private createIoTRoleAlias()

in infra/stack/iot/thing-installer-stack.ts [161:194]

• 30 lines of code
• 1 McCabe index (conditional complexity)

    private createIoTRoleAlias(roleName: string, account: string) {

        const tokenRole = new iam.Role(this, roleName, {
            roleName: `${this.projectPrefix}-${roleName}`,
            assumedBy: new iam.ServicePrincipal('credentials.iot.amazonaws.com'),
        });
        tokenRole.addToPolicy(this.createGreengrassV2TokenExchangeRoleAccessPolicy());
        
        tokenRole.addToPolicy(new iam.PolicyStatement({
            effect: iam.Effect.ALLOW,
            actions: [
                "s3:GetObject",
                "s3:PutObject",
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "logs:DescribeLogStreams"
            ],
            resources: ["*"]
        }));

        const tokenRoleAliasName = `${this.projectPrefix}-${roleName}Alias`;
        const provider = this.createCustomResourceProvider(`${roleName}ProivderLambda`);
        new cdk.CustomResource(this, `IoTRoleAliasCustomResource`, {
            serviceToken: provider.serviceToken,
            properties: {
                TokenRoleARN: tokenRole.roleArn,
                IoTRoleAliasName: tokenRoleAliasName
            }
        });

        this.exportOutput('IoTTokenRole', tokenRole.roleName);
        this.exportOutput('IoTTokenRoleAlias', tokenRoleAliasName);
    }