runway.blueprints.staticsite.auth_at_edge module
Blueprint for the Authorization@Edge implementation of a Static Site.
Described in detail in this blogpost: https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-how-to-use-lambdaedge-and-json-web-tokens-to-enhance-web-application-security/
- class runway.blueprints.staticsite.auth_at_edge.AuthAtEdge[source]
Bases:
runway.blueprints.staticsite.staticsite.StaticSite
Auth@Edge Blueprint.
- __init__(name: str, context: runway.context.CfnginContext, mappings: Optional[Dict[str, Dict[str, Any]]] = None, description: Optional[str] = None) None [source]
Initialize the Blueprint.
- Parameters
name – A name for the blueprint.
context – Context the blueprint is being executed under.
mappings – CloudFormation Mappings to be used in the template.
description – Used to describe the resulting CloudFormation template.
- get_auth_at_edge_lambda_and_ver(title: str, description: str, handle: str, role: troposphere.iam.Role) Dict[str, Any] [source]
Create a lambda function and its version.
- Parameters
title – The name of the function in PascalCase.
description – Description to be displayed in the lambda panel.
handle – The underscore separated representation of the name of the lambda. This handle is used to determine the handler for the lambda as well as identify the correct Code hook_data information.
role – The Lambda Execution Role.
- get_auth_at_edge_lambda(title: str, description: str, handler: str, role: troposphere.iam.Role) troposphere.awslambda.Function [source]
Create an Auth@Edge lambda resource.
- Parameters
title – The name of the function in PascalCase.
description – Description to be displayed in the lambda panel.
handler – The underscore separated representation of the name of the lambda. This handle is used to determine the handler for the lambda as well as identify the correct Code hook_data information.
role – The Lambda Execution Role.
- add_version(title: str, lambda_function: troposphere.awslambda.Function) troposphere.awslambda.Version [source]
Create a version association with a Lambda@Edge function.
In order to ensure different versions of the function are appropriately uploaded a hash based on the code of the lambda is appended to the name. As the code changes so will this hash value.
- Parameters
title – The name of the function in PascalCase.
lambda_function – The Lambda function.
- get_distribution_options(bucket: troposphere.s3.Bucket, oai: troposphere.cloudfront.CloudFrontOriginAccessIdentity, lambda_funcs: List[troposphere.cloudfront.LambdaFunctionAssociation], check_auth_lambda_version: troposphere.awslambda.Version, http_headers_lambda_version: troposphere.awslambda.Version, parse_auth_lambda_version: troposphere.awslambda.Version, refresh_auth_lambda_version: troposphere.awslambda.Version, sign_out_lambda_version: troposphere.awslambda.Version) Dict[str, Any] [source]
Retrieve the options for our CloudFront distribution.
- Keyword Arguments
bucket – The bucket resource.
oai – The origin access identity resource.
lambda_funcs – List of Lambda Function associations.
check_auth_lambda_version – Lambda Function Version to use.
http_headers_lambda_version – Lambda Function Version to use.
parse_auth_lambda_version – Lambda Function Version to use.
refresh_auth_lambda_version – Lambda Function Version to use.
sign_out_lambda_version – Lambda Function Version to use.
- Returns
The CloudFront Distribution Options.
- __new__(**kwargs)
- add_acm_cert() Union[cloudfront.ViewerCertificate, Ref]
Add ACM cert.
- add_bucket() troposphere.s3.Bucket
Add the bucket resource along with an output of it’s name / website url.
- Returns
The bucket resource.
- add_bucket_policy(bucket: troposphere.s3.Bucket) troposphere.s3.BucketPolicy
Add a policy to the bucket if CloudFront is disabled. Ensure PublicRead.
- Parameters
bucket – The bucket resource to place the policy.
- Returns
The Bucket Policy Resource.
- add_cloudfront_bucket_policy(bucket: troposphere.s3.Bucket, oai: troposphere.cloudfront.CloudFrontOriginAccessIdentity) troposphere.s3.BucketPolicy
Given a bucket and oai resource add cloudfront access to the bucket.
- Keyword Arguments
bucket – A bucket resource.
oai – An Origin Access Identity resource.
- Returns
The CloudFront Bucket access resource.
- add_cloudfront_directory_index_rewrite(role: troposphere.iam.Role) troposphere.awslambda.Function
Add an index CloudFront directory index rewrite lambda function to the template.
- Keyword Arguments
role – The index rewrite role resource.
- Returns
The CloudFront directory index rewrite lambda function resource.
- add_cloudfront_directory_index_rewrite_version(directory_index_rewrite: troposphere.awslambda.Function) troposphere.awslambda.Version
Add a specific version to the directory index rewrite lambda.
- Parameters
directory_index_rewrite – The directory index rewrite lambda resource.
- Returns
The CloudFront directory index rewrite version.
- add_cloudfront_distribution(bucket_policy: troposphere.s3.BucketPolicy, cloudfront_distribution_options: Dict[str, Any]) troposphere.cloudfront.Distribution
Add the CloudFront distribution to the template / output the id and domain name.
- Parameters
bucket_policy – Bucket policy to allow CloudFront access.
cloudfront_distribution_options – The distribution options.
- Returns
The CloudFront Distribution resource
- add_lambda_execution_role(name: str = 'LambdaExecutionRole', function_name: str = '') troposphere.iam.Role
Create the Lambda@Edge execution role.
- Parameters
name – Name for the Lambda Execution Role.
function_name – Name of the Lambda Function the Role will be attached to.
- add_logging_bucket() Union[cloudfront.Logging, Ref]
Add Logging Bucket.
- add_origin_access_identity() troposphere.cloudfront.CloudFrontOriginAccessIdentity
Add the origin access identity resource to the template.
