Add example of running an emr serverless job from cdk

Author: dacort

cdk/emr-serverless-job-run/.gitignore

@@ -0,0 +1,10 @@
+*.swp
+package-lock.json
+__pycache__
+.pytest_cache
+.venv
+*.egg-info
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

cdk/emr-serverless-job-run/README.md

@@ -0,0 +1,58 @@
+
+# Welcome to your CDK Python project!
+
+This is a blank project for CDK development with Python.
+
+The `cdk.json` file tells the CDK Toolkit how to execute your app.
+
+This project is set up like a standard Python project.  The initialization
+process also creates a virtualenv within this project, stored under the `.venv`
+directory.  To create the virtualenv it assumes that there is a `python3`
+(or `python` for Windows) executable in your path with access to the `venv`
+package. If for any reason the automatic creation of the virtualenv fails,
+you can create the virtualenv manually.
+
+To manually create a virtualenv on MacOS and Linux:
+
+```
+$ python3 -m venv .venv
+```
+
+After the init process completes and the virtualenv is created, you can use the following
+step to activate your virtualenv.
+
+```
+$ source .venv/bin/activate
+```
+
+If you are a Windows platform, you would activate the virtualenv like this:
+
+```
+% .venv\Scripts\activate.bat
+```
+
+Once the virtualenv is activated, you can install the required dependencies.
+
+```
+$ pip install -r requirements.txt
+```
+
+At this point you can now synthesize the CloudFormation template for this code.
+
+```
+$ cdk synth
+```
+
+To add additional dependencies, for example other CDK libraries, just add
+them to your `setup.py` file and rerun the `pip install -r requirements.txt`
+command.
+
+## Useful commands
+
+ * `cdk ls`          list all stacks in the app
+ * `cdk synth`       emits the synthesized CloudFormation template
+ * `cdk deploy`      deploy this stack to your default AWS account/region
+ * `cdk diff`        compare deployed stack with current state
+ * `cdk docs`        open CDK documentation
+
+Enjoy!

cdk/emr-serverless-job-run/app.py

@@ -0,0 +1,28 @@
+#!/usr/bin/env python3
+import os
+
+import aws_cdk as cdk
+
+from emr_serverless_job_run.emr_serverless_job_run_stack import EmrServerlessJobRunStack
+
+
+app = cdk.App()
+EmrServerlessJobRunStack(app, "EmrServerlessJobRunStack",
+    # If you don't specify 'env', this stack will be environment-agnostic.
+    # Account/Region-dependent features and context lookups will not work,
+    # but a single synthesized template can be deployed anywhere.
+
+    # Uncomment the next line to specialize this stack for the AWS Account
+    # and Region that are implied by the current CLI configuration.
+
+    #env=cdk.Environment(account=os.getenv('CDK_DEFAULT_ACCOUNT'), region=os.getenv('CDK_DEFAULT_REGION')),
+
+    # Uncomment the next line if you know exactly what Account and Region you
+    # want to deploy the stack to. */
+
+    #env=cdk.Environment(account='123456789012', region='us-east-1'),
+
+    # For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html
+    )
+
+app.synth()

cdk/emr-serverless-job-run/cdk.json

@@ -0,0 +1,40 @@
+{
+  "app": "python3 app.py",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "requirements*.txt",
+      "source.bat",
+      "**/__init__.py",
+      "python/__pycache__",
+      "tests"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
+    "@aws-cdk/core:stackRelativeExports": true,
+    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
+    "@aws-cdk/aws-lambda:recognizeVersionProps": true,
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true,
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ]
+  }
+}

cdk/emr-serverless-job-run/emr_serverless_job_run/__init__.py

@@ -0,0 +1,63 @@
+from aws_cdk import Stack
+from aws_cdk import aws_emrserverless as emrs
+from aws_cdk import aws_iam as iam  # Duration,
+from aws_cdk import custom_resources as custom
+from constructs import Construct
+
+
+class EmrServerlessJobRunStack(Stack):
+    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
+        super().__init__(scope, construct_id, **kwargs)
+
+        # Create a serverless Spark app
+        serverless_app = emrs.CfnApplication(
+            self,
+            "spark_app",
+            release_label="emr-6.9.0",
+            type="SPARK",
+            name="cdk-spark",
+        )
+
+        # We need an execution role to run the job, this one has no access to anything
+        # But will be granted PassRole access by the Lambda that's starting the job.
+        role = iam.Role(
+            scope=self,
+            id="spark_job_execution_role",
+            assumed_by=iam.ServicePrincipal("emr-serverless.amazonaws.com"),
+        )
+
+        # Create a custom resource that starts a job run
+        myjobrun = custom.AwsCustomResource(
+            self,
+            "serverless-job-run",
+            on_create={
+                "service": "EMRServerless",
+                "action": "startJobRun",
+                "parameters": {
+                    "applicationId": serverless_app.attr_application_id,
+                    "executionRoleArn": role.role_arn,
+                    "name": "cdkJob",
+                    "jobDriver": {"sparkSubmit": {"entryPoint": "local:///usr/lib/spark/examples/src/main/python/pi.py"}},
+                },
+                "physical_resource_id": custom.PhysicalResourceId.from_response(
+                    "jobRunId"
+                ),
+            },
+            policy=custom.AwsCustomResourcePolicy.from_sdk_calls(
+                resources=custom.AwsCustomResourcePolicy.ANY_RESOURCE
+            ),
+        )
+
+        # Ensure the Lambda can call startJobRun with the earlier-created role
+        myjobrun.grant_principal.add_to_policy(
+            iam.PolicyStatement(
+                effect=iam.Effect.ALLOW,
+                resources=[role.role_arn],
+                actions=["iam:PassRole"],
+                conditions={
+                    "StringLike": {
+                        "iam:PassedToService": "emr-serverless.amazonaws.com"
+                    }
+                },
+            )
+        )

cdk/emr-serverless-job-run/emr_serverless_job_run/emr_serverless_job_run_stack.py

@@ -0,0 +1 @@
+pytest==6.2.5

cdk/emr-serverless-job-run/requirements-dev.txt

@@ -0,0 +1,2 @@
+aws-cdk-lib==2.43.1
+constructs>=10.0.0,<11.0.0

cdk/emr-serverless-job-run/requirements.txt

@@ -0,0 +1,13 @@
+@echo off
+
+rem The sole purpose of this script is to make the command
+rem
+rem     source .venv/bin/activate
+rem
+rem (which activates a Python virtualenv on Linux or Mac OS X) work on Windows.
+rem On Windows, this command just runs this batch file (the argument is ignored).
+rem
+rem Now we don't need to document a Windows command for activating a virtualenv.
+
+echo Executing .venv\Scripts\activate.bat for you
+.venv\Scripts\activate.bat

cdk/emr-serverless-job-run/source.bat

@@ -0,0 +1,15 @@
+import aws_cdk as core
+import aws_cdk.assertions as assertions
+
+from emr_serverless_job_run.emr_serverless_job_run_stack import EmrServerlessJobRunStack
+
+# example tests. To run these tests, uncomment this file along with the example
+# resource in emr_serverless_job_run/emr_serverless_job_run_stack.py
+def test_sqs_queue_created():
+    app = core.App()
+    stack = EmrServerlessJobRunStack(app, "emr-serverless-job-run")
+    template = assertions.Template.from_stack(stack)
+
+#     template.has_resource_properties("AWS::SQS::Queue", {
+#         "VisibilityTimeout": 300
+#     })