Skip to content

Commit

Permalink
Switch to aws-sdk v3
Browse files Browse the repository at this point in the history
  • Loading branch information
johnf committed Jan 15, 2024
1 parent e10d045 commit aaffe59
Show file tree
Hide file tree
Showing 6 changed files with 1,042 additions and 184 deletions.
20 changes: 16 additions & 4 deletions .projen/deps.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions .projen/tasks.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 6 additions & 1 deletion .projenrc.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,12 @@ const project = new awscdk.AwsCdkConstructLibrary({
'role',
'records',
],
devDeps: ['aws-sdk'],
devDeps: [
'@aws-sdk/client-route-53',
'@aws-sdk/client-sts',
'@aws-sdk/credential-providers',
'@types/aws-lambda',
],
python: {
distName: 'cdk-cross-account-route53',
module: 'cdk_cross_account_route53',
Expand Down
5 changes: 4 additions & 1 deletion package.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

47 changes: 17 additions & 30 deletions src/cross-account-record-set-handler/index.ts
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
// eslint-disable-next-line import/no-extraneous-dependencies
import { Credentials, Route53, STS } from 'aws-sdk';
import { Route53Client, ChangeResourceRecordSetsCommand, type ResourceRecordSet, ChangeAction } from '@aws-sdk/client-route-53'; // eslint-disable-line import/no-extraneous-dependencies
import { fromTemporaryCredentials } from '@aws-sdk/credential-providers'; // eslint-disable-line import/no-extraneous-dependencies
import type { CloudFormationCustomResourceEvent } from 'aws-lambda';

interface ResourceProperties {
AssumeRoleArn: string;
HostedZoneId: string;
ResourceRecordSets: string;
}

export async function handler(event: any /* : AWSLambda.CloudFormationCustomResourceEvent */) {
export async function handler(event: CloudFormationCustomResourceEvent) {
const resourceProps = event.ResourceProperties as unknown as ResourceProperties;

switch (event.RequestType) {
Expand All @@ -25,41 +26,27 @@ async function cfnEventHandler(props: ResourceProperties, isDeleteEvent: boolean
HostedZoneId,
} = props;

const credentials = await getCrossAccountCredentials(AssumeRoleArn);
const route53 = new Route53({ credentials });
const credentials = fromTemporaryCredentials({
params: {
RoleArn: AssumeRoleArn,
RoleSessionName: `cross-account-record-set-${Date.now()}`,
},
});

const route53Client = new Route53Client({ credentials });

const recordSets = JSON.parse(props.ResourceRecordSets) as Route53.ResourceRecordSet[];
const recordSets = JSON.parse(props.ResourceRecordSets) as ResourceRecordSet[];
const Changes = recordSets.map((set) => ({
Action: isDeleteEvent ? 'DELETE' : 'UPSERT',
Action: isDeleteEvent ? ChangeAction.DELETE : ChangeAction.UPSERT,
ResourceRecordSet: set,
}));

await route53.changeResourceRecordSets({
const command = new ChangeResourceRecordSetsCommand({
HostedZoneId,
ChangeBatch: {
Changes,
},
}).promise();
}

async function getCrossAccountCredentials(roleArn: string): Promise<Credentials> {
const sts = new STS();
const timestamp = (new Date()).getTime();

const { Credentials: assumedCredentials } = await sts
.assumeRole({
RoleArn: roleArn,
RoleSessionName: `cross-account-record-set-${timestamp}`,
})
.promise();

if (!assumedCredentials) {
throw Error('Error getting assume role credentials');
}

return new Credentials({
accessKeyId: assumedCredentials.AccessKeyId,
secretAccessKey: assumedCredentials.SecretAccessKey,
sessionToken: assumedCredentials.SessionToken,
});

await route53Client.send(command);
}
Loading

0 comments on commit aaffe59

Please sign in to comment.