsTo update the shadow document associated with a given thing, you can issue a shadow state requestusing a thing name. See the following example on how to update a thing shadow.
37
AWS Solutions Constructs AWS Solutionsaws-apigateway-kinesisstreams
curl -XPOST https://<stage-id>.execute-api.<region>.amazonaws.com/prod/shadow/device1 -H "x-api-key: <api-key>" -H "Content-Type: application/json" -d '{"state": {"desired": { "Hello": "World" }}}'
Updating named shadowsTo update the shadow document associated with a given thing's named shadow, you can issue a shadowstate request using a thing name and shadow name. See the following example on how to update anamed shadow.
curl -XPOST https://<stage-id>.execute-api.<region>.amazonaws.com/prod/shadow/device1/shadow1 -H "x-api-key: <api-key>" -H "Content-Type: application/json" -d '{"state": {"desired": { "Hello": "World" }}}'
Sending binary payloadsIt is possible to send a binary payload to the proxy API, down to the AWS IoT service. In the followingexample, we send the content of the README.md file associated with this module (treated as a binarydata) to device/foo topic using the application/octet-stream content type.
curl -XPOST https://<stage-id>.execute-api.<region>.amazonaws.com/prod/message/device/foo/bar/baz/qux -H "x-api-key: <api-key>" -H "Content-Type: application/octet-stream" --data-binary @README.md
Note: Execute this command while in the directory of this project. You can then test sending other typeof binary files from your file system.
aws-apigateway-kinesisstreams
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_apigateway_kinesisstreams
Typescript
@aws-solutions-constructs/aws-apigateway-kinesisstreams
38
AWS Solutions Constructs AWS SolutionsOverview
Language Package
Java
software.amazon.awsconstructs.services.apigatewaykinesisstreams
OverviewThis pattern implements an Amazon API Gateway REST API connected to an Amazon Kinesis DataStream.
Here is a minimal deployable pattern definition in TypeScript:
import { ApiGatewayToKinesisStreams, ApiGatewayToKinesisStreamsProps } from '@aws-solutions-constructs/aws-apigateway-kinesisstreams';
new ApiGatewayToKinesisStreams(this, 'test-apigw-kinesis', {});
Initializer
new ApiGatewayToKinesisStreams(scope: Construct, id: string, props: ApiGatewayToKinesisStreamsProps);
Parameters
• scope Construct• id string• props ApiGatewayToKinesisStreamsProps (p. 39)
Pattern Construct Props
Name Type Description
apiGatewayProps? api.RestApiProps Optional user-provided props tooverride the default props forthe API Gateway REST API.
putRecordRequestTemplate? string API Gateway request templatefor the PutRecord action. If notprovided, a default one will beused.
putRecordRequestModel? api.ModelOptions API Gateway request modelfor the PutRecord action. If notprovided, a default one will becreated.
39
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
putRecordsRequestTemplate? string API Gateway request templatefor the PutRecords action. If notprovided, a default one will beused.
putRecordRequestModel? api.ModelOptions API Gateway request model forthe PutRecords action. If notprovided, a default one will becreated.
existingStreamObj? kinesis.Stream An optional, existing Kinesisstream to be used insteadof the default stream. If anexisting stream is provided,the kinesisStreamPropsproperty will be ignored.
kinesisStreamProps? kinesis.StreamProps Optional user-provided props tooverride the default props forthe Kinesis stream.
Pattern Properties
Name Type Description
apiGateway api.RestApi Returns an instance of the APIGateway REST API created bythe pattern.
apiGatewayRole iam.Role Returns an instance of the IAMrole created by the pattern forthe API Gateway REST API.
apiGatewayCloudWatchRole iam.Role Returns an instance of the IAMrole created by the pattern thatenables access logging fromthe API Gateway REST API toCloudWatch.
apiGatewayLogGroup logs.LogGroup Returns an instance of the loggroup created by the patternthat API Gateway REST APIaccess logs are sent to.
kinesisStream kinesis.Stream Returns an instance of theKinesis stream created by thepattern.
40
AWS Solutions Constructs AWS SolutionsSample API Usage
Sample API Usage
Method Request Path Request Body Queue Action Description
POST /record{ "data": "Hello World!", "partitionKey": "pk001"}
kinesis:PutRecordWrites a singledata record intothe stream.
POST /records{ "records": [ { "data": "abc", "partitionKey": "pk001" }, { "data": "xyz", "partitionKey": "pk001" } ] }
kinesis:PutRecordsWrites multipledata records intothe stream in asingle call.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon API Gateway• Deploy an edge-optimized API endpoint.• Enable CloudWatch logging for API Gateway.• Configure least privilege access IAM role for API Gateway.• Set the default authorizationType for all API methods to IAM.• Enable X-Ray tracing.• Validate request body before passing data to Kinesis.
Amazon Kinesis Data Stream• Configure least privilege access IAM role for Kinesis stream.• Enable server-side encryption for Kinesis Stream using AWS Managed KMS Key.
41
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-apigateway-lambda
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
42
AWS Solutions Constructs AWS SolutionsOverview
Language Package
Python
aws_solutions_constructs.aws_apigateway_lambda
Typescript
@aws-solutions-constructs/aws-apigateway-lambda
Java
software.amazon.awsconstructs.services.apigatewaylambda
OverviewThis AWS Solutions Construct implements an Amazon API Gateway REST API connected to an AWSLambda function.
Here is a minimal deployable pattern definition in TypeScript:
import { ApiGatewayToLambda } from '@aws-solutions-constructs/aws-apigateway-lambda';
new ApiGatewayToLambda(this, 'ApiGatewayToLambdaPattern', { lambdaFunctionProps: { runtime: lambda.Runtime.NODEJS_10_X, handler: 'index.handler', code: lambda.Code.fromAsset(`${__dirname}/lambda`) }});
Initializer
new ApiGatewayToLambda(scope: Construct, id: string, props: ApiGatewayToLambdaProps);
Parameters
• scope Construct• id string• props ApiGatewayToLambdaProps (p. 44)
43
AWS Solutions Constructs AWS SolutionsPattern Construct Props
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
apiGatewayProps? api.LambdaRestApiProps Optional user-provided props tooverride the default props forthe API.
Pattern Properties
Name Type Description
apiGatewayCloudWatchRole iam.Role Returns an instance of the IAMrole created by the pattern thatenables access logging fromthe API Gateway REST API toCloudWatch.
apiGatewayLogGroup logs.LogGroup Returns an instance of the loggroup created by the patternthat API Gateway REST APIaccess logs are sent to.
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
apiGateway api.LambdaRestApi Returns an instance of the APIGateway REST API created bythe pattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon API Gateway• Deploy an edge-optimized API endpoint
44
AWS Solutions Constructs AWS SolutionsArchitecture
• Enable CloudWatch logging for API Gateway• Configure least privilege access IAM role for API Gateway• Set the default authorizationType for all API methods to IAM• Enable X-Ray tracing
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function• Enable reusing connections with Keep-Alive for NodeJs Lambda function• Enable X-Ray tracing
Architecture
aws-apigateway-sagemakerendpoint
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
45
AWS Solutions Constructs AWS SolutionsOverview
Language Package
Python
aws_solutions_constructs.aws_apigateway_sagemakerendpoint
Typescript
@aws-solutions-constructs/aws-apigateway-sagemakerendpoint
Java
software.amazon.awsconstructs.services.apigatewaysagemakerendpoint
OverviewThis AWS Solutions Construct implements an Amazon API Gateway REST API connected to an AmazonSageMaker endpoint.
Here is a minimal deployable pattern definition in TypeScript:
import { ApiGatewayToSageMakerEndpoint, ApiGatewayToSageMakerEndpointProps } from '@aws-solutions-constructs/aws-apigateway-sagemakerendpoint';
// Below is an example VTL (Velocity Template Language) mapping template for mapping the Api GET request to the Sagemaker POST requestconst requestTemplate =`{ "instances": [#set( $user_id = $input.params("user_id") )#set( $items = $input.params("items") )#foreach( $item in $items.split(",") ) {"in0": [$user_id], "in1": [$item]}#if( $foreach.hasNext ),#end $esc.newline#end ]}`;
// Replace 'my-endpoint' with your Sagemaker Inference Endpointnew ApiGatewayToSageMakerEndpoint(this, 'test-apigw-sagemakerendpoint', { endpointName: 'my-endpoint', resourcePath: '{user_id}', requestMappingTemplate: requestTemplate});
Initializer
new ApiGatewayToSageMakerEndpoint(scope: Construct, id: string, props: ApiGatewayToSageMakerEndpointProps);
46
AWS Solutions Constructs AWS SolutionsPattern Construct Props
Parameters
• scope Construct• id string• props ApiGatewayToSageMakerEndpointProps (p. 47)
Pattern Construct Props
Name Type Description
apiGatewayProps? api.RestApiProps Optional user-provided props tooverride the default props forthe API Gateway REST API.
apiGatewayExecutionRole? iam.Role IAM Role used by API Gatewayto invoke the SageMakerendpoint. If not specified, adefault role is created withaccess to endpointName.
endpointName string Name of the deployedSageMaker inference endpoint.
resourceName? string Optional resource namewhere the GET method will beavailable.
resourcePath string Resource path for the GETmethod. The variable definedhere can be referenced inrequestMappingTemplate.
requestMappingTemplate string Mapping template to convertGET requests received on theREST API to POST requestsexpected by the SageMakerendpoint.
responseMappingTemplate? string Optional mapping template toconvert responses received fromthe SageMaker endpoint.
Pattern Properties
Name Type Description
apiGateway api.LambdaRestApi Returns an instance of the APIGateway REST API created bythe pattern.
apiGatewayRole iam.Role Returns an instance of the IAMrole created by the pattern forthe API Gateway REST API.
47
AWS Solutions Constructs AWS SolutionsSample API Usage
Name Type Description
apiGatewayCloudWatchRole iam.Role Returns an instance of the IAMrole created by the pattern thatenables access logging fromthe API Gateway REST API toCloudWatch.
apiGatewayLogGroup logs.LogGroup Returns an instance of the loggroup created by the patternthat API Gateway REST APIaccess logs are sent to.
Sample API UsageNote: Each SageMaker endpoint is unique, and the response from the API will depend on the deployedmodel. The example given below assumes the sample from this blog post. For a reference on how that'dbe implemented, please refer to integ.apigateway-sagemakerendpoint-overwrite.ts.
Method Request Path Query String SageMaker Action Description
GET /321 items=101,131,162sagemaker:InvokeEndpointRetrieves thepredictions for aspecific user anditems.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon API Gateway• Deploy an edge-optimized API endpoint• Enable CloudWatch logging for API Gateway• Configure least privilege access IAM role for API Gateway• Set the default authorizationType for all API methods to IAM• Enable X-Ray tracing• Validate request parameters before passing data to SageMaker
48
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-apigateway-sqs
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
49
AWS Solutions Constructs AWS SolutionsOverview
Language Package
Python
aws_solutions_constructs.aws_apigateway_sqs
Typescript
@aws-solutions-constructs/aws-apigateway-sqs
Java
software.amazon.awsconstructs.services.apigatewaysqs
OverviewThis AWS Solutions Construct implements an Amazon API Gateway REST API connected to an AmazonSQS queue.
Here is a minimal deployable pattern definition in TypeScript:
import { ApiGatewayToSqs, ApiGatewayToSqsProps } from "@aws-solutions-constructs/aws-apigateway-sqs";
new ApiGatewayToSqs(this, 'ApiGatewayToSqsPattern', {});
Initializer
new ApiGatewayToSqs(scope: Construct, id: string, props: ApiGatewayToSqsProps);
Parameters
• scope Construct• id string• props ApiGatewayToSqsProps (p. 50)
Pattern Construct Props
Name Type Description
apiGatewayProps? api.RestApiProps Optional user-provided props tooverride the default props forthe API Gateway.
50
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
queueProps? sqs.QueueProps Optional user-provided props tooverride the default props forthe queue.
deployDeadLetterQueue? boolean Whether to deploy a secondaryqueue to be used as a deadletter queue. Defaults to true.
maxReceiveCount number The number of times a messagecan be unsuccessfully dequeuedbefore being moved to the deadletter queue.
allowCreateOperation? boolean Whether to deploy an APIGateway Method for Createoperations on the queue (i.e.sqs:SendMessage).
createRequestTemplate? string Override the default APIGateway request templatefor the Create method, ifallowCreateOperation is setto true.
allowReadOperation? boolean Whether to deploy an APIGateway Method for Readoperations on the queue (i.e.sqs:ReceiveMessage).
readRequestTemplate? string Override the default APIGateway request templatefor the Read method, ifallowReadOperation is set totrue.
allowDeleteOperation? boolean Whether to deploy an APIGateway Method for Deleteoperations on the queue (i.e.sqs:DeleteMessage).
deleteRequestTemplate? string Override the default APIGateway request templatefor the Delete method, ifallowDeleteOperation is setto true.
Pattern Properties
Name Type Description
apiGateway api.RestApi Returns an instance of the APIGateway REST API created bythe pattern.
51
AWS Solutions Constructs AWS SolutionsSample API Usage
Name Type Description
apiGatewayCloudWatchRole iam.Role Returns an instance of the IAMrole created by the pattern thatenables access logging fromthe API Gateway REST API toCloudWatch.
apiGatewayLogGroup logs.LogGroup Returns an instance of the loggroup created by the patternthat API Gateway REST APIaccess logs are sent to.
apiGatewayRole iam.Role Returns an instance of the IAMrole created by the pattern forthe API Gateway REST API.
deadLetterQueue? sqs.Queue Returns an instance of the deadletter queue created by thepattern, if one is deployed.
sqsQueue sqs.Queue Returns an instance of the SQSqueue created by the pattern.
Sample API Usage
Method Request Path Request Body Queue Action Description
GET / sqs::ReceiveMessageRetrieves amessage from thequeue.
POST / { "data":"HelloWorld!" }
sqs::SendMessageDelivers a messageto the queue.
