Resources: CustomCloud9SsmCloud9Ec2EnvironmentF47DD48C: Type: AWS::Cloud9::EnvironmentEC2 Properties: InstanceType: t3.large ImageId: amazonlinux-2023-x86_64 Tags: - Key: stack-id Value: Ref: AWS::StackId Metadata: aws:cdk:path: MonteCarloStack/CustomCloud9Ssm/Cloud9Ec2Environment CustomCloud9SsmEc2RoleCE9ACBCB: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: Fn::Join: - "" - - ec2. - Ref: AWS::URLSuffix Version: "2012-10-17" ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore RoleName: CustomCloud9Ssm-CustomCloud9SsmEc2Role Metadata: aws:cdk:path: MonteCarloStack/CustomCloud9Ssm/Ec2Role/Resource CustomCloud9SsmEc2RoleDefaultPolicy92A07C4C: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: - ec2:DescribeInstances - ec2:ModifyVolume - ec2:DescribeVolumesModifications Effect: Allow Resource: "*" - Action: - batch:DescribeJobQueues - batch:CreateComputeEnvironment - batch:DeleteComputeEnvironment - batch:SubmitJob - batch:UpdateComputeEnvironment - batch:ListJobs - batch:DescribeComputeEnvironments - batch:DeregisterJobDefinition - batch:CreateJobQueue - batch:DescribeJobs - batch:RegisterJobDefinition - batch:DescribeJobDefinitions - batch:DeleteJobQueue - batch:UpdateJobQueue - cloudformation:DescribeStacks - s3:PutObject - s3:ListBucket - s3:DeleteObject - ecr:* - states:StartExecution - iam:PassRole Effect: Allow Resource: "*" Version: "2012-10-17" PolicyName: CustomCloud9SsmEc2RoleDefaultPolicy92A07C4C Roles: - Ref: CustomCloud9SsmEc2RoleCE9ACBCB Metadata: aws:cdk:path: MonteCarloStack/CustomCloud9Ssm/Ec2Role/DefaultPolicy/Resource CustomCloud9SsmEc2InstanceProfile167B6BF8: Type: AWS::IAM::InstanceProfile Properties: Roles: - Ref: CustomCloud9SsmEc2RoleCE9ACBCB DependsOn: - CustomCloud9SsmEc2RoleDefaultPolicy92A07C4C - CustomCloud9SsmEc2RoleCE9ACBCB Metadata: aws:cdk:path: MonteCarloStack/CustomCloud9Ssm/Ec2InstanceProfile CustomCloud9SsmSsmDocumentD052D5F9: Type: AWS::SSM::Document Properties: Content: schemaVersion: "2.2" description: Bootstrap Cloud9 EC2 instance mainSteps: - name: ResizeEBS action: aws:runShellScript inputs: runCommand: - "#!/bin/bash" - echo '=== Installing jq ===' - sudo yum -y install jq - echo '=== Exporting current region ===' - export AWS_DEFAULT_REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r '.region') - echo 'Region is ${AWS_DEFAULT_REGION}' - echo '=== Gathering instance Id ===' - instanceId=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r '.instanceId') - echo 'Instance Id is ${instanceId}' - echo '=== Resizing EBS volume ===' - volumeId=$(aws ec2 describe-instances --instance-ids $instanceId | jq -r '.Reservations[0].Instances[0].BlockDeviceMappings[0].Ebs.VolumeId') - echo 'Volume Id is ${volumeId}' - aws ec2 modify-volume --volume-id $volumeId --size 100 - echo '=== Waiting for the volume to enter the optimizing state ===' - while [ true ] - do - modificationState=$(aws ec2 describe-volumes-modifications --volume-ids $volumeId | jq -r '.VolumesModifications[0].ModificationState') - if [ $modificationState == "optimizing" ] ; then - break - fi - sleep 5 - done - echo '=== Resizing file system ===' - sudo growpart /dev/xvda 1 - sudo resize2fs $(df -h |awk '/^\/dev/{print $1}') DocumentType: Command Name: CustomCloud9Ssm-CustomCloudSsm-SsmDocument Metadata: aws:cdk:path: MonteCarloStack/CustomCloud9Ssm/SsmDocument CustomCloud9SsmSsmAssociationABF443F9: Type: AWS::SSM::Association