U 2c@sTddlmZmZmZmZmZm Z m Z m ZddlmZddlmZGdddeZdS))StackBundlingOptions aws_dynamodbaws_iamaws_kms aws_lambdaaws_apigatewayaws_logs)NagSuppressions) Constructcs&eZdZeeddfdd ZZS) DemoappStackN)scope construct_idreturnc  s.tj||f|tj|dtjdtjjdd}tj|ddd}t j |dt j j d t j jd tt j j jd d d gdd|j|jddd}|jdk sttj|dtjtjjdddg|jgdddgiidtjtjjddg|jgdddiidgd}tj|d |jj|gd!}|jdk st|jtjtjjd"g|jjgd#d$d%iid&|j tjtjjd'g|j!gd(|j"d)|j!d*t#j$|d+t#j%j&d,} t'j(|d-d.d/t'j)t'*| t'j+j,dddddddddd0 t'j-j.d1d2} | j/0d3} | j1d4t'2|t'j3d5ddd6d7} t45|d8d9d:d;dd?d:gdS)@NZ DemoTableZ tenant_id)nametype) partition_keyZDemoKeyT)enable_key_rotationZ DemoFunctionzindex.lambda_handlerzresources/demo_fnZbashz-czUpip install --no-cache -r requirements.txt -t /asset-output && cp -au . /asset-output)imagecommand)bundlingTrue)ZDEMO_TABLE_NAMEZ DEMO_KEY_IDZPOWERTOOLS_LOGGER_LOG_EVENT)runtimehandlercode environmentZResourceAccessPolicyzdynamodb:DescribeTablezdynamodb:GetItemzdynamodb:PutItemzForAllValues:StringEqualszdynamodb:LeadingKeysz${aws:PrincipalTag/TenantID})effectactions resources conditionsz kms:Decryptzkms:GenerateDataKeyZ StringEqualszkms:EncryptionContext:tenant_id) statementsZResourceAccessRole) assumed_bymanaged_policieszsts:TagSessionZ StringLikezaws:RequestTag/TenantID*)rr principalsrzsts:AssumeRole)rrrZRESOURCE_ACCESS_ROLE_ARN)keyvalueZApiLogs) retentionZApiZ DemoAppApizDemoApp REST API) caller http_methodipprotocol request_time resource_pathresponse_lengthstatususer)access_log_destinationaccess_log_format logging_level) rest_api_name descriptiondeploy_optionsz{proxy+}ANYall)request_validator_namevalidate_request_bodyvalidate_request_parameters)request_validator_optionszAwsSolutions-APIG3z%WAF not implemented; demo application)idreasonzAwsSolutions-APIG4z/Authorization not implemented; demo applicationzAwsSolutions-COG4zAwsSolutions-DDB3z8Point-in-time-recovery not implemented; demo application)6super__init__dynamodbTable Attribute AttributeTypeSTRINGkmsKeylambda_FunctionRuntime PYTHON_3_9Code from_assetrbundling_image table_namekey_idroleAssertionErroriam ManagedPolicyPolicyStatementEffectALLOW table_arnkey_arnRolegrant_principalassume_role_policyadd_statementsadd_to_principal_policyrole_arnadd_environmentlogsLogGroup RetentionDays ONE_MONTH apigatewayRestApi StageOptionsLogGroupLogDestinationAccessLogFormatjson_with_standard_fieldsMethodLoggingLevelINFOroot add_resource add_methodLambdaIntegrationRequestValidatorOptionsr add_stack_suppressions) selfr rkwargsZ demo_tableZdemo_keyZdemo_fnZresource_access_policyresource_access_roleZ api_log_groupapiZ lambda_proxymethod __class__s(