-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathapp.ts
More file actions
103 lines (90 loc) · 3.44 KB
/
app.ts
File metadata and controls
103 lines (90 loc) · 3.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
import * as cdk from "aws-cdk-lib";
import * as lambda from "aws-cdk-lib/aws-lambda";
import * as iam from "aws-cdk-lib/aws-iam";
import * as events from "aws-cdk-lib/aws-events";
import * as targets from "aws-cdk-lib/aws-events-targets";
import { Construct } from "constructs";
import * as path from "path";
const repoName = "AWSDocsSdkExamplesPublic";
const awsRegion = "us-west-2";
class CodeCommitCloneStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Create Lambda function
const cloneLambda = this.initCloneLambda();
// Create EventBridge rule to trigger Lambda on CodeCommit repository changes
this.initCodeCommitTrigger(cloneLambda);
}
private initCloneLambda(): lambda.Function {
// IAM Role and Policy for Lambda to access CodeCommit
const lambdaExecutionRole = new iam.Role(this, "CloneLambdaExecutionRole", {
assumedBy: new iam.ServicePrincipal("lambda.amazonaws.com"),
description: "Execution role for Lambda function to clone CodeCommit repo",
managedPolicies: [
iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"),
],
});
// Grant necessary permissions to CodeCommit and S3
lambdaExecutionRole.addToPolicy(
new iam.PolicyStatement({
actions: [
"codecommit:GetRepository",
"codecommit:GitPull",
"codecommit:GetBranch",
"codecommit:GetDifferences",
"codecommit:GetFile"
],
resources: [`arn:aws:codecommit:${awsRegion}:${this.account}:${repoName}`],
})
);
// Grant necessary permissions to S3 bucket "codeexamplestats" for Get/Put
lambdaExecutionRole.addToPolicy(
new iam.PolicyStatement({
actions: ["s3:GetObject", "s3:PutObject"],
resources: [`arn:aws:s3:::codeexamplestats/*`], // Allow all objects in the bucket
})
);
// Define the Lambda function, pointing directly to the source code dir
const cloneLambda = new lambda.Function(this, "CodeCommitCloneLambda", {
runtime: lambda.Runtime.PYTHON_3_9,
handler: "index.lambda_handler",
code: lambda.Code.fromAsset(path.join(__dirname, "lambda")),
environment: {
REPO_NAME: repoName,
},
timeout: cdk.Duration.minutes(5),
role: lambdaExecutionRole,
});
return cloneLambda;
}
private initCodeCommitTrigger(cloneLambda: lambda.Function): void {
// EventBridge rule for CodeCommit repo updates
const codeCommitRule = new events.Rule(this, "CodeCommitUpdateRule", {
eventPattern: {
source: ["aws.codecommit"],
detailType: ["CodeCommit Repository State Change"],
resources: [`arn:aws:codecommit:${awsRegion}:${this.account}:${repoName}`],
detail: {
event: [
"referenceCreated",
"referenceUpdated",
"referenceDeleted"
]
}
}
});
// Add Lambda function as target of the EventBridge rule
codeCommitRule.addTarget(new targets.LambdaFunction(cloneLambda));
}
}
const app = new cdk.App();
new CodeCommitCloneStack(app, "CodeCommitCloneStack", {
env: {
account: process.env.CDK_DEFAULT_ACCOUNT,
region: "us-west-2", // Where codecommit is stored (internal requirement)
},
});
app.synth();
export { CodeCommitCloneStack };