@collaborne/custom-cloudformation-resources
Version:
Custom CloudFormation resources
127 lines • 4.48 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.CloudFrontWafV2 = void 0;
const aws_sdk_1 = require("aws-sdk");
const custom_resource_1 = require("../custom-resource");
const SCHEMA = {
type: 'object',
properties: {
Name: {
type: 'string',
},
MetricName: {
type: 'string',
},
Rules: {
type: 'string',
},
},
required: ['Name', 'MetricName'],
};
const SCOPE = 'CLOUDFRONT';
class CloudFrontWafV2 extends custom_resource_1.CustomResource {
constructor(logicalResourceId, logger) {
super(SCHEMA, logicalResourceId, logger);
this.region = 'us-east-1'; // Region must be `us-east-1` for `CloudFront WAF`
this.wafV2 = new aws_sdk_1.WAFV2({
region: this.region,
});
}
async createResource(physicalResourceId, { Name, MetricName, Rules }) {
var _a, _b, _c, _d;
const rules = JSON.parse(Rules);
const webACLParams = {
Name,
Scope: SCOPE,
DefaultAction: {
Allow: {},
},
Rules: rules,
VisibilityConfig: {
MetricName,
SampledRequestsEnabled: true,
CloudWatchMetricsEnabled: true,
},
};
try {
const webAcl = await this.wafV2.createWebACL(webACLParams).promise();
if (!webAcl || !((_a = webAcl.Summary) === null || _a === void 0 ? void 0 : _a.ARN) || !webAcl.Summary.Id) {
throw new Error('Error creating WebACL');
}
console.debug('WebACL created successfully:', (_b = webAcl.Summary) === null || _b === void 0 ? void 0 : _b.ARN);
return {
physicalResourceId,
attributes: {
Arn: (_c = webAcl.Summary) === null || _c === void 0 ? void 0 : _c.ARN,
Id: (_d = webAcl.Summary) === null || _d === void 0 ? void 0 : _d.Id,
},
};
}
catch (err) {
console.error('Error creating WebACL:', err);
throw new Error('Error creating WebACL');
}
}
async deleteResource(physicalResourceId, { Name }) {
const webAcl = await this.getWebAcl(Name);
if (!webAcl.WebACL || !webAcl.LockToken) {
throw new Error(`WAF V2 is not deletable ${Name}`);
}
this.wafV2.deleteWebACL({
Name,
Scope: SCOPE,
Id: webAcl.WebACL.Id,
LockToken: webAcl.LockToken,
});
return {
physicalResourceId,
};
}
async updateResource(physicalResourceId, { Name, Rules }) {
var _a, _b;
const webAcl = await this.getWebAcl(Name);
if (!webAcl.WebACL || !webAcl.LockToken) {
throw new Error(`WAF V2 is not able to update ${Name}`);
}
const rules = JSON.parse(Rules);
const updateWebAclParams = {
Id: webAcl.WebACL.Id,
Name,
DefaultAction: webAcl.WebACL.DefaultAction,
Scope: SCOPE,
Rules: rules,
VisibilityConfig: webAcl.WebACL.VisibilityConfig,
LockToken: webAcl.LockToken,
};
await this.wafV2.updateWebACL(updateWebAclParams).promise();
console.warn(`WAF V2 is updated ${Name}`);
return {
physicalResourceId,
attributes: {
Arn: (_a = webAcl.WebACL) === null || _a === void 0 ? void 0 : _a.ARN,
Id: (_b = webAcl.WebACL) === null || _b === void 0 ? void 0 : _b.Id,
},
};
}
async getWebAcl(name) {
var _a;
const webAcls = await this.wafV2.listWebACLs({ Scope: SCOPE }).promise();
if (!webAcls) {
throw new Error(`Unknown waf name ${name}`);
}
const webAclSummary = (_a = webAcls.WebACLs) === null || _a === void 0 ? void 0 : _a.find(webAcl => webAcl.Name === name);
if (!webAclSummary || !webAclSummary.ARN || !webAclSummary.Id) {
throw new Error(`Unknown waf name ${name}`);
}
const webAcl = await this.wafV2
.getWebACL({
Name: name,
Id: webAclSummary.Id,
Scope: SCOPE,
})
.promise();
return webAcl;
}
}
exports.CloudFrontWafV2 = CloudFrontWafV2;
//# sourceMappingURL=index.js.map