constructor()

in src/constructs/iam/policies/kcl.ts [41:72]

• 15 lines of code
• 1 McCabe index (conditional complexity)

  constructor(scope: GuStack, id: string, props: KCLApplication) {
    function allow(actionType: string, actions: string[], resources: string[]): PolicyStatement {
      return new PolicyStatement({
        effect: Effect.ALLOW,
        actions: actions.map((a) => `${actionType}:${a}`),
        resources: resources.map((r) => `arn:aws:${actionType}:${scope.region}:${scope.account}:${r}`),
      });
    }

    function allowDynamoDB(actions: string[], tableOrIndexNames: string[]): PolicyStatement {
      return allow(
        "dynamodb",
        actions,
        tableOrIndexNames.map((name) => `table/${name}`),
      );
    }

    const leaseTable = props.applicationName;
    const metricsTable = `${props.applicationName}-WorkerMetricStats`;
    const coordinatorTable = `${props.applicationName}-CoordinatorState`;

    super(scope, id, {
      statements: [
        allow("kinesis", kinesisActions, [`stream/${props.streamName}`]),
        allow("kinesis", kinesisEnhancedFanOutActions, [`stream/${props.streamName}/consumer/*`]),
        allowDynamoDB(actionsOnAllTables, [leaseTable, metricsTable, coordinatorTable]),
        allowDynamoDB(additionalLeaseTableActions, [leaseTable]),
        allowDynamoDB(["Query"], [`${leaseTable}/index/*`]),
        allow("cloudwatch", ["PutMetricData"], ["*"]),
      ],
    });
  }