neulabs-cdk-constructs


Nameneulabs-cdk-constructs JSON
Version 0.7.0 PyPI version JSON
download
home_pagehttps://github.com/neulabscom/neulabs-cdk-constructs.git
Summaryneulabs-cdk-constructs
upload_time2024-03-29 09:27:41
maintainerNone
docs_urlNone
authorNeulabs<tech@neulabs.com>
requires_python~=3.8
licenseApache-2.0
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            ---


## id: index
title: Getting Started

# Neulabs CDK Constructs

[![NPM](https://img.shields.io/npm/v/neulabs-cdk-constructs?color=blue&label=npm+cdk)](https://www.npmjs.com/package/neulabs-cdk-constructs)
[![PyPI](https://img.shields.io/pypi/v/neulabs-cdk-constructs?color=blue&label=pypi+cdk)](https://pypi.org/project/neulabs-cdk-constructs/)
[![PyPI](https://img.shields.io/github/last-commit/neulabscom/neulabs-cdk-constructs/main)](https://github.com/neulabscom/neulabs-cdk-constructs/commits/main)
[![License](https://img.shields.io/badge/license-Apache--2.0-blue)](https://github.com/neulabscom/neulabs-cdk-constructs/blob/main/LICENSE)

The neulabs-cdk-constructs library contains CDK-based constructs and stacks to allow the creation of cloud infrastructure on AWS.

The purpose of the library is to expose modules that can facilitate the creation and maintenance of the infrastructure as code.

Inside you will find generic stacks that allow the creation of services by simply instantiating a class, or constructs that implement logic to facilitate the developer and many other aspects.

We decided to develop it in Typescript, using projen for repository management, and the JSII library to be able to compile the neulabs-cdk-constructs package into multiple languages.

## Usage

### Package Installation (npm)

```
yarn add neulabs-cdk-constructs
# or
npm install neulabs-cdk-constructs
```

### Package Installation (python)

```
pip install neulabs-cdk-constructs
```

### Construct APIs

[![View on Construct Hub](https://constructs.dev/badge?package=neulabs-cdk-constructs)](https://constructs.dev/packages/neulabs-cdk-constructs)

## Examples

### Lambda Function with New Relic

```
import {aws_lambda as neulabs_lambda} from 'neulabs-cdk-constructs';


    // Create the lambda function
    this.lambdaFn = new neulabs_lambda.NewRelicFunction(this, functionName, {
      stage: props.stage,
      functionName: functionName,
      runtime: Runtime.PYTHON_3_9,
      handler: 'app.handler',
      code: Code.fromAsset(path.join(__dirname, handler), {}),
      layers: [baseLayer, ...(layers || [])],
      environment: props.environment,
      memorySize: props.memorySize || 128,
      timeout: props.timeout || Duration.seconds(30),
      architecture: lambda.Architecture.X86_64,
      newRelicAccountId: '3540246',
      newRelicLayerName: 'NewRelicPython39',
      newRelicLayerVersion: 49,
      newRelicwithExtensionSendLogs: true,
      disableNewRelic: props.stage === 'production' ? false : true,
    });

    this.lambdaFn.addPowerToolsLayer(
      app,
      neulabs_lambda.LambdaPowerToolsLayerName.TYPESCRIPT,
      neulabs_lambda.LambdaPowerToolsLayerAccountId.TYPESCRIPT,
      20,
      props.stage === 'production' ? false : true,
      props.stage === 'production' ? 'WARGNING' : 'DEBUG'
    );
```

### Create Github OIDC

AWS (Amazon Web Services) supports the use of OpenID Connect (OIDC) for identity federation. OIDC allows you to use an identity provider (such as GitHub) to authenticate users and grant them temporary security credentials to access AWS resources. Here's a brief overview of using GitHub as an identity provider with AWS OIDC:

* **Identity Provider (GitHub)**: GitHub acts as the identity provider in this setup. Users authenticate with GitHub, and GitHub issues identity tokens following the OIDC standard.
* **AWS IAM Role**: In AWS, you create an IAM (Identity and Access Management) role that specifies the permissions users should have when authenticated. This role trusts the GitHub OIDC provider.
* **GithubOIDCStack a neulabs construct**: create a new stack with three roles:

  * **github-oidc-workflow-role** user used for authentication
  * **cdk-oidc-deploy-role** role used for cdk deploying
  * **cdk-oidc-bootsrap-role** role used for cdk bootstrap

1. Create GithubOIDCStack

```
environment = process.env.ENVIRONMENT! || 'staging';

new GithubOIDCStack(app, 'OidcStack', {
  env: {
    account: process.env.CDK_DEFAULT_ACCOUNT,
    region: process.env.CDK_DEFAULT_REGION,
  },
  stage: environment,
  githubUser: 'username',
  githubRepository: 'repositoryName', # You can also use '*'
  tokenAction: TokenActions.ALL,
  cdkDeployRoleAwsManagedPolicies: ['AdministratorAccess'],
});
```

1. Use oidc role to authenticate the Github workflow

```
...

permissions:
  id-token: write
  contents: read

jobs:
  ...
  deploy:
    name: OIDC Auth
    runs-on: ubuntu-20.04
    steps:
      - name: Configure aws credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          role-to-assume: arn:aws:iam::{ACCOUNT ID}:role/github-oidc-workflow-role
          aws-region: {REGION}
          mask-aws-account-id: no
  ...
```

### Create NewRelic Connection

The NewRelicStack implements the infrastructure to send metrics and logs to Newrelic through Kinesis and Cloudwatch Stream.
Once deployed you can copy the ARN of the 'NewRelicInfrastructure-Integrations' role and use it to configure Newrelic.

```
  new NewRelicStack(app, 'NewrelicStack', {
    env: constants.env,
    stage: constants.environment,
    newRelicBucketName: `newrelic-${constants.awsAccountId}-${constants.environment}`,
    newRelicAccountId: newRelicAccountId,
    newRelicLicenseKey: newRelicLicenseKey,
    newRelicApiUrlMetrics: EndpointUrlMetrics.EU_METRICS,
    newRelicApiUrlLogs: EndpointUrlLogs.EU_LOGS,
  });
```

## Dev mode

### Requirements

* Node >= v20.12.0
* Yarn >= 1.22

### Setup env

```
yarn install

npx projen default

chmod +x .husky/pre-commit

cd docs yarn install
```

## Contributors

### Rules

Read the [`CONTRIBUTING.md`](https://github.com/neulabscom/neulabs-cdk-constructs/blob/main/CONTRIBUTING.md) and [`CODE_OF_CONDUCT.md`](https://github.com/neulabscom/neulabs-cdk-constructs/blob/main/CODE_OF_CONDUCT.md) before create pull-request.

### Developers

<a href="https://github.com/neulabscom/neulabs-cdk-constructs/graphs/contributors"> <img src="https://contrib.rocks/image?repo=neulabscom/neulabs-cdk-constructs" /> </a>

## License

See the `LICENSE` file for more information.

