UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 2.92 kB
1
2
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.bindBaseTargetConfig=bindBaseTargetConfig,exports.singletonEventRole=singletonEventRole,exports.addLambdaPermission=addLambdaPermission,exports.addToDeadLetterQueueResourcePolicy=addToDeadLetterQueueResourcePolicy;var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp};function bindBaseTargetConfig(props){let{deadLetterQueue,retryAttempts,maxEventAge}=props;return{deadLetterConfig:deadLetterQueue?{arn:deadLetterQueue?.queueArn}:void 0,retryPolicy:retryAttempts!==void 0&&retryAttempts>=0||maxEventAge?{maximumRetryAttempts:retryAttempts,maximumEventAgeInSeconds:maxEventAge?.toSeconds({integral:!0})}:void 0}}function singletonEventRole(scope){const id="EventsRole",existing=scope.node.tryFindChild(id);return existing||new(iam()).Role(scope,id,{roleName:core_1().PhysicalName.GENERATE_IF_NEEDED,assumedBy:new(iam()).ServicePrincipal("events.amazonaws.com")})}function addLambdaPermission(rule,handler){let scope,node=handler.permissionsNode,permissionId=`AllowEventRule${core_1().Names.nodeUniqueId(rule.node)}`;rule instanceof constructs_1().Construct&&(scope=rule,node=rule.node,permissionId=`AllowEventRule${core_1().Names.nodeUniqueId(handler.node)}`),node.tryFindChild(permissionId)||handler.addPermission(permissionId,{scope,action:"lambda:InvokeFunction",principal:new(iam()).ServicePrincipal("events.amazonaws.com"),sourceArn:rule.ruleArn})}function addToDeadLetterQueueResourcePolicy(rule,queue){if(!sameEnvDimension(rule.env.region,queue.env.region))throw new(core_1()).ValidationError(`Cannot assign Dead Letter Queue in region ${queue.env.region} to the rule ${core_1().Names.nodeUniqueId(rule.node)} in region ${rule.env.region}. Both the queue and the rule must be in the same region.`,rule);if(sameEnvDimension(rule.env.account,queue.env.account)){const policyStatementId=`AllowEventRule${core_1().Names.nodeUniqueId(rule.node)}`;queue.addToResourcePolicy(new(iam()).PolicyStatement({sid:policyStatementId,principals:[new(iam()).ServicePrincipal("events.amazonaws.com")],effect:iam().Effect.ALLOW,actions:["sqs:SendMessage"],resources:[queue.queueArn],conditions:{ArnEquals:{"aws:SourceArn":rule.ruleArn}}}))}else core_1().Annotations.of(rule).addWarningV2("@aws-cdk/aws-events-targets:manuallyAddDLQResourcePolicy",`Cannot add a resource policy to your dead letter queue associated with rule ${rule.ruleName} because the queue is in a different account. You must add the resource policy manually to the dead letter queue in account ${queue.env.account}.`)}function sameEnvDimension(dim1,dim2){return[core_1().TokenComparison.SAME,core_1().TokenComparison.ONE_UNRESOLVED,core_1().TokenComparison.BOTH_UNRESOLVED].includes(core_1().Token.compareStrings(dim1,dim2))}