1 | ;
|
2 | var _a;
|
3 | Object.defineProperty(exports, "__esModule", { value: true });
|
4 | exports.EdgeFunction = void 0;
|
5 | const jsiiDeprecationWarnings = require("../../.warnings.jsii.js");
|
6 | const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
|
7 | const path = require("path");
|
8 | const iam = require("@aws-cdk/aws-iam");
|
9 | const lambda = require("@aws-cdk/aws-lambda");
|
10 | const ssm = require("@aws-cdk/aws-ssm");
|
11 | const core_1 = require("@aws-cdk/core");
|
12 | /**
|
13 | * A Lambda@Edge function.
|
14 | *
|
15 | * Convenience resource for requesting a Lambda function in the 'us-east-1' region for use with Lambda@Edge.
|
16 | * Implements several restrictions enforced by Lambda@Edge.
|
17 | *
|
18 | * Note that this construct requires that the 'us-east-1' region has been bootstrapped.
|
19 | * See https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html or 'cdk bootstrap --help' for options.
|
20 | *
|
21 | * @resource AWS::Lambda::Function
|
22 | */
|
23 | class EdgeFunction extends core_1.Resource {
|
24 | constructor(scope, id, props) {
|
25 | super(scope, id);
|
26 | this.isBoundToVpc = false;
|
27 | try {
|
28 | jsiiDeprecationWarnings._aws_cdk_aws_cloudfront_experimental_EdgeFunctionProps(props);
|
29 | }
|
30 | catch (error) {
|
31 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
32 | Error.captureStackTrace(error, this.constructor);
|
33 | }
|
34 | throw error;
|
35 | }
|
36 | // Create a simple Function if we're already in us-east-1; otherwise create a cross-region stack.
|
37 | const regionIsUsEast1 = !core_1.Token.isUnresolved(this.env.region) && this.env.region === 'us-east-1';
|
38 | const { edgeFunction, edgeArn } = regionIsUsEast1
|
39 | ? this.createInRegionFunction(props)
|
40 | : this.createCrossRegionFunction(id, props);
|
41 | this.edgeArn = edgeArn;
|
42 | this.functionArn = edgeArn;
|
43 | this._edgeFunction = edgeFunction;
|
44 | this.functionName = this._edgeFunction.functionName;
|
45 | this.grantPrincipal = this._edgeFunction.role;
|
46 | this.permissionsNode = this._edgeFunction.permissionsNode;
|
47 | this.version = lambda.extractQualifierFromArn(this.functionArn);
|
48 | this.architecture = this._edgeFunction.architecture;
|
49 | this.resourceArnsForGrantInvoke = this._edgeFunction.resourceArnsForGrantInvoke;
|
50 | this.node.defaultChild = this._edgeFunction;
|
51 | }
|
52 | get lambda() {
|
53 | return this._edgeFunction;
|
54 | }
|
55 | /**
|
56 | * Convenience method to make `EdgeFunction` conform to the same interface as `Function`.
|
57 | */
|
58 | get currentVersion() {
|
59 | return this;
|
60 | }
|
61 | addAlias(aliasName, options = {}) {
|
62 | return new lambda.Alias(this._edgeFunction, `Alias${aliasName}`, {
|
63 | aliasName,
|
64 | version: this._edgeFunction.currentVersion,
|
65 | ...options,
|
66 | });
|
67 | }
|
68 | /**
|
69 | * Not supported. Connections are only applicable to VPC-enabled functions.
