lightsail_iam_user_stack#

Stack defining an IAM user for the lightsail instance.




Classes#

LightsailIAMUserStack

An IAM user to be used on the rootski lightsail instance.

StackOutputs

Stack outputs for the LightsailIAMUserStack.

class LightsailIAMUserStack#

class rootski_backend_cdk.database.lightsail_dependencies.stacks.lightsail_iam_user_stack.LightsailIAMUserStack(*args: Any, **kwargs)[source]#

Bases: aws_cdk.core.Stack

An IAM user to be used on the rootski lightsail instance.

An IAM key pair is generated for the user and stored in secrets manager. The key pair can be retrieved and placed in the /home/ec2-user/.aws/credentials file on the rootski lightsail instance.

property account: str#

The AWS account into which this stack will be deployed.

This value is resolved according to the following rules:

  1. The value provided to env.account when the stack is defined. This can either be a concerete account (e.g. 585695031111) or the Aws.accountId token.

  2. Aws.accountId, which represents the CloudFormation intrinsic reference { "Ref": "AWS::AccountId" } encoded as a string token.

Preferably, you should use the return value as an opaque string and not attempt to parse it to implement your logic. If you do, you must first check that it is a concerete value an not an unresolved token. If this value is an unresolved token (Token.isUnresolved(stack.account) returns true), this implies that the user wishes that this stack will synthesize into a account-agnostic template. In this case, your code should either fail (throw an error, emit a synth error using Annotations.of(construct).addError()) or implement some other region-agnostic behavior.

add_dependency(target: aws_cdk.core.Stack, reason: Optional[str] = None) None#

Add a dependency between this stack and another stack.

This can be used to define dependencies between any two stacks within an app, and also supports nested stacks.

Parameters

  • target

  • reason

add_docker_image_asset(*, source_hash: str, directory_name: Optional[str] = None, docker_build_args: Optional[Mapping[str, str]] = None, docker_build_target: Optional[str] = None, docker_file: Optional[str] = None, executable: Optional[Sequence[str]] = None, network_mode: Optional[str] = None, repository_name: Optional[str] = None) aws_cdk.core.DockerImageAssetLocation#

(deprecated) Register a docker image asset on this Stack.

Parameters

  • source_hash – The hash of the contents of the docker build context. This hash is used throughout the system to identify this image and avoid duplicate work in case the source did not change. NOTE: this means that if you wish to update your docker image, you must make a modification to the source (e.g. add some metadata to your Dockerfile).

  • directory_name – The directory where the Dockerfile is stored, must be relative to the cloud assembly root. Default: - Exactly one of directoryName and executable is required

  • docker_build_args – Build args to pass to the docker build command. Since Docker build arguments are resolved before deployment, keys and values cannot refer to unresolved tokens (such as lambda.functionArn or queue.queueUrl). Only allowed when directoryName is specified. Default: - no build args are passed

  • docker_build_target – Docker target to build to. Only allowed when directoryName is specified. Default: - no target

  • docker_file – Path to the Dockerfile (relative to the directory). Only allowed when directoryName is specified. Default: - no file

  • executable – An external command that will produce the packaged asset. The command should produce the name of a local Docker image on stdout. Default: - Exactly one of directoryName and executable is required

  • network_mode – Networking mode for the RUN commands during build. Requires Docker Engine API v1.25+. Specify this property to build images on a specific networking mode. Default: - no networking mode specified

  • repository_name – (deprecated) ECR repository name. Specify this property if you need to statically address the image, e.g. from a Kubernetes Pod. Note, this is only the repository name, without the registry and the tag parts. Default: - automatically derived from the asset’s ID.

Deprecated

Use stack.synthesizer.addDockerImageAsset() if you are calling, and a different IStackSynthesizer class if you are implementing.

Stability

deprecated

add_file_asset(*, source_hash: str, executable: Optional[Sequence[str]] = None, file_name: Optional[str] = None, packaging: Optional[aws_cdk.core.FileAssetPackaging] = None) aws_cdk.core.FileAssetLocation#

(deprecated) Register a file asset on this Stack.

Parameters

  • source_hash – A hash on the content source. This hash is used to uniquely identify this asset throughout the system. If this value doesn’t change, the asset will not be rebuilt or republished.

  • executable – An external command that will produce the packaged asset. The command should produce the location of a ZIP file on stdout. Default: - Exactly one of directory and executable is required

  • file_name – The path, relative to the root of the cloud assembly, in which this asset source resides. This can be a path to a file or a directory, depending on the packaging type. Default: - Exactly one of directory and executable is required

  • packaging – Which type of packaging to perform. Default: - Required if fileName is specified.

Deprecated

Use stack.synthesizer.addFileAsset() if you are calling, and a different IStackSynthesizer class if you are implementing.

