-
Notifications
You must be signed in to change notification settings - Fork 4
/
qs-extra-automation.ts
110 lines (93 loc) · 3.96 KB
/
qs-extra-automation.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
import { EventBus, Rule } from 'aws-cdk-lib/aws-events';
import { Construct } from 'constructs';
import { CloudWatchLogGroup, LambdaFunction } from 'aws-cdk-lib/aws-events-targets';
import { LogGroup, RetentionDays } from 'aws-cdk-lib/aws-logs';
import { Runtime } from 'aws-cdk-lib/aws-lambda';
import { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';
import { NodejsFunction } from 'aws-cdk-lib/aws-lambda-nodejs';
import * as path from 'path';
import { Provider } from 'aws-cdk-lib/custom-resources';
export interface QuickSightAutomationsConstructProps {
eventBus?: EventBus;
refreshTargets?: [{
etlJobName: string,
datasetIds: string[],
}]
}
export class QuickSightAutomationsConstruct extends Construct {
public readonly shareDashboardLambdaToken: string;
public constructor(scope: Construct, id: string, props?: QuickSightAutomationsConstructProps) {
super(scope, id);
this.shareDashboardLambdaToken = this.makeShareJob();
if (props?.refreshTargets) {
this.makeRefreshRuleAfterEtl(props);
}
}
protected makeShareJob() {
const shareDashboardLambda = new NodejsFunction(this, 'qs-dashboard-share-function', {
functionName: 'qs-dashboard-share-function',
runtime: Runtime.NODEJS_18_X,
handler: 'shareDashboard',
entry: path.join(__dirname, '..', '..', 'lambda', 'qs-share-dashboard.ts'),
});
const updateDashboardPolicy = new PolicyStatement({
actions: [
'quicksight:UpdateDashboardPermissions',
],
effect: Effect.ALLOW,
resources: [
'*',
],
});
shareDashboardLambda.addToRolePolicy(updateDashboardPolicy);
const customResourceProvider = new Provider(this, `qf-share-dashboard-resource-provider`, {
onEventHandler: shareDashboardLambda,
});
return customResourceProvider.serviceToken;
}
protected makeRefreshRuleAfterEtl(props: QuickSightAutomationsConstructProps) {
const cleanEtlJobNameForEnvironmnet = (id: string) => { // function environnment variable keys only accept limited chars
return id.replace(/[^a-zA-Z0-9]/g, '_');
};
const environment: {[key: string] : string} = {};
props.refreshTargets!.forEach(t => {
environment[cleanEtlJobNameForEnvironmnet(t.etlJobName)] = t.datasetIds.join('___');
});
const refreshDatasetFunction = new NodejsFunction(this, 'qs-dataset-refresh-function', {
functionName: 'qs-dataset-refresh-function',
runtime: Runtime.NODEJS_18_X,
handler: 'refreshDataset',
environment,
entry: path.join(__dirname, '..', '..', 'lambda', 'qs-refresh-dataset.ts'),
});
const quicksightInjestionPolicy = new PolicyStatement({
actions: [
'quicksight:CreateIngestion',
],
effect: Effect.ALLOW,
resources: [
'*',
],
});
refreshDatasetFunction.addToRolePolicy(quicksightInjestionPolicy),
new Rule(this, `qs-refresh-datasets-rule`, {
ruleName: 'qs-refresh-datasets-rule',
description: 'Refresh QS datasets after relevant ETL jobs finish',
eventBus: props?.eventBus,
eventPattern: {
detailType: ['Glue Job State Change'],
source: ['aws.glue'],
detail: {
state: [ 'SUCCEEDED' ],
},
},
targets: [
new LambdaFunction(refreshDatasetFunction),
new CloudWatchLogGroup(new LogGroup(this, 'qs-dataset-refresh-log-group', {
logGroupName: '/aws/events/quicksight/dataset-refresh',
retention: RetentionDays.ONE_WEEK,
})),
],
});
}
}