DELETE /message?receiptHandle=[value]
sqs::DeleteMessageDeletes a specifiedmessage from thequeue
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon API Gateway• Deploy an edge-optimized API endpoint• Enable CloudWatch logging for API Gateway• Configure least privilege access IAM role for API Gateway• Set the default authorizationType for all API methods to IAM• Enable X-Ray tracing
52
AWS Solutions Constructs AWS SolutionsArchitecture
Amazon SQS Queue• Deploy SQS dead-letter queue for the source SQS Queue• Enable server-side encryption for source SQS Queue using AWS managed KMS Key• Enforce encryption of data in transit
Architecture
aws-cloudfront-apigateway
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_cloudfront_apigateway
53
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Typescript
@aws-solutions-constructs/aws-cloudfront-apigateway
Java
software.amazon.awsconstructs.services.cloudfrontapigateway
This AWS Solutions Construct implements an Amazon CloudFront distribution in front of an Amazon APIGateway REST API.
Here is a minimal deployable pattern definition in TypeScript:
import * as api from '@aws-cdk/aws-apigateway';import * as lambda from "@aws-cdk/aws-lambda";import { CloudFrontToApiGateway } from '@aws-solutions-constructs/aws-cloudfront-apigateway'; const lambdaProps: lambda.FunctionProps = { code: lambda.Code.fromAsset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler'};
const lambdafunction = new lambda.Function(this, 'LambdaFunction', lambdaProps);
const apiGatewayProps: api.LambdaRestApiProps = { handler: lambdafunction, endpointConfiguration: { types: [api.EndpointType.REGIONAL] }, defaultMethodOptions: { authorizationType: api.AuthorizationType.NONE }};
const apiGateway = new api.LambdaRestApi(this, 'LambdaRestApi', apiGatewayProps);
new CloudFrontToApiGateway(this, 'test-cloudfront-apigateway', { existingApiGatewayObj: apiGateway});
Initializer
new CloudFrontToApiGateway(scope: Construct, id: string, props: CloudFrontToApiGatewayProps);
Parameters
• scope Construct
54
AWS Solutions Constructs AWS SolutionsPattern Construct Props
• id string• props CloudFrontToApiGatewayProps (p. 55)
Pattern Construct Props
Name Type Description
existingApiGatewayObj api.RestApi The regional API Gatewaythat will be fronted with theCloudFront
cloudFrontDistributionProps? cloudfront.CloudFrontWebDistributionPropsOptional user-provided props tooverride the default props forCloudFront Distribution
insertHttpSecurityHeaders? boolean Optional user provided propsto turn on/off the automaticinjection of best practice HTTPsecurity headers in all responsesfrom CloudFront
Pattern Properties
Name Type Description
apiGateway api.RestApi Returns an instance of the APIGateway REST API created bythe pattern.
cloudFrontLoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the CloudFront webdistribution.
cloudFrontWebDistribution cloudfront.CloudFrontWebDistributionReturns an instance of theCloudFront web distributioncreated by the pattern.
edgeLambdaFunctionVersion? lambda.Version Returns an instance of theLambda edge function versioncreated by the pattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon CloudFront• Configure Access logging for CloudFront WebDistribution• Enable automatic injection of best practice HTTP security headers in all responses from CloudFront
WebDistribution
55
AWS Solutions Constructs AWS SolutionsArchitecture
Amazon API Gateway• User provided API Gateway object is used as-is• Enable X-Ray tracing
Architecture
aws-cloudfront-apigateway-lambda
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
aws_solutions_constructs.aws_cloudfront_apigateway_lambda
56
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Python
Typescript
@aws-solutions-constructs/aws-cloudfront-apigateway-lambda
Java
software.amazon.awsconstructs.services.cloudfrontapigatewaylambda
This AWS Solutions Construct implements an Amazon CloudFront distribution in front of an Amazon APIGateway Lambda-backed REST API.
Here is a minimal deployable pattern definition in TypeScript:
import { CloudFrontToApiGatewayToLambda } from '@aws-solutions-constructs/aws-cloudfront-apigateway-lambda';
new CloudFrontToApiGatewayToLambda(this, 'test-cloudfront-apigateway-lambda', { lambdaFunctionProps: { code: lambda.Code.fromAsset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler' }});
Initializer
new CloudFrontToApiGatewayToLambda(scope: Construct, id: string, props: CloudFrontToApiGatewayToLambdaProps);
Parameters
• scope Construct• id string• props CloudFrontToApiGatewayToLambdaProps (p. 57)
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,
57
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
apiGatewayProps? api.LambdaRestApiProps Optional user provided props tooverride the default props forAPI Gateway
cloudFrontDistributionProps? cloudfront.CloudFrontWebDistributionPropsOptional user provided props tooverride the default props forCloudFront Distribution
insertHttpSecurityHeaders? boolean Optional user provided propsto turn on/off the automaticinjection of best practice HTTPsecurity headers in all responsesfrom CloudFront
Pattern Properties
Name Type Description
apiGateway api.RestApi Returns an instance of the APIGateway REST API created bythe pattern.
apiGatewayCloudWatchRole iam.Role Returns an instance of the IAMrole created by the pattern thatenables access logging fromthe API Gateway REST API toCloudWatch.
apiGatewayLogGroup logs.LogGroup Returns an instance of the loggroup created by the patternthat API Gateway REST APIaccess logs are sent to.
cloudFrontLoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the CloudFront webdistribution.
cloudFrontWebDistribution cloudfront.CloudFrontWebDistributionReturns an instance of theCloudFront web distributioncreated by the pattern.
edgeLambdaFunctionVersion? lambda.Version Returns an instance of theLambda edge function versioncreated by the pattern.
58
AWS Solutions Constructs AWS SolutionsDefault settings
Name Type Description
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon CloudFront• Configure Access logging for CloudFront WebDistribution• Enable automatic injection of best practice HTTP security headers in all responses from CloudFront
WebDistribution
Amazon API Gateway• Deploy a regional API endpoint• Enable CloudWatch logging for API Gateway• Configure least privilege access IAM role for API Gateway• Set the default authorizationType for all API methods to IAM• Enable X-Ray tracing
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function• Enable reusing connections with Keep-Alive for NodeJs Lambda function• Enable X-Ray tracing
59
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-cloudfront-mediastore
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_cloudfront_mediastore
Typescript
@aws-solutions-constructs/aws-cloudfront-mediastore
Java
software.amazon.awsconstructs.services.cloudfrontmediastore
This AWS Solutions Construct implements an Amazon CloudFront distribution connected to an AWSElemental MediaStore container.
60
AWS Solutions Constructs AWS SolutionsInitializer
Here is a minimal deployable pattern definition in TypeScript:
import { CloudFrontToMediaStore } from '@aws-solutions-constructs/aws-cloudfront-mediastore';
new CloudFrontToMediaStore(this, 'test-cloudfront-mediastore-default', {});
Initializer
new CloudFrontToMediaStore(scope: Construct, id: string, props: CloudFrontToMediaStoreProps);
Parameters
• scope Construct• id string• props CloudFrontToMediaStoreProps (p. 61)
Pattern Construct Props
Name Type Description
existingMediaStoreContainerObj? mediastore.CfnContainer Optional user-providedMediaStore container tooverride the default MediaStorecontainer.
mediaStoreContainerProps? mediastore.CfnContainerPropsOptional user-provided props tooverride the default props forthe MediaStore Container.
cloudFrontDistributionProps? cloudfront.DistributionProps| any
Optional user-provided props tooverride the default props forthe CloudFront Distribution.
insertHttpSecurityHeaders? boolean Optional user-provided propsto turn on/off the automaticinjection of best practice HTTPsecurity headers in all responsesfrom CloudFront.
Pattern Properties
Name Type Description
cloudFrontWebDistribution cloudfront.CloudFrontWebDistributionReturns an instance of theCloudFront web distributioncreated by the pattern.
61
AWS Solutions Constructs AWS SolutionsDefault settings
Name Type Description
mediaStoreContainer mediastore.CfnContainer Returns an instance of theMediaStore container created bythe pattern.
cloudFrontLoggingBucket s3.Bucket Returns an instance of thelogging bucket created by thepattern for the CloudFront webdistribution.
cloudFrontOriginRequestPolicy cloudfront.OriginRequestPolicyReturns an instance of theCloudFront origin request policycreated by the pattern for theCloudFront web distribution.
cloudFrontOriginAccessIdentity? cloudfront.OriginAccessIdentityReturns an instance of theCloudFront origin access identitycreated by the pattern for theCloudFront web distribution.
edgeLambdaFunctionVersion lambda.Version Returns an instance of theLambda edge function versioncreated by the pattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon CloudFront• Configure access logging for CloudFront web distribution• Enable CloudFront origin request policy for AWS Elemental MediaStore container• Set User-Agent custom header with CloudFront origin access identity• Enable automatic injection of best practice HTTP security headers in all responses from CloudFront
web distribution
AWS Elemental MediaStore• Set the deletion policy to retain the resource• Set the container name with the CloudFormation stack name• Set the default container Cross-origin resource sharing (CORS) policy• Set the default object lifecycle policy• Set the default container policy to allow only aws:UserAgent with CloudFront origin access identity• Set the default metric policy• Enable access logging
62
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-cloudfront-s3
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_cloudfront_s3
Typescript
@aws-solutions-constructs/aws-cloudfront-s3
63
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Java
software.amazon.awsconstructs.services.cloudfronts3
This AWS Solutions Construct implements an Amazon CloudFront distribution in front of an Amazon S3bucket.
Here is a minimal deployable pattern definition in TypeScript:
import { CloudFrontToS3 } from '@aws-solutions-constructs/aws-cloudfront-s3';
new CloudFrontToS3(this, 'test-cloudfront-s3', {});
Initializer
new CloudFrontToS3(scope: Construct, id: string, props: CloudFrontToS3Props);
Parameters
• scope Construct• id string• props CloudFrontToS3Props (p. 64)
Pattern Construct Props
Name Type Description
existingBucketObj? s3.Bucket An optional, existing bucket tobe used instead of the defaultbucket. If an existing bucket isprovided, the bucketPropsproperty will be ignored.
bucketProps? s3.BucketProps Optional user-providedproperties to overridethe default properties forthe bucket. Ignored if anexistingBucketObj isprovided.
cloudFrontDistributionProps? cloudfront.CloudFrontWebDistributionPropsOptional user provided props tooverride the default props forCloudFront Distribution
insertHttpSecurityHeaders? boolean Optional user provided propsto turn on/off the automatic
64
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
injection of best practice HTTPsecurity headers in all responsesfrom CloudFront
Pattern Properties
Name Type Description
cloudFrontWebDistribution cloudfront.CloudFrontWebDistributionReturns an instance of theCloudFront web distributioncreated by the pattern.
s3Bucket? s3.Bucket Returns an instance of the S3bucket created by the pattern.
s3LoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the S3 bucket.
edgeLambdaFunctionVersion? lambda.Version Returns an instance of theLambda edge function versioncreated by the pattern.
cloudFrontLoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the CloudFront webdistribution.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon CloudFront• Configure Access logging for CloudFront WebDistribution• Enable automatic injection of best practice HTTP security headers in all responses from CloudFront
WebDistribution
Amazon S3 Bucket• Configure Access logging for S3 Bucket• Enable server-side encryption for S3 Bucket using AWS managed KMS Key• Turn on the versioning for S3 Bucket• Don't allow public access for S3 Bucket• Retain the S3 Bucket when deleting the CloudFormation stack• Enforce encryption of data in transit• Applies lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
65
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-cognito-apigateway-lambda
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_cognito_apigateway_lambda
Typescript
@aws-solutions-constructs/aws-cognito-apigateway-lambda
Java
software.amazon.awsconstructs.services.cognitoapigatewaylambda
This AWS Solutions Construct implements Amazon Cognito securing an Amazon API Gateway Lambda-backed REST API.
66
AWS Solutions Constructs AWS SolutionsInitializer
Here is a minimal deployable pattern definition in TypeScript:
import { CognitoToApiGatewayToLambda } from '@aws-solutions-constructs/aws-cognito-apigateway-lambda';
new CognitoToApiGatewayToLambda(this, 'test-cognito-apigateway-lambda', { lambdaFunctionProps: { code: lambda.Code.fromAsset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler' }});
If you are defining resources and methods on your API (e.g. proxy = false), you must call theaddAuthorizers() method after the API is fully defined. This ensures that every method in your API isprotected.
Here is an example in TypeScript:
import { CognitoToApiGatewayToLambda } from '@aws-solutions-constructs/aws-cognito-apigateway-lambda';
const construct = new CognitoToApiGatewayToLambda(this, 'test-cognito-apigateway-lambda', { lambdaFunctionProps: { code: lambda.Code.fromAsset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler' }, apiGatewayProps: { proxy: false }});
const resource = construct.apiGateway.root.addResource('foobar');resource.addMethod('POST');
// Mandatory to call this method to Apply the Cognito Authorizers on all API methodsconstruct.addAuthorizers();
Initializer
new CognitoToApiGatewayToLambda(scope: Construct, id: string, props: CognitoToApiGatewayToLambdaProps);
Parameters
• scope Construct• id string• props CognitoToApiGatewayToLambdaProps (p. 68)
67
AWS Solutions Constructs AWS SolutionsPattern Construct Props
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
apiGatewayProps? api.LambdaRestApiProps Optional user provided props tooverride the default props forAPI Gateway
cognitoUserPoolProps? cognito.UserPoolProps Optional user provided props tooverride the default props forCognito User Pool
cognitoUserPoolClientProps? cognito.UserPoolClientPropsOptional user provided props tooverride the default props forCognito User Pool Client
Pattern Properties
Name Type Description
apiGateway api.RestApi Returns an instance of the APIGateway REST API created bythe pattern.
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
userPool cognito.UserPool Returns an instance of theCognito user pool created by thepattern.
userPoolClient cognito.UserPoolClient Returns an instance of theCognito user pool client createdby the pattern.
apiGatewayCloudWatchRole iam.Role Returns an instance of the IAMrole created by the pattern thatenables access logging fromthe API Gateway REST API toCloudWatch.
