ecs_composex.dynamodb package ¶
Submodules ¶
ecs_composex.dynamodb.dynamodb_aws module ¶
Module to define the DynamoDB tables mappings config from Lookup
ecs_composex.dynamodb.dynamodb_ecs module ¶
Module to manage IAM policies to grant access to ECS Services to DynamodbTables
- ecs_composex.dynamodb.dynamodb_ecs. create_dyndb_mappings ( mapping , resources , settings ) [source] ¶
-
Function to create the resource mapping for SQS Queues.
- Parameters
-
-
mapping ( dict ) –
-
resources ( list ) –
-
settings ( ecs_composex.common.settings.ComposeXSettings ) –
-
- Returns
-
ecs_composex.dynamodb.dynamodb_params module ¶
ecs_composex.dynamodb.dynamodb_perms module ¶
Set of functions to generate permissions to access queues based on pre-defined TABLE policies for consumers
ecs_composex.dynamodb.dynamodb_stack module ¶
Module to create the root stack for DynamoDB tables
- class ecs_composex.dynamodb.dynamodb_stack. Table ( name , definition , module_name , settings , mapping_key = None ) [source] ¶
-
Bases:
ecs_composex.common.compose_resources.XResourceClass to represent a DynamoDB Table
- policies_scaffolds = {'AMIDescribePolicy': {'Action': ['ec2:DescribeImages'], 'Effect': 'Allow'}, 'AWSSecretsManagerGetSecretValuePolicy': {'Action': ['secretsmanager:GetSecretValue'], 'Effect': 'Allow'}, 'AWSSecretsManagerRotationPolicy': {'Action': ['secretsmanager:DescribeSecret', 'secretsmanager:GetSecretValue', 'secretsmanager:PutSecretValue', 'secretsmanager:UpdateSecretVersionStage'], 'Effect': 'Allow'}, 'AcmGetCertificatePolicy': {'Action': ['acm:GetCertificate'], 'Effect': 'Allow'}, 'AthenaQueryPolicy': {'Action': ['athena:ListWorkGroups', 'athena:GetExecutionEngine', 'athena:GetExecutionEngines', 'athena:GetNamespace', 'athena:GetCatalogs', 'athena:GetNamespaces', 'athena:GetTables', 'athena:GetTable'], 'Effect': 'Allow'}, 'CloudFormationDescribeStacksPolicy': {'Action': ['cloudformation:DescribeStacks'], 'Effect': 'Allow'}, 'CloudWatchDashboardPolicy': {'Action': ['cloudwatch:GetDashboard', 'cloudwatch:ListDashboards', 'cloudwatch:PutDashboard', 'cloudwatch:ListMetrics'], 'Effect': 'Allow'}, 'CloudWatchDescribeAlarmHistoryPolicy': {'Action': ['cloudwatch:DescribeAlarmHistory'], 'Effect': 'Allow'}, 'CloudWatchPutMetricPolicy': {'Action': ['cloudwatch:PutMetricData'], 'Effect': 'Allow'}, 'CodeCommitCrudPolicy': {'Action': ['codecommit:GitPull', 'codecommit:GitPush', 'codecommit:CreateBranch', 'codecommit:DeleteBranch', 'codecommit:GetBranch', 'codecommit:ListBranches', 'codecommit:MergeBranchesByFastForward', 'codecommit:MergeBranchesBySquash', 'codecommit:MergeBranchesByThreeWay', 'codecommit:UpdateDefaultBranch', 'codecommit:BatchDescribeMergeConflicts', 'codecommit:CreateUnreferencedMergeCommit', 'codecommit:DescribeMergeConflicts', 'codecommit:GetMergeCommit', 'codecommit:GetMergeOptions', 'codecommit:BatchGetPullRequests', 'codecommit:CreatePullRequest', 'codecommit:DescribePullRequestEvents', 'codecommit:GetCommentsForPullRequest', 'codecommit:GetCommitsFromMergeBase', 'codecommit:GetMergeConflicts', 'codecommit:GetPullRequest', 'codecommit:ListPullRequests', 'codecommit:MergePullRequestByFastForward', 'codecommit:MergePullRequestBySquash', 'codecommit:MergePullRequestByThreeWay', 