a Fb|@sBddlZddlmZmZmZmZ ddl m Z Gdddej Z dS)N)aws_s3aws_iamaws_codecommitaws_ec2) Constructcs&eZdZeeddfdd ZZS) GGv2DeviceN)scope construct_idreturnc s|d}tj||fi|t|}t|d}t|d} d|} d|} d|| } d|| } d|}d|}tjtjgd d tj j | | gd tjgd d tj j dgd tjgddtj j dgd gd}tj |dt t dt d|||id}|tjjdd|| || ddt| ddd|d}d}|jfi|}tjjdd}|dtjjd |tjjd!}tjj|d"d#d$}tj|d%|d#d&}|tjtj !d'|tj"|j#tj !d(|tjtj !d(|tjtj !d)tj$%tj&j'tj(j)}tj*|d*t||d+|||||tj+,tj-.d,tj-.d-tj-.d.tj-.d/tj-.|d0 }dS)1NparamscoreDeviceNamecoreDeviceGroupNamez$role/{}GreengrassV2TokenExchangeRolez,policy/{}GreengrassV2TokenExchangeRoleAccesszarn:aws:iam::{}:{}z{}GreengrassV2InstallerRolez{}GreengrassV2InstallerPolicy)iam:AttachRolePolicyziam:CreatePolicyziam:CreateRolez iam:GetPolicyz iam:GetRolez iam:PassRoleZCreateTokenExchangeRole)actionssideffect resources) rziot:AddThingToThingGroupziot:AttachPolicyziot:AttachThingPrincipalziot:CreateKeysAndCertificateziot:CreatePolicyziot:CreateRoleAliasziot:CreateThingziot:CreateThingGroupziot:DescribeEndpointziot:DescribeRoleAliasiot:DescribeThingGroupz iot:GetPolicyZCreateIoTResources*) zgreengrass:CreateDeploymentz iot:CancelJobz iot:CreateJobziot:DeleteThingShadowziot:DescribeJobziot:DescribeThingrziot:GetThingShadowz iot:UpdateJobziot:UpdateThingShadowzs3:*ZDeployDevTools) statementsZgreengrassInstallerRolezgreengrass.amazonaws.comzec2.amazonaws.com) assumed_by role_nameinline_policiesZAmazonSSMManagedInstanceCore)managed_policy_namezrole/Alias)ZCoreDeviceNameZCoreDeviceGroupNameZ ProjectPrefixZTokenExchangeRoleNameZTokenExchangeRoleAliasZRegiona sudo -E java -Droot="/greengrass/v2" -Dlog.store=FILE -jar ./GreengrassInstaller/lib/Greengrass.jar --aws-region {Region} --thing-name {CoreDeviceName} --thing-group-name {CoreDeviceGroupName} --thing-policy-name {ProjectPrefix}GreengrassV2IoTThingPolicy --tes-role-name {TokenExchangeRoleName} --tes-role-alias-name {TokenExchangeRoleAlias} --component-default-user ggc_user:ggc_group --provision true --setup-system-service truez #!/bin/bash)shebangz echo testF)cached_in_context user_data generationVpcT) is_defaultZGGSecurityGroup)vpcallow_all_outboundi"iPggv2CoreDevicez- GGv2Instancez(sudo -E yum install -y aws-cfn-bootstrapzDsudo yum update -y && sudo -E yum install java-11-amazon-corretto -yztcurl -s https://d2s8p88vqu9w66.cloudfront.net/releases/greengrass-nucleus-latest.zip > greengrass-nucleus-latest.zipz^unzip greengrass-nucleus-latest.zip -d GreengrassInstaller && rm greengrass-nucleus-latest.zip) instance_name machine_imager"security_group instance_typeroleinit)/popsuper__init__strgetformatiamPolicyDocumentPolicyStatementEffectALLOWRoleCompositePrincipalServicePrincipaladd_managed_policy ManagedPolicyfrom_aws_managed_policy_namereplaceec2UserData for_linux add_commands MachineImagelatest_amazon_linuxAmazonLinuxGenerationAMAZON_LINUX_2r from_lookup SecurityGroupadd_ingress_rulePeerany_ipv4Porttcpipv4vpc_cidr_block InstanceTypeof InstanceClass BURSTABLE2 InstanceSizeLARGEInstanceCloudFormationInit from_elements InitCommand shell_command)selfrr accountID regionAWSkwargsr project_prefixcore_device_namecore_device_group_nameZtoken_exchange_role_nameZtoken_exchange_policy_name_Ztoken_exchange_role_arnZtoken_exchange_policy_arnZinstaller_role_nameZinstaller_policy_nameZinstaller_iam_policy_statementZgreengrass_installer_roleZ var_replacescriptZuser_data_scriptrZlinux_machine_imager"r( instanceTyper% __class__}/Users/joysl/WorkDocs/IoTProjectsGitHub/ggAutoDeployBlog/code/gitlab/ggv2-blog-cdk/ggv2_cdk_gdk_python/ggv2Device/__init__.pyr.s        5       zGGv2Device.__init__)__name__ __module__ __qualname__rr/r. __classcell__rerercrfrsr)aws_cdkcdkrs3rr2rZ codecommitrr> constructsrStackrrerererf s