Stability

deprecated

add_transform(transform: str) None#

Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template.

Duplicate values are removed when stack is synthesized.

Parameters

transform – The transform to add.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html

Example:

# stack: Stack


stack.add_transform("AWS::Serverless-2016-10-31")
property artifact_id: str#

The ID of the cloud assembly artifact for this stack.

property availability_zones: List[str]#

Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack.

If the stack is environment-agnostic (either account and/or region are tokens), this property will return an array with 2 tokens that will resolve at deploy-time to the first two availability zones returned from CloudFormation’s Fn::GetAZs intrinsic function.

If they are not available in the context, returns a set of dummy values and reports them as missing, and let the CLI resolve them by calling EC2 DescribeAvailabilityZones on the target environment.

To specify a different strategy for selecting availability zones override this method.

property dependencies: List[aws_cdk.core.Stack]#

Return the stacks this stack depends on.

property environment: str#

The environment coordinates in which this stack is deployed.

In the form aws://account/region. Use stack.account and stack.region to obtain the specific values, no need to parse.

You can use this value to determine if two stacks are targeting the same environment.

If either stack.account or stack.region are not concrete values (e.g. Aws.account or Aws.region) the special strings unknown-account and/or unknown-region will be used respectively to indicate this stack is region/account-agnostic.

export_value(exported_value: Any, *, name: Optional[str] = None) str#

Create a CloudFormation Export for a value.

Returns a string representing the corresponding Fn.importValue() expression for this Export. You can control the name for the export by passing the name option.

If you don’t supply a value for name, the value you’re exporting must be a Resource attribute (for example: bucket.bucketName) and it will be given the same name as the automatic cross-stack reference that would be created if you used the attribute in another Stack.

One of the uses for this method is to remove the relationship between two Stacks established by automatic cross-stack references. It will temporarily ensure that the CloudFormation Export still exists while you remove the reference from the consuming stack. After that, you can remove the resource and the manual export.

Example

Here is how the process works. Let’s say there are two stacks, producerStack and consumerStack, and producerStack has a bucket called bucket, which is referenced by consumerStack (perhaps because an AWS Lambda Function writes into it, or something like that).

It is not safe to remove producerStack.bucket because as the bucket is being deleted, consumerStack might still be using it.

Instead, the process takes two deployments:

Deployment 1: break the relationship

  • Make sure consumerStack no longer references bucket.bucketName (maybe the consumer stack now uses its own bucket, or it writes to an AWS DynamoDB table, or maybe you just remove the Lambda Function altogether).

  • In the ProducerStack class, call this.exportValue(this.bucket.bucketName). This will make sure the CloudFormation Export continues to exist while the relationship between the two stacks is being broken.

  • Deploy (this will effectively only change the consumerStack, but it’s safe to deploy both).

Deployment 2: remove the bucket resource

  • You are now free to remove the bucket resource from producerStack.

  • Don’t forget to remove the exportValue() call as well.

  • Deploy again (this time only the producerStack will be changed – the bucket will be deleted).

Parameters

  • exported_value

  • name – The name of the export to create. Default: - A name is automatically chosen

format_arn(*, resource: str, service: str, account: Optional[str] = None, arn_format: Optional[aws_cdk.core.ArnFormat] = None, partition: Optional[str] = None, region: Optional[str] = None, resource_name: Optional[str] = None, sep: Optional[str] = None) str#

Creates an ARN from components.

If partition, region or account are not specified, the stack’s partition, region and account will be used.

If any component is the empty string, an empty string will be inserted into the generated ARN at the location that component corresponds to.

The ARN will be formatted as follows:

arn:{partition}:{service}:{region}:{account}:{resource}{sep}}{resource-name}

The required ARN pieces that are omitted will be taken from the stack that the ‘scope’ is attached to. If all ARN pieces are supplied, the supplied scope can be ‘undefined’.

Parameters

  • resource – Resource type (e.g. “table”, “autoScalingGroup”, “certificate”). For some resource types, e.g. S3 buckets, this field defines the bucket name.

  • service – The service namespace that identifies the AWS product (for example, ‘s3’, ‘iam’, ‘codepipline’).

  • account – The ID of the AWS account that owns the resource, without the hyphens. For example, 123456789012. Note that the ARNs for some resources don’t require an account number, so this component might be omitted. Default: The account the stack is deployed to.

  • arn_format – The specific ARN format to use for this ARN value. Default: - uses value of sep as the separator for formatting, ArnFormat.SLASH_RESOURCE_NAME if that property was also not provided

  • partition – The partition that the resource is in. For standard AWS regions, the partition is aws. If you have resources in other partitions, the partition is aws-partitionname. For example, the partition for resources in the China (Beijing) region is aws-cn. Default: The AWS partition the stack is deployed to.

