@taimos/cdk-controltower
Version:
[](https://badge.fury.io/js/@taimos%2Fcdk-controltower)
60 lines • 10.8 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.AccountPermission = void 0;
const aws_cdk_lib_1 = require("aws-cdk-lib");
const constructs_1 = require("constructs");
class AccountPermission extends constructs_1.Construct {
constructor(scope, id, props) {
super(scope, id);
const firstAssignment = props.defaultAssignments[0];
let definition = new AddAssociationTask(this, `Assign${firstAssignment.groupId}${firstAssignment.permissionSetName}`, {
ssoInstanceArn: props.ssoInstanceArn,
groupId: firstAssignment.groupId,
permissionSetArn: firstAssignment.permissionSet.attrPermissionSetArn,
});
for (let index = 1; index < props.defaultAssignments.length; index++) {
const assign = props.defaultAssignments[index];
definition = definition.next(new AddAssociationTask(this, `Assign${assign.groupId}${assign.permissionSetName}`, {
ssoInstanceArn: props.ssoInstanceArn,
groupId: assign.groupId,
permissionSetArn: assign.permissionSet.attrPermissionSetArn,
}));
}
this.stateMachine = new aws_cdk_lib_1.aws_stepfunctions.StateMachine(this, 'Resource', { definition });
new aws_cdk_lib_1.aws_events.Rule(this, 'AccountCreationRule', {
eventPattern: {
source: ['aws.controltower'],
detailType: ['AWS Service Event via CloudTrail'],
detail: {
eventName: ['CreateManagedAccount'],
},
},
targets: [
new aws_cdk_lib_1.aws_events_targets.SfnStateMachine(this.stateMachine),
],
});
}
}
exports.AccountPermission = AccountPermission;
class AddAssociationTask extends aws_cdk_lib_1.aws_stepfunctions_tasks.CallAwsService {
constructor(scope, id, props) {
var _a, _b;
super(scope, id, {
service: 'ssoadmin',
action: 'createAccountAssignment',
iamResources: ['*'],
iamAction: 'sso:CreateAccountAssignment',
parameters: {
'InstanceArn': props.ssoInstanceArn,
'PermissionSetArn': props.permissionSetArn,
'TargetType': 'AWS_ACCOUNT',
'TargetId.$': (_a = props.accountIdSource) !== null && _a !== void 0 ? _a : '$.detail.serviceEventDetails.createManagedAccountStatus.account.accountId',
'PrincipalType': 'GROUP',
