in lib/audit-manager-blog-stack.ts [36:100]
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
const auditControlsBucket = new Bucket(this, 'bucket', {
encryption: BucketEncryption.S3_MANAGED,
versioned: true,
removalPolicy: RemovalPolicy.DESTROY,
autoDeleteObjects: true,
});
const snskey: IKey = new Key(this, 'auditblogkey', {
enableKeyRotation: true,
description: 'auditblogkey',
});
const notificationTopic = new Topic(this, 'topic', {
topicName: 'AuditManagerBlogNotification',
masterKey: snskey,
});
const auditManagerPolicyStatement = new PolicyStatement({
actions: auditManagerActions,
effect: Effect.ALLOW,
resources: ['*'],
});
const listenerFunction = new Function(this, 'lambda', {
handler: 'index.handler',
code: Code.fromAsset(
path.resolve(__dirname, `../dist/lambda/dist`)
),
timeout: Duration.seconds(30),
runtime: Runtime.NODEJS_14_X,
reservedConcurrentExecutions: 1,
initialPolicy: [auditManagerPolicyStatement],
environment: {
SNS_TOPIC_ARN: notificationTopic.topicArn,
},
});
snskey.grantEncryptDecrypt(listenerFunction);
auditControlsBucket.grantRead(listenerFunction);
notificationTopic.grantPublish(listenerFunction);
listenerFunction.role?.addManagedPolicy(
ManagedPolicy.fromAwsManagedPolicyName(
'service-role/AWSLambdaBasicExecutionRole'
)
);
auditControlsBucket.addEventNotification(
EventType.OBJECT_CREATED_PUT,
new LambdaDestination(listenerFunction)
);
new CfnOutput(this, 'bucketOutput', {
description:
'Bucket name for Audit Manager Custom Controls and Frameworks',
value: auditControlsBucket.bucketName,
});
new CfnOutput(this, 'notificationTopicArnOutput', {
description: 'SNS topic ARN for notification',
value: notificationTopic.topicArn,
});
}