  • region – The region the resource resides in. Note that the ARNs for some resources do not require a region, so this component might be omitted. Default: The region the stack is deployed to.

  • resource_name – Resource name or path within the resource (i.e. S3 bucket object key) or a wildcard such as "*". This is service-dependent.

  • sep – (deprecated) Separator between resource type and the resource. Can be either ‘/’, ‘:’ or an empty string. Will only be used if resourceName is defined. Default: ‘/’

get_logical_id(element: aws_cdk.core.CfnElement) str#

Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource.

This method is called when a CfnElement is created and used to render the initial logical identity of resources. Logical ID renames are applied at this stage.

This method uses the protected method allocateLogicalId to render the logical ID for an element. To modify the naming scheme, extend the Stack class and override this method.

Parameters

element – The CloudFormation element for which a logical identity is needed.

classmethod is_construct(x: Any) bool#

Return whether the given object is a Construct.

Parameters

x

classmethod is_stack(x: Any) bool#

Return whether the given object is a Stack.

We do attribute detection since we can’t reliably use ‘instanceof’.

Parameters

x

property nested: bool#

Indicates if this is a nested stack, in which case parentStack will include a reference to it’s parent.

property nested_stack_parent: Optional[aws_cdk.core.Stack]#

If this is a nested stack, returns it’s parent stack.

property nested_stack_resource: Optional[aws_cdk.core.CfnResource]#

If this is a nested stack, this represents its AWS::CloudFormation::Stack resource.

undefined for top-level (non-nested) stacks.

property node: aws_cdk.core.ConstructNode#

The construct tree node associated with this construct.

property notification_arns: List[str]#

Returns the list of notification Amazon Resource Names (ARNs) for the current stack.

classmethod of(construct: constructs.IConstruct) aws_cdk.core.Stack#

Looks up the first stack scope in which construct is defined.

Fails if there is no stack up the tree.

Parameters

construct – The construct to start the search from.

property parent_stack: Optional[aws_cdk.core.Stack]#

(deprecated) Returns the parent of a nested stack.

Deprecated

use nestedStackParent

Stability

deprecated

parse_arn(arn: str, sep_if_token: Optional[str] = None, has_name: Optional[bool] = None) aws_cdk.core.ArnComponents#

(deprecated) Given an ARN, parses it and returns components.

IF THE ARN IS A CONCRETE STRING…

…it will be parsed and validated. The separator (sep) will be set to ‘/’ if the 6th component includes a ‘/’, in which case, resource will be set to the value before the ‘/’ and resourceName will be the rest. In case there is no ‘/’, resource will be set to the 6th components and resourceName will be set to the rest of the string.

IF THE ARN IS A TOKEN…

…it cannot be validated, since we don’t have the actual value yet at the time of this function call. You will have to supply sepIfToken and whether or not ARNs of the expected format usually have resource names in order to parse it properly. The resulting ArnComponents object will contain tokens for the subexpressions of the ARN, not string literals.

If the resource name could possibly contain the separator char, the actual resource name cannot be properly parsed. This only occurs if the separator char is ‘/’, and happens for example for S3 object ARNs, IAM Role ARNs, IAM OIDC Provider ARNs, etc. To properly extract the resource name from a Tokenized ARN, you must know the resource type and call Arn.extractResourceName.

Parameters

  • arn – The ARN string to parse.

  • sep_if_token – The separator used to separate resource from resourceName.

  • has_name – Whether there is a name component in the ARN at all. For example, SNS Topics ARNs have the ‘resource’ component contain the topic name, and no ‘resourceName’ component.

Returns

an ArnComponents object which allows access to the various components of the ARN.

Deprecated

use splitArn instead

Stability

deprecated

property partition: str#

The partition in which this stack is defined.

property region: str#

The AWS region into which this stack will be deployed (e.g. us-west-2).

This value is resolved according to the following rules:

  1. The value provided to env.region when the stack is defined. This can either be a concerete region (e.g. us-west-2) or the Aws.region token.

  2. Aws.region, which is represents the CloudFormation intrinsic reference { "Ref": "AWS::Region" } encoded as a string token.

Preferably, you should use the return value as an opaque string and not attempt to parse it to implement your logic. If you do, you must first check that it is a concerete value an not an unresolved token. If this value is an unresolved token (Token.isUnresolved(stack.region) returns true), this implies that the user wishes that this stack will synthesize into a region-agnostic template. In this case, your code should either fail (throw an error, emit a synth error using Annotations.of(construct).addError()) or implement some other region-agnostic behavior.

regional_fact(fact_name: str, default_value: Optional[str] = None) str#

Look up a fact value for the given fact for the region of this stack.

Will return a definite value only if the region of the current stack is resolved. If not, a lookup map will be added to the stack and the lookup will be done at CDK deployment time.

