forked from aws/aws-cdk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
bucket-pinger.ts
51 lines (42 loc) · 1.53 KB
/
bucket-pinger.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import * as ec2 from '@aws-cdk/aws-ec2';
import * as iam from '@aws-cdk/aws-iam';
import * as lambda from '@aws-cdk/aws-lambda';
import { CustomResource, Token, Duration } from '@aws-cdk/core';
import * as cr from '@aws-cdk/custom-resources';
import { Construct } from 'constructs';
export interface PingerProps {
readonly securityGroup?: ec2.SecurityGroup;
readonly vpc?: ec2.IVpc;
readonly subnets?: ec2.ISubnet[];
}
export class BucketPinger extends Construct {
private _resource: CustomResource;
constructor(scope: Construct, id: string, props: PingerProps) {
super(scope, id);
const func = new lambda.Function(this, 'Function', {
code: lambda.Code.fromAsset(`${__dirname}/function`),
handler: 'index.handler',
runtime: lambda.Runtime.PYTHON_3_9,
vpc: props.vpc,
vpcSubnets: props.subnets ? { subnets: props.subnets } : undefined,
securityGroups: props.securityGroup ? [props.securityGroup] : undefined,
timeout: Duration.minutes(1),
});
if (!func.role) {
throw new Error('pinger lambda has no execution role!');
}
func.role.addToPrincipalPolicy(new iam.PolicyStatement({
actions: ['s3:DeleteBucket', 's3:ListBucket'],
resources: ['arn:aws:s3:::*'],
}));
const provider = new cr.Provider(this, 'Provider', {
onEventHandler: func,
});
this._resource = new CustomResource(this, 'Resource', {
serviceToken: provider.serviceToken,
});
}
public get response() {
return Token.asString(this._resource.getAtt('Value'));
}
}