|
70 | */
|
71 | get connections() {
|
72 | throw new Error('Lambda@Edge does not support connections');
|
73 | }
|
74 | get latestVersion() {
|
75 | throw new Error('$LATEST function version cannot be used for Lambda@Edge');
|
76 | }
|
77 | addEventSourceMapping(id, options) {
|
78 | return this.lambda.addEventSourceMapping(id, options);
|
79 | }
|
80 | addPermission(id, permission) {
|
81 | return this.lambda.addPermission(id, permission);
|
82 | }
|
83 | addToRolePolicy(statement) {
|
84 | return this.lambda.addToRolePolicy(statement);
|
85 | }
|
86 | grantInvoke(identity) {
|
87 | return this.lambda.grantInvoke(identity);
|
88 | }
|
89 | grantInvokeUrl(identity) {
|
90 | return this.lambda.grantInvokeUrl(identity);
|
91 | }
|
92 | metric(metricName, props) {
|
93 | return this.lambda.metric(metricName, { ...props, region: EdgeFunction.EDGE_REGION });
|
94 | }
|
95 | metricDuration(props) {
|
96 | return this.lambda.metricDuration({ ...props, region: EdgeFunction.EDGE_REGION });
|
97 | }
|
98 | metricErrors(props) {
|
99 | return this.lambda.metricErrors({ ...props, region: EdgeFunction.EDGE_REGION });
|
100 | }
|
101 | metricInvocations(props) {
|
102 | return this.lambda.metricInvocations({ ...props, region: EdgeFunction.EDGE_REGION });
|
103 | }
|
104 | metricThrottles(props) {
|
105 | return this.lambda.metricThrottles({ ...props, region: EdgeFunction.EDGE_REGION });
|
106 | }
|
107 | /** Adds an event source to this function. */
|
108 | addEventSource(source) {
|
109 | return this.lambda.addEventSource(source);
|
110 | }
|
111 | configureAsyncInvoke(options) {
|
112 | return this.lambda.configureAsyncInvoke(options);
|
113 | }
|
114 | addFunctionUrl(options) {
|
115 | return this.lambda.addFunctionUrl(options);
|
116 | }
|
117 | /** Create a function in-region */
|
118 | createInRegionFunction(props) {
|
119 | const edgeFunction = new lambda.Function(this, 'Fn', props);
|
120 | addEdgeLambdaToRoleTrustStatement(edgeFunction.role);
|
121 | return { edgeFunction, edgeArn: edgeFunction.currentVersion.edgeArn };
|
122 | }
|
123 | /** Create a support stack and function in us-east-1, and a SSM reader in-region */
|
124 | createCrossRegionFunction(id, props) {
|
125 | const parameterNamePrefix = 'cdk/EdgeFunctionArn';
|
126 | if (core_1.Token.isUnresolved(this.env.region)) {
|
127 | throw new Error('stacks which use EdgeFunctions must have an explicitly set region');
|
128 | }
|
129 | // SSM parameter names must only contain letters, numbers, ., _, -, or /.
|
130 | const sanitizedPath = this.node.path.replace(/[^\/\w.-]/g, '_');
|
131 | const parameterName = `/${parameterNamePrefix}/${this.env.region}/${sanitizedPath}`;
|
132 | const functionStack = this.edgeStack(props.stackId);
|
133 | const edgeFunction = new lambda.Function(functionStack, id, props);
|
134 | addEdgeLambdaToRoleTrustStatement(edgeFunction.role);
|
135 | // Store the current version's ARN to be retrieved by the cross region reader below.
|
136 | const version = edgeFunction.currentVersion;
|
137 | new ssm.StringParameter(edgeFunction, 'Parameter', {
|
138 | parameterName,
|
139 | stringValue: version.edgeArn,
|
140 | });
|
141 | const edgeArn = this.createCrossRegionArnReader(parameterNamePrefix, parameterName, version);
|
142 | return { edgeFunction, edgeArn };
|
143 | }
|
144 | createCrossRegionArnReader(parameterNamePrefix, parameterName, version) {
|
145 | // Prefix of the parameter ARN that applies to all EdgeFunctions.
|
146 | // This is necessary because the `CustomResourceProvider` is a singleton, and the `policyStatement`
|
147 | // must work for multiple EdgeFunctions.
|
148 | const parameterArnPrefix = this.stack.formatArn({
|
149 | service: 'ssm',
|
150 | region: EdgeFunction.EDGE_REGION,
|
151 | resource: 'parameter',
|
152 | resourceName: parameterNamePrefix + '/*',
|
153 | });
|
154 | const resourceType = 'Custom::CrossRegionStringParameterReader';
|
155 | const serviceToken = core_1.CustomResourceProvider.getOrCreate(this, resourceType, {
|
156 | codeDirectory: path.join(__dirname, 'edge-function'),
|
157 | runtime: core_1.CustomResourceProviderRuntime.NODEJS_12_X,
|
158 | policyStatements: [{
|
159 | Effect: 'Allow',
|
160 | Resource: parameterArnPrefix,
|
161 | Action: ['ssm:GetParameter'],
|
162 | }],
|
163 | });
|
164 | const resource = new core_1.CustomResource(this, 'ArnReader', {
|
165 | resourceType: resourceType,
|
166 | serviceToken,
|
167 | properties: {
|
168 | Region: EdgeFunction.EDGE_REGION,
|
169 | ParameterName: parameterName,
|
170 | // This is used to determine when the function has changed, to refresh the ARN from the custom resource.
