@fjall/components-infrastructure 0.6.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/config/aws/costAllocationTags.d.ts +9 -1
- package/dist/lib/config/aws/costAllocationTags.js +6 -17
- package/dist/lib/config/aws/identityCenter.d.ts +5 -2
- package/dist/lib/config/aws/identityCenter.js +78 -22
- package/dist/lib/patterns/aws/managedOrganisation.d.ts +2 -0
- package/dist/lib/patterns/aws/managedOrganisation.js +8 -4
- package/dist/lib/resources/aws/iam/identityCenter/assignment.d.ts +2 -2
- package/dist/lib/resources/aws/iam/identityCenter/assignment.js +17 -30
- package/dist/lib/resources/aws/iam/identityCenter/assignmentNew.d.ts +11 -0
- package/dist/lib/resources/aws/iam/identityCenter/assignmentNew.js +102 -0
- package/dist/lib/resources/aws/iam/identityCenter/attachManagedPolicy.d.ts +2 -0
- package/dist/lib/resources/aws/iam/identityCenter/attachManagedPolicy.js +17 -14
- package/dist/lib/resources/aws/iam/identityCenter/group.d.ts +2 -0
- package/dist/lib/resources/aws/iam/identityCenter/group.js +33 -24
- package/dist/lib/resources/aws/iam/identityCenter/lambda/assignmentHandler.d.ts +24 -0
- package/dist/lib/resources/aws/iam/identityCenter/lambda/assignmentHandler.js +246 -0
- package/dist/lib/resources/aws/iam/identityCenter/permissionSet.d.ts +2 -2
- package/dist/lib/resources/aws/iam/identityCenter/permissionSet.js +55 -43
- package/dist/lib/utils/getConfig.d.ts +2 -0
- package/dist/lib/utils/getConfig.js +6 -2
- package/package.json +4 -3
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AssignmentNew = void 0;
|
|
4
|
+
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
+
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
6
|
+
const aws_lambda_1 = require("aws-cdk-lib/aws-lambda");
|
|
7
|
+
const aws_logs_1 = require("aws-cdk-lib/aws-logs");
|
|
8
|
+
const custom_resources_1 = require("aws-cdk-lib/custom-resources");
|
|
9
|
+
const constructs_1 = require("constructs");
|
|
10
|
+
const path_1 = require("path");
|
|
11
|
+
const aws_cdk_lib_2 = require("aws-cdk-lib");
|
|
12
|
+
class AssignmentNew extends constructs_1.Construct {
|
|
13
|
+
constructor(scope, id, props) {
|
|
14
|
+
super(scope, id);
|
|
15
|
+
// 1. Create a dedicated IAM role with the necessary permissions
|
|
16
|
+
const lambdaRole = new aws_iam_1.Role(this, `${id}LambdaRole`, {
|
|
17
|
+
assumedBy: new aws_iam_1.ServicePrincipal("lambda.amazonaws.com"),
|
|
18
|
+
description: `Role for AWS Identity Center Assignment for ${id}`,
|
|
19
|
+
inlinePolicies: {
|
|
20
|
+
// CloudWatch Logs permissions
|
|
21
|
+
"logs-policy": new aws_iam_1.PolicyDocument({
|
|
22
|
+
statements: [
|
|
23
|
+
new aws_iam_1.PolicyStatement({
|
|
24
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
25
|
+
actions: [
|
|
26
|
+
"logs:CreateLogGroup",
|
|
27
|
+
"logs:CreateLogStream",
|
|
28
|
+
"logs:PutLogEvents"
|
|
29
|
+
],
|
|
30
|
+
resources: ["*"]
|
|
31
|
+
})
|
|
32
|
+
]
|
|
33
|
+
}),
|
|
34
|
+
// SSO Admin permissions - comprehensive permissions for both sso: and sso-admin: namespaces
|
|
35
|
+
"sso-admin-policy": new aws_iam_1.PolicyDocument({
|
|
36
|
+
statements: [
|
|
37
|
+
new aws_iam_1.PolicyStatement({
|
|
38
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
39
|
+
actions: [
|
|
40
|
+
// SSO Admin permissions (using both prefixes to ensure compatibility)
|
|
41
|
+
"sso:*",
|
|
42
|
+
"sso-admin:CreateAccountAssignment",
|
|
43
|
+
"sso-admin:DeleteAccountAssignment",
|
|
44
|
+
"sso-admin:ListAccountAssignments",
|
|
45
|
+
"sso-admin:DescribeAccountAssignmentCreationStatus",
|
|
46
|
+
"sso-admin:DescribeAccountAssignmentDeletionStatus",
|
|
47
|
+
// Original SSO permissions (may still be needed)
|
|
48
|
+
"sso:CreateAccountAssignment",
|
|
49
|
+
"sso:UpdateAccountAssignment",
|
|
50
|
+
"sso:DeleteAccountAssignment",
|
|
51
|
+
"sso:ListAccountAssignments",
|
|
52
|
+
"sso:DescribeAccountAssignmentCreationStatus",
|
|
53
|
+
"sso:DescribeAccountAssignmentDeletionStatus",
|
|
54
|
+
// Identity Store permissions
|
|
55
|
+
"identitystore:DescribeGroup",
|
|
56
|
+
"identitystore:ListGroupMemberships",
|
|
57
|
+
"identitystore:ListUsers",
|
|
58
|
+
"identitystore:ListGroups",
|
|
59
|
+
// Organizations permissions that may be needed for cross-account operations
|
|
60
|
+
"organizations:DescribeAccount",
|
|
61
|
+
"organizations:ListAccounts"
|
|
62
|
+
],
|
|
63
|
+
resources: ["*"]
|
|
64
|
+
})
|
|
65
|
+
]
|
|
66
|
+
})
|
|
67
|
+
}
|
|
68
|
+
});
|
|
69
|
+
// 2. Create the Lambda function with the dedicated role
|
|
70
|
+