Properties: Name: CustomCloud9Ssm-CustomCloudSsm-SsmDocument Targets: - Key: tag:stack-id Values: - Ref: AWS::StackId DependsOn: - CustomCloud9SsmCloud9Ec2EnvironmentF47DD48C - CustomCloud9SsmSsmDocumentD052D5F9 Metadata: aws:cdk:path: MonteCarloStack/CustomCloud9Ssm/SsmAssociation CustomCloud9SsmProfileAttachLambdaFunctionServiceRoleF610D074: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: lambda.amazonaws.com Version: "2012-10-17" ManagedPolicyArns: - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Metadata: aws:cdk:path: MonteCarloStack/CustomCloud9Ssm/ProfileAttachLambdaFunction/ServiceRole/Resource CustomCloud9SsmProfileAttachLambdaFunctionServiceRoleDefaultPolicy9CC20561: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: - ec2:DescribeInstances - ec2:AssociateIamInstanceProfile - ec2:ReplaceIamInstanceProfileAssociation - ec2:RebootInstances - ec2:DescribeIamInstanceProfileAssociations - iam:ListInstanceProfiles - iam:PassRole - ssm:DescribeAssociationExecutions - ssm:DescribeAssociationExecutionTargets Effect: Allow Resource: "*" Version: "2012-10-17" PolicyName: CustomCloud9SsmProfileAttachLambdaFunctionServiceRoleDefaultPolicy9CC20561 Roles: - Ref: CustomCloud9SsmProfileAttachLambdaFunctionServiceRoleF610D074 Metadata: aws:cdk:path: MonteCarloStack/CustomCloud9Ssm/ProfileAttachLambdaFunction/ServiceRole/DefaultPolicy/Resource CustomCloud9SsmProfileAttachLambdaFunction01DB4FFC: Type: AWS::Lambda::Function Properties: Code: ZipFile: | import boto3 import cfnresponse import time def is_association_applied(association_id): client = boto3.client('ssm') # Retrieve the execution history of the association response = client.describe_association_executions( AssociationId=association_id, Filters=[ { 'Key': 'Status', 'Value': 'Success', 'Type': 'EQUAL' } ] ) # There are no executions yet if 'AssociationExecutions' not in response or not response['AssociationExecutions']: return False # Retrieve the targets of the execution to see if the SSM agent has picked up the EC2 instance yet response = client.describe_association_execution_targets( AssociationId=association_id, ExecutionId=response['AssociationExecutions'][0]['ExecutionId'], Filters=[ { 'Key': 'Status', 'Value': 'Success' } ] ) return 'AssociationExecutionTargets' in response and response['AssociationExecutionTargets'] def handler(event, context): if event['RequestType'] == 'Create': # Extract context variables stack_id = event['ResourceProperties']['stack_id'] profile_arn = {'Arn': event['ResourceProperties']['profile_arn']} association_id = event['ResourceProperties']['association_id'] try: client = boto3.client('ec2') # Retrieve EC2 instance's identifier print('Retrieving EC2 instance Id') instance_id = client.describe_instances( Filters=[{'Name': 'tag:stack-id', 'Values': [stack_id]}] )['Reservations'][0]['Instances'][0]['InstanceId'] # removed any pre-attached instance profile response = client.describe_iam_instance_profile_associations( Filters=[ { 'Name': 'instance-id', 'Values': [instance_id], }, ], ) # Associate the SSM instance profile print('Associating the SSM instance profile to the instance') if len(response['IamInstanceProfileAssociations']) > 0: for association in response['IamInstanceProfileAssociations']: if association['State'] == 'associated': print("{} is active with state {}".format(association['AssociationId'], association['State'])) client.replace_iam_instance_profile_association(AssociationId=association['AssociationId'], IamInstanceProfile=profile_arn) else: client.associate_iam_instance_profile(IamInstanceProfile=profile_arn, InstanceId=instance_id) # Reboot the instance to restart the SSM agent print('Rebooting the instance so that the SSM agent picks up the association') client.reboot_instances( InstanceIds=[instance_id] ) responseData = {'Success': 'Started bootstrapping for instance: '+instance_id} cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, 'CustomResourcePhysicalID') except Exception as e: responseData = {'Error': str(e)} cfnresponse.send(event, context, cfnresponse.FAILED, responseData, 'CustomResourcePhysicalID') Role: Fn::GetAtt: - CustomCloud9SsmProfileAttachLambdaFunctionServiceRoleF610D074 - Arn Handler: index.handler Runtime: python3.9 Timeout: 800 DependsOn: - CustomCloud9SsmProfileAttachLambdaFunctionServiceRoleDefaultPolicy9CC20561 - CustomCloud9SsmProfileAttachLambdaFunctionServiceRoleF610D074 Metadata: aws:cdk:path: MonteCarloStack/CustomCloud9Ssm/ProfileAttachLambdaFunction/Resource CustomCloud9SsmCustomResourceCD940758: Type: AWS::CloudFormation::CustomResource Properties: ServiceToken: Fn::GetAtt: - CustomCloud9SsmProfileAttachLambdaFunction01DB4FFC - Arn stack_id: Ref: AWS::StackId profile_arn: Fn::GetAtt: - CustomCloud9SsmEc2InstanceProfile167B6BF8 - Arn association_id: Fn::GetAtt: - CustomCloud9SsmSsmAssociationABF443F9 - AssociationId DependsOn: - CustomCloud9SsmEc2InstanceProfile167B6BF8 - CustomCloud9SsmSsmAssociationABF443F9 UpdateReplacePolicy: Delete DeletionPolicy: Delete Metadata: aws:cdk:path: MonteCarloStack/CustomCloud9Ssm/CustomResource/Default Vpc8378EB38: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 EnableDnsHostnames: true EnableDnsSupport: true InstanceTenancy: default Tags: - Key: Name Value: MonteCarloStack/Vpc Metadata: aws:cdk:path: MonteCarloStack/Vpc/Resource VpcMonteCarloWithBatchSubnet1SubnetACD507E2: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.0.0/24 VpcId: Ref: Vpc8378EB38 AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: "" MapPublicIpOnLaunch: true Tags: - Key: aws-cdk:subnet-name Value: MonteCarloWithBatch - Key: aws-cdk:subnet-type Value: Public - Key: Name Value: MonteCarloStack/Vpc/MonteCarloWithBatchSubnet1 Metadata: aws:cdk:path: MonteCarloStack/Vpc/MonteCarloWithBatchSubnet1/Subnet VpcMonteCarloWithBatchSubnet1RouteTable7142ABD8: Type: AWS::EC2::RouteTable Properties: VpcId: Ref: Vpc8378EB38 Tags: - Key: Name Value: MonteCarloStack/Vpc/MonteCarloWithBatchSubnet1 Metadata: aws:cdk:path: MonteCarloStack/Vpc/MonteCarloWithBatchSubnet1/RouteTable VpcMonteCarloWithBatchSubnet1RouteTableAssociation764CCDCB: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: Ref: VpcMonteCarloWithBatchSubnet1RouteTable7142ABD8 SubnetId: Ref: VpcMonteCarloWithBatchSubnet1SubnetACD507E2 Metadata: aws:cdk:path: MonteCarloStack/Vpc/MonteCarloWithBatchSubnet1/RouteTableAssociation VpcMonteCarloWithBatchSubnet1DefaultRoute756AD8AE: Type: AWS::EC2::Route Properties: RouteTableId: Ref: VpcMonteCarloWithBatchSubnet1RouteTable7142ABD8 DestinationCidrBlock: 0.0.0.0/0 GatewayId: Ref: VpcIGWD7BA715C DependsOn: - VpcVPCGWBF912B6E Metadata: aws:cdk:path: MonteCarloStack/Vpc/MonteCarloWithBatchSubnet1/DefaultRoute VpcMonteCarloWithBatchSubnet2Subnet503CB79F: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.1.0/24 