@justworkflowit/cdk-constructs 0.0.312 → 0.0.313
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,11 +1,16 @@
|
|
|
1
1
|
import { Construct } from 'constructs';
|
|
2
|
+
import { Role } from 'aws-cdk-lib/aws-iam';
|
|
2
3
|
export interface JustWorkflowItConstructsProps {
|
|
3
4
|
disambiguator: string;
|
|
4
5
|
organizationId: string;
|
|
5
6
|
workflowDefinitions: string[];
|
|
6
7
|
ignoreDefinitionDeployerFailures?: boolean;
|
|
8
|
+
lambdaArns?: string[];
|
|
9
|
+
snsTopicArns?: string[];
|
|
10
|
+
sqsQueueArns?: string[];
|
|
7
11
|
}
|
|
8
12
|
export declare class JustWorkflowItConstructs extends Construct {
|
|
9
13
|
private static readonly CONSTRUCT_ID_PREFIX;
|
|
14
|
+
readonly executionRole: Role;
|
|
10
15
|
constructor(scope: Construct, props: JustWorkflowItConstructsProps);
|
|
11
16
|
}
|
|
@@ -95,11 +95,14 @@ class JustWorkflowItConstructs extends constructs_1.Construct {
|
|
|
95
95
|
const secret = new aws_secretsmanager_1.Secret(this, 'JustWorkflowItAuthTokenSecret', {
|
|
96
96
|
secretName,
|
|
97
97
|
secretStringValue: aws_cdk_lib_1.SecretValue.unsafePlainText('REPLACE_ME_WITH_JUST_WORKFLOW_IT_AUTH_TOKEN'),
|
|
98
|
-
description: '
|
|
98
|
+
description: 'Replace this placeholder with your JustWorkflowIt API auth token to enable workflow deployment.',
|
|
99
99
|
});
|
|
100
100
|
const bucket = new aws_s3_1.Bucket(this, 'WorkflowDefinitionsBucket', {
|
|
101
101
|
removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
|
|
102
102
|
autoDeleteObjects: true,
|
|
103
|
+
blockPublicAccess: aws_s3_1.BlockPublicAccess.BLOCK_ALL,
|
|
104
|
+
enforceSSL: true,
|
|
105
|
+
encryption: aws_s3_1.BucketEncryption.S3_MANAGED,
|
|
103
106
|
});
|
|
104
107
|
// Upload each definition and collect its S3 key
|
|
105
108
|
const definitionKeys = [];
|
|
@@ -149,20 +152,28 @@ class JustWorkflowItConstructs extends constructs_1.Construct {
|
|
|
149
152
|
const executionRole = new aws_iam_1.Role(this, 'JustWorkflowItAutomationExecutionRole', {
|
|
150
153
|
roleName: `JustWorkflowItExecutionRole`,
|
|
151
154
|
assumedBy: new aws_iam_1.AccountPrincipal(JUSTWORKFLOWIT_PRODUCTION_ACCOUNT),
|
|
155
|
+
externalIds: [props.organizationId],
|
|
152
156
|
description: 'Role assumed by JustWorkflowIt backend to perform workflow actions in this account.',
|
|
153
157
|
});
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
}
|
|
158
|
+
if (props.lambdaArns && props.lambdaArns.length > 0) {
|
|
159
|
+
executionRole.addToPolicy(new aws_iam_1.PolicyStatement({
|
|
160
|
+
actions: ['lambda:InvokeFunction'],
|
|
161
|
+
resources: props.lambdaArns,
|
|
162
|
+
}));
|
|
163
|
+
}
|
|
164
|
+
if (props.snsTopicArns && props.snsTopicArns.length > 0) {
|
|
165
|
+
executionRole.addToPolicy(new aws_iam_1.PolicyStatement({
|
|
166
|
+
actions: ['sns:Publish'],
|
|
167
|
+
resources: props.snsTopicArns,
|
|
168
|
+
}));
|
|
169
|
+
}
|
|
170
|
+
if (props.sqsQueueArns && props.sqsQueueArns.length > 0) {
|
|
171
|
+
executionRole.addToPolicy(new aws_iam_1.PolicyStatement({
|
|
172
|
+
actions: ['sqs:SendMessage'],
|
|
173
|
+
resources: props.sqsQueueArns,
|
|
174
|
+
}));
|
|
175
|
+
}
|
|
176
|
+
this.executionRole = executionRole;
|
|
166
177
|
}
|
|
167
178
|
}
|
|
168
179
|
exports.JustWorkflowItConstructs = JustWorkflowItConstructs;
|