Merge pull request aws-samples#1620 from tjkhatri/tjkhatri-feature-rds-sns-event-notification-cdk-python

New serverless pattern - rds-sns-event-notification-cdk-python

Author: mavi888

rds-sns-event-notification-cdk-python/README.md

@@ -0,0 +1,68 @@
+# Amazon RDS to Amazon SNS
+
+RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for failure, low storage, and availability event categories for RDS Instances.
+
+Learn more about this pattern at Serverless Land Patterns:https://serverlessland.com/patterns/rds-sns-event-notification-cdk-python
+
+Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.
+
+## Requirements
+
+* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
+* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
+* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* [AWS CDK](https://docs.aws.amazon.com/cdk/latest/guide/cli.html) installed and configured
+* [Create an RDS Instance and copy Name of RDS Instance somewhere in notes. You will need it during template deployment](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html#USER_CreateDBInstance.Creating)
+
+## Deployment Instructions
+
+1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository:
+   ```bash
+   git clone https://github.com/aws-samples/serverless-patterns
+   ```
+2. Change directory to the pattern directory:
+   ```bash
+   cd serverless-patterns/rds-sns-event-notification-cdk-python
+   ```
+3. To manually create a virtualenv on MacOS and Linux:
+    ```bash
+    python3 -m venv .venv
+    ```
+4. After the init process completes and the virtualenv is created, you can use the following
+step to activate your virtualenv.
+    ```bash
+    source .venv/bin/activate
+    ```
+5. If you are a Windows platform, you would activate the virtualenv like this:
+    ```bash
+    .venv\Scripts\activate.bat
+    ```
+6. Once the virtualenv is activated, you can install the required dependencies.
+    ```bash
+    pip install -r requirements.txt
+    ```
+7. To deploy the application:
+   - In SNSEndpoint, Provide your email address to receive notification from Amazon SNS
+   - In RDSInstanceName, Provide name of RDS Instance you created during Requirements
+    ```bash
+    cdk deploy --parameters SNSEndpoint=EmailID --parameters RDSInstanceName=RDSInstanceName
+    ```
+
+## How it works
+
+RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for failure, low storage, and availability event categories for RDS Instances.
+
+## Testing
+
+Once the CDK deployment is successful, first thing to do is to confirm the Email subscription. You will receive an email to confirm it. Then go to RDS console. Select the RDS Instance you have created. Stop the Instance and Restart it again. You will receive a notification related to it on your Email Address. Moving forward, you will receive failure, low storage, and availability events that happen on your RDS Instance.
+
+## Cleanup
+ 
+* Delete the stack
+    ```bash
+    cdk destroy
+    ```
+----
+Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+SPDX-License-Identifier: MIT-0

rds-sns-event-notification-cdk-python/app.py

@@ -0,0 +1,28 @@
+#!/usr/bin/env python3
+import os
+
+import aws_cdk as cdk
+
+from rds_sns_event_notification_cdk_python.rds_sns_event_notification_cdk_python_stack import RdsSnsEventNotificationCdkPythonStack
+
+
+app = cdk.App()
+RdsSnsEventNotificationCdkPythonStack(app, "RdsSnsEventNotificationCdkPythonStack",
+    # If you don't specify 'env', this stack will be environment-agnostic.
+    # Account/Region-dependent features and context lookups will not work,
+    # but a single synthesized template can be deployed anywhere.
+
+    # Uncomment the next line to specialize this stack for the AWS Account
+    # and Region that are implied by the current CLI configuration.
+
+    #env=cdk.Environment(account=os.getenv('CDK_DEFAULT_ACCOUNT'), region=os.getenv('CDK_DEFAULT_REGION')),
+
+    # Uncomment the next line if you know exactly what Account and Region you
+    # want to deploy the stack to. */
+
+    #env=cdk.Environment(account='123456789012', region='us-east-1'),
+
+    # For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html
+    )
+
+app.synth()

rds-sns-event-notification-cdk-python/cdk.json

@@ -0,0 +1,58 @@
+{
+  "app": "python3 app.py",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "requirements*.txt",
+      "source.bat",
+      "**/__init__.py",
+      "python/__pycache__",
+      "tests"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+    "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+    "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true
+  }
+}