'codecommit:PostCommentForPullRequest', 'codecommit:UpdatePullRequestDescription', 'codecommit:UpdatePullRequestStatus', 'codecommit:UpdatePullRequestTitle', 'codecommit:DeleteFile', 'codecommit:GetBlob', 'codecommit:GetFile', 'codecommit:GetFolder', 'codecommit:PutFile', 'codecommit:DeleteCommentContent', 'codecommit:GetComment', 'codecommit:GetCommentsForComparedCommit', 'codecommit:PostCommentForComparedCommit', 'codecommit:PostCommentReply', 'codecommit:UpdateComment', 'codecommit:BatchGetCommits', 'codecommit:CreateCommit', 'codecommit:GetCommit', 'codecommit:GetCommitHistory', 'codecommit:GetDifferences', 'codecommit:GetObjectIdentifier', 'codecommit:GetReferences', 'codecommit:GetTree', 'codecommit:GetRepository', 'codecommit:UpdateRepositoryDescription', 'codecommit:ListTagsForResource', 'codecommit:TagResource', 'codecommit:UntagResource', 'codecommit:GetRepositoryTriggers', 'codecommit:PutRepositoryTriggers', 'codecommit:TestRepositoryTriggers', 'codecommit:GetBranch', 'codecommit:GetCommit', 'codecommit:UploadArchive', 'codecommit:GetUploadArchiveStatus', 'codecommit:CancelUploadArchive'], 'Effect': 'Allow'}, 'CodeCommitReadPolicy': {'Action': ['codecommit:GitPull', 'codecommit:GetBranch', 'codecommit:ListBranches', 'codecommit:BatchDescribeMergeConflicts', 'codecommit:DescribeMergeConflicts', 'codecommit:GetMergeCommit', 'codecommit:GetMergeOptions', 'codecommit:BatchGetPullRequests', 'codecommit:DescribePullRequestEvents', 'codecommit:GetCommentsForPullRequest', 'codecommit:GetCommitsFromMergeBase', 'codecommit:GetMergeConflicts', 'codecommit:GetPullRequest', 'codecommit:ListPullRequests', 'codecommit:GetBlob', 'codecommit:GetFile', 'codecommit:GetFolder', 'codecommit:GetComment', 'codecommit:GetCommentsForComparedCommit', 'codecommit:BatchGetCommits', 'codecommit:GetCommit', 'codecommit:GetCommitHistory', 'codecommit:GetDifferences', 'codecommit:GetObjectIdentifier', 'codecommit:GetReferences', 'codecommit:GetTree', 'codecommit:GetRepository', 'codecommit:ListTagsForResource', 'codecommit:GetRepositoryTriggers', 'codecommit:TestRepositoryTriggers', 'codecommit:GetBranch', 'codecommit:GetCommit', 'codecommit:GetUploadArchiveStatus'], 'Effect': 'Allow'}, 'CodePipelineLambdaExecutionPolicy': {'Action': ['codepipeline:PutJobSuccessResult', 'codepipeline:PutJobFailureResult'], 'Effect': 'Allow'}, 'CodePipelineReadOnlyPolicy': {'Action': ['codepipeline:ListPipelineExecutions'], 'Effect': 'Allow'}, 'ComprehendBasicAccessPolicy': {'Action': ['comprehend:BatchDetectKeyPhrases', 'comprehend:DetectDominantLanguage', 'comprehend:DetectEntities', 'comprehend:BatchDetectEntities', 'comprehend:DetectKeyPhrases', 'comprehend:DetectSentiment', 'comprehend:BatchDetectDominantLanguage', 'comprehend:BatchDetectSentiment'], 'Effect': 'Allow'}, 'CostExplorerReadOnlyPolicy': {'Action': ['ce:GetCostAndUsage', 'ce:GetDimensionValues', 'ce:GetReservationCoverage', 'ce:GetReservationPurchaseRecommendation', 'ce:GetReservationUtilization', 'ce:GetTags'], 'Effect': 'Allow'}, 'DynamoDBBackupFullAccessPolicy': {'Action': ['dynamodb:CreateBackup', 'dynamodb:DescribeContinuousBackups'], 'Effect': 'Allow'}, 'DynamoDBCrudPolicy': {'Action': ['dynamodb:GetItem', 'dynamodb:DeleteItem', 