Forem: jhashimoto The latest articles on Forem by jhashimoto (@jhashimoto). https://forem.com/jhashimoto https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F993277%2F69476d9f-6693-496b-8752-f507c2dae17e.jpg Forem: jhashimoto https://forem.com/jhashimoto en Generating AWS CDK Code from Hand-drawn Sketches with GPT-4o jhashimoto Tue, 14 May 2024 23:19:33 +0000 https://forem.com/jhashimoto/generating-aws-cdk-code-from-hand-drawn-sketches-with-gpt-4o-476a https://forem.com/jhashimoto/generating-aws-cdk-code-from-hand-drawn-sketches-with-gpt-4o-476a <p>Note: This article is an English translation of my original article, which you can find <a href="https://qiita.com/JHashimoto/items/67d6a050315e86f24ef3">here</a>. The translation was done using ChatGPT.</p> <h2> Introduction </h2> <p>If you can generate HTML from a sketch, why not try generating CDK code? I decided to give it a shot.</p> <p><iframe class="tweet-embed" id="tweet-1790227959724618123-634" src="https://platform.twitter.com/embed/Tweet.html?id=1790227959724618123"> </iframe> // Detect dark theme var iframe = document.getElementById('tweet-1790227959724618123-634'); if (document.body.className.includes('dark-theme')) { iframe.src = "https://platform.twitter.com/embed/Tweet.html?id=1790227959724618123&amp;theme=dark" } </p> <h2> Experiment </h2> <p>To test its image analysis capabilities, I deliberately didn't input any prompts.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--_slkgpvo--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://qiita-image-store.s3.ap-northeast-1.amazonaws.com/0/9964/864e8e99-1d7d-34df-8a7a-7e1a50f33b25.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--_slkgpvo--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://qiita-image-store.s3.ap-northeast-1.amazonaws.com/0/9964/864e8e99-1d7d-34df-8a7a-7e1a50f33b25.png" alt="image.png" width="642" height="685"></a></p> <p>Here are the results. It responded in English, possibly due to the lack of a prompt, but it generated the CDK code as expected. It's quite handy that it can even read the instructions written in the image.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--pS-Uprbu--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://qiita-image-store.s3.ap-northeast-1.amazonaws.com/0/9964/7186c157-21a6-0384-4607-4d0c5737d206.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--pS-Uprbu--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://qiita-image-store.s3.ap-northeast-1.amazonaws.com/0/9964/7186c157-21a6-0384-4607-4d0c5737d206.png" alt="image.png" width="800" height="1211"></a></p> <p>To add, the initial instruction in the sketch was simply "Use CDK". Since it unexpectedly generated Python code, I added "in TypeScript".</p> <p>Here is the generated code.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">cdk</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Stack</span><span class="p">,</span> <span class="nx">StackProps</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Vpc</span><span class="p">,</span> <span class="nx">SubnetType</span><span class="p">,</span> <span class="nb">InstanceType</span><span class="p">,</span> <span class="nx">InstanceClass</span><span class="p">,</span> <span class="nx">InstanceSize</span><span class="p">,</span> <span class="nx">MachineImage</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ApplicationLoadBalancer</span><span class="p">,</span> <span class="nx">ApplicationProtocol</span><span class="p">,</span> <span class="nx">ListenerAction</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-elasticloadbalancingv2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">MyVpcStack</span> <span class="kd">extends</span> <span class="nc">Stack</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">props</span><span class="p">?:</span> <span class="nx">StackProps</span><span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">props</span><span class="p">);</span> <span class="c1">// Create a VPC</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">MyVpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">maxAzs</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">subnetConfiguration</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">subnetType</span><span class="p">:</span> <span class="nx">SubnetType</span><span class="p">.</span><span class="nx">PUBLIC</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">PublicSubnet</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="na">subnetType</span><span class="p">:</span> <span class="nx">SubnetType</span><span class="p">.</span><span class="nx">PRIVATE_WITH_NAT</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">PrivateSubnet</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">],</span> <span class="p">});</span> <span class="c1">// Create an Application Load Balancer</span> <span class="kd">const</span> <span class="nx">alb</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ApplicationLoadBalancer</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">MyALB</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="na">internetFacing</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// Add a listener to the ALB</span> <span class="kd">const</span> <span class="nx">listener</span> <span class="o">=</span> <span class="nx">alb</span><span class="p">.</span><span class="nf">addListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">Listener</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">protocol</span><span class="p">:</span> <span class="nx">ApplicationProtocol</span><span class="p">.</span><span class="nx">HTTP</span><span class="p">,</span> <span class="na">defaultAction</span><span class="p">:</span> <span class="nx">ListenerAction</span><span class="p">.</span><span class="nf">fixedResponse</span><span class="p">(</span><span class="mi">200</span><span class="p">,</span> <span class="p">{</span> <span class="na">contentType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">text/plain</span><span class="dl">'</span><span class="p">,</span> <span class="na">messageBody</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Hello, world!</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="c1">// Add EC2 instances in the private subnets</span> <span class="kd">const</span> <span class="nx">ec2Instance1</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">ec2</span><span class="p">.</span><span class="nc">Instance</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">EC2Instance1</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="na">instanceType</span><span class="p">:</span> <span class="nb">InstanceType</span><span class="p">.</span><span class="k">of</span><span class="p">(</span><span class="nx">InstanceClass</span><span class="p">.</span><span class="nx">T2</span><span class="p">,</span> <span class="nx">InstanceSize</span><span class="p">.</span><span class="nx">MICRO</span><span class="p">),</span> <span class="na">machineImage</span><span class="p">:</span> <span class="nx">MachineImage</span><span class="p">.</span><span class="nf">latestAmazonLinux</span><span class="p">(),</span> <span class="na">vpcSubnets</span><span class="p">:</span> <span class="p">{</span> <span class="na">subnetType</span><span class="p">:</span> <span class="nx">SubnetType</span><span class="p">.</span><span class="nx">PRIVATE_WITH_NAT</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">ec2Instance2</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">ec2</span><span class="p">.</span><span class="nc">Instance</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">EC2Instance2</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="na">instanceType</span><span class="p">:</span> <span class="nb">InstanceType</span><span class="p">.</span><span class="k">of</span><span class="p">(</span><span class="nx">InstanceClass</span><span class="p">.</span><span class="nx">T2</span><span class="p">,</span> <span class="nx">InstanceSize</span><span class="p">.</span><span class="nx">MICRO</span><span class="p">),</span> <span class="na">machineImage</span><span class="p">:</span> <span class="nx">MachineImage</span><span class="p">.</span><span class="nf">latestAmazonLinux</span><span class="p">(),</span> <span class="na">vpcSubnets</span><span class="p">:</span> <span class="p">{</span> <span class="na">subnetType</span><span class="p">:</span> <span class="nx">SubnetType</span><span class="p">.</span><span class="nx">PRIVATE_WITH_NAT</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="c1">// Add the instances to the ALB target group</span> <span class="nx">listener</span><span class="p">.</span><span class="nf">addTargets</span><span class="p">(</span><span class="dl">'</span><span class="s1">EC2Targets</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">port</span><span class="p">:</span> <span class="mi">80</span><span class="p">,</span> <span class="na">targets</span><span class="p">:</span> <span class="p">[</span><span class="nx">ec2Instance1</span><span class="p">,</span> <span class="nx">ec2Instance2</span><span class="p">],</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Fixing CDK Code Errors </h2> <p>Create a CDK project and replace it with the code above.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>my-vpc <span class="nb">cd </span>my-vpc/ npx cdk init <span class="nt">-l</span> typescript </code></pre> </div> <p>Open it in an editor and fix the errors displayed.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--nyBSR2rW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://qiita-image-store.s3.ap-northeast-1.amazonaws.com/0/9964/c8edcb2b-adc7-f86d-66a5-17ee1c4eab10.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--nyBSR2rW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://qiita-image-store.s3.ap-northeast-1.amazonaws.com/0/9964/c8edcb2b-adc7-f86d-66a5-17ee1c4eab10.png" alt="image.png" width="800" height="765"></a></p> <p>Here is the corrected code.</p> <p>Fixed errors, deprecated parts, and added permission for ALB to EC2 traffic.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- import * as cdk from 'aws-cdk-lib'; import { Stack, StackProps } from 'aws-cdk-lib'; - import { Vpc, SubnetType, InstanceType, InstanceClass, InstanceSize, MachineImage } from 'aws-cdk-lib/aws-ec2'; + import { Vpc, SubnetType, InstanceType, InstanceClass, InstanceSize, MachineImage, Instance, Port } from 'aws-cdk-lib/aws-ec2'; import { ApplicationLoadBalancer, ApplicationProtocol, ListenerAction } from 'aws-cdk-lib/aws-elasticloadbalancingv2'; + import * as elbv2_tg from 'aws-cdk-lib/aws-elasticloadbalancingv2-targets' import { Construct } from 'constructs'; export class MyVpcStack extends Stack { constructor(scope: Construct, id: string, props?: StackProps) { super(scope, id, props); // Create a VPC const vpc = new Vpc(this, 'MyVpc', { maxAzs: 2, subnetConfiguration: [ { subnetType: SubnetType.PUBLIC, name: 'PublicSubnet', }, { - subnetType: SubnetType.PRIVATE_WITH_NAT, + subnetType: SubnetType.PRIVATE_WITH_EGRESS, name: 'PrivateSubnet', }, ], }); // Create an Application Load Balancer const alb = new ApplicationLoadBalancer(this, 'MyALB', { vpc, internetFacing: true, }); // Add a listener to the ALB const listener = alb.addListener('Listener', { protocol: ApplicationProtocol.HTTP, defaultAction: ListenerAction.fixedResponse(200, { contentType: 'text/plain', messageBody: 'Hello, world!', }), }); // Add EC2 instances in the private subnets - const ec2Instance1 = new ec2.Instance(this, 'EC2Instance1', { + const ec2Instance1 = new Instance(this, 'EC2Instance1', { vpc, instanceType: InstanceType.of(InstanceClass.T2, InstanceSize.MICRO), - machineImage: MachineImage.latestAmazonLinux(), + machineImage: MachineImage.latestAmazonLinux2023(), vpcSubnets: { - subnetType: SubnetType.PRIVATE_WITH_NAT, + subnetType: SubnetType.PRIVATE_WITH_EGRESS, }, }); + ec2Instance1.connections.allowFrom(alb, Port.tcp(80), 'Allow inbound traffic on port 80 from the ALB only'); - const ec2Instance1 = new ec2.Instance(this, 'EC2Instance2', { + const ec2Instance2 = new Instance(this, 'EC2Instance2', { vpc, instanceType: InstanceType.of(InstanceClass.T2, InstanceSize.MICRO), - machineImage: MachineImage.latestAmazonLinux(), + machineImage: MachineImage.latestAmazonLinux2023(), vpcSubnets: { - subnetType: SubnetType.PRIVATE_WITH_NAT, + subnetType: SubnetType.PRIVATE_WITH_EGRESS, }, }); + ec2Instance2.connections.allowFrom(alb, Port.tcp(80), 'Allow inbound traffic on port 80 from the ALB only'); // Add the instances to the ALB target group listener.addTargets('EC2Targets', { port: 80, - targets: [ec2Instance1, ec2Instance2], + targets: [new elbv2_tg.InstanceTarget(ec2Instance1), new elbv2_tg.InstanceTarget(ec2Instance2)], }); } } </code></pre> </div> <h2> Verify the Operation </h2> <p>Deploy it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>npx cdk deploy <span class="c"># Do you wish to deploy these changes (y/n)? y</span> <span class="c"># MyVpcStack: deploying... [1/1]</span> <span class="c"># MyVpcStack: creating CloudFormation changeset...</span> <span class="c"># ✅ MyVpcStack</span> <span class="c"># ✨ Deployment time: 222.7s</span> <span class="c"># Stack ARN:</span> <span class="c"># arn:aws:cloudformation:ap-northeast-1:xxxxxxxxxxxx:stack/MyVpcStack/9cebe450-1230-11ef-bf56-0a943cda165d</span> <span class="c"># ✨ Total time: 226.68s</span> </code></pre> </div> <p>Access the DNS name of the ALB.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl http://MyVpcS-MyALB-UrksBygjrlzv-1011360440.ap-northeast-1.elb.amazonaws.com <span class="c"># &lt;html&gt;</span> <span class="c"># &lt;head&gt;&lt;title&gt;502 Bad Gateway&lt;/title&gt;&lt;/head&gt;</span> <span class="c"># &lt;body&gt;</span> <span class="c"># &lt;center&gt;&lt;h1&gt;502 Bad Gateway&lt;/h1&gt;&lt;/center&gt;</span> <span class="c"># &lt;/body&gt;</span> <span class="c"># &lt;/html&gt;</span> </code></pre> </div> <p>Since no web server is configured, a 502 Bad Gateway is returned, but if you configure an EC2 instance, it should work properly.</p> <h2> Conclusion </h2> <p>I was able to generate CDK code from a sketch using GPT-4o. I was surprised that it could even read the instructions written in the image. Although there were errors in the generated code, I fixed them and confirmed it worked correctly.</p> <p>For production environments or other uses that require high quality, careful review is necessary, but it should be more than sufficient for prototyping and demonstrations.</p> generativeai gpt4o aws cdk Setting up a VPC Endpoint for yum with AWS CDK jhashimoto Thu, 28 Sep 2023 21:18:11 +0000 https://forem.com/jhashimoto/setting-up-a-vpc-endpoint-for-yum-with-aws-cdk-3a8o https://forem.com/jhashimoto/setting-up-a-vpc-endpoint-for-yum-with-aws-cdk-3a8o <p>Note: This article is an English translation of my original article, which you can find <a href="https://qiita.com/JHashimoto/items/dcc4aa9adb849e9a170d" rel="noopener noreferrer">here</a>.</p> <p>In this article, I demonstrate how to run <code>yum</code> in a private subnet using a VPC endpoint, taking the example of web server configuration via user data. I will also share sample code using AWS CDK.</p> <h2> Background and Objective </h2> <p>I set up a web server at the time of instance launch using user data.</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> yum update <span class="nt">-y</span> yum <span class="nb">install</span> <span class="nt">-y</span> httpd systemctl start httpd systemctl <span class="nb">enable </span>httpd <span class="nb">echo</span> <span class="s2">"This is a sample website."</span> <span class="o">&gt;</span> /var/www/html/index.html </code></pre> </div> <p>However, the <code>yum</code> command fails in environments without internet access. To resolve this issue, I place a VPC endpoint to use the Amazon Linux repository hosted on S3.</p> <p>By employing this method, I can set up a web server without internet access and without deploying a NAT gateway.</p> <p><a href="https://repost.aws/knowledge-center/ec2-al1-al2-update-yum-without-internet" rel="noopener noreferrer">Update yum on my AL1 or AL2 EC2 instance without internet access | AWS re:Post</a></p> <h2> Architecture </h2> <p>I deploy a gateway-type VPC endpoint for S3.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fqiita-image-store.s3.ap-northeast-1.amazonaws.com%2F0%2F9964%2F57720dfb-2dad-c970-ab2a-3fe665a067f7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fqiita-image-store.s3.ap-northeast-1.amazonaws.com%2F0%2F9964%2F57720dfb-2dad-c970-ab2a-3fe665a067f7.png" alt="image.png"></a></p> <p>I use an ALB as the public endpoint for the web server. I also set up VPC endpoints for SSM for remote connections.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fqiita-image-store.s3.ap-northeast-1.amazonaws.com%2F0%2F9964%2F6d33ed40-c6ef-0053-9154-7f3e93464ddc.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fqiita-image-store.s3.ap-northeast-1.amazonaws.com%2F0%2F9964%2F6d33ed40-c6ef-0053-9154-7f3e93464ddc.png" alt="image.png"></a></p> <h2> How to Use CDK </h2> <p>First, make sure to complete the setup for CDK.</p> <p>The official workshop provides a detailed procedure from setting up the development environment to deployment.</p> <p><a href="https://cdkworkshop.com/" rel="noopener noreferrer">AWS CDK Intro Workshop | AWS CDK Workshop</a></p> <h2> Sample Code </h2> <p>I create a CDK project and edit <code>lib/cdk-private-yum-sample-stack.ts</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">mkdir </span>cdk-private-yum-sample <span class="nb">cd </span>cdk-private-yum-sample cdk init <span class="nt">-l</span> typescript </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">Stack</span><span class="p">,</span> <span class="nx">StackProps</span><span class="p">,</span> <span class="nx">CfnOutput</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">ec2</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-ec2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">elbv2</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-elasticloadbalancingv2</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">elbv2_tg</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-elasticloadbalancingv2-targets</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">CdkPrivateYumSampleStack</span> <span class="kd">extends</span> <span class="nc">Stack</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">props</span><span class="p">?:</span> <span class="nx">StackProps</span><span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">props</span><span class="p">);</span> <span class="c1">// vpc</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">ec2</span><span class="p">.</span><span class="nc">Vpc</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">WebVpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">vpcName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">web-vpc</span><span class="dl">'</span><span class="p">,</span> <span class="na">ipAddresses</span><span class="p">:</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">IpAddresses</span><span class="p">.</span><span class="nf">cidr</span><span class="p">(</span><span class="dl">'</span><span class="s1">172.16.0.0/16</span><span class="dl">'</span><span class="p">),</span> <span class="na">natGateways</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="na">maxAzs</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">subnetConfiguration</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">cidrMask</span><span class="p">:</span> <span class="mi">24</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Public</span><span class="dl">'</span><span class="p">,</span> <span class="na">subnetType</span><span class="p">:</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">SubnetType</span><span class="p">.</span><span class="nx">PUBLIC</span> <span class="p">},</span> <span class="p">{</span> <span class="na">cidrMask</span><span class="p">:</span> <span class="mi">24</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Private</span><span class="dl">'</span><span class="p">,</span> <span class="na">subnetType</span><span class="p">:</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">SubnetType</span><span class="p">.</span><span class="nx">PRIVATE_ISOLATED</span> <span class="p">}</span> <span class="p">],</span> <span class="c1">// remove all rules from default security group</span> <span class="c1">// See: https://docs.aws.amazon.com/config/latest/developerguide/vpc-default-security-group-closed.html</span> <span class="na">restrictDefaultSecurityGroup</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="c1">// add private endpoints for session manager</span> <span class="nx">vpc</span><span class="p">.</span><span class="nf">addInterfaceEndpoint</span><span class="p">(</span><span class="dl">'</span><span class="s1">SsmEndpoint</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">service</span><span class="p">:</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">InterfaceVpcEndpointAwsService</span><span class="p">.</span><span class="nx">SSM</span><span class="p">,</span> <span class="p">});</span> <span class="nx">vpc</span><span class="p">.</span><span class="nf">addInterfaceEndpoint</span><span class="p">(</span><span class="dl">'</span><span class="s1">SsmMessagesEndpoint</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">service</span><span class="p">:</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">InterfaceVpcEndpointAwsService</span><span class="p">.</span><span class="nx">SSM_MESSAGES</span><span class="p">,</span> <span class="p">});</span> <span class="nx">vpc</span><span class="p">.</span><span class="nf">addInterfaceEndpoint</span><span class="p">(</span><span class="dl">'</span><span class="s1">Ec2MessagesEndpoint</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">service</span><span class="p">:</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">InterfaceVpcEndpointAwsService</span><span class="p">.</span><span class="nx">EC2_MESSAGES</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// add private endpoint for Amazon Linux repository on s3</span> <span class="nx">vpc</span><span class="p">.</span><span class="nf">addGatewayEndpoint</span><span class="p">(</span><span class="dl">'</span><span class="s1">S3Endpoint</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">service</span><span class="p">:</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">GatewayVpcEndpointAwsService</span><span class="p">.</span><span class="nx">S3</span><span class="p">,</span> <span class="na">subnets</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">subnetType</span><span class="p">:</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">SubnetType</span><span class="p">.</span><span class="nx">PRIVATE_ISOLATED</span> <span class="p">}</span> <span class="p">]</span> <span class="p">});</span> <span class="c1">//</span> <span class="c1">// security groups</span> <span class="c1">//</span> <span class="kd">const</span> <span class="nx">albSg</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">ec2</span><span class="p">.</span><span class="nc">SecurityGroup</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">AlbSg</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="na">allowAllOutbound</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">security group for alb</span><span class="dl">'</span> <span class="p">})</span> <span class="nx">albSg</span><span class="p">.</span><span class="nf">addIngressRule</span><span class="p">(</span><span class="nx">ec2</span><span class="p">.</span><span class="nx">Peer</span><span class="p">.</span><span class="nf">anyIpv4</span><span class="p">(),</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">Port</span><span class="p">.</span><span class="nf">tcp</span><span class="p">(</span><span class="mi">80</span><span class="p">),</span> <span class="dl">'</span><span class="s1">allow http traffic from anyone</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">ec2Sg</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">ec2</span><span class="p">.</span><span class="nc">SecurityGroup</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">WebEc2Sg</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">vpc</span><span class="p">,</span> <span class="na">allowAllOutbound</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">security group for a web server</span><span class="dl">'</span> <span class="p">})</span> <span class="nx">ec2Sg</span><span class="p">.</span><span class="nx">connections</span><span class="p">.</span><span class="nf">allowFrom</span><span class="p">(</span><span class="nx">albSg</span><span class="p">,</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">Port</span><span class="p">.</span><span class="nf">tcp</span><span class="p">(</span><span class="mi">80</span><span class="p">),</span> <span class="dl">'</span><span class="s1">allow http traffic from alb</span><span class="dl">'</span><span class="p">)</span> <span class="c1">//</span> <span class="c1">// web servers</span> <span class="c1">//</span> <span class="kd">const</span> <span class="nx">userData</span> <span class="o">=</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">UserData</span><span class="p">.</span><span class="nf">forLinux</span><span class="p">({</span> <span class="na">shebang</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#!/bin/bash</span><span class="dl">'</span><span class="p">,</span> <span class="p">})</span> <span class="nx">userData</span><span class="p">.</span><span class="nf">addCommands</span><span class="p">(</span> <span class="c1">// setup httpd</span> <span class="dl">'</span><span class="s1">yum update -y</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">yum install -y httpd</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">systemctl start httpd</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">systemctl enable httpd</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">echo "This is a sample website." &gt; /var/www/html/index.html</span><span class="dl">'</span><span class="p">,</span> <span class="p">)</span> <span class="c1">// launch one instance per az</span> <span class="kd">const</span> <span class="nx">targets</span><span class="p">:</span> <span class="nx">elbv2_tg</span><span class="p">.</span><span class="nx">InstanceTarget</span><span class="p">[]</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Array</span><span class="p">();</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="p">[</span><span class="nx">idx</span><span class="p">,</span> <span class="nx">az</span><span class="p">]</span> <span class="k">of</span> <span class="nx">vpc</span><span class="p">.</span><span class="nx">availabilityZones</span><span class="p">.</span><span class="nf">entries</span><span class="p">())</span> <span class="p">{</span> <span class="nx">targets</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span> <span class="k">new</span> <span class="nx">elbv2_tg</span><span class="p">.</span><span class="nc">InstanceTarget</span><span class="p">(</span> <span class="k">new</span> <span class="nx">ec2</span><span class="p">.</span><span class="nc">Instance</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="s2">`WebEc2</span><span class="p">${</span><span class="nx">idx</span> <span class="o">+</span> <span class="mi">1</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">instanceName</span><span class="p">:</span> <span class="s2">`web-ec2-</span><span class="p">${</span><span class="nx">idx</span> <span class="o">+</span> <span class="mi">1</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="c1">// web-ec2-1, web-ec2-2, ...</span> <span class="na">instanceType</span><span class="p">:</span> <span class="nx">ec2</span><span class="p">.</span><span class="nb">InstanceType</span><span class="p">.</span><span class="k">of</span><span class="p">(</span><span class="nx">ec2</span><span class="p">.</span><span class="nx">InstanceClass</span><span class="p">.</span><span class="nx">T2</span><span class="p">,</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">InstanceSize</span><span class="p">.</span><span class="nx">MICRO</span><span class="p">),</span> <span class="na">machineImage</span><span class="p">:</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">MachineImage</span><span class="p">.</span><span class="nf">latestAmazonLinux2023</span><span class="p">(),</span> <span class="nx">vpc</span><span class="p">,</span> <span class="na">vpcSubnets</span><span class="p">:</span> <span class="nx">vpc</span><span class="p">.</span><span class="nf">selectSubnets</span><span class="p">({</span> <span class="na">subnetType</span><span class="p">:</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">SubnetType</span><span class="p">.</span><span class="nx">PRIVATE_ISOLATED</span><span class="p">,</span> <span class="p">}),</span> <span class="na">availabilityZone</span><span class="p">:</span> <span class="nx">az</span><span class="p">,</span> <span class="na">securityGroup</span><span class="p">:</span> <span class="nx">ec2Sg</span><span class="p">,</span> <span class="na">blockDevices</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">deviceName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/dev/xvda</span><span class="dl">'</span><span class="p">,</span> <span class="na">volume</span><span class="p">:</span> <span class="nx">ec2</span><span class="p">.</span><span class="nx">BlockDeviceVolume</span><span class="p">.</span><span class="nf">ebs</span><span class="p">(</span><span class="mi">8</span><span class="p">,</span> <span class="p">{</span> <span class="na">encrypted</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}),</span> <span class="p">},</span> <span class="p">],</span> <span class="nx">userData</span><span class="p">,</span> <span class="na">ssmSessionPermissions</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">propagateTagsToVolumeOnCreation</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">})</span> <span class="p">)</span> <span class="p">);</span> <span class="p">}</span> <span class="c1">//</span> <span class="c1">// alb</span> <span class="c1">//</span> <span class="kd">const</span> <span class="nx">alb</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">elbv2</span><span class="p">.</span><span class="nc">ApplicationLoadBalancer</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Alb</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">internetFacing</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="nx">vpc</span><span class="p">,</span> <span class="na">vpcSubnets</span><span class="p">:</span> <span class="p">{</span> <span class="na">subnets</span><span class="p">:</span> <span class="nx">vpc</span><span class="p">.</span><span class="nx">publicSubnets</span> <span class="p">},</span> <span class="na">securityGroup</span><span class="p">:</span> <span class="nx">albSg</span> <span class="p">})</span> <span class="kd">const</span> <span class="nx">listener</span> <span class="o">=</span> <span class="nx">alb</span><span class="p">.</span><span class="nf">addListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">HttpListener</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">port</span><span class="p">:</span> <span class="mi">80</span><span class="p">,</span> <span class="na">protocol</span><span class="p">:</span> <span class="nx">elbv2</span><span class="p">.</span><span class="nx">ApplicationProtocol</span><span class="p">.</span><span class="nx">HTTP</span> <span class="p">})</span> <span class="nx">listener</span><span class="p">.</span><span class="nf">addTargets</span><span class="p">(</span><span class="dl">'</span><span class="s1">WebEc2Target</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">targets</span><span class="p">,</span> <span class="na">port</span><span class="p">:</span> <span class="mi">80</span> <span class="p">})</span> <span class="k">new</span> <span class="nc">CfnOutput</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">TestCommand</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">value</span><span class="p">:</span> <span class="s2">`curl http://</span><span class="p">${</span><span class="nx">alb</span><span class="p">.</span><span class="nx">loadBalancerDnsName</span><span class="p">}</span><span class="s2">`</span> <span class="p">})</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>To deploy, execute:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> cdk deploy </code></pre> </div> <p>As a side note, the combination of CDK and GitHub Copilot offers an excellent development experience, and I highly recommend it.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fqiita-image-store.s3.ap-northeast-1.amazonaws.com%2F0%2F9964%2F481587fe-f33d-c5b8-995e-a660bebcefd4.gif" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fqiita-image-store.s3.ap-northeast-1.amazonaws.com%2F0%2F9964%2F481587fe-f33d-c5b8-995e-a660bebcefd4.gif" alt="dev-ssm-endpoints-with-copilot.gif"></a></p> <p>Sample code is placed here:</p> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev.to%2Fassets%2Fgithub-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg" alt="GitHub logo"> <a href="https://github.com/JHashimoto0518" rel="noopener noreferrer"> JHashimoto0518 </a> / <a href="https://github.com/JHashimoto0518/cdk-private-yum-sample" rel="noopener noreferrer"> cdk-private-yum-sample </a> </h2> <h3> This is a sample of using CDK to build a private endpoint for yum on EC2 instances. </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <div class="markdown-heading"> <h1 class="heading-element">cdk private yum sample</h1> </div> <p>This is a sample of using CDK to build a private endpoint for yum on EC2 instances.</p> <div class="markdown-heading"> <h2 class="heading-element">diagrams</h2> </div> <div class="markdown-heading"> <h3 class="heading-element">yum execution</h3> </div> <p><a rel="noopener noreferrer" href="https://github.com/JHashimoto0518/cdk-private-yum-sample./diagrams/yum-traffic.png"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2FJHashimoto0518%2Fcdk-private-yum-sample.%2Fdiagrams%2Fyum-traffic.png" alt="diagram"></a></p> <div class="markdown-heading"> <h3 class="heading-element">http(s) request</h3> </div> <p><a rel="noopener noreferrer" href="https://github.com/JHashimoto0518/cdk-private-yum-sample./diagrams/http-traffic.png"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2FJHashimoto0518%2Fcdk-private-yum-sample.%2Fdiagrams%2Fhttp-traffic.png" alt="diagram"></a></p> <div class="markdown-heading"> <h2 class="heading-element">Articles</h2> </div> <div class="markdown-heading"> <h3 class="heading-element">Japanese</h3> </div> <p><a href="https://qiita.com/JHashimoto/items/dcc4aa9adb849e9a170d" rel="nofollow noopener noreferrer">yum用のVPCエンドポイントをCDKで構成してみた - Qiita</a></p> </div> <br> <br> </div> <br> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/JHashimoto0518/cdk-private-yum-sample" rel="noopener noreferrer">View on GitHub</a></div> <br> </div> <br> <p>Tested on the following version:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span>cdk <span class="nt">--version</span> 2.81.0 <span class="o">(</span>build bd920f2<span class="o">)</span> </code></pre> </div> <h2> Testing </h2> <p>First, I verify the web server's operation.</p> <p>I connect via the session manager and confirm that it returns responses to HTTP requests. (Sorry, the screenshot is in Japanese)</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fqiita-image-store.s3.ap-northeast-1.amazonaws.com%2F0%2F9964%2F8195784c-67ab-db61-296c-dd284d7c0d52.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fqiita-image-store.s3.ap-northeast-1.amazonaws.com%2F0%2F9964%2F8195784c-67ab-db61-296c-dd284d7c0d52.png" alt="image.png"></a></p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> sh-4.2<span class="nv">$ </span>curl http://localhost/ This is a sample website. </code></pre> </div> <p>Next, I carry out an end-to-end test.</p> <p>After CDK deployment, a test command appears in the terminal. I copy and run it.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fqiita-image-store.s3.ap-northeast-1.amazonaws.com%2F0%2F9964%2Ff8f6baa9-4acf-ad64-5137-b8d7bb468ed2.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fqiita-image-store.s3.ap-northeast-1.amazonaws.com%2F0%2F9964%2Ff8f6baa9-4acf-ad64-5137-b8d7bb468ed2.png" alt="image.png"></a></p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span>curl http://CdkPr-alb8A-1UPL742M6H83S-1170769314.ap-northeast-1.elb.amazonaws.com This is a sample website. </code></pre> </div> <p>I verify that the ALB returns the response as expected.</p> <h2> Conclusion </h2> <p>By utilizing VPC endpoints, I can run <code>yum</code> in an environment without internet access. Additionally, using CDK improves the development experience and speeds up the building process.</p> aws cdk yum vpcendpoint How to Easily Try Out boto3 Interactively in AWS CloudShell jhashimoto Sat, 23 Sep 2023 05:26:52 +0000 https://forem.com/jhashimoto/how-to-easily-try-out-boto3-interactively-in-aws-cloudshell-3ic5 https://forem.com/jhashimoto/how-to-easily-try-out-boto3-interactively-in-aws-cloudshell-3ic5 <p>Note: This article is an English translation of my original article, which you can find <a href="https://qiita.com/JHashimoto/items/39fedf3ca5493f77aace">here</a>.</p> <h2> Introduction </h2> <p>In this article, I will explain how to interactively use the Python SDK, boto3, in AWS CloudShell.</p> <p>CloudShell comes pre-installed with Python and boto3. Additionally, because CloudShell inherits authentication information from the Management Console, you don't need to explicitly pass credentials to boto3, eliminating the need for setup.</p> <p>This technique is also highly useful for not only manipulating AWS resources but also for trying out boto3 APIs.</p> <h2> What is AWS CloudShell? </h2> <p>AWS CloudShell is a browser-based shell environment that can be accessed directly from the Management Console. It comes pre-installed with AWS CLI, various SDKs, and other shell utilities.</p> <p><a href="https://docs.aws.amazon.com/cloudshell/latest/userguide/welcome.html">What is AWS CloudShell? - AWS CloudShell</a></p> <h2> What is boto3? </h2> <p>boto3 is the Python version of the AWS SDK. It is a Python library for programmatic access to AWS resources.</p> <p><a href="https://aws.amazon.com/sdk-for-python/">AWS SDK for Python</a></p> <h2> How to Interactively Run boto3 </h2> <p>The steps for interactively running boto3 using AWS CloudShell are as follows:</p> <h3> 1. Launch CloudShell </h3> <p>After logging into the Management Console, click the CloudShell icon (<code>&gt;.</code>) located in the header.</p> <h3> 2. Launch Python Interpreter </h3> <p>Once the shell launches, activate the Python interpreter by executing the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python3 </code></pre> </div> <p>Once the interpreter is launched, you'll see a <code>&gt;&gt;&gt;</code> prompt.</p> <p>Example Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>cloudshell-user@ip-xx-x-xx-xxx ~]<span class="nv">$ </span>python3 Python 3.7.16 <span class="o">(</span>default, Aug 30 2023, 20:37:53<span class="o">)</span> <span class="o">[</span>GCC 7.3.1 20180712 <span class="o">(</span>Red Hat 7.3.1-15<span class="o">)]</span> on linux Type <span class="s2">"help"</span>, <span class="s2">"copyright"</span>, <span class="s2">"credits"</span> or <span class="s2">"license"</span> <span class="k">for </span>more information. <span class="o">&gt;&gt;&gt;</span> </code></pre> </div> <p>You can interactively try out various Python functionalities and boto3 APIs until you exit the interpreter. All subsequent commands will be executed in this interpreter.</p> <p><strong>Note:</strong> The interpreter supports tab completion.</p> <h3> 3. Import boto3 </h3> <p>Execute the following command to import boto3:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="nn">boto3</span> </code></pre> </div> <h3> 4. Initialize Session </h3> <p>Initialize a boto3 session. The authentication information and the region are inherited from the Management Console, but you can also specify them explicitly.</p> <p>Example to specify the Tokyo region:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">sess</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="n">Session</span><span class="p">(</span><span class="n">region_name</span><span class="o">=</span><span class="s">'ap-northeast-1'</span><span class="p">)</span> </code></pre> </div> <p>It's also possible to pass authentication information when initializing the session, but I'll omit that detail in this article.</p> <h3> 5. Manipulate AWS Resources </h3> <p>Once the session is established, you can operate various AWS resources.</p> <p>For example, to list all security groups:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">ec2</span> <span class="o">=</span> <span class="n">sess</span><span class="p">.</span><span class="n">client</span><span class="p">(</span><span class="s">'ec2'</span><span class="p">)</span> <span class="n">res</span> <span class="o">=</span> <span class="n">ec2</span><span class="p">.</span><span class="n">describe_security_groups</span><span class="p">()</span> <span class="k">print</span><span class="p">(</span><span class="n">res</span><span class="p">)</span> </code></pre> </div> <p>Example Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">{</span><span class="s">'SecurityGroups'</span><span class="p">:</span> <span class="p">[{</span><span class="s">'Description'</span><span class="p">:</span> <span class="s">'for test'</span><span class="p">,</span> <span class="s">'GroupName'</span><span class="p">:</span> <span class="s">'test-sg'</span><span class="p">,</span> <span class="s">'IpPermissions'</span><span class="p">:</span> <span class="p">[],</span> <span class="p">...</span> </code></pre> </div> <p>If you find the JSON output hard to read, you can format it using Python's <code>json</code> module. Specifically, you can use the <code>indent</code> argument of the <code>json.dumps()</code> function to output the data in a neatly formatted manner.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="nn">json</span> <span class="k">print</span><span class="p">(</span><span class="n">json</span><span class="p">.</span><span class="n">dumps</span><span class="p">(</span><span class="n">res</span><span class="p">,</span> <span class="n">indent</span><span class="o">=</span><span class="mi">2</span><span class="p">))</span> </code></pre> </div> <p>Example Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">{</span> <span class="s">"SecurityGroups"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="s">"Description"</span><span class="p">:</span> <span class="s">"for test"</span><span class="p">,</span> <span class="s">"GroupName"</span><span class="p">:</span> <span class="s">"test-sg"</span><span class="p">,</span> <span class="s">"IpPermissions"</span><span class="p">:</span> <span class="p">[],</span> <span class="s">"OwnerId"</span><span class="p">:</span> <span class="s">"3328xxxxxxxx"</span><span class="p">,</span> <span class="s">"GroupId"</span><span class="p">:</span> <span class="s">"sg-xxxxxxxxxxxxxxxxx"</span><span class="p">,</span> <span class="s">"IpPermissionsEgress"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="s">"IpProtocol"</span><span class="p">:</span> <span class="s">"-1"</span><span class="p">,</span> <span class="s">"IpRanges"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="s">"CidrIp"</span><span class="p">:</span> <span class="s">"172.24.1.1/32"</span><span class="p">,</span> <span class="s">"Description"</span><span class="p">:</span> <span class="s">"allow 172.24.1.1/32"</span> <span class="p">}</span> <span class="p">],</span> <span class="s">"Ipv6Ranges"</span><span class="p">:</span> <span class="p">[],</span> <span class="s">"PrefixListIds"</span><span class="p">:</span> <span class="p">[],</span> <span class="s">"UserIdGroupPairs"</span><span class="p">:</span> <span class="p">[]</span> <span class="p">}</span> <span class="p">],</span> <span class="s">"VpcId"</span><span class="p">:</span> <span class="s">"vpc-xxxxxxxxxxxxxxxxx"</span> <span class="p">},</span> <span class="p">...</span> </code></pre> </div> <h3> 6. Exit the Interpreter </h3> <p>Finally, exit the interpreter by typing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">quit</span><span class="p">()</span> </code></pre> </div> <h2> Summary </h2> <p>In this article, I explored how to interactively manipulate AWS resources using AWS CloudShell and boto3.</p> <p>With CloudShell, you can use boto3 without any setup. Furthermore, using the Python interpreter, you can interactively try out boto3 APIs.</p> aws boto3 cloudshell python How to fix "jq: error string and number cannot be added" in AWS CloudShell? jhashimoto Fri, 03 Feb 2023 21:16:36 +0000 https://forem.com/jhashimoto/how-to-fix-jq-error-string-and-number-cannot-be-added-in-aws-cloudshell-2863 https://forem.com/jhashimoto/how-to-fix-jq-error-string-and-number-cannot-be-added-in-aws-cloudshell-2863 <p>Note: This article is an English translation of my original article, which you can find <a href="https://qiita.com/JHashimoto/items/85bf0ecac0d6fea61311" rel="noopener noreferrer">here</a>.</p> <h2> Overview </h2> <p>This article describes the causes and solutions to the error when using jq join in AWS CloudShell.</p> <h2> jq error in AWS CloudShell </h2> <p>This section describes an error that occurs when using jq in AWS CloudShell.</p> <p>If you try to join an array that contains numbers, you will get <code>jq: error string and number cannot be added</code>.</p> <p>Expected:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span><span class="nb">echo</span> <span class="s1">'["example",0]'</span> | jq <span class="s1">'join(".")'</span> <span class="s2">"example.0"</span> </code></pre> </div> <p>Actual:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span><span class="nb">echo</span> <span class="s1">'["example",0]'</span> | jq <span class="s1">'join(".")'</span> jq: error <span class="o">(</span>at &lt;stdin&gt;:1<span class="o">)</span>: string <span class="o">(</span><span class="s2">"."</span><span class="o">)</span> and number <span class="o">(</span>0<span class="o">)</span> cannot be added </code></pre> </div> <h2> Cause </h2> <p>This section describes the cause of this error.</p> <p>The version of jq preinstalled in CloudShell is 1.5<sup id="fnref1">1</sup>.</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span>jq <span class="nt">--version</span> jq-1.5 </code></pre> </div> <p>A bug in the 1.5 version of join does not convert number types into strings, resulting in this error.</p> <p><a href="https://github.com/stedolan/jq/blob/jq-1.5/builtin.c#L1422" rel="noopener noreferrer">L1422 - jq/builtin.c at jq-1.5 · stedolan/jq</a></p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code> <span class="s">"def join($x): reduce .[] as $i (null; (.//</span><span class="se">\"\"</span><span class="s">) + (if . == null then $i else $x + $i end))//</span><span class="se">\"\"</span><span class="s">;"</span><span class="p">,</span> </code></pre> </div> <p>Note:</p> <p>Ver 1.6 fixed this bug. You can confirm that in the joined source, which converts the type number to a string with <code>tostring</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> def <span class="nb">join</span><span class="o">(</span><span class="nv">$x</span><span class="o">)</span>: reduce .[] as <span class="nv">$i</span> <span class="o">(</span>null<span class="p">;</span> <span class="o">(</span><span class="k">if</span> .<span class="o">==</span>null <span class="k">then</span> <span class="s2">""</span> <span class="k">else</span> .+<span class="nv">$x</span> end<span class="o">)</span> + <span class="o">(</span><span class="nv">$i</span> | <span class="k">if </span><span class="nb">type</span><span class="o">==</span><span class="s2">"boolean"</span> or <span class="nb">type</span><span class="o">==</span><span class="s2">"number"</span> <span class="k">then </span>tostring <span class="k">else</span> .//<span class="s2">""</span> end<span class="o">)</span> <span class="o">)</span> // <span class="s2">""</span><span class="p">;</span> </code></pre> </div> <p>The issue:</p> <div class="ltag_github-liquid-tag"> <h1> <a href="https://github.com/jqlang/jq/issues/1595" rel="noopener noreferrer"> <img class="github-logo" alt="GitHub logo" src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev.to%2Fassets%2Fgithub-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg"> <span class="issue-title"> string and number cannot be used for join() </span> <span class="issue-number">#1595</span> </a> </h1> <div class="github-thread"> <div class="timeline-comment-header"> <a href="https://github.com/jpcarey" rel="noopener noreferrer"> <img class="github-liquid-tag-img" src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Favatars.githubusercontent.com%2Fu%2F5118470%3Fv%3D4" alt="jpcarey avatar"> </a> <div class="timeline-comment-header-text"> <strong> <a href="https://github.com/jpcarey" rel="noopener noreferrer">jpcarey</a> </strong> posted on <a href="https://github.com/jqlang/jq/issues/1595" rel="noopener noreferrer"><time>Feb 06, 2018</time></a> </div> </div> <div class="ltag-github-body"> <p>If you run the <code>join</code> example, it errors:</p> <pre><code>jq: error (at &lt;stdin&gt;:0): string (" ") and number (1) cannot be added exit status 5 </code></pre> <p> <code>jq 'join(" ")'</code> input: <code>["a",1,2.3,true,null,false]</code> output: <code>"a 1 2.3 true false"</code></p> <p>version 1.5</p> <p>From the docs:</p> <blockquote> <p>Numbers and booleans in the input are converted to strings. Null values are treated as empty strings. Arrays and objects in the input are not supported.