constructor()

in deployment/custom-deployment/lib/smart-product-device-defender.ts [27:93]

• 59 lines of code
• 1 McCabe index (conditional complexity)

	constructor(parent: cdk.Construct, name: string, props: SmartProductDeviceDefenderProps) {
		super(parent, name);

		//=============================================================================================
		// Resources
		//=============================================================================================
		const deviceDefenderSNS = new sns.Topic(this, 'SNS', {
			displayName: "SmartProductDeviceDefenderSNS",
			topicName: "SmartProductDeviceDefenderSNS"
		})

		const auditNotifyRole = new iam.Role(this, 'AuditNotifyRole', {
			assumedBy: new iam.ServicePrincipal('iot.amazonaws.com')
		})

		const auditNotifyPolicy = new iam.Policy(this, 'AuditNotifyPolicy', {
			statements: [new iam.PolicyStatement({
				actions: [
					'iot:GetLoggingOptions',
					'iot:GetV2LoggingOptions',
					'iot:ListCACertificates',
					'iot:ListCertificates',
					'iot:DescribeCACertificate',
					'iot:DescribeCertificate',
					'iot:ListPolicies',
					'iot:GetPolicy',
					'iot:GetEffectivePolicies',
					'cognito-identity:GetIdentityPoolRoles',
					'iam:ListRolePolicies',
					'iam:ListAttachedRolePolicies',
					'iam:GetPolicy',
					'iam:GetPolicyVersion',
					'iam:GetRolePolicy'
				],
				resources: [`*`]
			}),
			new iam.PolicyStatement({
				actions: ['sns:Publish'],
				resources: [deviceDefenderSNS.topicArn]
			})]
		})
		const auditNotifyPolicyResource = auditNotifyPolicy.node.findChild('Resource') as iam.CfnPolicy;
		auditNotifyPolicyResource.cfnOptions.metadata = {
			cfn_nag: {
				rules_to_suppress: [{
					id: 'W12',
					reason: `The * resource allows ${auditNotifyRole.roleName} to audit IoT devices.`
				}]
			}
		}
		auditNotifyPolicy.attachToRole(auditNotifyRole);

		const _updateDefender = new cfn.CustomResource(this, 'UpdateIoTDeviceDefender', {
			provider: props.helperFunction,
			resourceType: 'Custom::UpdateIoTDeviceDefender',
			properties: {
				Region: `${cdk.Aws.REGION}`,
				CustomAction: 'updateIoTDeviceDefender',
				SnsRoleArn: auditNotifyRole.roleArn,
				SnsTargetArn: deviceDefenderSNS.topicArn,
				AuditRoleArn: auditNotifyRole.roleArn
			}
		})
		_updateDefender.node.addDependency(auditNotifyPolicy.node.findChild('Resource') as cdk.Resource)
		_updateDefender.node.addDependency(props.helperFunctionPolicy.node.findChild('Resource') as cdk.Resource)

	}