Amazon Web Services support
Amazon Web Services SDK
The Python library boto3 for the AWS SDK is supported. The Python library aws-cdk (v1 and v2) is only supported for AWS Lambdas.
AWS Lambda in AWS deployment frameworks
The AWS Lambda functions declared in deployment framework configuration files are analyzed by a different extensions (com.castsoftware.cloudconfig). The Python analyzer will be responsible, however, of creating the link between Lambda Function objects having the runtime property value consistent with a python runtime (python3.5, …) and the corresponding handler (a Python method object) during the application-level analysis step. It is highly recommended to add the com.castsoftware.cloudconfig extension so that proper migration of AWS objects takes place upon upgrading com.castsoftware.python extension from versions < 1.4.0-beta7.
Available in 1.4.0-beta6 and below (deprecated)
Serverless framework, Serverless Application Model (SAM), and
Cloudformation are supported. These are frameworks using *.yml and
*.yaml (or *.json, currently not supported in this extension) file to
set up AWS environment.
Whenever the runtime set in these files is pythonX.Y,
the com.castsoftware.python extension is responsible for creating the
corresponding Python AWS Lambda Function, Python AWS Lambda Operation
(which represent AWS APIGateway events), and Python AWS Simple Queue
objects.
Example
In the .yml deployment file below (taken from the Serverless examples for AWS) a Lambda function is defined (hello) and the handler’s method name is referred:
service: aws-python # NOTE: update this with your service name
frameworkVersion: '2'
provider:
name: aws
runtime: python3.8
lambdaHashingVersion: 20201221
functions:
hello:
handler: handler.hello
Where the Python code of the handler:
## handler.py
def hello(event, context):
body = {
"message": "Go Serverless v2.0! Your function executed successfully!",
"input": event,
}
return {"statusCode": 200, "body": json.dumps(body)}
The results in Enlighten:
AWS Lambda (Boto3)
Supported API methods (boto3) |
Link Type | Caller | Callee |
---|---|---|---|
|
callLink | Python callable artifact | Python Call to AWS Lambda Function |
|
Example
A simple example showing representation of an invocation of a AWS Lambda function:
def func():
lambda_client.invoke(FunctionName='otherfunctionname',
InvocationType='RequestResponse',
Payload=lambda_payload)
AWS SQS (Boto3)
Supported API methods (boto3) |
Link Type | Caller | Callee |
---|---|---|---|
|
callLink | Python callable artifact | Python AWS SQS Publisher |
|
callLink | Python AWS SQS Unknown Receiver |
Python callable artifact |
Code samples
In this code, the module sqs_send_message.py publishes a message into the “SQS_QUEUE_URL” queue and in sqs_receive_message.py is received:
## Adapted from https://boto3.amazonaws.com/v1/documentation/api/latest/guide/sqs-example-sending-receiving-msgs.html#example
## sqs_receive_message.py
import boto3
## Create SQS client
sqs = boto3.client('sqs')
queue_url = 'SQS_QUEUE_URL'
## Receive message from SQS queue
response = sqs.receive_message(QueueUrl=queue_url, ...)
and
## Adapted from https://boto3.amazonaws.com/v1/documentation/api/latest/guide/sqs-example-sending-receiving-msgs.html#example
## sqs_send_message.py
import boto3
## Create SQS client
sqs = boto3.client('sqs')
queue_url = 'SQS_QUEUE_URL'
## Send message to SQS queue
response = sqs.send_message(QueueUrl=queue_url, ...)
The results derived from the analysis of the above code can be seen Enlighten:
Click to enlarge
When the name of the queue passed to the API method calls is resolvable (either because of unavailability or because of technical limitations), the analyzer will create *Unknown *Publisher and Receive objects.
AWS SNS (Boto3)
There are two different APIs to manage SNS services, one based on a low-level client and the higher-level one based on resources.
Supported API methods (boto3) |
Link Type | Caller | Callee | Remarks |
---|---|---|---|---|
botocore.client.SNS.create_topic |
N/A | N/A | N/A |
Determines the topic |
botocore.client.SNS.publish | callLink | Python callable artifact |
Python AWS SNS Publisher, |
|
botocore.client.SNS.publish_batch | callLink | Python callable artifact | Python AWS SNS Publisher, Python AWS SNS Unknown Publisher |
|
botocore.client.SNS.subscribe | callLink | Python AWS SNS Receiver, |
Python Call to AWS Lambda Function, Python AWS SQS Publisher, Python SMS, Python Email |
|
boto3.resources.factory.sns.create_topic | N/A | N/A | N/A | Determines the topic |
boto3.resources.factory.sns.ServiceResource.Topic | N/A | N/A | N/A | Determines the topic |
boto3.resources.factory.sns.Topic.publish | callLink | Python callable artifact | Python AWS SNS Publisher, |
|
boto3.resources.factory.sns.Topic.subscribe | callLink | Python AWS SNS Receiver, |
Python Call to AWS Lambda Function, Python AWS SQS Publisher, Python SMS, Python Email | |
boto3.resources.factory.sns.PlatformEndpoint.publish | callLink | Python callable artifact | Python AWS SNS Publisher, |
The supported protocols are the following:
Protocol | Object/s created | Name of the object |
---|---|---|
Python AWS Email | an Email (the email addresses are not evaluated) | |
http/https | Python POST service request | the url (evaluated from the endpoint) |
lambda | Python Call to AWS Lambda Function | the name of the lambda function (evaluated from the endpoint) |
sms | Python AWS SMS | an SMS (the SMS numbers are not evaluated) |
sqs | Python AWS Simple Queue Service Publisher | the name of the queue (evaluated from the endpoint) |
Example
The code example below shows a basic usage of the boto3 library and the results as seen in Enlighten after analysis of the code.
import boto3
client = boto3.client('sns', region_name='eu-west-3')
topicArn1 = client.create_topic( Name = "TOPIC1")['TopicArn']
def publish(topic):
client.publish(TopicArn=topic, Message='<your message>')
def subscribe(topic):
client.subscribe(TopicArn=topic, Protocol="email", Endpoint="lili@lala.com")
client.subscribe(TopicArn=topic, Protocol="sms", Endpoint="123456789")
client.subscribe(TopicArn=topic, Protocol="sqs", Endpoint="arn:partition:service:region:account-id:queueName")
client.subscribe(TopicArn=topic, Protocol="http", Endpoint="http://foourl")
client.subscribe(TopicArn=topic, Protocol="lambda", Endpoint="fooarn:function:lambda_name:v2")
publish(topicArn1)
subscribe(topicArn1)
The callLink links between the Publisher and the respective Subscribers are created by the Web Services Linker extension during application level.
For each method a maximum of one subscriber per given topic will be created as shown in the image above. In the absence of a well-resolved topic, the analyzer will create Unknown Publishers and Subscribers. There is no link created between unknown objects.
We can also have direct sms deliveries from calls to publish API methods:
import boto3
AWS_REGION = "us-east-1"
def send_sms_from_resource():
sns = boto3.resource("sns", region_name=AWS_REGION)
platform_endpoint = sns.PlatformEndpoint('endpointArn')
platform_endpoint.publish(PhoneNumber='123456789')
def send_sms():
conn = boto3.client("sns", region_name=AWS_REGION)
conn.publish(PhoneNumber='123456789')
Where the corresponding objects and links are:
AWS DynamoDB (Boto3)
See DynamoDB support for Python source code.
AWS S3 (Boto3)
Supported API methods |
Link Type (CRUD-like) | Caller | Callee | Other effects |
---|---|---|---|---|
botocore.client.S3.put_object() |
useInsertLink | Python callable artifact | Python S3 Bucket, Python Unknown S3 Bucket |
|
botocore.client.S3.delete_bucket() |
useDeleteLink | Python callable artifact |
Python S3 Bucket. Python Unknown S3 Bucket |
|
botocore.client.S3.delete_object() |
||||
botocore.client.S3.delete_objects() | ||||
botocore.client.S3.get_object() |
useSelectLink | Python callable artifact | Python S3 Bucket, Python Unknown
S3 Bucket |
|
botocore.client.S3.get_object_torrent() |
||||
botocore.client.S3.list_objects() |
||||
botocore.client.S3.list_objects_v2() | ||||
botocore.client.S3.put_bucket_logging() |
useUpdateLink | Python callable artifact | Python S3 Bucket, Python Unknown S3 Bucket | |
botocore.client.S3.put_bucket_analytics_configuration() | ||||
Supported API methods() (botocore.client.S3) |
Link Type (generic) | Caller | Callee | Other effects |
botocore.client.S3.create_bucket() |
callLink | Python callable artifact | Python S3 Bucket, Python Unknown S3 Bucket |
Creation of S3 bucket |
abort_multipart_upload,
complete_multipart_upload, |
callLink | Python callable artifact | Python S3 Bucket, Python Unknown S3 Bucket |
In the absence of a create_bucket call, references to buckets in other method calls are used to create table objects. In the case the name is well resolved, a regular S3 Bucket is created, otherwise an Unknown S3 Bucket is created*.* A maximum of one Unknown S3 Bucket per file is created, however a maximum of one per project (as it is already the case in analyzers for other languages such as TypeScript) is under consideration by CAST.
The long list of methods added to the last arrow in the table above correspond to methods that act on S3 Buckets and presumably using the AWS SDK API behind the scenes (those few methods only acting on the boto3 client object are not considered).
AWS-CDK
AWS Lambda (AWS-CDK)
Supported API (aws_cdk, v1 and v2) |
Link type | Creates object (caller) |
Callee | Support details |
Remarks |
---|---|---|---|---|---|
aws_cdk.aws_lambda.Function | callLink | Python AWS Lambda Function | Python Method | ||
aws_cdk.aws_lambda.CfnFunction | callLink | Python AWS Lambda Function | Python Method | ||
aws_cdk.aws_lambda_python.PythonFunction | callLink | Python AWS Lambda Function | Python Method | default runtime = python | Only cdk v1 |
aws_cdk.aws_lambda_python_alpha.PythonFunction | callLink | Python AWS Lambda Function | Python Method | default runtime = python | Only cdk v2 |
aws_cdk.aws_lambda.Runtime | N/A | N/A | N/A | "from_image" not supported |
Determines the runtime |
aws_cdk.aws_lambda.Code.from_inline | N/A | N/A | N/A | code argument supported | Determines the handler |
aws_cdk.aws_lambda.Code.inline | N/A | N/A | N/A | code argument supported | Determines the handler (deprecated in cdk v1) |
aws_cdk.aws_lambda.Code.from_asset | N/A | N/A | N/A | path argument supported | Determines the handler |
aws_cdk.aws_lambda.Code.asset | N/A | N/A | N/A | path argument supported | Determines the handler (deprecated in cdk v1) |
aws_cdk.aws_lambda.InlineCode | N/A | N/A | N/A | code argument supported | Determines the handler |
aws_cdk.aws_lambda.AssetCode | N/A | N/A | N/A | path argument supported | Determines the handler |
aws_cdk.aws_lambda.AssetCode.from_asset | N/A | N/A | N/A | path argument supported | Determines the handler |
Limitations
- Monolithic pattern for lambda functions is not properly supported