forked from flaviostutz/cdk-practical-constructs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcdk.ts
55 lines (51 loc) · 1.8 KB
/
cdk.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
/* eslint-disable camelcase */
import { Peer, Port, SecurityGroup } from 'aws-cdk-lib/aws-ec2';
import { RetentionDays } from 'aws-cdk-lib/aws-logs';
import {
BaseNodeJsFunction,
BaseNodeJsProps,
EventType,
vpcFromConfig,
LogGroupSubscriberLambdaArnType,
} from 'cdk-practical-constructs';
import { Construct } from 'constructs';
export const addLambdaGetTest = (scope: Construct): void => {
const vpc = vpcFromConfig(scope, {
// get these from your actual AWS account configuration
vpcId: 'aaa',
availabilityZones: ['a'],
privateSubnetIds: ['a'],
privateSubnetRouteTableIds: ['a'],
});
const customSG = new SecurityGroup(scope, 'customsg', {
vpc,
description: 'custom sg',
allowAllOutbound: false,
});
customSG.addIngressRule(Peer.ipv4('9.9.9.9/32'), Port.allTraffic(), 'allow ingress');
customSG.addEgressRule(Peer.ipv4('8.8.8.8/32'), Port.allTraffic(), 'allow egress');
customSG.addEgressRule(Peer.ipv4('1.2.3.4/32'), Port.tcp(8888), 'Sample egress rule');
const lambdaConfig: BaseNodeJsProps = {
stage: 'dev',
network: {
// get these from your actual AWS account configuration
vpcId: 'aaa',
availabilityZones: ['a'],
privateSubnetIds: ['a'],
privateSubnetRouteTableIds: ['a'],
},
eventType: EventType.Http,
provisionedConcurrentExecutions: {
minCapacity: 1,
},
baseCodePath: 'src/lambda',
logGroupRetention: RetentionDays.FIVE_DAYS,
securityGroups: [customSG],
};
lambdaConfig.logGroupSubscriberLambdaArn = {
type: LogGroupSubscriberLambdaArnType.Arn,
value: 'arn:aws:lambda:eu-west-1:012345678:function:tstLogging',
};
const func = new BaseNodeJsFunction(scope, 'getTest', lambdaConfig);
if (!func.defaultLogGroup) throw new Error('defaultLogGroup should be created by default');
};