Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
zoneName
})
const nameServers = myHostedZone.hostedZoneNameServers || [];
this.hostedZoneID = myHostedZone.hostedZoneId
this.hostedZoneName = zoneName
const requestJoinMasterDomain = new lambda.Function(this, "requestJoinMasterDomain", {
functionName: "requestJoinMasterDomain",
runtime: lambda.Runtime.NODEJS_8_10,
code: lambda.Code.asset('lambda/submit.zip'),
handler: "submit.handler",
timeout: cdk.Duration.seconds(10)
})
const updateParentHostedZone = new AwsCustomResource(this, "setupHostedZone", {
policyStatements: [
new iam.PolicyStatement({
actions: ["lambda:InvokeFunction"],
resources: ["*"]
})
],
onCreate: {
service: 'Lambda',
action: 'invoke',
parameters: {
FunctionName: 'requestJoinMasterDomain',
InvocationType: "RequestResponse",
Payload: '{"ns": "' + cdk.Fn.join(", ", nameServers) + '", "sds": "' + zoneNameShort + '"}',
},
physicalResourceId: "requestJoinMasterDomain_" + zoneNameShort // Date.now().toString()
}
&& mysql -u $WORDPRESS_DB_USER --password=$WORDPRESS_DB_PASSWORD -h $WORDPRESS_DB_HOST < wordpress.sql"],
memoryLimitMiB: 1024,
secrets: {
'WORDPRESS_DB_PASSWORD': ecs.Secret.fromSecretsManager(secret)
},
environment: {
'WORDPRESS_DB_USER': 'root',
'WORDPRESS_DOMAINNAME': props.hostedZoneName,
'WORDPRESS_DB_HOST': dbcluster.clusterEndpoint.hostname,
'WORDPRESS_DB_NAME': 'wordpress'
},
logging: new ecs.AwsLogDriver({ streamPrefix: "wordpress-load" })
})
const loadWordpressDB = new AwsCustomResource(this, "loadWordpressDb", {
policyStatements: [ // Cannot use automatic policy statements because we need iam:PassRole, https://github.com/aws/aws-cdk/blob/master/packages/@aws-cdk/aws-events-targets/lib/ecs-task.ts
new iam.PolicyStatement({
actions: ["iam:PassRole"],
// resources: [loadWordpressTaskDef.executionRole!.roleArn, loadWordpressTaskDef.taskRole.roleArn] //for Fargate need both
resources: [loadWordpressTaskDef.obtainExecutionRole().roleArn, loadWordpressTaskDef.taskRole.roleArn]
}),
new iam.PolicyStatement({
actions: ["ecs:RunTask"],
resources: [loadWordpressTaskDef.taskDefinitionArn]
})
],
onCreate: {
service: 'ECS',
action: 'runTask',
parameters: {
taskDefinition: loadWordpressTaskDef.taskDefinitionArn,
code: lambda.Code.fromAsset(HANDLER_DIR),
description: 'onEvent handler for EKS cluster resource provider',
runtime: HANDLER_RUNTIME,
handler: 'index.onEvent',
timeout: Duration.minutes(1)
});
const isComplete = new lambda.Function(this, 'IsCompleteHandler', {
code: lambda.Code.fromAsset(HANDLER_DIR),
description: 'isComplete handler for EKS cluster resource provider',
runtime: HANDLER_RUNTIME,
handler: 'index.isComplete',
timeout: Duration.minutes(1)
});
this.provider = new cr.Provider(this, 'Provider', {
onEventHandler: onEvent,
isCompleteHandler: isComplete,
totalTimeout: Duration.hours(1),
queryInterval: Duration.minutes(5)
});
this.roles = [
onEvent.role!,
isComplete.role!,
];
}
}