https://dev.classmethod.jp/articles/amazon-qldb-supports-real-time-streaming/
https://docs.aws.amazon.com/ja_jp/lambda/latest/dg/with-kinesis.html
https://hacknote.jp/archives/48083/
-- 前提: QLDBシェルインストール済み
-- 1. Kinesis ストリーミングの作成
aws kinesis create-stream --stream-name kinesisstream01 --shard-count 1
aws kinesis describe-stream --stream-name kinesisstream01
-- 2. QLDB用IAMポリシー作成
vim policy01.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "QLDBStreamKinesisPermissions",
"Action": [ "kinesis:PutRecord*", "kinesis:DescribeStream", "kinesis:ListShards" ],
"Effect": "Allow",
"Resource": "arn:aws:kinesis:ap-northeast-1:999999999999:stream/kinesisstream01"
}
]
}
aws iam create-policy \
--policy-name policy01 \
--policy-document file://policy01.json
-- 3. QLDB用IAMロール作成
vim role01.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "qldb.amazonaws.com"
},
"Action": [ "sts:AssumeRole" ]
}
]
}
aws iam create-role \
--role-name role01 \
--assume-role-policy-document file://role01.json
-- 4. QLDB用ポリシーをロールにアタッチ
aws iam attach-role-policy \
--policy-arn arn:aws:iam::999999999999:policy/policy01 \
--role-name role01
-- 5. 台帳の作成
aws qldb create-ledger \
--name qldb01 \
--permissions-mode STANDARD \
--no-deletion-protection
aws qldb list-ledgers
aws qldb describe-ledger --name qldb01
-- 6. QLDBストリームの作成
-- QLDBストリーム開始
vim kinesis.json
{
"StreamArn": "arn:aws:kinesis:ap-northeast-1:999999999999:stream/kinesisstream01",
"AggregationEnabled": true
}
aws qldb stream-journal-to-kinesis \
--ledger-name qldb01 \
--role-arn arn:aws:iam::999999999999:role/role01 \
--inclusive-start-time 2021-08-29T12:04:00Z \
--kinesis-configuration file://kinesis.json \
--stream-name qldbstream01
-- QLDBストリーム終了
aws qldb cancel-journal-kinesis-stream \
--ledger-name qldb01 \
--stream-id 8UyYF1UxTSK11nkksyar91
-- QLDBストリーム一覧
aws qldb list-journal-kinesis-streams-for-ledger --ledger-name qldb01
aws qldb describe-journal-kinesis-stream \
--ledger-name qldb01 \
--stream-id 8UyYF1UxTSK11nkksyar91
-- 7. Lambda用IAMポリシー作成
vim policy02.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kinesis:Get*",
"kinesis:DescribeStream",
"kinesis:DescribeStreamSummary"
],
"Resource": [
"arn:aws:kinesis:ap-northeast-1:999999999999:stream/kinesisstream01"
]
},
{
"Effect": "Allow",
"Action": [
"kinesis:ListStreams",
"kinesis:ListShards"
],
"Resource": [
"*"
]
}
]
}
aws iam create-policy \
--policy-name policy02 \
--policy-document file://policy02.json
-- 8. Lambda用IAMロール作成
vim role02.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
aws iam create-role \
--role-name role02 \
--assume-role-policy-document file://role02.json
-- 9. Lambda用ポリシーをロールにアタッチ
aws iam attach-role-policy \
--policy-arn arn:aws:iam::999999999999:policy/policy02 \
--role-name role02
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole \
--role-name role02
-- 10. Lambda関数作成
mkdir package
pip3.8 install amazon.ion boto3 --target ./package
vim test.py
#!/usr/bin/python
import base64
import boto3
import amazon.ion.simpleion as ion
def lambda_handler(event, context):
print(event)
for record in event['Records']:
payload = base64.b64decode(record["kinesis"]["data"])
print("Decoded payload: " + str(payload))
ion_record = ion.loads(payload)
print("Ion reocord: ", (ion.dumps(ion_record, binary=False)))
chmod 755 test.py
chmod -R 755 package
cd package
zip -r ../test.zip .
cd ..
zip -g test.zip test.py
aws lambda create-function \
--region ap-northeast-1 \
--function-name test \
--zip-file fileb://test.zip \
--role arn:aws:iam::999999999999:role/role02 \
--handler test.lambda_handler \
--runtime python3.8 \
--timeout 60
aws lambda list-functions
aws lambda list-functions | jq -c '.Functions | [ .FunctionName ]'
aws lambda get-function --function-name test
"State"がactiveになるまで待つ
-- 11. AWS Lambda でイベントソースを追加する
aws lambda create-event-source-mapping \
--function-name test \
--event-source arn:aws:kinesis:ap-northeast-1:999999999999:stream/kinesisstream01 \
--batch-size 100 \
--starting-position LATEST
aws lambda list-event-source-mappings \
--function-name test \
--event-source arn:aws:kinesis:ap-northeast-1:999999999999:stream/kinesisstream01
-- 12. QLDBでテストデータ追加
qldbshell --ledger qldb01
create table tab1
insert into tab1 `{"col1": "val1"}`
select * from tab1
drop table tab1
-- 13. クリーンアップ
-- 台帳の削除
aws qldb delete-ledger --name qldb01
-- ロールの一覧
aws iam list-roles | grep role01
aws iam list-roles | grep role02
-- ロールの削除
aws iam detach-role-policy \
--role-name role01 \
--policy-arn arn:aws:iam::999999999999:policy/policy01
aws iam detach-role-policy \
--role-name role02 \
--policy-arn arn:aws:iam::999999999999:policy/policy02
aws iam detach-role-policy \
--role-name role02 \
--policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
aws iam delete-role --role-name role01
aws iam delete-role --role-name role02
-- ポリシーの一覧
aws iam list-policies | grep policy01
aws iam list-policies | grep policy02
-- ポリシーの削除
aws iam delete-policy \
--policy-arn arn:aws:iam::999999999999:policy/policy01
aws iam delete-policy \
--policy-arn arn:aws:iam::999999999999:policy/policy02
-- lambdaイベントソースマッピング一覧
aws lambda list-event-source-mappings \
--function-name test \
--event-source arn:aws:kinesis:ap-northeast-1:999999999999:stream/kinesisstream01
-- lambdaイベントソースマッピング削除
aws lambda delete-event-source-mapping \
--uuid 11111111-2222-3333-4444-555555555555
-- lambda関数の一覧
aws lambda list-functions | jq -c '.Functions | [ .FunctionName ]'
-- lambda関数の削除
aws lambda delete-function --function-name test
-- Kinesis ストリーミングの一覧
aws kinesis list-streams
-- Kinesis ストリーミングの削除
aws kinesis delete-stream --stream-name kinesisstream01