68
AWS Solutions Constructs AWS SolutionsDefault settings
Name Type Description
apiGatewayLogGroup logs.LogGroup Returns an instance of the loggroup created by the patternthat API Gateway REST APIaccess logs are sent to.
apiGatewayAuthorizer api.CfnAuthorizer Returns an instance of the APIGateway authorizer created bythe pattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon Cognito• Set password policy for User Pools• Enforce the advanced security mode for User Pools
Amazon API Gateway• Deploy an edge-optimized API endpoint• Enable CloudWatch logging for API Gateway• Configure least privilege access IAM role for API Gateway• Set the default authorizationType for all API methods to IAM• Enable X-Ray tracing
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function• Enable reusing connections with Keep-Alive for NodeJs Lambda function• Enable X-Ray tracing
69
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-dynamodb-stream-lambda
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
70
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Python
aws_solutions_constructs.aws_dynamodb_stream_lambda
Typescript
@aws-solutions-constructs/aws-dynamodb-stream-lambda
Java
software.amazon.awsconstructs.services.dynamodbstreamlambda
This AWS Solutions Construct implements a pattern Amazon DynamoDB table with stream to invoke theAWS Lambda function with the least privileged permissions.
Here is a minimal deployable pattern definition:
import { DynamoDBStreamToLambdaProps, DynamoDBStreamToLambda} from '@aws-solutions-constructs/aws-dynamodb-stream-lambda';
new DynamoDBStreamToLambda(this, 'test-dynamodb-stream-lambda', { lambdaFunctionProps: { code: lambda.Code.fromAsset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler' },});
Initializer
new DynamoDBStreamToLambda(scope: Construct, id: string, props: DynamoDBStreamToLambdaProps);
Parameters
• scope Construct• id string• props DynamoDBStreamToLambdaProps (p. 71)
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used instead
71
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
of the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
dynamoTableProps? dynamodb.TableProps Optional user provided props tooverride the default props forDynamoDB Table
existingTableObj? dynamodb.Table Existing instance of DynamoDBTable. If this is set, then thedynamoTableProps is ignored.
dynamoEventSourceProps? aws-lambda-event-sources.DynamoEventSourceProps
Optional user provided props tooverride the default props forDynamoDB Event Source
Pattern Properties
Name Type Description
dynamoTable dynamodb.Table Returns an instance of theDynamoDB table created by thepattern.
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
Lambda functionThis pattern requires a Lambda function that can post data into the Elasticsearch service from theDynamoDB stream. A sample function is provided here.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon DynamoDB Table• Set the billing mode for DynamoDB Table to On-Demand (Pay per request)• Enable server-side encryption for DynamoDB Table using AWS managed KMS Key• Creates a partition key called 'id' for DynamoDB Table• Retain the Table when deleting the CloudFormation stack
72
AWS Solutions Constructs AWS SolutionsArchitecture
• Enable continuous backups and point-in-time recovery
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function• Enable reusing connections with Keep-Alive for NodeJs Lambda function• Enable X-Ray tracing• Enable Failure-Handling features: enable bisect on function Error; set default Maximum Record
Age (24 hours); set default Maximum Retry Attempts (500); and deploy SQS dead-letter queue asdestination on failure
Architecture
aws-dynamodb-stream-lambda-elasticsearch-kibana
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
73
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Python
aws_solutions_constructs.aws_dynamodb_stream_lambda_elasticsearch_kibana
Typescript
@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana
Java
software.amazon.awsconstructs.services.dynamodbstreamlambdaelasticsearchkibana
This AWS Solutions Construct implements Amazon DynamoDB table with stream, an AWS Lambdafunction, and an Amazon Elasticsearch Service with the least privileged permissions.
Here is a minimal deployable pattern definition in TypeScript:
import { DynamoDBStreamToLambdaToElasticSearchAndKibana, DynamoDBStreamToLambdaToElasticSearchAndKibanaProps } from '@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana';import { Aws } from "@aws-cdk/core";
const props: DynamoDBStreamToLambdaToElasticSearchAndKibanaProps = { lambdaFunctionProps: { code: lambda.Code.fromAsset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler' }, domainName: 'test-domain', // TODO: Ensure the Cognito domain name is globally unique cognitoDomainName: 'globallyuniquedomain' + Aws.ACCOUNT_ID;};
new DynamoDBStreamToLambdaToElasticSearchAndKibana(this, 'test-dynamodb-stream-lambda-elasticsearch-kibana', props);
Initializer
new DynamoDBStreamToLambdaToElasticSearchAndKibana(scope: Construct, id: string, props: DynamoDBStreamToLambdaToElasticSearchAndKibanaProps);
Parameters
• scope Construct• id string• props DynamoDBStreamToLambdaToElasticSearchAndKibanaProps (p. 75)
74
AWS Solutions Constructs AWS SolutionsPattern Construct Props
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
dynamoTableProps? dynamodb.TableProps Optional user provided props tooverride the default props forDynamoDB Table
existingTableObj? dynamodb.Table Existing instance of DynamoDBTable. If this is set, then thedynamoTableProps is ignored.
dynamoEventSourceProps? aws-lambda-event-sources.DynamoEventSourceProps
Optional user provided props tooverride the default props forDynamoDB Event Source
esDomainProps? elasticsearch.CfnDomainPropsOptional user provided propsto override the default propsfor the Amazon ElasticsearchService
domainName string Domain name for the Cognitoand the Amazon ElasticsearchService
createCloudWatchAlarms boolean Whether to createrecommended CloudWatchalarms.
Pattern Properties
Name Type Description
cloudwatchAlarms? cloudwatch.Alarm[] Returns a list of one or moreCloudWatch alarms created bythe pattern.
dynamoTable dynamodb.Table Returns an instance of theDynamoDB table created by thepattern.
75
AWS Solutions Constructs AWS SolutionsLambda function
Name Type Description
elasticsearchDomain elasticsearch.CfnDomain Returns an instance of theElasticsearch domain created bythe pattern.
identityPool cognito.CfnIdentityPool Returns an instance of theCognito identity pool created bythe pattern.
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
userPool cognito.UserPool Returns an instance of theCognito user pool created by thepattern.
userPoolClient cognito.UserPoolClient Returns an instance of theCognito user pool client createdby the pattern.
Lambda functionThis pattern requires a Lambda function that can post data into the Elasticsearch service from theDynamoDB stream. A sample function is provided here.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon DynamoDB Table• Set the billing mode for DynamoDB Table to On-Demand (Pay per request)• Enable server-side encryption for DynamoDB Table using AWS managed KMS Key• Creates a partition key called 'id' for DynamoDB Table• Retain the Table when deleting the CloudFormation stack• Enable continuous backups and point-in-time recovery
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function• Enable reusing connections with Keep-Alive for NodeJs Lambda function• Enable X-Ray tracing• Enable Failure-Handling features: enable bisect on function Error; set default Maximum Record
Age (24 hours); set default Maximum Retry Attempts (500); and deploy SQS dead-letter queue asdestination on failure
Amazon Cognito• Set password policy for User Pools• Enforce the advanced security mode for User Pools
76
AWS Solutions Constructs AWS SolutionsArchitecture
Amazon Elasticsearch Service• Deploy best practices CloudWatch Alarms for the Elasticsearch Domain• Secure the Kibana dashboard access with Cognito User Pools• Enable server-side encryption for Elasticsearch Domain using AWS managed KMS Key• Enable node-to-node encryption for Elasticsearch Domain• Configure the cluster for the Amazon ES domain
Architecture
aws-events-rule-kinesisfirehose-s3
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
77
AWS Solutions Constructs AWS SolutionsOverview
Language Package
Python
aws_solutions_constructs.aws_events_rule_kinesisfirehose_s3
Typescript
@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3
Java
software.amazon.awsconstructs.services.eventsrulekinesisfirehoses3
OverviewThis AWS Solutions Construct implements an Amazon CloudWatch Events rule to send data to anAmazon Kinesis Data Firehose delivery stream connected to an Amazon S3 bucket.
Here is a minimal deployable pattern definition in TypeScript:
import * as cdk from '@aws-cdk/core';import { EventsRuleToKinesisFirehoseToS3, EventsRuleToKinesisFirehoseToS3Props } from '@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3';
const eventsRuleToKinesisFirehoseToS3Props: EventsRuleToKinesisFirehoseToS3Props = { eventRuleProps: { schedule: events.Schedule.rate(cdk.Duration.minutes(5)) }};
new EventsRuleToKinesisFirehoseToS3(this, 'test-events-rule-firehose-s3', eventsRuleToKinesisFirehoseToS3Props);
Initializer
new EventsRuleToKinesisFirehoseToS3(scope: Construct, id: string, props: EventsRuleToKinesisFirehoseToS3Props);
Parameters
• scope Construct• id string• props EventsRuleToKinesisFirehoseToS3Props (p. 79)
78
AWS Solutions Constructs AWS SolutionsPattern Construct Props
Pattern Construct Props
Name Type Description
eventRuleProps events.RuleProps User-provided properties tooverride the default propertiesfor the CloudWatch Events rule.
kinesisFirehoseProps? aws-kinesisfirehose.CfnDeliveryStreamProps
Optional user provided props tooverride the default props forKinesis Firehose Delivery Stream.
existingBucketObj? s3.Bucket An optional, existing S3 bucketto be used instead of the defaultbucket. If an existing bucket isprovided, the bucketPropsproperty will be ignored.
bucketProps? s3.BucketProps Optional user-provided props tooverride the default props forthe S3 bucket.
Pattern Properties
Name Type Description
eventsRule events.Rule Returns an instance of theEvents rule created by thepattern.
kinesisFirehose kinesisfirehose.CfnDeliveryStreamReturns an instance of theKinesis Firehose delivery streamcreated by the pattern.
s3Bucket s3.Bucket Returns an instance of the S3bucket created by the pattern.
s3LoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the S3 bucket.
eventsRole? iam.Role Returns an instance of the rolecreated by the construct for theCloudWatch Events rule.
kinesisFirehoseRole iam.Role Returns an instance of the IAMrole created by the pattern forthe Kinesis Firehose deliverystream.
kinesisFirehoseLogGroup logs.LogGroup Returns an instance of the loggroup created by the patternthat Kinesis Firehose access logsare sent to.
79
AWS Solutions Constructs AWS SolutionsDefault settings
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon CloudWatch Events rule• Configure least privilege access IAM role for Events Rule to publish to the Kinesis Firehose Delivery
Stream.
Amazon Kinesis Firehose• Enable CloudWatch logging for Kinesis Firehose.• Configure least privilege access IAM role for Amazon Kinesis Firehose.
Amazon S3 bucket• Configure access logging for bucket.• Enable server-side encryption for bucket using AWS managed KMS Key.• Turn on the versioning for the bucket.• Don't allow public access for the bucket.• Retain the bucket when deleting the CloudFormation stack.• Applies lifecycle rule to move noncurrent object versions to Glacier storage after 90 days.
Architecture
80
AWS Solutions Constructs AWS Solutionsaws-events-rule-kinesisstreams
aws-events-rule-kinesisstreams
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_events_rule_kinesisstream
Typescript
@aws-solutions-constructs/aws-events-rule-kinesisstreams
Java
software.amazon.awsconstructs.services.eventsrulekinesisstream
OverviewThis AWS Solutions Construct implements an Amazon CloudWatch Events rule to send data to anAmazon Kinesis Data Stream.
Here is a minimal deployable pattern definition in TypeScript:
import * as cdk from '@aws-cdk/core';import {EventsRuleToKinesisStreams, EventsRuleToKinesisStreamsProps} from "@aws-solutions-constructs/aws-events-rule-kinesisstreams";
const props: EventsRuleToKinesisStreamsProps = { eventRuleProps: { schedule: events.Schedule.rate(Duration.minutes(5)), }};
new EventsRuleToKinesisStreams(this, 'test-events-rule-kinesis-stream', props);
Initializer
new EventsRuleToKinesisStreams(scope: Construct, id: string, props: EventsRuleToKinesisStreamsProps);
81
AWS Solutions Constructs AWS SolutionsPattern Construct Props
Parameters
• scope Construct• id string• props EventsRuleToKinesisStreamsProps (p. 82)
Pattern Construct Props
Name Type Description
eventRuleProps events.RuleProps User-provided properties tooverride the default propertiesfor the CloudWatch Events rule.
existingStreamObj? kinesis.Stream An optional, existing Kinesisstream to be used insteadof the default stream. If anexisting stream is provided,the kinesisStreamPropsproperty will be ignored.
kinesisStreamProps? kinesis.StreamProps Optional user-provided props tooverride the default props forthe Kinesis stream.
createCloudWatchAlarms boolean Whether to createrecommended CloudWatchalarms.
Pattern Properties
Name Type Description
eventsRule events.Rule Returns an instance of theEvents rule created by thepattern.
kinesisStream kinesis.Stream Returns an instance of theKinesis stream created by thepattern.
eventsRole? iam.Role Returns an instance of the rolecreated by the construct for theCloudWatch Events rule.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon CloudWatch Events rule• Configure least privilege access IAM role for Events Rule to publish to the Kinesis Data Stream.
82
AWS Solutions Constructs AWS SolutionsArchitecture
Amazon Kinesis Stream• Enable server-side encryption for Kinesis Data Stream using AWS Managed KMS Key.
Architecture
aws-events-rule-lambda
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_events_rule_lambda
Typescript
@aws-solutions-constructs/aws-events-rule-lambda
83
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Java
software.amazon.awsconstructs.services.eventsrulelambda
This AWS Solutions Construct implements an AWS Events rule and an AWS Lambda function.
Here is a minimal deployable pattern definition in TypeScript:
const { EventsRuleToLambdaProps, EventsRuleToLambda } from '@aws-solutions-constructs/aws-events-rule-lambda';
const props: EventsRuleToLambdaProps = { lambdaFunctionProps: { code: lambda.Code.fromAsset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler' }, eventRuleProps: { schedule: events.Schedule.rate(Duration.minutes(5)) }};
new EventsRuleToLambda(this, 'test-events-rule-lambda', props);
Initializer
new EventsRuleToLambda(scope: Construct, id: string, props: EventsRuleToLambdaProps);
Parameters
• scope Construct• id string• props EventsRuleToLambdaProps (p. 84)
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps lambda.FunctionProps Optional user-providedproperties to override the
84
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
default properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
eventRuleProps events.RuleProps User provided eventRuleProps tooverride the defaults
Pattern Properties
Name Type Description
eventsRule events.Rule Returns an instance of theEvents rule created by thepattern.
