Monday, December 6, 2021

Creating an Aurora Database Instance with AWS CDK (Python) and Secret Manager

 Title: Creating an Aurora Database Instance with AWS CDK (Python) and Secret Manager


Introduction:

In this blog post, we will walk through the process of creating an Amazon Aurora database instance using AWS Cloud Development Kit (CDK) with Python. Additionally, we'll enhance the security of our application by utilizing AWS Secrets Manager to manage and retrieve our database credentials.


Prerequisites:

Before we begin, make sure you have the following prerequisites:


1. AWS CDK installed: [CDK Installation Guide](https://docs.aws.amazon.com/cdk/latest/guide/getting_started.html)

2. Python installed: [Python Installation Guide](https://www.python.org/downloads/)


Step 1: Set Up Your CDK Project

Create a new directory for your CDK project and navigate to it in your terminal.


mkdir aurora-cdk

cd aurora-cdk



Initialize your CDK project.


cdk init app --language python



Step 2: Install Required CDK Libraries

Install the necessary CDK libraries for Amazon Aurora and Secrets Manager.



pip install aws-cdk.aws-rds aws-cdk.aws-secretsmanager



Step 3: Import Dependencies in Your CDK App

Open the `app.py` file in your favorite code editor and import the required CDK modules.


from aws_cdk import (

    core,

    aws_rds as rds,

    aws_secretsmanager as secretsmanager

)



 Step 4: Define the CDK Stack

Define your CDK stack by creating a class that inherits from `core.Stack`. Inside the class, define the Aurora database instance and the Secrets Manager secret.


class AuroraCdkStack(core.Stack):


    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:

        super().__init__(scope, id, **kwargs)


        # Create a Secrets Manager secret for database credentials

        secret = secretsmanager.Secret(

            self,

            "AuroraSecret",

            secret_name="AuroraCredentials",

            generate_secret_string=secretsmanager.SecretStringGenerator(

                secret_string_template='{"username": "admin"}',

                generate_string_key="password",

                exclude_characters='"@/',

            )

        )


        # Create an Aurora database instance

        aurora_db = rds.DatabaseInstance(

            self,

            "AuroraDB",

            engine=rds.DatabaseInstanceEngine.aurora_postgres,

            master_username=secret.secret_value_from_json("username").to_string(),

            master_password=secret.secret_value_from_json("password").to_string(),

            instance_class=core.Fn.select(0, ["db.t3.small"]),

            vpc_subnets={"subnet_type": core.SubnetType.PRIVATE},

            removal_policy=core.RemovalPolicy.DESTROY  # WARNING: Do not use in production

        )


Step 5: Deploy Your CDK Stack

Deploy your CDK stack to create the Aurora database instance.



cdk deploy


### Conclusion:

Congratulations! You have successfully created an Amazon Aurora database instance using AWS CDK with Python. By integrating AWS Secrets Manager, you've enhanced the security of your application by securely managing and retrieving your database credentials.


Remember to manage your secrets and credentials responsibly, and never expose sensitive information in your code or configuration files.

at
Labels:

Monday, October 11, 2021

Install Python 3.8 on Amaxon Linux 2

 

Install Python 3.8 on Amazon Linux 2

This thread  focuses on installation Python 3.8 on Amazon Linux 2.

Install from amazon-linux-extras repository

  • To install 3.8 on Amazon Linux 2, you need to have amazon-linux-extras repository installed. 
    • sudo yum install -y amazon-linux-extras 





  • Confirm that Python 3.8 packages available on the repository.  
    • amazon-linux-extras | grep -i python
       
You should see the following:

44  python3.8                available    [ =stable ]
  •  Enable the repository before using it.
  • sudo amazon-linux-extras enable python3.8 


  • Install Python 
    • sudo yum install python3.8


at
Labels:

Tuesday, October 5, 2021

Installing packages using pip and virtual environments

 

Installing packages using pip and virtual environments

This guide discusses how to install packages using pip and a virtual environment manager: either venv for Python 3 or virtualenv for Python 2. These are the lowest-level tools for managing Python packages and are recommended if higher-level tools do not suit your needs.