'PrincipalId': props.groupId,
},
resultPath: (_b = props.resultPath) !== null && _b !== void 0 ? _b : `$.${id}`,
});
this.addRetry();
}
}
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjb3VudC1wZXJtaXNzaW9uLXNmbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9hY2NvdW50LXBlcm1pc3Npb24tc2ZuLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDZDQU1xQjtBQUNyQiwyQ0FBdUM7QUErQnZDLE1BQWEsaUJBQWtCLFNBQVEsc0JBQVM7SUFJOUMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUE2QjtRQUNyRSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWpCLE1BQU0sZUFBZSxHQUFHLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUVwRCxJQUFJLFVBQVUsR0FBbUMsSUFBSSxrQkFBa0IsQ0FBQyxJQUFJLEVBQUUsU0FBUyxlQUFlLENBQUMsT0FBTyxHQUFHLGVBQWUsQ0FBQyxpQkFBaUIsRUFBRSxFQUFFO1lBQ3BKLGNBQWMsRUFBRSxLQUFLLENBQUMsY0FBYztZQUNwQyxPQUFPLEVBQUUsZUFBZSxDQUFDLE9BQU87WUFDaEMsZ0JBQWdCLEVBQUUsZUFBZSxDQUFDLGFBQWEsQ0FBQyxvQkFBb0I7U0FDckUsQ0FBQyxDQUFDO1FBRUgsS0FBSyxJQUFJLEtBQUssR0FBRyxDQUFDLEVBQUUsS0FBSyxHQUFHLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxNQUFNLEVBQUUsS0FBSyxFQUFFLEVBQUUsQ0FBQztZQUNyRSxNQUFNLE1BQU0sR0FBRyxLQUFLLENBQUMsa0JBQWtCLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDL0MsVUFBVSxHQUFHLFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSxrQkFBa0IsQ0FBQyxJQUFJLEVBQUUsU0FBUyxNQUFNLENBQUMsT0FBTyxHQUFHLE1BQU0sQ0FBQyxpQkFBaUIsRUFBRSxFQUFFO2dCQUM5RyxjQUFjLEVBQUUsS0FBSyxDQUFDLGNBQWM7Z0JBQ3BDLE9BQU8sRUFBRSxNQUFNLENBQUMsT0FBTztnQkFDdkIsZ0JBQWdCLEVBQUUsTUFBTSxDQUFDLGFBQWEsQ0FBQyxvQkFBb0I7YUFDNUQsQ0FBQyxDQUFDLENBQUM7UUFDTixDQUFDO1FBQ0QsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLCtCQUFHLENBQUMsWUFBWSxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUUsRUFBRSxVQUFVLEVBQUUsQ0FBQyxDQUFDO1FBRTNFLElBQUksd0JBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLHFCQUFxQixFQUFFO1lBQy9DLFlBQVksRUFBRTtnQkFDWixNQUFNLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQztnQkFDNUIsVUFBVSxFQUFFLENBQUMsa0NBQWtDLENBQUM7Z0JBQ2hELE1BQU0sRUFBRTtvQkFDTixTQUFTLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQztpQkFDcEM7YUFDRjtZQUNELE9BQU8sRUFBRTtnQkFDUCxJQUFJLGdDQUFPLENBQUMsZUFBZSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUM7YUFDL0M7U0FDRixDQUFDLENBQUM7SUFDTCxDQUFDO0NBRUY7QUF2Q0QsOENBdUNDO0FBVUQsTUFBTSxrQkFBbUIsU0FBUSxxQ0FBSyxDQUFDLGNBQWM7SUFDbkQsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUE4Qjs7UUFDdEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUU7WUFDZixPQUFPLEVBQUUsVUFBVTtZQUNuQixNQUFNLEVBQUUseUJBQXlCO1lBQ2pDLFlBQVksRUFBRSxDQUFDLEdBQUcsQ0FBQztZQUNuQixTQUFTLEVBQUUsNkJBQTZCO1lBQ3hDLFVBQVUsRUFBRTtnQkFDVixhQUFhLEVBQUUsS0FBSyxDQUFDLGNBQWM7Z0JBQ25DLGtCQUFrQixFQUFFLEtBQUssQ0FBQyxnQkFBZ0I7Z0JBQzFDLFlBQVksRUFBRSxhQUFhO2dCQUMzQixZQUFZLEVBQUUsTUFBQSxLQUFLLENBQUMsZUFBZSxtQ0FBSSwyRUFBMkU7Z0JBQ2xILGVBQWUsRUFBRSxPQUFPO2dCQUN4QixhQUFhLEVBQUUsS0FBSyxDQUFDLE9BQU87YUFDN0I7WUFDRCxVQUFVLEVBQUUsTUFBQSxLQUFLLENBQUMsVUFBVSxtQ0FBSSxLQUFLLEVBQUUsRUFBRTtTQUMxQyxDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7SUFDbEIsQ0FBQztDQUNGIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHtcbiAgYXdzX2V2ZW50cyxcbiAgYXdzX2V2ZW50c190YXJnZXRzIGFzIHRhcmdldHMsXG4gIGF3c19zc28gYXMgc3NvLFxuICBhd3Nfc3RlcGZ1bmN0aW9ucyBhcyBzZm4sXG4gIGF3c19zdGVwZnVuY3Rpb25zX3Rhc2tzIGFzIHRhc2tzLFxufSBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcblxuLypcblRoaXMgaXMgYSBjb2RlIHdyaXR0ZW4gaW4gQVdTIENsb3VkIERldmVsb3BtZW50IEtpdCAoQ0RLKSB1c2luZyBUeXBlU2NyaXB0LlxuVGhlIGNvZGUgY3JlYXRlcyBhbiBBV1MgU3RlcCBGdW5jdGlvbnMgc3RhdGUgbWFjaGluZSwgd2hpY2ggY29uc2lzdHMgb2YgYVxuc2VyaWVzIG9mIHN0ZXBzIGZvciBhc3NvY2lhdGluZyBBV1MgU2luZ2xlIFNpZ24tT24gKFNTTykgcGVybWlzc2lvbiBzZXRzXG53aXRoIEFXUyBhY2NvdW50cy4gVGhlIHN0YXRlIG1hY2hpbmUgaXMgdHJpZ2dlcmVkIGJ5IHRoZSBjcmVhdGlvbiBvZiBhIG5ld1xubWFuYWdlZCBhY2NvdW50IGluIEFXUyBDb250cm9sIFRvd2VyLlxuXG5JdCBleHBvcnRzIHRoZSBBY2NvdW50UGVybWlzc2lvbiBjbGFzcyB0aGF0IGNyZWF0ZXMgdGhlIFN0ZXAgRnVuY3Rpb25zIHN0YXRlXG5tYWNoaW5lLCBhbmQgdGhlIEFkZEFzc29jaWF0aW9uVGFzayBjbGFzcyB0aGF0IGRlZmluZXMgZWFjaCBzdGVwIGluIHRoZSBzdGF0ZVxubWFjaGluZS4gVGhlIEFkZEFzc29jaWF0aW9uVGFzayBjbGFzcyBleHRlbmRzIHRoZSB0YXNrcy5DYWxsQXdzU2VydmljZSBjbGFzcyxcbndoaWNoIGNhbGxzIHRoZSBBV1MgU1NPIEFkbWluIEFQSSdzIGNyZWF0ZUFjY291bnRBc3NpZ25tZW50IGFjdGlvbi5cblxuVGhlIEFjY291bnRQZXJtaXNzaW9uIGNsYXNzIHRha2VzIHRoZSBTU08gaW5zdGFuY2UgQVJOLCBhbmQgYW4gYXJyYXkgb2YgZGVmYXVsdFxuYXNzaWdubWVudHMgaW4gaXRzIHByb3BlcnRpZXMsIHdoaWNoIGluY2x1ZGUgZ3JvdXAgSUQsIHBlcm1pc3Npb24gc2V0IG5hbWUsIGFuZFxudGhlIHBlcm1pc3Npb24gc2V0LiBJdCB0aGVuIGNyZWF0ZXMgYW4gaW5zdGFuY2Ugb2YgdGhlIEFkZEFzc29jaWF0aW9uVGFzayBjbGFzc1xuZm9yIGVhY2ggZGVmYXVsdCBhc3NpZ25tZW50IGFuZCBjaGFpbnMgdGhlbSB0b2dldGhlciB0byBmb3JtIHRoZSBzdGF0ZSBtYWNoaW5lLlxuRmluYWxseSwgaXQgY3JlYXRlcyBhbiBBV1MgRXZlbnQgcnVsZSB0aGF0IHRyaWdnZXJzIHRoZSBzdGF0ZSBtYWNoaW5lIHdoZW5ldmVyXG5hIG5ldyBtYW5hZ2VkIGFjY291bnQgaXMgY3JlYXRlZCBpbiBBV1MgQ29udHJvbCBUb3dlci5cbiovXG5cbmV4cG9ydCBpbnRlcmZhY2UgQWNjb3VudFBlcm1pc3Npb25Qcm9wcyB7XG4gIHJlYWRvbmx5IHNzb0luc3RhbmNlQXJuOiBzdHJpbmc7XG4gIHJlYWRvbmx5IGRlZmF1bHRBc3NpZ25tZW50czoge1xuICAgIHJlYWRvbmx5IGdyb3VwSWQ6IHN0cmluZztcbiAgICByZWFkb25seSBwZXJtaXNzaW9uU2V0TmFtZTogc3RyaW5nO1xuICAgIHJlYWRvbmx5IHBlcm1pc3Npb25TZXQ6IHNzby5DZm5QZXJtaXNzaW9uU2V0O1xuICB9W107XG59XG5cbmV4cG9ydCBjbGFzcyBBY2NvdW50UGVybWlzc2lvbiBleHRlbmRzIENvbnN0cnVjdCB7XG5cbiAgcHVibGljIHJlYWRvbmx5IHN0YXRlTWFjaGluZTogc2ZuLlN0YXRlTWFjaGluZTtcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogQWNjb3VudFBlcm1pc3Npb25Qcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCBmaXJzdEFzc2lnbm1lbnQgPSBwcm9wcy5kZWZhdWx0QXNzaWdubWVudHNbMF07XG5cbiAgICBsZXQgZGVmaW5pdGlvbjogc2ZuLklDaGFpbmFibGUgJiBzZm4uSU5leHRhYmxlID0gbmV3IEFkZEFzc29jaWF0aW9uVGFzayh0aGlzLCBgQXNzaWduJHtmaXJzdEFzc2lnbm1lbnQuZ3JvdXBJZH0ke2ZpcnN0QXNzaWdubWVudC5wZXJtaXNzaW9uU2V0TmFtZX1gLCB7XG4gICAgICBzc29JbnN0YW5jZUFybjogcHJvcHMuc3NvSW5zdGFuY2VBcm4sXG4gICAgICBncm91cElkOiBmaXJzdEFzc2lnbm1lbnQuZ3JvdXBJZCxcbiAgICAgIHBlcm1pc3Npb25TZXRBcm46IGZpcnN0QXNzaWdubWVudC5wZXJtaXNzaW9uU2V0LmF0dHJQZXJtaXNzaW9uU2V0QXJuLFxuICAgIH0pO1xuXG4gICAgZm9yIChsZXQgaW5kZXggPSAxOyBpbmRleCA8IHByb3BzLmRlZmF1bHRBc3NpZ25tZW50cy5sZW5ndGg7IGluZGV4KyspIHtcbiAgICAgIGNvbnN0IGFzc2lnbiA9IHByb3BzLmRlZmF1bHRBc3NpZ25tZW50c1tpbmRleF07XG4gICAgICBkZWZpbml0aW9uID0gZGVmaW5pdGlvbi5uZXh0KG5ldyBBZGRBc3NvY2lhdGlvblRhc2sodGhpcywgYEFzc2lnbiR7YXNzaWduLmdyb3VwSWR9JHthc3NpZ24ucGVybWlzc2lvblNldE5hbWV9YCwge1xuICAgICAgICBzc29JbnN0YW5jZUFybjogcHJvcHMuc3NvSW5zdGFuY2VBcm4sXG4gICAgICAgIGdyb3VwSWQ6IGFzc2lnbi5ncm91cElkLFxuICAgICAgICBwZXJtaXNzaW9uU2V0QXJuOiBhc3NpZ24ucGVybWlzc2lvblNldC5hdHRyUGVybWlzc2lvblNldEFybixcbiAgICAgIH0pKTtcbiAgICB9XG4gICAgdGhpcy5zdGF0ZU1hY2hpbmUgPSBuZXcgc2ZuLlN0YXRlTWFjaGluZSh0aGlzLCAnUmVzb3VyY2UnLCB7IGRlZmluaXRpb24gfSk7XG5cbiAgICBuZXcgYXdzX2V2ZW50cy5SdWxlKHRoaXMsICdBY2NvdW50Q3JlYXRpb25SdWxlJywge1xuICAgICAgZXZlbnRQYXR0ZXJuOiB7XG4gICAgICAgIHNvdXJjZTogWydhd3MuY29udHJvbHRvd2VyJ10sXG4gICAgICAgIGRldGFpbFR5cGU6IFsnQVdTIFNlcnZpY2UgRXZlbnQgdmlhIENsb3VkVHJhaWwnXSxcbiAgICAgICAgZGV0YWlsOiB7XG4gICAgICAgICAgZXZlbnROYW1lOiBbJ0NyZWF0ZU1hbmFnZWRBY2NvdW50J10sXG4gICAgICAgIH0sXG4gICAgICB9LFxuICAgICAgdGFyZ2V0czogW1xuICAgICAgICBuZXcgdGFyZ2V0cy5TZm5TdGF0ZU1hY2hpbmUodGhpcy5zdGF0ZU1hY2hpbmUpLFxuICAgICAgXSxcbiAgICB9KTtcbiAgfVxuXG59XG5cbmludGVyZmFjZSBBZGRBc3NvY2lhdGlvblRhc2tQcm9wcyB7XG4gIHJlYWRvbmx5IHNzb0luc3RhbmNlQXJuOiBzdHJpbmc7XG4gIHJlYWRvbmx5IGdyb3VwSWQ6IHN0cmluZztcbiAgcmVhZG9ubHkgcGVybWlzc2lvblNldEFybjogc3RyaW5nO1xuICByZWFkb25seSBhY2NvdW50SWRTb3VyY2U/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IHJlc3VsdFBhdGg/OiBzdHJpbmc7XG59XG5cbmNsYXNzIEFkZEFzc29jaWF0aW9uVGFzayBleHRlbmRzIHRhc2tzLkNhbGxBd3NTZXJ2aWNlIHtcbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IEFkZEFzc29jaWF0aW9uVGFza1Byb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkLCB7XG4gICAgICBzZXJ2aWNlOiAnc3NvYWRtaW4nLFxuICAgICAgYWN0aW9uOiAnY3JlYXRlQWNjb3VudEFzc2lnbm1lbnQnLFxuICAgICAgaWFtUmVzb3VyY2VzOiBbJyonXSxcbiAgICAgIGlhbUFjdGlvbjogJ3NzbzpDcmVhdGVBY2NvdW50QXNzaWdubWVudCcsXG4gICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICdJbnN0YW5jZUFybic6IHByb3BzLnNzb0luc3RhbmNlQXJuLFxuICAgICAgICAnUGVybWlzc2lvblNldEFybic6IHByb3BzLnBlcm1pc3Npb25TZXRBcm4sXG4gICAgICAgICdUYXJnZXRUeXBlJzogJ0FXU19BQ0NPVU5UJyxcbiAgICAgICAgJ1RhcmdldElkLiQnOiBwcm9wcy5hY2NvdW50SWRTb3VyY2UgPz8gJyQuZGV0YWlsLnNlcnZpY2VFdmVudERldGFpbHMuY3JlYXRlTWFuYWdlZEFjY291bnRTdGF0dXMuYWNjb3VudC5hY2NvdW50SWQnLFxuICAgICAgICAnUHJpbmNpcGFsVHlwZSc6ICdHUk9VUCcsXG4gICAgICAgICdQcmluY2lwYWxJZCc6IHByb3BzLmdyb3VwSWQsXG4gICAgICB9LFxuICAgICAgcmVzdWx0UGF0aDogcHJvcHMucmVzdWx0UGF0aCA/PyBgJC4ke2lkfWAsXG4gICAgfSk7XG4gICAgdGhpcy5hZGRSZXRyeSgpO1xuICB9XG59XG4iXX0=