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon CloudWatch Events Rule• Grant least privilege permissions to CloudWatch Events to trigger the Lambda Function
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function• Enable reusing connections with Keep-Alive for NodeJs Lambda function• Enable X-Ray tracing
85
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-events-rule-sns
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_events_rule_sns
Typescript
@aws-solutions-constructs/aws-events-rule-sns
software.amazon.awsconstructs.services.eventsrulesns
86
AWS Solutions Constructs AWS SolutionsOverview
Language Package
Java
OverviewThis pattern implements an Amazon CloudWatch Events rule connected to an Amazon SNS topic.
Here is a minimal deployable pattern definition:
import { Duration } from '@aws-cdk/core';import * as events from '@aws-cdk/aws-events';import * as iam from '@aws-cdk/aws-iam';import { EventsRuleToSnsProps, EventsRuleToSns } from "@aws-solutions-constructs/aws-events-rule-sns";
const props: EventsRuleToSnsProps = { eventRuleProps: { schedule: events.Schedule.rate(Duration.minutes(5)), }};
const constructStack = new EventsRuleToSns(this, 'test-construct', props);
// Grant yourself permissions to use the Customer Managed KMS Keyconst policyStatement = new iam.PolicyStatement({ actions: ["kms:Encrypt", "kms:Decrypt"], effect: iam.Effect.ALLOW, principals: [ new iam.AccountRootPrincipal() ], resources: [ "*" ]});
constructStack.encryptionKey?.addToResourcePolicy(policyStatement);
Initializer
new EventsRuleToSNS(scope: Construct, id: string, props: EventsRuleToSNSProps);
Parameters
• scope Construct• id string• props EventsRuleToSnsProps (p. 87)
Pattern Construct Props
Name Type Description
eventRuleProps events.RuleProps User-provided properties tooverride the default propertiesfor the CloudWatch Events rule.
87
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
existingTopicObj? sns.Topic An optional, existing SNS topicto be used instead of the defaulttopic. If an existing topic isprovided, the topicPropsproperty will be ignored.
topicProps? sns.TopicProps Optional user-providedproperties to override thedefault properties for theSNS topic. Ignored if anexistingTopicObj isprovided.
enableEncryptionWithCustomerManagedKey?boolean Whether to use a customer-managed encryption key,either managed by this CDKapp or imported. If importingan encryption key, it must bespecified in the encryptionKeyproperty for this construct.
encryptionKey? kms.Key An optional, existing encryptionkey to be used instead of thedefault encryption key.
encryptionKeyProps? kms.KeyProps Optional user-providedproperties to override thedefault properties for theencryption key.
Pattern Properties
Name Type Description
eventsRule events.Rule Returns an instance of theEvents rule created by thepattern.
snsTopic sns.Topic Returns an instance of the SNStopic created by the pattern.
encryptionKey kms.Key Returns an instance of theencryption key created by thepattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon CloudWatch Events rule• Grant least privilege permissions to CloudWatch Events to publish to the SNS topic.
88
AWS Solutions Constructs AWS SolutionsArchitecture
Amazon SNS topic• Configure least privilege access permissions for SNS topic.• Enable server-side encryption for SNS topic using customer-managed AWS KMS key.• Enforce encryption of data in transit.
Architecture
aws-events-rule-sqs
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_events_rule_sqs
89
AWS Solutions Constructs AWS SolutionsOverview
Language Package
Typescript
@aws-solutions-constructs/aws-events-rule-sqs
Java
software.amazon.awsconstructs.services.eventsrulesqs
OverviewThis pattern implements an Amazon CloudWatch Events rule connected to an Amazon SQS queue.
Here is a minimal deployable pattern definition:
import { Duration } from '@aws-cdk/core';import * as events from '@aws-cdk/aws-events';import * as iam from '@aws-cdk/aws-iam';import { EventsRuleToSqsProps, EventsRuleToSqs } from "@aws-solutions-constructs/aws-events-rule-sqs";
const props: EventsRuleToSqsProps = { eventRuleProps: { schedule: events.Schedule.rate(Duration.minutes(5)) }};
const constructStack = new EventsRuleToSqs(this, 'test-construct', props);
// Grant yourself permissions to use the Customer Managed KMS Keyconst policyStatement = new iam.PolicyStatement({ actions: ["kms:Encrypt", "kms:Decrypt"], effect: iam.Effect.ALLOW, principals: [ new iam.AccountRootPrincipal() ], resources: [ "*" ]});
constructStack.encryptionKey?.addToResourcePolicy(policyStatement);
Initializer
new EventsRuleToSqs(scope: Construct, id: string, props: EventsRuleToSqsProps);
Parameters
• scope Construct• id string• props EventsRuleToSqsProps (p. 91)
90
AWS Solutions Constructs AWS SolutionsPattern Construct Props
Pattern Construct Props
Name Type Description
eventRuleProps events.RuleProps User-provided properties tooverride the default propertiesfor the CloudWatch Events rule.
existingQueueObj? sqs.Queue An optional, existing SQS queueto be used instead of the defaultqueue. If an existing queue isprovided, the queuePropsproperty will be ignored.
queueProps? sqs.QueueProps Optional user-providedproperties to override thedefault properties for theSQS queue. Ignored if anexistingQueueObj isprovided.
enableQueuePurging? boolean Whether to grant additionalpermissions to the Lambdafunction enabling it to purge theSQS queue. Defaults to false.
deployDeadLetterQueue? boolean Whether to create a secondaryqueue to be used as a deadletter queue. Defaults to true.
deadLetterQueueProps? sqs.QueueProps Optional user-providedprops to override the defaultprops for the dead letterqueue. Only used if thedeployDeadLetterQueueproperty is set to true.
maxReceiveCount? number The number of times a messagecan be unsuccessfully dequeuedbefore being moved to the deadletter queue. Defaults to 15.
enableEncryptionWithCustomerManagedKey?boolean Whether to use a customer-managed encryption key,either managed by this CDKapp or imported. If importingan encryption key, it must bespecified in the encryptionKeyproperty for this construct.
encryptionKey? kms.Key An optional, existing encryptionkey to be used instead of thedefault encryption key.
encryptionKeyProps? kms.KeyProps Optional user-providedproperties to override the
91
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
default properties for theencryption key.
Pattern Properties
Name Type Description
eventsRule events.Rule Returns an instance of theEvents rule created by thepattern.
sqsQueue sqs.Queue Returns an instance of the SQSqueue created by the pattern.
encryptionKey kms.Key Returns an instance of theencryption key created by thepattern.
deadLetterQueue? sqs.Queue Returns an instance of the deadletter queue created by thepattern, if one is deployed.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon CloudWatch Events rule• Grant least privilege permissions to CloudWatch Events to publish to the SQS Queue.
Amazon SQS queue• Deploy a dead-letter queue for the source queue.• Enable server-side encryption for the source queue using a customer-managed AWS KMS key.• Enforce encryption of data in transit.
92
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-events-rule-step-function
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_events_rule_step_function
Typescript
@aws-solutions-constructs/aws-events-rule-step-function
Java
software.amazon.awsconstructs.services.eventsrulestepfunction
93
AWS Solutions Constructs AWS SolutionsInitializer
This AWS Solutions Construct implements an AWS Events rule and an AWS Step function.
Here is a minimal deployable pattern definition in TypeScript:
import { EventsRuleToStepFunction, EventsRuleToStepFunctionProps } from '@aws-solutions-constructs/aws-events-rule-step-function';
const startState = new stepfunctions.Pass(this, 'StartState');
const props: EventsRuleToStepFunctionProps = { stateMachineProps: { definition: startState }, eventRuleProps: { schedule: events.Schedule.rate(Duration.minutes(5)) }};
new EventsRuleToStepFunction(stack, 'test-events-rule-step-function-stack', props);
Initializer
new EventsRuleToStepFunction(scope: Construct, id: string, props: EventsRuleToStepFunctionProps);
Parameters
• scope Construct• id string• props EventsRuleToStepFunctionProps (p. 94)
Pattern Construct Props
Name Type Description
stateMachineProps sfn.StateMachineProps Optional user provided props tooverride the default props forsfn.StateMachine
eventRuleProps events.RuleProps User provided eventRuleProps tooverride the defaults
createCloudWatchAlarms boolean Whether to createrecommended CloudWatchalarms.
94
AWS Solutions Constructs AWS SolutionsPattern Properties
Pattern Properties
Name Type Description
cloudwatchAlarms? cloudwatch.Alarm[] Returns a list of one or moreCloudWatch alarms created bythe pattern.
eventsRule events.Rule Returns an instance of theEvents rule created by thepattern.
stateMachine sfn.StateMachine Returns an instance of the statemachine created by the pattern.
stateMachineLogGroup logs.LogGroup Returns an instance of the loggroup created by the pattern forthe state machine.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon CloudWatch Events Rule• Grant least privilege permissions to CloudWatch Events to trigger the Lambda Function
AWS Step Function• Enable CloudWatch logging for API Gateway• Deploy best practices CloudWatch Alarms for the Step Function
95
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-iot-kinesisfirehose-s3
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_iot_kinesisfirehose_s3
Typescript
@aws-solutions-constructs/aws-iot-kinesisfirehose-s3
Java
software.amazon.awsconstructs.services.iotkinesisfirehoses3
96
AWS Solutions Constructs AWS SolutionsInitializer
This AWS Solutions Construct implements an AWS IoT MQTT topic rule to send data to an AmazonKinesis Data Firehose delivery stream connected to an Amazon S3 bucket.
Here is a minimal deployable pattern definition in TypeScript:
import { IotToKinesisFirehoseToS3Props, IotToKinesisFirehoseToS3 } from '@aws-solutions-constructs/aws-iot-kinesisfirehose-s3';
const props: IotToKinesisFirehoseToS3Props = { iotTopicRuleProps: { topicRulePayload: { ruleDisabled: false, description: "Persistent storage of connected vehicle telematics data", sql: "SELECT * FROM 'connectedcar/telemetry/#'", actions: [] } }};
new IotToKinesisFirehoseToS3(this, 'test-iot-firehose-s3', props);
Initializer
new IotToKinesisFirehoseToS3(scope: Construct, id: string, props: IotToKinesisFirehoseToS3Props);
Parameters
• scope Construct• id string• props IotToKinesisFirehoseToS3Props (p. 97)
Pattern Construct Props
Name Type Description
iotTopicRuleProps iot.CfnTopicRuleProps User providedCfnTopicRuleProps to overridethe defaults
kinesisFirehoseProps? kinesisfirehose.CfnDeliveryStreamPropsOptional user provided props tooverride the default props forKinesis Firehose Delivery Stream
existingBucketObj? s3.Bucket An optional, existing bucket tobe used instead of the defaultbucket. If an existing bucket isprovided, the bucketPropsproperty will be ignored.
bucketProps? s3.BucketProps Optional user-providedproperties to override
97
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
the default properties forthe bucket. Ignored if anexistingBucketObj isprovided.
Pattern Properties
Name Type Description
iotActionsRole iam.Role Returns an instance of the IAMrole created by the pattern forthe IoT rule.
iotTopicRule iot.CfnTopicRule Returns an instance of theIoT topic rule created by thepattern.
kinesisFirehose kinesisfirehose.CfnDeliveryStreamReturns an instance of theKinesis Firehose delivery streamcreated by the pattern.
kinesisFirehoseLogGroup logs.LogGroup Returns an instance of the loggroup created by the patternthat Kinesis Firehose access logsare sent to.
kinesisFirehoseRole iam.Role Returns an instance of the IAMrole created by the pattern forthe Kinesis Firehose deliverystream.
s3Bucket? s3.Bucket Returns an instance of the S3bucket created by the pattern.
s3LoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the S3 bucket.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon IoT Rule• Configure least privilege access IAM role for Amazon IoT
Amazon Kinesis Firehose• Enable CloudWatch logging for Kinesis Firehose• Configure least privilege access IAM role for Amazon Kinesis Firehose
98
AWS Solutions Constructs AWS SolutionsArchitecture
Amazon S3 Bucket• Configure Access logging for S3 Bucket• Enable server-side encryption for S3 Bucket using AWS managed KMS Key• Turn on the versioning for S3 Bucket• Don't allow public access for S3 Bucket• Retain the S3 Bucket when deleting the CloudFormation stack• Applies lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
Architecture
aws-iot-lambda
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_iot_lambda
99
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Typescript
@aws-solutions-constructs/aws-iot-lambda
Java
software.amazon.awsconstructs.services.iotlambda
This AWS Solutions Constructs pattern implements an AWS IoT MQTT topic rule and an AWS Lambdafunction pattern.
Here is a minimal deployable pattern definition in TypeScript:
import { IotToLambdaProps, IotToLambda } from '@aws-solutions-constructs/aws-iot-lambda';
const props: IotToLambdaProps = { lambdaFunctionProps: { code: lambda.Code.fromAsset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_10_X, handler: 'index.handler' }, iotTopicRuleProps: { topicRulePayload: { ruleDisabled: false, description: "Processing of DTC messages from the AWS Connected Vehicle Solution.", sql: "SELECT * FROM 'connectedcar/dtc/#'", actions: [] } }};
new IotToLambda(this, 'test-iot-lambda-integration', props);
Initializer
new IotToLambda(scope: Construct, id: string, props: IotToLambdaProps);
Parameters
• scope Construct• id string• props IotToLambdaProps (p. 101)
100
AWS Solutions Constructs AWS SolutionsPattern Construct Props
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
iotTopicRuleProps? iot.CfnTopicRuleProps User providedCfnTopicRuleProps to overridethe defaults
Pattern Properties
Name Type Description
iotTopicRule iot.CfnTopicRule Returns an instance of theIoT topic rule created by thepattern.
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon IoT Rule• Configure least privilege access IAM role for Amazon IoT.
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function.• Enable reusing connections with Keep-Alive for NodeJs Lambda function.• Enable X-Ray tracing.