Note

 

This doc uses the term package to refer to a Distribution Package which is different from an Import Package that which is used to import modules in your Python source code.

Installing pip

pip is the reference Python package manager. It’s used to install and update packages. You’ll need to make sure you have the latest version of pip installed.

The Python installers for Windows include pip. You can make sure that pip is up-to-date by running:

py -m pip install --upgrade pip

py -m pip --version

Afterwards, you should have the latest version of pip:

pip 21.1.3 from c:\python39\lib\site-packages (Python 3.9.4)

Installing virtualenv

Note

 

If you are using Python 3.3 or newer, the venv module is the preferred way to create and manage virtual environments. venv is included in the Python standard library and requires no additional installation. If you are using venv, you may skip this section.

virtualenv is used to manage Python packages for different projects. Using virtualenv allows you to avoid installing Python packages globally which could break system tools or other projects. You can install virtualenv using pip.

py -m pip install --user virtualenv

Creating a virtual environment

venv (for Python 3) and virtualenv (for Python 2) allow you to manage separate package installations for different projects. They essentially allow you to create a “virtual” isolated Python installation and install packages into that virtual installation. When you switch projects, you can simply create a new virtual environment and not have to worry about breaking the packages installed in the other environments. It is always recommended to use a virtual environment while developing Python applications.

To create a virtual environment, go to your project’s directory and run venv. If you are using Python 2, replace venv with virtualenv in the below commands.

py -m venv env

The second argument is the location to create the virtual environment. Generally, you can just create this in your project and call it env.

venv will create a virtual Python installation in the env folder.

Note

 

You should exclude your virtual environment directory from your version control system using .gitignore or similar.

Activating a virtual environment

Before you can start installing or using packages in your virtual environment you’ll need to activate it. Activating a virtual environment will put the virtual environment-specific python and pip executables into your shell’s PATH.

.\env\Scripts\activate

You can confirm you’re in the virtual environment by checking the location of your Python interpreter:

where python

It should be in the env directory:

...\env\Scripts\python.exe

As long as your virtual environment is activated pip will install packages into that specific environment and you’ll be able to import and use packages in your Python application.

Leaving the virtual environment

If you want to switch projects or otherwise leave your virtual environment, simply run:

deactivate

If you want to re-enter the virtual environment just follow the same instructions above about activating a virtual environment. There’s no need to re-create the virtual environment.

Installing packages

Now that you’re in your virtual environment you can install packages. Let’s install the Requests library from the Python Package Index (PyPI):

py -m pip install requests

pip should download requests and all of its dependencies and install them:

Collecting requests
  Using cached requests-2.18.4-py2.py3-none-any.whl
Collecting chardet<3.1.0,>=3.0.2 (from requests)
  Using cached chardet-3.0.4-py2.py3-none-any.whl
Collecting urllib3<1.23,>=1.21.1 (from requests)
  Using cached urllib3-1.22-py2.py3-none-any.whl
Collecting certifi>=2017.4.17 (from requests)
  Using cached certifi-2017.7.27.1-py2.py3-none-any.whl
Collecting idna<2.7,>=2.5 (from requests)
  Using cached idna-2.6-py2.py3-none-any.whl
Installing collected packages: chardet, urllib3, certifi, idna, requests
Successfully installed certifi-2017.7.27.1 chardet-3.0.4 idna-2.6 requests-2.18.4 urllib3-1.22

Installing specific versions

pip allows you to specify which version of a package to install using version specifiers. For example, to install a specific version of requests:

py -m pip install requests==2.18.4

To install the latest 2.x release of requests:

py -m pip install requests>=2.0.0,<3.0.0

To install pre-release versions of packages, use the --pre flag:

py -m pip install --pre requests

Installing extras

Some packages have optional extras. You can tell pip to install these by specifying the extra in brackets:

py -m pip install requests[security]

Installing from source

pip can install a package directly from source, for example:

cd google-auth
py -m pip install .

