+ Support for python CI/CD

Author: anandshah123

infrastructure-cdk/bin/infra-app.ts

@@ -2,7 +2,11 @@
 import * as cdk from 'aws-cdk-lib';
 import {InfraPipelineStack} from '../lib/infra-pipeline-stack';
 import {ApplicationPipelineStack} from "../lib/application-pipeline-stack";
+import { Aspects } from 'aws-cdk-lib';
+import { AwsSolutionsChecks } from 'cdk-nag';
 
 const app = new cdk.App();
 new ApplicationPipelineStack(app, 'ApplicationPipelineStack');
 new InfraPipelineStack(app, 'InfraPipelineStack');
+
+// Aspects.of(app).add(new AwsSolutionsChecks({ verbose: true }));

infrastructure-cdk/data-source-function/app.py

@@ -4,4 +4,4 @@
 kinesis = boto3.client("kinesis")
 
 def lambda_handler(event, context):
-    kinesis.put_record(StreamName=os.environ["STREAM_NAME"], Data=b'This is test message from the Lambda function', PartitionKey="default")
+    kinesis.put_record(StreamName=os.environ["STREAM_NAME"], Data=b'{"message":"This is test message from the Lambda function"}', PartitionKey="default")

infrastructure-cdk/lib/application-pipeline-stack.ts

@@ -2,7 +2,9 @@ import {Aws, CfnOutput, RemovalPolicy, Stack, StackProps} from 'aws-cdk-lib';
 import {Construct} from 'constructs';
 import {JavaBuildPipeline} from "./constructs/java-build-pipeline";
 import {BlockPublicAccess, Bucket, BucketEncryption} from "aws-cdk-lib/aws-s3";
-import {APPLICATION_NAME, ASSET_BUCKET_EXPORT_NAME} from "./shared-vars";
+import {APPLICATION_NAME, ASSET_BUCKET_EXPORT_NAME, BUILD_FOR_RUNTIME} from "./shared-vars";
+import {ApplicationRuntime} from "./constructs/application-runtime";
+import {PythonBuildPipeline} from "./constructs/python-build-pipeline";
 
 export class ApplicationPipelineStack extends Stack {
     constructor(scope: Construct, id: string, props?: StackProps) {
@@ -17,12 +19,22 @@ export class ApplicationPipelineStack extends Stack {
             removalPolicy: RemovalPolicy.DESTROY
         });
 
-        const javaBuildPipeline = new JavaBuildPipeline(this, 'java-app', {
-            appName: APPLICATION_NAME,
-            deployBucket: artifactBucket,
-            repositoryName: APPLICATION_NAME,
-            projectRoot: APPLICATION_NAME
-        });
+        let buildPipeline;
+        // @ts-ignore
+        if (BUILD_FOR_RUNTIME == ApplicationRuntime.JAVA)
+            buildPipeline = new JavaBuildPipeline(this, 'java-app', {
+                appName: APPLICATION_NAME,
+                deployBucket: artifactBucket,
+                repositoryName: APPLICATION_NAME,
+                projectRoot: APPLICATION_NAME
+            });
+        else
+            buildPipeline = new PythonBuildPipeline(this, 'python-app', {
+                appName: APPLICATION_NAME,
+                deployBucket: artifactBucket,
+                repositoryName: APPLICATION_NAME,
+                projectRoot: APPLICATION_NAME
+            });
 
         new CfnOutput(this, 'ArtifactBucketName', {
             value: artifactBucket.bucketName,
@@ -36,7 +48,7 @@ export class ApplicationPipelineStack extends Stack {
         });
 
         new CfnOutput(this, 'ApplicationCodePipelineLink', {
-            value: "https://console.aws.amazon.com/codesuite/codepipeline/pipelines/" + javaBuildPipeline.pipeline.pipelineName + "/view?region=" + Aws.REGION,
+            value: "https://console.aws.amazon.com/codesuite/codepipeline/pipelines/" + buildPipeline.pipeline.pipelineName + "/view?region=" + Aws.REGION,
             description: "Application AWS CodePipeline Link"
         });
 

infrastructure-cdk/lib/application-stack.ts

@@ -5,9 +5,16 @@ import {APPLICATION_NAME, ASSET_BUCKET_EXPORT_NAME} from "./shared-vars";
 import {Stream, StreamEncryption, StreamMode} from "aws-cdk-lib/aws-kinesis";
 import {Code, Function, Runtime} from "aws-cdk-lib/aws-lambda";
 import * as kda from "@aws-cdk/aws-kinesisanalytics-flink-alpha";
+import {ApplicationRuntime} from "./constructs/application-runtime";
+
+interface ApplicationStackProps {
+    runtime: ApplicationRuntime,
+    jarfile?: string
+}
+
 
 export class ApplicationStack extends Stack {
-    constructor(scope: Construct, id: string, props?: StackProps) {
+    constructor(scope: Construct, id: string, appProps: ApplicationStackProps, props?: StackProps) {
         super(scope, id, props);
         const assetBucket = Bucket.fromBucketName(this, 'imported-asset-bucket', Fn.importValue(ASSET_BUCKET_EXPORT_NAME));
 