const lambda = new aws_lambda_1.Function(this, `${id}Lambda`, {
|
|
71
|
+
runtime: aws_lambda_1.Runtime.NODEJS_18_X,
|
|
72
|
+
code: aws_lambda_1.Code.fromAsset((0, path_1.join)(__dirname, "lambda")),
|
|
73
|
+
handler: "assignmentHandler.handler",
|
|
74
|
+
role: lambdaRole,
|
|
75
|
+
timeout: aws_cdk_lib_1.Duration.minutes(5),
|
|
76
|
+
description: `AWS Identity Center Assignment Handler for ${id}`,
|
|
77
|
+
logRetention: aws_logs_1.RetentionDays.ONE_WEEK,
|
|
78
|
+
memorySize: 256 // Increase memory for better performance
|
|
79
|
+
});
|
|
80
|
+
// 3. Create a custom resource provider
|
|
81
|
+
const provider = new custom_resources_1.Provider(this, `${id}Provider`, {
|
|
82
|
+
onEventHandler: lambda,
|
|
83
|
+
logRetention: aws_logs_1.RetentionDays.ONE_WEEK
|
|
84
|
+
});
|
|
85
|
+
// 4. Create the custom resource
|
|
86
|
+
new aws_cdk_lib_2.CustomResource(this, `${id}Resource`, {
|
|
87
|
+
serviceToken: provider.serviceToken,
|
|
88
|
+
properties: {
|
|
89
|
+
InstanceArn: props.instanceArn,
|
|
90
|
+
PermissionSetArn: props.permissionSetArn,
|
|
91
|
+
PrincipalType: props.principalType,
|
|
92
|
+
PrincipalId: props.principalId,
|
|
93
|
+
TargetType: props.targetType,
|
|
94
|
+
TargetId: props.targetId,
|
|
95
|
+
// Add a timestamp to ensure updates are processed
|
|
96
|
+
Timestamp: new Date().toISOString()
|
|
97
|
+
}
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
exports.AssignmentNew = AssignmentNew;
|
|
102
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzaWdubWVudE5ldy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uL2xpYi9yZXNvdXJjZXMvYXdzL2lhbS9pZGVudGl0eUNlbnRlci9hc3NpZ25tZW50TmV3LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDZDQUF1QztBQUN2QyxpREFNNkI7QUFDN0IsdURBQWlFO0FBQ2pFLG1EQUFxRDtBQUNyRCxtRUFBd0Q7QUFDeEQsMkNBQXVDO0FBQ3ZDLCtCQUE0QjtBQUM1Qiw2Q0FBNkM7QUFFN0MsTUFBYSxhQUFjLFNBQVEsc0JBQVM7SUFDMUMsWUFDRSxLQUFnQixFQUNoQixFQUFVLEVBQ1YsS0FPQztRQUVELEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsZ0VBQWdFO1FBQ2hFLE1BQU0sVUFBVSxHQUFHLElBQUksY0FBSSxDQUFDLElBQUksRUFBRSxHQUFHLEVBQUUsWUFBWSxFQUFFO1lBQ25ELFNBQVMsRUFBRSxJQUFJLDBCQUFnQixDQUFDLHNCQUFzQixDQUFDO1lBQ3ZELFdBQVcsRUFBRSwrQ0FBK0MsRUFBRSxFQUFFO1lBQ2hFLGNBQWMsRUFBRTtnQkFDZCw4QkFBOEI7Z0JBQzlCLGFBQWEsRUFBRSxJQUFJLHdCQUFjLENBQUM7b0JBQ2hDLFVBQVUsRUFBRTt3QkFDVixJQUFJLHlCQUFlLENBQUM7NEJBQ2xCLE1BQU0sRUFBRSxnQkFBTSxDQUFDLEtBQUs7NEJBQ3BCLE9BQU8sRUFBRTtnQ0FDUCxxQkFBcUI7Z0NBQ3JCLHNCQUFzQjtnQ0FDdEIsbUJBQW1COzZCQUNwQjs0QkFDRCxTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7eUJBQ2pCLENBQUM7cUJBQ0g7aUJBQ0YsQ0FBQztnQkFDRiw0RkFBNEY7Z0JBQzVGLGtCQUFrQixFQUFFLElBQUksd0JBQWMsQ0FBQztvQkFDckMsVUFBVSxFQUFFO3dCQUNWLElBQUkseUJBQWUsQ0FBQzs0QkFDbEIsTUFBTSxFQUFFLGdCQUFNLENBQUMsS0FBSzs0QkFDcEIsT0FBTyxFQUFFO2dDQUNQLHNFQUFzRTtnQ0FDdEUsT0FBTztnQ0FDUCxtQ0FBbUM7Z0NBQ25DLG1DQUFtQztnQ0FDbkMsa0NBQWtDO2dDQUNsQyxtREFBbUQ7Z0NBQ25ELG1EQUFtRDtnQ0FFbkQsaURBQWlEO2dDQUNqRCw2QkFBNkI7Z0NBQzdCLDZCQUE2QjtnQ0FDN0IsNkJBQTZCO2dDQUM3Qiw0QkFBNEI7Z0NBQzVCLDZDQUE2QztnQ0FDN0MsNkNBQTZDO2dDQUU3Qyw2QkFBNkI7Z0NBQzdCLDZCQUE2QjtnQ0FDN0Isb0NBQW9DO2dDQUNwQyx5QkFBeUI7Z0NBQ3pCLDBCQUEwQjtnQ0FFMUIsNEVBQTRFO2dDQUM1RSwrQkFBK0I7Z0NBQy9CLDRCQUE0Qjs2QkFDN0I7NEJBQ0QsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO3lCQUNqQixDQUFDO3FCQUNIO2lCQUNGLENBQUM7YUFDSDtTQUNGLENBQUMsQ0FBQztRQUVILHdEQUF3RDtRQUN4RCxNQUFNLE1BQU0sR0FBRyxJQUFJLHFCQUFRLENBQUMsSUFBSSxFQUFFLEdBQUcsRUFBRSxRQUFRLEVBQUU7WUFDL0MsT0FBTyxFQUFFLG9CQUFPLENBQUMsV0FBVztZQUM1QixJQUFJLEVBQUUsaUJBQUksQ0FBQyxTQUFTLENBQUMsSUFBQSxXQUFJLEVBQUMsU0FBUyxFQUFFLFFBQVEsQ0FBQyxDQUFDO1lBQy9DLE9BQU8sRUFBRSwyQkFBMkI7WUFDcEMsSUFBSSxFQUFFLFVBQVU7WUFDaEIsT0FBTyxFQUFFLHNCQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUM1QixXQUFXLEVBQUUsOENBQThDLEVBQUUsRUFBRTtZQUMvRCxZQUFZLEVBQUUsd0JBQWEsQ0FBQyxRQUFRO1lBQ3BDLFVBQVUsRUFBRSxHQUFHLENBQUMseUNBQXlDO1NBQzFELENBQUMsQ0FBQztRQUVILHVDQUF1QztRQUN2QyxNQUFNLFFBQVEsR0FBRyxJQUFJLDJCQUFRLENBQUMsSUFBSSxFQUFFLEdBQUcsRUFBRSxVQUFVLEVBQUU7WUFDbkQsY0FBYyxFQUFFLE1BQU07WUFDdEIsWUFBWSxFQUFFLHdCQUFhLENBQUMsUUFBUTtTQUNyQyxDQUFDLENBQUM7UUFFSCxnQ0FBZ0M7UUFDaEMsSUFBSSw0QkFBYyxDQUFDLElBQUksRUFBRSxHQUFHLEVBQUUsVUFBVSxFQUFFO1lBQ3hDLFlBQVksRUFBRSxRQUFRLENBQUMsWUFBWTtZQUNuQyxVQUFVLEVBQUU7Z0JBQ1YsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO2dCQUM5QixnQkFBZ0IsRUFBRSxLQUFLLENBQUMsZ0JBQWdCO2dCQUN4QyxhQUFhLEVBQUUsS0FBSyxDQUFDLGFBQWE7Z0JBQ2xDLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztnQkFDOUIsVUFBVSxFQUFFLEtBQUssQ0FBQyxVQUFVO2dCQUM1QixRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7Z0JBQ3hCLGtEQUFrRDtnQkFDbEQsU0FBUyxFQUFFLElBQUksSUFBSSxFQUFFLENBQUMsV0FBVyxFQUFFO2FBQ3BDO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBMUdELHNDQTBHQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IER1cmF0aW9uIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQge1xuICBQb2xpY3lEb2N1bWVudCxcbiAgUG9saWN5U3RhdGVtZW50LFxuICBFZmZlY3QsXG4gIFJvbGUsXG4gIFNlcnZpY2VQcmluY2lwYWxcbn0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIjtcbmltcG9ydCB7IENvZGUsIEZ1bmN0aW9uLCBSdW50aW1lIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1sYW1iZGFcIjtcbmltcG9ydCB7IFJldGVudGlvbkRheXMgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWxvZ3NcIjtcbmltcG9ydCB7IFByb3ZpZGVyIH0gZnJvbSBcImF3cy1jZGstbGliL2N1c3RvbS1yZXNvdXJjZXNcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBqb2luIH0gZnJvbSBcInBhdGhcIjtcbmltcG9ydCB7IEN1c3RvbVJlc291cmNlIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5cbmV4cG9ydCBjbGFzcyBBc3NpZ25tZW50TmV3IGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgY29uc3RydWN0b3IoXG4gICAgc2NvcGU6IENvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIHByb3BzOiB7XG4gICAgICBpbnN0YW5jZUFybjogc3RyaW5nO1xuICAgICAgcGVybWlzc2lvblNldEFybjogc3RyaW5nO1xuICAgICAgcHJpbmNpcGFsVHlwZTogc3RyaW5nO1xuICAgICAgcHJpbmNpcGFsSWQ6IHN0cmluZztcbiAgICAgIHRhcmdldFR5cGU6IHN0cmluZztcbiAgICAgIHRhcmdldElkOiBzdHJpbmc7XG4gICAgfVxuICApIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuXG4gICAgLy8gMS4gQ3JlYXRlIGEgZGVkaWNhdGVkIElBTSByb2xlIHdpdGggdGhlIG5lY2Vzc2FyeSBwZXJtaXNzaW9uc1xuICAgIGNvbnN0IGxhbWJkYVJvbGUgPSBuZXcgUm9sZSh0aGlzLCBgJHtpZH1MYW1iZGFSb2xlYCwge1xuICAgICAgYXNzdW1lZEJ5OiBuZXcgU2VydmljZVByaW5jaXBhbChcImxhbWJkYS5hbWF6b25hd3MuY29tXCIpLFxuICAgICAgZGVzY3JpcHRpb246IGBSb2xlIGZvciBBV1MgSWRlbnRpdHkgQ2VudGVyIEFzc2lnbm1lbnQgZm9yICR7aWR9YCxcbiAgICAgIGlubGluZVBvbGljaWVzOiB7XG4gICAgICAgIC8vIENsb3VkV2F0Y2ggTG9ncyBwZXJtaXNzaW9uc1xuICAgICAgICBcImxvZ3MtcG9saWN5XCI6IG5ldyBQb2xpY3lEb2N1bWVudCh7XG4gICAgICAgICAgc3RhdGVtZW50czogW1xuICAgICAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgICAgIGVmZmVjdDogRWZmZWN0LkFMTE9XLFxuICAgICAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAgICAgXCJsb2dzOkNyZWF0ZUxvZ0dyb3VwXCIsXG4gICAgICAgICAgICAgICAgXCJsb2dzOkNyZWF0ZUxvZ1N0cmVhbVwiLFxuICAgICAgICAgICAgICAgIFwibG9nczpQdXRMb2dFdmVudHNcIlxuICAgICAgICAgICAgICBdLFxuICAgICAgICAgICAgICByZXNvdXJjZXM6IFtcIipcIl1cbiAgICAgICAgICAgIH0pXG4gICAgICAgICAgXVxuICAgICAgICB9KSxcbiAgICAgICAgLy8gU1NPIEFkbWluIHBlcm1pc3Npb25zIC0gY29tcHJlaGVuc2l2ZSBwZXJtaXNzaW9ucyBmb3IgYm90aCBzc286IGFuZCBzc28tYWRtaW46IG5hbWVzcGFjZXNcbiAgICAgICAgXCJzc28tYWRtaW4tcG9saWN5XCI6IG5ldyBQb2xpY3lEb2N1bWVudCh7XG4gICAgICAgICAgc3RhdGVtZW50czogW1xuICAgICAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgICAgIGVmZmVjdDogRWZmZWN0LkFMTE9XLFxuICAgICAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAgICAgLy8gU1NPIEFkbWluIHBlcm1pc3Npb25zICh1c2luZyBib3RoIHByZWZpeGVzIHRvIGVuc3VyZSBjb21wYXRpYmlsaXR5KVxuICAgICAgICAgICAgICAgIFwic3NvOipcIixcbiAgICAgICAgICAgICAgICBcInNzby1hZG1pbjpDcmVhdGVBY2NvdW50QXNzaWdubWVudFwiLFxuICAgICAgICAgICAgICAgIFwic3NvLWFkbWluOkRlbGV0ZUFjY291bnRBc3NpZ25tZW50XCIsXG4gICAgICAgICAgICAgICAgXCJzc28tYWRtaW46TGlzdEFjY291bnRBc3NpZ25tZW50c1wiLFxuICAgICAgICAgICAgICAgIFwic3NvLWFkbWluOkRlc2NyaWJlQWNjb3VudEFzc2lnbm1lbnRDcmVhdGlvblN0YXR1c1wiLFxuICAgICAgICAgICAgICAgIFwic3NvLWFkbWluOkRlc2NyaWJlQWNjb3VudEFzc2lnbm1lbnREZWxldGlvblN0YXR1c1wiLFxuXG4gICAgICAgICAgICAgICAgLy8gT3JpZ2luYWwgU1NPIHBlcm1pc3Npb25zIChtYXkgc3RpbGwgYmUgbmVlZGVkKVxuICAgICAgICAgICAgICAgIFwic3NvOkNyZWF0ZUFjY291bnRBc3NpZ25tZW50XCIsXG4gICAgICAgICAgICAgICAgXCJzc286VXBkYXRlQWNjb3VudEFzc2lnbm1lbnRcIixcbiAgICAgICAgICAgICAgICBcInNzbzpEZWxldGVBY2NvdW50QXNzaWdubWVudFwiLFxuICAgICAgICAgICAgICAgIFwic3NvOkxpc3RBY2NvdW50QXNzaWdubWVudHNcIixcbiAgICAgICAgICAgICAgICBcInNzbzpEZXNjcmliZUFjY291bnRBc3NpZ25tZW50Q3JlYXRpb25TdGF0dXNcIixcbiAgICAgICAgICAgICAgICBcInNzbzpEZXNjcmliZUFjY291bnRBc3NpZ25tZW50RGVsZXRpb25TdGF0dXNcIixcblxuICAgICAgICAgICAgICAgIC8vIElkZW50aXR5IFN0b3JlIHBlcm1pc3Npb25zXG4gICAgICAgICAgICAgICAgXCJpZGVudGl0eXN0b3JlOkRlc2NyaWJlR3JvdXBcIixcbiAgICAgICAgICAgICAgICBcImlkZW50aXR5c3RvcmU6TGlzdEdyb3VwTWVtYmVyc2hpcHNcIixcbiAgICAgICAgICAgICAgICBcImlkZW50aXR5c3RvcmU6TGlzdFVzZXJzXCIsXG4gICAgICAgICAgICAgICAgXCJpZGVudGl0eXN0b3JlOkxpc3RHcm91cHNcIixcblxuICAgICAgICAgICAgICAgIC8vIE9yZ2FuaXphdGlvbnMgcGVybWlzc2lvbnMgdGhhdCBtYXkgYmUgbmVlZGVkIGZvciBjcm9zcy1hY2NvdW50IG9wZXJhdGlvbnNcbiAgICAgICAgICAgICAgICBcIm9yZ2FuaXphdGlvbnM6RGVzY3JpYmVBY2NvdW50XCIsXG4gICAgICAgICAgICAgICAgXCJvcmdhbml6YXRpb25zOkxpc3RBY2NvdW50c1wiXG4gICAgICAgICAgICAgIF0sXG4gICAgICAgICAgICAgIHJlc291cmNlczogW1wiKlwiXVxuICAgICAgICAgICAgfSlcbiAgICAgICAgICBdXG4gICAgICAgIH0pXG4gICAgICB9XG4gICAgfSk7XG5cbiAgICAvLyAyLiBDcmVhdGUgdGhlIExhbWJkYSBmdW5jdGlvbiB3aXRoIHRoZSBkZWRpY2F0ZWQgcm9sZVxuICAgIGNvbnN0IGxhbWJkYSA9IG5ldyBGdW5jdGlvbih0aGlzLCBgJHtpZH1MYW1iZGFgLCB7XG4gICAgICBydW50aW1lOiBSdW50aW1lLk5PREVKU18xOF9YLFxuICAgICAgY29kZTogQ29kZS5mcm9tQXNzZXQoam9pbihfX2Rpcm5hbWUsIFwibGFtYmRhXCIpKSxcbiAgICAgIGhhbmRsZXI6IFwiYXNzaWdubWVudEhhbmRsZXIuaGFuZGxlclwiLFxuICAgICAgcm9sZTogbGFtYmRhUm9sZSxcbiAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLm1pbnV0ZXMoNSksXG4gICAgICBkZXNjcmlwdGlvbjogYEFXUyBJZGVudGl0eSBDZW50ZXIgQXNzaWdubWVudCBIYW5kbGVyIGZvciAke2lkfWAsXG4gICAgICBsb2dSZXRlbnRpb246IFJldGVudGlvbkRheXMuT05FX1dFRUssXG4gICAgICBtZW1vcnlTaXplOiAyNTYgLy8gSW5jcmVhc2UgbWVtb3J5IGZvciBiZXR0ZXIgcGVyZm9ybWFuY2VcbiAgICB9KTtcblxuICAgIC8vIDMuIENyZWF0ZSBhIGN1c3RvbSByZXNvdXJjZSBwcm92aWRlclxuICAgIGNvbnN0IHByb3ZpZGVyID0gbmV3IFByb3ZpZGVyKHRoaXMsIGAke2lkfVByb3ZpZGVyYCwge1xuICAgICAgb25FdmVudEhhbmRsZXI6IGxhbWJkYSxcbiAgICAgIGxvZ1JldGVudGlvbjogUmV0ZW50aW9uRGF5cy5PTkVfV0VFS1xuICAgIH0pO1xuXG4gICAgLy8gNC4gQ3JlYXRlIHRoZSBjdXN0b20gcmVzb3VyY2VcbiAgICBuZXcgQ3VzdG9tUmVzb3VyY2UodGhpcywgYCR7aWR9UmVzb3VyY2VgLCB7XG4gICAgICBzZXJ2aWNlVG9rZW46IHByb3ZpZGVyLnNlcnZpY2VUb2tlbixcbiAgICAgIHByb3BlcnRpZXM6IHtcbiAgICAgICAgSW5zdGFuY2VBcm46IHByb3BzLmluc3RhbmNlQXJuLFxuICAgICAgICBQZXJtaXNzaW9uU2V0QXJuOiBwcm9wcy5wZXJtaXNzaW9uU2V0QXJuLFxuICAgICAgICBQcmluY2lwYWxUeXBlOiBwcm9wcy5wcmluY2lwYWxUeXBlLFxuICAgICAgICBQcmluY2lwYWxJZDogcHJvcHMucHJpbmNpcGFsSWQsXG4gICAgICAgIFRhcmdldFR5cGU6IHByb3BzLnRhcmdldFR5cGUsXG4gICAgICAgIFRhcmdldElkOiBwcm9wcy50YXJnZXRJZCxcbiAgICAgICAgLy8gQWRkIGEgdGltZXN0YW1wIHRvIGVuc3VyZSB1cGRhdGVzIGFyZSBwcm9jZXNzZWRcbiAgICAgICAgVGltZXN0YW1wOiBuZXcgRGF0ZSgpLnRvSVNPU3RyaW5nKClcbiAgICAgIH1cbiAgICB9KTtcbiAgfVxufVxuIl19
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
import { Construct } from "constructs";
|
|
2
|
+
import { Role } from "..";
|
|
2
3
|
interface AttachManagedPolicyProps {
|
|
3
4
|
instanceArn: string;
|
|
4
5
|
permissionSet: string;
|
|
5
6
|
permissionSetArn: string;
|
|
6
7
|
managedPolicyArn: string;
|
|
8
|
+
role: Role;
|
|
7
9
|
}
|
|
8
10
|
export declare class AttachManagedPolicy extends Construct {
|
|
9
11
|
constructor(scope: Construct, id: string, props: AttachManagedPolicyProps);
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.AttachManagedPolicy = void 0;
|
|
4
|
-
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
5
4
|
const constructs_1 = require("constructs");
|
|
6
5
|
const customResources = require("aws-cdk-lib/custom-resources");
|
|
7
6
|
const awsCustomResource_1 = require("../../utilities/awsCustomResource");
|
|
@@ -29,21 +28,25 @@ class AttachManagedPolicy extends constructs_1.Construct {
|
|
|
29
28
|
ManagedPolicyArn: props.managedPolicyArn
|
|
30
29
|
}
|
|
31
30
|
},
|
|
32
|
-
policy: customResources.AwsCustomResourcePolicy.
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
31
|
+
policy: customResources.AwsCustomResourcePolicy.fromSdkCalls({
|
|
32
|
+
resources: ["*"]
|
|
33
|
+
}),
|
|
34
|
+
// TODO: Lock down permissions, when we're ready to troubleshoot intermittent policy errors
|
|
35
|
+
// role: props.role,
|
|
36
|
+
// policy: customResources.AwsCustomResourcePolicy.fromStatements([
|
|
37
|
+
// new PolicyStatement({
|
|
38
|
+
// actions: [
|
|
39
|
+
// "sso:ProvisionPermissionSet",
|
|
40
|
+
// "sso:AttachManagedPolicyToPermissionSet",
|
|
41
|
+
// "sso:DetachManagedPolicyFromPermissionSet",
|
|
42
|
+
// "sso:TagResource"
|
|
43
|
+
// ],
|
|
44
|
+
// resources: ["*"]
|
|
45
|
+
// })
|
|
46
|
+
// ]),
|
|
44
47
|
resourceType: "Custom::PermissionSet"
|
|
45
48
|
});
|
|
46
49
|
}
|
|
47
50
|
}
|
|
48
51
|
exports.AttachManagedPolicy = AttachManagedPolicy;
|
|
49
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
52
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0YWNoTWFuYWdlZFBvbGljeS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uL2xpYi9yZXNvdXJjZXMvYXdzL2lhbS9pZGVudGl0eUNlbnRlci9hdHRhY2hNYW5hZ2VkUG9saWN5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLDJDQUF1QztBQUN2QyxnRUFBZ0U7QUFDaEUseUVBQXNFO0FBV3RFLE1BQWEsbUJBQW9CLFNBQVEsc0JBQVM7SUFDaEQsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUErQjtRQUN2RSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWpCLElBQUkscUNBQWlCLENBQUMsSUFBSSxFQUFFLHFCQUFxQixFQUFFO1lBQ2pELFlBQVksRUFBRSw4QkFBOEIsS0FBSyxDQUFDLGFBQWEsRUFBRTtZQUNqRSxRQUFRLEVBQUU7Z0JBQ1IsT0FBTyxFQUFFLFdBQVc7Z0JBQ3BCLE1BQU0sRUFBRSxvQ0FBb0MsRUFBRSw0SEFBNEg7Z0JBQzFLLFVBQVUsRUFBRTtvQkFDVixXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7b0JBQzlCLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxnQkFBZ0I7b0JBQ3hDLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxnQkFBZ0I7aUJBQ3pDO2dCQUNELGtCQUFrQixFQUFFLGVBQWUsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQ3ZELHFDQUFxQyxLQUFLLENBQUMsYUFBYSxFQUFFLENBQzNEO2FBQ0Y7WUFDRCxRQUFRLEVBQUU7Z0JBQ1IsT0FBTyxFQUFFLFdBQVc7Z0JBQ3BCLE1BQU0sRUFBRSxzQ0FBc0MsRUFBRSwrSEFBK0g7Z0JBQy9LLFVBQVUsRUFBRTtvQkFDVixXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7b0JBQzlCLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxnQkFBZ0I7b0JBQ3hDLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxnQkFBZ0I7aUJBQ3pDO2FBQ0Y7WUFDRCxNQUFNLEVBQUUsZUFBZSxDQUFDLHVCQUF1QixDQUFDLFlBQVksQ0FBQztnQkFDM0QsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO2FBQ2pCLENBQUM7WUFDRiwyRkFBMkY7WUFDM0Ysb0JBQW9CO1lBQ3BCLG1FQUFtRTtZQUNuRSwwQkFBMEI7WUFDMUIsaUJBQWlCO1lBQ2pCLHNDQUFzQztZQUN0QyxrREFBa0Q7WUFDbEQsb0RBQW9EO1lBQ3BELDBCQUEwQjtZQUMxQixTQUFTO1lBQ1QsdUJBQXVCO1lBQ3ZCLE9BQU87WUFDUCxNQUFNO1lBQ04sWUFBWSxFQUFFLHVCQUF1QjtTQUN0QyxDQUFDLENBQUM7SUFDTCxDQUFDO0NBQ0Y7QUE5Q0Qsa0RBOENDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgUG9saWN5U3RhdGVtZW50IH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgKiBhcyBjdXN0b21SZXNvdXJjZXMgZnJvbSBcImF3cy1jZGstbGliL2N1c3RvbS1yZXNvdXJjZXNcIjtcbmltcG9ydCB7IEF3c0N1c3RvbVJlc291cmNlIH0gZnJvbSBcIi4uLy4uL3V0aWxpdGllcy9hd3NDdXN0b21SZXNvdXJjZVwiO1xuaW1wb3J0IHsgUm9sZSB9IGZyb20gXCIuLlwiO1xuXG5pbnRlcmZhY2UgQXR0YWNoTWFuYWdlZFBvbGljeVByb3BzIHtcbiAgaW5zdGFuY2VBcm46IHN0cmluZztcbiAgcGVybWlzc2lvblNldDogc3RyaW5nO1xuICBwZXJtaXNzaW9uU2V0QXJuOiBzdHJpbmc7XG4gIG1hbmFnZWRQb2xpY3lBcm46IHN0cmluZztcbiAgcm9sZTogUm9sZTtcbn1cblxuZXhwb3J0IGNsYXNzIEF0dGFjaE1hbmFnZWRQb2xpY3kgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogQXR0YWNoTWFuYWdlZFBvbGljeVByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIG5ldyBBd3NDdXN0b21SZXNvdXJjZSh0aGlzLCBcImF0dGFjaE1hbmFnZWRQb2xpY3lcIiwge1xuICAgICAgZnVuY3Rpb25OYW1lOiBgYXR0YWNoUG9saWN5VG9QZXJtaXNzaW9uU2V0JHtwcm9wcy5wZXJtaXNzaW9uU2V0fWAsXG4gICAgICBvbkNyZWF0ZToge1xuICAgICAgICBzZXJ2aWNlOiBcInNzby1hZG1pblwiLFxuICAgICAgICBhY3Rpb246IFwiQXR0YWNoTWFuYWdlZFBvbGljeVRvUGVybWlzc2lvblNldFwiLCAvLyBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTSmF2YVNjcmlwdFNESy92My9sYXRlc3QvY2xpZW50L3Nzby1hZG1pbi9jb21tYW5kL0F0dGFjaE1hbmFnZWRQb2xpY3lUb1Blcm1pc3Npb25TZXRDb21tYW5kXG4gICAgICAgIHBhcmFtZXRlcnM6IHtcbiAgICAgICAgICBJbnN0YW5jZUFybjogcHJvcHMuaW5zdGFuY2VBcm4sXG4gICAgICAgICAgUGVybWlzc2lvblNldEFybjogcHJvcHMucGVybWlzc2lvblNldEFybixcbiAgICAgICAgICBNYW5hZ2VkUG9saWN5QXJuOiBwcm9wcy5tYW5hZ2VkUG9saWN5QXJuXG4gICAgICAgIH0sXG4gICAgICAgIHBoeXNpY2FsUmVzb3VyY2VJZDogY3VzdG9tUmVzb3VyY2VzLlBoeXNpY2FsUmVzb3VyY2VJZC5vZihcbiAgICAgICAgICBgYXR0YWNoTWFuYWdlZFBvbGljeVRvUGVybWlzc2lvblNldCR7cHJvcHMucGVybWlzc2lvblNldH1gXG4gICAgICAgIClcbiAgICAgIH0sXG4gICAgICBvbkRlbGV0ZToge1xuICAgICAgICBzZXJ2aWNlOiBcInNzby1hZG1pblwiLFxuICAgICAgICBhY3Rpb246IFwiRGV0YWNoTWFuYWdlZFBvbGljeUZyb21QZXJtaXNzaW9uU2V0XCIsIC8vIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BV1NKYXZhU2NyaXB0U0RLL3YzL2xhdGVzdC9jbGllbnQvc3NvLWFkbWluL2NvbW1hbmQvRGV0YWNoTWFuYWdlZFBvbGljeUZyb21QZXJtaXNzaW9uU2V0Q29tbWFuZC9cbiAgICAgICAgcGFyYW1ldGVyczoge1xuICAgICAgICAgIEluc3RhbmNlQXJuOiBwcm9wcy5pbnN0YW5jZUFybixcbiAgICAgICAgICBQZXJtaXNzaW9uU2V0QXJuOiBwcm9wcy5wZXJtaXNzaW9uU2V0QXJuLFxuICAgICAgICAgIE1hbmFnZWRQb2xpY3lBcm46IHByb3BzLm1hbmFnZWRQb2xpY3lBcm5cbiAgICAgICAgfVxuICAgICAgfSxcbiAgICAgIHBvbGljeTogY3VzdG9tUmVzb3VyY2VzLkF3c0N1c3RvbVJlc291cmNlUG9saWN5LmZyb21TZGtDYWxscyh7XG4gICAgICAgIHJlc291cmNlczogW1wiKlwiXVxuICAgICAgfSksXG4gICAgICAvLyBUT0RPOiBMb2NrIGRvd24gcGVybWlzc2lvbnMsIHdoZW4gd2UncmUgcmVhZHkgdG8gdHJvdWJsZXNob290IGludGVybWl0dGVudCBwb2xpY3kgZXJyb3JzXG4gICAgICAvLyByb2xlOiBwcm9wcy5yb2xlLFxuICAgICAgLy8gcG9saWN5OiBjdXN0b21SZXNvdXJjZXMuQXdzQ3VzdG9tUmVzb3VyY2VQb2xpY3kuZnJvbVN0YXRlbWVudHMoW1xuICAgICAgLy8gICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgIC8vICAgICBhY3Rpb25zOiBbXG4gICAgICAvLyAgICAgICBcInNzbzpQcm92aXNpb25QZXJtaXNzaW9uU2V0XCIsXG4gICAgICAvLyAgICAgICBcInNzbzpBdHRhY2hNYW5hZ2VkUG9saWN5VG9QZXJtaXNzaW9uU2V0XCIsXG4gICAgICAvLyAgICAgICBcInNzbzpEZXRhY2hNYW5hZ2VkUG9saWN5RnJvbVBlcm1pc3Npb25TZXRcIixcbiAgICAgIC8vICAgICAgIFwic3NvOlRhZ1Jlc291cmNlXCJcbiAgICAgIC8vICAgICBdLFxuICAgICAgLy8gICAgIHJlc291cmNlczogW1wiKlwiXVxuICAgICAgLy8gICB9KVxuICAgICAgLy8gXSksXG4gICAgICByZXNvdXJjZVR5cGU6IFwiQ3VzdG9tOjpQZXJtaXNzaW9uU2V0XCJcbiAgICB9KTtcbiAgfVxufVxuIl19
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.Group = void 0;
|
|
4
|
-
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
5
4
|
const constructs_1 = require("constructs");
|
|
6
5
|
const customResources = require("aws-cdk-lib/custom-resources");
|
|
7
6
|
const awsCustomResource_1 = require("../../utilities/awsCustomResource");
