def build_scheduled_event_ad_sync

def build_scheduled_event_ad_sync_infra()

in source/idea/infrastructure/install/stacks/ad_sync_stack.py [0:0]
117 lines of code
2 McCabe index (conditional complexity)

    def build_scheduled_event_ad_sync_infra(self) -> None:
        lambda_name = f"{self.cluster_name}-scheduled-ad-sync"
        scheduled_ad_sync_lambda_role = iam.Role(
            self.nested_stack,
            id="scheduled-ad-sync-role",
            role_name=f"{lambda_name}-role",
            assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"),
            description=f"{lambda_name}-role",
        )

        scheduled_ad_sync_lambda_role.attach_inline_policy(
            iam.Policy(
                self.nested_stack,
                id="scheduled-ad-sync-policy",
                policy_name=f"{lambda_name}-policy",
                statements=[
                    iam.PolicyStatement(
                        actions=["logs:CreateLogGroup"],
                        sid="CloudWatchLogsPermissions",
                        resources=["*"],
                    ),
                    iam.PolicyStatement(
                        actions=[
                            "logs:CreateLogStream",
                            "logs:PutLogEvents",
                            "logs:DeleteLogStream",
                        ],
                        sid="CloudWatchLogStreamPermissions",
                        resources=["*"],
                    ),
                    iam.PolicyStatement(
                        actions=[
                            "dynamodb:GetItem",
                            "dynamodb:Scan",
                        ],
                        sid="ClusterSettingsTablePermissions",
                        resources=[
                            f"arn:{cdk.Aws.PARTITION}:dynamodb:{cdk.Aws.REGION}:{cdk.Aws.ACCOUNT_ID}:table/{self.cluster_name}.cluster-settings",
                        ],
                    ),
                    iam.PolicyStatement(
                        actions=[
                            "dynamodb:GetItem",
                            "dynamodb:PutItem",
                            "dynamodb:DeleteItem",
                        ],
                        sid="ADSyncLockTablePermissions",
                        resources=[
                            f"arn:{cdk.Aws.PARTITION}:dynamodb:{cdk.Aws.REGION}:{cdk.Aws.ACCOUNT_ID}:table/{self.cluster_name}.ad-sync.distributed-lock",
                        ],
                    ),
                    iam.PolicyStatement(
                        actions=[
                            "dynamodb:Query",
                            "dynamodb:Scan",
                            "dynamodb:UpdateItem",
                            "dynamodb:PutItem",
                        ],
                        sid="ADSyncStatusTablePermissions",
                        resources=[
                            f"arn:{cdk.Aws.PARTITION}:dynamodb:{cdk.Aws.REGION}:{cdk.Aws.ACCOUNT_ID}:table/{self.cluster_name}.ad-sync.status",
                        ],
                    ),
                    iam.PolicyStatement(
                        actions=[
                            "ecs:RunTask",
                            "ecs:StopTask",
                            "ecs:ListTasks",
                        ],
                        resources=["*"],
                        conditions={
                            "ArnEquals": {"ecs:cluster": self.ecs_cluster.cluster_arn}
                        },
                    ),
                    iam.PolicyStatement(
                        actions=["iam:PassRole"],
                        resources=[
                            f"arn:{cdk.Aws.PARTITION}:iam::{cdk.Aws.ACCOUNT_ID}:role/{self.cluster_name}-ad-sync-task-role",
                        ],
                    ),
                    iam.PolicyStatement(
                        actions=["ec2:DescribeSecurityGroups"],
                        resources=["*"],
                    ),
                ],
            )
        )
        self.add_common_tags(scheduled_ad_sync_lambda_role)

        scheduled_ad_sync_lambda = _lambda.Function(
            self.nested_stack,
            id="scheduled-ad-sync",
            function_name=lambda_name,
            description=f"Lambda to send scheduled event to trigger ad sync",
            environment={
                "environment_name": self.cluster_name,
            },
            timeout=Duration.seconds(180),
            role=scheduled_ad_sync_lambda_role,
            runtime=RES_COMMON_LAMBDA_RUNTIME,
            **InfraUtils.get_handler_and_code_for_function(
                scheduled_ad_sync_handler.handler
            ),
            layers=[self.lambda_layer],
        )
        self.add_common_tags(scheduled_ad_sync_lambda)

        # CloudFormation that doesn't support Tags for Event Bridge rule currently:
        # Check https://github.com/aws/aws-cdk/issues/4907
        schedule_trigger_rule = events.Rule(
            self.nested_stack,
            id="ad-sync-schedule-rule",
            enabled=True,
            rule_name=f"{self.cluster_name}-ad-sync-schedule-rule",
            description="Event Rule to Trigger schedule AD sync EVERY hour",
            schedule=Schedule.cron(minute="0", hour="0/1"),  # every 1 hour
        )

        schedule_trigger_rule.add_target(
            events_targets.LambdaFunction(
                scheduled_ad_sync_lambda,
            )
        )