UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 4.28 kB
1
2
"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__setModuleDefault=exports&&exports.__setModuleDefault||(Object.create?(function(o,v){Object.defineProperty(o,"default",{enumerable:!0,value:v})}):function(o,v){o.default=v}),__importStar=exports&&exports.__importStar||(function(){var ownKeys=function(o){return ownKeys=Object.getOwnPropertyNames||function(o2){var ar=[];for(var k in o2)Object.prototype.hasOwnProperty.call(o2,k)&&(ar[ar.length]=k);return ar},ownKeys(o)};return function(mod){if(mod&&mod.__esModule)return mod;var result={};if(mod!=null)for(var k=ownKeys(mod),i=0;i<k.length;i++)k[i]!=="default"&&__createBinding(result,mod,k[i]);return __setModuleDefault(result,mod),result}})();Object.defineProperty(exports,"__esModule",{value:!0}),exports.bindBaseTargetConfig=bindBaseTargetConfig,exports.singletonEventRole=singletonEventRole,exports.addLambdaPermission=addLambdaPermission,exports.addToDeadLetterQueueResourcePolicy=addToDeadLetterQueueResourcePolicy;var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},events=()=>{var tmp=__importStar(require("../../aws-events"));return events=()=>tmp,tmp},iam=()=>{var tmp=__importStar(require("../../aws-iam"));return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};function bindBaseTargetConfig(props){let{deadLetterQueue,retryAttempts,maxEventAge}=props;return{deadLetterConfig:deadLetterQueue?{arn:deadLetterQueue?.queueArn}:void 0,retryPolicy:retryAttempts!==void 0&&retryAttempts>=0||maxEventAge?{maximumRetryAttempts:retryAttempts,maximumEventAgeInSeconds:maxEventAge?.toSeconds({integral:!0})}:void 0}}function singletonEventRole(scope){const id="EventsRole",existing=scope.node.tryFindChild(id);return existing||new(iam()).Role(scope,id,{roleName:core_1().PhysicalName.GENERATE_IF_NEEDED,assumedBy:new(iam()).ServicePrincipal("events.amazonaws.com")})}function addLambdaPermission(rule,handler){let scope,node=handler.permissionsNode,permissionId=`AllowEventRule${core_1().Names.nodeUniqueId(rule.node)}`;rule instanceof constructs_1().Construct&&(scope=rule,node=rule.node,permissionId=`AllowEventRule${core_1().Names.nodeUniqueId(handler.node)}`),node.tryFindChild(permissionId)||handler.addPermission(permissionId,{scope,action:"lambda:InvokeFunction",principal:new(iam()).ServicePrincipal("events.amazonaws.com"),sourceArn:events().CfnRule.arnForRule(rule)})}function addToDeadLetterQueueResourcePolicy(rule,queue){if(!sameEnvDimension(rule.env.region,queue.env.region))throw new(core_1()).ValidationError((0,literal_string_1().lit)`CannotAssignDeadLetterQueueInDifferentRegion`,`Cannot assign Dead Letter Queue in region ${queue.env.region} to the rule ${core_1().Names.nodeUniqueId(rule.node)} in region ${rule.env.region}. Both the queue and the rule must be in the same region.`,rule);if(sameEnvDimension(rule.env.account,queue.env.account)){const policyStatementId=`AllowEventRule${core_1().Names.nodeUniqueId(rule.node)}`;queue.addToResourcePolicy(new(iam()).PolicyStatement({sid:policyStatementId,principals:[new(iam()).ServicePrincipal("events.amazonaws.com")],effect:iam().Effect.ALLOW,actions:["sqs:SendMessage"],resources:[queue.queueArn],conditions:{ArnEquals:{"aws:SourceArn":events().CfnRule.arnForRule(rule)}}}))}else core_1().Annotations.of(rule).addWarningV2("@aws-cdk/aws-events-targets:manuallyAddDLQResourcePolicy",`Cannot add a resource policy to your dead letter queue associated with rule ${rule.ruleRef.ruleArn} because the queue is in a different account. You must add the resource policy manually to the dead letter queue in account ${queue.env.account}.`)}function sameEnvDimension(dim1,dim2){return[core_1().TokenComparison.SAME,core_1().TokenComparison.ONE_UNRESOLVED,core_1().TokenComparison.BOTH_UNRESOLVED].includes(core_1().Token.compareStrings(dim1,dim2))}