'dynamodb:PutItem', 'dynamodb:Scan', 'dynamodb:Query', 'dynamodb:UpdateItem', 'dynamodb:BatchWriteItem', 'dynamodb:BatchGetItem', 'dynamodb:DescribeTable', 'dynamodb:ConditionCheckItem'], 'Effect': 'Allow'}, 'DynamoDBReadPolicy': {'Action': ['dynamodb:GetItem', 'dynamodb:Scan', 'dynamodb:Query', 'dynamodb:BatchGetItem', 'dynamodb:DescribeTable'], 'Effect': 'Allow'}, 'DynamoDBReconfigurePolicy': {'Action': ['dynamodb:UpdateTable'], 'Effect': 'Allow'}, 'DynamoDBRestoreFromBackupPolicy': {'Action': ['dynamodb:RestoreTableFromBackup'], 'Effect': 'Allow'}, 'DynamoDBStreamReadPolicy': {'Action': ['dynamodb:DescribeStream', 'dynamodb:GetRecords', 'dynamodb:GetShardIterator'], 'Effect': 'Allow'}, 'DynamoDBWritePolicy': {'Action': ['dynamodb:PutItem', 'dynamodb:UpdateItem', 'dynamodb:BatchWriteItem'], 'Effect': 'Allow'}, 'EC2CopyImagePolicy': {'Action': ['ec2:CopyImage'], 'Effect': 'Allow'}, 'EC2DescribePolicy': {'Action': ['ec2:DescribeRegions', 'ec2:DescribeInstances'], 'Effect': 'Allow'}, 'EFSWriteAccessPolicy': {'Action': ['elasticfilesystem:ClientMount', 'elasticfilesystem:ClientWrite'], 'Effect': 'Allow'}, 'EKSDescribePolicy': {'Action': ['eks:DescribeCluster', 'eks:ListClusters'], 'Effect': 'Allow'}, 'EcsRunTaskPolicy': {'Action': ['ecs:RunTask'], 'Effect': 'Allow'}, 'ElasticMapReduceAddJobFlowStepsPolicy': {'Action': 'elasticmapreduce:AddJobFlowSteps', 'Effect': 'Allow'}, 'ElasticMapReduceCancelStepsPolicy': {'Action': 'elasticmapreduce:CancelSteps', 'Effect': 'Allow'}, 'ElasticMapReduceModifyInstanceFleetPolicy': {'Action': ['elasticmapreduce:ModifyInstanceFleet', 'elasticmapreduce:ListInstanceFleets'], 'Effect': 'Allow'}, 'ElasticMapReduceModifyInstanceGroupsPolicy': {'Action': ['elasticmapreduce:ModifyInstanceGroups', 'elasticmapreduce:ListInstanceGroups'], 'Effect': 'Allow'}, 'ElasticMapReduceSetTerminationProtectionPolicy': {'Action': 'elasticmapreduce:SetTerminationProtection', 'Effect': 'Allow'}, 'ElasticMapReduceTerminateJobFlowsPolicy': {'Action': 'elasticmapreduce:TerminateJobFlows', 'Effect': 'Allow'}, 'ElasticsearchHttpPostPolicy': {'Action': ['es:ESHttpPost', 'es:ESHttpPut'], 'Effect': 'Allow'}, 'EventBridgePutEventsPolicy': {'Action': 'events:PutEvents', 'Effect': 'Allow'}, 'FilterLogEventsPolicy': {'Action': ['logs:FilterLogEvents'], 'Effect': 'Allow'}, 'FirehoseCrudPolicy': {'Action': ['firehose:CreateDeliveryStream', 'firehose:DeleteDeliveryStream', 'firehose:DescribeDeliveryStream', 'firehose:PutRecord', 'firehose:PutRecordBatch', 'firehose:UpdateDestination'], 'Effect': 'Allow'}, 'FirehoseWritePolicy': {'Action': ['firehose:PutRecord', 'firehose:PutRecordBatch'], 'Effect': 'Allow'}, 'KMSDecryptPolicy': {'Action': 'kms:Decrypt', 'Effect': 'Allow'}, 'KMSEncryptPolicy': {'Action': 'kms:Encrypt', 'Effect': 'Allow'}, 'KinesisCrudPolicy': {'Action': ['kinesis:AddTagsToStream', 'kinesis:CreateStream', 'kinesis:DecreaseStreamRetentionPeriod', 'kinesis:DeleteStream', 'kinesis:DescribeStream', 'kinesis:DescribeStreamSummary', 'kinesis:GetShardIterator', 'kinesis:IncreaseStreamRetentionPeriod', 'kinesis:ListTagsForStream', 'kinesis:MergeShards', 'kinesis:PutRecord', 'kinesis:PutRecords', 'kinesis:SplitShard', 'kinesis:RemoveTagsFromStream'], 'Effect': 