101
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-iot-lambda-dynamodb
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_iot_lambda_dynamodb
Typescript
@aws-solutions-constructs/aws-iot-lambda-dynamodb
software.amazon.awsconstructs.services.iotlambdadynamodb
102
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Java
This AWS Solutions Constructs pattern implements an AWS IoT topic rule, an AWS Lambda function andAmazon DynamoDB table with the least privileged permissions.
Here is a minimal deployable pattern definition in TypeScript:
import { IotToLambdaToDynamoDBProps, IotToLambdaToDynamoDB } from '@aws-solutions-constructs/aws-iot-lambda-dynamodb';
const props: IotToLambdaToDynamoDBProps = { lambdaFunctionProps: { code: lambda.Code.fromAsset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler' }, iotTopicRuleProps: { topicRulePayload: { ruleDisabled: false, description: "Processing of DTC messages from the AWS Connected Vehicle Solution.", sql: "SELECT * FROM 'connectedcar/dtc/#'", actions: [] } }};
new IotToLambdaToDynamoDB(this, 'test-iot-lambda-dynamodb-stack', props);
Initializer
new IotToLambdaToDynamoDB(scope: Construct, id: string, props: IotToLambdaToDynamoDBProps);
Parameters
• scope Construct• id string• props IotToLambdaToDynamoDBProps (p. 103)
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
103
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
lambdaFunctionProps lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
iotTopicRuleProps iot.CfnTopicRuleProps User provided props to overridethe default props
dynamoTableProps? dynamodb.TableProps Optional user provided props tooverride the default props forDynamoDB Table
tablePermissions? string Optional table permissions to begranted to the Lambda function.One of the following optionsmay be specified: All, Read,ReadWrite, or Write.
Pattern Properties
Name Type Description
dynamoTable dynamodb.Table Returns an instance of theDynamoDB table created by thepattern.
iotTopicRule iot.CfnTopicRule Returns an instance of theIoT topic rule created by thepattern.
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon IoT Rule• Configure least privilege access IAM role for Amazon IoT.
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function.• Enable reusing connections with Keep-Alive for NodeJs Lambda function.• Enable X-Ray tracing.
104
AWS Solutions Constructs AWS SolutionsArchitecture
Amazon DynamoDB Table• Set the billing mode for DynamoDB Table to On-Demand (Pay per request).• Enable server-side encryption for DynamoDB Table using AWS managed KMS Key.• Creates a partition key called 'id' for DynamoDB Table.• Retain the Table when deleting the CloudFormation stack.• Enable continuous backups and point-in-time recovery.
Architecture
aws-kinesisfirehose-s3
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws-kinesis-firehose-s3
105
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Typescript
@aws-solutions-constructs/aws-kinesisfirehose-s3
Java
software.amazon.awsconstructs.services.kinesisfirehoses3
This AWS Solutions Construct implements an Amazon Kinesis Data Firehose delivery stream connectedto an Amazon S3 bucket.
Here is a minimal deployable pattern definition in TypeScript:
import { KinesisFirehoseToS3 } from '@aws-solutions-constructs/aws-kinesisfirehose-s3';
new KinesisFirehoseToS3(this, 'test-firehose-s3', {});
Initializer
new KinesisFirehoseToS3(scope: Construct, id: string, props: KinesisFirehoseToS3Props);
Parameters
• scope Construct• id string• props KinesisFirehoseToS3Props (p. 106)
Pattern Construct Props
Name Type Description
kinesisFirehoseProps? kinesisfirehose.CfnDeliveryStreamPropsOptional user provided props tooverride the default props forKinesis Firehose Delivery Stream
existingBucketObj? s3.Bucket An optional, existing bucket tobe used instead of the defaultbucket. If an existing bucket isprovided, the bucketPropsproperty will be ignored.
bucketProps? s3.BucketProps Optional user-providedproperties to overridethe default properties forthe bucket. Ignored if an
106
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
existingBucketObj isprovided.
Pattern Properties
Name Type Description
kinesisFirehose kinesisfirehose.CfnDeliveryStreamReturns an instance of theKinesis Firehose delivery streamcreated by the pattern.
kinesisFirehoseLogGroup logs.LogGroup Returns an instance of the loggroup created by the patternthat Kinesis Firehose access logsare sent to.
kinesisFirehoseRole iam.Role Returns an instance of the IAMrole created by the pattern forthe Kinesis Firehose deliverystream.
s3Bucket? s3.Bucket Returns an instance of the S3bucket created by the pattern.
s3LoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the S3 bucket.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon Kinesis Firehose• Enable CloudWatch logging for Kinesis Firehose• Configure least privilege access IAM role for Amazon Kinesis Firehose
Amazon S3 Bucket• Configure Access logging for S3 Bucket• Enable server-side encryption for S3 Bucket using AWS managed KMS Key• Turn on the versioning for S3 Bucket• Don't allow public access for S3 Bucket• Retain the S3 Bucket when deleting the CloudFormation stack• Enforce encryption of data in transit• Applies lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
107
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-kinesisfirehose-s3-and-kinesisanalytics
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_kinesisfirehose_s3_and_kinesisanalytics
Typescript
@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics
108
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Java
software.amazon.awsconstructs.services.kinesisfirehoses3kinesisanalytics
This AWS Solutions Construct implements an Amazon Kinesis Firehose delivery stream connected to anAmazon S3 bucket, and an Amazon Kinesis Analytics application.
Here is a minimal deployable pattern definition in TypeScript:
import { KinesisFirehoseToAnalyticsAndS3 } from '@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics';
new KinesisFirehoseToAnalyticsAndS3(this, 'FirehoseToS3AndAnalyticsPattern', { kinesisAnalyticsProps: { inputs: [{ inputSchema: { recordColumns: [{ name: 'ticker_symbol', sqlType: 'VARCHAR(4)', mapping: '$.ticker_symbol' }, { name: 'sector', sqlType: 'VARCHAR(16)', mapping: '$.sector' }, { name: 'change', sqlType: 'REAL', mapping: '$.change' }, { name: 'price', sqlType: 'REAL', mapping: '$.price' }], recordFormat: { recordFormatType: 'JSON' }, recordEncoding: 'UTF-8' }, namePrefix: 'SOURCE_SQL_STREAM' }] }});
Initializer
new KinesisFirehoseToAnalyticsAndS3(scope: Construct, id: string, props: KinesisFirehoseToAnalyticsAndS3Props);
Parameters
• scope Construct• id string
109
AWS Solutions Constructs AWS SolutionsPattern Construct Props
• props KinesisFirehoseToAnalyticsAndS3Props (p. 110)
Pattern Construct Props
Name Type Description
kinesisFirehoseProps? kinesisFirehose.CfnDeliveryStreamPropsOptional user-provided propsto override the default propsfor the Kinesis Firehose deliverystream.
kinesisAnalyticsProps? kinesisAnalytics.CfnApplicationPropsOptional user-provided props tooverride the default props forthe Kinesis Analytics application.
existingBucketObj? s3.Bucket An optional, existing bucket tobe used instead of the defaultbucket. If an existing bucket isprovided, the bucketPropsproperty will be ignored.
bucketProps? s3.BucketProps Optional user-providedproperties to overridethe default properties forthe bucket. Ignored if anexistingBucketObj isprovided.
Pattern Properties
Name Type Description
kinesisAnalytics kinesisAnalytics.CfnApplicationReturns an instance of theKinesis Analytics applicationcreated by the pattern.
kinesisFirehose kinesisfirehose.CfnDeliveryStreamReturns an instance of theKinesis Firehose delivery streamcreated by the pattern.
kinesisFirehoseLogGroup logs.LogGroup Returns an instance of the loggroup created by the patternthat Kinesis Firehose access logsare sent to.
kinesisFirehoseRole iam.Role Returns an instance of the IAMrole created by the pattern forthe Kinesis Firehose deliverystream.
s3Bucket? s3.Bucket Returns an instance of the S3bucket created by the pattern.
110
AWS Solutions Constructs AWS SolutionsDefault settings
Name Type Description
s3LoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the S3 bucket.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon Kinesis Firehose• Enable CloudWatch logging for Kinesis Firehose• Configure least privilege access IAM role for Amazon Kinesis Firehose
Amazon S3 Bucket• Configure Access logging for S3 Bucket• Enable server-side encryption for S3 Bucket using AWS managed KMS Key• Turn on the versioning for S3 Bucket• Don't allow public access for S3 Bucket• Retain the S3 Bucket when deleting the CloudFormation stack• Enforce encryption of data in transit• Applies lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
Amazon Kinesis Data Analytics• Configure least privilege access IAM role for Amazon Kinesis Analytics
Architecture
111
AWS Solutions Constructs AWS Solutionsaws-kinesisstreams-kinesisfirehose-s3
aws-kinesisstreams-kinesisfirehose-s3
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_kinesisstreams_kinesisfirehose_s3
Typescript
@aws-solutions-constructs/aws-kinesis-streams-kinesis-firehose-s3
Java
software.amazon.awsconstructs.services.kinesisstreamskinesisfirehoses3
This AWS Solutions Construct implements an Amazon Kinesis Data Stream (KDS) connected to AmazonKinesis Data Firehose (KDF) delivery stream connected to an Amazon S3 bucket.
Here is a minimal deployable pattern definition in TypeScript:
import { KinesisStreamsToKinesisFirehoseToS3 } from '@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3';
new KinesisStreamsToKinesisFirehoseToS3(this, 'test-stream-firehose-s3', {});
Initializer
new KinesisStreamsToKinesisFirehoseToS3(scope: Construct, id: string, props: KinesisStreams...ToS3Props);
Parameters
• scope Construct• id string• props KinesisStreams...ToS3Props (p. 113)
112
AWS Solutions Constructs AWS SolutionsPattern Construct Props
Pattern Construct Props
Name Type Description
kinesisFirehoseProps? kinesisFirehose.CfnDeliveryStreamPropsOptional user-provided propsto override the default propsfor the Kinesis Firehose deliverystream.
existingBucketObj? s3.IBucket An optional, existing bucket tobe used instead of the defaultbucket. If an existing bucket isprovided, the bucketPropsproperty will be ignored.
bucketProps? s3.BucketProps Optional user-providedproperties to overridethe default properties forthe bucket. Ignored if anexistingBucketObj isprovided.
kinesisStreamProps? kinesis.StreamProps Optional user-provided props tooverride the default props forthe Kinesis stream.
existingStreamObj? kinesis.Stream An optional, existing Kinesisstream to be used insteadof the default stream. If anexisting stream is provided,the kinesisStreamPropsproperty will be ignored.
createCloudWatchAlarms boolean Whether to createrecommended CloudWatchalarms.
Pattern Properties
Name Type Description
kinesisFirehose kinesisfirehose.CfnDeliveryStreamReturns an instance of theKinesis Firehose delivery streamcreated by the pattern.
s3Bucket? s3.Bucket Returns an instance of the S3bucket created by the pattern.
s3LoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the S3 bucket.
kinesisFirehoseRole iam.Role Returns an instance of the IAMrole created by the pattern for
113
AWS Solutions Constructs AWS SolutionsDefault settings
Name Type Description
the Kinesis Firehose deliverystream.
kinesisFirehoseLogGroup logs.LogGroup Returns an instance of the loggroup created by the patternthat Kinesis Firehose access logsare sent to.
kinesisStream kinesis.Stream Returns an instance of theKinesis stream created by thepattern.
kinesisStreamRole iam.Role Returns an instance of the IAMrole created by the pattern forthe Kinesis stream.
cloudwatchAlarms? cloudwatch.Alarm[] Returns a list of one or moreCloudWatch alarms created bythe pattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon Kinesis Stream• Configure least privilege access IAM role for Kinesis Stream• Enable server-side encryption for Kinesis Stream using AWS Managed KMS Key• Deploy best practices CloudWatch Alarms for the Kinesis Stream
Amazon Kinesis Firehose• Enable CloudWatch logging for Kinesis Firehose• Configure least privilege access IAM role for Amazon Kinesis Firehose
Amazon S3 Bucket• Configure access logging for S3 bucket• Enable server-side encryption for S3 bucket using AWS managed KMS Key• Enforce encryption of data in transit• Enable bucket versioning• Don't allow public access for S3 bucket• Retain the S3 Bucket when deleting the CloudFormation stack• Apply lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
114
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-kinesisstreams-lambda
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws-kinesis-streams-lambda
Typescript
@aws-solutions-constructs/aws-kinesisstreams-lambda
Java
software.amazon.awsconstructs.services.kinesisstreamslambda
This AWS Solutions Construct deploys a Kinesis Stream and Lambda function with the appropriateresources/properties for interaction and security.
115
AWS Solutions Constructs AWS SolutionsInitializer
Here is a minimal deployable pattern definition in TypeScript:
import { KinesisStreamsToLambda } from '@aws-solutions-constructs/aws-kinesisstreams-lambda';
new KinesisStreamsToLambda(this, 'KinesisToLambdaPattern', { eventSourceProps: { startingPosition: lambda.StartingPosition.TRIM_HORIZON, batchSize: 1 }, lambdaFunctionProps: { runtime: lambda.Runtime.NODEJS_10_X, handler: 'index.handler', code: lambda.Code.fromAsset(`${__dirname}/lambda`) }});
Initializer
new KinesisStreamsToLambda(scope: Construct, id: string, props: KinesisStreamsToLambdaProps);
Parameters
• scope Construct• id string• props KinesisStreamsToLambdaProps (p. 116)
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
kinesisStreamProps? kinesis.StreamProps Optional user-provided props tooverride the default props forthe Kinesis stream.
existingStreamObj? kinesis.Stream An optional, existing Kinesisstream to be used insteadof the default stream. If an
116
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
existing stream is provided,the kinesisStreamPropsproperty will be ignored.
kinesisEventSourceProps? aws-lambda-event-sources.KinesisEventSourceProps
Optional user-provided propsto override the default propsfor the Lambda event sourcemapping.
createCloudWatchAlarms boolean Whether to createrecommended CloudWatchalarms.
Pattern Properties
Name Type Description
kinesisStream kinesis.Stream Returns an instance of theKinesis stream created by thepattern.
