feat(s3-deployment): optional role override for bucket-deployment (#4284)

DavidChristiansen · mergify[bot] · commit e1b48bcf17d7 · 2019-10-10T07:28:33.000Z
* Optional role override to bucket-deployment

* Updated props documentation

* Update bucket-deployment.ts
diff --git a/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts b/packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts
@@ -70,6 +70,13 @@ export interface BucketDeploymentProps {
    * @default 128
    */
   readonly memoryLimit?: number;
+
+  /**
+   * Execution role associated with this function
+   *
+   * @default - A role is automatically created
+   */
+  readonly role?: iam.IRole;
 }
 
 export class BucketDeployment extends cdk.Construct {
@@ -91,6 +98,7 @@ export class BucketDeployment extends cdk.Construct {
       handler: 'index.handler',
       lambdaPurpose: 'Custom::CDKBucketDeployment',
       timeout: cdk.Duration.minutes(15),
+      role: props.role,
       memorySize: props.memoryLimit
     });
 
@@ -156,4 +164,4 @@ function calcSourceHash(srcDir: string): string {
   }
 
   return sha.digest('hex');
-}
+}
diff --git a/packages/@aws-cdk/aws-s3-deployment/test/test.bucket-deployment.ts b/packages/@aws-cdk/aws-s3-deployment/test/test.bucket-deployment.ts
@@ -1,5 +1,6 @@
 import { countResources, expect, haveResource } from '@aws-cdk/assert';
 import cloudfront = require('@aws-cdk/aws-cloudfront');
+import iam = require('@aws-cdk/aws-iam');
 import s3 = require('@aws-cdk/aws-s3');
 import cdk = require('@aws-cdk/core');
 import { Test } from 'nodeunit';
@@ -234,7 +235,7 @@ export = {
           s3OriginSource: {
             s3BucketSource: bucket
           },
-          behaviors : [ {isDefaultBehavior: true}]
+          behaviors: [{ isDefaultBehavior: true }]
         }
       ]
     });
@@ -267,7 +268,7 @@ export = {
           s3OriginSource: {
             s3BucketSource: bucket
           },
-          behaviors : [ {isDefaultBehavior: true}]
+          behaviors: [{ isDefaultBehavior: true }]
         }
       ]
     });
@@ -427,8 +428,38 @@ export = {
     // we expect to find only two handlers, one for each configuration
 
     expect(stack).to(countResources('AWS::Lambda::Function', 2));
-    expect(stack).to(haveResource('AWS::Lambda::Function', { MemorySize: 256  }));
+    expect(stack).to(haveResource('AWS::Lambda::Function', { MemorySize: 256 }));
     expect(stack).to(haveResource('AWS::Lambda::Function', { MemorySize: 1024 }));
     test.done();
+  },
+
+  'deployment allows custom role to be supplied'(test: Test) {
+
+    // GIVEN
+    const stack = new cdk.Stack();
+    const bucket = new s3.Bucket(stack, 'Dest');
+    const existingRole = new iam.Role(stack, 'Role', {
+      assumedBy: new iam.ServicePrincipal('lambda.amazon.com')
+    });
+
+    // WHEN
+    new s3deploy.BucketDeployment(stack, 'DeployWithRole', {
+      sources: [s3deploy.Source.asset(path.join(__dirname, 'my-website'))],
+      destinationBucket: bucket,
+      role: existingRole
+    });
+
+    // THEN
+    expect(stack).to(countResources('AWS::IAM::Role', 1));
+    expect(stack).to(countResources('AWS::Lambda::Function', 1));
+    expect(stack).to(haveResource('AWS::Lambda::Function', {
+      "Role": {
+        "Fn::GetAtt": [
+          "Role1ABCC5F0",
+          "Arn"
+        ]
+      }
+    }));
+    test.done();
   }
 };
