in source/packages/libraries/core/deployment-helper/src/customResources/iotDeviceDefender.customResource.ts [31:122]
public async create(customResourceEvent: CustomResourceEvent): Promise<unknown> {
logger.debug(
`IotDeviceDefenderSettingCustomResource: create: in: customResourceEvent: ${JSON.stringify(
customResourceEvent
)}`
);
const roleArn = customResourceEvent.ResourceProperties.RoleArn;
const targetArn = customResourceEvent.ResourceProperties.TargetArn;
const targetRoleArn = customResourceEvent.ResourceProperties.TargetRoleArn;
const targetEnabled = customResourceEvent.ResourceProperties.TargetEnabled;
const auditCheckEnabled = customResourceEvent.ResourceProperties.AuditCheckEnabled;
logger.debug(
`roleArn - ${roleArn}, targetArn - ${targetArn}, targetRoleArn -${targetRoleArn}, targetEnabled -${targetEnabled}, auditCheckEnabled -${auditCheckEnabled}`
);
ow(roleArn, ow.string.nonEmpty);
ow(targetArn, ow.string.nonEmpty);
ow(targetRoleArn, ow.string.nonEmpty);
const auditEnabled = auditCheckEnabled === 'true';
const auditCheckConfigurations: AuditCheckConfigurations = {
DEVICE_CERTIFICATE_EXPIRING_CHECK: {
enabled: auditEnabled,
},
};
const targetEnabledBoolean = targetEnabled === 'true';
const auditNotificationTargetConfigurations: Iot.AuditNotificationTargetConfigurations = {
SNS: {
targetArn,
roleArn: targetRoleArn,
enabled: targetEnabledBoolean,
},
};
const params: AWS.Iot.Types.UpdateAccountAuditConfigurationRequest = {
roleArn,
auditCheckConfigurations,
auditNotificationTargetConfigurations,
};
logger.debug(`auditNotification Params: ${JSON.stringify(params)}`);
const result: AWS.Iot.Types.UpdateAccountAuditConfigurationResponse = await this._iot
.updateAccountAuditConfiguration(params)
.promise();
logger.debug(`IotThingTypeCustomResource: create: exit: ${JSON.stringify(result)}`);
const describeScheduledAuditRequestParams: AWS.Iot.Types.DescribeScheduledAuditRequest = {
scheduledAuditName: 'CertificateRenewerAudit',
};
let resourceExists = false;
try {
const describeScheduledAuditResponse: AWS.Iot.Types.DescribeScheduledAuditResponse =
await this._iot
.describeScheduledAudit(describeScheduledAuditRequestParams)
.promise();
resourceExists = true;
logger.debug(
`describeScheduledAuditResponse: ${JSON.stringify(describeScheduledAuditResponse)}`
);
} catch (err) {
if (err.name === 'ResourceNotFoundException') {
resourceExists = false;
} else {
throw err;
}
}
if (resourceExists === true) {
const auditParams: AWS.Iot.Types.UpdateScheduledAuditRequest = {
frequency: 'MONTHLY',
dayOfMonth: 'LAST',
scheduledAuditName: 'CertificateRenewerAudit',
targetCheckNames: ['DEVICE_CERTIFICATE_EXPIRING_CHECK'],
};
logger.debug(`UpdateScheduledAuditRequest Params: ${JSON.stringify(auditParams)}`);
const auditResponse: AWS.Iot.Types.UpdateScheduledAuditResponse = await this._iot
.updateScheduledAudit(auditParams)
.promise();
logger.debug(`UpdateScheduledAuditResponse: ${JSON.stringify(auditResponse)}`);
} else {
const auditParams: AWS.Iot.Types.CreateScheduledAuditRequest = {
frequency: 'MONTHLY',
dayOfMonth: 'LAST',
scheduledAuditName: 'CertificateRenewerAudit',
targetCheckNames: ['DEVICE_CERTIFICATE_EXPIRING_CHECK'],
};
logger.debug(`CreateScheduled AuditRequest Params: ${JSON.stringify(auditParams)}`);
const auditResponse: AWS.Iot.Types.CreateScheduledAuditResponse = await this._iot
.createScheduledAudit(auditParams)
.promise();
logger.debug(`CreateScheduled AuditResponse: ${JSON.stringify(auditResponse)}`);
}
return result;
}