How to use the @aws-cdk/aws-cloudformation.CustomResource function in @aws-cdk/aws-cloudformation
To help you get started, we’ve selected a few @aws-cdk/aws-cloudformation examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
aws / aws-cdk / packages / @aws-cdk / aws-eks / lib / cluster-resource.ts View on Github 
}
// since we don't know the cluster name at this point, we must give this role star resource permissions
handler.addToRolePolicy(new iam.PolicyStatement({
actions: [ 'eks:CreateCluster', 'eks:DescribeCluster', 'eks:DeleteCluster', 'eks:UpdateClusterVersion' ],
resources: [ '*' ]
}));
// the CreateCluster API will allow the cluster to assume this role, so we
// need to allow the lambda execution role to pass it.
handler.addToRolePolicy(new iam.PolicyStatement({
actions: [ 'iam:PassRole' ],
resources: [ props.roleArn ]
}));
const resource = new cfn.CustomResource(this, 'Resource', {
resourceType: ClusterResource.RESOURCE_TYPE,
provider: cfn.CustomResourceProvider.lambda(handler),
properties: {
Config: props
}
});
this.ref = resource.ref;
this.attrEndpoint = Token.asString(resource.getAtt('Endpoint'));
this.attrArn = Token.asString(resource.getAtt('Arn'));
this.attrCertificateAuthorityData = Token.asString(resource.getAtt('CertificateAuthorityData'));
this.creationRole = handler.role!;
}
}constructor(scope: Construct, id: string, props: KubernetesResourceProps) {
super(scope, id);
const stack = Stack.of(this);
// we maintain a single manifest custom resource handler for each cluster
const handler = props.cluster._k8sResourceHandler;
if (!handler) {
throw new Error(`Cannot define a KubernetesManifest resource on a cluster with kubectl disabled`);
}
new cfn.CustomResource(this, 'Resource', {
provider: cfn.CustomResourceProvider.lambda(handler),
resourceType: KubernetesResource.RESOURCE_TYPE,
properties: {
// `toJsonString` enables embedding CDK tokens in the manifest and will
// render a CloudFormation-compatible JSON string (similar to
// StepFunctions, CloudWatch Dashboards etc).
Manifest: stack.toJsonString(props.manifest),
}
});
}
}constructor(scope: cdk.Construct, id: string, props: DemoResourceProps) {
super(scope, id);
const resource = new CustomResource(this, 'Resource', {
lambdaProvider: new lambda.SingletonFunction(this, 'Singleton', {
uuid: 'f7d4f730-4ee1-11e8-9c2d-fa7ae01bbebc',
// This makes the demo only work as top-level TypeScript program, but that's fine for now
code: lambda.Code.inline(fs.readFileSync('provider.py', { encoding: 'utf-8' })),
handler: 'index.main',
timeout: 300,
runtime: lambda.Runtime.Python27,
}),
properties: props
});
this.response = resource.getAtt('Response').toString();
}
}for (const statement of props.policyStatements) {
provider.addToRolePolicy(statement);
}
} else { // Derive statements from AWS SDK calls
for (const call of [props.onCreate, props.onUpdate, props.onDelete]) {
if (call) {
provider.addToRolePolicy(new iam.PolicyStatement({
actions: [awsSdkToIamAction(call.service, call.action)],
resources: ['*']
}));
}
}
}
const create = props.onCreate || props.onUpdate;
this.customResource = new CustomResource(this, 'Resource', {
resourceType: 'Custom::AWS',
provider: CustomResourceProvider.lambda(provider),
properties: {
create: create && encodeBooleans(create),
update: props.onUpdate && encodeBooleans(props.onUpdate),
delete: props.onDelete && encodeBooleans(props.onDelete)
}
});
}constructor(scope: Construct, id: string, props: HelmChartProps) {
super(scope, id);
const stack = Stack.of(this);
// we maintain a single manifest custom resource handler for each cluster
const handler = this.getOrCreateHelmChartHandler(props.cluster);
if (!handler) {
throw new Error(`Cannot define a Helm chart on a cluster with kubectl disabled`);
}
new CustomResource(this, 'Resource', {
provider: CustomResourceProvider.lambda(handler),
resourceType: HelmChart.RESOURCE_TYPE,
properties: {
Release: props.release || this.node.uniqueId.slice(-63).toLowerCase(), // Helm has a 63 character limit for the name
