AWS Nodes

• Security
• Node: Lambda
• Node: S3
• Node: SQS
• Node: SNS
• Node: SSM
• Node: Ephemeral
• Node: CloudWatch
• Node: Dynamo DB
• Node: Rekognition

Collection of nodes allowing easy interaction with AWS services.

Security

Each AWS node allows two types of access to the aws resources:

Lambda Role

This type is intended for deployment to the AWS accounts. It is assumed that IAM Role associated with AWS Lambda that is generated for Kumologica flow will contain all necessary permissions required by the flow to successfully execute.

If the kumologica project is deployed from kumologica designer or using kumologica cli export cloudformation command, the IAM role will be created with necessary permissions and complying with principle of least privilege.

Credentials

This type is intended for kumologica flows deployed to non AWS cloud providers (Azure, GCP, Kumohub) that require access to certain AWS services. It can also be used for deployments to AWS accounts where access is required to resources in other AWS accounts and it is impossible to configure IAM roles to assume to facilitate it.

Access Key, Access Secret, AWS Region and optionally ARN of the IAM Role to Assume is required.

Node: Lambda

AWS Lambda node allows to invoke a lambda function directly from the Kumologica flow without going via API Gateway. This is suitable for intra function communication. The node supports both synchronous and asynchronous mode of invocation.

Properties

• Operation - Following operations are supported:

  • InvokeFunction - invokes a lambda function in a synchronous mode. In this mode the caller function will wait for the callee function to complete and respond.

  • InvokeFunctionAsync - invokes a lambda function in a asynchronous mode. In this mode the caller function will wait not for the callee function to complete and respond. The function will invoked in a fire and forget style.

• Lambda ARN - the ARN of the lambda function to invoke. It is a good practice to use environment variable reference here instead of string value of ARN. Required

• InvokeArgs - Arguments to be passed to invoked lambda function, Optional

• Timeout - Timeout in miliseconds for lambda call.

Response

The result of the operation (where applicable) can be accessed on the subsequent node using msg.payload.

Node: S3

AWS S3 node allows access to AWS S3 bucket. This node is used for put, get and delete an object on a AWS S3 bucket. AWS S3 node uses profile credentials, region and the permission associated with the credentials to act on the S3 bucket.

Properties

• Operations - Following operations are supported by the S3 node:

  • Create Bucket - Creates a new S3 bucket on the AWS account associated with the aws credential profile. This operation expects the user profile used to have permission to create a bucket.

  • DeleteBucket - Deletes a given S3 bucket on the AWS account associated with the aws credential profile associated with the account. This operation expects the user profile used to have permission to delete the bucket.

  • Get Object - Returns single object from S3 bucket.

  • Copy Object- Creates a copy of an object that is already stored in Amazon S3. Copy Object operation does not support cross-region copies.

  • CreateMultipartUpload - Initiates a multipart upload and returns an upload ID. This upload ID is used to associate all of the parts in the specific multipart upload.

  • Delete Object - Removes an object from Amazon S3. The node uses bucket name and key to remove the object.

  • Delete Objects - Removes multiple objects from Amazon S3. The node uses bucket name and key to remove the object.

  • List Buckets - Lists the buckets available in the Amazon S3.

  • ListMultipartUploads - Lists in-progress multipart uploads. An in-progress multipart upload is a multipart upload that has been initiated using the Initiate Multipart Upload request, but has not yet been completed or aborted.

  • ListObjects- Returns list of all available objects under S3 bucket.

  • PutObject - Adds an object to a bucket.

