in packages/aws-cdk-lib/aws-ses/lib/configuration-set-event-destination.ts [284:380]
constructor(scope: Construct, id: string, props: ConfigurationSetEventDestinationProps) {
super(scope, id, {
physicalName: props.configurationSetEventDestinationName,
});
// Enhanced CDK Analytics Telemetry
addConstructMetadata(this, props);
if (
props.destination.bus &&
props.destination.bus.eventBusArn != Stack.of(scope).formatArn({
service: 'events',
resource: 'event-bus',
resourceName: 'default',
})
) {
throw new ValidationError(`Only the default bus can be used as an event destination. Got ${props.destination.bus.eventBusArn}`, this);
}
let firehoseDeliveryStreamIamRoleArn = '';
if (props.destination.stream?.role) {
firehoseDeliveryStreamIamRoleArn = props.destination.stream.role.roleArn;
} else if (props.destination.stream) {
// As per https://docs.aws.amazon.com/ses/latest/dg/event-publishing-add-event-destination-firehose.html
const firehoseDeliveryStreamIamRole = new iam.Role(this, 'FirehoseDeliveryStreamIamRole', {
assumedBy: new iam.ServicePrincipal('ses.amazonaws.com', {
conditions: {
StringEquals: {
'AWS:SourceAccount': this.env.account,
'AWS:SourceArn': Stack.of(scope).formatArn({
service: 'ses',
resource: 'configuration-set',
resourceName: props.configurationSet.configurationSetName,
}),
},
},
}),
inlinePolicies: {
['AllowFirehoseDeliveryStreamPublish']: new iam.PolicyDocument({
statements: [
new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: ['firehose:PutRecordBatch'],
resources: [props.destination.stream.deliveryStream.deliveryStreamArn],
}),
],
}),
},
});
firehoseDeliveryStreamIamRoleArn = firehoseDeliveryStreamIamRole.roleArn;
}
const configurationSet = new CfnConfigurationSetEventDestination(this, 'Resource', {
configurationSetName: props.configurationSet.configurationSetName,
eventDestination: {
name: this.physicalName,
enabled: props.enabled ?? true,
matchingEventTypes: props.events ?? Object.values(EmailSendingEvent),
snsDestination: props.destination.topic ? { topicArn: props.destination.topic.topicArn } : undefined,
cloudWatchDestination: props.destination.dimensions
? {
dimensionConfigurations: props.destination.dimensions.map(dimension => ({
dimensionValueSource: dimension.source,
dimensionName: dimension.name,
defaultDimensionValue: dimension.defaultValue,
})),
}
: undefined,
eventBridgeDestination: props.destination.bus ? { eventBusArn: props.destination.bus.eventBusArn } : undefined,
kinesisFirehoseDestination: props.destination.stream
? {
deliveryStreamArn: props.destination.stream.deliveryStream.deliveryStreamArn,
iamRoleArn: firehoseDeliveryStreamIamRoleArn,
}
: undefined,
},
});
this.configurationSetEventDestinationId = configurationSet.attrId;
if (props.destination.topic) {
const result = props.destination.topic.addToResourcePolicy(new iam.PolicyStatement({
actions: ['sns:Publish'],
resources: [props.destination.topic.topicArn],
principals: [new iam.ServicePrincipal('ses.amazonaws.com')],
conditions: {
StringEquals: {
'AWS:SourceAccount': this.env.account,
'AWS:SourceArn': `arn:${Aws.PARTITION}:ses:${this.env.region}:${this.env.account}:configuration-set/${props.configurationSet.configurationSetName}`,
},
},
}));
if (result.policyDependable) {
this.node.addDependency(result.policyDependable);
}
}
}