VpcId: Ref: Vpc8378EB38 AvailabilityZone: Fn::Select: - 1 - Fn::GetAZs: "" MapPublicIpOnLaunch: true Tags: - Key: aws-cdk:subnet-name Value: MonteCarloWithBatch - Key: aws-cdk:subnet-type Value: Public - Key: Name Value: MonteCarloStack/Vpc/MonteCarloWithBatchSubnet2 Metadata: aws:cdk:path: MonteCarloStack/Vpc/MonteCarloWithBatchSubnet2/Subnet VpcMonteCarloWithBatchSubnet2RouteTable38661A82: Type: AWS::EC2::RouteTable Properties: VpcId: Ref: Vpc8378EB38 Tags: - Key: Name Value: MonteCarloStack/Vpc/MonteCarloWithBatchSubnet2 Metadata: aws:cdk:path: MonteCarloStack/Vpc/MonteCarloWithBatchSubnet2/RouteTable VpcMonteCarloWithBatchSubnet2RouteTableAssociationA6624D36: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: Ref: VpcMonteCarloWithBatchSubnet2RouteTable38661A82 SubnetId: Ref: VpcMonteCarloWithBatchSubnet2Subnet503CB79F Metadata: aws:cdk:path: MonteCarloStack/Vpc/MonteCarloWithBatchSubnet2/RouteTableAssociation VpcMonteCarloWithBatchSubnet2DefaultRouteFBA27C07: Type: AWS::EC2::Route Properties: RouteTableId: Ref: VpcMonteCarloWithBatchSubnet2RouteTable38661A82 DestinationCidrBlock: 0.0.0.0/0 GatewayId: Ref: VpcIGWD7BA715C DependsOn: - VpcVPCGWBF912B6E Metadata: aws:cdk:path: MonteCarloStack/Vpc/MonteCarloWithBatchSubnet2/DefaultRoute VpcIGWD7BA715C: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: MonteCarloStack/Vpc Metadata: aws:cdk:path: MonteCarloStack/Vpc/IGW VpcVPCGWBF912B6E: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: Ref: Vpc8378EB38 InternetGatewayId: Ref: VpcIGWD7BA715C Metadata: aws:cdk:path: MonteCarloStack/Vpc/VPCGW securityGroup32C48086: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: MonteCarloStack/securityGroup GroupName: MonteCarloWithBatch SecurityGroupEgress: - CidrIp: 0.0.0.0/0 Description: Allow all outbound traffic by default IpProtocol: "-1" VpcId: Ref: Vpc8378EB38 DependsOn: - VpcIGWD7BA715C - VpcMonteCarloWithBatchSubnet1DefaultRoute756AD8AE - VpcMonteCarloWithBatchSubnet1RouteTable7142ABD8 - VpcMonteCarloWithBatchSubnet1RouteTableAssociation764CCDCB - VpcMonteCarloWithBatchSubnet1SubnetACD507E2 - VpcMonteCarloWithBatchSubnet2DefaultRouteFBA27C07 - VpcMonteCarloWithBatchSubnet2RouteTable38661A82 - VpcMonteCarloWithBatchSubnet2RouteTableAssociationA6624D36 - VpcMonteCarloWithBatchSubnet2Subnet503CB79F - Vpc8378EB38 - VpcVPCGWBF912B6E Metadata: aws:cdk:path: MonteCarloStack/securityGroup/Resource launchTemplateDEE5742D: Type: AWS::EC2::LaunchTemplate Properties: LaunchTemplateData: SecurityGroupIds: - Fn::GetAtt: - securityGroup32C48086 - GroupId TagSpecifications: - ResourceType: instance Tags: - Key: Name Value: MonteCarloStack/launchTemplate - ResourceType: volume Tags: - Key: Name Value: MonteCarloStack/launchTemplate UserData: Fn::Base64: |- MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" --==MYBOUNDARY== Content-Type: text/x-shellscript; charset="us-ascii" #!/bin/bash echo "ECS_CLUSTER=EcsSpotWorkshop" >> /etc/ecs/ecs.config echo "ECS_ENABLE_SPOT_INSTANCE_DRAINING=true" >> /etc/ecs/ecs.config echo "ECS_CONTAINER_STOP_TIMEOUT=90s" >> /etc/ecs/ecs.config echo "ECS_ENABLE_CONTAINER_METADATA=true" >> /etc/ecs/ecs.config --==MYBOUNDARY==-- LaunchTemplateName: MonteCarloWithBatch DependsOn: - securityGroup32C48086 Metadata: aws:cdk:path: MonteCarloStack/launchTemplate/Resource repository9F1A3F0B: Type: AWS::ECR::Repository Properties: RepositoryName: montecarlo-with-batch