@@ -28,18 +35,33 @@ export class ApplicationStack extends Stack {
 
         stream.grantWrite(dataSourceFn);
 
+        let propertyGroups: any = {
+            "KinesisReader": {
+                "input.stream.name": stream.streamName,
+                "aws.region": Aws.REGION,
+                "flink.stream.initpos": "LATEST"
+            }
+        };
+
+        let binaryPath = "jars/" + APPLICATION_NAME + "-latest.jar";
+        if (appProps.runtime == ApplicationRuntime.PYTHON) {
+            binaryPath = "python-binaries/" + APPLICATION_NAME + "-latest.zip";
+            propertyGroups["kinesis.analytics.flink.run.options"] = {
+                "python": "app.py",
+                "pyFiles": "dependencies"
+            };
+            if (appProps.jarfile) {
+                propertyGroups["kinesis.analytics.flink.run.options"]["jarfile"] = appProps.jarfile;
+            }
+        }
+
+
         const application = new kda.Application(this, 'app', {
                 applicationName: APPLICATION_NAME,
-                code: kda.ApplicationCode.fromBucket(assetBucket, "jars/" + APPLICATION_NAME + "-latest.jar"),
+                code: kda.ApplicationCode.fromBucket(assetBucket, binaryPath),
                 runtime: kda.Runtime.FLINK_1_13,
-                propertyGroups: {
-                    "KinesisReader": {
-                        "input.stream.name": stream.streamName,
-                        "aws.region": Aws.REGION,
-                        "flink.stream.initpos": "LATEST"
-                    },
-                },
-                snapshotsEnabled: false,
+                propertyGroups: propertyGroups,
+                snapshotsEnabled: false, // true for the real environment
                 parallelismPerKpu: 1,
                 removalPolicy: RemovalPolicy.DESTROY
             }

infrastructure-cdk/lib/constructs/application-runtime.ts

@@ -0,0 +1,4 @@
+export enum ApplicationRuntime {
+    JAVA,
+    PYTHON
+}

infrastructure-cdk/lib/constructs/java-build-pipeline.ts

@@ -128,7 +128,7 @@ export class JavaBuildPipeline extends Construct {
 
         versionUpdateFn.addToRolePolicy(new PolicyStatement({
             actions: ["kinesisanalytics:DescribeApplication", "kinesisanalytics:UpdateApplication"],
-            resources: ["arn:aws:kinesisanalytics:" + Aws.REGION + ":" + Aws.ACCOUNT_ID + ":application/*"]
+            resources: ["arn:aws:kinesisanalytics:" + Aws.REGION + ":" + Aws.ACCOUNT_ID + ":application/" + props.appName]
         }));
         versionUpdateFn.addToRolePolicy(new PolicyStatement({
             resources: ["*"],

