All files / src/aws role.ts

100% Statements 16/16
100% Branches 0/0
100% Functions 4/4
100% Lines 16/16
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74  2x 2x     2x 2x 2x 2x                             2x 2x 2x 2x 2x 2x 2x                                                         2x         2x         2x          
import Resource from './resource'
 
export default class Role extends Resource {
  private readonly type: string = 'AWS::IAM::Role'
  private readonly version: string = '2012-10-17'
  private readonly actions = {
    CloudWatch: [
      'cloudwatch:PutMetricAlarm',
      'cloudwatch:DescribeAlarms',
      'cloudwatch:DeleteAlarms',
      'cloudwatch:GetMetricStatistics',
      'cloudwatch:SetAlarmState'
    ],
    DynamoDB: [
      'dynamodb:DescribeTable',
      'dynamodb:UpdateTable'
    ]
  }
 
  constructor (
    options: Options
  ) { super(options) }
 
  public toJSON(): any {
    const RoleName = this.name.role()
    const PolicyName = this.name.policyRole()
 
    const DependsOn = [ this.options.table ].concat(this.dependencies)
    const Principal = this.principal()
    const Version = this.version
    const Type = this.type
 
    return {
      [RoleName]: {
        DependsOn,
        Properties: {
          AssumeRolePolicyDocument: {
            Statement: [
              { Action: 'sts:AssumeRole', Effect: 'Allow', Principal }
            ],
            Version
          },
          Policies: [
            {
              PolicyDocument: {
                Statement: [
                  { Action: this.actions.CloudWatch, Effect: 'Allow', Resource: '*' },
                  { Action: this.actions.DynamoDB, Effect: 'Allow', Resource: this.resource() }
                ],
                Version
              },
              PolicyName
            }
          ],
          RoleName
        },
        Type
      }
    }
  }
 
  private resource(): {} {
    return {
      'Fn::Join': [ '', [ 'arn:aws:dynamodb:*:', { Ref: 'AWS::AccountId' }, ':table/', { Ref: this.options.table } ] ]
    }
  }
 
  private principal(): {} {
    return {
      Service: 'application-autoscaling.amazonaws.com'
    }
  }
}