feat(aws-lambda-ssm-string-parameter): New aws-lambda-ssm-string-parameter pattern implementation (#64) #175
Conversation
…dded VPC endpoint configuration for SSM.
…e same model of the other constructs.
…dded VPC endpoint configuration for SSM.
…e same model of the other constructs.
…ng-parameter' into danielmatuki/aws-lambda-ssm-string-parameter # Conflicts: # source/patterns/@aws-solutions-constructs/aws-lambda-ssm-string-parameter/package.json # source/patterns/@aws-solutions-constructs/core/lib/vpc-helper.ts # source/patterns/@aws-solutions-constructs/core/package.json
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Does the word |
| @@ -0,0 +1,101 @@ | |||
| # aws-lambda-ssm-string-parameter module | |||
There was a problem hiding this comment.
Name should be aws-lambda-ssmstringparameter
| */ | ||
| constructor(scope: Construct, id: string, props: LambdaToSsmStringParameterProps) { | ||
| super(scope, id); | ||
|
|
There was a problem hiding this comment.
See PR just added for addition of CheckProps() function. You will want to add it here, and add a check for stringParameter to input-validation.ts and the associated unit test.
| super(scope, id); | ||
|
|
||
| if (props.deployVpc || props.existingVpc) { | ||
| if (props.deployVpc && props.existingVpc) { |
There was a problem hiding this comment.
We check for this in CheckProps now, so you can drop it here.
| */ | ||
| readonly lambdaFunctionProps?: lambda.FunctionProps; | ||
| /** | ||
| * Existing instance of SSM String parameter object, If this is set then the stringParameterProps is ignored. |
There was a problem hiding this comment.
Behavior here is changed with CheckProps - sending both now generates an error. Copy what was done in the last PR.
|
|
||
| // Setup | ||
| const app = new App(); | ||
| const stack = new Stack(app, 'test-lambda-ssm-string-parameter'); |
There was a problem hiding this comment.
Just a nit - use the correct construct name
| handler: 'index.handler', | ||
| code: lambda.Code.fromAsset(`${__dirname}/lambda`) | ||
| }; | ||
| const existingFuntion = defaults.deployLambdaFunction(stack, lambdaFunctionProps); |
There was a problem hiding this comment.
typo in variable name - existingFunction
| }); | ||
|
|
||
| // -------------------------------------------------------------- | ||
| // Test minimal deployment with an existing VPC and existing Lambda function not in a VPCs |
| // Helper declaration | ||
| new LambdaToSsmStringParameter(stack, "lambda-to-ssm-stack", { | ||
| lambdaFunctionProps: { | ||
| runtime: lambda.Runtime.NODEJS_10_X, |
| * @param stringParameterProps | ||
| */ | ||
| export function buildSsmStringParamter(scope: Construct, id: string, stringParameterProps: StringParameterProps): StringParameter { | ||
| return new StringParameter(scope, id, stringParameterProps); |
There was a problem hiding this comment.
So I'm looking at possible defaults, and see that there really aren't any. But I also see parameter Type as a member of StringParameterProps. What happens if you send SECURE_STRING or STRINGLIST? Does it get ignored? The docs are pretty clear that you can't create a SECURE_STRING parameter with the CDK, and StringList has a completely separate L2 construct.
If it must be STRING, then we should overrule whatever the user sent and dump a warning that we are doing so. Also should point it out in the docs.
| @@ -0,0 +1,26 @@ | |||
| /** | |||
There was a problem hiding this comment.
should be ssm-string-parameter-helper
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
closes #64
Issue #, if available: #64
Description of changes:
Implements the AWS Solutions Construct that creates an AWS Lambda function and AWS Systems Manager Parameter Store String parameter with the least privileged permissions.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.