aws-cdk-lib/aws-stepfunctions-tasks/lib/lambda/call-aws-service-cross-region.js

Version 2 of the AWS Cloud Development Kit library

"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.CallAwsServiceCrossRegion=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var iam=()=>{var tmp=require("../../../aws-iam");return iam=()=>tmp,tmp},sfn=()=>{var tmp=require("../../../aws-stepfunctions");return sfn=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},cross_region_aws_sdk_provider_generated_1=()=>{var tmp=require("../../../custom-resource-handlers/dist/aws-stepfunctions-tasks/cross-region-aws-sdk-provider.generated");return cross_region_aws_sdk_provider_generated_1=()=>tmp,tmp},task_utils_1=()=>{var tmp=require("../private/task-utils");return task_utils_1=()=>tmp,tmp};class CallAwsServiceCrossRegion extends sfn().TaskStateBase{props;static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_stepfunctions_tasks.CallAwsServiceCrossRegion",version:"2.251.0"};static jsonPath(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_stepfunctions_tasks_CallAwsServiceCrossRegionJsonPathProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.jsonPath),error}return new CallAwsServiceCrossRegion(scope,id,props)}static jsonata(scope,id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_stepfunctions_tasks_CallAwsServiceCrossRegionJsonataProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.jsonata),error}return new CallAwsServiceCrossRegion(scope,id,{...props,queryLanguage:sfn().QueryLanguage.JSONATA})}taskMetrics;taskPolicies;lambdaFunction;integrationPattern;constructor(scope,id,props){super(scope,id,props),this.props=props;try{jsiiDeprecationWarnings().aws_cdk_lib_aws_stepfunctions_tasks_CallAwsServiceCrossRegionProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,CallAwsServiceCrossRegion),error}if(this.integrationPattern=props.integrationPattern??sfn().IntegrationPattern.REQUEST_RESPONSE,props.integrationPattern===sfn().IntegrationPattern.RUN_JOB)throw new(core_1()).ValidationError((0,literal_string_1().lit)`RunJobIntegrationPatternSupported`,"The RUN_JOB integration pattern is not supported for CallAwsServiceCrossRegion",this);if(!core_1().Token.isUnresolved(props.action)&&!props.action.startsWith(props.action[0]?.toLowerCase()))throw new(core_1()).ValidationError((0,literal_string_1().lit)`MustBeActionCamelCase`,`action must be camelCase, got: ${props.action}`,this);props.endpoint&&(0,task_utils_1().isJsonPathOrJsonataExpression)(props.endpoint)&&core_1().Annotations.of(this).addWarningV2("@aws-cdk/aws-stepfunctions-tasks:crossRegionEndpointSsrfRisk","The endpoint property is resolved from the Step Functions state input (e.g. JsonPath or JSONata). This means the endpoint is controlled at runtime by whoever starts the execution. They could redirect the authenticated AWS API call to their own server, intercepting and replaying it. Only use a runtime-resolved endpoint if you trust all principals that can start executions of this state machine.");const iamService={sfn:"states","cloudwatch-logs":"logs",mwaa:"airflow"}[props.service]??props.service;this.lambdaFunction=new(cross_region_aws_sdk_provider_generated_1()).CrossRegionAwsSdkSingletonFunction(this,"Handler",{uuid:"8a0c93f3-dbef-4b71-ac13-7aaf2048ce7e",lambdaPurpose:"CrossRegionAwsSdk",timeout:core_1().Duration.seconds(30)}),[new(iam()).PolicyStatement({resources:props.iamResources,actions:[props.iamAction??`${iamService}:${props.action}`]}),...props.additionalIamStatements??[]].forEach(policy=>this.lambdaFunction.addToRolePolicy(policy)),this.taskPolicies=[new(iam()).PolicyStatement({resources:this.lambdaFunction.resourceArnsForGrantInvoke,actions:["lambda:InvokeFunction"]})],(props.retryOnServiceExceptions??!0)&&this.addRetry({errors:["Lambda.ClientExecutionTimeoutException","Lambda.ServiceException","Lambda.AWSLambdaException","Lambda.SdkClientException"],interval:core_1().Duration.seconds(2),maxAttempts:6,backoffRate:2})}_renderTask(topLevelQueryLanguage){const queryLanguage=sfn()._getActualQueryLanguage(topLevelQueryLanguage,this.props.queryLanguage);return this.integrationPattern===sfn().IntegrationPattern.REQUEST_RESPONSE?{Resource:this.lambdaFunction.functionArn,...this._renderParametersOrArguments({region:this.props.region,endpoint:this.props.endpoint,action:this.props.action,service:this.props.service,parameters:this.props.parameters},queryLanguage)}:{Resource:(0,task_utils_1().integrationResourceArn)("lambda","invoke",this.props.integrationPattern),...this._renderParametersOrArguments({FunctionName:this.lambdaFunction.functionArn,Payload:{region:this.props.region,endpoint:this.props.endpoint,action:this.props.action,service:this.props.service,parameters:this.props.parameters}},queryLanguage)}}}exports.CallAwsServiceCrossRegion=CallAwsServiceCrossRegion;