- add_output(name: str, value: Any) None
Add an output to the template.
Wrapper for
self.template.add_output(Output(name, Value=value))
.- Parameters
name – The name of the output to create.
value – The value to put in the output.
- property cfn_parameters: Dict[str, Union[List[Any], str]]
Return a dict of variables with type
CFNType
.New in version 2.0.0.
- Returns
Variables that need to be submitted as CloudFormation Parameters.
- property defined_variables: Dict[str, BlueprintVariableTypeDef]
Return a copy of
VARIABLES
to avoid accidental modification of the ClassVar.Changed in version 2.0.0: Changed from a method to a property.
- get_cfn_parameters() Dict[str, Union[List[Any], str]]
Return a dictionary of variables with type
CFNType
.Deprecated since version 2.0.0: Replaced by
cfn_parameters
.- Returns
Variables that need to be submitted as CloudFormation Parameters.
- get_cloudfront_distribution_options(bucket: troposphere.s3.Bucket, oai: troposphere.cloudfront.CloudFrontOriginAccessIdentity, lambda_function_associations: List[troposphere.cloudfront.LambdaFunctionAssociation]) Dict[str, Any]
Retrieve the options for our CloudFront distribution.
- Parameters
bucket – The bucket resource
oai – The origin access identity resource.
lambda_function_associations – List of Lambda Function associations.
- Returns
The CloudFront Distribution Options.
- static get_directory_index_lambda_association(lambda_associations: List[troposphere.cloudfront.LambdaFunctionAssociation], directory_index_rewrite_version: troposphere.awslambda.Version) List[troposphere.cloudfront.LambdaFunctionAssociation]
Retrieve the directory index lambda associations with the added rewriter.
- Parameters
lambda_associations – The lambda associations.
directory_index_rewrite_version – The directory index rewrite version.
- get_lambda_associations() List[troposphere.cloudfront.LambdaFunctionAssociation]
Retrieve any lambda associations from the instance variables.
- get_output_definitions() Dict[str, Dict[str, Any]]
Get the output definitions.
Deprecated since version 2.0.0: Replaced by
output_definitions
.- Returns
Output definitions. Keys are output names, the values are dicts containing key/values for various output properties.
- get_parameter_definitions() Dict[str, BlueprintVariableTypeDef]
Get the parameter definitions to submit to CloudFormation.
Any variable definition whose type is an instance of
CFNType
will be returned as a CloudFormation Parameter.Deprecated since version 2.0.0: Replaced by
parameter_definitions
.- Returns
Parameter definitions. Keys are parameter names, the values are dicts containing key/values for various parameter properties.
- get_parameter_values() Dict[str, Union[List[Any], str]]
Return a dict of variables with type
CFNType
.Deprecated since version 2.0.0: Replaced by
parameter_values
.- Returns
Variables that need to be submitted as CloudFormation Parameters. Will be a dictionary of <parameter name>: <parameter value>.
- get_required_parameter_definitions() Dict[str, BlueprintVariableTypeDef]
Return all template parameters that do not have a default value.
Deprecated since version 2.0.0: Replaced by
required_parameter_definitions
.- Returns
Dict of required CloudFormation Parameters for the blueprint. Will be a dictionary of
<parameter name>: <parameter attributes>
.
- get_variables() Dict[str, Any]
Return a dictionary of variables available to the template.
These variables will have been defined within VARIABLES or self.defined_variables. Any variable value that contains a lookup will have been resolved.
Deprecated since version 2.0.0: Replaced by
variables
.- Returns
Variables available to the template.
- Raises
UnresolvedBlueprintVariables – If variables are unresolved.
- property output_definitions: Dict[str, Dict[str, Any]]
Get the output definitions.
New in version 2.0.0.
- Returns
Output definitions. Keys are output names, the values are dicts containing key/values for various output properties.
- property parameter_definitions: Dict[str, BlueprintVariableTypeDef]
Get the parameter definitions to submit to CloudFormation.
Any variable definition whose type is an instance of
CFNType
will be returned as a CloudFormation Parameter.New in version 2.0.0.
- Returns
Parameter definitions. Keys are parameter names, the values are dicts containing key/values for various parameter properties.
- property parameter_values: Dict[str, Union[List[Any], str]]
Return a dict of variables with type
CFNType
.New in version 2.0.0.
- Returns
Variables that need to be submitted as CloudFormation Parameters. Will be a dictionary of <parameter name>: <parameter value>.
- read_user_data(user_data_path: str) str
Read and parse a user_data file.
- Parameters
user_data_path – Path to the userdata file.
- property required_parameter_definitions: Dict[str, BlueprintVariableTypeDef]
Return all template parameters that do not have a default value.
New in version 2.0.0.
- Returns
Dict of required CloudFormation Parameters for the blueprint. Will be a dictionary of
<parameter name>: <parameter attributes>
.
- resolve_variables(provided_variables: List[runway.variables.Variable]) None
Resolve the values of the blueprint variables.
This will resolve the values of the VARIABLES with values from the env file, the config, and any lookups resolved.
- Parameters
provided_variables – List of provided variables.
- set_template_description(description: str) None
Add a description to the Template.
- Parameters
description – A description to be added to the resulting template.
- to_json(variables: Optional[Dict[str, Any]] = None) str
Render the blueprint and return the template in json form.
- Parameters
variables – Dictionary providing/overriding variable values.
- property variables: Dict[str, Any]
Return a Dict of variables available to the Template.
These variables will have been defined within
VARIABLES
ordefined_variables
. Any variable value that contains a Lookup will have been resolved.New in version 2.0.0.
- Returns
Variables available to the Template.
- Raises
UnresolvedBlueprintVariables – If variables are unresolved.