@gradientedge/cdk-utils 8.129.0 → 8.130.0

package/dist/src/lib/aws/services/eventbridge/main.d.ts

@@ -6,7 +6,7 @@ import { CfnPipe } from 'aws-cdk-lib/aws-pipes';
 import { IQueue } from 'aws-cdk-lib/aws-sqs';
 import { IStateMachine } from 'aws-cdk-lib/aws-stepfunctions';
 import { CommonConstruct } from '../../common';
-import { EventBusProps, EventRuleProps, RuleProps, SqsToSfnPipeProps } from './types';
+import { EventBusProps, EventRuleProps, RuleProps, SqsToSfnPipeProps, DynamoDbToLambdaPipeProps } from './types';
 /**
  * @classdesc Provides operations on AWS EventBridge.
  * - A new instance of this class is injected into {@link CommonConstruct} constructor.
@@ -72,4 +72,13 @@ export declare class EventManager {
      * @param targetStepFunction the target step function
      */
     createSqsToSfnCfnPipe(id: string, scope: CommonConstruct, props: SqsToSfnPipeProps, sourceQueue: IQueue, targetStepFunction: IStateMachine): CfnPipe;
+    /**
+     * @summary Method to create an eventbridge pipe with DynamoDb stream as source and lambda function as target
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props the props for the pipe
+     * @param dynamoDbStream the source dynamoDb stream
+     * @param targetLambdaFunction the target lambda function
+     */
+    createDynamoDbToLambdaCfnPipe(id: string, scope: CommonConstruct, props: DynamoDbToLambdaPipeProps, sourceDynamoDbStreamArn: string, targetLambdaFunction: IFunction): CfnPipe;
 }

package/dist/src/lib/aws/services/eventbridge/main.js

@@ -194,5 +194,41 @@ class EventManager {
         (0, utils_1.createCfnOutput)(`${id}-pipeName`, scope, pipe.name);
         return pipe;
     }
+    /**
+     * @summary Method to create an eventbridge pipe with DynamoDb stream as source and lambda function as target
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props the props for the pipe
+     * @param dynamoDbStream the source dynamoDb stream
+     * @param targetLambdaFunction the target lambda function
+     */
+    createDynamoDbToLambdaCfnPipe(id, scope, props, sourceDynamoDbStreamArn, targetLambdaFunction) {
+        const pipeRole = scope.iamManager.createRoleForDynamoDbToLambdaPipe(`${id}-role`, scope, sourceDynamoDbStreamArn, targetLambdaFunction.functionArn);
+        const pipe = new aws_pipes_1.CfnPipe(scope, `${id}`, {
+            ...props,
+            name: `${props.name}-${scope.props.stage}`,
+            roleArn: pipeRole.roleArn,
+            source: sourceDynamoDbStreamArn,
+            sourceParameters: {
+                filterCriteria: props.pipeFilterPattern
+                    ? {
+                        filters: [
+                            {
+                                pattern: JSON.stringify(props.pipeFilterPattern),
+                            },
+                        ],
+                    }
+                    : undefined,
+                dynamoDbStreamParameters: {
+                    startingPosition: props.dynamoDbStartingPosition,
+                    batchSize: props.dynamoDbBatchSize,
+                },
+            },
+            target: targetLambdaFunction.functionArn,
+        });
+        (0, utils_1.createCfnOutput)(`${id}-pipeArn`, scope, pipe.attrArn);
+        (0, utils_1.createCfnOutput)(`${id}-pipeName`, scope, pipe.name);
+        return pipe;
+    }
 }
 exports.EventManager = EventManager;

package/dist/src/lib/aws/services/eventbridge/types.d.ts

@@ -25,3 +25,11 @@ export interface RuleProps extends CfnRuleProps {
  */
 export interface EventBusProps extends EBProps {
 }
+/**
+ }
+ */
+export interface DynamoDbToLambdaPipeProps extends CfnPipeProps {
+    pipeFilterPattern?: any;
+    dynamoDbBatchSize?: number;
+    dynamoDbStartingPosition: string;
+}