'Allow'}, 'KinesisStreamReadPolicy': {'Action': ['kinesis:ListStreams', 'kinesis:DescribeLimits'], 'Effect': 'Allow'}, 'LambdaInvokePolicy': {'Action': ['lambda:InvokeFunction'], 'Effect': 'Allow'}, 'MobileAnalyticsWriteOnlyAccessPolicy': {'Action': ['mobileanalytics:PutEvents'], 'Effect': 'Allow'}, 'OrganizationsListAccountsPolicy': {'Action': ['organizations:ListAccounts'], 'Effect': 'Allow'}, 'PinpointEndpointAccessPolicy': {'Action': ['mobiletargeting:GetEndpoint', 'mobiletargeting:UpdateEndpoint', 'mobiletargeting:UpdateEndpointsBatch'], 'Effect': 'Allow'}, 'PollyFullAccessPolicy': {'Action': ['polly:GetLexicon', 'polly:DeleteLexicon'], 'Effect': 'Allow'}, 'PowerUser': {'NotAction': ['dynamodb:CreateTable', 'dynamodb:DeleteTable', 'dynamodb:DeleteBackup'], 'Resource': ['${ARN}', '${ARN}/index/*']}, 'RO': {'Action': ['dynamodb:DescribeTable', 'dynamodb:Query', 'dynamodb:Scan', 'dynamodb:GetItem'], 'Effect': 'Allow', 'Resource': ['${ARN}', '${ARN}/index/*']}, 'RW': {'Action': ['dynamodb:BatchGet*', 'dynamodb:DescribeStream', 'dynamodb:DescribeTable', 'dynamodb:Get*', 'dynamodb:Query', 'dynamodb:Scan', 'dynamodb:BatchWrite*', 'dynamodb:DeleteItem', 'dynamodb:UpdateItem', 'dynamodb:PutItem'], 'Effect': 'Allow', 'Resource': ['${ARN}', '${ARN}/index/*']}, 'RekognitionDetectOnlyPolicy': {'Action': ['rekognition:DetectFaces', 'rekognition:DetectLabels', 'rekognition:DetectModerationLabels', 'rekognition:DetectText'], 'Effect': 'Allow'}, 'RekognitionFacesManagementPolicy': {'Action': ['rekognition:IndexFaces', 'rekognition:DeleteFaces', 'rekognition:SearchFaces', 'rekognition:SearchFacesByImage', 'rekognition:ListFaces'], 'Effect': 'Allow'}, 'RekognitionFacesPolicy': {'Action': ['rekognition:CompareFaces', 'rekognition:DetectFaces'], 'Effect': 'Allow'}, 'RekognitionLabelsPolicy': {'Action': ['rekognition:DetectLabels', 'rekognition:DetectModerationLabels'], 'Effect': 'Allow'}, 'RekognitionNoDataAccessPolicy': {'Action': ['rekognition:CompareFaces', 'rekognition:DetectFaces', 'rekognition:DetectLabels', 'rekognition:DetectModerationLabels'], 'Effect': 'Allow'}, 'RekognitionReadPolicy': {'Action': ['rekognition:ListCollections', 'rekognition:ListFaces', 'rekognition:SearchFaces', 'rekognition:SearchFacesByImage'], 'Effect': 'Allow'}, 'RekognitionWriteOnlyAccessPolicy': {'Action': ['rekognition:CreateCollection', 'rekognition:IndexFaces'], 'Effect': 'Allow'}, 'Route53ChangeResourceRecordSetsPolicy': {'Action': ['route53:ChangeResourceRecordSets'], 'Effect': 'Allow'}, 'S3CrudPolicy': {'Action': ['s3:GetObject', 's3:ListBucket', 's3:GetBucketLocation', 's3:GetObjectVersion', 's3:PutObject', 's3:PutObjectAcl', 's3:GetLifecycleConfiguration', 's3:PutLifecycleConfiguration', 's3:DeleteObject'], 'Effect': 'Allow'}, 'S3FullAccessPolicy': {'Action': ['s3:GetObject', 's3:GetObjectAcl', 's3:GetObjectVersion', 's3:PutObject', 's3:PutObjectAcl', 's3:DeleteObject', 's3:DeleteObjectTagging', 's3:DeleteObjectVersionTagging', 's3:GetObjectTagging', 's3:GetObjectVersionTagging', 's3:PutObjectTagging', 's3:PutObjectVersionTagging'], 'Effect': 'Allow'}, 'S3ReadPolicy': {'Action': ['s3:GetObject', 's3:ListBucket', 's3:GetBucketLocation', 's3:GetObjectVersion', 's3:GetLifecycleConfiguration'], 