in cdk/lib/ticker-calculator.ts [15:95]
constructor(scope: App, id: string, props: GuStackProps) {
super(scope, id, props);
const scheduleRules: GuScheduledLambdaProps['rules'] = [
{
schedule: Schedule.rate(Duration.minutes(15)),
description: 'US',
input: RuleTargetInput.fromText('US'),
},
{
schedule: Schedule.rate(Duration.minutes(15)),
description: 'AU',
input: RuleTargetInput.fromText('AU'),
},
{
schedule: Schedule.rate(Duration.minutes(15)),
description: 'global',
input: RuleTargetInput.fromText('global'),
},
];
const role = new Role(this, 'query-lambda-role', {
// Set the name of the role rather than using an autogenerated name.
// This is because if the ARN is too long then it breaks the authentication request to GCP
roleName: `${AppName}-${this.stage}`,
assumedBy: new ServicePrincipal('lambda.amazonaws.com'),
});
role.addToPolicy(
// Logging permissions
new PolicyStatement({
actions: [
'logs:CreateLogGroup',
'logs:CreateLogStream',
'logs:PutLogEvents',
],
resources: ['*'],
}),
);
role.addToPolicy(
// Permission to create the ticker output file in S3
new PolicyStatement({
actions: ['s3:*'],
resources: [
`arn:aws:s3::*:${TickerBucket}/*`,
`arn:aws:s3::*:${TickerBucket}`,
],
}),
);
role.addToPolicy(
// Permission to read config from Parameter Store
new PolicyStatement({
actions: ['ssm:GetParameter'],
resources: [
`arn:aws:ssm:${this.region}:${this.account}:parameter/ticker-calculator/${this.stage}/gcp-wif-credentials-config`,
`arn:aws:ssm:${this.region}:${this.account}:parameter/ticker-calculator/${this.stage}/ticker-config`,
],
}),
);
new GuScheduledLambda(this, 'TickerCalculator', {
app: AppName,
functionName: `${AppName}-${this.stage}`,
runtime: Runtime.NODEJS_20_X,
handler: 'lambda.handler',
fileName: `${AppName}.zip`,
rules: scheduleRules,
role,
environment: {
Stage: this.stage,
},
timeout: Duration.minutes(2),
loggingFormat: LoggingFormat.TEXT,
monitoringConfiguration:
this.stage === 'PROD'
? {
toleratedErrorPercentage: 0,
snsTopicName: 'alarms-handler-topic-PROD',
}
: { noMonitoring: true },
});
}