|
171 | //
|
172 | // Use the logical id of the function version. Whenever a function version changes, the logical id must be
|
173 | // changed for it to take effect - a good candidate for RefreshToken.
|
174 | RefreshToken: core_1.Lazy.uncachedString({
|
175 | produce: () => {
|
176 | const cfn = version.node.defaultChild;
|
177 | return this.stack.resolve(cfn.logicalId);
|
178 | },
|
179 | }),
|
180 | },
|
181 | });
|
182 | return resource.getAttString('FunctionArn');
|
183 | }
|
184 | edgeStack(stackId) {
|
185 | const stage = core_1.Stage.of(this);
|
186 | if (!stage) {
|
187 | throw new Error('stacks which use EdgeFunctions must be part of a CDK app or stage');
|
188 | }
|
189 | const edgeStackId = stackId !== null && stackId !== void 0 ? stackId : `edge-lambda-stack-${this.stack.node.addr}`;
|
190 | let edgeStack = stage.node.tryFindChild(edgeStackId);
|
191 | if (!edgeStack) {
|
192 | edgeStack = new core_1.Stack(stage, edgeStackId, {
|
193 | env: {
|
194 | region: EdgeFunction.EDGE_REGION,
|
195 | account: core_1.Stack.of(this).account,
|
196 | },
|
197 | });
|
198 | }
|
199 | this.stack.addDependency(edgeStack);
|
200 | return edgeStack;
|
201 | }
|
202 | }
|
203 | exports.EdgeFunction = EdgeFunction;
|
204 | _a = JSII_RTTI_SYMBOL_1;
|
205 | EdgeFunction[_a] = { fqn: "@aws-cdk/aws-cloudfront.experimental.EdgeFunction", version: "1.157.0" };
|
206 | EdgeFunction.EDGE_REGION = 'us-east-1';
|
207 | function addEdgeLambdaToRoleTrustStatement(role) {
|
208 | if (role instanceof iam.Role && role.assumeRolePolicy) {
|
209 | const statement = new iam.PolicyStatement();
|
210 | const edgeLambdaServicePrincipal = new iam.ServicePrincipal('edgelambda.amazonaws.com');
|
211 | statement.addPrincipals(edgeLambdaServicePrincipal);
|
212 | statement.addActions(edgeLambdaServicePrincipal.assumeRoleAction);
|
213 | role.assumeRolePolicy.addStatements(statement);
|
214 | }
|
215 | }
|
216 | //# sourceMappingURL=data:application/json;base64,{"version":3,"file":"edge-function.js","sourceRoot":"","sources":["edge-function.ts"],"names":[],"mappings":";;;;;;AAAA,6BAA6B;AAG7B,wCAAwC;AACxC,8CAA8C;AAC9C,wCAAwC;AACxC,wCAIuB;AAevB;;;;;;;;;;GAUG;AACH,MAAa,YAAa,SAAQ,eAAQ;IAiBxC,YAAY,KAAgB,EAAE,EAAU,EAAE,KAAwB;QAChE,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAVH,iBAAY,GAAG,KAAK,CAAC;;;;;;;;;;QAYnC,iGAAiG;QACjG,MAAM,eAAe,GAAG,CAAC,YAAK,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,KAAK,WAAW,CAAC;QAChG,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,eAAe;YAC/C,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC;YACpC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAE9C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAEvB,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC;QAC3B,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;QAClC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;QACpD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,IAAK,CAAC;QAC/C,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC;QAC1D,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChE,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;QACpD,IAAI,CAAC,0BAA0B,GAAG,IAAI,CAAC,aAAa,CAAC,0BAA0B,CAAC;QAEhF,IAAI,CAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC;KAC7C;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,aAAa,CAAC;KAC3B;IAED;;OAEG;IACH,IAAW,cAAc;QACvB,OAAO,IAAI,CAAC;KACb;IAEM,QAAQ,CAAC,SAAiB,EAAE,UAA+B,EAAE;QAClE,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,SAAS,EAAE,EAAE;YAC/D,SAAS;YACT,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,cAAc;YAC1C,GAAG,OAAO;SACX,CAAC,CAAC;KACJ;IAED;;OAEG;IACH,IAAW,WAAW;QACpB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;KAC7D;IACD,IAAW,aAAa;QACtB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;KAC5E;IAEM,qBAAqB,CAAC,EAAU,EAAE,OAAyC;QAChF,