'Effect': 'Allow'}, 'S3WritePolicy': {'Action': ['s3:PutObject', 's3:PutObjectAcl', 's3:PutLifecycleConfiguration'], 'Effect': 'Allow'}, 'SESBulkTemplatedCrudPolicy': {'Action': ['ses:GetIdentityVerificationAttributes', 'ses:SendEmail', 'ses:SendRawEmail', 'ses:SendTemplatedEmail', 'ses:SendBulkTemplatedEmail', 'ses:VerifyEmailIdentity'], 'Effect': 'Allow'}, 'SESCrudPolicy': {'Action': ['ses:GetIdentityVerificationAttributes', 'ses:SendEmail', 'ses:SendRawEmail', 'ses:VerifyEmailIdentity'], 'Effect': 'Allow'}, 'SESEmailTemplateCrudPolicy': {'Action': ['ses:CreateTemplate', 'ses:GetTemplate', 'ses:ListTemplates', 'ses:UpdateTemplate', 'ses:DeleteTemplate', 'ses:TestRenderTemplate'], 'Effect': 'Allow'}, 'SESSendBouncePolicy': {'Action': ['ses:SendBounce'], 'Effect': 'Allow'}, 'SNSCrudPolicy': {'Action': ['sns:ListSubscriptionsByTopic', 'sns:CreateTopic', 'sns:SetTopicAttributes', 'sns:Subscribe', 'sns:Publish'], 'Effect': 'Allow'}, 'SNSPublishMessagePolicy': {'Action': ['sns:Publish'], 'Effect': 'Allow'}, 'SQSPollerPolicy': {'Action': ['sqs:ChangeMessageVisibility', 'sqs:ChangeMessageVisibilityBatch', 'sqs:DeleteMessage', 'sqs:DeleteMessageBatch', 'sqs:GetQueueAttributes', 'sqs:ReceiveMessage'], 'Effect': 'Allow'}, 'SQSSendMessagePolicy': {'Action': ['sqs:SendMessage*'], 'Effect': 'Allow'}, 'SSMParameterReadPolicy': {'Action': ['ssm:DescribeParameters'], 'Effect': 'Allow'}, 'SageMakerCreateEndpointConfigPolicy': {'Action': ['sagemaker:CreateEndpointConfig'], 'Effect': 'Allow'}, 'SageMakerCreateEndpointPolicy': {'Action': ['sagemaker:CreateEndpoint'], 'Effect': 'Allow'}, 'ServerlessRepoReadWriteAccessPolicy': {'Action': ['serverlessrepo:CreateApplication', 'serverlessrepo:CreateApplicationVersion', 'serverlessrepo:UpdateApplication', 'serverlessrepo:GetApplication', 'serverlessrepo:ListApplications', 'serverlessrepo:ListApplicationVersions', 'serverlessrepo:ListApplicationDependencies'], 'Effect': 'Allow'}, 'StepFunctionsExecutionPolicy': {'Action': ['states:StartExecution'], 'Effect': 'Allow'}, 'TextractDetectAnalyzePolicy': {'Action': ['textract:DetectDocumentText', 'textract:StartDocumentTextDetection', 'textract:StartDocumentAnalysis', 'textract:AnalyzeDocument'], 'Effect': 'Allow'}, 'TextractGetResultPolicy': {'Action': ['textract:GetDocumentTextDetection', 'textract:GetDocumentAnalysis'], 'Effect': 'Allow'}, 'TextractPolicy': {'Action': ['textract:*'], 'Effect': 'Allow'}, 'VPCAccessPolicy': {'Action': ['ec2:CreateNetworkInterface', 'ec2:DeleteNetworkInterface', 'ec2:DescribeNetworkInterfaces', 'ec2:DetachNetworkInterface'], 'Effect': 'Allow'}} ¶
- class ecs_composex.dynamodb.dynamodb_stack. XStack ( title , settings , ** kwargs ) [source] ¶
-
Bases:
ecs_composex.common.stacks.ComposeXStackClass for Dynamodb
ecs_composex.dynamodb.dynamodb_table module ¶
ecs_composex.dynamodb.dynamodb_template module ¶
Module for DynamoDB to create the root template
- ecs_composex.dynamodb.dynamodb_template. create_dynamodb_template ( new_tables , template , self_stack ) [source] ¶
-
Function to create the root DynamdoDB template.
- Parameters
-
-
settings ( ecs_composex.common.settings.ComposeXSettings ) –
-
template ( troposphere.Template ) – Root template for DynamoDB
-
- Returns
-