in infrastructure/cdk/lib/layer/websocketLayer.ts [57:110]
private getWebSocketConnectFunction() {
/**
* This function requires access to
* SystemsManager
* process.env.SESSION_PARAMETER = /<getAppRefName>/session
* DynamoDB Tables
* process.env.SESSION_CONTROL_TABLENAME = getAppRefName+'SessionControl'
*/
let sessionParameter = { name: '/'+this.properties.getApplicationName().toLocaleLowerCase()+'/session' };
let sessionControlTable : Table = <Table> this.properties.getParameter('table.sessioncontrol');
if (sessionParameter && sessionControlTable) {
let createdFunction: Lambda.Function =
new Lambda.Function(this, this.properties.getApplicationName() + 'WebSocketConnect', {
runtime:Lambda.Runtime.NODEJS_14_X,
handler: 'index.handler',
code: Lambda.Code.fromAsset(path.join(lambdasLocation, 'websocketConnect')),
environment: {
'SESSION_CONTROL_TABLENAME': sessionControlTable.tableName,
'SESSION_PARAMETER': sessionParameter.name
},
functionName: this.properties.getApplicationName() + 'WebSocketConnect',
description: 'This function stores the connectionID to DynamoDB',
memorySize: 128,
timeout: Duration.seconds(60),
role: new IAM.Role(this, this.properties.getApplicationName() + 'WebSocketConnectFn_Role', {
roleName: this.properties.getApplicationName() + 'WebSocketConnectFn_Role',
assumedBy: new IAM.ServicePrincipal('lambda.amazonaws.com'),
managedPolicies : [ ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaBasicExecutionRole') ],
inlinePolicies: {
'DynamoDBPermissions':
new IAM.PolicyDocument({
statements : [
new IAM.PolicyStatement({
resources: [ sessionControlTable.tableArn ],
actions : [ 'dynamodb:UpdateItem' ]
})
]
}),
'SystemsManagerPermissions':
new IAM.PolicyDocument({
statements: [
new IAM.PolicyStatement({
resources : ['arn:aws:ssm:'+this.properties.region+':'+this.properties.accountId+':parameter'+sessionParameter.name ] ,
actions : ['ssm:GetParameter' , 'ssm:GetParameters' ]
})
]
})
}
})
});
return createdFunction;
}
else return undefined;
}