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;KACvD;IACM,aAAa,CAAC,EAAU,EAAE,UAA6B;QAC5D,OAAO,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;KAClD;IACM,eAAe,CAAC,SAA8B;QACnD,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;KAC/C;IACM,WAAW,CAAC,QAAwB;QACzC,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;KAC1C;IACM,cAAc,CAAC,QAAwB;QAC5C,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;KAC7C;IACM,MAAM,CAAC,UAAkB,EAAE,KAAgC;QAChE,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,WAAW,EAAE,CAAC,CAAC;KACvF;IACM,cAAc,CAAC,KAAgC;QACpD,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,WAAW,EAAE,CAAC,CAAC;KACnF;IACM,YAAY,CAAC,KAAgC;QAClD,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,WAAW,EAAE,CAAC,CAAC;KACjF;IACM,iBAAiB,CAAC,KAAgC;QACvD,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,WAAW,EAAE,CAAC,CAAC;KACtF;IACM,eAAe,CAAC,KAAgC;QACrD,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,WAAW,EAAE,CAAC,CAAC;KACpF;IACD,6CAA6C;IACtC,cAAc,CAAC,MAA2B;QAC/C,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;KAC3C;IACM,oBAAoB,CAAC,OAAwC;QAClE,OAAO,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;KAClD;IACM,cAAc,CAAC,OAAmC;QACvD,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;KAC5C;IAED,kCAAkC;IAC1B,sBAAsB,CAAC,KAA2B;QACxD,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAC5D,iCAAiC,CAAC,YAAY,CAAC,IAAK,CAAC,CAAC;QAEtD,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,YAAY,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;KACvE;IAED,mFAAmF;IAC3E,yBAAyB,CAAC,EAAU,EAAE,KAAwB;QACpE,MAAM,mBAAmB,GAAG,qBAAqB,CAAC;QAClD,IAAI,YAAK,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;YACvC,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;SACtF;QACD,yEAAyE;QACzE,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;QAChE,MAAM,aAAa,GAAG,IAAI,mBAAmB,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,IAAI,aAAa,EAAE,CAAC;QACpF,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEpD,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QACnE,iCAAiC,CAAC,YAAY,CAAC,IAAK,CAAC,CAAC;QAEtD,oFAAoF;QACpF,MAAM,OAAO,GAAG,YAAY,CAAC,cAAc,CAAC;QAC5C,IAAI,GAAG,CAAC,eAAe,CAAC,YAAY,EAAE,WAAW,EAAE;YACjD,aAAa;YACb,WAAW,EAAE,OAAO,CAAC,OAAO;SAC7B,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,IAAI,CAAC,0BAA0B,CAAC,mBAAmB,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;QAE7F,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC;KAClC;IAEO,0BAA0B,CAAC,mBAA2B,EAAE,aAAqB,EAAE,OAAuB;QAC5G,iEAAiE;QACjE,mGAAmG;QACnG,wCAAwC;QACxC,MAAM,kBAAkB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;YAC9C,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,YAAY,CAAC,WAAW;YAChC,QAAQ,EAAE,WAAW;YACrB,YAAY,EAAE,mBAAmB,GAAG,IAAI;SACzC,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,0CAA0C,CAAC;QAChE,MAAM,YAAY,GAAG,6BAAsB,CAAC,WAAW,CAAC,IAAI,EAAE,YAAY,EAAE;YAC1E,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;YACpD,OAAO,EAAE,oCAA6B,CAAC,WAAW;YAClD,gBAAgB,EAAE,CAAC;oBACjB,MAAM,EAAE,OAAO;oBACf,QAAQ,EAAE,kBAAkB;oBAC5B,MAAM,EAAE,CAAC,kBAAkB,CAAC;iBAC7B,CAAC;SACH,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,qBAAc,CAAC,IAAI,EAAE,WAAW,EAAE;YACrD,YAAY,EAAE,YAAY;YAC1B,YAAY;YACZ,UAAU,EAAE;gBACV,MAAM,EAAE,YAAY,CAAC,WAAW;gBAChC,aAAa,EAAE,aAAa;gBAC5B,wGAAwG;gBACxG,EAAE;gBACF,0GAA0G;gBAC1G,qEAAqE;gBACrE,YAAY,EAAE,WAAI,CAAC,cAAc,CAAC;oBAChC,OAAO,EAAE,GAAG,EAAE;wBACZ,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,YAA2B,CAAC;wBACrD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBAC3C,CAAC;iBACF,CAAC;aACH;SACF,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;KAC7C;IAEO,SAAS,CAAC,OAAgB;QAChC,MAAM,KAAK,GAAG,YAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAC7B,IAAI,CAAC,KAAK,EAAE;YACV,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;SACtF;QAED,MAAM,WAAW,GAAG,