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
kinesisStreamRole iam.Role Returns an instance of the IAMrole created by the pattern forthe Kinesis stream.
cloudwatchAlarms? cloudwatch.Alarm[] Returns a list of one or moreCloudWatch alarms created bythe pattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon Kinesis Stream• Configure least privilege access IAM role for Kinesis Stream.• Enable server-side encryption for Kinesis Stream using AWS managed KMS Key.• Deploy best-practice CloudWatch Alarms for the Kinesis Stream.
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function.• Enable reusing connections with Keep-Alive for NodeJs Lambda function.• Enable X-Ray tracing.• Enable Failure-Handling features: enable bisect on function Error; set default Maximum Record
Age (24 hours); set default Maximum Retry Attempts (500); and deploy SQS dead-letter queue asdestination on failure.
117
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-lambda-dynamodb
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_lambda_dynamodb
Typescript
@aws-solutions-constructs/aws-lambda-dynamodb
software.amazon.awsconstructs.services.lambdadynamodb
118
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Java
This AWS Solutions Construct implements the AWS Lambda function and Amazon DynamoDB table withleast-privilege permissions.
Here is a minimal deployable pattern definition in TypeScript:
import { LambdaToDynamoDBProps, LambdaToDynamoDB } from '@aws-solutions-constructs/aws-lambda-dynamodb';
const props: LambdaToDynamoDBProps = { lambdaFunctionProps: { code: lambda.Code.fromAsset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler' }};
new LambdaToDynamoDB(this, 'test-lambda-dynamodb-stack', props);
Initializer
new LambdaToDynamoDB(scope: Construct, id: string, props: LambdaToDynamoDBProps);
Parameters
• scope Construct• id string• props LambdaToDynamoDBProps (p. 119)
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
119
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
dynamoTableProps? dynamodb.TableProps Optional user provided props tooverride the default props forDynamoDB Table
existingTableObj? dynamodb.Table Existing instance of DynamoDBTable. If this is set, then thedynamoTableProps is ignored.
tablePermissions? string Optional table permissions to begranted to the Lambda function.One of the following optionsmay be specified: All, Read,ReadWrite, or Write.
Pattern Properties
Name Type Description
dynamoTable dynamodb.Table Returns an instance of theDynamoDB table created by thepattern.
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function.• Enable reusing connections with Keep-Alive for NodeJs Lambda function.• Enable X-Ray tracing.
Amazon DynamoDB Table• Set the billing mode for DynamoDB Table to On-Demand (Pay per request).• Enable server-side encryption for DynamoDB Table using AWS managed KMS Key.• Creates a partition key called 'id' for DynamoDB Table.• Retain the Table when deleting the CloudFormation stack.• Enable continuous backups and point-in-time recovery.
120
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-lambda-elasticsearch-kibana
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_lambda_elasticsearch_kibana
Typescript
@aws-solutions-constructs/aws-lambda-elasticsearch-kibana
software.amazon.awsconstructs.services.lambdaelasticsearchkibana
121
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Java
This AWS Solutions Construct implements an AWS Lambda function and an Amazon ElasticsearchService domain with least-privileged permissions.
Here is a minimal deployable pattern definition in TypeScript:
import { LambdaToElasticSearchAndKibana } from '@aws-solutions-constructs/aws-lambda-elasticsearch-kibana';import { Aws } from "@aws-cdk/core";
const lambdaProps: lambda.FunctionProps = { code: lambda.Code.fromAsset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler'};
new LambdaToElasticSearchAndKibana(this, 'test-lambda-elasticsearch-kibana', { lambdaFunctionProps: lambdaProps, domainName: 'test-domain', // TODO: Ensure the Cognito domain name is globally unique cognitoDomainName: 'globallyuniquedomain' + Aws.ACCOUNT_ID;});
Initializer
new LambdaToElasticSearchAndKibana(scope: Construct, id: string, props: LambdaToElasticSearchAndKibanaProps);
Parameters
• scope Construct• id string• props LambdaToElasticSearchAndKibanaProps (p. 122)
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for the
122
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
Lambda function. Ignored ifan existingLambdaObj isprovided.
esDomainProps? elasticsearch.CfnDomainPropsOptional user provided propsto override the default propsfor the Amazon ElasticsearchService
domainName string Domain name for the Cognitoand the Amazon ElasticsearchService
cognitoDomainName? string Optional Cognito domain name.If provided, it will be usedfor the Cognito domain, anddomainName will be used forthe Elasticsearch domain.
createCloudWatchAlarms boolean Whether to createrecommended CloudWatchalarms.
Pattern Properties
Name Type Description
cloudwatchAlarms? cloudwatch.Alarm[] Returns a list of one or moreCloudWatch alarms created bythe pattern.
elasticsearchDomain elasticsearch.CfnDomain Returns an instance of theElasticsearch domain created bythe pattern.
elasticsearchDomainRole iam.Role Returns an instance of the IAMrole created by the pattern forthe Elasticsearch domain.
identityPool cognito.CfnIdentityPool Returns an instance of theCognito identity pool created bythe pattern.
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
userPool cognito.UserPool Returns an instance of theCognito user pool created by thepattern.
userPoolClient cognito.UserPoolClient Returns an instance of theCognito user pool client createdby the pattern.
123
AWS Solutions Constructs AWS SolutionsLambda function
Lambda functionThis pattern requires a Lambda function that can post data into the Elasticsearch service from theDynamoDB stream. A sample function is provided here.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function.• Enable reusing connections with Keep-Alive for NodeJs Lambda function.• Enable X-Ray tracing.
Amazon Cognito• Set password policy for User Pools.• Enforce the advanced security mode for User Pools.
Amazon Elasticsearch Service• Deploy best practices CloudWatch Alarms for the Elasticsearch domain.• Secure the Kibana dashboard access with Cognito User Pools.• Enable server-side encryption for Elasticsearch domain using AWS managed KMS Key.• Enable node-to-node encryption for Elasticsearch domain.• Configure the cluster for the Amazon ES domain.
124
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-lambda-s3
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
125
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Python
aws_solutions_constructs.aws_lambda_s3
Typescript
@aws-solutions-constructs/aws-lambda-s3
Java
software.amazon.awsconstructs.services.lambdas3
This AWS Solutions Construct implements an AWS Lambda function connected to an Amazon S3 bucket.
Here is a minimal deployable pattern definition in TypeScript:
import { LambdaToS3 } from '@aws-solutions-constructs/aws-lambda-s3';
new LambdaToS3(this, 'LambdaToS3Pattern', { lambdaFunctionProps: { runtime: lambda.Runtime.NODEJS_10_X, handler: 'index.handler', code: lambda.Code.fromAsset(`${__dirname}/lambda`) }});
Initializer
new LambdaToS3(scope: Construct, id: string, props: LambdaToS3Props);
Parameters
• scope Construct• id string• props LambdaToS3Props (p. 126)
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,
126
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
existingBucketObj? s3.Bucket An optional, existing bucket tobe used instead of the defaultbucket. If an existing bucket isprovided, the bucketPropsproperty will be ignored.
bucketProps? s3.BucketProps Optional user-providedproperties to overridethe default properties forthe bucket. Ignored if anexistingBucketObj isprovided.
bucketPermissions? string[] Optional bucket permissions togrant to the Lambda function.One or more of the followingmay be specified: Delete, Put,Read, ReadWrite, Write.
Pattern Properties
Name Type Description
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
s3Bucket? s3.Bucket Returns an instance of the S3bucket created by the pattern.
s3LoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the S3 bucket.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function.• Enable reusing connections with Keep-Alive for NodeJs Lambda function.
127
AWS Solutions Constructs AWS SolutionsArchitecture
• Enable X-Ray tracing
Amazon S3 Bucket• Configure Access logging for S3 Bucket.• Enable server-side encryption for S3 Bucket using AWS managed KMS Key.• Turn on the versioning for S3 Bucket.• Don't allow public access for S3 Bucket.• Retain the S3 Bucket when deleting the CloudFormation stack.• Enforce encryption of data in transit.• Applies lifecycle rule to move noncurrent object versions to Glacier storage after 90 days.
Architecture
aws-lambda-sns
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_lambda_sns
Typescript
@aws-solutions-constructs/aws-lambda-sns
128
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Java
software.amazon.awsconstructs.services.lambdasns
This AWS Solutions Construct implements an AWS Lambda function connected to an Amazon SNS topic.
Here is a minimal deployable pattern definition in TypeScript:
import { LambdaToSns, LambdaToSnsProps } from "@aws-solutions-constructs/aws-lambda-sns";
new LambdaToSns(this, 'test-lambda-sns', { lambdaFunctionProps: { runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler', code: lambda.Code.fromAsset(`${__dirname}/lambda`) }});
Initializer
new LambdaToSns(scope: Construct, id: string, props: LambdaToSnsProps);
Parameters
• scope Construct• id string• props LambdaToSnsProps (p. 129)
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
129
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
existingTopicObj? sns.Topic An optional, existing SNS topicto be used instead of the defaulttopic. If an existing topic isprovided, the topicPropsproperty will be ignored.
topicProps? sns.TopicProps Optional user providedproperties to override thedefault properties for the SNStopic.
Pattern Properties
Name Type Description
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
snsTopic sns.Topic Returns an instance of the SNStopic created by the pattern.
Default settingsOut of the box implementation of the Construct without any override will set the following defaults:
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function.• Enable reusing connections with Keep-Alive for NodeJs Lambda function.• Enable X-Ray tracing.
Amazon SNS Topic• Configure least privilege access permissions for SNS topic.• Enable server-side encryption using AWS managed KMS key.• Enforce encryption of data in transit.
130
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-lambda-sqs
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_lambda_sqs
Typescript
@aws-solutions-constructs/aws-lambda-sqs
Java
software.amazon.awsconstructs.services.lambdasqs
This AWS Solutions Construct implements an AWS Lambda function connected to an Amazon SQSqueue.
Here is a minimal deployable pattern definition in TypeScript:
import { LambdaToSqs, LambdaToSqsProps } from "@aws-solutions-constructs/aws-lambda-sqs";
new LambdaToSqs(this, 'LambdaToSqsPattern', {
131
AWS Solutions Constructs AWS SolutionsInitializer
lambdaFunctionProps: { runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler', code: lambda.Code.fromAsset(`${__dirname}/lambda`) } });
Initializer
new LambdaToSqs(scope: Construct, id: string, props: LambdaToSqsProps);
Parameters
• scope Construct• id string• props LambdaToSqsProps (p. 132)
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
existingQueueObj? sqs.Queue An optional, existing SQS queueto be used instead of the defaultqueue. If an existing queue isprovided, the queuePropsproperty will be ignored.
queueProps? sqs.QueueProps Optional user-providedproperties to override thedefault properties for theSQS queue. Ignored if anexistingQueueObj isprovided.
enableQueuePurging? boolean Whether to grant additionalpermissions to the Lambdafunction enabling it to purge theSQS queue. Defaults to false.
132
AWS Solutions Constructs AWS SolutionsPattern Construct Props
Name Type Description
deployDeadLetterQueue? boolean Whether to create a secondaryqueue to be used as a deadletter queue. Defaults to true.
deadLetterQueueProps? sqs.QueueProps Optional user-providedprops to override the defaultprops for the dead letterqueue. Only used if thedeployDeadLetterQueueproperty is set to true.
maxReceiveCount? number The number of times a messagecan be unsuccessfully dequeuedbefore being moved to the deadletter queue. Defaults to 15.
existingVpc? ec2.Vpc An optional, existing VPC intowhich this construct should bedeployed. When deployed intoa VPC, the Lambda functionwill use ENIs in the VPC toaccess network resourcesand an Interface Endpointwill be created in the VPC forAmazon SQS. If an existing VPCis provided, the deployVpcproperty cannot be true.
deployVpc? boolean Whether to create a new VPCbased on vpcProps into whichto deploy this construct. Settingthis to true will deploy theminimal, most private VPC torun the construct:
• One isolated subnet in eachAvailability Zone used by theCDK program
• enableDnsHostnames andenableDnsSupport will bothbe set to true
If this property is true, thenexistingVpc cannot bespecified. Defaults to false.
133
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
vpcProps? ec2.VpcProps Optional user-providedproperties to override thedefault properties for the newVPC. enableDnsHostnames,enableDnsSupport,natGateways, andsubnetConfiguration areset by the Construct, so anyvalues for those propertiessupplied here will be overrriden.If deployVpc is not true, thenthis property will be ignored.
Pattern Properties
Name Type Description
deadLetterQueue? sqs.Queue Returns an instance of the deadletter queue created by thepattern, if one is deployed.
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
sqsQueue sqs.Queue Returns an instance of the SQSqueue created by the pattern.
Default settingsOut of the box implementation of the Construct without any override will set the following defaults:
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function.• Enable reusing connections with Keep-Alive for NodeJs Lambda function.• Allow the function to only send messages to the queue (purging can be enabled using theenableQueuePurge property).
• Enable X-Ray tracing
Amazon SQS Queue• Deploy SQS dead-letter queue for the source SQS Queue.• Enable server-side encryption for source SQS Queue using AWS Managed KMS Key.• Enforce encryption of data in transit.
134
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-lambda-sqs-lambda
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
135
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Python
aws_solutions_constructs.aws_lambda_sqs_lambda
Typescript
@aws-solutions-constructs/aws-lambda-sqs-lambda
Java
software.amazon.awsconstructs.services.lambdasqslambda
This AWS Solutions Constructs pattern implements (1) an AWS Lambda function that is configured tosend messages to a queue; (2) an Amazon SQS queue; and (3) an AWS Lambda function configured toconsume messages from the queue.
