All files / lib account-provider.ts

100% Statements 16/16
100% Branches 2/2
100% Functions 2/2
100% Lines 16/16

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101                                3x 3x 3x 3x 3x           3x         19x 19x 19x                                     7x   7x     7x             7x                     7x             7x                     7x              
/*
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
 
    http://www.apache.org/licenses/LICENSE-2.0
 
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
 
import * as path from 'path';
import * as iam from '@aws-cdk/aws-iam';
import * as lambda from '@aws-cdk/aws-lambda';
import { Construct, Duration, NestedStack, Stack } from '@aws-cdk/core';
import * as cr from '@aws-cdk/custom-resources';
 
 
/**
 * A Custom Resource provider capable of creating AWS Accounts
 */
export class AccountProvider extends NestedStack {
  /**
   * Creates a stack-singleton resource provider nested stack.
   */
  public static getOrCreate(scope: Construct) {
    const stack = Stack.of(scope);
    const uid = '@aws-cdk/aws-bootstrap-kit.AccountProvider';
    return stack.node.tryFindChild(uid) as AccountProvider || new AccountProvider(stack, uid);
  }
 
  /**
   * The custom resource provider.
   */
  public readonly provider: cr.Provider;
 
  /**
   * The onEvent handler
   */
  public readonly onEventHandler: lambda.Function;
 
  /**
   * The isComplete handler
   */
  public readonly isCompleteHandler: lambda.Function;
 
  private constructor(scope: Construct, id: string) {
    super(scope, id);
 
    const code = lambda.Code.fromAsset(path.join(__dirname, 'account-handler'));
 
    // Issues UpdateTable API calls
    this.onEventHandler = new lambda.Function(this, 'OnEventHandler', {
      code,
      runtime: lambda.Runtime.NODEJS_14_X,
      handler: 'index.onEventHandler',
      timeout: Duration.minutes(5),
    });
 
    this.onEventHandler.addToRolePolicy(
        new iam.PolicyStatement({
          actions: [
            'organizations:CreateAccount',
            'organizations:TagResource'
          ],
          resources: ['*'],
        }),
      );
 
    // Checks if account is ready
    this.isCompleteHandler = new lambda.Function(this, 'IsCompleteHandler', {
      code,
      runtime: lambda.Runtime.NODEJS_14_X,
      handler: 'index.isCompleteHandler',
      timeout: Duration.seconds(30),
    });
 
    this.isCompleteHandler.addToRolePolicy(
        new iam.PolicyStatement({
          actions: [
              'organizations:CreateAccount',
              'organizations:DescribeCreateAccountStatus',
              'organizations:TagResource'
            ],
          resources: ['*'],
        }),
      );
 
    this.provider = new cr.Provider(this, 'AccountProvider', {
      onEventHandler: this.onEventHandler,
      isCompleteHandler: this.isCompleteHandler,
      queryInterval: Duration.seconds(10),
    });
  }
}