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,qBAAqB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3E,IAAI,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAU,CAAC;QAC9D,IAAI,CAAC,SAAS,EAAE;YACd,SAAS,GAAG,IAAI,YAAK,CAAC,KAAK,EAAE,WAAW,EAAE;gBACxC,GAAG,EAAE;oBACH,MAAM,EAAE,YAAY,CAAC,WAAW;oBAChC,OAAO,EAAE,YAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO;iBAChC;aACF,CAAC,CAAC;SACJ;QACD,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QACpC,OAAO,SAAS,CAAC;KAClB;;AA7MH,oCA8MC;;;AA5MyB,wBAAW,GAAW,WAAW,CAAC;AAoN5D,SAAS,iCAAiC,CAAC,IAAe;IACxD,IAAI,IAAI,YAAY,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,EAAE;QACrD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,eAAe,EAAE,CAAC;QAC5C,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,0BAA0B,CAAC,CAAC;QACxF,SAAS,CAAC,aAAa,CAAC,0BAA0B,CAAC,CAAC;QACpD,SAAS,CAAC,UAAU,CAAC,0BAA0B,CAAC,gBAAgB,CAAC,CAAC;QAClE,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;KAChD;AACH,CAAC","sourcesContent":["import * as path from 'path';\nimport * as cloudwatch from '@aws-cdk/aws-cloudwatch';\nimport * as ec2 from '@aws-cdk/aws-ec2';\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as lambda from '@aws-cdk/aws-lambda';\nimport * as ssm from '@aws-cdk/aws-ssm';\nimport {\n  CfnResource, ConstructNode,\n  CustomResource, CustomResourceProvider, CustomResourceProviderRuntime,\n  Lazy, Resource, Stack, Stage, Token,\n} from '@aws-cdk/core';\nimport { Construct } from 'constructs';\n\n/**\n * Properties for creating a Lambda@Edge function\n */\nexport interface EdgeFunctionProps extends lambda.FunctionProps {\n  /**\n   * The stack ID of Lambda@Edge function.\n   *\n   * @default - `edge-lambda-stack-${region}`\n   */\n  readonly stackId?: string;\n}\n\n/**\n * A Lambda@Edge function.\n *\n * Convenience resource for requesting a Lambda function in the 'us-east-1' region for use with Lambda@Edge.\n * Implements several restrictions enforced by Lambda@Edge.\n *\n * Note that this construct requires that the 'us-east-1' region has been bootstrapped.\n * See https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html or 'cdk bootstrap --help' for options.\n *\n * @resource AWS::Lambda::Function\n */\nexport class EdgeFunction extends Resource implements lambda.IVersion {\n\n  private static readonly EDGE_REGION: string = 'us-east-1';\n\n  public readonly edgeArn: string;\n  public readonly functionName: string;\n  public readonly functionArn: string;\n  public readonly grantPrincipal: iam.IPrincipal;\n  public readonly isBoundToVpc = false;\n  public readonly permissionsNode: ConstructNode;\n  public readonly role?: iam.IRole;\n  public readonly version: string;\n  public readonly architecture: lambda.Architecture;\n  public readonly resourceArnsForGrantInvoke: string[];\n\n  private readonly _edgeFunction: lambda.Function;\n\n  constructor(scope: Construct, id: string, props: EdgeFunctionProps) {\n    super(scope, id);\n\n    // Create a simple Function if we're already in us-east-1; otherwise create a cross-region stack.\n    const regionIsUsEast1 = !Token.isUnresolved(this.env.region) && this.env.region === 'us-east-1';\n    const { edgeFunction, edgeArn } = regionIsUsEast1\n      ? this.createInRegionFunction(props)\n      : this.createCrossRegionFunction(id, props);\n\n    this.edgeArn = edgeArn;\n\n    this.functionArn = edgeArn;\n    this._edgeFunction = edgeFunction;\n    this.functionName = this._edgeFunction.functionName;\n    this.grantPrincipal = this._edgeFunction.role!;\n    this.permissionsNode = this._edgeFunction.permissionsNode;\n    this.version = lambda.extractQualifierFromArn(this.functionArn);\n    this.architecture = this._edgeFunction.architecture;\n    this.resourceArnsForGrantInvoke = this._edgeFunction.resourceArnsForGrantInvoke;\n\n    this.node.defaultChild = this._edgeFunction;\n  }\n\n  public get lambda(): lambda.IFunction {\n    return this._edgeFunction;\n  }\n\n  /**\n   * Convenience method to make `EdgeFunction` conform to the same interface as `Function`.