UNPKG

bam-lambda

Version:

Serverless framework for AWS Lambda and API Gateway

github.com/bam-lambda/bam

bam-lambda/bam

123 lines (104 loc) 3.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
const { readConfig, readFile } = require('../util/fileUtils'); const bamSpinner = require('../util/spinner'); const { doesRoleExist, doesPolicyExist, isPolicyAttached, } = require('./doesResourceExist'); const { asyncCreatePolicy, asyncCreateRole, asyncAttachPolicy, } = require('./awsFunctions'); const { msgAfterAction, bamLog, bamError, } = require('../util/logger'); const AWSLambdaBasicExecutionRolePolicyARN = 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'; const AWSLambdaRolePolicyARN = 'arn:aws:iam::aws:policy/service-role/AWSLambdaRole'; const rolePolicy = { Version: '2012-10-17', Statement: [ { Effect: 'Allow', Principal: { Service: 'lambda.amazonaws.com', }, Action: 'sts:AssumeRole', }, ], }; const getAttachParams = (roleName, policyArn) => ( { RoleName: roleName, PolicyArn: policyArn, } ); const getRoleParams = roleName => ( { RoleName: roleName, AssumeRolePolicyDocument: JSON.stringify(rolePolicy), } ); const createRole = async (roleName) => { const roleParams = getRoleParams(roleName); const doesRoleNameExist = await doesRoleExist(roleName); if (!doesRoleNameExist) { await asyncCreateRole(roleParams); bamSpinner.stop(); bamLog(msgAfterAction('role', roleName, 'created')); } }; const createDatabaseBamRolePolicy = async (databasePolicyName, databasePolicyArn) => { const doesDatabasePolicyExist = await doesPolicyExist(databasePolicyArn); if (!doesDatabasePolicyExist) { const policyDocumentJSON = await readFile(`${__dirname}/../../templates/databaseBamRolePolicy.json`, 'utf8'); const policyDocument = JSON.stringify(JSON.parse(policyDocumentJSON)); const policyParams = { PolicyName: databasePolicyName, PolicyDocument: policyDocument, }; await asyncCreatePolicy(policyParams); } }; const attachPolicy = async (roleName, policyArn) => { const isAwsPolicyAttached = await isPolicyAttached(roleName, policyArn); if (!isAwsPolicyAttached) { const attachedParams = getAttachParams(roleName, policyArn); await asyncAttachPolicy(attachedParams); } }; const createBamRole = async (roleName) => { bamSpinner.start(); try { await createRole(roleName); await attachPolicy(roleName, AWSLambdaBasicExecutionRolePolicyARN); await attachPolicy(roleName, AWSLambdaRolePolicyARN); bamSpinner.stop(); } catch (err) { bamSpinner.stop(); bamError(err); } }; const createDatabaseBamRole = async (databaseBamRole, path) => { bamSpinner.start(); const config = await readConfig(path); const { accountNumber } = config; const databasePolicyName = `${databaseBamRole}Policy`; const databasePolicyArn = `arn:aws:iam::${accountNumber}:policy/${databasePolicyName}`; try { await createRole(databaseBamRole); await createDatabaseBamRolePolicy(databasePolicyName, databasePolicyArn); await attachPolicy(databaseBamRole, databasePolicyArn); await attachPolicy(databaseBamRole, AWSLambdaRolePolicyARN); bamSpinner.stop(); } catch (err) { bamSpinner.stop(); bamError(err); } }; module.exports = { createBamRole, createDatabaseBamRole, };