Here is a minimal deployable pattern definition in TypeScript:
import { LambdaToSqsToLambda, LambdaToSqsToLambdaProps } from "@aws-solutions-constructs/aws-lambda-sqs-lambda";
new LambdaToSqsToLambda(this, 'LambdaToSqsToLambdaPattern', { producerLambdaFunctionProps: { runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler', code: lambda.Code.fromAsset(`${__dirname}/lambda/producer-function`) }, consumerLambdaFunctionProps: { runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler', code: lambda.Code.fromAsset(`${__dirname}/lambda/consumer-function`) }});
Initializer
new LambdaToSqsToLambda(scope: Construct, id: string, props: LambdaToSqsToLambdaProps);
Parameters
• scope Construct• id string• props LambdaToSqsToLambdaProps (p. 137)
136
AWS Solutions Constructs AWS SolutionsPattern Construct Props
Pattern Construct Props
Name Type Description
existingProducerLambdaObj? lambda.Function An optional, existing Lambdafunction to be used instead ofthe default function for sendingmessages to the queue. If anexisting function is provided, theproducerLambdaFunctionPropsproperty will be ignored.
producerLambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to overridethe default propertiesfor the producer Lambdafunction. Ignored if anexistingProducerLambdaObjis provided.
existingQueueObj? sqs.Queue An optional, existing SQS queueto be used instead of the defaultqueue. If an existing queue isprovided, the queuePropsproperty will be ignored.
queueProps? sqs.QueueProps Optional user-providedproperties to override thedefault properties for theSQS queue. Ignored if anexistingQueueObj isprovided.
deployDeadLetterQueue? boolean Whether to create a secondaryqueue to be used as a deadletter queue. Defaults to true.
deadLetterQueueProps? sqs.QueueProps Optional user-providedprops to override the defaultprops for the dead letterqueue. Only used if thedeployDeadLetterQueueproperty is set to true.
maxReceiveCount? number The number of times a messagecan be unsuccessfully dequeuedbefore being moved to the deadletter queue. Defaults to 15.
existingConsumerLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function forreceiving/consuming messagesfrom the queue. If an existingfunction is provided, theconsumerLambdaFunctionPropsproperty will be ignored.
137
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
consumerLambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to overridethe default properties forthe consumer Lambdafunction. Ignored if anexistingConsumerLambdaObjis provided.
Pattern Properties
Name Type Description
consumerLambdaFunction lambda.Function Returns an instance of theconsumer Lambda functioncreated by the pattern.
deadLetterQueue? sqs.Queue Returns an instance of the deadletter queue created by thepattern, if one is deployed.
producerLambdaFunction lambda.Function Returns an instance of theproducer Lambda functioncreated by the pattern.
sqsQueue sqs.Queue Returns an instance of the SQSqueue created by the pattern.
Default settingsOut-of-the-box implementation of this Construct (without any overridden properties) will adhere to thefollowing defaults:
AWS Lambda Functions• Configure limited privilege access IAM role for Lambda functions.• Enable reusing connections with Keep-Alive for NodeJs Lambda functions.• Enable X-Ray tracing
Amazon SQS Queue• Deploy a dead letter queue for the primary queue.• Enable server-side encryption for the primary queue using an AWS Managed KMS Key.• Enforce encryption of data in transit
138
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-lambda-step-function
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_lambda_step_function
Typescript
@aws-solutions-constructs/aws-lambda-step-function
139
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Java
software.amazon.awsconstructs.services.lambdastepfunction
This AWS Solutions Construct implements an AWS Lambda function connected to an AWS Step Function.
Here is a minimal deployable pattern definition in TypeScript:
import { LambdaToStepFunction } from '@aws-solutions-constructs/aws-lambda-step-function';import * as stepfunctions from '@aws-cdk/aws-stepfunctions';
const startState = new stepfunctions.Pass(stack, 'StartState');
new LambdaToStepFunction(this, 'LambdaToStepFunctionPattern', { lambdaFunctionProps: { runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler', code: lambda.Code.fromAsset(`${__dirname}/lambda`) }, stateMachineProps: { definition: startState }});
Initializer
new LambdaToStepFunction(scope: Construct, id: string, props: LambdaToStepFunctionProps);
Parameters
• scope Construct• id string• props LambdaToStepFunctionProps (p. 140)
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override the
140
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
default properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
stateMachineProps sfn.StateMachineProps User provided props for thesfn.StateMachine.
createCloudWatchAlarms boolean Whether to createrecommended CloudWatchalarms.
Pattern Properties
Name Type Description
cloudwatchAlarms? cloudwatch.Alarm[] Returns a list of one or moreCloudWatch alarms created bythe pattern.
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
stateMachine sfn.StateMachine Returns an instance of the statemachine created by the pattern.
stateMachineLogGroup logs.LogGroup Returns an instance of the loggroup created by the pattern forthe state machine.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
AWS Lambda Function• Configure a limited privilege access IAM role for the Lambda function.• Enable reusing connections with Keep-Alive for NodeJs Lambda functions.• Enable X-Ray tracing.
AWS Step Functions State Machine• Deploy best-practice CloudWatch alarms for the AWS Step Functions State Machine.
141
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-s3-lambda
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_s3_lambda
Typescript
@aws-solutions-constructs/aws-s3-lambda
142
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Java
software.amazon.awsconstructs.services.s3lambda
This AWS Solutions Construct implements an Amazon S3 bucket connected to an AWS Lambda function.
Here is a minimal deployable pattern definition in TypeScript:
import { S3ToLambdaProps, S3ToLambda } from '@aws-solutions-constructs/aws-s3-lambda';
new S3ToLambda(this, 'test-s3-lambda', { lambdaFunctionProps: { code: lambda.Code.fromAsset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler' },});
Initializer
new S3ToLambda(scope: Construct, id: string, props: S3ToLambdaProps);
Parameters
• scope Construct• id string• props S3ToLambdaProps (p. 143)
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
existingBucketObj? s3.Bucket An optional, existing bucket tobe used instead of the default
143
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
bucket. If an existing bucket isprovided, the bucketPropsproperty will be ignored.
bucketProps? s3.BucketProps Optional user-providedproperties to overridethe default properties forthe bucket. Ignored if anexistingBucketObj isprovided.
s3EventSourceProps? S3EventSourceProps Optional user provided props tooverride the default props forS3EventSourceProps
Pattern Properties
Name Type Description
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
s3Bucket? s3.Bucket Returns an instance of the S3bucket created by the pattern.
s3LoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the S3 bucket.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon S3 Bucket• Configure Access logging for S3 Bucket.• Enable server-side encryption for S3 Bucket using AWS managed KMS Key.• Turn on the versioning for S3 Bucket.• Don't allow public access for S3 Bucket.• Retain the S3 Bucket when deleting the CloudFormation stack.• Enforce encryption of data in transit.• Applies lifecycle rule to move noncurrent object versions to Glacier storage after 90 days.
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function.• Enable reusing connections with Keep-Alive for NodeJs Lambda function.• Enable X-Ray tracing.
144
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-s3-sqs
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_s3_sqs
Typescript
@aws-solutions-constructs/aws-s3-sqs
software.amazon.awsconstructs.services.s3sqs
145
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Java
This AWS Solutions Construct implements an Amazon S3 Bucket that is configured to send notificationsto an Amazon SQS queue.
Here is a minimal deployable pattern definition in TypeScript:
import { S3ToSqs } from "@aws-solutions-constructs/aws-s3-sqs";
new S3ToSqs(stack, 'S3ToSQSPattern', {});
Initializer
new S3ToSqs(scope: Construct, id: string, props: S3ToSqsProps);
Parameters
• scope Construct• id string• props S3ToSqsProps (p. 146)
Pattern Construct Props
Name Type Description
existingBucketObj? s3.Bucket An optional, existing S3 bucketto be used instead of the defaultbucket. If an existing bucket isprovided, the bucketPropsproperty will be ignored.
bucketProps? s3.BucketProps Optional user-provided props tooverride the default props forthe S3 bucket.
s3EventTypes? s3.EventType[] The S3 event typesthat will trigger thenotification. Defaults tos3.EventType.OBJECT_CREATED.
s3EventFilters? s3.NotificationKeyFilter[] The S3 object key filter rules todetermine which objects triggerthis event. If not specified, nofilter rules will be applied.
existingQueueObj? sqs.Queue An optional, existing SQS queueto be used instead of the defaultqueue. If an existing queue is
146
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
provided, the queuePropsproperty will be ignored.
queueProps? sqs.QueueProps Optional user-providedproperties to override thedefault properties for theSQS queue. Ignored if anexistingQueueObj isprovided.
deadLetterQueueProps? sqs.QueueProps Optional user-providedprops to override the defaultprops for the dead letterqueue. Only used if thedeployDeadLetterQueueproperty is set to true.
deployDeadLetterQueue? boolean Whether to create a secondaryqueue to be used as a deadletter queue. Defaults to true.
maxReceiveCount? number The number of times a messagecan be unsuccessfully dequeuedbefore being moved to the deadletter queue. Defaults to 15.
enableEncryptionWithCustomerManagedKey?boolean Whether to use a KMS Key,either managed by this CDKapp, or imported. If importingan encryption key, it must bespecified in the encryptionKeyproperty for this construct.
encryptionKey? kms.Key An optional, existing encryptionkey to be used instead of thedefault encryption key.
encryptionKeyProps? kms.KeyProps Optional user-providedproperties to override thedefault properties for theencryption key.
Pattern Properties
Name Type Description
sqsQueue sqs.Queue Returns an instance of the SQSqueue created by the pattern.
deadLetterQueue? sqs.Queue Returns an instance of the deadletter queue created by thepattern, if one is deployed.
147
AWS Solutions Constructs AWS SolutionsDefault settings
Name Type Description
encryptionKey kms.IKey Returns an instance of theencryption key created by thepattern.
s3Bucket? s3.Bucket Returns an instance of the S3bucket created by the pattern.
s3LoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the S3 bucket.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon S3 Bucket• Configure Access logging for S3 Bucket• Enable server-side encryption for S3 Bucket using AWS managed KMS Key• Turn on the versioning for S3 Bucket• Don't allow public access for S3 Bucket• Retain the S3 Bucket when deleting the CloudFormation stack• Enforce encryption of data in transit• Applies lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
Amazon SQS Queue• Configure least privilege access permissions for SQS Queue• Deploy SQS dead-letter queue for the source SQS Queue• Enable server-side encryption for SQS Queue using Customer managed KMS Key• Enforce encryption of data in transit
148
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-s3-step-function
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_s3_step_function
Typescript
@aws-solutions-constructs/aws-s3-step-function
software.amazon.awsconstructs.services.s3stepfunction
149
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Java
This AWS Solutions Construct implements an Amazon S3 bucket connected to an AWS Step Function.
NoteThis construct uses Amazon EventBridge (Amazon CloudWatch Events) to trigger AWSStep Functions. EventBridge is more flexible, but triggering Step Functions with S3 EventNotifications has less latency and is more cost effective. If cost and/or latency is an issue, youshould consider deploying aws-s3-lambda and aws-lambda-stepfunctions in place of thisconstruct.
Here is a minimal deployable pattern definition in TypeScript:
import { S3ToStepFunction, S3ToStepFunctionProps } from '@aws-solutions-constructs/aws-s3-step-function';import * as stepfunctions from '@aws-cdk/aws-stepfunctions';
const startState = new stepfunctions.Pass(stack, 'StartState');
new S3ToStepFunction(this, 'test-s3-step-function-stack', { stateMachineProps: { definition: startState }});
Initializer
new S3ToStepFunction(scope: Construct, id: string, props: S3ToStepFunctionProps);
Parameters
• scope Construct• id string• props S3ToStepFunctionProps (p. 150)
Pattern Construct Props
Name Type Description
existingBucketObj? s3.Bucket An optional, existing bucket tobe used instead of the defaultbucket. If an existing bucket isprovided, the bucketPropsproperty will be ignored.
bucketProps? s3.BucketProps Optional user-providedproperties to overridethe default properties forthe bucket. Ignored if an
150
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
existingBucketObj isprovided.
stateMachineProps sfn.StateMachineProps Optional user provided props tooverride the default props forsfn.StateMachine.
eventRuleProps? events.RuleProps Optional user providedeventRuleProps to override thedefaults.
deployCloudTrail? boolean Whether to deploy a Trail inAWS CloudTrail to log API eventsin Amazon S3. Defaults to true.
createCloudWatchAlarms boolean Whether to createrecommended CloudWatchalarms.
Pattern Properties
Name Type Description
cloudtrail? cloudtrail.Trail Returns an instance of theCloudtrail trail created by thepattern.
cloudtrailBucket? s3.Bucket Returns an instance of thebucket created by the patternfor storing Cloudtrail trail data.
cloudtrailLoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the primary bucketused by the Cloudtrail trail.
cloudwatchAlarms? cloudwatch.Alarm[] Returns a list of one or moreCloudWatch alarms created bythe pattern.
s3Bucket? s3.Bucket Returns an instance of the S3bucket created by the pattern.
s3LoggingBucket? s3.Bucket Returns an instance of thelogging bucket created by thepattern for the S3 bucket.
stateMachine sfn.StateMachine Returns an instance of the statemachine created by the pattern.
stateMachineLogGroup logs.LogGroup Returns an instance of the loggroup created by the pattern forthe state machine.
151
AWS Solutions Constructs AWS SolutionsDefault settings
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon S3 Bucket• Configure Access logging for S3 Bucket.• Enable server-side encryption for S3 Bucket using AWS managed KMS Key.• Turn on the versioning for S3 Bucket.• Don't allow public access for S3 Bucket.• Retain the S3 Bucket when deleting the CloudFormation stack.• Enforce encryption of data in transit.• Applies lifecycle rule to move noncurrent object versions to Glacier storage after 90 days.
AWS CloudTrail• Configure a Trail in AWS CloudTrail to log API events in Amazon S3 related to the Bucket created by
the Construct.
Amazon CloudWatch Events Rule• Grant least privilege permissions to CloudWatch Events to trigger the Lambda Function.
AWS Step Function• Enable CloudWatch logging for API Gateway.• Deploy best practices CloudWatch Alarms for the Step Function.
Architecture
152
AWS Solutions Constructs AWS Solutionsaws-sns-lambda
aws-sns-lambda
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_sns_lambda
Typescript
@aws-solutions-constructs/aws-sns-lambda
Java
software.amazon.awsconstructs.services.snslambda
This AWS Solutions Construct implements an Amazon SNS connected to an AWS Lambda function.
