gbvanrenswoude

import { aws_eks as eks } from "aws-cdk-lib";
import { aws_iam as iam } from "aws-cdk-lib";
import { aws_ec2 as ec2 } from "aws-cdk-lib";
import { aws_ssm as ssm } from "aws-cdk-lib";
import { Construct } from "constructs";
import { Duration, CfnJson } from "aws-cdk-lib";

interface KarpenterProps {
  /**
   * The FargateCluster on which karpenter needs to be added

gbvanrenswoude

// tslint:disable-next-line:max-line-length
const privateSubnetID1 = ec2.Subnet.fromSubnetId(this, 'DataSourcePrivateSubnetSSMParameter1', ssm.StringParameter.fromStringParameterAttributes(this, 'DataSourceSSMSubnet1', {
    parameterName: '/corp/landing-zone/vpc/subnets/private-1-id'
}).stringValue);

// SubnetSelection

vpcSubnets: { subnets: [privateSubnetID1, privateSubnetID2, privateSubnetID3] }

gbvanrenswoude

{
    "openapi": "3.0.1",
    "info": {
        "title": "fwhoof",
        "version": "2021-10-17T18:09:20Z"
    },
    "servers": [
        {
            "url": "https://whoof.corp"
        }

gbvanrenswoude

# Lets take a simple event
# and event.json is the jsonschema of it
# {
#   "administration": "YOURBACKOFFICECODE",
#   "personNumber": 1337
# }


import json
from logging import getLogger, INFO

gbvanrenswoude

from schema.your_schema_openapiv3 import Event
from schema.your_schema_openapiv3 import AWSEvent
from schema.your_schema_openapiv3 import Marshaller
import json

def lambda_handler(event, context):
    """function

    Parameters
    ----------

gbvanrenswoude

// Proxies https://github.com/ottokruse/aws-apigw-authorizer to function as a Custom Authorizer for AWS API Gatewayv2 Websocket Custom Authorizer when sending JWT tokens.
// Send your JWT token as a querystringparameter 't' in the connection url to your Websocket api
// or set your own querystringparameter name using process.env.webSocketQueryStringParameterName

import { ApiGatewayAuthorizer } from 'aws-apigw-authorizer';
import * as AWSLambda from 'aws-lambda';

const lambdaAuthorizer = new ApiGatewayAuthorizer({ policyBuilder: customPolicyBuilder });

// NOTE type checking seems off in the source, this does not return a AWSLambda.PolicyDocument, but we ignore it

gbvanrenswoude

import json
import os

import requests
from requests.structures import CaseInsensitiveDict

headers = {"Accept": "application/json","Content-Type": "application/json" ,"Authorization": "Bearer " + os.environ['grafana_pw']}

# package dashboard with on the fs since usually the string is too long
with open("dashboard.json") as file:

gbvanrenswoude

from requests_aws4auth import AWS4Auth
import boto3
import requests

credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, 'eu-central-1', 'es', session_token=credentials.token)

r = requests.get(url, auth=awsauth)

gbvanrenswoude

# Talk to an AWS IAM protected ElasticSearch cluster
# Since its pretty hard to resort for this kind of stuff to curl (or extentions on it) we use Python
# Also, since its bothersome to check for the correct credentials place (disk, env, metadata endpoint, containerdata endpoint)
# its better to just peel out SigV4Auth from botocore.auth
# pip3 install boto3 requests
import boto3
from botocore.auth import SigV4Auth
from botocore.awsrequest import AWSRequest
import requests, sys

gbvanrenswoude

from aws_cdk import (
    core,
    aws_elasticloadbalancingv2 as elbv2,
    aws_secretsmanager as sm
)

[...]

secret_bundle = sm.Secret.from_secret_arn(
    self,