in source/packages/libraries/core/deployment-helper/src/customResources/iotDeviceDefender.customResource.ts [31:105]
public async create(customResourceEvent: CustomResourceEvent) : Promise<unknown> {
logger.debug(`IotDeviceDefenderSettingCustomResource: create: in: customResourceEvent: ${JSON.stringify(customResourceEvent)}`);
const roleArn = customResourceEvent.ResourceProperties.RoleArn;
const targetArn = customResourceEvent.ResourceProperties.TargetArn;
const targetRoleArn = customResourceEvent.ResourceProperties.TargetRoleArn;
const targetEnabled = customResourceEvent.ResourceProperties.TargetEnabled;
const auditCheckEnabled = customResourceEvent.ResourceProperties.AuditCheckEnabled;
logger.debug(`roleArn - ${roleArn}, targetArn - ${targetArn}, targetRoleArn -${targetRoleArn}, targetEnabled -${targetEnabled}, auditCheckEnabled -${auditCheckEnabled}`);
ow(roleArn, ow.string.nonEmpty);
ow(targetArn, ow.string.nonEmpty);
ow(targetRoleArn, ow.string.nonEmpty);
const auditEnabled = auditCheckEnabled === 'true';
const auditCheckConfigurations: AuditCheckConfigurations = {
"DEVICE_CERTIFICATE_EXPIRING_CHECK": {
enabled: auditEnabled
}
}
const targetEnabledBoolean = targetEnabled === 'true';
const auditNotificationTargetConfigurations:Iot.AuditNotificationTargetConfigurations = {
SNS: {
targetArn,
roleArn: targetRoleArn,
enabled: targetEnabledBoolean
}
};
const params:AWS.Iot.Types.UpdateAccountAuditConfigurationRequest = {
roleArn,
auditCheckConfigurations,
auditNotificationTargetConfigurations
};
logger.debug(`auditNotification Params: ${JSON.stringify(params)}`);
const result:AWS.Iot.Types.UpdateAccountAuditConfigurationResponse = await this._iot.updateAccountAuditConfiguration(params).promise();
logger.debug(`IotThingTypeCustomResource: create: exit: ${JSON.stringify(result)}`);
const describeScheduledAuditRequestParams:AWS.Iot.Types.DescribeScheduledAuditRequest = {
scheduledAuditName: 'CertificateRenewerAudit'
};
let resourceExists = false;
try {
const describeScheduledAuditResponse:AWS.Iot.Types.DescribeScheduledAuditResponse = await this._iot.describeScheduledAudit(describeScheduledAuditRequestParams).promise();
resourceExists = true;
logger.debug(`describeScheduledAuditResponse: ${JSON.stringify(describeScheduledAuditResponse)}`);
} catch (err) {
if (err.name==='ResourceNotFoundException') {
resourceExists=false;
} else {
throw err;
}
}
if(resourceExists === true) {
const auditParams:AWS.Iot.Types.UpdateScheduledAuditRequest = {
frequency:'MONTHLY',
dayOfMonth:'LAST',
scheduledAuditName: 'CertificateRenewerAudit',
targetCheckNames: ['DEVICE_CERTIFICATE_EXPIRING_CHECK']
};
logger.debug(`UpdateScheduledAuditRequest Params: ${JSON.stringify(auditParams)}`);
const auditResponse:AWS.Iot.Types.UpdateScheduledAuditResponse = await this._iot.updateScheduledAudit(auditParams).promise();
logger.debug(`UpdateScheduledAuditResponse: ${JSON.stringify(auditResponse)}`);
} else {
const auditParams:AWS.Iot.Types.CreateScheduledAuditRequest = {
frequency:'MONTHLY',
dayOfMonth:'LAST',
scheduledAuditName: 'CertificateRenewerAudit',
targetCheckNames: ['DEVICE_CERTIFICATE_EXPIRING_CHECK']
};
logger.debug(`CreateScheduled AuditRequest Params: ${JSON.stringify(auditParams)}`);
const auditResponse:AWS.Iot.Types.CreateScheduledAuditResponse = await this._iot.createScheduledAudit(auditParams).promise();
logger.debug(`CreateScheduled AuditResponse: ${JSON.stringify(auditResponse)}`);
}
return result;
}