constructor()

in lib/ct_notifications-stack.ts [13:56]

• 37 lines of code
• 1 McCabe index (conditional complexity)

  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const notificationRuleFilter = new CfnParameter(this,"notificationRuleFilter",{
      description: "Name of Gaurdrail configRuleName(s) you want notification for. Separate multiple rules with comma. Use ALL_RULES for notifciation of all Guardrails"
    })

    const notificationWebHook = new CfnParameter(this,"notificationWebhook",{
      description: "Webhook URL"
    })

    const notificationLambda = new lambda.Function(this, 'notificatinLambda', {
      functionName: "aws-CT-CustomChimeNotification",
      runtime: lambda.Runtime.PYTHON_3_8,
      handler: 'aws-ct-chime.handler',
      code: lambda.Code.fromAsset(path.join(__dirname, 'aws-ct-chime.zip')),
      timeout: cdk.Duration.seconds(10),
      role: iam.Role.fromRoleArn(this, "roleARn", cdk.Arn.format({
        service: 'iam',
        resource: 'role',
        region: '',
        resourceName: 'aws-CT-CustomChimeNotificationRole'
      }, cdk.Stack.of(this))),
      environment: {
        RULE_NAME_FILTER: notificationRuleFilter.valueAsString,
        WEBHOOK: notificationWebHook.valueAsString
      }
    })

    const controlTowerSnsTopic = cdk.Arn.format({
      service: 'sns',
      resource: 'aws-controltower-AggregateSecurityNotifications'
    }, cdk.Stack.of(this))

    notificationLambda.addPermission("notificationLambdaPermission", {
      principal: new iam.ServicePrincipal('sns.amazonaws.com'),
      action: 'lambda:InvokeFunction',
      sourceArn: controlTowerSnsTopic
    })

    const notificationSNS = sns.Topic.fromTopicArn(this,'ctSNSTopic',controlTowerSnsTopic)
    notificationSNS.addSubscription(new snsSubs.LambdaSubscription(notificationLambda))
  
  }