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/neulabscom/neulabs-cdk-constructs.git",
    "name": "neulabs-cdk-constructs",
    "maintainer": null,
    "docs_url": null,
    "requires_python": "~=3.8",
    "maintainer_email": null,
    "keywords": null,
    "author": "Neulabs<tech@neulabs.com>",
    "author_email": null,
    "download_url": "https://files.pythonhosted.org/packages/ab/d9/fd69d54fe516b3f9e05506837a296a9876eff1fc5e68f97323211c241eca/neulabs-cdk-constructs-0.7.0.tar.gz",
    "platform": null,
    "description": "---\n\n\n## id: index\ntitle: Getting Started\n\n# Neulabs CDK Constructs\n\n[![NPM](https://img.shields.io/npm/v/neulabs-cdk-constructs?color=blue&label=npm+cdk)](https://www.npmjs.com/package/neulabs-cdk-constructs)\n[![PyPI](https://img.shields.io/pypi/v/neulabs-cdk-constructs?color=blue&label=pypi+cdk)](https://pypi.org/project/neulabs-cdk-constructs/)\n[![PyPI](https://img.shields.io/github/last-commit/neulabscom/neulabs-cdk-constructs/main)](https://github.com/neulabscom/neulabs-cdk-constructs/commits/main)\n[![License](https://img.shields.io/badge/license-Apache--2.0-blue)](https://github.com/neulabscom/neulabs-cdk-constructs/blob/main/LICENSE)\n\nThe neulabs-cdk-constructs library contains CDK-based constructs and stacks to allow the creation of cloud infrastructure on AWS.\n\nThe purpose of the library is to expose modules that can facilitate the creation and maintenance of the infrastructure as code.\n\nInside you will find generic stacks that allow the creation of services by simply instantiating a class, or constructs that implement logic to facilitate the developer and many other aspects.\n\nWe decided to develop it in Typescript, using projen for repository management, and the JSII library to be able to compile the neulabs-cdk-constructs package into multiple languages.\n\n## Usage\n\n### Package Installation (npm)\n\n```\nyarn add neulabs-cdk-constructs\n# or\nnpm install neulabs-cdk-constructs\n```\n\n### Package Installation (python)\n\n```\npip install neulabs-cdk-constructs\n```\n\n### Construct APIs\n\n[![View on Construct Hub](https://constructs.dev/badge?package=neulabs-cdk-constructs)](https://constructs.dev/packages/neulabs-cdk-constructs)\n\n## Examples\n\n### Lambda Function with New Relic\n\n```\nimport {aws_lambda as neulabs_lambda} from 'neulabs-cdk-constructs';\n\n\n    // Create the lambda function\n    this.lambdaFn = new neulabs_lambda.NewRelicFunction(this, functionName, {\n      stage: props.stage,\n      functionName: functionName,\n      runtime: Runtime.PYTHON_3_9,\n      handler: 'app.handler',\n      code: Code.fromAsset(path.join(__dirname, handler), {}),\n      layers: [baseLayer, ...(layers || [])],\n      environment: props.environment,\n      memorySize: props.memorySize || 128,\n      timeout: props.timeout || Duration.seconds(30),\n      architecture: lambda.Architecture.X86_64,\n      newRelicAccountId: '3540246',\n      newRelicLayerName: 'NewRelicPython39',\n      newRelicLayerVersion: 49,\n      newRelicwithExtensionSendLogs: true,\n      disableNewRelic: props.stage === 'production' ? false : true,\n    });\n\n    this.lambdaFn.addPowerToolsLayer(\n      app,\n      neulabs_lambda.LambdaPowerToolsLayerName.TYPESCRIPT,\n      neulabs_lambda.LambdaPowerToolsLayerAccountId.TYPESCRIPT,\n      20,\n      props.stage === 'production' ? false : true,\n      props.stage === 'production' ? 'WARGNING' : 'DEBUG'\n    );\n```\n\n### Create Github OIDC\n\nAWS (Amazon Web Services) supports the use of OpenID Connect (OIDC) for identity federation. OIDC allows you to use an identity provider (such as GitHub) to authenticate users and grant them temporary security credentials to access AWS resources. Here's a brief overview of using GitHub as an identity provider with AWS OIDC:\n\n* **Identity Provider (GitHub)**: GitHub acts as the identity provider in this setup. Users authenticate with GitHub, and GitHub issues identity tokens following the OIDC standard.\n* **AWS IAM Role**: In AWS, you create an IAM (Identity and Access Management) role that specifies the permissions users should have when authenticated. This role trusts the GitHub OIDC provider.