in source/cdk-infrastructure/lib/common-resources/solution-helper/solution-helper-construct.ts [33:117]
constructor(scope: Construct, id: string, props: SolutionHelperProps) {
super(scope, id);
this.sourceCodeBucket = Bucket.fromBucketName(this, 'sourceCodeBucket', props.sourceCodeBucketName);
this.sourceCodeKeyPrefix = props.sourceCodeKeyPrefix;
this.sendAnonymousData = props.sendAnonymousData;
const generateSolutionConstantsRole = new Role(this, 'GenerateSolutionConstantsFunctionRole', {
assumedBy: new ServicePrincipal('lambda.amazonaws.com'),
path: '/',
inlinePolicies: {
'CloudWatchLogsPolicy': new PolicyDocument({
statements: [new PolicyStatement({
effect: Effect.ALLOW,
actions: ['logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents'],
resources: [Stack.of(this).formatArn({ service: 'logs', resource: 'log-group', resourceName: '/aws/lambda/*', arnFormat: ArnFormat.COLON_RESOURCE_NAME })]
})]
}),
'IoTPolicy': new PolicyDocument({
statements: [new PolicyStatement({
actions: ['iot:DescribeEndpoint'],
effect: Effect.ALLOW,
resources: ['*']
})]
})
}
});
const generateSolutionConstantsLambda = new LambdaFunction(this, 'GenerateSolutionConstantsFunction', {
runtime: Runtime.NODEJS_14_X,
handler: 'solution-helper/index.handler',
timeout: Duration.seconds(60),
description: `${props.solutionDisplayName} (${props.solutionVersion}): Generate Solution Constants`,
code: Code.fromBucket(this.sourceCodeBucket, [props.sourceCodeKeyPrefix, 'solution-helper.zip'].join('/')),
role: generateSolutionConstantsRole,
environment: {
LOGGING_LEVEL: props.loggingLevel
}
});
addCfnSuppressRules(generateSolutionConstantsRole, [{ id: 'W11', reason: '* is required for the iot:DescribeEndpoint permission' }]);
const generateSolutionConstantsProps: ICustomResourceRequestProps = {
Action: CustomResourceActions.GENERATE_SOLUTION_CONSTANTS
};
const generateSolutionConstantsCustomResource = new CustomResource(this, 'GenerateSolutionConstants', {
serviceToken: generateSolutionConstantsLambda.functionArn,
properties: generateSolutionConstantsProps
});
this.anonymousDataUUID = generateSolutionConstantsCustomResource.getAttString('AnonymousDataUUID');
this.iotEndpointAddress = generateSolutionConstantsCustomResource.getAttString('IotEndpointAddress');
const solutionHelperLambdaRole = new Role(this, 'SolutionHelperFunctionRole', {
assumedBy: new ServicePrincipal('lambda.amazonaws.com'),
path: '/',
inlinePolicies: {
'CloudWatchLogsPolicy': new PolicyDocument({
statements: [new PolicyStatement({
effect: Effect.ALLOW,
actions: ['logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents'],
resources: [Stack.of(this).formatArn({ service: 'logs', resource: 'log-group', resourceName: '/aws/lambda/*', arnFormat: ArnFormat.COLON_RESOURCE_NAME })]
})]
})
}
});
this.solutionHelperLambda = new LambdaFunction(this, 'SolutionHelperFunction', {
runtime: Runtime.NODEJS_14_X,
handler: 'solution-helper/index.handler',
timeout: Duration.seconds(60),
description: `${props.solutionDisplayName} (${props.solutionVersion}): Solution Helper`,
code: Code.fromBucket(this.sourceCodeBucket, [props.sourceCodeKeyPrefix, 'solution-helper.zip'].join('/')),
role: solutionHelperLambdaRole,
environment: {
RETRY_SECONDS: '5',
SEND_ANONYMOUS_DATA: this.sendAnonymousData,
SOLUTION_ID: props.solutionId,
SOLUTION_VERSION: props.solutionVersion,
ANONYMOUS_DATA_UUID: this.anonymousDataUUID,
LOGGING_LEVEL: props.loggingLevel
}
});
}