aws-cdk-cloudfront-key-pair/lib/key-pair.js

AWS CDK L3 construct for managing CloudFront trusted key group key pairs

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.KeyPair = void 0;
const aws_cdk_lib_1 = require("aws-cdk-lib");
const iam = require("aws-cdk-lib/aws-iam");
const lambda = require("aws-cdk-lib/aws-lambda");
const aws_lambda_nodejs_1 = require("aws-cdk-lib/aws-lambda-nodejs");
const constructs_1 = require("constructs");
const path = require("path");
class KeyPair extends constructs_1.Construct {
    constructor(scope, id, props) {
        super(scope, id);
        const lambdaFunction = this.createKeyPairFunction();
        const keyPair = new aws_cdk_lib_1.CustomResource(this, 'KeyPair', {
            serviceToken: lambdaFunction.functionArn,
            resourceType: 'Custom::KeyPair',
            properties: {
                Name: props.name,
                Description: props.description,
                SecretRegions: props.secretRegions,
            },
        });
        this.publicKey = keyPair.getAttString('PublicKey');
        this.publicKeyArn = keyPair.getAttString('PublicKeyArn');
        this.privateKeyArn = keyPair.getAttString('PrivateKeyArn');
    }
    createKeyPairFunction() {
        const projectRoot = path.join(__dirname, '../src/create-key-pair');
        const createKeyPairFunction = new aws_lambda_nodejs_1.NodejsFunction(this, 'CreateKeyPairFunction', {
            description: 'Custom CFN resource: Create Key Pair',
            timeout: aws_cdk_lib_1.Duration.seconds(10),
            runtime: lambda.Runtime.NODEJS_16_X,
            entry: path.join(projectRoot, 'index.ts'),
            depsLockFilePath: path.join(projectRoot, 'package-lock.json'),
            projectRoot,
            bundling: {
                externalModules: ['aws-sdk'],
            },
        });
        createKeyPairFunction.addToRolePolicy(new iam.PolicyStatement({
            actions: [
                'secretsmanager:CreateSecret',
                'secretsmanager:DeleteSecret',
                'secretsmanager:ListSecrets',
                'secretsmanager:ReplicateSecretToRegions',
            ],
            resources: ['*'],
        }));
        return createKeyPairFunction;
    }
}
exports.KeyPair = KeyPair;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LXBhaXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJrZXktcGFpci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBdUQ7QUFDdkQsMkNBQTJDO0FBQzNDLGlEQUFpRDtBQUNqRCxxRUFBK0Q7QUFDL0QsMkNBQXVDO0FBQ3ZDLDZCQUE2QjtBQUc3QixNQUFhLE9BQVEsU0FBUSxzQkFBUztJQVVwQyxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQW1CO1FBQzNELEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsTUFBTSxjQUFjLEdBQUcsSUFBSSxDQUFDLHFCQUFxQixFQUFFLENBQUM7UUFFcEQsTUFBTSxPQUFPLEdBQUcsSUFBSSw0QkFBYyxDQUFDLElBQUksRUFBRSxTQUFTLEVBQUU7WUFDbEQsWUFBWSxFQUFFLGNBQWMsQ0FBQyxXQUFXO1lBQ3hDLFlBQVksRUFBRSxpQkFBaUI7WUFDL0IsVUFBVSxFQUFFO2dCQUNWLElBQUksRUFBRSxLQUFLLENBQUMsSUFBSTtnQkFDaEIsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO2dCQUM5QixhQUFhLEVBQUUsS0FBSyxDQUFDLGFBQWE7YUFDbkM7U0FDRixDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsU0FBUyxHQUFHLE9BQU8sQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDbkQsSUFBSSxDQUFDLFlBQVksR0FBRyxPQUFPLENBQUMsWUFBWSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBQ3pELElBQUksQ0FBQyxhQUFhLEdBQUcsT0FBTyxDQUFDLFlBQVksQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUM3RCxDQUFDO0lBRU8scUJBQXFCO1FBQzNCLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLHdCQUF3QixDQUFDLENBQUM7UUFFbkUsTUFBTSxxQkFBcUIsR0FBRyxJQUFJLGtDQUFjLENBQzlDLElBQUksRUFDSix1QkFBdUIsRUFDdkI7WUFDRSxXQUFXLEVBQUUsc0NBQXNDO1lBQ25ELE9BQU8sRUFBRSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDN0IsT0FBTyxFQUFFLE1BQU0sQ0FBQyxPQUFPLENBQUMsV0FBVztZQUNuQyxLQUFLLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsVUFBVSxDQUFDO1lBQ3pDLGdCQUFnQixFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLG1CQUFtQixDQUFDO1lBQzdELFdBQVc7WUFDWCxRQUFRLEVBQUU7Z0JBQ1IsZUFBZSxFQUFFLENBQUMsU0FBUyxDQUFDO2FBQzdCO1NBQ0YsQ0FDRixDQUFDO1FBQ0YscUJBQXFCLENBQUMsZUFBZSxDQUNuQyxJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQUM7WUFDdEIsT0FBTyxFQUFFO2dCQUNQLDZCQUE2QjtnQkFDN0IsNkJBQTZCO2dCQUM3Qiw0QkFBNEI7Z0JBQzVCLHlDQUF5QzthQUMxQztZQUNELFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQztTQUNqQixDQUFDLENBQ0gsQ0FBQztRQUVGLE9BQU8scUJBQXFCLENBQUM7SUFDL0IsQ0FBQztDQUNGO0FBOURELDBCQThEQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEN1c3RvbVJlc291cmNlLCBEdXJhdGlvbiB9IGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCAqIGFzIGlhbSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcbmltcG9ydCAqIGFzIGxhbWJkYSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtbGFtYmRhJztcbmltcG9ydCB7IE5vZGVqc0Z1bmN0aW9uIH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWxhbWJkYS1ub2RlanMnO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5pbXBvcnQgKiBhcyBwYXRoIGZyb20gJ3BhdGgnO1xuaW1wb3J0IHsgS2V5UGFpclByb3BzIH0gZnJvbSAnLi9rZXktcGFpci1wcm9wcyc7XG5cbmV4cG9ydCBjbGFzcyBLZXlQYWlyIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgLyoqIEByZWFkb25seSBDb250ZW50IG9mIHRoZSBnZW5lcmF0ZWQgcHVibGljIGtleSAqL1xuICByZWFkb25seSBwdWJsaWNLZXk6IHN0cmluZztcblxuICAvKiogQHJlYWRvbmx5IEFSTiBvZiB0aGUgcHVibGljIGtleSBzZWNyZXQgKi9cbiAgcmVhZG9ubHkgcHVibGljS2V5QXJuOiBzdHJpbmc7XG5cbiAgLyoqIEByZWFkb25seSBBUk4gb2YgdGhlIHByaXZhdGUga2V5IHNlY3JldCAqL1xuICByZWFkb25seSBwcml2YXRlS2V5QXJuOiBzdHJpbmc7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IEtleVBhaXJQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCBsYW1iZGFGdW5jdGlvbiA9IHRoaXMuY3JlYXRlS2V5UGFpckZ1bmN0aW9uKCk7XG5cbiAgICBjb25zdCBrZXlQYWlyID0gbmV3IEN1c3RvbVJlc291cmNlKHRoaXMsICdLZXlQYWlyJywge1xuICAgICAgc2VydmljZVRva2VuOiBsYW1iZGFGdW5jdGlvbi5mdW5jdGlvbkFybixcbiAgICAgIHJlc291cmNlVHlwZTogJ0N1c3RvbTo6S2V5UGFpcicsXG4gICAgICBwcm9wZXJ0aWVzOiB7XG4gICAgICAgIE5hbWU6IHByb3BzLm5hbWUsXG4gICAgICAgIERlc2NyaXB0aW9uOiBwcm9wcy5kZXNjcmlwdGlvbixcbiAgICAgICAgU2VjcmV0UmVnaW9uczogcHJvcHMuc2VjcmV0UmVnaW9ucyxcbiAgICAgIH0sXG4gICAgfSk7XG5cbiAgICB0aGlzLnB1YmxpY0tleSA9IGtleVBhaXIuZ2V0QXR0U3RyaW5nKCdQdWJsaWNLZXknKTtcbiAgICB0aGlzLnB1YmxpY0tleUFybiA9IGtleVBhaXIuZ2V0QXR0U3RyaW5nKCdQdWJsaWNLZXlBcm4nKTtcbiAgICB0aGlzLnByaXZhdGVLZXlBcm4gPSBrZXlQYWlyLmdldEF0dFN0cmluZygnUHJpdmF0ZUtleUFybicpO1xuICB9XG5cbiAgcHJpdmF0ZSBjcmVhdGVLZXlQYWlyRnVuY3Rpb24oKTogbGFtYmRhLklGdW5jdGlvbiB7XG4gICAgY29uc3QgcHJvamVjdFJvb3QgPSBwYXRoLmpvaW4oX19kaXJuYW1lLCAnLi4vc3JjL2NyZWF0ZS1rZXktcGFpcicpO1xuXG4gICAgY29uc3QgY3JlYXRlS2V5UGFpckZ1bmN0aW9uID0gbmV3IE5vZGVqc0Z1bmN0aW9uKFxuICAgICAgdGhpcyxcbiAgICAgICdDcmVhdGVLZXlQYWlyRnVuY3Rpb24nLFxuICAgICAge1xuICAgICAgICBkZXNjcmlwdGlvbjogJ0N1c3RvbSBDRk4gcmVzb3VyY2U6IENyZWF0ZSBLZXkgUGFpcicsXG4gICAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLnNlY29uZHMoMTApLFxuICAgICAgICBydW50aW1lOiBsYW1iZGEuUnVudGltZS5OT0RFSlNfMTZfWCxcbiAgICAgICAgZW50cnk6IHBhdGguam9pbihwcm9qZWN0Um9vdCwgJ2luZGV4LnRzJyksXG4gICAgICAgIGRlcHNMb2NrRmlsZVBhdGg6IHBhdGguam9pbihwcm9qZWN0Um9vdCwgJ3BhY2thZ2UtbG9jay5qc29uJyksXG4gICAgICAgIHByb2plY3RSb290LFxuICAgICAgICBidW5kbGluZzoge1xuICAgICAgICAgIGV4dGVybmFsTW9kdWxlczogWydhd3Mtc2RrJ10sXG4gICAgICAgIH0sXG4gICAgICB9LFxuICAgICk7XG4gICAgY3JlYXRlS2V5UGFpckZ1bmN0aW9uLmFkZFRvUm9sZVBvbGljeShcbiAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgYWN0aW9uczogW1xuICAgICAgICAgICdzZWNyZXRzbWFuYWdlcjpDcmVhdGVTZWNyZXQnLFxuICAgICAgICAgICdzZWNyZXRzbWFuYWdlcjpEZWxldGVTZWNyZXQnLFxuICAgICAgICAgICdzZWNyZXRzbWFuYWdlcjpMaXN0U2VjcmV0cycsXG4gICAgICAgICAgJ3NlY3JldHNtYW5hZ2VyOlJlcGxpY2F0ZVNlY3JldFRvUmVnaW9ucycsXG4gICAgICAgIF0sXG4gICAgICAgIHJlc291cmNlczogWycqJ10sXG4gICAgICB9KSxcbiAgICApO1xuXG4gICAgcmV0dXJuIGNyZWF0ZUtleVBhaXJGdW5jdGlvbjtcbiAgfVxufVxuIl19