UNPKG

@pdmlab/cdk-constructs

Version:

Shared constructs for AWS CDK

github.com/PDMLab/cdk-constructs

PDMLab/cdk-constructs

44 lines 6.28 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); const cdk = require("@aws-cdk/core"); const iam = require("@aws-cdk/aws-iam"); const route53 = require("@aws-cdk/aws-route53"); class AllowHostedZoneChangeResourceRecordSetsPolicy extends cdk.Construct { /** * Create a policy which allows changing DNS records for a domain in a hosted zone in AWS Route53 */ constructor(scope, id, props) { super(scope, id); const zone = route53.HostedZone.fromLookup(this, 'hostedzone', { domainName: props.domainName }); const plainHostedZoneId = zone.hostedZoneId.substring(1); this.policy = new iam.ManagedPolicy(this, 'AllowChangeRecordSets', { managedPolicyName: props.policyName || 'allow-change-record-sets', statements: [ new iam.PolicyStatement({ effect: iam.Effect.ALLOW, resources: [`arn:aws:route53:::${plainHostedZoneId}`], actions: ['route53:ChangeResourceRecordSets'] }), new iam.PolicyStatement({ effect: iam.Effect.ALLOW, resources: [`*`], actions: ['route53:ListHostedZonesByName'] }), new iam.PolicyStatement({ effect: iam.Effect.ALLOW, resources: [`arn:aws:route53:::${plainHostedZoneId}`], actions: ['route53:GetHostedZone'] }), new iam.PolicyStatement({ effect: iam.Effect.ALLOW, resources: [`arn:aws:route53:::change/*`], actions: ['route53:GetChange'] }) ] }); } } exports.AllowHostedZoneChangeResourceRecordSetsPolicy = AllowHostedZoneChangeResourceRecordSetsPolicy; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQWxsb3dIb3N0ZWRab25lQ2hhbmdlUmVzb3VyY2VSZWNvcmRTZXRzUG9saWN5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiQWxsb3dIb3N0ZWRab25lQ2hhbmdlUmVzb3VyY2VSZWNvcmRTZXRzUG9saWN5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEscUNBQW9DO0FBQ3BDLHdDQUF1QztBQUN2QyxnREFBK0M7QUFhL0MsTUFBYSw2Q0FBOEMsU0FBUSxHQUFHLENBQUMsU0FBUztJQUc5RTs7T0FFRztJQUNILFlBQ0UsS0FBb0IsRUFDcEIsRUFBVSxFQUNWLEtBQXlEO1FBRXpELEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUE7UUFDaEIsTUFBTSxJQUFJLEdBQUcsT0FBTyxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsSUFBSSxFQUFFLFlBQVksRUFBRTtZQUM3RCxVQUFVLEVBQUUsS0FBSyxDQUFDLFVBQVU7U0FDN0IsQ0FBQyxDQUFBO1FBRUYsTUFBTSxpQkFBaUIsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtRQUV4RCxJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksR0FBRyxDQUFDLGFBQWEsQ0FBQyxJQUFJLEVBQUUsdUJBQXVCLEVBQUU7WUFDakUsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLFVBQVUsSUFBSSwwQkFBMEI7WUFDakUsVUFBVSxFQUFFO2dCQUNWLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQztvQkFDdEIsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsS0FBSztvQkFDeEIsU0FBUyxFQUFFLENBQUMscUJBQXFCLGlCQUFpQixFQUFFLENBQUM7b0JBQ3JELE9BQU8sRUFBRSxDQUFDLGtDQUFrQyxDQUFDO2lCQUM5QyxDQUFDO2dCQUNGLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQztvQkFDdEIsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsS0FBSztvQkFDeEIsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO29CQUNoQixPQUFPLEVBQUUsQ0FBQywrQkFBK0IsQ0FBQztpQkFDM0MsQ0FBQztnQkFDRixJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQUM7b0JBQ3RCLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLEtBQUs7b0JBQ3hCLFNBQVMsRUFBRSxDQUFDLHFCQUFxQixpQkFBaUIsRUFBRSxDQUFDO29CQUNyRCxPQUFPLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQztpQkFDbkMsQ0FBQztnQkFDRixJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQUM7b0JBQ3RCLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLEtBQUs7b0JBQ3hCLFNBQVMsRUFBRSxDQUFDLDRCQUE0QixDQUFDO29CQUN6QyxPQUFPLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQztpQkFDL0IsQ0FBQzthQUNIO1NBQ0YsQ0FBQyxDQUFBO0lBQ0osQ0FBQztDQUNGO0FBNUNELHNHQTRDQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNkayBmcm9tICdAYXdzLWNkay9jb3JlJ1xuaW1wb3J0ICogYXMgaWFtIGZyb20gJ0Bhd3MtY2RrL2F3cy1pYW0nXG5pbXBvcnQgKiBhcyByb3V0ZTUzIGZyb20gJ0Bhd3MtY2RrL2F3cy1yb3V0ZTUzJ1xuXG5leHBvcnQgaW50ZXJmYWNlIEFsbG93SG9zdGVkWm9uZUNoYW5nZVJlc291cmNlUmVjb3JkU2V0c1BvbGljeVByb3BzIHtcbiAgLyoqXG4gICAqIFRoZSBkb21haW4gbmFtZSB0aGUgaG9zdGVkIHpvbmUgaGFzIGJlZW4gc2V0dXAgZm9yLlxuICAgKi9cbiAgZG9tYWluTmFtZTogc3RyaW5nXG4gIC8qKlxuICAgKiBUaGUgbmFtZSBvZiB0aGUgcG9saWN5IGJlaW5nIGNyZWF0ZWRcbiAgICovXG4gIHBvbGljeU5hbWU/OiBzdHJpbmdcbn1cblxuZXhwb3J0IGNsYXNzIEFsbG93SG9zdGVkWm9uZUNoYW5nZVJlc291cmNlUmVjb3JkU2V0c1BvbGljeSBleHRlbmRzIGNkay5Db25zdHJ1Y3Qge1xuICBwb2xpY3k6IGlhbS5NYW5hZ2VkUG9saWN5XG5cbiAgLyoqXG4gICAqIENyZWF0ZSBhIHBvbGljeSB3aGljaCBhbGxvd3MgY2hhbmdpbmcgRE5TIHJlY29yZHMgZm9yIGEgZG9tYWluIGluIGEgaG9zdGVkIHpvbmUgaW4gQVdTIFJvdXRlNTNcbiAgICovXG4gIGNvbnN0cnVjdG9yKFxuICAgIHNjb3BlOiBjZGsuQ29uc3RydWN0LFxuICAgIGlkOiBzdHJpbmcsXG4gICAgcHJvcHM6IEFsbG93SG9zdGVkWm9uZUNoYW5nZVJlc291cmNlUmVjb3JkU2V0c1BvbGljeVByb3BzXG4gICkge1xuICAgIHN1cGVyKHNjb3BlLCBpZClcbiAgICBjb25zdCB6b25lID0gcm91dGU1My5Ib3N0ZWRab25lLmZyb21Mb29rdXAodGhpcywgJ2hvc3RlZHpvbmUnLCB7XG4gICAgICBkb21haW5OYW1lOiBwcm9wcy5kb21haW5OYW1lXG4gICAgfSlcblxuICAgIGNvbnN0IHBsYWluSG9zdGVkWm9uZUlkID0gem9uZS5ob3N0ZWRab25lSWQuc3Vic3RyaW5nKDEpXG5cbiAgICB0aGlzLnBvbGljeSA9IG5ldyBpYW0uTWFuYWdlZFBvbGljeSh0aGlzLCAnQWxsb3dDaGFuZ2VSZWNvcmRTZXRzJywge1xuICAgICAgbWFuYWdlZFBvbGljeU5hbWU6IHByb3BzLnBvbGljeU5hbWUgfHwgJ2FsbG93LWNoYW5nZS1yZWNvcmQtc2V0cycsXG4gICAgICBzdGF0ZW1lbnRzOiBbXG4gICAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBlZmZlY3Q6IGlhbS5FZmZlY3QuQUxMT1csXG4gICAgICAgICAgcmVzb3VyY2VzOiBbYGFybjphd3M6cm91dGU1Mzo6OiR7cGxhaW5Ib3N0ZWRab25lSWR9YF0sXG4gICAgICAgICAgYWN0aW9uczogWydyb3V0ZTUzOkNoYW5nZVJlc291cmNlUmVjb3JkU2V0cyddXG4gICAgICAgIH0pLFxuICAgICAgICBuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgZWZmZWN0OiBpYW0uRWZmZWN0LkFMTE9XLFxuICAgICAgICAgIHJlc291cmNlczogW2AqYF0sXG4gICAgICAgICAgYWN0aW9uczogWydyb3V0ZTUzOkxpc3RIb3N0ZWRab25lc0J5TmFtZSddXG4gICAgICAgIH0pLFxuICAgICAgICBuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgZWZmZWN0OiBpYW0uRWZmZWN0LkFMTE9XLFxuICAgICAgICAgIHJlc291cmNlczogW2Bhcm46YXdzOnJvdXRlNTM6Ojoke3BsYWluSG9zdGVkWm9uZUlkfWBdLFxuICAgICAgICAgIGFjdGlvbnM6IFsncm91dGU1MzpHZXRIb3N0ZWRab25lJ11cbiAgICAgICAgfSksXG4gICAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBlZmZlY3Q6IGlhbS5FZmZlY3QuQUxMT1csXG4gICAgICAgICAgcmVzb3VyY2VzOiBbYGFybjphd3M6cm91dGU1Mzo6OmNoYW5nZS8qYF0sXG4gICAgICAgICAgYWN0aW9uczogWydyb3V0ZTUzOkdldENoYW5nZSddXG4gICAgICAgIH0pXG4gICAgICBdXG4gICAgfSlcbiAgfVxufVxuIl19