@bitblit/epsilon/deployment/cdk/epsilon-stack-util.js

Tiny adapter to simplify building API gateway Lambda APIS

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.EpsilonStackUtil = void 0;
const string_ratchet_1 = require("@bitblit/ratchet/common/string-ratchet");
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
class EpsilonStackUtil {
    // Prevent instantiation
    // eslint-disable-next-line @typescript-eslint/no-empty-function
    constructor() { }
    static toEnvironmentVariables(input) {
        const rval = [];
        input.forEach((inval) => {
            Object.keys(inval).forEach((k) => {
                rval.push({
                    name: k,
                    value: string_ratchet_1.StringRatchet.safeString(inval[k]),
                });
            });
        });
        return rval;
    }
    static createDefaultPolicyStatementList(props, backgroundLambdaSqs, backgroundLambdaSns, interApiSns) {
        const rval = (props.additionalPolicyStatements || []).concat([
            new aws_iam_1.PolicyStatement({
                effect: aws_iam_1.Effect.ALLOW,
                actions: ['logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents'],
                resources: ['arn:aws:logs:*:*:*'],
            }),
            new aws_iam_1.PolicyStatement({
                effect: aws_iam_1.Effect.ALLOW,
                actions: ['ses:SendEmail', 'ses:SendRawEmail'],
                resources: ['arn:aws:ses:*'],
            }),
            new aws_iam_1.PolicyStatement({
                effect: aws_iam_1.Effect.ALLOW,
                actions: ['sqs:*'],
                resources: [backgroundLambdaSqs.queueArn],
            }),
            new aws_iam_1.PolicyStatement({
                effect: aws_iam_1.Effect.ALLOW,
                actions: ['sns:*'],
                resources: [backgroundLambdaSns.topicArn, interApiSns.topicArn],
            }),
            new aws_iam_1.PolicyStatement({
                effect: aws_iam_1.Effect.ALLOW,
                actions: ['batch:*'],
                resources: ['*'],
            }),
        ]);
        return rval;
    }
}
exports.EpsilonStackUtil = EpsilonStackUtil;
EpsilonStackUtil.ALLOW_ECS = new aws_iam_1.PolicyStatement({
    effect: aws_iam_1.Effect.ALLOW,
    actions: ['ecs:*'],
    resources: ['*'],
});
EpsilonStackUtil.ALLOW_ECR = new aws_iam_1.PolicyStatement({
    effect: aws_iam_1.Effect.ALLOW,
    actions: ['ecr:BatchCheckLayerAvailability', 'ecr:BatchGetImage', 'ecr:GetDownloadUrlForLayer', 'ecr:GetAuthorizationToken'],
    resources: ['*'],
});
EpsilonStackUtil.ALLOW_RESTRICTED_LOGS = new aws_iam_1.PolicyStatement({
    effect: aws_iam_1.Effect.ALLOW,
    actions: ['logs:CreateLogStream', 'logs:PutLogEvents', 'logs:DescribeLogStreams', 'logs:CreateLogGroup'],
    resources: ['*'],
});
EpsilonStackUtil.ECS_POLICY_STATEMENTS = [
    EpsilonStackUtil.ALLOW_ECS,
    EpsilonStackUtil.ALLOW_ECR,
    EpsilonStackUtil.ALLOW_RESTRICTED_LOGS,
];
//# sourceMappingURL=epsilon-stack-util.js.map