-
Notifications
You must be signed in to change notification settings - Fork 249
/
Copy pathindex.ts
143 lines (131 loc) · 5.29 KB
/
index.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
* with the License. A copy of the License is located at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
* OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
import * as kinesisfirehose from 'aws-cdk-lib/aws-kinesisfirehose';
import * as iot from 'aws-cdk-lib/aws-iot';
import * as s3 from 'aws-cdk-lib/aws-s3';
import * as iam from 'aws-cdk-lib/aws-iam';
import * as logs from 'aws-cdk-lib/aws-logs';
// Note: To ensure CDKv2 compatibility, keep the import statement for Construct separate
import { Construct } from 'constructs';
import * as defaults from '@aws-solutions-constructs/core';
import { KinesisFirehoseToS3 } from '@aws-solutions-constructs/aws-kinesisfirehose-s3';
/**
* @summary The properties for the IotToKinesisFirehoseToS3 Construct
*/
export interface IotToKinesisFirehoseToS3Props {
/**
* User provided CfnTopicRuleProps to override the defaults
*
* @default - Default props are used
*/
readonly iotTopicRuleProps: iot.CfnTopicRuleProps;
/**
* Optional user provided props to override the default props
*
* @default - Default props are used
*/
readonly kinesisFirehoseProps?: kinesisfirehose.CfnDeliveryStreamProps | any;
/**
* Existing instance of S3 Bucket object, providing both this and `bucketProps` will cause an error.
*
* @default - None
*/
readonly existingBucketObj?: s3.IBucket;
/**
* User provided props to override the default props for the S3 Bucket.
*
* @default - Default props are used
*/
readonly bucketProps?: s3.BucketProps;
/**
* User provided props to override the default props for the CloudWatchLogs LogGroup.
*
* @default - Default props are used
*/
readonly logGroupProps?: logs.LogGroupProps;
/**
* Optional user provided props to override the default props for the S3 Logging Bucket.
*
* @default - Default props are used
*/
readonly loggingBucketProps?: s3.BucketProps;
/**
* Whether to turn on Access Logs for the S3 bucket with the associated storage costs.
* Enabling Access Logging is a best practice.
*
* @default - true
*/
readonly logS3AccessLogs?: boolean;
}
export class IotToKinesisFirehoseToS3 extends Construct {
public readonly iotTopicRule: iot.CfnTopicRule;
public readonly kinesisFirehose: kinesisfirehose.CfnDeliveryStream;
public readonly kinesisFirehoseLogGroup: logs.LogGroup;
public readonly kinesisFirehoseRole: iam.Role;
public readonly s3Bucket?: s3.Bucket;
public readonly s3LoggingBucket?: s3.Bucket;
public readonly iotActionsRole: iam.Role;
public readonly s3BucketInterface: s3.IBucket;
/**
* @summary Constructs a new instance of the IotToKinesisFirehoseToS3 class.
* @param {cdk.App} scope - represents the scope for all the resources.
* @param {string} id - this is a a scope-unique id.
* @param {CloudFrontToApiGatewayProps} props - user provided props for the construct
* @since 0.8.0
* @access public
*/
constructor(scope: Construct, id: string, props: IotToKinesisFirehoseToS3Props) {
super(scope, id);
// All our tests are based upon this behavior being on, so we're setting
// context here rather than assuming the client will set it
this.node.setContext("@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy", true);
const firehoseToS3 = new KinesisFirehoseToS3(this, 'KinesisFirehoseToS3', {
kinesisFirehoseProps: props.kinesisFirehoseProps,
existingBucketObj: props.existingBucketObj,
bucketProps: props.bucketProps,
logGroupProps: props.logGroupProps,
loggingBucketProps: props.loggingBucketProps,
logS3AccessLogs: props.logS3AccessLogs
});
this.kinesisFirehose = firehoseToS3.kinesisFirehose;
this.s3Bucket = firehoseToS3.s3Bucket;
this.s3BucketInterface = firehoseToS3.s3BucketInterface;
// Setup the IAM Role for IoT Actions
this.iotActionsRole = new iam.Role(this, 'IotActionsRole', {
assumedBy: new iam.ServicePrincipal('iot.amazonaws.com'),
});
// Setup the IAM policy for IoT Actions
const iotActionsPolicy = new iam.Policy(this, 'IotActionsPolicy', {
statements: [new iam.PolicyStatement({
actions: [
'firehose:PutRecord'
],
resources: [this.kinesisFirehose.attrArn]
})
]});
// Attach policy to role
iotActionsPolicy.attachToRole(this.iotActionsRole);
const defaultIotTopicProps = defaults.DefaultCfnTopicRuleProps([{
firehose: {
deliveryStreamName: this.kinesisFirehose.ref,
roleArn: this.iotActionsRole.roleArn
}
}]);
const iotTopicProps = defaults.overrideProps(defaultIotTopicProps, props.iotTopicRuleProps, true);
// Create the IoT topic rule
this.iotTopicRule = new iot.CfnTopicRule(this, 'IotTopic', iotTopicProps);
this.kinesisFirehoseRole = firehoseToS3.kinesisFirehoseRole;
this.s3LoggingBucket = firehoseToS3.s3LoggingBucket;
this.kinesisFirehoseLogGroup = firehoseToS3.kinesisFirehoseLogGroup;
}
}