package/dist/src/lib/aws/services/identity-access-management/main.d.ts

@@ -176,6 +176,11 @@ export declare class IamManager {
      * @param resourceArns list of ARNs to allow access to
      */
     statementForWriteTableItems(resourceArns?: string[]): PolicyStatement;
+    /**
+     * @summary Method to create iam statement to poll from dynamodb table
+     * @param resourceArns list of ARNs to allow access to
+     */
+    statementFordynamoDbStream(resourceArns?: string[]): PolicyStatement;
     /**
      * @summary Method to create iam statement for cloud trail
      * @param id scoped id of the resource
@@ -239,4 +244,12 @@ export declare class IamManager {
      * @param servicePrincipals
      */
     createPolicyForSqsEvent(id: string, scope: CommonConstruct, sqsQueue: Queue, eventBridgeRule: IRule, servicePrincipals?: ServicePrincipal[]): PolicyDocument;
+    /**
+     * @summary Method to create iam statement for dynamoDb to lambda function pipe
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param dynamoDbStreamArn the arn of the dynamoDb Stream queue
+     * @param lambdaFunctionArn the arn of the lambda function
+     */
+    createRoleForDynamoDbToLambdaPipe(id: string, scope: CommonConstruct, dynamoDbStreamArn: string, lambdaFunctionArn: string): Role;
 }

package/dist/src/lib/aws/services/identity-access-management/main.js

@@ -388,6 +388,17 @@ class IamManager {
             resources: resourceArns ?? ['*'],
         });
     }
+    /**
+     * @summary Method to create iam statement to poll from dynamodb table
+     * @param resourceArns list of ARNs to allow access to
+     */
+    statementFordynamoDbStream(resourceArns) {
+        return new aws_iam_1.PolicyStatement({
+            actions: ['dynamodb:DescribeStream', 'dynamodb:GetRecords', 'dynamodb:GetShardIterator', 'dynamodb:ListStreams'],
+            effect: aws_iam_1.Effect.ALLOW,
+            resources: resourceArns ?? ['*'],
+        });
+    }
     /**
      * @summary Method to create iam statement for cloud trail
      * @param id scoped id of the resource
@@ -559,5 +570,24 @@ class IamManager {
             ],
         });
     }
+    /**
+     * @summary Method to create iam statement for dynamoDb to lambda function pipe
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param dynamoDbStreamArn the arn of the dynamoDb Stream queue
+     * @param lambdaFunctionArn the arn of the lambda function
+     */
+    createRoleForDynamoDbToLambdaPipe(id, scope, dynamoDbStreamArn, lambdaFunctionArn) {
+        const role = new aws_iam_1.Role(scope, `${id}`, {
+            assumedBy: new aws_iam_1.ServicePrincipal('pipes.amazonaws.com'),
+            description: `Role for ${id} Pipe`,
+            roleName: `${id}-${scope.props.stage}`,
+        });
+        role.addToPolicy(this.statementFordynamoDbStream([dynamoDbStreamArn]));
+        role.addToPolicy(this.statementForInvokeLambda([lambdaFunctionArn]));
+        (0, utils_1.createCfnOutput)(`${id}Arn`, scope, role.roleArn);
+        (0, utils_1.createCfnOutput)(`${id}Name`, scope, role.roleName);
+        return role;
+    }
 }
 exports.IamManager = IamManager;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gradientedge/cdk-utils",
-  "version": "8.129.0",
+  "version": "8.130.0",
   "description": "Utilities for AWS CDK provisioning",
   "main": "dist/index.js",
   "engines": {

package/src/lib/aws/services/eventbridge/main.ts

@@ -9,7 +9,7 @@ import { IStateMachine } from 'aws-cdk-lib/aws-stepfunctions'
 import _ from 'lodash'
 import { CommonConstruct } from '../../common'
 import { createCfnOutput } from '../../utils'
-import { EventBusProps, EventRuleProps, RuleProps, SqsToSfnPipeProps } from './types'
+import { EventBusProps, EventRuleProps, RuleProps, SqsToSfnPipeProps, DynamoDbToLambdaPipeProps } from './types'
 
