Switch to aws-sdk v3

johnf · Jan 15, 2024 · aaffe59 · aaffe59
1 parent e10d045
commit aaffe59
Show file tree

Hide file tree

Showing 6 changed files with 1,042 additions and 184 deletions.
diff --git a/.projen/deps.json b/.projen/deps.json
diff --git a/.projen/tasks.json b/.projen/tasks.json
diff --git a/.projenrc.ts b/.projenrc.ts
@@ -20,7 +20,12 @@ const project = new awscdk.AwsCdkConstructLibrary({
     'role',
     'records',
   ],
-  devDeps: ['aws-sdk'],
+  devDeps: [
+    '@aws-sdk/client-route-53',
+    '@aws-sdk/client-sts',
+    '@aws-sdk/credential-providers',
+    '@types/aws-lambda',
+  ],
   python: {
     distName: 'cdk-cross-account-route53',
     module: 'cdk_cross_account_route53',

diff --git a/package.json b/package.json
diff --git a/src/cross-account-record-set-handler/index.ts b/src/cross-account-record-set-handler/index.ts
@@ -1,13 +1,14 @@
-// eslint-disable-next-line import/no-extraneous-dependencies
-import { Credentials, Route53, STS } from 'aws-sdk';
+import { Route53Client, ChangeResourceRecordSetsCommand, type ResourceRecordSet, ChangeAction } from '@aws-sdk/client-route-53'; // eslint-disable-line import/no-extraneous-dependencies
+import { fromTemporaryCredentials } from '@aws-sdk/credential-providers'; // eslint-disable-line import/no-extraneous-dependencies
+import type { CloudFormationCustomResourceEvent } from 'aws-lambda';
 
 interface ResourceProperties {
   AssumeRoleArn: string;
   HostedZoneId: string;
   ResourceRecordSets: string;
 }
 
-export async function handler(event: any /* : AWSLambda.CloudFormationCustomResourceEvent */) {
+export async function handler(event: CloudFormationCustomResourceEvent) {
   const resourceProps = event.ResourceProperties as unknown as ResourceProperties;
 
   switch (event.RequestType) {
@@ -25,41 +26,27 @@ async function cfnEventHandler(props: ResourceProperties, isDeleteEvent: boolean
     HostedZoneId,
   } = props;
 
-  const credentials = await getCrossAccountCredentials(AssumeRoleArn);
-  const route53 = new Route53({ credentials });
+  const credentials = fromTemporaryCredentials({
+    params: {
+      RoleArn: AssumeRoleArn,
+      RoleSessionName: `cross-account-record-set-${Date.now()}`,
+    },
+  });
+
+  const route53Client = new Route53Client({ credentials });
 
-  const recordSets = JSON.parse(props.ResourceRecordSets) as Route53.ResourceRecordSet[];
+  const recordSets = JSON.parse(props.ResourceRecordSets) as ResourceRecordSet[];
   const Changes = recordSets.map((set) => ({
-    Action: isDeleteEvent ? 'DELETE' : 'UPSERT',
+    Action: isDeleteEvent ? ChangeAction.DELETE : ChangeAction.UPSERT,
     ResourceRecordSet: set,
   }));
 
-  await route53.changeResourceRecordSets({
+  const command = new ChangeResourceRecordSetsCommand({
     HostedZoneId,
     ChangeBatch: {
       Changes,
     },
-  }).promise();
-}
-
-async function getCrossAccountCredentials(roleArn: string): Promise<Credentials> {
-  const sts = new STS();
-  const timestamp = (new Date()).getTime();
-
-  const { Credentials: assumedCredentials } = await sts
-    .assumeRole({
-      RoleArn: roleArn,
-      RoleSessionName: `cross-account-record-set-${timestamp}`,
-    })
-    .promise();
-
-  if (!assumedCredentials) {
-    throw Error('Error getting assume role credentials');
-  }
-
-  return new Credentials({
-    accessKeyId: assumedCredentials.AccessKeyId,
-    secretAccessKey: assumedCredentials.SecretAccessKey,
-    sessionToken: assumedCredentials.SessionToken,
   });
+
+  await route53Client.send(command);
 }