\n   */\n  public get currentVersion(): lambda.IVersion {\n    return this;\n  }\n\n  public addAlias(aliasName: string, options: lambda.AliasOptions = {}): lambda.Alias {\n    return new lambda.Alias(this._edgeFunction, `Alias${aliasName}`, {\n      aliasName,\n      version: this._edgeFunction.currentVersion,\n      ...options,\n    });\n  }\n\n  /**\n   * Not supported. Connections are only applicable to VPC-enabled functions.\n   */\n  public get connections(): ec2.Connections {\n    throw new Error('Lambda@Edge does not support connections');\n  }\n  public get latestVersion(): lambda.IVersion {\n    throw new Error('$LATEST function version cannot be used for Lambda@Edge');\n  }\n\n  public addEventSourceMapping(id: string, options: lambda.EventSourceMappingOptions): lambda.EventSourceMapping {\n    return this.lambda.addEventSourceMapping(id, options);\n  }\n  public addPermission(id: string, permission: lambda.Permission): void {\n    return this.lambda.addPermission(id, permission);\n  }\n  public addToRolePolicy(statement: iam.PolicyStatement): void {\n    return this.lambda.addToRolePolicy(statement);\n  }\n  public grantInvoke(identity: iam.IGrantable): iam.Grant {\n    return this.lambda.grantInvoke(identity);\n  }\n  public grantInvokeUrl(identity: iam.IGrantable): iam.Grant {\n    return this.lambda.grantInvokeUrl(identity);\n  }\n  public metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric {\n    return this.lambda.metric(metricName, { ...props, region: EdgeFunction.EDGE_REGION });\n  }\n  public metricDuration(props?: cloudwatch.MetricOptions): cloudwatch.Metric {\n    return this.lambda.metricDuration({ ...props, region: EdgeFunction.EDGE_REGION });\n  }\n  public metricErrors(props?: cloudwatch.MetricOptions): cloudwatch.Metric {\n    return this.lambda.metricErrors({ ...props, region: EdgeFunction.EDGE_REGION });\n  }\n  public metricInvocations(props?: cloudwatch.MetricOptions): cloudwatch.Metric {\n    return this.lambda.metricInvocations({ ...props, region: EdgeFunction.EDGE_REGION });\n  }\n  public metricThrottles(props?: cloudwatch.MetricOptions): cloudwatch.Metric {\n    return this.lambda.metricThrottles({ ...props, region: EdgeFunction.EDGE_REGION });\n  }\n  /** Adds an event source to this function. */\n  public addEventSource(source: lambda.IEventSource): void {\n    return this.lambda.addEventSource(source);\n  }\n  public configureAsyncInvoke(options: lambda.EventInvokeConfigOptions): void {\n    return this.lambda.configureAsyncInvoke(options);\n  }\n  public addFunctionUrl(options?: lambda.FunctionUrlOptions): lambda.FunctionUrl {\n    return this.lambda.addFunctionUrl(options);\n  }\n\n  /** Create a function in-region */\n  private createInRegionFunction(props: lambda.FunctionProps): FunctionConfig {\n    const edgeFunction = new lambda.Function(this, 'Fn', props);\n    addEdgeLambdaToRoleTrustStatement(edgeFunction.role!);\n\n    return { edgeFunction, edgeArn: edgeFunction.currentVersion.edgeArn };\n  }\n\n  /** Create a support stack and function in us-east-1, and a SSM reader in-region */\n  private createCrossRegionFunction(id: string, props: EdgeFunctionProps): FunctionConfig {\n    const parameterNamePrefix = 'cdk/EdgeFunctionArn';\n    if (Token.isUnresolved(this.env.region)) {\n      throw new Error('stacks which use EdgeFunctions must have an explicitly set region');\n    }\n    // SSM parameter names must only contain letters, numbers, ., _, -, or /.\n    const sanitizedPath = this.node.path.replace(/[^\\/\\w.