Chart: props.chart,
Version: props.version,
Values: (props.values ? stack.toJsonString(props.values) : undefined),
Namespace: props.namespace || 'default',
Repository: props.repository
}
});
}role: props.customResourceRole
});
requestorFunction.addToRolePolicy(new iam.PolicyStatement({
actions: ['acm:RequestCertificate', 'acm:DescribeCertificate', 'acm:DeleteCertificate'],
resources: ['*'],
}));
requestorFunction.addToRolePolicy(new iam.PolicyStatement({
actions: ['route53:GetChange'],
resources: ['*'],
}));
requestorFunction.addToRolePolicy(new iam.PolicyStatement({
actions: ['route53:changeResourceRecordSets'],
resources: [`arn:aws:route53:::hostedzone/${this.hostedZoneId}`],
}));
const certificate = new cfn.CustomResource(this, 'CertificateRequestorResource', {
provider: cfn.CustomResourceProvider.lambda(requestorFunction),
properties: {
DomainName: props.domainName,
SubjectAlternativeNames: cdk.Lazy.listValue({ produce: () => props.subjectAlternativeNames }, { omitEmpty: true }),
HostedZoneId: this.hostedZoneId,
Region: props.region,
}
});
this.certificateArn = certificate.getAtt('Arn').toString();
}props: ContentfulWebhookProps,
) {
super(scope, id);
const handler = new SingletonFunction(this, 'CustomResourceHandler', {
uuid: '91f2075f-b950-4743-a66b-ee0f6febf50d',
runtime: Runtime.NODEJS_10_X,
code: Code.fromAsset(
path.join(__dirname, '..', 'lambda', 'bundle.zip'),
),
handler: 'lib/contentful-webhook.handler',
lambdaPurpose: 'Custom::ContentfulWebhook',
timeout: Duration.minutes(15),
});
new CustomResource(this, 'CustomResource', {
provider: CustomResourceProvider.lambda(handler),
resourceType: 'Custom::ContentfulWebhook',
properties: {
...props,
},
});
}
}path.join(__dirname, '..', 'lambda', 'bundle.zip'),
),
handler: 'lib/github-webhook.handler',
lambdaPurpose: 'Custom::GithubWebhook',
timeout: Duration.minutes(15),
});
const {
githubApiToken,
githubRepoUrl,
payloadUrl,
events,
logLevel,
} = props;
new CustomResource(this, 'CustomResource', {
provider: CustomResourceProvider.lambda(handler),
resourceType: 'Custom::GithubWebhook',
properties: {
GithubApiToken: githubApiToken,
GithubRepoUrl: githubRepoUrl,
PayloadUrl: payloadUrl,
Events: events,
LogLevel: logLevel,
},
});
}
}props: StripeWebhookProps,
) {
super(scope, id);
const handler = new SingletonFunction(this, 'CustomResourceHandler', {
uuid: 'e9db3870-d793-4cd2-96a9-efe2e318ebbc',
runtime: Runtime.NODEJS_10_X,
code: Code.fromAsset(
path.join(__dirname, '..', 'lambda', 'bundle.zip'),
),
handler: 'lib/stripe-webhook.handler',
lambdaPurpose: 'Custom::StripeWebhook',
timeout: Duration.minutes(15),
});
new CustomResource(this, 'CustomResource', {
provider: CustomResourceProvider.lambda(handler),
resourceType: 'Custom::StripeWebhook',
properties: {
...props,
},
});
}
}memorySize: props.memoryLimit
});
const sources: SourceConfig[] = props.sources.map((source: ISource) => source.bind(this));
sources.forEach(source => source.bucket.grantRead(handler));
props.destinationBucket.grantReadWrite(handler);
if (props.distribution) {
handler.addToRolePolicy(new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: ['cloudfront:GetInvalidation', 'cloudfront:CreateInvalidation'],
resources: ['*'],
}));
}
new cloudformation.CustomResource(this, 'CustomResource', {
provider: cloudformation.CustomResourceProvider.lambda(handler),
resourceType: 'Custom::CDKBucketDeployment',
properties: {
SourceBucketNames: sources.map(source => source.bucket.bucketName),
SourceObjectKeys: sources.map(source => source.zipObjectKey),
DestinationBucketName: props.destinationBucket.bucketName,
DestinationBucketKeyPrefix: props.destinationKeyPrefix,
RetainOnDelete: props.retainOnDelete,
UserMetadata: props.metadata ? mapUserMetadata(props.metadata) : undefined,
SystemMetadata: mapSystemMetadata(props),
DistributionId: props.distribution ? props.distribution.distributionId : undefined,
DistributionPaths: props.distributionPaths
}
});
}@aws-cdk/aws-cloudformation
The CDK Construct Library for AWS::CloudFormation
