UNPKG

@collaborne/custom-cloudformation-resources

Version:
127 lines 4.48 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.CloudFrontWafV2 = void 0; const aws_sdk_1 = require("aws-sdk"); const custom_resource_1 = require("../custom-resource"); const SCHEMA = { type: 'object', properties: { Name: { type: 'string', }, MetricName: { type: 'string', }, Rules: { type: 'string', }, }, required: ['Name', 'MetricName'], }; const SCOPE = 'CLOUDFRONT'; class CloudFrontWafV2 extends custom_resource_1.CustomResource { constructor(logicalResourceId, logger) { super(SCHEMA, logicalResourceId, logger); this.region = 'us-east-1'; // Region must be `us-east-1` for `CloudFront WAF` this.wafV2 = new aws_sdk_1.WAFV2({ region: this.region, }); } async createResource(physicalResourceId, { Name, MetricName, Rules }) { var _a, _b, _c, _d; const rules = JSON.parse(Rules); const webACLParams = { Name, Scope: SCOPE, DefaultAction: { Allow: {}, }, Rules: rules, VisibilityConfig: { MetricName, SampledRequestsEnabled: true, CloudWatchMetricsEnabled: true, }, }; try { const webAcl = await this.wafV2.createWebACL(webACLParams).promise(); if (!webAcl || !((_a = webAcl.Summary) === null || _a === void 0 ? void 0 : _a.ARN) || !webAcl.Summary.Id) { throw new Error('Error creating WebACL'); } console.debug('WebACL created successfully:', (_b = webAcl.Summary) === null || _b === void 0 ? void 0 : _b.ARN); return { physicalResourceId, attributes: { Arn: (_c = webAcl.Summary) === null || _c === void 0 ? void 0 : _c.ARN, Id: (_d = webAcl.Summary) === null || _d === void 0 ? void 0 : _d.Id, }, }; } catch (err) { console.error('Error creating WebACL:', err); throw new Error('Error creating WebACL'); } } async deleteResource(physicalResourceId, { Name }) { const webAcl = await this.getWebAcl(Name); if (!webAcl.WebACL || !webAcl.LockToken) { throw new Error(`WAF V2 is not deletable ${Name}`); } this.wafV2.deleteWebACL({ Name, Scope: SCOPE, Id: webAcl.WebACL.Id, LockToken: webAcl.LockToken, }); return { physicalResourceId, }; } async updateResource(physicalResourceId, { Name, Rules }) { var _a, _b; const webAcl = await this.getWebAcl(Name); if (!webAcl.WebACL || !webAcl.LockToken) { throw new Error(`WAF V2 is not able to update ${Name}`); } const rules = JSON.parse(Rules); const updateWebAclParams = { Id: webAcl.WebACL.Id, Name, DefaultAction: webAcl.WebACL.DefaultAction, Scope: SCOPE, Rules: rules, VisibilityConfig: webAcl.WebACL.VisibilityConfig, LockToken: webAcl.LockToken, }; await this.wafV2.updateWebACL(updateWebAclParams).promise(); console.warn(`WAF V2 is updated ${Name}`); return { physicalResourceId, attributes: { Arn: (_a = webAcl.WebACL) === null || _a === void 0 ? void 0 : _a.ARN, Id: (_b = webAcl.WebACL) === null || _b === void 0 ? void 0 : _b.Id, }, }; } async getWebAcl(name) { var _a; const webAcls = await this.wafV2.listWebACLs({ Scope: SCOPE }).promise(); if (!webAcls) { throw new Error(`Unknown waf name ${name}`); } const webAclSummary = (_a = webAcls.WebACLs) === null || _a === void 0 ? void 0 : _a.find(webAcl => webAcl.Name === name); if (!webAclSummary || !webAclSummary.ARN || !webAclSummary.Id) { throw new Error(`Unknown waf name ${name}`); } const webAcl = await this.wafV2 .getWebACL({ Name: name, Id: webAclSummary.Id, Scope: SCOPE, }) .promise(); return webAcl; } } exports.CloudFrontWafV2 = CloudFrontWafV2; //# sourceMappingURL=index.js.map