constructor()

in source/constructs/lib/common-resources/custom-resources/custom-resource-construct.ts [51:114]


  constructor(scope: Construct, id: string, props: CustomResourcesConstructProps) {
    super(scope, id);

    this.sourceCodeBucket = Bucket.fromBucketName(this, 'ImageHandlerLambdaSource', props.sourceCodeBucketName);
    this.sourceCodeKeyPrefix = props.sourceCodeKeyPrefix;
    this.solutionVersion = props.solutionVersion;
    this.conditions = props.conditions;

    this.customResourceRole = new Role(this, 'CustomResourceRole', {
      assumedBy: new ServicePrincipal('lambda.amazonaws.com'),
      path: '/',
      inlinePolicies: {
        CloudWatchLogsPolicy: new PolicyDocument({
          statements: [
            new PolicyStatement({
              effect: Effect.ALLOW,
              actions: ['logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents'],
              resources: [Stack.of(this).formatArn({ service: 'logs', resource: 'log-group', resourceName: '/aws/lambda/*', arnFormat: ArnFormat.COLON_RESOURCE_NAME })]
            }),
            new PolicyStatement({
              actions: ['s3:putBucketAcl', 's3:putEncryptionConfiguration', 's3:putBucketPolicy', 's3:CreateBucket', 's3:GetObject', 's3:PutObject', 's3:ListBucket'],
              resources: [Stack.of(this).formatArn({ partition: Aws.PARTITION, service: 's3', region: '', account: '', resource: '*', arnFormat: ArnFormat.COLON_RESOURCE_NAME })]
            })
          ]
        }),
        EC2Policy: new PolicyDocument({
          statements: [
            new PolicyStatement({
              effect: Effect.ALLOW,
              actions: ['ec2:DescribeRegions'],
              resources: ['*']
            })
          ]
        })
      }
    });

    addCfnSuppressRules(this.customResourceRole, [
      {
        id: 'W11',
        reason: "Allow '*' because it is required for making DescribeRegions API call as it doesn't support resource-level permissions and require to choose all resources."
      }
    ]);

    props.secretsManagerPolicy.attachToRole(this.customResourceRole);

    this.customResourceLambda = new LambdaFunction(this, 'CustomResourceFunction', {
      description: `${props.solutionDisplayName} (${props.solutionVersion}): Custom resource`,
      runtime: Runtime.NODEJS_14_X,
      handler: 'custom-resource/index.handler',
      timeout: Duration.minutes(1),
      memorySize: 128,
      code: Code.fromBucket(this.sourceCodeBucket, [props.sourceCodeKeyPrefix, 'custom-resource.zip'].join('/')),
      role: this.customResourceRole,
      environment: {
        SOLUTION_ID: props.solutionId,
        RETRY_SECONDS: '5',
        SOLUTION_VERSION: props.solutionVersion
      }
    });

    const customResourceUuid = this.createCustomResource('CustomResourceUuid', this.customResourceLambda, { Region: Aws.REGION, CustomAction: 'createUuid' });
    this.uuid = customResourceUuid.getAttString('UUID');
  }