UNPKG

@innovationson/cdk-iamuserwithaccesskey

Version:

Creating an IAM user with access key stored in Secrets manager

github.com/innovations-on-gmbh/cdk-iamuserwithaccesskey

innovations-on-gmbh/cdk-iamuserwithaccesskey

45 lines 6.71 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
"use strict"; var _a; Object.defineProperty(exports, "__esModule", { value: true }); exports.IamUserWithAccessKey = void 0; const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti"); const aws_cdk_lib_1 = require("aws-cdk-lib"); const iam = require("aws-cdk-lib/aws-iam"); const sm = require("aws-cdk-lib/aws-secretsmanager"); /** * An IAM User including an Access Key that will be stored in Secrets Manager. The properties as for normal IAM Users. */ class IamUserWithAccessKey extends iam.User { constructor(scope, id, props) { super(scope, id, props); this.accessKey = new iam.CfnAccessKey(this, `${id}AccessKey`, { userName: this.userName, }); let UserSecretString = JSON.stringify({ Access_Key_Id: this.accessKey.ref, Secret_Access_Key: aws_cdk_lib_1.Fn.getAtt(this.accessKey.logicalId, 'SecretAccessKey').toString(), }); if (props?.encryptionKey) { this.secret = new sm.Secret(this, `${id}UserSecret`, { encryptionKey: props.encryptionKey, }); } else { this.secret = new sm.Secret(this, `${id}UserSecret`); } ; // We need to access the underlying cfn resource to set the secret string const cfnSecret = this.secret.node.defaultChild; cfnSecret.secretString = UserSecretString; // We need a raw override because otherwise cdk always expects a secretStringGenerator object cfnSecret.addOverride('Properties.GenerateSecretString', aws_cdk_lib_1.Fn.ref('AWS::NoValue')); new aws_cdk_lib_1.CfnOutput(this, 'SecretArn', { value: this.secret.secretArn.toString(), exportName: `${id}`, }); } } exports.IamUserWithAccessKey = IamUserWithAccessKey; _a = JSII_RTTI_SYMBOL_1; IamUserWithAccessKey[_a] = { fqn: "@innovationson/cdk-iamuserwithaccesskey.IamUserWithAccessKey", version: "1.2.112" }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw2Q0FBNEM7QUFDNUMsMkNBQTJDO0FBRTNDLHFEQUFxRDtBQWVyRDs7R0FFRztBQUNILE1BQWEsb0JBQXFCLFNBQVEsR0FBRyxDQUFDLElBQUk7SUFjaEQsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUFpQztRQUN6RSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUV4QixJQUFJLENBQUMsU0FBUyxHQUFHLElBQUksR0FBRyxDQUFDLFlBQVksQ0FBQyxJQUFJLEVBQUUsR0FBRyxFQUFFLFdBQVcsRUFBRTtZQUM1RCxRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVE7U0FDeEIsQ0FBQyxDQUFDO1FBRUgsSUFBSSxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDO1lBQ3BDLGFBQWEsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQUc7WUFDakMsaUJBQWlCLEVBQUUsZ0JBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLEVBQUUsaUJBQWlCLENBQUMsQ0FBQyxRQUFRLEVBQUU7U0FDckYsQ0FBQyxDQUFDO1FBRUgsSUFBSSxLQUFLLEVBQUUsYUFBYSxFQUFFO1lBQ3hCLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxHQUFHLEVBQUUsWUFBWSxFQUFFO2dCQUNuRCxhQUFhLEVBQUUsS0FBSyxDQUFDLGFBQWE7YUFDbkMsQ0FBQyxDQUFDO1NBQ0o7YUFBTTtZQUNMLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxHQUFHLEVBQUUsWUFBWSxDQUFDLENBQUM7U0FDdEQ7UUFBQSxDQUFDO1FBRUYseUVBQXlFO1FBQ3pFLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFlBQTRCLENBQUM7UUFDaEUsU0FBUyxDQUFDLFlBQVksR0FBRyxnQkFBZ0IsQ0FBQztRQUUxQyw2RkFBNkY7UUFDN0YsU0FBUyxDQUFDLFdBQVcsQ0FBQyxpQ0FBaUMsRUFBRSxnQkFBRSxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUMsQ0FBQyxDQUFDO1FBRWpGLElBQUksdUJBQVMsQ0FBQyxJQUFJLEVBQUUsV0FBVyxFQUFFO1lBQy9CLEtBQUssRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxRQUFRLEVBQUU7WUFDdkMsVUFBVSxFQUFFLEdBQUcsRUFBRSxFQUFFO1NBQ3BCLENBQUMsQ0FBQztJQUNMLENBQUM7O0FBN0NILG9EQThDQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEZuLCBDZm5PdXRwdXQgfSBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgKiBhcyBpYW0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWlhbSc7XG5pbXBvcnQgKiBhcyBrbXMgZnJvbSAnYXdzLWNkay1saWIvYXdzLWttcyc7XG5pbXBvcnQgKiBhcyBzbSBmcm9tICdhd3MtY2RrLWxpYi9hd3Mtc2VjcmV0c21hbmFnZXInO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5cbi8qKlxuICogUHJvcGVydGllcyBmb3IgdGhlIElBTSBVc2VyXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgSWFtVXNlcldpdGhBY2Nlc3NLZXlQcm9wcyBleHRlbmRzIGlhbS5Vc2VyUHJvcHMge1xuICAvKipcbiAgICogQW4gb3B0aW9uYWwgY3VzdG9tIGVuY3J5cHRpb24ga2V5IGZvciB0aGUgc2VjcmV0LlxuICAgKlxuICAgKiBAZGVmYXVsdCBUaGUgQWNjb3VudHMgZGVmYXVsdCBTZWNyZXQgTWFuYWdlciBLTVMgS2V5IHdpbGwgYmUgdXNlZC5cbiAgICovXG4gIHJlYWRvbmx5IGVuY3J5cHRpb25LZXk/OiBrbXMuSUtleSB8IHVuZGVmaW5lZDtcbn1cblxuLyoqXG4gKiBBbiBJQU0gVXNlciBpbmNsdWRpbmcgYW4gQWNjZXNzIEtleSB0aGF0IHdpbGwgYmUgc3RvcmVkIGluIFNlY3JldHMgTWFuYWdlci4gVGhlIHByb3BlcnRpZXMgYXMgZm9yIG5vcm1hbCBJQU0gVXNlcnMuXG4gKi9cbmV4cG9ydCBjbGFzcyBJYW1Vc2VyV2l0aEFjY2Vzc0tleSBleHRlbmRzIGlhbS5Vc2VyIHtcbiAgLyoqXG4gICAqIEFuIGF0dHJpYnV0ZSB0aGF0IHJlcHJlc2VudHMgdGhlIGlhbSBhY2Nlc3Nfa2V5LlxuICAgKlxuICAgKiBAYXR0cmlidXRlIHRydWVcbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBhY2Nlc3NLZXk6IGlhbS5DZm5BY2Nlc3NLZXk7XG4gIC8qKlxuICAgICAqIEFuIGF0dHJpYnV0ZSB0aGF0IHJlcHJlc2VudHMgdGhlIHNlY3JldC5cbiAgICAgKlxuICAgICAqIEBhdHRyaWJ1dGUgdHJ1ZVxuICAgICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgc2VjcmV0OiBzbS5TZWNyZXQ7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM/OiBJYW1Vc2VyV2l0aEFjY2Vzc0tleVByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkLCBwcm9wcyk7XG5cbiAgICB0aGlzLmFjY2Vzc0tleSA9IG5ldyBpYW0uQ2ZuQWNjZXNzS2V5KHRoaXMsIGAke2lkfUFjY2Vzc0tleWAsIHtcbiAgICAgIHVzZXJOYW1lOiB0aGlzLnVzZXJOYW1lLFxuICAgIH0pO1xuXG4gICAgbGV0IFVzZXJTZWNyZXRTdHJpbmcgPSBKU09OLnN0cmluZ2lmeSh7XG4gICAgICBBY2Nlc3NfS2V5X0lkOiB0aGlzLmFjY2Vzc0tleS5yZWYsXG4gICAgICBTZWNyZXRfQWNjZXNzX0tleTogRm4uZ2V0QXR0KHRoaXMuYWNjZXNzS2V5LmxvZ2ljYWxJZCwgJ1NlY3JldEFjY2Vzc0tleScpLnRvU3RyaW5nKCksIC8vVE9ETzogQ2hlY2sgaWYgdGhpcyByZWZlcmVuY2VzIHRoZSBjb3JyZWN0IHJlc291cmNlLiBBY2Nlc3NLZXkgdnMgU2VjcmV0QWNjZXNzS2V5XG4gICAgfSk7XG5cbiAgICBpZiAocHJvcHM/LmVuY3J5cHRpb25LZXkpIHtcbiAgICAgIHRoaXMuc2VjcmV0ID0gbmV3IHNtLlNlY3JldCh0aGlzLCBgJHtpZH1Vc2VyU2VjcmV0YCwge1xuICAgICAgICBlbmNyeXB0aW9uS2V5OiBwcm9wcy5lbmNyeXB0aW9uS2V5LFxuICAgICAgfSk7XG4gICAgfSBlbHNlIHtcbiAgICAgIHRoaXMuc2VjcmV0ID0gbmV3IHNtLlNlY3JldCh0aGlzLCBgJHtpZH1Vc2VyU2VjcmV0YCk7XG4gICAgfTtcblxuICAgIC8vIFdlIG5lZWQgdG8gYWNjZXNzIHRoZSB1bmRlcmx5aW5nIGNmbiByZXNvdXJjZSB0byBzZXQgdGhlIHNlY3JldCBzdHJpbmdcbiAgICBjb25zdCBjZm5TZWNyZXQgPSB0aGlzLnNlY3JldC5ub2RlLmRlZmF1bHRDaGlsZCBhcyBzbS5DZm5TZWNyZXQ7XG4gICAgY2ZuU2VjcmV0LnNlY3JldFN0cmluZyA9IFVzZXJTZWNyZXRTdHJpbmc7XG5cbiAgICAvLyBXZSBuZWVkIGEgcmF3IG92ZXJyaWRlIGJlY2F1c2Ugb3RoZXJ3aXNlIGNkayBhbHdheXMgZXhwZWN0cyBhIHNlY3JldFN0cmluZ0dlbmVyYXRvciBvYmplY3RcbiAgICBjZm5TZWNyZXQuYWRkT3ZlcnJpZGUoJ1Byb3BlcnRpZXMuR2VuZXJhdGVTZWNyZXRTdHJpbmcnLCBGbi5yZWYoJ0FXUzo6Tm9WYWx1ZScpKTtcblxuICAgIG5ldyBDZm5PdXRwdXQodGhpcywgJ1NlY3JldEFybicsIHtcbiAgICAgIHZhbHVlOiB0aGlzLnNlY3JldC5zZWNyZXRBcm4udG9TdHJpbmcoKSxcbiAgICAgIGV4cG9ydE5hbWU6IGAke2lkfWAsXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==