Additionally, pip can install packages from source in development mode, meaning that changes to the source directory will immediately affect the installed package without needing to re-install:

py -m pip install --editable .

Installing from version control systems

pip can install packages directly from their version control system. For example, you can install directly from a git repository:

git+https://github.com/GoogleCloudPlatform/google-auth-library-python.git#egg=google-auth

For more information on supported version control systems and syntax, see pip’s documentation on VCS Support.

Installing from local archives

If you have a local copy of a Distribution Package’s archive (a zip, wheel, or tar file) you can install it directly with pip:

py -m pip install requests-2.18.4.tar.gz

If you have a directory containing archives of multiple packages, you can tell pip to look for packages there and not to use the Python Package Index (PyPI) at all:

py -m pip install --no-index --find-links=/local/dir/ requests

This is useful if you are installing packages on a system with limited connectivity or if you want to strictly control the origin of distribution packages.

Using other package indexes

If you want to download packages from a different index than the Python Package Index (PyPI), you can use the --index-url flag:

py -m pip install --index-url http://index.example.com/simple/ SomeProject

If you want to allow packages from both the Python Package Index (PyPI) and a separate index, you can use the --extra-index-url flag instead:

py -m pip install --extra-index-url http://index.example.com/simple/ SomeProject

Upgrading packages

pip can upgrade packages in-place using the --upgrade flag. For example, to install the latest version of requests and all of its dependencies:

py -m pip install --upgrade requests

Using requirements files

Instead of installing packages individually, pip allows you to declare all dependencies in a Requirements File. For example you could create a requirements.txt file containing:

requests==2.18.4
google-auth==1.1.0

And tell pip to install all of the packages in this file using the -r flag:

py -m pip install -r requirements.txt

Freezing dependencies

Pip can export a list of all installed packages and their versions using the freeze command:

py -m pip freeze

Which will output a list of package specifiers such as:

cachetools==2.0.1
certifi==2017.7.27.1
chardet==3.0.4
google-auth==1.1.1
idna==2.6
pyasn1==0.3.6
pyasn1-modules==0.1.4
requests==2.18.4
rsa==3.4.2
six==1.11.0
urllib3==1.22

This is useful for creating Requirements Files that can re-create the exact versions of all packages installed in an environment.

at

Thursday, September 30, 2021

AWS - Create Layers for Lambda for Python

 AWS - Create Layers for Lambda for Python

When working with Python 3 runtimes the layer needs to follow a particular folder structure otherwise you will receive errors as the Python runtime is unable to find the module. 

1. install jwt to a target directory using pip, ie pip3 install jwt -t jwt 

2. Navigate to the jwt directory which contains the dependency files for the JWT module, create a directory named python and copy all the files into this directory 

3. Zip the python directory, the zip file should contain the directory "python" that contains the lambda dependency files 

4. Create the layer to the Lambda console[2] and copy it's ARN 

5. Add the layer to your Lambda function by navigating to the Lambda function, and click on the "Layers" link at the top of the page, copy the layer's ARN into the "Specify an ARN" input box and choose the "specify an ARN" option. 

To test to make sure the Lambda is configured correctly you can add "import jwt" at the top of your Python file and run the function. 

If the layer is incorrectly configured, you will receive an error indicating that the function cannot find the simple-salesforce library. If the function executes OK at this point, then the layer is correctly configured and can be used.

The directory structure will be for e.g.

  /LayersWorkingDirectory/

 1. mkdir python 

2. cd python 

3. python3 -m pip install simple-salesforce -t . 

4. cd .. 

5. zip -r9 salesforce.zip python 

6. Use "salesforce.zip" to create a layer and use it with the function. 

 


at
Labels:
Subscribe to: Posts (Atom)

OCI Knowledge Series: OCI Infrastructure components

  Oracle Cloud Infrastructure (OCI) provides a comprehensive set of infrastructure services that enable you to build and run a wide range of...