| 1 | import * as ec2 from '@aws-cdk/aws-ec2';
|
| 2 | import * as iam from '@aws-cdk/aws-iam';
|
| 3 | import * as lambda from '@aws-cdk/aws-lambda';
|
| 4 | import * as logs from '@aws-cdk/aws-logs';
|
| 5 | import { Duration } from '@aws-cdk/core';
|
| 6 | import { Construct } from 'constructs';
|
| 7 | import { CustomResourceProviderConfig, ICustomResourceProvider } from '@aws-cdk/aws-cloudformation';
|
| 8 | import { Construct as CoreConstruct } from '@aws-cdk/core';
|
| 9 | /**
|
| 10 | * Initialization properties for the `Provider` construct.
|
| 11 | */
|
| 12 | export interface ProviderProps {
|
| 13 | /**
|
| 14 | * The AWS Lambda function to invoke for all resource lifecycle operations
|
| 15 | * (CREATE/UPDATE/DELETE).
|
| 16 | *
|
| 17 | * This function is responsible to begin the requested resource operation
|
| 18 | * (CREATE/UPDATE/DELETE) and return any additional properties to add to the
|
| 19 | * event, which will later be passed to `isComplete`. The `PhysicalResourceId`
|
| 20 | * property must be included in the response.
|
| 21 | */
|
| 22 | readonly onEventHandler: lambda.IFunction;
|
| 23 | /**
|
| 24 | * The AWS Lambda function to invoke in order to determine if the operation is
|
| 25 | * complete.
|
| 26 | *
|
| 27 | * This function will be called immediately after `onEvent` and then
|
| 28 | * periodically based on the configured query interval as long as it returns
|
| 29 | * `false`. If the function still returns `false` and the alloted timeout has
|
| 30 | * passed, the operation will fail.
|
| 31 | *
|
| 32 | * @default - provider is synchronous. This means that the `onEvent` handler
|
| 33 | * is expected to finish all lifecycle operations within the initial invocation.
|
| 34 | */
|
| 35 | readonly isCompleteHandler?: lambda.IFunction;
|
| 36 | /**
|
| 37 | * Time between calls to the `isComplete` handler which determines if the
|
| 38 | * resource has been stabilized.
|
| 39 | *
|
| 40 | * The first `isComplete` will be called immediately after `handler` and then
|
| 41 | * every `queryInterval` seconds, and until `timeout` has been reached or until
|
| 42 | * `isComplete` returns `true`.
|
| 43 | *
|
| 44 | * @default Duration.seconds(5)
|
| 45 | */
|
| 46 | readonly queryInterval?: Duration;
|
| 47 | /**
|
| 48 | * Total timeout for the entire operation.
|
| 49 | *
|
| 50 | * The maximum timeout is 2 hours (yes, it can exceed the AWS Lambda 15 minutes)
|
| 51 | *
|
| 52 | * @default Duration.minutes(30)
|
| 53 | */
|
| 54 | readonly totalTimeout?: Duration;
|
| 55 | /**
|
| 56 | * The number of days framework log events are kept in CloudWatch Logs. When
|
| 57 | * updating this property, unsetting it doesn't remove the log retention policy.
|
| 58 | * To remove the retention policy, set the value to `INFINITE`.
|
| 59 | *
|
| 60 | * @default logs.RetentionDays.INFINITE
|
| 61 | */
|
| 62 | readonly logRetention?: logs.RetentionDays;
|
| 63 | /**
|
| 64 | * The vpc to provision the lambda functions in.
|
| 65 | *
|
| 66 | * @default - functions are not provisioned inside a vpc.
|
| 67 | */
|
| 68 | readonly vpc?: ec2.IVpc;
|
| 69 | /**
|
| 70 | * Which subnets from the VPC to place the lambda functions in.
|
| 71 | *
|
| 72 | * Only used if 'vpc' is supplied. Note: internet access for Lambdas
|
| 73 | * requires a NAT gateway, so picking Public subnets is not allowed.
|
| 74 | *
|
| 75 | * @default - the Vpc default strategy if not specified
|
| 76 | */
|
| 77 | readonly vpcSubnets?: ec2.SubnetSelection;
|
| 78 | /**
|
| 79 | * Security groups to attach to the provider functions.
|
| 80 | *
|
| 81 | * Only used if 'vpc' is supplied
|
| 82 | *
|
| 83 | * @default - If `vpc` is not supplied, no security groups are attached. Otherwise, a dedicated security
|
| 84 | * group is created for each function.
|
| 85 | */
|
| 86 | readonly securityGroups?: ec2.ISecurityGroup[];
|
| 87 | /**
|
| 88 | * AWS Lambda execution role.
|
| 89 | *
|
| 90 | * The role that will be assumed by the AWS Lambda.
|
| 91 | * Must be assumable by the 'lambda.amazonaws.com' service principal.
|
| 92 | *
|
| 93 | * @default - A default role will be created.
|
| 94 | */
|
| 95 | readonly role?: iam.IRole;
|
| 96 | /**
|
| 97 | * Provider Lambda name.
|
| 98 | *
|
| 99 | * The provider lambda function name.
|
| 100 | *
|
| 101 | * @default - CloudFormation default name from unique physical ID
|
| 102 | */
|
| 103 | readonly providerFunctionName?: string;
|
| 104 | }
|
| 105 | /**
|
| 106 | * Defines an AWS CloudFormation custom resource provider.
|
| 107 | */
|
| 108 | export declare class Provider extends CoreConstruct implements ICustomResourceProvider {
|
| 109 | /**
|
| 110 | * The user-defined AWS Lambda function which is invoked for all resource
|
| 111 | * lifecycle operations (CREATE/UPDATE/DELETE).
|
| 112 | */
|
| 113 | readonly onEventHandler: lambda.IFunction;
|
| 114 | /**
|
| 115 | * The user-defined AWS Lambda function which is invoked asynchronously in
|
| 116 | * order to determine if the operation is complete.
|
| 117 | */
|
| 118 | readonly isCompleteHandler?: lambda.IFunction;
|
| 119 | /**
|
| 120 | * The service token to use in order to define custom resources that are
|
| 121 | * backed by this provider.
|
| 122 | */
|
| 123 | readonly serviceToken: string;
|
| 124 | private readonly entrypoint;
|
| 125 | private readonly logRetention?;
|
| 126 | private readonly vpc?;
|
| 127 | private readonly vpcSubnets?;
|
| 128 | private readonly securityGroups?;
|
| 129 | private readonly role?;
|
| 130 | constructor(scope: Construct, id: string, props: ProviderProps);
|
| 131 | /**
|
| 132 | * Called by `CustomResource` which uses this provider.
|
| 133 | * @deprecated use `provider.serviceToken` instead
|
| 134 | */
|
| 135 | bind(_scope: CoreConstruct): CustomResourceProviderConfig;
|
| 136 | private createFunction;
|
| 137 | }
|