in cdk-iot-analytics/cdk_sap_blog/analytics/lambda_.py [0:0]
def get_product_range(scope):
lambda_name = f"CDK-SAP-Blog-GetProductRange"
lambda_role = iam.Role(
scope=scope,
id=f"{lambda_name}Role",
role_name=f"{lambda_name}Role",
assumed_by=iam.ServicePrincipal('lambda.amazonaws.com'),
)
lambda_role.add_to_policy(
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
resources=[f'arn:aws:logs:{scope.region}:{scope.account}:*'],
actions=['logs:CreateLogGroup',]
)
)
lambda_role.add_to_policy(
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
resources=[
f'arn:aws:logs:{scope.region}:{scope.account}:log-group:/aws/lambda/{lambda_name}:*',
],
actions=[
'logs:CreateLogStream',
'logs:PutLogEvents',
]
)
)
lambda_role.add_to_policy(
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
resources=[
f'arn:aws:dynamodb:{scope.region}:{scope.account}:table/{scope.table_name}'
],
actions=[
'dynamodb:GetItem'
]
)
)
L = lambda_.Function(
scope=scope,
id=lambda_name,
function_name=lambda_name,
runtime=lambda_.Runtime.PYTHON_3_8,
code=lambda_.Code.from_asset('cdk_sap_blog/analytics/lambda_assets/get_product_range'),
handler='get_product_range.handler',
role=lambda_role,
environment={
"TABLE_NAME": scope.table_name
}
)
L.add_permission(
id="invoke permissions",
principal=iam.ServicePrincipal('iotanalytics.amazonaws.com'),
action="lambda:InvokeFunction",
source_account=scope.account,
source_arn=f"arn:aws:iotanalytics:{scope.region}:{scope.account}:*"
)
return L