• Bucket - The name of a bucket operation is performed on.
• Key - The name of the object in a S3 bucket operation is performed on. The key does not contain bucket name.
• Keys- used by Delete Objects operation, comma separated names of the objects to delete.
• Prefix- used by List Objects to limit response to the keys that start with it.
• Request Timeout - timeout in miliseconds of wait of operation on S3 bucket to complete.
• Destination - used by Copy Object operation, The destination bucket name where object is copied into.
• DestinationKey - used by Copy Object operation, The new name for the object to be placed in destination bucket.
• Source - used by Copy Object operation, the bucket name and a key of the object to be copied.
• Content - used by Put Object operation, the content of the object to be put into S3 bucket.
• ContentType - used by Put Object operation, the content type of the object to be put into S3 bucket, for example: text/plain, application/pdf, image/png ...
• SSEncryption - used by CopyObject operation, server side encryption, possible values: none, AWS256, aws:kms
• Prefix - used by ListObjects operation, to return only keys starting with provided prefix

Response

The result of the operation (where applicable) can be accessed on the subsequent node using msg.payload.

Node: SQS

AWS SQS node allows access SQS queue. This node is used for send, receive, purge and delete message on AWS SQS.

Properties

• Operation - Following operations are supported by the SQS node.

  • SendMessage - sends message to a given SQS queue.

  • ReceiveMessage - receives message from a SQS queue.

  • PurgeQueue - purges all messages which are available in a SQS queue.

  • DeleteMessage - deletes a message which is available in a given SQS queue.

• QueueUrl - The url of SQS queue, Required

• MessageBody - used by SendMessage operation, the body of a message to be send to queue, Required for the SendMessage operation

• MsgGroupId - used by SendMessage operation, required when sending message to fifo queue to provide identified for the messages sent.

• ReceiptHandle - used by DeleteMessage operation, the receipt handle associated with the message to delete.

• Request Timeout - the timeout in milliseconds to establish connection to sqs service.

Response

The result of the operation (where applicable) can be accessed on the subsequent node using msg.payload.

Node: SNS

AWS SNS node allows access to AWS SNS topics and supports provisioning and sending push notifications and sms messages to mobile devices and managing devices endpoints.

Properties

Operation: Publish - SNS Topic

Sends message to specific sns topic.

• Topic ARN - ARN of the SNS topic to which message to be published, required.
• Message Structure - Indicator whether message is in json structure, optional.
• Message Attributes - Map of message attributes in json format, optional.
• Message Deduplication Id - Only applies to FIFO topic, where it has to be unique, optional.
• Message Group Id-Only applies to FIFO topic, where it indicates message belongs to specific group, optional.
• Message - The message to be published to the SNS topic, required.
• Request Timeout - Timeout in ms to wait for response, optional.

Operation: Publish - Mobile Platform

Sends message to specific mobile platform.

• Target ARN - ARN of the SNS topic to which message to be published, required.
• Subject - subject line if message delivered to email endpoints, optional.
• Message Structure - indicator whether message is in json structure, optional.
• Message Attributes - Map of message attributes in json format, optional.
• Message - The message to be published to the SNS topic, required.
• Request Timeout - Timeout in ms to wait for response, optional.

Operation: Publish - SMS Message

Sends SMS message to specific mobile number.

• Phone Number - Phone number where sms should be delivered, E.164 format (+ international number), required.
• Subject - Subject line if message delivered to email endpoints, optional.
• Message Structure - Indicator whether message is in json structure, optional.
• Message Attributes - Map of message attributes in json format, optional.
• Message - The message to be published to the SNS topic, required.
• Request Timeout - Timeout in ms to wait for response, optional.

Operation: Publish - Push Notification

Sends push notification to specific device. Ensure to send the JSON content in Message property without GCM, APNS or ADM as root level structure. This operation wraps message into correct headings required by various platforms.

• Topic ARN - ARN of the SNS topic to which message to be published, required.
• Message - The message to be published to the SNS topic, required.
• Request Timeout - Timeout in ms to wait for response, optional.

Operation: Create Platform Endpoint

Creates platform endpoint for specific device.

• Platform App ARN - ARN for creating the platform endpoint, required.
• Token - Token for generating the platform endpoint, required.
• Request Timeout - Timeout in ms to wait for response, optional.