UpdateReplacePolicy: Delete DeletionPolicy: Delete Metadata: aws:cdk:path: MonteCarloStack/repository/Resource ecsRole157644C0: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: Fn::Join: - "" - - ec2. - Ref: AWS::URLSuffix Version: "2012-10-17" ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonS3FullAccess - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role Metadata: aws:cdk:path: MonteCarloStack/ecsRole/Resource ecsinstanceprofile: Type: AWS::IAM::InstanceProfile Properties: Roles: - Ref: ecsRole157644C0 DependsOn: - ecsRole157644C0 Metadata: aws:cdk:path: MonteCarloStack/ecsinstanceprofile bucket43879C71: Type: AWS::S3::Bucket UpdateReplacePolicy: Delete DeletionPolicy: Delete Metadata: aws:cdk:path: MonteCarloStack/bucket/Resource PreprocessingServiceRole532E6474: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: lambda.amazonaws.com Version: "2012-10-17" ManagedPolicyArns: - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :iam::aws:policy/service-role/AWSLambdaBasicExecutionRole DependsOn: - bucket43879C71 Metadata: aws:cdk:path: MonteCarloStack/Preprocessing/ServiceRole/Resource PreprocessingServiceRoleDefaultPolicyF8800D5C: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: "*" Effect: Allow Resource: - Fn::GetAtt: - bucket43879C71 - Arn - Fn::Join: - "" - - Fn::GetAtt: - bucket43879C71 - Arn - /* Version: "2012-10-17" PolicyName: PreprocessingServiceRoleDefaultPolicyF8800D5C Roles: - Ref: PreprocessingServiceRole532E6474 DependsOn: - bucket43879C71 Metadata: aws:cdk:path: MonteCarloStack/Preprocessing/ServiceRole/DefaultPolicy/Resource Preprocessing329E01E4: Type: AWS::Lambda::Function Properties: Code: ZipFile: "import json, boto3, sys\n\ndef lambda_handler(event, context):\n uri = event['inputUri']\n uri_components = uri.split('s3://')[1].split('/')\n bucket = uri_components[0]\n key = uri_components[1]\n s3 = boto3.resource('s3')\n obj = s3.Object(bucket, key)\n \n raw_data = obj.get()['Body'].read().decode('utf-8') \n json_data = json.loads(raw_data)\n array_job_size = len(json_data[\"positions\"])\n return {\n 'statusCode': 200,\n 'body': \n {\n 'arrayJobSize': array_job_size,\n 'bucket': bucket,\n 'key': key\n }\n }" Role: Fn::GetAtt: - PreprocessingServiceRole532E6474 - Arn Handler: index.lambda_handler Runtime: python3.9 Timeout: 300 DependsOn: - bucket43879C71 - PreprocessingServiceRoleDefaultPolicyF8800D5C - PreprocessingServiceRole532E6474 Metadata: aws:cdk:path: MonteCarloStack/Preprocessing/Resource PostprocessingServiceRole0C11EC1F: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: lambda.amazonaws.com Version: "2012-10-17" ManagedPolicyArns: - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :iam::aws:policy/service-role/AWSLambdaBasicExecutionRole DependsOn: - bucket43879C71 Metadata: aws:cdk:path: MonteCarloStack/Postprocessing/ServiceRole/Resource PostprocessingServiceRoleDefaultPolicyC0902B61: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: "*" Effect: Allow Resource: - Fn::GetAtt: - bucket43879C71 - Arn - Fn::Join: - "" - - Fn::GetAtt: - bucket43879C71 - Arn - /* Version: "2012-10-17" PolicyName: PostprocessingServiceRoleDefaultPolicyC0902B61 Roles: - Ref: PostprocessingServiceRole0C11EC1F DependsOn: - bucket43879C71 Metadata: aws:cdk:path: MonteCarloStack/Postprocessing/ServiceRole/DefaultPolicy/Resource Postprocessing42790026: Type: AWS::Lambda::Function Properties: Code: ZipFile: "import json, boto3, sys \n\ndef lambda_handler(event, context):\n uri = event['outputUri'] # the location that the AWS Batch result files were written to\n uri_components = uri.split('s3://')[1].split('/')\n bucket = uri_components[0]\n prefix = uri_components[1]\n \n s3 = boto3.resource('s3')\n result = s3.meta.client.list_objects_v2(Bucket=bucket, Prefix=prefix) \n\n items = result[\"Contents\"]\n aggregation = {} # Dictionary for aggregating by strike\n for item in items:\n \n # get handle to S3 object\n s3key = item[\"Key\"]\n obj = s3.Object(bucket, s3key)\n \n # each file contains a single line of JSON containing the strike and PV\n strike_pv_pair = obj.get()['Body'].read().decode('utf-8') \n pair = json.loads(strike_pv_pair)\n if pair:\n if pair[\"strike\"] and not pair[\"strike\"] == 'null':\n if pair[\"strike\"] in aggregation.keys():\n aggregation[pair[\"strike\"]] += float(pair[\"pv\"])\n else:\n aggregation[pair[\"strike\"]] = float(pair[\"pv\"])\n \n # upload to S3\n obj = s3.Object(bucket, \"aggregation_\"+prefix+\".json\")\n obj.put(Body=(bytes(json.dumps(aggregation).encode('utf-8'))))\n\n return {\n 'statusCode': 200,\n 'body': json.dumps(aggregation, default=str)\n }\n" Role: Fn::GetAtt: - PostprocessingServiceRole0C11EC1F - Arn Handler: index.lambda_handler Runtime: python3.9 Timeout: 300 DependsOn: - bucket43879C71 - PostprocessingServiceRoleDefaultPolicyC0902B61 - PostprocessingServiceRole0C11EC1F Metadata: aws:cdk:path: MonteCarloStack/Postprocessing/Resource MonteCarloPipelineRoleDBF0A505: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: Fn::Join: - "" - - states. - Ref: AWS::Region - .amazonaws.com Version: "2012-10-17" Metadata: aws:cdk:path: MonteCarloStack/MonteCarloPipeline/Role/Resource MonteCarloPipelineRoleDefaultPolicy3E3E3B10: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: lambda:InvokeFunction Effect: Allow Resource: Fn::GetAtt: - Preprocessing329E01E4 - Arn - Action: batch:SubmitJob Effect: Allow Resource: - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":batch:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :job-definition/* - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":batch:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :job-queue/* - Action: - events:PutTargets - events:PutRule - events:DescribeRule Effect: Allow Resource: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":events:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :rule/StepFunctionsGetEventsForBatchJobsRule - Action: lambda:InvokeFunction Effect: Allow Resource: Fn::GetAtt: - Postprocessing42790026 - Arn Version: "2012-10-17" PolicyName: MonteCarloPipelineRoleDefaultPolicy3E3E3B10 Roles: - Ref: MonteCarloPipelineRoleDBF0A505 Metadata: aws:cdk:path: MonteCarloStack/MonteCarloPipeline/Role/DefaultPolicy/Resource MonteCarloPipeline047F16B3: Type: AWS::StepFunctions::StateMachine Properties: RoleArn: Fn::GetAtt: - MonteCarloPipelineRoleDBF0A505 - Arn DefinitionString: Fn::Join: - "" - - '{"StartAt":"Portfolio Extraction","States":{"Portfolio Extraction":{"Next":"MonteCarlo","Retry":[{"ErrorEquals":["Lambda.ServiceException","Lambda.AWSLambdaException","Lambda.SdkClientException"],"IntervalSeconds":2,"MaxAttempts":6,"BackoffRate":2}],"Type":"Task","TimeoutSeconds":300,"ResultPath":"$.output","Resource":"arn:' - Ref: AWS::Partition - :states:::lambda:invoke","Parameters":{"FunctionName":" - Fn::GetAtt: - Preprocessing329E01E4 - Arn - '","Payload.