Here is a minimal deployable pattern definition in TypeScript:
import { SnsToLambda, SnsToLambdaProps } from "@aws-solutions-constructs/aws-sns-lambda";
new SnsToLambda(this, 'test-sns-lambda', { lambdaFunctionProps: { runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler', code: lambda.Code.fromAsset(`${__dirname}/lambda`) }});
Initializer
new SnsToLambda(scope: Construct, id: string, props: SnsToLambdaProps);
Parameters
• scope Construct• id string• props SnsToLambdaProps (p. 154)
153
AWS Solutions Constructs AWS SolutionsPattern Construct Props
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
existingTopicObj? sns.Topic An optional, existing SNS topicto be used instead of the defaulttopic. If an existing topic isprovided, the topicPropsproperty will be ignored.
topicProps? sns.TopicProps Optional user providedproperties to override thedefault properties for the SNStopic.
Pattern Properties
Name Type Description
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
snsTopic sns.Topic Returns an instance of the SNStopic created by the pattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon SNS Topic• Configure least privilege access permissions for SNS topic.• Enable server-side encryption using AWS managed KMS key.• Enforce encryption of data in transit.
154
AWS Solutions Constructs AWS SolutionsArchitecture
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function.• Enable reusing connections with Keep-Alive for NodeJs Lambda function.• Enable X-Ray tracing.
Architecture
aws-sns-sqs
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_sns_sqs
155
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Typescript
@aws-solutions-constructs/aws-sns-sqs
Java
software.amazon.awsconstructs.services.snssqs
This AWS Solutions Construct implements an Amazon SNS topic connected to an Amazon SQS queue.
Here is a minimal deployable pattern definition in TypeScript:
import { SnsToSqs, SnsToSqsProps } from "@aws-solutions-constructs/aws-sns-sqs";import * as iam from '@aws-cdk/aws-iam';
const snsToSqsStack = new SnsToSqs(this, 'SnsToSqsPattern', {});
// Grant yourself permissions to use the Customer Managed KMS Keyconst policyStatement = new iam.PolicyStatement({ actions: ["kms:Encrypt", "kms:Decrypt"], effect: iam.Effect.ALLOW, principals: [ new iam.AccountRootPrincipal() ], resources: [ "*" ]});
snsToSqsStack.encryptionKey?.addToResourcePolicy(policyStatement);
Initializer
new SnsToSqs(scope: Construct, id: string, props: SnsToSqsProps);
Parameters
• scope Construct• id string• props SnsToSqsProps (p. 156)
Pattern Construct Props
Name Type Description
existingTopicObj? sns.Topic An optional, existing SNS topicto be used instead of the defaulttopic. If an existing topic isprovided, the topicPropsproperty will be ignored.
156
AWS Solutions Constructs AWS SolutionsPattern Construct Props
Name Type Description
topicProps? sns.TopicProps Optional user-providedproperties to override thedefault properties for theSNS topic. Ignored if anexistingTopicObj isprovided.
existingQueueObj? sqs.Queue An optional, existing SQS queueto be used instead of the defaultqueue. If an existing queue isprovided, the queuePropsproperty will be ignored.
queueProps? sqs.QueueProps Optional user-providedproperties to override thedefault properties for theSQS queue. Ignored if anexistingQueueObj isprovided.
deployDeadLetterQueue? boolean Whether to create a secondaryqueue to be used as a deadletter queue. Defaults to true.
deadLetterQueueProps? sqs.QueueProps Optional user-providedprops to override the defaultprops for the dead letterqueue. Only used if thedeployDeadLetterQueueproperty is set to true.
maxReceiveCount? number The number of times a messagecan be unsuccessfully dequeuedbefore being moved to the deadletter queue. Defaults to 15.
enableEncryptionWithCustomerManagedKey?boolean Whether to use a customer-managed encryption key,either managed by this CDKapp or imported. If importingan encryption key, it must bespecified in the encryptionKeyproperty for this construct.
encryptionKey? kms.Key An optional, existing encryptionkey to be used instead of thedefault encryption key.
encryptionKeyProps? kms.KeyProps Optional user-providedproperties to override thedefault properties for theencryption key.
157
AWS Solutions Constructs AWS SolutionsPattern Properties
Pattern Properties
Name Type Description
snsTopic sns.Topic Returns an instance of the SNStopic created by the pattern.
encryptionKey kms.Key Returns an instance of theencryption key created by thepattern.
sqsQueue sqs.Queue Returns an instance of the SQSqueue created by the pattern.
deadLetterQueue? sqs.Queue Returns an instance of the deadletter queue created by thepattern, if one is deployed.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon SNS topic• Configure least privilege access permissions for SNS topic.• Enable server-side encryption using AWS managed KMS key.• Enforce encryption of data in transit.
Amazon SQS queue• Configure least privilege access permissions for SQS queue.• Deploy dead-letter queue for the source SQS queue.• Enable server-side encryption for SQS queue using customer-managed KMS key.• Enforce encryption of data in transit.
158
AWS Solutions Constructs AWS SolutionsArchitecture
Architecture
aws-sqs-lambda
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
Language Package
Python
aws_solutions_constructs.aws_sqs_lambda
Typescript
@aws-solutions-constructs/aws-sqs-lambda
software.amazon.awsconstructs.services.sqslambda
159
AWS Solutions Constructs AWS SolutionsInitializer
Language Package
Java
This AWS Solutions Construct implements an Amazon SQS queue connected to an AWS Lambdafunction.
Here is a minimal deployable pattern definition in TypeScript:
const { SqsToLambda } = require('@aws-solutions-constructs/aws-sqs-lambda');
new SqsToLambda(stack, 'SqsToLambdaPattern', { lambdaFunctionProps: { runtime: lambda.Runtime.NODEJS_10_X, handler: 'index.handler', code: lambda.Code.fromAsset(`${__dirname}/lambda`) }});
Initializer
new SqsToLambda(scope: Construct, id: string, props: SqsToLambdaProps);
Parameters
• scope Construct• id string• props SqsToLambdaProps (p. 160)
Pattern Construct Props
Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambdafunction to be used insteadof the default function. If anexisting function is provided,the lambdaFunctionPropsproperty will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-providedproperties to override thedefault properties for theLambda function. Ignored ifan existingLambdaObj isprovided.
existingQueueObj? sqs.Queue An optional, existing SQS queueto be used instead of the defaultqueue. If an existing queue is
160
AWS Solutions Constructs AWS SolutionsPattern Properties
Name Type Description
provided, the queuePropsproperty will be ignored.
queueProps? sqs.QueueProps Optional user-providedproperties to override thedefault properties for theSQS queue. Ignored if anexistingQueueObj isprovided.
deployDeadLetterQueue? boolean Whether to create a secondaryqueue to be used as a deadletter queue. Defaults to true.
deadLetterQueueProps? sqs.QueueProps Optional user-providedprops to override the defaultprops for the dead letterqueue. Only used if thedeployDeadLetterQueueproperty is set to true.
maxReceiveCount? number The number of times a messagecan be unsuccessfully dequeuedbefore being moved to the deadletter queue. Defaults to 15.
Pattern Properties
Name Type Description
deadLetterQueue? sqs.Queue Returns an instance of the deadletter queue created by thepattern, if one is deployed.
lambdaFunction lambda.Function Returns an instance of theLambda function created by thepattern.
sqsQueue sqs.Queue Returns an instance of the SQSqueue created by the pattern.
Default settingsOut-of-the-box implementation of this pattern without any overrides will set the following defaults:
Amazon SQS Queue• Deploy SQS dead-letter queue for the source SQS Queue.• Enable server-side encryption for source SQS Queue using AWS Managed KMS Key.• Enforce encryption of data in transit.
161
AWS Solutions Constructs AWS SolutionsArchitecture
AWS Lambda Function• Configure limited privilege access IAM role for Lambda function.• Enable reusing connections with Keep-Alive for NodeJs Lambda function.• Enable X-Ray tracing.
Architecture
core
All classes are under active development and subject to non-backward compatible changes or removalin any future version. These are not subject to the Semantic Versioning model. This means that whileyou may use them, you may need to update your source code when upgrading to a newer version of thispackage.
The core library includes the basic building blocks of AWS Solutions Constructs. It defines the coreclasses that are used in the rest of AWS Solutions Constructs.
Default Properties for AWS CDK ConstructsCore library sets the default properties for the AWS CDK Constructs used by AWS Solutions Constructsconstructs.
162
AWS Solutions Constructs AWS SolutionsOverride the default properties
For example, the following is the snippet of default properties for S3 Bucket construct created by AWSSolutions Constructs construct. By default, it will turn on the server-side encryption, bucket versioning,block all public access and setup the S3 access logging.
{ encryption: s3.BucketEncryption.S3_MANAGED, versioned: true, blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, removalPolicy: RemovalPolicy.RETAIN, serverAccessLogsBucket: loggingBucket}
Override the default propertiesThe default properties set by the Core library can be overridden by user provided properties.For example, the user can override the Amazon S3 Block Public Access property to meet specificrequirements.
const stack = new cdk.Stack();
const props: CloudFrontToS3Props = { bucketProps: { blockPublicAccess: { blockPublicAcls: false, blockPublicPolicy: true, ignorePublicAcls: false, restrictPublicBuckets: true } } };
new CloudFrontToS3(stack, 'test-cloudfront-s3', props);
expect(stack).toHaveResource("AWS::S3::Bucket", { PublicAccessBlockConfiguration: { BlockPublicAcls: false, BlockPublicPolicy: true, IgnorePublicAcls: false, RestrictPublicBuckets: true }, });
Property override warningsWhen a default property from the Core library is overridden by a user-provided property, Constructswill emit one or more warning messages to the console highlighting the change(s). These messages areintended to provide situational awareness to the user and prevent unintentional overrides that couldcreate security risks. These messages will appear whenever deployment/build-related commands areexecuted, including cdk deploy, cdk synth, npm test, etc.
Example message: AWS_CONSTRUCTS_WARNING: An override has been provided forthe property: BillingMode. Default value: 'PAY_PER_REQUEST'. You provided:'PROVISIONED'.
163
AWS Solutions Constructs AWS SolutionsProperty override warnings
Toggling override warningsOverride warning messages are enabled by default, but can be explicitly turned on/off using theoverrideWarningsEnabled shell variable.
• To explicitly turn off override warnings, run export overrideWarningsEnabled=false.• To explicitly turn on override warnings, run export overrideWarningsEnabled=true.• To revert to the default, run unset overrideWarningsEnabled.
164
AWS Solutions Constructs AWS Solutions
Document RevisionsTo be notified about updates to AWS Solutions Constructs, subscribe to the RSS feed.
update-history-change update-history-description update-history-date
Content updated (p. 165) Added new patterns: aws-cloudfront-mediastore and aws-s3-sqs.
December 20, 2020
Content updated (p. 165) Removed aws-lambda-sagemaker pattern.
November 17, 2020
Content updated (p. 165) Added new patterns: aws-events-rule-kinesisstreams, aws-events-rule-kinesisfirehose-s3,and aws-lambda-sagemaker.
October 27, 2020
Content updated (p. 165) Updated to reflect breakingchange in aws-events-rule-sns and aws-events-rule-sqspatterns: class and interfacenames changed to pascal case.
October 22, 2020
Content updated (p. 165) Added aws-apigateway-sagemakerendpoint and aws-kinesisstreams-kinesisfirehose-s3 patterns; other minor updatesto existing content.
October 20, 2020
Content updated (p. 165) Added aws-apigateway-iotpattern; other minor updates toexisting content.
October 7, 2020
Content updated (p. 165) Updated minimal deployablepattern code snippets and bestpractice defaults for all patterns.
October 5, 2020
Content updated (p. 165) Updated properties for aws-kinesisstreams-lambda patternto reflect breaking change.
September 14, 2020
Content updated (p. 165) Minor fix to second part ofwalkthrough.
September 10, 2020
Content updated (p. 165) Added aws-apigateway-kinesisstreams, aws-events-rule-sns, and aws-events-rule-sqspatterns.
September 10, 2020
Content updated (p. 165) Added aws-sns-sqs pattern;updates to all SNS patterns;minor typographical corrections.
September 2, 2020
Content updated (p. 165) Fixed module names for aws-sqs-lambda pattern.
August 31, 2020
165
AWS Solutions Constructs AWS Solutions
Content updated (p. 165) Fixed Python module name foraws-dynamodb-stream-lambda-elasticsearch-kibana pattern.
August 31, 2020
Content updated (p. 165) Updated defaults for Lambdapatterns; other minor updates.
August 27, 2020
Content updated (p. 165) Updated public properties for S3patterns; updated defaults forDynamoDB patterns.
August 10, 2020
Content updated (p. 165) Updated multiple patterns tohighlight default enforcement ofencryption in transit.
August 4, 2020
Content updated (p. 165) Added aws-lambda-sqs-lambdapattern; improved configurationinstructions in Getting Startedguide; updated all patternsto make additional resourcesavailable through publicproperties.
July 27, 2020
Content updated (p. 165) Added aws-lambda-sqs pattern;other minor updates.
July 20, 2020
Content updated (p. 165) Removed deployLambda anddeployBucket properties fromrelevant patterns; other minorupdates.
July 9, 2020
Content updated (p. 165) Added aws-lambda-step-function pattern and correctedminor typographical errors.
July 7, 2020
Content updated (p. 165) Added existingTableObj?property to select DynamoDBpatterns.
June 25, 2020
Content updated (p. 165) Several text corrections and fixesfor broken links.
June 23, 2020
Initial release (p. 165) AWS Solutions Constructs madepublicly available.
June 22, 2020
166
AWS Solutions Constructs AWS Solutions
NoticesCustomers are responsible for making their own independent assessment of the information in thisdocument. This document: (a) is for informational purposes only, (b) represents current AWS productofferings and practices, which are subject to change without notice, and (c) does not create anycommitments or assurances from AWS and its affiliates, suppliers or licensors. AWS products or servicesare provided “as is” without warranties, representations, or conditions of any kind, whether express orimplied. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements,and this document is not part of, nor does it modify, any agreement between AWS and its customers.
© 2020 Amazon Web Services, Inc. or its affiliates. All rights reserved.
167