Last active
April 30, 2025 09:17
-
-
Save ran-isenberg/10d5a096bfeec7b7f6fab85998630137 to your computer and use it in GitHub Desktop.
appsync_events_construct.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import aws_cdk.aws_logs as logs | |
| from aws_cdk import ( | |
| aws_appsync as appsync, | |
| ) | |
| from aws_cdk import ( | |
| aws_iam as iam, | |
| ) | |
| from aws_cdk import ( | |
| aws_wafv2 as wafv2, | |
| ) | |
| from aws_cdk.aws_lambda import Function | |
| from constructs import Construct | |
| class AppSyncEventsApi(Construct): | |
| def __init__(self, scope: Construct, id_: str, web_acl_arn: str, lambda_function_data_source: Function) -> None: | |
| super().__init__(scope, id_) | |
| self.id_ = id_ | |
| api_key_provider = appsync.AppSyncAuthProvider(authorization_type=appsync.AppSyncAuthorizationType.API_KEY) | |
| self.api = appsync.EventApi( | |
| self, | |
| 'api', | |
| api_name='my-events-api', | |
| owner_contact='ran.isenberg at ranthebuilder.cloud', | |
| authorization_config=appsync.EventApiAuthConfig( | |
| auth_providers=[api_key_provider], | |
| connection_auth_mode_types=[appsync.AppSyncAuthorizationType.API_KEY], | |
| default_publish_auth_mode_types=[appsync.AppSyncAuthorizationType.API_KEY], | |
| default_subscribe_auth_mode_types=[appsync.AppSyncAuthorizationType.API_KEY], | |
| ), | |
| log_config=appsync.AppSyncLogConfig(field_log_level=appsync.AppSyncFieldLogLevel.INFO, retention=logs.RetentionDays.ONE_WEEK), | |
| ) | |
| # Create IAM Role for AppSync to invoke the Lambda | |
| self.service_role = iam.Role( | |
| self, | |
| 'AppSyncInvokeLambdaRole', | |
| assumed_by=iam.ServicePrincipal('appsync.amazonaws.com'), | |
| description='Role for AppSync to invoke the Lambda', | |
| inline_policies={ | |
| 'AppSyncInvokeLambdaPolicy': iam.PolicyDocument( | |
| statements=[ | |
| iam.PolicyStatement( | |
| actions=['lambda:InvokeFunction'], | |
| resources=[lambda_function_data_source.function_arn], | |
| effect=iam.Effect.ALLOW, | |
| ) | |
| ] | |
| ) | |
| }, | |
| ) | |
| # Create Lambda DataSource | |
| self.data_source = appsync.AppSyncBackedDataSource( | |
| self, | |
| id='AppSyncDataSource', | |
| props=appsync.AppSyncBackedDataSourceProps( | |
| api=self.api, | |
| name='myLambdaDataSource', | |
| description='Mono Lambda to control publish and subscribe', | |
| service_role=self.service_role, | |
| ), | |
| type=appsync.AppSyncDataSourceType.LAMBDA, | |
| lambda_config=appsync.CfnDataSource.LambdaConfigProperty(lambda_function_arn=lambda_function_data_source.function_arn), | |
| ) | |
| # Add namespace for publish and subscribe | |
| self.api.add_channel_namespace( | |
| 'default', | |
| publish_handler_config=appsync.HandlerConfig( | |
| data_source=self.data_source, | |
| direct=True, | |
| lambda_invoke_type=appsync.LambdaInvokeType.REQUEST_RESPONSE, | |
| ), | |
| subscribe_handler_config=appsync.HandlerConfig( | |
| data_source=self.data_source, | |
| direct=True, | |
| lambda_invoke_type=appsync.LambdaInvokeType.REQUEST_RESPONSE, | |
| ), | |
| ) | |
| # Associate the WAF WebACL to the AppSync API | |
| wafv2.CfnWebACLAssociation( | |
| self, | |
| 'EventsApiWafAssociation', | |
| resource_arn=self.api.api_arn, | |
| web_acl_arn=web_acl_arn, | |
| ) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment