Amazon Web Services support

Amazon Web Services SDK

The Python library boto3 for the AWS SDK is supported. The Python library aws-cdk (v1 and v2) is only supported for AWS Lambdas.

AWS Lambda in AWS deployment frameworks

The AWS Lambda functions declared in deployment framework configuration files are analyzed by a different extensions (com.castsoftware.cloudconfig). The Python analyzer will be responsible, however, of creating the link between Lambda Function objects having the runtime property value consistent with a python runtime (python3.5, …) and the corresponding handler (a Python method object) during the application-level analysis step. It is highly recommended to add the com.castsoftware.cloudconfig extension so that proper migration of AWS objects takes place upon upgrading com.castsoftware.python extension from versions < 1.4.0-beta7.

Available in 1.4.0-beta6 and below (deprecated)

Serverless framework, Serverless Application Model (SAM), and Cloudformation are supported. These are frameworks using *.yml and *.yaml (or *.json, currently not supported in this extension) file to set up AWS environment. 
Whenever the runtime set in these files is pythonX.Y, the com.castsoftware.python extension is responsible for creating the corresponding Python AWS Lambda Function, Python AWS Lambda Operation (which represent AWS APIGateway events), and Python AWS Simple Queue objects. 

Example

In the .yml deployment file below (taken from the Serverless examples for AWS) a Lambda function is defined (hello) and the handler’s method name is referred:

service: aws-python # NOTE: update this with your service name

frameworkVersion: '2'


provider:
  name: aws
  runtime: python3.8
  lambdaHashingVersion: 20201221

functions:
  hello:
    handler: handler.hello

Where the Python code of the handler:

## handler.py

def hello(event, context):
    body = {
        "message": "Go Serverless v2.0! Your function executed successfully!",
        "input": event,
    }

    return {"statusCode": 200, "body": json.dumps(body)}

The results in Enlighten:

AWS Lambda (Boto3)

Supported API methods (boto3)

Link Type Caller Callee
  • botocore.client.Lambda.invoke

callLink Python callable artifact

Python Call to AWS Lambda Function

  • botocore.client.Lambda.invoke_async

Example

A simple example showing representation of an invocation of a AWS Lambda function:

def func():
    lambda_client.invoke(FunctionName='otherfunctionname',
                     InvocationType='RequestResponse',
                     Payload=lambda_payload)

AWS SQS (Boto3)

Supported API methods (boto3)

Link Type Caller Callee
  • botocore.client.SQS.send_message

  • botocore.client.SQS.send_message_batch
callLink Python callable artifact

Python AWS SQS Publisher
Python AWS SQS Unknown Publisher

  • botocore.client.SQS.receive_message
callLink

Python AWS SQS Unknown Receiver
Python AWS SQS Receiver

Python callable artifact
Code samples

In this code, the module sqs_send_message.py publishes a message into the “SQS_QUEUE_URL” queue and in sqs_receive_message.py is received:

## Adapted from https://boto3.amazonaws.com/v1/documentation/api/latest/guide/sqs-example-sending-receiving-msgs.html#example
## sqs_receive_message.py

import boto3

## Create SQS client
sqs = boto3.client('sqs')

queue_url = 'SQS_QUEUE_URL'

## Receive message from SQS queue
response = sqs.receive_message(QueueUrl=queue_url, ...)

and

## Adapted from https://boto3.amazonaws.com/v1/documentation/api/latest/guide/sqs-example-sending-receiving-msgs.html#example
## sqs_send_message.py
 
import boto3

## Create SQS client
sqs = boto3.client('sqs')

queue_url = 'SQS_QUEUE_URL'

## Send message to SQS queue
response = sqs.send_message(QueueUrl=queue_url, ...)

The results derived from the analysis of the above code can be seen Enlighten:

Click to enlarge

When the name of the queue passed to the API method calls is resolvable (either because of unavailability or because of technical limitations), the analyzer will create *Unknown *Publisher and Receive objects.

AWS SNS (Boto3)

There are two different APIs to manage SNS services, one based on a low-level client and the higher-level one based on resources.

Supported API methods (boto3)

Link Type Caller Callee Remarks

botocore.client.SNS.create_topic

N/A N/A

N/A

Determines the topic
botocore.client.SNS.publish callLink

Python callable artifact

Python AWS SNS Publisher,
Python AWS SNS Unknown Publisher, Python SMS


botocore.client.SNS.publish_batch callLink Python callable artifact Python AWS SNS Publisher,
Python AWS SNS Unknown Publisher
botocore.client.SNS.subscribe callLink

Python AWS SNS Receiver,
Python AWS SNS Unknown Receiver

Python Call to AWS Lambda Function, Python AWS SQS Publisher, Python SMS, Python Email


boto3.resources.factory.sns.create_topic N/A N/A N/A Determines the topic
boto3.resources.factory.sns.ServiceResource.Topic N/A N/A N/A Determines the topic
boto3.resources.factory.sns.Topic.publish callLink Python callable artifact

Python AWS SNS Publisher,
Python AWS SNS Unknown Publisher, Python SMS


boto3.resources.factory.sns.Topic.subscribe callLink

Python AWS SNS Receiver,
Python AWS SNS Unknown Receiver

Python Call to AWS Lambda Function, Python AWS SQS Publisher, Python SMS, Python Email
boto3.resources.factory.sns.PlatformEndpoint.publish callLink Python callable artifact

Python AWS SNS Publisher,
Python AWS SNS Unknown Publisher, Python SMS


The supported protocols are the following:

Protocol Object/s created Name of the object
email Python AWS Email an Email   (the email addresses are not evaluated)
http/https Python POST service request the url (evaluated from the endpoint)
lambda Python Call to AWS Lambda Function the name of the lambda function (evaluated from the endpoint)
sms Python AWS SMS an SMS   (the SMS numbers are not evaluated)
sqs Python AWS Simple Queue Service Publisher the name of the queue (evaluated from the endpoint)

Example

The code example below shows a basic usage of the boto3 library and the results as seen in Enlighten after analysis of the code.

import boto3

client = boto3.client('sns', region_name='eu-west-3')
topicArn1 = client.create_topic( Name = "TOPIC1")['TopicArn']

def publish(topic):
    client.publish(TopicArn=topic, Message='<your message>')

def subscribe(topic):
    client.subscribe(TopicArn=topic, Protocol="email", Endpoint="lili@lala.com")
    client.subscribe(TopicArn=topic, Protocol="sms", Endpoint="123456789")
    client.subscribe(TopicArn=topic, Protocol="sqs", Endpoint="arn:partition:service:region:account-id:queueName")
    client.subscribe(TopicArn=topic, Protocol="http", Endpoint="http://foourl")
    client.subscribe(TopicArn=topic, Protocol="lambda", Endpoint="fooarn:function:lambda_name:v2")
    
publish(topicArn1)
subscribe(topicArn1)

The callLink links between the Publisher and the respective Subscribers are created by the Web Services Linker extension during application level.

For each method a maximum of one subscriber per given topic will be created as shown in the image above. In the absence of a well-resolved topic, the analyzer will create Unknown Publishers and Subscribers. There is no link created between unknown objects.

We can also have direct sms deliveries from calls to publish API methods:

import boto3
AWS_REGION = "us-east-1"

def send_sms_from_resource():
    sns = boto3.resource("sns", region_name=AWS_REGION)
    platform_endpoint = sns.PlatformEndpoint('endpointArn')
    platform_endpoint.publish(PhoneNumber='123456789')

def send_sms():
    conn = boto3.client("sns", region_name=AWS_REGION)
    conn.publish(PhoneNumber='123456789')

Where the corresponding objects and links are:

AWS DynamoDB (Boto3)

See DynamoDB support for Python source code.

AWS S3 (Boto3)

Supported API methods

Link Type (CRUD-like) Caller Callee Other effects

botocore.client.S3.put_object()

useInsertLink Python callable artifact

Python S3 Bucket, Python Unknown S3 Bucket


botocore.client.S3.delete_bucket()

useDeleteLink Python callable artifact

Python S3 Bucket. Python Unknown S3 Bucket


botocore.client.S3.delete_object()


botocore.client.S3.delete_objects()

botocore.client.S3.get_object()

useSelectLink Python callable artifact

Python S3 Bucket, Python Unknown S3 Bucket


botocore.client.S3.get_object_torrent()


botocore.client.S3.list_objects()


botocore.client.S3.list_objects_v2()

botocore.client.S3.put_bucket_logging()

useUpdateLink Python callable artifact Python S3 Bucket, Python Unknown S3 Bucket
botocore.client.S3.put_bucket_analytics_configuration()

Supported API methods() (botocore.client.S3)

