in infra/stack/iot/thing-installer-stack.ts [217:254]
private createCustomResourceProvider(lambdaBaseName: string): cr.Provider {
const lambdaName: string = `${this.projectPrefix}-${lambdaBaseName}`;
const lambdaRole = new iam.Role(this, `${lambdaBaseName}Role`, {
roleName: `${lambdaName}Role`,
assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
managedPolicies: [
{ managedPolicyArn: 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole' }
]
});
lambdaRole.addToPolicy(new iam.PolicyStatement({
actions: [
"iot:*"],
effect: iam.Effect.ALLOW,
resources: ['*']
}));
lambdaRole.addToPolicy(new iam.PolicyStatement({
actions: [
"iam:*"],
effect: iam.Effect.ALLOW,
resources: ['*']
}));
const func = new lambda.Function(this, lambdaBaseName, {
functionName: `${lambdaName}Function`,
code: lambda.Code.fromAsset('./codes/lambda/custom_iot_role_alias/src'),
handler: 'handler.handle',
timeout: cdk.Duration.seconds(60),
runtime: lambda.Runtime.PYTHON_3_6,
role: lambdaRole,
});
return new cr.Provider(this, 'IoTRoleAlias', {
onEventHandler: func
});
}