constructor()

in source/aws-bootstrap-kit/lib/dns/cross-account-zone-delegation-record-provider.ts [43:77]

• 26 lines of code
• 2 McCabe index (conditional complexity)

    constructor(scope: Construct, id: string, roleArnToAssume?: string) {
        super(scope, id);

        const code = lambda.Code.fromAsset(path.join(__dirname, 'delegation-record-handler'));

        // Handle CREATE/UPDATE/DELETE cross account
        this.onEventHandler = new lambda.Function(this, 'OnEventHandler', {
            code,
            runtime: lambda.Runtime.NODEJS_14_X,
            handler: 'index.onEventHandler',
            timeout: Duration.minutes(5),
            description: 'Cross-account zone delegation record OnEventHandler'
        });

        // Allow to assume DNS account's updater role
        // roleArn, if not provided will be resolved in the lambda itself but still need to be allowed to assume it.
        this.onEventHandler.addToRolePolicy(
            new iam.PolicyStatement({
                actions: ['sts:AssumeRole'],
                resources: [ roleArnToAssume ? roleArnToAssume : '*'],
            })
        );

        //Allow to retrieve dynamically the zoneId and the target accountId
        this.onEventHandler.addToRolePolicy(
            new iam.PolicyStatement({
                actions: ['route53:listHostedZonesByName', 'organizations:ListAccounts'],
                resources: ['*'],
            })
        );

        this.provider = new cr.Provider(this, 'CrossAccountZoneDelegationRecordProvider', {
            onEventHandler: this.onEventHandler,
        });
    }