-]/g, '_');\n    const parameterName = `/${parameterNamePrefix}/${this.env.region}/${sanitizedPath}`;\n    const functionStack = this.edgeStack(props.stackId);\n\n    const edgeFunction = new lambda.Function(functionStack, id, props);\n    addEdgeLambdaToRoleTrustStatement(edgeFunction.role!);\n\n    // Store the current version's ARN to be retrieved by the cross region reader below.\n    const version = edgeFunction.currentVersion;\n    new ssm.StringParameter(edgeFunction, 'Parameter', {\n      parameterName,\n      stringValue: version.edgeArn,\n    });\n\n    const edgeArn = this.createCrossRegionArnReader(parameterNamePrefix, parameterName, version);\n\n    return { edgeFunction, edgeArn };\n  }\n\n  private createCrossRegionArnReader(parameterNamePrefix: string, parameterName: string, version: lambda.Version): string {\n    // Prefix of the parameter ARN that applies to all EdgeFunctions.\n    // This is necessary because the `CustomResourceProvider` is a singleton, and the `policyStatement`\n    // must work for multiple EdgeFunctions.\n    const parameterArnPrefix = this.stack.formatArn({\n      service: 'ssm',\n      region: EdgeFunction.EDGE_REGION,\n      resource: 'parameter',\n      resourceName: parameterNamePrefix + '/*',\n    });\n\n    const resourceType = 'Custom::CrossRegionStringParameterReader';\n    const serviceToken = CustomResourceProvider.getOrCreate(this, resourceType, {\n      codeDirectory: path.join(__dirname, 'edge-function'),\n      runtime: CustomResourceProviderRuntime.NODEJS_12_X,\n      policyStatements: [{\n        Effect: 'Allow',\n        Resource: parameterArnPrefix,\n        Action: ['ssm:GetParameter'],\n      }],\n    });\n    const resource = new CustomResource(this, 'ArnReader', {\n      resourceType: resourceType,\n      serviceToken,\n      properties: {\n        Region: EdgeFunction.EDGE_REGION,\n        ParameterName: parameterName,\n        // This is used to determine when the function has changed, to refresh the ARN from the custom resource.\n        //\n        // Use the logical id of the function version. Whenever a function version changes, the logical id must be\n        // changed for it to take effect - a good candidate for RefreshToken.\n        RefreshToken: Lazy.uncachedString({\n          produce: () => {\n            const cfn = version.node.defaultChild as CfnResource;\n            return this.stack.resolve(cfn.logicalId);\n          },\n        }),\n      },\n    });\n\n    return resource.getAttString('FunctionArn');\n  }\n\n  private edgeStack(stackId?: string): Stack {\n    const stage = Stage.of(this);\n    if (!stage) {\n      throw new Error('stacks which use EdgeFunctions must be part of a CDK app or stage');\n    }\n\n    const edgeStackId = stackId ?? `edge-lambda-stack-${this.stack.node.addr}`;\n    let edgeStack = stage.node.tryFindChild(edgeStackId) as Stack;\n    if (!edgeStack) {\n      edgeStack = new Stack(stage, edgeStackId, {\n        env: {\n          region: EdgeFunction.EDGE_REGION,\n          account: Stack.of(this).account,\n        },\n      });\n    }\n    this.stack.addDependency(edgeStack);\n    return edgeStack;\n  }\n}\n\n/** Result of creating an in-region or cross-region function */\ninterface FunctionConfig {\n  readonly edgeFunction: lambda.Function;\n  readonly edgeArn: string;\n}\n\nfunction addEdgeLambdaToRoleTrustStatement(role: iam.IRole) {\n  if (role instanceof iam.Role && role.assumeRolePolicy) {\n    const statement = new iam.PolicyStatement();\n    const edgeLambdaServicePrincipal = new iam.ServicePrincipal('edgelambda.amazonaws.com');\n    statement.addPrincipals(edgeLambdaServicePrincipal);\n    statement.addActions(edgeLambdaServicePrincipal.assumeRoleAction);\n    role.assumeRolePolicy.addStatements(statement);\n  }\n}\n"]} |
\ | No newline at end of file |