</p> </blockquote> </div> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/jqlang/jq/issues/1595" rel="noopener noreferrer">View on GitHub</a></div> </div> </div> <h2> Solution 1 </h2> <p>I would describe two means of resolving this error.</p> <p>First, I explain how to fix it to work with jq1.5.</p> <p>If you convert the number to a string before passing it to join, it will work as expected in 1.5. And, of course, it also works fine with 1.6.</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span><span class="nb">echo</span> <span class="s1">'["example",0]'</span> | jq <span class="s1">'map(.|tostring) | join(".")'</span> <span class="s2">"example.0"</span> </code></pre> </div> <h2> Solution 2 </h2> <p>Next, I explain how to install jq1.6 in CloudShell.</p> <p>However, the yum provided with CloudShell does not upgrade the pre-installed jq<sup id="fnref2">2</sup>, so you will download the binary in an appropriate directory.</p> <p>Note: (about directory persistence) </p> <p>Please note that if you place binary files in <code>/usr/bin</code>, the files will be deleted when CloudShell is restarted.</p> <p>If you place the file in your home directory, the data will be persistent, but please note that the file will be deleted when you do not use that CloudShell environment for more than 120 days.</p> <p><a href="https://docs.aws.amazon.com/cloudshell/latest/userguide/limits.html#persistent-storage-limitations" rel="noopener noreferrer">Service quotas and restrictions for AWS CloudShell - AWS CloudShell</a></p> <h3> Practical Examples </h3> <p>Here is a concrete example to explanate the solution.</p> <p>Create an installation directory in your home directory and download the binary. Of course, the directory is arbitrary, but here we assume <code>jq1.6</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">cd</span> ~ <span class="nb">mkdir </span>jq1.6 <span class="nb">cd </span>jq1.6 wget <span class="nt">-O</span> jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 <span class="nb">chmod</span> +x ./jq </code></pre> </div> <p>As mentioned earlier, this bug has been Fixed in 1.6, so it works as expected.</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span>~/jq1.6/jq <span class="nt">--version</span> jq-1.6 <span class="nv">$ </span><span class="nb">echo</span> <span class="s1">'["example",0]'</span> | ~/jq1.6/jq <span class="s1">'join(".")'</span> <span class="s2">"example.0"</span> </code></pre> </div> <p>It is helpful to set up an alias.</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span><span class="nb">echo</span> <span class="s2">"alias jq=~/jq1.6/jq"</span> <span class="o">&gt;&gt;</span> ~/.bashrc <span class="nv">$ </span><span class="nb">.</span> ~/.bashrc <span class="c"># Reflect the alias in the shell where you are logged in:</span> <span class="nv">$ </span><span class="nb">echo</span> <span class="s1">'["example",0]'</span> | jq <span class="s1">'join(".")'</span> <span class="s2">"example.0"</span> </code></pre> </div> <h3> To run as a shell script </h3> <p>Note that when running as a shell script, the login shell environment is not inherited, so the alias is undefined, and it executes with jq 1.5.</p> <p><code>./join.sh</code>:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> #!/bin/bash echo '["example",0]' | jq 'join(".")' </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span>bash ./join.sh jq: error <span class="o">(</span>at &lt;stdin&gt;:1<span class="o">)</span>: string <span class="o">(</span><span class="s2">"."</span><span class="o">)</span> and number <span class="o">(</span>0<span class="o">)</span> cannot be added </code></pre> </div> <p>In this case, if you specify interactive behavior with the <code>-i</code> option, the shell in the execution environment will read <code>~/.bashrc</code> and execute the script, as expected.</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span>bash <span class="nt">-i</span> ./join.sh <span class="s2">"example.0"</span> </code></pre> </div> <h2> Conclusion </h2> <p>This section summarizes how to deal with the error when using jq in CloudShell.</p> <p>I have described two solutions.</p> <p>Solution 1 has the advantage of not requiring any changes to the CloudShell environment and is portable as it works with both 1.5 and 1.6. <sup id="fnref3">3</sup></p> <p>Solution 2, however, has the advantage of running on 1.6, so it can also handle behaviors other than join error.</p> <p>One of the changes other than join in 1.6:</p> <p><a href="https://shogo82148-github-io.translate.goog/blog/2022/04/25/2022-04-25-jq-program/?_x_tr_sl=ja&amp;_x_tr_tl=en&amp;_x_tr_hl=ja&amp;_x_tr_pto=wapp" rel="noopener noreferrer">Different behavior when omitting jq arguments</a></p> <p>Please use one of these methods depending on your situation.</p> <h2> Reference </h2> <div class="ltag__stackexchange--container"> <div class="ltag__stackexchange--title-container"> <div class="ltag__stackexchange--title"> <div class="ltag__stackexchange--header"> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev.to%2Fassets%2Fstackoverflow-logo-b42691ae545e4810b105ee957979a853a696085e67e43ee14c5699cf3e890fb4.svg" alt=""> <a href="https://stackoverflow.com/questions/46911763/jq-error-number-and-string-cannot-be-added" rel="noopener noreferrer"> jq: error: number and string cannot be added </a> </div> <div class="ltag__stackexchange--post-metadata"> <span>Oct 24 '17</span> <span>Comments: 1</span> <span>Answers: 4</span> </div> </div> <a class="ltag__stackexchange--score-container" href="https://stackoverflow.com/questions/46911763/jq-error-number-and-string-cannot-be-added" rel="noopener noreferrer"> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev.to%2Fassets%2Fstackexchange-arrow-up-eff2e2849e67d156181d258e38802c0b57fa011f74164a7f97675ca3b6ab756b.svg" alt=""> <div class="ltag__stackexchange--score-number"> 28 </div> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev.to%2Fassets%2Fstackexchange-arrow-down-4349fac0dd932d284fab7e4dd9846f19a3710558efde0d2dfd05897f3eeb9aba.svg" alt=""> </a> </div> <div class="ltag__stackexchange--body"> <p>I'd like to print the value of members and id from below jq output:</p> <pre><code>$ cat test_|jq -r '.[] | select(.name=="AAA") | .' { "name": "AAA", "members": 10, "profiles": 0, "templates": 0, "ldapGroups": 0, "ldapMembers": 0, "id": "20" } </code></pre> <p>Unfortunately it works for one of each only:</p> <pre><code>$ cat test_|jq</code></pre>… </div> <div class="ltag__stackexchange--btn--container"> <a href="https://stackoverflow.com/questions/46911763/jq-error-number-and-string-cannot-be-added" class="ltag__stackexchange--btn" rel="noopener noreferrer">Open Full Question</a> </div> </div> <ol> <li id="fn1"> <p>This is the version at the time of the article submission. It may be upgraded in the future. ↩</p> </li> <li id="fn2"> <p>I confirmed with AWS support. ↩</p> </li> <li id="fn3"> <p>If you have a development PC or other environment where you can install freely, you will likely install the latest version, 1.6. ↩</p> </li> </ol> aws jq cloudshell