constructor()

in cdk/lib/image-copier-lambda.ts [16:119]

• 90 lines of code
• 1 McCabe index (conditional complexity)

  constructor(scope: App, id: string, props: ImageCopierLambdaProps) {
    super(scope, id, props);

    const functionCodeBucket = Bucket.fromBucketName(this, "function-code-bucket", "deploy-tools-dist");

    const kmsKeyArnParam = new CfnParameter(this, "KmsKeyArn", {
      description: "Override the default KMS key if required",
      type: "String",
      default: "",
    });

    const kmsKeyArn = Fn.importValue("amigo-imagecopier-key");

    const housekeepingTopicParam = new CfnParameter(this, "AmigoHousekeepingTopicArn", {
      description: "The housekeeping SNS topic to subscribe to",
      type: "String",
    });

    const copierTopicParam = new CfnParameter(this, "AmigoTopicArn", {
      description: "The SNS topic to subscribe to",
      type: "String",
    });

    const loggingPolicy = new PolicyStatement({
      effect: Effect.ALLOW,
      actions: ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"],
      resources: ["arn:aws:logs:*:*:*"],
    });

    const copierLambda = new Function(this, "ImageCopierLambda", {
      description: "Lambda for copying and encrypting AMIgo baked AMIs",
      runtime: Runtime.JAVA_21,
      memorySize: 512,
      handler: "com.gu.imageCopier.LambdaEntrypoint::run",
      timeout: Duration.seconds(30),
      environment: {
        ACCOUNT_ID: this.account,
        KMS_KEY_ARN: kmsKeyArn,
        ENCRYPTED_TAG_VALUE: "true",
      },
      code: Code.fromBucket(functionCodeBucket, `${this.stack}/${this.stage}/imagecopier/image-copier-${props.version}.zip`),
      initialPolicy: [
        loggingPolicy,
        new PolicyStatement({
          effect: Effect.ALLOW,
          actions: ["ec2:CopyImage", "ec2:CreateTags"],
          resources: ["*"],
        }),
        new PolicyStatement({
          effect: Effect.ALLOW,
          actions: ["kms:Encrypt", "kms:Decrypt", "kms:CreateGrant", "kms:GenerateDataKey*", "kms:DescribeKey"],
          resources: [Fn.importValue("amigo-imagecopier-key")],
        }),
      ],
    });

    this.overrideLogicalId(copierLambda, {
      logicalId: "ImageCopierLambda",
      reason: "To gain confidence during the migration to CDK",
    });

    const copierTopic = Topic.fromTopicArn(
      this,
      `ImageCopierLambda-SnsExistingIncomingEventsTopic`,
      copierTopicParam.valueAsString
    );

    copierLambda.addEventSource(new SnsEventSource(copierTopic));

    const housekeepingLambda = new Function(this, "HousekeepingLambda", {
      description: "Lambda for housekeeping AMIgo baked AMIs in other accounts",
      runtime: Runtime.JAVA_11,
      memorySize: 512,
      handler: "com.gu.imageCopier.LambdaEntrypoint::housekeeping",
      timeout: Duration.seconds(30),
      environment: {
        ACCOUNT_ID: this.account,
        KMS_KEY_ARN: kmsKeyArn,
        ENCRYPTED_TAG_VALUE: "true",
      },
      code: Code.fromBucket(functionCodeBucket, `${this.stack}/${this.stage}/imagecopier/image-copier-${props.version}.zip`),
      initialPolicy: [
        loggingPolicy,
        new PolicyStatement({
          effect: Effect.ALLOW,
          actions: ["ec2:DescribeImages", "ec2:DeregisterImage", "ec2:DeleteSnapshot"],
          resources: ["*"],
        }),
      ],
    });

    this.overrideLogicalId(housekeepingLambda, {
      logicalId: "HousekeepingLambda",
      reason: "To gain confidence during the migration to CDK",
    });

    const housekeepingTopic = Topic.fromTopicArn(
      this,
      `HousekeepingLambda-SnsExistingIncomingEventsTopic`,
      housekeepingTopicParam.valueAsString
    );

    housekeepingLambda.addEventSource(new SnsEventSource(housekeepingTopic));
  }