$":"$"}},"MonteCarlo":{"Next":"Merge","Type":"Task","ResultPath":"$.output","Resource":"arn:' - Ref: AWS::Partition - ':states:::batch:submitJob.sync","Parameters":{"JobDefinition.$":"$.jobDefinitionArn","JobName.$":"$.jobName","JobQueue.$":"$.jobQueueArn","Parameters":{"action":"price","inputUri.$":"$.inputUri","outputUri.$":"$.outputUri","bucket.$":"$.output.Payload.body.bucket","key.$":"$.output.Payload.body.key"},"ArrayProperties":{"Size.$":"$.output.Payload.body.arrayJobSize"}}},"Merge":{"End":true,"Retry":[{"ErrorEquals":["Lambda.ServiceException","Lambda.AWSLambdaException","Lambda.SdkClientException"],"IntervalSeconds":2,"MaxAttempts":6,"BackoffRate":2}],"Type":"Task","TimeoutSeconds":300,"Resource":"arn:' - Ref: AWS::Partition - :states:::lambda:invoke","Parameters":{"FunctionName":" - Fn::GetAtt: - Postprocessing42790026 - Arn - '","Payload.$":"$"}}},"TimeoutSeconds":86400}' DependsOn: - MonteCarloPipelineRoleDefaultPolicy3E3E3B10 - MonteCarloPipelineRoleDBF0A505 Metadata: aws:cdk:path: MonteCarloStack/MonteCarloPipeline/Resource CDKMetadata: Type: AWS::CDK::Metadata Properties: Analytics: v2:deflate64:H4sIAAAAAAAA/11RwW7CMAz9Fu4h20DTtCN0DDExrSqIK0pTo2Zt4ypxQFXVf1/asBV2iv3s+D0/z/icP07ExU5lVkxLlfJ2R0IWzEPHVpboslcenfRKn5VBXYGmVTRjSlS8TbAE5mvDG2OpZNOnY7TRloSWEBs8qRI6Zq3/5gtvKF0/qm9aWItSCVKoO1aKKs0Eb9+dlj3SN/zGHQM54+2hlj16iCMWu9RT7VyqYRg1Rgk6gr1Ig8CAj9gN5V9z0EtgfOdaEFxEc6W5ZgvyvuSD6h1IZxQ1a4OuHgjugK3wivM9VHUpwuB7pF/EePugRqsIzUA0Zt6mOW+XThZhlxB5lKA+Xb2wRxK2sLzdDoZt9BkLYEtBMvfLVoo+MP33YzgswadfQulgy03edSwBi85IX3KWsBrTXtwYfzmq3SAsQp2pcJm4oRz1w5y/8KfnybdVamqcJlUBT8L7Awj4WL1pAgAA Metadata: aws:cdk:path: MonteCarloStack/CDKMetadata/Default Condition: CDKMetadataAvailable Outputs: Subnet1: Value: Ref: VpcMonteCarloWithBatchSubnet1SubnetACD507E2 Subnet2: Value: Ref: VpcMonteCarloWithBatchSubnet2Subnet503CB79F LaunchTemplateName: Value: MonteCarloWithBatch RepositoryName: Value: Ref: repository9F1A3F0B ECSInstanceProfile: Value: Fn::GetAtt: - ecsinstanceprofile - Arn BucketName: Value: Ref: bucket43879C71 MonteCarloFileName: Value: portfolio.json PreprocessingLambda: Value: Ref: Preprocessing329E01E4 PostprocessingLambda: Value: Ref: Postprocessing42790026 StateMachineArn: Value: Ref: MonteCarloPipeline047F16B3 Conditions: CDKMetadataAvailable: Fn::Or: - Fn::Or: - Fn::Equals: - Ref: AWS::Region - af-south-1 - Fn::Equals: - Ref: AWS::Region - ap-east-1 - Fn::Equals: - Ref: AWS::Region - ap-northeast-1 - Fn::Equals: - Ref: AWS::Region - ap-northeast-2 - Fn::Equals: - Ref: AWS::Region - ap-south-1 - Fn::Equals: - Ref: AWS::Region - ap-southeast-1 - Fn::Equals: - Ref: AWS::Region - ap-southeast-2 - Fn::Equals: - Ref: AWS::Region - ca-central-1 - Fn::Equals: - Ref: AWS::Region - cn-north-1 - Fn::Equals: - Ref: AWS::Region - cn-northwest-1 - Fn::Or: - Fn::Equals: - Ref: AWS::Region - eu-central-1 - Fn::Equals: - Ref: AWS::Region - eu-north-1 - Fn::Equals: - Ref: AWS::Region - eu-south-1 - Fn::Equals: - Ref: AWS::Region - eu-west-1 - Fn::Equals: - Ref: AWS::Region - eu-west-2 - Fn::Equals: - Ref: AWS::Region - eu-west-3 - Fn::Equals: - Ref: AWS::Region - me-south-1 - Fn::Equals: - Ref: AWS::Region - sa-east-1 - Fn::Equals: - Ref: AWS::Region - us-east-1 - Fn::Equals: - Ref: AWS::Region - us-east-2 - Fn::Or: - Fn::Equals: - Ref: AWS::Region - us-west-1 - Fn::Equals: - Ref: AWS::Region - us-west-2