Operation: Get Endpoint Attributes

Returns attributes for specific device endpoint.

• Endpoint ARN - ARN of the endpoint to return attributes, required.
• Request Timeout - Timeout in ms to wait for response, optional.

Operation: Set Endpoint Attributes

Sets attributes for specific endpoint for device on GCM, APNS or ADM.

• Endpoint ARN - ARN of the endpoint to set attributes, required.
• Token - Device Token (registration id), required.
• Custom User Data - User data associated with endpoint, not used by SNS service, optional.
• Enabled - True/False Enables/disables delivery, required.
• Request Timeout - Timeout in ms to wait for response, optional.

Operation: Delete Endpoint

Deletes endpoint for specific device.

• Endpoint ARN - ARN of the endpoint to delete, required.
• Request Timeout - Timeout in ms to wait for response, optional.

Operation: ListTopics

Returns list of sns topic arns.

• Request Timeout - Timeout in ms to wait for response, optional.

Avoid using notification and aps as the sub level object. Do not stringify the JSON content.

Response

The result of the operation (where applicable) can be accessed on the subsequent node using msg.payload.

Node: SSM

AWS SSM node allows access to parameter store in AWS System manager. It is also possible to access Secrets manager using SSM.

Properties

• Operation - Following operations are supported by the SSM node.

  • Get Parameter - Returns value for a given SSM parameter key.

  • Put Parameter - Creates new SSM parameter.

  • Delete Parameter - Delete a given SSM parameter.

  • Get Parameters By Path - Returns list of parameters in specific hierarchy.

• Key - The value of a SSM parameter key, Required

• Value - used by PutParameter operation, the value of the key to put into parameter store, Required for the operation

• Type - used by PutParameter operation, the type of the key to put into parameter store, Allowed values are String, List and Secured String. Required for the operation

• KMS Key - used by PutParameter operation, reference to the KMS key to use for encrypting parameter, Optional

• Description - used by PutParameter operation, description of the key, Optional

• Overwrite - used by PutParameter - to overwrite existing parameter

• Request Timeout - the timeout in miliseconds to wait for the operation to complete.

• Path - used by Get Parameters By Path - The hierarchy starting wit /, maximum 15 levels of hierarchy, for example: /DEV/

• Overwrite - used by PutParameter operation, indicator to overwrite value of parameter if already exists.

SecretsManager

To access secrets stored in secrets manager via SSM the parameter must be prefixed with: /aws/reference/secretsmanager/ for example: to access secret: /dev/username use: /aws/reference/secretsmanager//dev/username

Response

The result of the operation (where applicable) can be accessed on the subsequent node using msg.payload.

Node: Ephemeral

Ephemeral node is used for storing and retrieving temporary data in lambda ephemeral store. The node access the /tmp folder of aws lambda container. If any data needs to be stored and accessed between multiple invocations of lambda then the data needs to be stored in /tmp folder using Ephemeral node.

Properties

• Operation

  • Read - Reads file from ephemeral storage
  • Write - Writes file to the ephemeral storage
  • Append - Appends the file in the ephemeral storage

• Filename - the name of a file including extension to be used by operation.

• Content - used by Write and Append operations, the content of the file.

Node: CloudWatch

AWS Cloudwatch node allows interaction with cloudwatch events.

Properties

• Operation
  • PutEvents - Sends event to cloud watch event service
  • ListRules - Returns list of rules defined in cloudwatch events
• Detail - used by PutEvents operation, a valid JSON string with an event, required for the operation
• DetailType - used by PutEvents operation, the schema description of Detail payload, required for the operation.
• Resources - used by PutEvents operation, array of resource ARNs the event refers to, optional
• Source - used by PutEvents operation, the source identifier of the event, required for the operation
• Request Timeout - the timeout in miliseconds to wait for the operation to complete.

