forked from awslabs/aws-solutions-constructs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.ts
157 lines (137 loc) · 5.19 KB
/
index.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
/**
* Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
* with the License. A copy of the License is located at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
* OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
import * as cdk from '@aws-cdk/core';
import * as sqs from '@aws-cdk/aws-sqs';
import * as iot from '@aws-cdk/aws-iot';
import * as kms from '@aws-cdk/aws-kms';
import * as iam from '@aws-cdk/aws-iam';
import * as defaults from '@aws-solutions-constructs/core';
/**
* @summary The properties for the IotToSqs class.
*/
export interface IotToSqsProps {
/**
* Existing instance of SQS queue object, providing both this and queueProps will cause an error.
*
* @default - None
*/
readonly existingQueueObj?: sqs.Queue;
/**
* User provided props to override the default props for the SQS queue.
*
* @default - Default props are used
*/
readonly queueProps?: sqs.QueueProps;
/**
* Optional user provided properties for the dead letter queue
*
* @default - Default props are used
*/
readonly deadLetterQueueProps?: sqs.QueueProps;
/**
* Whether to deploy a secondary queue to be used as a dead letter queue.
*
* @default - true.
*/
readonly deployDeadLetterQueue?: boolean;
/**
* The number of times a message can be unsuccessfully dequeued before being moved to the dead-letter queue.
*
* @default - required field if deployDeadLetterQueue=true.
*/
readonly maxReceiveCount?: number;
/**
* Use a KMS Key, either managed by this CDK app, or imported. If importing an encryption key, it must be specified in
* the encryptionKey property for this construct.
*
* @default - true (encryption enabled, managed by this CDK app).
*/
readonly enableEncryptionWithCustomerManagedKey?: boolean;
/**
* An optional, imported encryption key to encrypt the SQS queue, and SNS Topic.
*
* @default - not specified.
*/
readonly encryptionKey?: kms.Key;
/**
* Optional user-provided props to override the default props for the encryption key.
*
* @default - Default props are used.
*/
readonly encryptionKeyProps?: kms.KeyProps;
/**
* User provided CfnTopicRuleProps to override the defaults
*
* @default - None
*/
readonly iotTopicRuleProps: iot.CfnTopicRuleProps;
}
export class IotToSqs extends cdk.Construct {
public readonly sqsQueue: sqs.Queue;
public readonly deadLetterQueue?: sqs.DeadLetterQueue;
public readonly encryptionKey?: kms.IKey;
public readonly iotActionsRole: iam.Role;
public readonly iotTopicRule: iot.CfnTopicRule;
/**
* @summary Constructs a new instance of the IotToSqs class.
* @param {cdk.App} scope - represents the scope for all the resources.
* @param {string} id - this is a a scope-unique id.
* @param {IotToSqsProps} props - user provided props for the construct
* @access public
*/
constructor(scope: cdk.Construct, id: string, props: IotToSqsProps) {
super(scope, id);
defaults.CheckProps(props);
// Setup the dead letter queue, if applicable
this.deadLetterQueue = defaults.buildDeadLetterQueue(this, {
existingQueueObj: props.existingQueueObj,
deployDeadLetterQueue: props.deployDeadLetterQueue,
deadLetterQueueProps: props.deadLetterQueueProps,
maxReceiveCount: props.maxReceiveCount
});
// Default to `true` if `enableEncryptionWithCustomerManagedKey` is undefined
let enableEncryptionWithCustomerManagedKey = props.enableEncryptionWithCustomerManagedKey;
if (enableEncryptionWithCustomerManagedKey === undefined) {
enableEncryptionWithCustomerManagedKey = true;
}
// Setup the queue
[this.sqsQueue, this.encryptionKey] = defaults.buildQueue(this, 'queue', {
existingQueueObj: props.existingQueueObj,
queueProps: props.queueProps,
deadLetterQueue: this.deadLetterQueue,
enableEncryptionWithCustomerManagedKey,
encryptionKey: props.encryptionKey,
encryptionKeyProps: props.encryptionKeyProps
});
if (this.sqsQueue.fifo) {
throw new Error('The IoT SQS action doesn\'t support Amazon SQS FIFO (First-In-First-Out) queues');
}
// Role to allow IoT to send messages to the SQS Queue
this.iotActionsRole = new iam.Role(this, 'iot-actions-role', {
assumedBy: new iam.ServicePrincipal('iot.amazonaws.com')
});
this.sqsQueue.grantSendMessages(this.iotActionsRole);
if (this.encryptionKey) {
this.encryptionKey.grantEncrypt(this.iotActionsRole);
}
const defaultIotTopicProps = defaults.DefaultCfnTopicRuleProps([{
sqs: {
queueUrl: this.sqsQueue.queueUrl,
roleArn: this.iotActionsRole.roleArn
}
}]);
const iotTopicProps = defaults.overrideProps(defaultIotTopicProps, props.iotTopicRuleProps, true);
// Create the IoT topic rule
this.iotTopicRule = new iot.CfnTopicRule(this, 'IotTopicRule', iotTopicProps);
}
}