 /**
  * @classdesc Provides operations on AWS EventBridge.
@@ -246,4 +246,55 @@ export class EventManager {
 
     return pipe
   }
+
+  /**
+   * @summary Method to create an eventbridge pipe with DynamoDb stream as source and lambda function as target
+   * @param id scoped id of the resource
+   * @param scope scope in which this resource is defined
+   * @param props the props for the pipe
+   * @param dynamoDbStream the source dynamoDb stream
+   * @param targetLambdaFunction the target lambda function
+   */
+  public createDynamoDbToLambdaCfnPipe(
+    id: string,
+    scope: CommonConstruct,
+    props: DynamoDbToLambdaPipeProps,
+    sourceDynamoDbStreamArn: string,
+    targetLambdaFunction: IFunction
+  ) {
+    const pipeRole = scope.iamManager.createRoleForDynamoDbToLambdaPipe(
+      `${id}-role`,
+      scope,
+      sourceDynamoDbStreamArn,
+      targetLambdaFunction.functionArn
+    )
+
+    const pipe = new CfnPipe(scope, `${id}`, {
+      ...props,
+      name: `${props.name}-${scope.props.stage}`,
+      roleArn: pipeRole.roleArn,
+      source: sourceDynamoDbStreamArn,
+      sourceParameters: {
+        filterCriteria: props.pipeFilterPattern
+          ? {
+              filters: [
+                {
+                  pattern: JSON.stringify(props.pipeFilterPattern),
+                },
+              ],
+            }
+          : undefined,
+        dynamoDbStreamParameters: {
+          startingPosition: props.dynamoDbStartingPosition,
+          batchSize: props.dynamoDbBatchSize,
+        },
+      },
+      target: targetLambdaFunction.functionArn,
+    })
+
+    createCfnOutput(`${id}-pipeArn`, scope, pipe.attrArn)
+    createCfnOutput(`${id}-pipeName`, scope, pipe.name)
+
+    return pipe
+  }
 }

package/src/lib/aws/services/eventbridge/types.ts

@@ -28,3 +28,12 @@ export interface RuleProps extends CfnRuleProps {
 /**
  */
 export interface EventBusProps extends EBProps {}
+
+/**
+ }
+ */
+export interface DynamoDbToLambdaPipeProps extends CfnPipeProps {
+  pipeFilterPattern?: any
+  dynamoDbBatchSize?: number
+  dynamoDbStartingPosition: string
+}

package/src/lib/aws/services/identity-access-management/main.ts

@@ -432,6 +432,18 @@ export class IamManager {
     })
   }
 
+  /**
+   * @summary Method to create iam statement to poll from dynamodb table
+   * @param resourceArns list of ARNs to allow access to
+   */
+  public statementFordynamoDbStream(resourceArns?: string[]) {
+    return new PolicyStatement({
+      actions: ['dynamodb:DescribeStream', 'dynamodb:GetRecords', 'dynamodb:GetShardIterator', 'dynamodb:ListStreams'],
+      effect: Effect.ALLOW,
+      resources: resourceArns ?? ['*'],
+    })
+  }
+
   /**
    * @summary Method to create iam statement for cloud trail
    * @param id scoped id of the resource
@@ -659,4 +671,32 @@ export class IamManager {
       ],
     })
   }
+
+  /**
+   * @summary Method to create iam statement for dynamoDb to lambda function pipe
+   * @param id scoped id of the resource
+   * @param scope scope in which this resource is defined
+   * @param dynamoDbStreamArn the arn of the dynamoDb Stream queue
+   * @param lambdaFunctionArn the arn of the lambda function
+   */
+  public createRoleForDynamoDbToLambdaPipe(
+    id: string,
+    scope: CommonConstruct,
+    dynamoDbStreamArn: string,
+    lambdaFunctionArn: string
+  ) {
+    const role = new Role(scope, `${id}`, {
+      assumedBy: new ServicePrincipal('pipes.amazonaws.com'),
+      description: `Role for ${id} Pipe`,
+      roleName: `${id}-${scope.props.stage}`,
+    })
+
+    role.addToPolicy(this.statementFordynamoDbStream([dynamoDbStreamArn]))
+    role.addToPolicy(this.statementForInvokeLambda([lambdaFunctionArn]))
+
+    createCfnOutput(`${id}Arn`, scope, role.roleArn)
+    createCfnOutput(`${id}Name`, scope, role.roleName)
+
+    return role
+  }
 }