-
Notifications
You must be signed in to change notification settings - Fork 0
/
cdkv2.ts
81 lines (71 loc) · 2.94 KB
/
cdkv2.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
import * as s3 from 'aws-cdk-lib/aws-s3';
import * as iam from 'aws-cdk-lib/aws-iam';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as lambdaJs from 'aws-cdk-lib/aws-lambda-nodejs';
import * as cdk from 'aws-cdk-lib';
import * as cr from 'aws-cdk-lib/custom-resources';
import { Construct } from 'constructs';
import * as path from 'path';
import { WafSecurityAutomationsOptions, optionsDefaults } from './common';
export class WafSecurityAutomationsProps {
readonly options?: Partial<WafSecurityAutomationsOptions>;
readonly accessLogBucket: s3.IBucket;
readonly stackName: string;
}
export class WafSecurityAutomations extends Construct {
public readonly accessLogBucket: s3.IBucket;
public readonly stackName: string;
public readonly resource: cdk.CustomResource;
public readonly webAclName: string;
public readonly webAclArn: string;
public readonly webAclId: string;
public readonly webAclDescription: string;
constructor(scope: Construct, id: string, props: WafSecurityAutomationsProps) {
super(scope, id);
if (!props.accessLogBucket) {
throw new Error('No log bucket specified');
}
this.accessLogBucket = props.accessLogBucket;
this.stackName = props.stackName ?? 'AWSWafSecurityAutomations';
const options = {
...optionsDefaults,
...(props.options ?? {}),
};
const providerFunctionShared = {
entry: path.join(__dirname, 'provider', 'index.ts'),
runtime: lambda.Runtime.NODEJS_16_X,
timeout: cdk.Duration.minutes(15),
initialPolicy: [
new iam.PolicyStatement({
resources: ['*'],
actions: ['*'],
}),
],
};
const onEventHandler = new lambdaJs.NodejsFunction(this, 'waf-automations-event', {
...providerFunctionShared,
handler: 'onEvent',
});
const isCompleteHandler = new lambdaJs.NodejsFunction(this, 'waf-automations-complete', {
...providerFunctionShared,
handler: 'isComplete',
});
const provider = new cr.Provider(this, 'waf-automations-provider', {
onEventHandler,
isCompleteHandler,
});
this.resource = new cdk.CustomResource(this, 'waf-automations', {
serviceToken: provider.serviceToken,
properties: {
StackName: this.stackName,
AccessLogBucketName: this.accessLogBucket.bucketName,
TemplateVersion: options.templateVersion,
Options: JSON.stringify(options),
},
});
this.webAclName = this.resource.getAttString('WebAclName');
this.webAclArn = this.resource.getAttString('WebAclArn');
this.webAclId = this.resource.getAttString('WebAclId');
this.webAclDescription = this.resource.getAttString('WebAclDescription');
}
}