|
|
@@ -10,7 +9,7 @@ class Group extends constructs_1.Construct {
|
|
|
10
9
|
super(scope, id);
|
|
11
10
|
const physicalId = `identityStoreGroup${props.displayName}`;
|
|
12
11
|
// Create Group
|
|
13
|
-
const
|
|
12
|
+
const createGroup = new awsCustomResource_1.AwsCustomResource(this, "createIdentityStoreGroup", {
|
|
14
13
|
functionName: `createIdentityStoreGroup${props.displayName}`,
|
|
15
14
|
onCreate: {
|
|
16
15
|
service: "identitystore",
|
|
@@ -22,16 +21,18 @@ class Group extends constructs_1.Construct {
|
|
|
22
21
|
},
|
|
23
22
|
physicalResourceId: customResources.PhysicalResourceId.of(physicalId)
|
|
24
23
|
},
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
]
|
|
24
|
+
role: props.role
|
|
25
|
+
// TODO: Lock down permissions, when we're ready to troubleshoot intermittent policy errors
|
|
26
|
+
// policy: customResources.AwsCustomResourcePolicy.fromStatements([
|
|
27
|
+
// new PolicyStatement({
|
|
28
|
+
// actions: ["identitystore:CreateGroup"],
|
|
29
|
+
// resources: ["*"]
|
|
30
|
+
// })
|
|
31
|
+
// ])
|
|
31
32
|
});
|
|
32
|
-
this.groupId =
|
|
33
|
+
this.groupId = createGroup.getResponseField("GroupId");
|
|
33
34
|
// Update Group
|
|
34
|
-
new awsCustomResource_1.AwsCustomResource(this, "updateIdentityStoreGroup", {
|
|
35
|
+
const updateGroup = new awsCustomResource_1.AwsCustomResource(this, "updateIdentityStoreGroup", {
|
|
35
36
|
functionName: `updateIdentityStoreGroup${props.displayName}`,
|
|
36
37
|
onUpdate: {
|
|
37
38
|
service: "identitystore",
|
|
@@ -53,16 +54,18 @@ class Group extends constructs_1.Construct {
|
|
|
53
54
|
},
|
|
54
55
|
physicalResourceId: customResources.PhysicalResourceId.of(physicalId)
|
|
55
56
|
},
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
]
|
|
57
|
+
role: props.role,
|
|
58
|
+
// TODO: Lock down permissions, when we're ready to troubleshoot intermittent policy errors
|
|
59
|
+
// policy: customResources.AwsCustomResourcePolicy.fromStatements([
|
|
60
|
+
// new PolicyStatement({
|
|
61
|
+
// actions: ["identitystore:UpdateGroup"],
|
|
62
|
+
// resources: ["*"]
|
|
63
|
+
// })
|
|
64
|
+
// ]),
|
|
62
65
|
resourceType: "Custom::Group"
|
|
63
66
|
});
|
|
64
67
|
// Delete Group
|
|
65
|
-
new awsCustomResource_1.AwsCustomResource(this, "deleteIdentityStoreGroup", {
|
|
68
|
+
const deleteGroup = new awsCustomResource_1.AwsCustomResource(this, "deleteIdentityStoreGroup", {
|
|
66
69
|
functionName: `deleteIdentityStoreGroup${props.displayName}`,
|
|
67
70
|
onDelete: {
|
|
68
71
|
service: "identitystore",
|
|
@@ -72,18 +75,24 @@ class Group extends constructs_1.Construct {
|
|
|
72
75
|
IdentityStoreId: props.identityStoreId
|
|
73
76
|
}
|
|
74
77
|
},
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
]
|
|
78
|
+
role: props.role,
|
|
79
|
+
// TODO: Lock down permissions, when we're ready to troubleshoot intermittent policy errors
|
|
80
|
+
// policy: customResources.AwsCustomResourcePolicy.fromStatements([
|
|
81
|
+
// new PolicyStatement({
|
|
82
|
+
// actions: ["identitystore:DeleteGroup"],
|
|
83
|
+
// resources: ["*"]
|
|
84
|
+
// })
|
|
85
|
+
// ]),
|
|
81
86
|
resourceType: "Custom::Group"
|
|
82
87
|
});
|
|
88
|
+
// Implement Dependable to make construct dependable
|
|
89
|
+
constructs_1.Dependable.implement(this, {
|
|
90
|
+
dependencyRoots: [createGroup, updateGroup, deleteGroup]
|
|
91
|
+
});
|
|
83
92
|
}
|
|
84
93
|
getGroupId() {
|
|
85
94
|
return this.groupId;
|
|
86
95
|
}
|
|
87
96
|
}
|
|
88
97
|
exports.Group = Group;
|
|
89
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
98
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ3JvdXAuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi9saWIvcmVzb3VyY2VzL2F3cy9pYW0vaWRlbnRpdHlDZW50ZXIvZ3JvdXAudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQ0EsMkNBQW1EO0FBQ25ELGdFQUFnRTtBQUNoRSx5RUFBc0U7QUFTdEUsTUFBYSxLQUFNLFNBQVEsc0JBQVM7SUFHbEMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUFpQjtRQUN6RCxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWpCLE1BQU0sVUFBVSxHQUFHLHFCQUFxQixLQUFLLENBQUMsV0FBVyxFQUFFLENBQUM7UUFFNUQsZUFBZTtRQUNmLE1BQU0sV0FBVyxHQUFHLElBQUkscUNBQWlCLENBQ3ZDLElBQUksRUFDSiwwQkFBMEIsRUFDMUI7WUFDRSxZQUFZLEVBQUUsMkJBQTJCLEtBQUssQ0FBQyxXQUFXLEVBQUU7WUFDNUQsUUFBUSxFQUFFO2dCQUNSLE9BQU8sRUFBRSxlQUFlO2dCQUN4QixNQUFNLEVBQUUsYUFBYSxFQUFFLHlHQUF5RztnQkFDaEksVUFBVSxFQUFFO29CQUNWLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztvQkFDOUIsZUFBZSxFQUFFLEtBQUssQ0FBQyxlQUFlO29CQUN0QyxXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7aUJBQy