1 | import * as ec2 from '@aws-cdk/aws-ec2';
|
2 | import * as iam from '@aws-cdk/aws-iam';
|
3 | import * as lambda from '@aws-cdk/aws-lambda';
|
4 | import * as logs from '@aws-cdk/aws-logs';
|
5 | import { Duration } from '@aws-cdk/core';
|
6 | import { Construct } from 'constructs';
|
7 | import { CustomResourceProviderConfig, ICustomResourceProvider } from '@aws-cdk/aws-cloudformation';
|
8 | import { Construct as CoreConstruct } from '@aws-cdk/core';
|
9 | /**
|
10 | * Initialization properties for the `Provider` construct.
|
11 | */
|
12 | export interface ProviderProps {
|
13 | /**
|
14 | * The AWS Lambda function to invoke for all resource lifecycle operations
|
15 | * (CREATE/UPDATE/DELETE).
|
16 | *
|
17 | * This function is responsible to begin the requested resource operation
|
18 | * (CREATE/UPDATE/DELETE) and return any additional properties to add to the
|
19 | * event, which will later be passed to `isComplete`. The `PhysicalResourceId`
|
20 | * property must be included in the response.
|
21 | */
|
22 | readonly onEventHandler: lambda.IFunction;
|
23 | /**
|
24 | * The AWS Lambda function to invoke in order to determine if the operation is
|
25 | * complete.
|
26 | *
|
27 | * This function will be called immediately after `onEvent` and then
|
28 | * periodically based on the configured query interval as long as it returns
|
29 | * `false`. If the function still returns `false` and the alloted timeout has
|
30 | * passed, the operation will fail.
|
31 | *
|
32 | * @default - provider is synchronous. This means that the `onEvent` handler
|
33 | * is expected to finish all lifecycle operations within the initial invocation.
|
34 | */
|
35 | readonly isCompleteHandler?: lambda.IFunction;
|
36 | /**
|
37 | * Time between calls to the `isComplete` handler which determines if the
|
38 | * resource has been stabilized.
|
39 | *
|
40 | * The first `isComplete` will be called immediately after `handler` and then
|
41 | * every `queryInterval` seconds, and until `timeout` has been reached or until
|
42 | * `isComplete` returns `true`.
|
43 | *
|
44 | * @default Duration.seconds(5)
|
45 | */
|
46 | readonly queryInterval?: Duration;
|
47 | /**
|
48 | * Total timeout for the entire operation.
|
49 | *
|
50 | * The maximum timeout is 2 hours (yes, it can exceed the AWS Lambda 15 minutes)
|
51 | *
|
52 | * @default Duration.minutes(30)
|
53 | */
|
54 | readonly totalTimeout?: Duration;
|
55 | /**
|
56 | * The number of days framework log events are kept in CloudWatch Logs. When
|
57 | * updating this property, unsetting it doesn't remove the log retention policy.
|
58 | * To remove the retention policy, set the value to `INFINITE`.
|
59 | *
|
60 | * @default logs.RetentionDays.INFINITE
|
61 | */
|
62 | readonly logRetention?: logs.RetentionDays;
|
63 | /**
|
64 | * The vpc to provision the lambda functions in.
|
65 | *
|
66 | * @default - functions are not provisioned inside a vpc.
|
67 | */
|
68 | readonly vpc?: ec2.IVpc;
|
69 | /**
|
70 | * Which subnets from the VPC to place the lambda functions in.
|
71 | *
|
72 | * Only used if 'vpc' is supplied. Note: internet access for Lambdas
|
73 | * requires a NAT gateway, so picking Public subnets is not allowed.
|
74 | *
|
75 | * @default - the Vpc default strategy if not specified
|
76 | */
|
77 | readonly vpcSubnets?: ec2.SubnetSelection;
|
78 | /**
|
79 | * Security groups to attach to the provider functions.
|
80 | *
|
81 | * Only used if 'vpc' is supplied
|
82 | *
|
83 | * @default - If `vpc` is not supplied, no security groups are attached. Otherwise, a dedicated security
|
84 | * group is created for each function.
|
85 | */
|
86 | readonly securityGroups?: ec2.ISecurityGroup[];
|
87 | /**
|
88 | * AWS Lambda execution role.
|
89 | *
|
90 | * The role that will be assumed by the AWS Lambda.
|
91 | * Must be assumable by the 'lambda.amazonaws.com' service principal.
|
92 | *
|
93 | * @default - A default role will be created.
|
94 | */
|
95 | readonly role?: iam.IRole;
|
96 | /**
|
97 | * Provider Lambda name.
|
98 | *
|
99 | * The provider lambda function name.
|
100 | *
|
101 | * @default - CloudFormation default name from unique physical ID
|
102 | */
|
103 | readonly providerFunctionName?: string;
|
104 | }
|
105 | /**
|
106 | * Defines an AWS CloudFormation custom resource provider.
|
107 | */
|
108 | export declare class Provider extends CoreConstruct implements ICustomResourceProvider {
|
109 | /**
|
110 | * The user-defined AWS Lambda function which is invoked for all resource
|
111 | * lifecycle operations (CREATE/UPDATE/DELETE).
|
112 | */
|
113 | readonly onEventHandler: lambda.IFunction;
|
114 | /**
|
115 | * The user-defined AWS Lambda function which is invoked asynchronously in
|
116 | * order to determine if the operation is complete.
|
117 | */
|
118 | readonly isCompleteHandler?: lambda.IFunction;
|
119 | /**
|
120 | * The service token to use in order to define custom resources that are
|
121 | * backed by this provider.
|
122 | */
|
123 | readonly serviceToken: string;
|
124 | private readonly entrypoint;
|
125 | private readonly logRetention?;
|
126 | private readonly vpc?;
|
127 | private readonly vpcSubnets?;
|
128 | private readonly securityGroups?;
|
129 | private readonly role?;
|
130 | constructor(scope: Construct, id: string, props: ProviderProps);
|
131 | /**
|
132 | * Called by `CustomResource` which uses this provider.
|
133 | * @deprecated use `provider.serviceToken` instead
|
134 | */
|
135 | bind(_scope: CoreConstruct): CustomResourceProviderConfig;
|
136 | private createFunction;
|
137 | }
|