aws-cdk-lib#aws_lambda TypeScript Examples
The following examples show how to use
aws-cdk-lib#aws_lambda.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: index.ts From cdk-ec2-key-pair with Apache License 2.0 | 5 votes |
|
/**
* The lambda function that is created
*/
public readonly lambda: aws_lambda.IFunction;
Example #2
| Source File: index.ts From cdk-ssm-document with Apache License 2.0 | 5 votes |
|
private ensureLambda(): aws_lambda.Function {
const stack = Stack.of(this);
const constructName = 'SSM-Document-Manager-Lambda';
const existing = stack.node.tryFindChild(constructName);
if (existing) {
return existing as aws_lambda.Function;
}
const policy = new aws_iam.ManagedPolicy(
stack,
'SSM-Document-Manager-Policy',
{
managedPolicyName: `${stack.stackName}-${cleanID}`,
description: `Used by Lambda ${cleanID}, which is a custom CFN resource, managing SSM documents`,
statements: [
new aws_iam.PolicyStatement({
actions: ['ssm:ListDocuments', 'ssm:ListTagsForResource'],
resources: ['*'],
}),
new aws_iam.PolicyStatement({
actions: ['ssm:AddTagsToResource', 'ssm:CreateDocument'],
resources: ['*'],
conditions: {
StringLike: {
'aws:RequestTag/CreatedByCfnCustomResource': ID,
},
},
}),
new aws_iam.PolicyStatement({
actions: [
'ssm:AddTagsToResource',
'ssm:DeleteDocument',
'ssm:DescribeDocument',
'ssm:GetDocument',
'ssm:ListDocumentVersions',
'ssm:ModifyDocumentPermission',
'ssm:RemoveTagsFromResource',
'ssm:UpdateDocument',
'ssm:UpdateDocumentDefaultVersion',
],
resources: ['*'],
conditions: {
StringLike: {
'ssm:ResourceTag/CreatedByCfnCustomResource': ID,
},
},
}),
],
}
);
const role = new aws_iam.Role(stack, 'SSM-Document-Manager-Role', {
roleName: `${stack.stackName}-${cleanID}`,
description: `Used by Lambda ${cleanID}, which is a custom CFN resource, managing SSM documents`,
assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'),
managedPolicies: [
policy,
aws_iam.ManagedPolicy.fromAwsManagedPolicyName(
'service-role/AWSLambdaBasicExecutionRole'
),
],
});
const fn = new aws_lambda.Function(stack, constructName, {
functionName: `${stack.stackName}-${cleanID}`,
role: role,
description: 'Custom CFN resource: Manage SSM Documents',
runtime: aws_lambda.Runtime.NODEJS_14_X,
handler: 'index.handler',
code: aws_lambda.Code.fromAsset(
path.join(__dirname, '../lambda/code.zip')
),
timeout: Duration.minutes(lambdaTimeout),
});
return fn;
}
Example #3
| Source File: index.ts From cdk-ssm-document with Apache License 2.0 | 5 votes |
|
/**
* The lambda function that is created
*/
public readonly lambda: aws_lambda.IFunction;
Example #4
| Source File: index.ts From cdk-ec2-key-pair with Apache License 2.0 | 4 votes |
|
private ensureLambda(): aws_lambda.Function {
const stack = Stack.of(this);
const constructName = 'EC2-Key-Name-Manager-Lambda';
const existing = stack.node.tryFindChild(constructName);
if (existing) {
return existing as aws_lambda.Function;
}
const resources = [`arn:${stack.partition}:ec2:*:*:key-pair/*`];
const policy = new aws_iam.ManagedPolicy(
stack,
'EC2-Key-Pair-Manager-Policy',
{
managedPolicyName: `${this.prefix}-${cleanID}`,
description: `Used by Lambda ${cleanID}, which is a custom CFN resource, managing EC2 Key Pairs`,
statements: [
new aws_iam.PolicyStatement({
actions: ['ec2:DescribeKeyPairs'],
resources: ['*'],
}),
new aws_iam.PolicyStatement({
actions: [
'ec2:CreateKeyPair',
'ec2:CreateTags',
'ec2:ImportKeyPair',
],
conditions: {
StringLike: {
'aws:RequestTag/CreatedByCfnCustomResource': ID,
},
},
resources,
}),
new aws_iam.PolicyStatement({
// allow delete/update, only if createdByTag is set
actions: ['ec2:CreateTags', 'ec2:DeleteKeyPair', 'ec2:DeleteTags'],
conditions: {
StringLike: {
'ec2:ResourceTag/CreatedByCfnCustomResource': ID,
},
},
resources,
}),
new aws_iam.PolicyStatement({
// we need this to check if a secret exists before attempting to delete it
actions: ['secretsmanager:ListSecrets'],
resources: ['*'],
}),
new aws_iam.PolicyStatement({
actions: [
'secretsmanager:CreateSecret',
'secretsmanager:TagResource',
],
conditions: {
StringLike: {
'aws:RequestTag/CreatedByCfnCustomResource': ID,
},
},
resources: ['*'],
}),
new aws_iam.PolicyStatement({
// allow delete/update, only if createdByTag is set
actions: [
'secretsmanager:DeleteResourcePolicy',
'secretsmanager:DeleteSecret',
'secretsmanager:DescribeSecret',
'secretsmanager:GetResourcePolicy',
'secretsmanager:GetSecretValue',
'secretsmanager:ListSecretVersionIds',
'secretsmanager:PutResourcePolicy',
'secretsmanager:PutSecretValue',
'secretsmanager:RestoreSecret',
'secretsmanager:UntagResource',
'secretsmanager:UpdateSecret',
'secretsmanager:UpdateSecretVersionStage',
],
conditions: {
StringLike: {
'secretsmanager:ResourceTag/CreatedByCfnCustomResource': ID,
},
},
resources: ['*'],
}),
],
}
);
const role = new aws_iam.Role(stack, 'EC2-Key-Pair-Manager-Role', {
roleName: `${this.prefix}-${cleanID}`,
description: `Used by Lambda ${cleanID}, which is a custom CFN resource, managing EC2 Key Pairs`,
assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'),
managedPolicies: [
policy,
aws_iam.ManagedPolicy.fromAwsManagedPolicyName(
'service-role/AWSLambdaBasicExecutionRole'
),
],
});
const fn = new aws_lambda.Function(stack, constructName, {
functionName: `${this.prefix}-${cleanID}`,
role: role,
description: 'Custom CFN resource: Manage EC2 Key Pairs',
runtime: aws_lambda.Runtime.NODEJS_14_X,
handler: 'index.handler',
code: aws_lambda.Code.fromAsset(
path.join(__dirname, '../lambda/code.zip')
),
timeout: Duration.minutes(lambdaTimeout),
});
return fn;
}