9CO2dCQUNELGtCQUFrQixFQUFFLGVBQWUsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDO2FBQ3RFO1lBQ0QsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO1lBQ2hCLDJGQUEyRjtZQUMzRixtRUFBbUU7WUFDbkUsMEJBQTBCO1lBQzFCLDhDQUE4QztZQUM5Qyx1QkFBdUI7WUFDdkIsT0FBTztZQUNQLEtBQUs7U0FDTixDQUNGLENBQUM7UUFFRixJQUFJLENBQUMsT0FBTyxHQUFHLFdBQVcsQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUV2RCxlQUFlO1FBQ2YsTUFBTSxXQUFXLEdBQUcsSUFBSSxxQ0FBaUIsQ0FDdkMsSUFBSSxFQUNKLDBCQUEwQixFQUMxQjtZQUNFLFlBQVksRUFBRSwyQkFBMkIsS0FBSyxDQUFDLFdBQVcsRUFBRTtZQUM1RCxRQUFRLEVBQUU7Z0JBQ1IsT0FBTyxFQUFFLGVBQWU7Z0JBQ3hCLE1BQU0sRUFBRSxhQUFhLEVBQUUseUdBQXlHO2dCQUNoSSxVQUFVLEVBQUU7b0JBQ1YsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPO29CQUNyQixlQUFlLEVBQUUsS0FBSyxDQUFDLGVBQWU7b0JBQ3RDLHlEQUF5RDtvQkFDekQsVUFBVSxFQUFFO3dCQUNWOzRCQUNFLGFBQWEsRUFBRSxhQUFhOzRCQUM1QixjQUFjLEVBQUUsS0FBSyxDQUFDLFdBQVc7eUJBQ2xDO3dCQUNEOzRCQUNFLGFBQWEsRUFBRSxhQUFhOzRCQUM1QixjQUFjLEVBQUUsS0FBSyxDQUFDLFdBQVc7eUJBQ2xDO3FCQUNGO2lCQUNGO2dCQUNELGtCQUFrQixFQUFFLGVBQWUsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDO2FBQ3RFO1lBQ0QsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO1lBQ2hCLDJGQUEyRjtZQUMzRixtRUFBbUU7WUFDbkUsMEJBQTBCO1lBQzFCLDhDQUE4QztZQUM5Qyx1QkFBdUI7WUFDdkIsT0FBTztZQUNQLE1BQU07WUFDTixZQUFZLEVBQUUsZUFBZTtTQUM5QixDQUNGLENBQUM7UUFFRixlQUFlO1FBQ2YsTUFBTSxXQUFXLEdBQUcsSUFBSSxxQ0FBaUIsQ0FDdkMsSUFBSSxFQUNKLDBCQUEwQixFQUMxQjtZQUNFLFlBQVksRUFBRSwyQkFBMkIsS0FBSyxDQUFDLFdBQVcsRUFBRTtZQUM1RCxRQUFRLEVBQUU7Z0JBQ1IsT0FBTyxFQUFFLGVBQWU7Z0JBQ3hCLE1BQU0sRUFBRSxhQUFhLEVBQUUseUdBQXlHO2dCQUNoSSxVQUFVLEVBQUU7b0JBQ1YsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPO29CQUNyQixlQUFlLEVBQUUsS0FBSyxDQUFDLGVBQWU7aUJBQ3ZDO2FBQ0Y7WUFDRCxJQUFJLEVBQUUsS0FBSyxDQUFDLElBQUk7WUFDaEIsMkZBQTJGO1lBQzNGLG1FQUFtRTtZQUNuRSwwQkFBMEI7WUFDMUIsOENBQThDO1lBQzlDLHVCQUF1QjtZQUN2QixPQUFPO1lBQ1AsTUFBTTtZQUNOLFlBQVksRUFBRSxlQUFlO1NBQzlCLENBQ0YsQ0FBQztRQUVGLG9EQUFvRDtRQUNwRCx1QkFBVSxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUU7WUFDekIsZUFBZSxFQUFFLENBQUMsV0FBVyxFQUFFLFdBQVcsRUFBRSxXQUFXLENBQUM7U0FDekQsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVNLFVBQVU7UUFDZixPQUFPLElBQUksQ0FBQyxPQUFPLENBQUM7SUFDdEIsQ0FBQztDQUNGO0FBOUdELHNCQThHQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IFBvbGljeVN0YXRlbWVudCB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCI7XG5pbXBvcnQgeyBDb25zdHJ1Y3QsIERlcGVuZGFibGUgfSBmcm9tIFwiY29uc3RydWN0c1wiO1xuaW1wb3J0ICogYXMgY3VzdG9tUmVzb3VyY2VzIGZyb20gXCJhd3MtY2RrLWxpYi9jdXN0b20tcmVzb3VyY2VzXCI7XG5pbXBvcnQgeyBBd3NDdXN0b21SZXNvdXJjZSB9IGZyb20gXCIuLi8uLi91dGlsaXRpZXMvYXdzQ3VzdG9tUmVzb3VyY2VcIjtcbmltcG9ydCB7IFJvbGUgfSBmcm9tIFwiLi5cIjtcblxuaW50ZXJmYWNlIEdyb3VwUHJvcHMge1xuICBkaXNwbGF5TmFtZTogc3RyaW5nO1xuICBpZGVudGl0eVN0b3JlSWQ6IHN0cmluZztcbiAgZGVzY3JpcHRpb24/OiBzdHJpbmc7XG4gIHJvbGU6IFJvbGU7XG59XG5leHBvcnQgY2xhc3MgR3JvdXAgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBwcml2YXRlIGdyb3VwSWQ6IHN0cmluZztcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogR3JvdXBQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCBwaHlzaWNhbElkID0gYGlkZW50aXR5U3RvcmVHcm91cCR7cHJvcHMuZGlzcGxheU5hbWV9YDtcblxuICAgIC8vIENyZWF0ZSBHcm91cFxuICAgIGNvbnN0IGNyZWF0ZUdyb3VwID0gbmV3IEF3c0N1c3RvbVJlc291cmNlKFxuICAgICAgdGhpcyxcbiAgICAgIFwiY3JlYXRlSWRlbnRpdHlTdG9yZUdyb3VwXCIsXG4gICAgICB7XG4gICAgICAgIGZ1bmN0aW9uTmFtZTogYGNyZWF0ZUlkZW50aXR5U3RvcmVHcm91cCR7cHJvcHMuZGlzcGxheU5hbWV9YCxcbiAgICAgICAgb25DcmVhdGU6IHtcbiAgICAgICAgICBzZXJ2aWNlOiBcImlkZW50aXR5c3RvcmVcIixcbiAgICAgICAgICBhY3Rpb246IFwiQ3JlYXRlR3JvdXBcIiwgLy8gaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FXU0phdmFTY3JpcHRTREsvdjMvbGF0ZXN0L2NsaWVudC9pZGVudGl0eXN0b3JlL2NvbW1hbmQvQ3JlYXRlR3JvdXBDb21tYW5kXG4gICAgICAgICAgcGFyYW1ldGVyczoge1xuICAgICAgICAgICAgRGlzcGxheU5hbWU6IHByb3BzLmRpc3BsYXlOYW1lLFxuICAgICAgICAgICAgSWRlbnRpdHlTdG9yZUlkOiBwcm9wcy5pZGVudGl0eVN0b3JlSWQsXG4gICAgICAgICAgICBEZXNjcmlwdGlvbjogcHJvcHMuZGVzY3JpcHRpb25cbiAgICAgICAgICB9LFxuICAgICAgICAgIHBoeXNpY2FsUmVzb3VyY2VJZDogY3VzdG9tUmVzb3VyY2VzLlBoeXNpY2FsUmVzb3VyY2VJZC5vZihwaHlzaWNhbElkKVxuICAgICAgICB9LFxuICAgICAgICByb2xlOiBwcm9wcy5yb2xlXG4gICAgICAgIC8vIFRPRE86IExvY2sgZG93biBwZXJtaXNzaW9ucywgd2hlbiB3ZSdyZSByZWFkeSB0byB0cm91Ymxlc2hvb3QgaW50ZXJtaXR0ZW50IHBvbGljeSBlcnJvcnNcbiAgICAgICAgLy8gcG9saWN5OiBjdXN0b21SZXNvdXJjZXMuQXdzQ3VzdG9tUmVzb3VyY2VQb2xpY3kuZnJvbVN0YXRlbWVudHMoW1xuICAgICAgICAvLyAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICAvLyAgICAgYWN0aW9uczogW1wiaWRlbnRpdHlzdG9yZTpDcmVhdGVHcm91cFwiXSxcbiAgICAgICAgLy8gICAgIHJlc291cmNlczogW1wiKlwiXVxuICAgICAgICAvLyAgIH0pXG4gICAgICAgIC8vIF0pXG4gICAgICB9XG4gICAgKTtcblxuICAgIHRoaXMuZ3JvdXBJZCA9IGNyZWF0ZUdyb3VwLmdldFJlc3BvbnNlRmllbGQoXCJHcm91cElkXCIpO1xuXG4gICAgLy8gVXBkYXRlIEdyb3VwXG4gICAgY29uc3QgdXBkYXRlR3JvdXAgPSBuZXcgQXdzQ3VzdG9tUmVzb3VyY2UoXG4gICAgICB0aGlzLFxuICAgICAgXCJ1cGRhdGVJZGVudGl0eVN0b3JlR3JvdXBcIixcbiAgICAgIHtcbiAgICAgICAgZnVuY3Rpb25OYW1lOiBgdXBkYXRlSWRlbnRpdHlTdG9yZUdyb3VwJHtwcm9wcy5kaXNwbGF5TmFtZX1gLFxuICAgICAgICBvblVwZGF0ZToge1xuICAgICAgICAgIHNlcnZpY2U6IFwiaWRlbnRpdHlzdG9yZVwiLFxuICAgICAgICAgIGFjdGlvbjogXCJVcGRhdGVHcm91cFwiLCAvLyBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTSmF2YVNjcmlwdFNESy92My9sYXRlc3QvY2xpZW50L2lkZW50aXR5c3RvcmUvY29tbWFuZC9VcGRhdGVHcm91cENvbW1hbmRcbiAgICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgICBHcm91cElkOiB0aGlzLmdyb3VwSWQsXG4gICAgICAgICAgICBJZGVudGl0eVN0b3JlSWQ6IHByb3BzLmlkZW50aXR5U3RvcmVJZCxcbiAgICAgICAgICAgIC8vIFRPRE86IFN1cHBwb3J0IHRha2luZyBpbiBhbnkgY2hhbmdlcyBhbmQgdXBkYXRpbmcgdGhlbVxuICAgICAgICAgICAgT3BlcmF0aW9uczogW1xuICAgICAgICAgICAgICB7XG4gICAgICAgICAgICAgICAgQXR0cmlidXRlUGF0aDogXCJEaXNwbGF5TmFtZVwiLFxuICAgICAgICAgICAgICAgIEF0dHJpYnV0ZVZhbHVlOiBwcm9wcy5kaXNwbGF5TmFtZVxuICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICB7XG4gICAgICAgICAgICAgICAgQXR0cmlidXRlUGF0aDogXCJEZXNjcmlwdGlvblwiLFxuICAgICAgICAgICAgICAgIEF0dHJpYnV0ZVZhbHVlOiBwcm9wcy5kZXNjcmlwdGlvblxuICAgICAgICAgICAgICB9XG4gICAgICAgICAgICBdXG4gICAgICAgICAgfSxcbiAgICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IGN1c3RvbVJlc291cmNlcy5QaHlzaWNhbFJlc291cmNlSWQub2YocGh5c2ljYWxJZClcbiAgICAgICAgfSxcbiAgICAgICAgcm9sZTogcHJvcHMucm9sZSxcbiAgICAgICAgLy8gVE9ETzogTG9jayBkb3duIHBlcm1pc3Npb25zLCB3aGVuIHdlJ3JlIHJlYWR5IHRvIHRyb3VibGVzaG9vdCBpbnRlcm1pdHRlbnQgcG9saWN5IGVycm9yc1xuICAgICAgICAvLyBwb2xpY3k6IGN1c3RvbVJlc291cmNlcy5Bd3NDdXN0b21SZXNvdXJjZVBvbGljeS5mcm9tU3RhdGVtZW50cyhbXG4gICAgICAgIC8vICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgIC8vICAgICBhY3Rpb25zOiBbXCJpZGVudGl0eXN0b3JlOlVwZGF0ZUdyb3VwXCJdLFxuICAgICAgICAvLyAgICAgcmVzb3VyY2VzOiBbXCIqXCJdXG4gICAgICAgIC8vICAgfSlcbiAgICAgICAgLy8gXSksXG4gICAgICAgIHJlc291cmNlVHlwZTogXCJDdXN0b206Okdyb3VwXCJcbiAgICAgIH1cbiAgICApO1xuXG4gICAgLy8gRGVsZXRlIEdyb3VwXG4gICAgY29uc3QgZGVsZXRlR3JvdXAgPSBuZXcgQXdzQ3VzdG9tUmVzb3VyY2UoXG4gICAgICB0aGlzLFxuICAgICAgXCJkZWxldGVJZGVudGl0eVN0b3JlR3JvdXBcIixcbiAgICAgIHtcbiAgICAgICAgZnVuY3Rpb25OYW1lOiBgZGVsZXRlSWRlbnRpdHlTdG9yZUdyb3VwJHtwcm9wcy5kaXNwbGF5TmFtZX1gLFxuICAgICAgICBvbkRlbGV0ZToge1xuICAgICAgICAgIHNlcnZpY2U6IFwiaWRlbnRpdHlzdG9yZVwiLFxuICAgICAgICAgIGFjdGlvbjogXCJEZWxldGVHcm91cFwiLCAvLyBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTSmF2YVNjcmlwdFNESy92My9sYXRlc3QvY2xpZW50L2lkZW50aXR5c3RvcmUvY29tbWFuZC9EZWxldGVHcm91cENvbW1hbmRcbiAgICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgICBHcm91cElkOiB0aGlzLmdyb3VwSWQsXG4gICAgICAgICAgICBJZGVudGl0eVN0b3JlSWQ6IHByb3BzLmlkZW50aXR5U3RvcmVJZFxuICAgICAgICAgIH1cbiAgICAgICAgfSxcbiAgICAgICAgcm9sZTogcHJvcHMucm9sZSxcbiAgICAgICAgLy8gVE9ETzogTG9jayBkb3duIHBlcm1pc3Npb25zLCB3aGVuIHdlJ3JlIHJlYWR5IHRvIHRyb3VibGVzaG9vdCBpbnRlcm1pdHRlbnQgcG9saWN5IGVycm9yc1xuICAgICAgICAvLyBwb2xpY3k6IGN1c3RvbVJlc291cmNlcy5Bd3NDdXN0b21SZXNvdXJjZVBvbGljeS5mcm9tU3RhdGVtZW50cyhbXG4gICAgICAgIC8vICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgIC8vICAgICBhY3Rpb25zOiBbXCJpZGVudGl0eXN0b3JlOkRlbGV0ZUdyb3VwXCJdLFxuICAgICAgICAvLyAgICAgcmVzb3VyY2VzOiBbXCIqXCJdXG4gICAgICAgIC8vICAgfSlcbiAgICAgICAgLy8gXSksXG4gICAgICAgIHJlc291cmNlVHlwZTogXCJDdXN0b206Okdyb3VwXCJcbiAgICAgIH1cbiAgICApO1xuXG4gICAgLy8gSW1wbGVtZW50IERlcGVuZGFibGUgdG8gbWFrZSBjb25zdHJ1Y3QgZGVwZW5kYWJsZVxuICAgIERlcGVuZGFibGUuaW1wbGVtZW50KHRoaXMsIHtcbiAgICAgIGRlcGVuZGVuY3lSb290czogW2NyZWF0ZUdyb3VwLCB1cGRhdGVHcm91cCwgZGVsZXRlR3JvdXBdXG4gICAgfSk7XG4gIH1cblxuICBwdWJsaWMgZ2V0R3JvdXBJZCgpOiBzdHJpbmcge1xuICAgIHJldHVybiB0aGlzLmdyb3VwSWQ7XG4gIH1cbn1cbiJdfQ==
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
interface CloudFormationEvent {
|
|
2
|
+
RequestType: "Create" | "Update" | "Delete";
|
|
3
|
+
ResponseURL: string;
|
|
4
|
+
StackId: string;
|
|
5
|
+
RequestId: string;
|
|
6
|
+
ResourceType: string;
|
|
7
|
+
LogicalResourceId: string;
|
|
8
|
+
PhysicalResourceId?: string;
|
|
9
|
+
ResourceProperties: {
|
|
10
|
+
ServiceToken: string;
|
|
11
|
+
InstanceArn: string;
|
|
12
|
+
PermissionSetArn: string;
|
|
13
|
+
PrincipalType: string;
|
|
14
|
+
PrincipalId: string;
|
|
15
|
+
TargetType: string;
|
|
16
|
+
TargetId: string;
|
|
17
|
+
[key: string]: any;
|
|
18
|
+
};
|
|
19
|
+
OldResourceProperties?: {
|
|
20
|
+
[key: string]: any;
|
|
21
|
+
};
|
|
22
|
+
}
|
|
23
|
+
export declare const handler: (event: CloudFormationEvent) => Promise<any>;
|
|
24
|
+
export {};
|