private addStepFunctionNotifyFailure()

in source/lib/compliant-framework-stack.ts [770:816]

• 45 lines of code
• 1 McCabe index (conditional complexity)

  private addStepFunctionNotifyFailure(
    alertTopic: sns.Topic,
    alertSubscriptionCmk: kms.Key
  ): tasks.LambdaInvoke {
    const functionName = 'CompliantFramework-NotifyFailureFunction'

    const lambdaFunction = new lambda.Function(this, 'notifyFailureFunction', {
      functionName,
      code: new lambda.AssetCode('lambda/notify_failure'),
      handler: 'index.lambda_handler',
      timeout: cdk.Duration.seconds(300),
      runtime: lambda.Runtime.PYTHON_3_8,
      environment: {
        ['SNS_TOPIC_ARN']: alertTopic.topicArn
      },
      initialPolicy: [
        new iam.PolicyStatement({
          effect: iam.Effect.ALLOW,
          actions: [
            'logs:CreateLogGroup',
            'logs:CreateLogStream',
            'logs:PutLogEvents'
          ],
          resources: [this.formatArn({
            service: 'logs',
            resource: 'log-group',
            sep: ':',
            resourceName: functionName
          })]
        }),
        new iam.PolicyStatement({
          effect: iam.Effect.ALLOW,
          actions: [
            'sns:Publish'
          ],
          resources: [alertTopic.topicArn]
        })
      ]
    })
    this.suppressWarnings(lambdaFunction)
    alertSubscriptionCmk.grantEncryptDecrypt(lambdaFunction)

    return new tasks.LambdaInvoke(this, 'Notify Failure', {
      lambdaFunction,
      payload: sfn.TaskInput.fromDataAt('$.Cause')
    })
  }