ask-cli-x/dist/lib/clients/aws-client/iam-client.js

Alexa Skills Kit (ASK) Command Line Interfaces

"use strict";
const aws = require("aws-sdk");
const CONSTANTS = require("../../utils/constants");
const AbstractAwsClient = require("./abstract-aws-client");
/**
 * Class for AWS IAM Client
 */
module.exports = class IAMClient extends AbstractAwsClient {
    constructor(configuration) {
        super(configuration);
        this.client = new aws.IAM();
    }
    /**
     * Wrapper of iam sdk api
     * Retrieves information about the specified role
     * @param {string} roleArn The arn of the IAM role to get information about.
     * @param {callback} callback { error, response }
     */
    getIAMRole(roleArn, callback) {
        const params = {
            RoleName: this._extractIAMRoleName(roleArn),
        };
        this.client.getRole(params, (err, response) => {
            callback(err, !err ? response : null);
        });
    }
    /**
     * Wrapper of iam sdk api
     * Creates a new role for AWS account.
     * @param {string} skillName The name of the skill to generate a IAM role name.
     * @param {callback} callback { error, response }
     */
    createBasicLambdaRole(skillName, callback) {
        const roleName = this._generateIAMRoleName(skillName);
        const policy = CONSTANTS.AWS.IAM.ROLE.LAMBDA_BASIC_ROLE.POLICY;
        const params = {
            RoleName: roleName,
            AssumeRolePolicyDocument: JSON.stringify(policy),
        };
        this.client.createRole(params, (err, response) => {
            callback(err, !err ? response : null);
        });
    }
    /**
     * Wrapper of iam sdk api
     * Attaches the specified managed policy to the specified IAM role.
     * @param {string} roleArn The Amazon Resource Name (ARN) specifying the group.
     * @param {callback} callback { error, response }
     */
    attachBasicLambdaRolePolicy(roleArn, callback) {
        const params = {
            PolicyArn: CONSTANTS.AWS.IAM.ROLE.LAMBDA_BASIC_ROLE.POLICY_ARN,
            RoleName: this._extractIAMRoleName(roleArn),
        };
        this.client.attachRolePolicy(params, (err, response) => {
            callback(err, !err ? response : null);
        });
    }
    /**
     * Extracts IAM Role from an existing iam role arn.
     * @param {string} roleArn The Amazon Resource Name (ARN) specifying the group.
     */
    _extractIAMRoleName(roleArn) {
        return roleArn.split("role/").pop();
    }
    /**
     * Generates a valid IAM Role function name.
     * a IAM Role function name should follow the pattern: ask-lambda-skillName-timeStamp
     * a valid role name cannot be longer than 64 characters, so the skillName should be <=39 characters since
     * the roleNamePrefix is 11 characters including the trailing '-' and the timeStamp is 14 characters including the '-'.
     * @param {string} skillName
     */
    _generateIAMRoleName(skillName) {
        const roleNamePrefix = process.env.ASK_DEPLOY_ROLE_PREFIX || "ask-lambda";
        const validSkillName = skillName.replace(/_/g, "-").substr(0, 39 - 1);
        return `${roleNamePrefix}-${validSkillName}-${Date.now()}`;
    }
};