\n* **GithubOIDCStack a neulabs construct**: create a new stack with three roles:\n\n  * **github-oidc-workflow-role** user used for authentication\n  * **cdk-oidc-deploy-role** role used for cdk deploying\n  * **cdk-oidc-bootsrap-role** role used for cdk bootstrap\n\n1. Create GithubOIDCStack\n\n```\nenvironment = process.env.ENVIRONMENT! || 'staging';\n\nnew GithubOIDCStack(app, 'OidcStack', {\n  env: {\n    account: process.env.CDK_DEFAULT_ACCOUNT,\n    region: process.env.CDK_DEFAULT_REGION,\n  },\n  stage: environment,\n  githubUser: 'username',\n  githubRepository: 'repositoryName', # You can also use '*'\n  tokenAction: TokenActions.ALL,\n  cdkDeployRoleAwsManagedPolicies: ['AdministratorAccess'],\n});\n```\n\n1. Use oidc role to authenticate the Github workflow\n\n```\n...\n\npermissions:\n  id-token: write\n  contents: read\n\njobs:\n  ...\n  deploy:\n    name: OIDC Auth\n    runs-on: ubuntu-20.04\n    steps:\n      - name: Configure aws credentials\n        uses: aws-actions/configure-aws-credentials@v1\n        with:\n          role-to-assume: arn:aws:iam::{ACCOUNT ID}:role/github-oidc-workflow-role\n          aws-region: {REGION}\n          mask-aws-account-id: no\n  ...\n```\n\n### Create NewRelic Connection\n\nThe NewRelicStack implements the infrastructure to send metrics and logs to Newrelic through Kinesis and Cloudwatch Stream.\nOnce deployed you can copy the ARN of the 'NewRelicInfrastructure-Integrations' role and use it to configure Newrelic.\n\n```\n  new NewRelicStack(app, 'NewrelicStack', {\n    env: constants.env,\n    stage: constants.environment,\n    newRelicBucketName: `newrelic-${constants.awsAccountId}-${constants.environment}`,\n    newRelicAccountId: newRelicAccountId,\n    newRelicLicenseKey: newRelicLicenseKey,\n    newRelicApiUrlMetrics: EndpointUrlMetrics.EU_METRICS,\n    newRelicApiUrlLogs: EndpointUrlLogs.EU_LOGS,\n  });\n```\n\n## Dev mode\n\n### Requirements\n\n* Node >= v20.12.0\n* Yarn >= 1.22\n\n### Setup env\n\n```\nyarn install\n\nnpx projen default\n\nchmod +x .husky/pre-commit\n\ncd docs yarn install\n```\n\n## Contributors\n\n### Rules\n\nRead the [`CONTRIBUTING.md`](https://github.com/neulabscom/neulabs-cdk-constructs/blob/main/CONTRIBUTING.md) and [`CODE_OF_CONDUCT.md`](https://github.com/neulabscom/neulabs-cdk-constructs/blob/main/CODE_OF_CONDUCT.md) before create pull-request.\n\n### Developers\n\n<a href=\"https://github.com/neulabscom/neulabs-cdk-constructs/graphs/contributors\"> <img src=\"https://contrib.rocks/image?repo=neulabscom/neulabs-cdk-constructs\" /> </a>\n\n## License\n\nSee the `LICENSE` file for more information.\n",
    "bugtrack_url": null,
    "license": "Apache-2.0",
    "summary": "neulabs-cdk-constructs",
    "version": "0.7.0",
    "project_urls": {
        "Homepage": "https://github.com/neulabscom/neulabs-cdk-constructs.git",
        "Source": "https://github.com/neulabscom/neulabs-cdk-constructs.git"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "f48c876a5cbb670697ed1fd173656cc0c90c618b9830645cd3b920df7bac3da5",
                "md5": "13322d4f13c51052b477c7bd33eb8c07",
                "sha256": "73629aaf5d44a986e20b8eeec1dd4ee513fdc752a2c9f9176bd8eab9a32c81f5"
            },
            "downloads": -1,
            "filename": "neulabs_cdk_constructs-0.7.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "13322d4f13c51052b477c7bd33eb8c07",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": "~=3.8",
            "size": 371508,
            "upload_time": "2024-03-29T09:27:39",
            "upload_time_iso_8601": "2024-03-29T09:27:39.425098Z",
            "url": "https://files.pythonhosted.org/packages/f4/8c/876a5cbb670697ed1fd173656cc0c90c618b9830645cd3b920df7bac3da5/neulabs_cdk_constructs-0.7.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "abd9fd69d54fe516b3f9e05506837a296a9876eff1fc5e68f97323211c241eca",
                "md5": "ad8fe4ce608c1a558b15783490e2887f",
                "sha256": "d333bdd320917a939c079032d87ea843ebb1fc93d3704d97c4c7b9fe33c5fd1d"
            },
            "downloads": -1,
            "filename": "neulabs-cdk-constructs-0.7.0.tar.gz",
            "has_sig": false,
            "md5_digest": "ad8fe4ce608c1a558b15783490e2887f",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": "~=3.8",
            "size": 368583,
            "upload_time": "2024-03-29T09:27:41",
            "upload_time_iso_8601": "2024-03-29T09:27:41.182459Z",
            "url": "https://files.pythonhosted.org/packages/ab/d9/fd69d54fe516b3f9e05506837a296a9876eff1fc5e68f97323211c241eca/neulabs-cdk-constructs-0.7.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-03-29 09:27:41",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "neulabscom",
    "github_project": "neulabs-cdk-constructs",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "neulabs-cdk-constructs"
}
        
Elapsed time: 0.19378s