in source/patterns/@aws-solutions-constructs/aws-lambda-s3/lib/index.ts [110:175]
constructor(scope: Construct, id: string, props: LambdaToS3Props) {
super(scope, id);
defaults.CheckProps(props);
let bucket: s3.IBucket;
if (props.deployVpc || props.existingVpc) {
this.vpc = defaults.buildVpc(scope, {
defaultVpcProps: defaults.DefaultIsolatedVpcProps(),
existingVpc: props.existingVpc,
userVpcProps: props.vpcProps,
constructVpcProps: {
enableDnsHostnames: true,
enableDnsSupport: true,
},
});
defaults.AddAwsServiceEndpoint(scope, this.vpc, defaults.ServiceEndpointTypes.S3);
}
// Setup the Lambda function
this.lambdaFunction = defaults.buildLambdaFunction(this, {
existingLambdaObj: props.existingLambdaObj,
lambdaFunctionProps: props.lambdaFunctionProps,
vpc: this.vpc,
});
// Setup S3 Bucket
if (!props.existingBucketObj) {
[this.s3Bucket, this.s3LoggingBucket] = defaults.buildS3Bucket(this, {
bucketProps: props.bucketProps,
loggingBucketProps: props.loggingBucketProps,
logS3AccessLogs: props.logS3AccessLogs
});
bucket = this.s3Bucket;
} else {
bucket = props.existingBucketObj;
}
this.s3BucketInterface = bucket;
// Configure environment variables
const bucketEnvironmentVariableName = props.bucketEnvironmentVariableName || 'S3_BUCKET_NAME';
this.lambdaFunction.addEnvironment(bucketEnvironmentVariableName, bucket.bucketName);
// Add the requested or default bucket permissions
if (props.bucketPermissions) {
if (props.bucketPermissions.includes('Delete')) {
bucket.grantDelete(this.lambdaFunction.grantPrincipal);
}
if (props.bucketPermissions.includes('Put')) {
bucket.grantPut(this.lambdaFunction.grantPrincipal);
}
if (props.bucketPermissions.includes('Read')) {
bucket.grantRead(this.lambdaFunction.grantPrincipal);
}
if (props.bucketPermissions.includes('ReadWrite')) {
bucket.grantReadWrite(this.lambdaFunction.grantPrincipal);
}
if (props.bucketPermissions.includes('Write')) {
bucket.grantWrite(this.lambdaFunction.grantPrincipal);
}
} else {
bucket.grantReadWrite(this.lambdaFunction.grantPrincipal);
}
}