What regions will be included in the lookup map is controlled by the @aws-cdk/core:target-partitions context value: it must be set to a list of partitions, and only regions from the given partitions will be included. If no such context key is set, all regions will be included.

This function is intended to be used by construct library authors. Application builders can rely on the abstractions offered by construct libraries and do not have to worry about regional facts.

If defaultValue is not given, it is an error if the fact is unknown for the given region.

Parameters

  • fact_name

  • default_value

rename_logical_id(old_id: str, new_id: str) None#

Rename a generated logical identities.

To modify the naming scheme strategy, extend the Stack class and override the allocateLogicalId method.

Parameters

  • old_id

  • new_id

report_missing_context(*, key: str, props: Mapping[str, Any], provider: str) None#

(deprecated) DEPRECATED.

Parameters

  • key – (deprecated) The missing context key.

  • props – (deprecated) A set of provider-specific options. (This is the old untyped definition, which is necessary for backwards compatibility. See cxschema for a type definition.)

  • provider – (deprecated) The provider from which we expect this context key to be obtained. (This is the old untyped definition, which is necessary for backwards compatibility. See cxschema for a type definition.)

Deprecated

use reportMissingContextKey()

Stability

deprecated

report_missing_context_key(*, key: str, props: Union[aws_cdk.cloud_assembly_schema.AmiContextQuery, aws_cdk.cloud_assembly_schema.AvailabilityZonesContextQuery, aws_cdk.cloud_assembly_schema.HostedZoneContextQuery, aws_cdk.cloud_assembly_schema.SSMParameterContextQuery, aws_cdk.cloud_assembly_schema.VpcContextQuery, aws_cdk.cloud_assembly_schema.EndpointServiceAvailabilityZonesContextQuery, aws_cdk.cloud_assembly_schema.LoadBalancerContextQuery, aws_cdk.cloud_assembly_schema.LoadBalancerListenerContextQuery, aws_cdk.cloud_assembly_schema.SecurityGroupContextQuery, aws_cdk.cloud_assembly_schema.KeyContextQuery, aws_cdk.cloud_assembly_schema.PluginContextQuery], provider: aws_cdk.cloud_assembly_schema.ContextProvider) None#

Indicate that a context key was expected.

Contains instructions which will be emitted into the cloud assembly on how the key should be supplied.

Parameters

  • key – The missing context key.

  • props – A set of provider-specific options.

  • provider – The provider from which we expect this context key to be obtained.

resolve(obj: Any) Any#

Resolve a tokenized value in the context of the current stack.

Parameters

obj

split_arn(arn: str, arn_format: aws_cdk.core.ArnFormat) aws_cdk.core.ArnComponents#

Splits the provided ARN into its components.

Works both if ‘arn’ is a string like ‘arn:aws:s3:::bucket’, and a Token representing a dynamic CloudFormation expression (in which case the returned components will also be dynamic CloudFormation expressions, encoded as Tokens).

Parameters

  • arn – the ARN to split into its components.

  • arn_format – the expected format of ‘arn’ - depends on what format the service ‘arn’ represents uses.

property stack_id: str#

The ID of the stack.

Example:

# After resolving, looks like
"arn:aws:cloudformation:us-west-2:123456789012:stack/teststack/51af3dc0-da77-11e4-872e-1234567db123"
property stack_name: str#

The concrete CloudFormation physical stack name.

This is either the name defined explicitly in the stackName prop or allocated based on the stack’s location in the construct tree. Stacks that are directly defined under the app use their construct id as their stack name. Stacks that are defined deeper within the tree will use a hashed naming scheme based on the construct path to ensure uniqueness.

If you wish to obtain the deploy-time AWS::StackName intrinsic, you can use Aws.stackName directly.

property synthesizer: aws_cdk.core.IStackSynthesizer#

Synthesis method for this stack.

property tags: aws_cdk.core.TagManager#

Tags to be applied to the stack.

property template_file: str#

The name of the CloudFormation template file emitted to the output directory during synthesis.

Example value: MyStack.template.json

property template_options: aws_cdk.core.ITemplateOptions#

Options for CloudFormation template (like version, transform, description).

property termination_protection: Optional[bool]#

Whether termination protection is enabled for this stack.

to_json_string(obj: Any, space: Optional[Union[int, float]] = None) str#

Convert an object, potentially containing tokens, to a JSON string.

Parameters

  • obj

  • space

to_string() str#

Returns a string representation of this construct.

property url_suffix: str#

The Amazon domain suffix for the region in which this stack is defined.

class StackOutputs#

class rootski_backend_cdk.database.lightsail_dependencies.stacks.lightsail_iam_user_stack.StackOutputs(value)[source]#

Bases: str, enum.Enum

Stack outputs for the LightsailIAMUserStack.