Link Type (generic) Caller Callee Other effects

botocore.client.S3.create_bucket()

callLink Python callable artifact

Python S3 Bucket, Python Unknown S3 Bucket

Creation of S3 bucket

abort_multipart_upload, complete_multipart_upload,
copy, copy_object, create_multipart_upload,
delete_bucket_analytics_configuration, delete_bucket_cors,
delete_bucket_encryption, delete_bucket_intelligent_tiering_configuration,
delete_bucket_inventory_configuration, delete_bucket_lifecycle,
delete_bucket_metrics_configuration, delete_bucket_ownership_controls,
delete_bucket_policy, delete_bucket_replication, delete_bucket_tagging,
delete_bucket_website, delete_object_tagging, delete_public_access_block,
download_file, download_fileobj, generate_presigned_post,
get_bucket_accelerate_configuration,
get_bucket_acl, get_bucket_analytics_configuration, get_bucket_cors,
get_bucket_encryption, get_bucket_intelligent_tiering_configuration,
get_bucket_inventory_configuration, get_bucket_lifecycle,
get_bucket_lifecycle_configuration, get_bucket_location,
get_bucket_logging, get_bucket_metrics_configuration, get_bucket_notification,
get_bucket_notification_configuration, get_bucket_ownership_controls,
get_bucket_policy, get_bucket_policy_status, get_bucket_replication,
get_bucket_request_payment, get_bucket_tagging, get_bucket_versioning,
get_bucket_website, get_object_acl, get_object_legal_hold,
get_object_lock_configuration, get_object_retention, get_object_tagging,
get_object_torrent, get_public_access_block,
head_bucket, head_object,
list_bucket_analytics_configurations, list_bucket_intelligent_tiering_configurations,
list_bucket_inventory_configurations, list_bucket_metrics_configurations,
list_multipart_uploads, list_object_versions, list_parts,
put_bucket_accelerate_configuration, put_bucket_acl,
put_bucket_cors, put_bucket_encryption, put_bucket_intelligent_tiering_configuration,
put_bucket_inventory_configuration, put_bucket_lifecycle, put_bucket_lifecycle_configuration,
put_bucket_metrics_configuration, put_bucket_notification,
put_bucket_notification_configuration,
put_bucket_ownership_controls, put_bucket_policy, put_bucket_replication
put_bucket_request_payment, put_bucket_tagging, put_bucket_versioning
put_bucket_website, put_object_acl, put_object_legal_hold, put_object_lock_configuration,
put_object_retention, put_object_tagging, put_public_access_block, restore_object,
select_object_content, upload_file, upload_fileobj, upload_part, upload_part_copy

callLink Python callable artifact Python S3 Bucket, Python Unknown S3 Bucket

In the absence of a create_bucket call, references to buckets in other method calls are used to create table objects. In the case the name is well resolved, a regular S3 Bucket is created, otherwise an Unknown S3 Bucket is created*.* A maximum of one Unknown S3 Bucket per file is created, however a maximum of one per project (as it is already the case in analyzers for other languages such as TypeScript) is under consideration by CAST.

The long list of methods added to the last arrow in the table above correspond to methods that act on S3 Buckets and presumably using the AWS SDK API behind the scenes (those few methods only acting on the boto3 client object are not considered).

AWS-CDK

AWS Lambda (AWS-CDK)

Supported API (aws_cdk, v1 and v2)

Link type

Creates object (caller)

Callee

Support details

Remarks
aws_cdk.aws_lambda.Function callLink Python AWS Lambda Function Python Method

aws_cdk.aws_lambda.CfnFunction callLink Python AWS Lambda Function Python Method

aws_cdk.aws_lambda_python.PythonFunction callLink Python AWS Lambda Function Python Method default runtime = python Only cdk v1
aws_cdk.aws_lambda_python_alpha.PythonFunction callLink Python AWS Lambda Function Python Method default runtime = python Only cdk v2
aws_cdk.aws_lambda.Runtime N/A N/A N/A

"from_image" not supported

Determines the runtime
aws_cdk.aws_lambda.Code.from_inline N/A N/A N/A code argument supported Determines the handler
aws_cdk.aws_lambda.Code.inline N/A N/A N/A code argument supported Determines the handler (deprecated in cdk v1)
aws_cdk.aws_lambda.Code.from_asset N/A N/A N/A path argument supported Determines the handler
aws_cdk.aws_lambda.Code.asset N/A N/A N/A path argument supported Determines the handler (deprecated in cdk v1)
aws_cdk.aws_lambda.InlineCode N/A N/A N/A code argument supported Determines the handler
aws_cdk.aws_lambda.AssetCode N/A N/A N/A path argument supported Determines the handler
aws_cdk.aws_lambda.AssetCode.from_asset N/A N/A N/A path argument supported Determines the handler

Limitations

  • Monolithic pattern for lambda functions is not properly supported