rds-sns-event-notification-cdk-python/example-pattern.json

@@ -0,0 +1,57 @@
+{
+  "title": "Amazon RDS instance event notification to Amazon SNS",
+  "description": "Amazon RDS event subscriptions allow users to configure notifications for RDS events (provided through an SNS topic).",
+  "language": "Python",
+  "level": "200",
+  "framework": "CDK",
+  "introBox": {
+    "headline": "How it works",
+    "text": [
+      "Amazon RDS event subscriptions allow users to configure notifications for RDS events (provided through an SNS topic).",
+      "This template configures an event subscription for failure, low storage, and availability event categories for RDS Instances."
+    ]
+  },
+  "gitHub": {
+    "template": {
+      "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/rds-sns-event-notification-cdk-python",
+      "templateURL": "serverless-patterns/rds-sns-event-notification-cdk-python",
+      "projectFolder": "rds-sns-event-notification-cdk-python",
+      "templateFile": "rds_sns_event_notification_cdk_python/rds_sns_event_notification_cdk_python_stack.py"
+    }
+  },
+  "resources": {
+    "bullets": [
+      {
+        "text": "Working with Amazon RDS event notification",
+        "link": "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html"
+      },
+      {
+        "text": "Creating an Amazon RDS DB instance",
+        "link": "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html#USER_CreateDBInstance.Creating"
+      }
+    ]
+  },
+  "deploy": {
+    "text": [
+      "cdk deploy --parameters SNSEndpoint=EmailID --parameters RDSInstanceName=RDSInstanceName"
+    ]
+  },
+  "testing": {
+    "text": [
+      "See the GitHub repo for detailed testing instructions."
+    ]
+  },
+  "cleanup": {
+    "text": [
+      "cdk destroy"
+    ]
+  },
+  "authors": [
+    {
+      "name": "Tejendra Khatri",
+      "image": "https://drive.google.com/file/d/1FR9bL3aJz2YRYkIsmfR_zL3RvE65oR0b/view",
+      "bio": "Cloud Support Engineer @ AWS",
+      "linkedin": "https://www.linkedin.com/in/tejendrakhatri"
+    }
+  ]
+}

rds-sns-event-notification-cdk-python/rds_sns_event_notification_cdk_python/__init__.py

@@ -0,0 +1,72 @@
+from aws_cdk import (
+    Stack,
+    aws_sns as sns,
+    aws_sns_subscriptions as subscriptions,
+    aws_events as events,
+    aws_rds as rds,
+    aws_iam as iam,
+    CfnParameter,
+    CfnOutput,
+    Fn
+)
+from constructs import Construct
+
+
+class RdsSnsEventNotificationCdkPythonStack(Stack):
+
+    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
+        super().__init__(scope, construct_id, **kwargs)
+        
+        # Parameters
+        sns_endpoint = CfnParameter(self, "SNSEndpoint", type="String", description="Provide your email address to receive notification from SNS")
+        rds_instance_name = CfnParameter(self, "RDSInstanceName", type="String", description="Provide name of your existing RDS Instance for which you want to receive event notifications")
+        # SNS Topic for RDS Event Subscription
+        topic = sns.Topic(self, "SnsForRdsEventSubscription", display_name="rds-subscription-topic")
+        aws_account_id = Fn.ref("AWS::AccountId")
+        # SNS Topic Policy
+        topic_policy = sns.TopicPolicy(
+            self,
+            "SnsTopicPolicyEventRule",
+            topics=[topic]
+        )
+        topic_policy.document.add_statements(iam.PolicyStatement(
+            actions=[
+                "SNS:GetTopicAttributes",
+                "SNS:SetTopicAttributes",
+                "SNS:AddPermission",
+                "SNS:RemovePermission",
+                "SNS:DeleteTopic",
+                "SNS:Subscribe",
+                "SNS:ListSubscriptionsByTopic",
+                "SNS:Publish",
+                "SNS:Receive"
+                ],
+            principals=[iam.AccountPrincipal(aws_account_id)],
+            resources=[topic.topic_arn],
+            conditions={
+                        "StringEquals": {
+                            "aws:SourceOwner": aws_account_id
+                        }
+                    }
+        ),
+        iam.PolicyStatement(
+                    effect=iam.Effect.ALLOW,
+                    actions=["sns:Publish"],
+                    resources=[topic.topic_arn],
+                    principals=[iam.ServicePrincipal("events.rds.amazonaws.com")]
+                )
+        )
+        topic.add_subscription(subscriptions.EmailSubscription(sns_endpoint.value_as_string, json=True))
+        # RDS Event Subscription
+        rds_event_subscription = rds.CfnEventSubscription(
+            self,
+            "RdsEventSubscription",
+            enabled=True,
+            sns_topic_arn=topic.topic_arn,
+            source_ids=[rds_instance_name.value_as_string],
+            source_type="db-instance",
+            event_categories=["failure", "low storage", "availability"]
+        )
+        # Outputs
+        CfnOutput(self, "MySnsTopicName", value=topic.topic_name, description="SNS topic name")
+        CfnOutput(self, "RDSInstanceNames", value=rds_instance_name.value_as_string)

rds-sns-event-notification-cdk-python/rds_sns_event_notification_cdk_python/__pycache__/__init__.cpython-39.pyc

@@ -0,0 +1,2 @@
+aws-cdk-lib==2.93.0
+constructs>=10.0.0,<11.0.0

rds-sns-event-notification-cdk-python/rds_sns_event_notification_cdk_python/__pycache__/rds_sns_event_notification_cdk_python_stack.cpython-39.pyc

@@ -0,0 +1,13 @@
+@echo off
+
+rem The sole purpose of this script is to make the command
+rem
+rem     source .venv/bin/activate
+rem
+rem (which activates a Python virtualenv on Linux or Mac OS X) work on Windows.
+rem On Windows, this command just runs this batch file (the argument is ignored).
+rem
+rem Now we don't need to document a Windows command for activating a virtualenv.
+
+echo Executing .venv\Scripts\activate.bat for you
+.venv\Scripts\activate.bat