in infrastructure/cdk/lib/layer/processingLayer.ts [206:316]
private getScoreboardFunction() {
let dlq = new SQS.Queue(this, this.properties.getApplicationName() + 'DLQ', {
queueName: this.properties.getApplicationName() + 'DLQ'
})
/**
* This function requires access to
* Queue
* process.env.DLQ_URL = "https://sqs.<region>.amazonaws.com/<account>/<envName>_DLQ"
* SystemsManager
* process.env.SESSION_PARAMETER = /<getAppRefName>/session
* DynamoDB Tables
* process.env.SESSION_TABLENAME = getAppRefName+'Session'
* process.env.SESSION_CONTROL_TABLENAME = getAppRefName+'SessionControl'
* process.env.SESSIONTOPX_TABLENAME = getAppRefName+'SessionTopX'
*/
let sessionParameter : any;
let parameterName : string;
if (SESSION_PARAMETER) {
sessionParameter = this.properties.getParameter('parameter.session');
parameterName = sessionParameter.ref;
} else {
sessionParameter = { parameterName : '/'+this.properties.getApplicationName().toLocaleLowerCase()+'/session'};
parameterName = sessionParameter.parameterName;
}
let sessionControlTable: Table | undefined = <Table> this.properties.getParameter('table.sessionControl');
let sessionTopX: Table | undefined = <Table> this.properties.getParameter('table.sessionTopX');
let sessionTable: Table | undefined = <Table> this.properties.getParameter('table.session');
if (sessionParameter && sessionControlTable && sessionTopX && sessionTable) {
let createdFunction: Lambda.Function =
new Lambda.Function(this, this.properties.getApplicationName() + 'ScoreboardFn', {
runtime:Lambda.Runtime.NODEJS_14_X,
handler: 'index.handler',
code: Lambda.Code.fromAsset(path.join(lambdasLocation,'scoreboard')),
environment: {
'DLQ_URL': dlq.queueUrl,
'SESSION_PARAMETER': parameterName,
'SESSION_TABLENAME': sessionTable.tableName,
'SESSION_CONTROL_TABLENAME': sessionControlTable.tableName,
'SESSION_TOPX_TABLENAME': sessionTopX.tableName,
'TopXValue': '10'
}
, functionName: this.properties.getApplicationName() + 'ScoreboardFn'
, description: 'This function computes the scoreboard'
, memorySize: 128
, timeout: Duration.seconds(60)
, role: new IAM.Role(this, this.properties.getApplicationName() + 'ScoreboardFn_Role', {
roleName: this.properties.getApplicationName() + 'ScoreboardFn_Role'
, assumedBy: new IAM.ServicePrincipal('lambda.amazonaws.com')
, managedPolicies : [ ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaBasicExecutionRole') ]
, inlinePolicies: {
'DynamoDBPermissions':
new IAM.PolicyDocument({
statements : [
new IAM.PolicyStatement({
resources : [ 'arn:aws:dynamodb:' + this.properties.region + ':' + this.properties.accountId + ':table/' + this.properties.getApplicationName() + '*' ],
actions: [
'dynamodb:GetItem'
,'dynamodb:UpdateItem'
,'dynamodb:Scan'
,'dynamodb:Query'
,'dynamodb:Batch*'
,'dynamodb:PutItem'
,'dynamodb:DeleteItem'
]
})
]
}),
'SystemsManagerPermissions':
new IAM.PolicyDocument({
statements : [
new IAM.PolicyStatement({
resources : [ 'arn:aws:ssm:' + this.properties.region + ':' + this.properties.accountId + ':parameter/' + this.properties.getApplicationName().toLowerCase() + '*' ]
,actions : [
'ssm:Get*'
,'ssm:List*'
]
})
]
}),
'SQSPermissions':
new IAM.PolicyDocument({
statements : [
new IAM.PolicyStatement({
resources : [ dlq.queueArn ]
,actions :[ 'sqs:SendMessage' ]
})
]
}),
'KinesisPermissions':
new IAM.PolicyDocument({
statements : [
new IAM.PolicyStatement({
resources : ["*"]
, actions : [
"kinesis:SubscribeToShard",
"kinesis:GetShardIterator",
"kinesis:GetRecords",
"kinesis:DescribeStream"
]
})
]
})
}
})
});
return createdFunction;
}
else return undefined;
}