TIP

To send event into kumologica flow that has EventListener configured to receive events with explicit reference, the following structure of event must be used:

    "source": SOURCE DESCRIPTION HERE,
    "detail": {
        "type": ["kumologica-event"],
        "reference": [REFERENCE HERE]
    }  

Event Listener that is meant to handle multiple types of events should not use reference property.

Response

The result of the operation (where applicable) can be accessed on the subsequent node using msg.payload.

Node: Dynamo DB

AWS Dynamo DB node allows various crud operations on DynamoDB database.

Properties

• Operation
  • PutItem - Insert a record to the DynamoDB table.
  • GetItem - Fetch a record from the DynamoDB table.
  • DeleteItem - Delete a record from the DynamoDB table.
  • UpdateItem - Updates a record in the DynamoDB table with new values.
  • Scan - Retrieve all the records from the DynamoDB table in one call. The operation will automatically resolve paged results. For very large tables it is recommended to use Enable Paging flag and implement paging logic within flow.
  • Query - Query DynamoDB table with specific criteria. The operation will automatically resolve paged results. For very large result sets it is recommended to use Enable Paging flag and implement paging logic within flow.
• Table ARN - the ARN of DynamoDB table the operation is called for, required
• Index Name - used by GetItem and Query operations, the name of the index to use instead of table, optional
• Projection - used by GetItem, Scan and Query operations, the comma separated list of attributes to return by operation, optional
• Sort Oder - used by Query operation, the sort order of the data to return, default to 'Ascending'
• Message Syntax - the syntax of the message to be used when interacting with DynamoDB and to be returned by the operation.
  • Data Type Descriptors - recommended when types control is required for specific items. The message format is { "key": {"type": "value" } }, for example:

  {
      "lastName": {
          "S": "Smith"
      },
      "age": {
          "N": 43
      }
  }
  

  • Native Javascript Types - simplified format { "key": "value"}, for example:

  {
      "lastName": "Smith"
      "age": 43
  }
  

• Filters, Attributes - the list of attributes to be inserted into the dynamo db table, or selection criteria for retrieving data from DynamoDB table. The UpdateItem operation has this table divided into Keys section - to provide primary and secondary keys of the item to update and Attributes section to provide operation, attribute key and value to execute. If Message Syntax is set to 'Data Type Descriptors' then it is required to specify data type of an attribute. For all other operations, the first row in this table implies it is 'Primary Key' and second to 'Sort key' if defined, otherwise it is attribute.
• Consistent Read - flag to enforce read consistency. used by Query, Scan and GetItem operation. Eventual consistency is default setting.
• Request Timeout - the timeout in miliseconds to wait for the operation to complete.
• Enable Paging - if checked then Scan and Query operations will not automatically page through result sets. It will be left to the flow to perform paging logic. This option helps to manipulate very large sets of data.
• Exclusive Start Key - if Paging is enabled, this field should contain the value of LastEvaluatedKey of previous Query or Scan call. This will allow to retrieve next set of data from Query or Scan operations.

Response

The result of the operation (where applicable) can be accessed on the subsequent node using msg.payload.

Node: Rekognition

This node helps in invoking AWS Rekognition service for image recognition and analysis.

Properties

• Operation

  • CompareFaces - Compare between two face images.
  • DetectFaces - Detect faces in a given image.
  • DetectLabels - Detect labels in a given image.
  • DetectText - Detect text in a given image.
  • ListCollections - Returns list of collections that are used the region. The response will be an array of collection ids.
  • ListFaces - Return list of faces under a given collection.

• Source Image - The name of the image in a S3 bucket to analyze.

• Target Image - used by CompareFaces operation, rhe name of the target image to compare.

• Source Bucket - Name of the bucket where source images is located.

• Target Bucket - used by CompareFaces operation, name of the bucket where target images are located.

• CollectionId- used by ListFaces operation, the ID of collection to use by operation.

• Request Timeout - the timeout in miliseconds to wait for the operation to complete.

Response

The result of the operation (where applicable) can be accessed on the subsequent node using msg.payload.