infrastructure-cdk/lib/constructs/python-build-pipeline.ts

@@ -0,0 +1,147 @@
+import {Construct} from "constructs";
+import {BuildSpec, LinuxBuildImage, PipelineProject} from "aws-cdk-lib/aws-codebuild";
+import {IBucket} from "aws-cdk-lib/aws-s3";
+import {Artifact, Pipeline} from "aws-cdk-lib/aws-codepipeline";
+import {
+    CodeBuildAction,
+    LambdaInvokeAction,
+    ManualApprovalAction,
+    S3DeployAction,
+    S3SourceAction
+} from "aws-cdk-lib/aws-codepipeline-actions";
+import {Code, Function, Runtime} from "aws-cdk-lib/aws-lambda";
+import {Aws, Duration} from "aws-cdk-lib";
+import {PolicyStatement} from "aws-cdk-lib/aws-iam";
+import {SOURCE_CODE_ZIP} from "../shared-vars";
+
+
+interface PythonBuildPipelineProps {
+    appName: string
+    repositoryName: string
+    deployBucket: IBucket
+    projectRoot?: string
+    deployBucketBasePath?: string
+}
+
+export class PythonBuildPipeline extends Construct {
+    readonly pipeline: Pipeline
+
+    constructor(scope: Construct, id: string, props: PythonBuildPipelineProps) {
+        super(scope, id);
+
+        let directory = ".";
+        let s3BasePath = "python-binaries";
+        if (props.projectRoot) {
+            directory = props.projectRoot;
+        }
+        if (props.deployBucketBasePath) {
+            s3BasePath = props.deployBucketBasePath
+        }
+
+        const sourceAsset = new Artifact();
+        const defaultBuildSpec = BuildSpec.fromObject({
+            version: '0.2',
+            phases: {
+                install: {
+                    "runtime-versions": {
+                        "python": "3.x"
+                    }
+                },
+                build: {
+                    commands: [
+                        `cd ${directory}`,
+                        'mkdir dependencies',
+                        'pip3 install -r requirements.txt -t dependencies',
+                        `mkdir -p ${s3BasePath}`,
+                        `zip -r ${s3BasePath}/${props.appName}-latest.zip *.py lib/* dependencies`
+                    ]
+                }
+            },
+            artifacts: {
+                files: [
+                    `${s3BasePath}/${props.appName}.zip`
+                ],
+                'discard-paths': true,
+                'base-directory': directory
+            }
+        });
+
+        const project = new PipelineProject(this, 'Pipeline', {
+            environment: {
+                buildImage: LinuxBuildImage.STANDARD_5_0
+            },
+            buildSpec: defaultBuildSpec
+        });
+
+        const buildOutput = new Artifact();
+
+        this.pipeline = new Pipeline(this, 'CodePipeline', {
+            stages: [
+                // In real world use code snippet like below to work with repository
+                //
+                // {
+                //     stageName: "source", actions: [new GitHubSourceAction({
+                //         actionName: "CodeCheckout",
+                //         oauthToken: SecretValue.secretsManager("github-secret"),
+                //         output: sourceAsset,
+                //         owner: "some-owner",
+                //         repo: props.repositoryName
+                //     })]
+                // },
+                {
+                    stageName: "source", actions: [new S3SourceAction({
+                        output: sourceAsset,
+                        actionName: "Checkout",
+                        bucket: props.deployBucket,
+                        bucketKey: SOURCE_CODE_ZIP
+                    })]
+                },
+                {
+                    stageName: "build", actions: [new CodeBuildAction({
+                        input: sourceAsset, actionName: "CodeBuild", project: project, outputs: [buildOutput]
+                    })]
+                }, {
+                    stageName: "saveArtifact", actions: [new S3DeployAction({
+                        bucket: props.deployBucket,
+                        actionName: "SaveArtifact",
+                        input: buildOutput,
+                        extract: true
+                    })]
+                }, {
+                    stageName: "approval",
+                    actions: [new ManualApprovalAction({
+                        actionName: "Manual"
+                    })]
+                }]
+        });
+
+        const versionUpdateFn = new Function(this, 'version-update-fn', {
+            code: Code.fromAsset('flink-app-redeploy-hook'),
+            handler: "app.lambda_handler",
+            runtime: Runtime.PYTHON_3_9,
+            environment: {
+                ASSET_BUCKET_ARN: props.deployBucket.bucketArn,
+                FILE_KEY: s3BasePath + "/" + props.appName + "-latest.zip",
+                APP_NAME: props.appName
+            },
+            timeout: Duration.minutes(1)
+        });
+
+        versionUpdateFn.addToRolePolicy(new PolicyStatement({
+            actions: ["kinesisanalytics:DescribeApplication", "kinesisanalytics:UpdateApplication"],
+            resources: ["arn:aws:kinesisanalytics:" + Aws.REGION + ":" + Aws.ACCOUNT_ID + ":application/" + props.appName]
+        }));
+        versionUpdateFn.addToRolePolicy(new PolicyStatement({
+            resources: ["*"],
+            actions: ["codepipeline:PutJobSuccessResult", "codepipeline:PutJobFailureResult"]
+        }));
+
+        this.pipeline.addStage({
+            stageName: "deploy", actions: [new LambdaInvokeAction({
+                actionName: "Deploy",
+                lambda: versionUpdateFn
+            })]
+        });
+
+    }
+}

infrastructure-cdk/lib/real-time-application.ts

@@ -1,12 +1,23 @@
 import {Stage, StageProps} from "aws-cdk-lib";
 import {Construct} from "constructs";
 import {ApplicationStack} from "./application-stack";
+import {ApplicationRuntime} from "./constructs/application-runtime";
+import {BUILD_FOR_RUNTIME} from "./shared-vars";
 
 
 export class RealtimeApplication extends Stage {
     constructor(scope: Construct, id: string, props?: StageProps) {
         super(scope, id, props);
 
-        new ApplicationStack(this, 'ApplicationStack');
+        // @ts-ignore
+        if (BUILD_FOR_RUNTIME == ApplicationRuntime.JAVA)
+            new ApplicationStack(this, 'ApplicationStack', {
+                runtime: ApplicationRuntime.JAVA
+            });
+        else
+            // For python
+            new ApplicationStack(this, 'ApplicationStack', {
+                runtime: ApplicationRuntime.PYTHON
+            });
     }
 }

infrastructure-cdk/lib/shared-vars.ts

@@ -1,3 +1,6 @@
+import {ApplicationRuntime} from "./constructs/application-runtime";
+
 export const APPLICATION_NAME = "kinesis-analytics-application"
+export const BUILD_FOR_RUNTIME = ApplicationRuntime.PYTHON
 export const SOURCE_CODE_ZIP = "automate-deployment-and-version-update-of-kda-application.zip"
 export const ASSET_BUCKET_EXPORT_NAME = "Blog::Artifact::BucketName"