feat(custom-resources): allow specifying role for AwsCustomResource (#…

…4909) * feat(custom-resources): allow specifying role for AwsCustomResource Also removed console.log outputs from tests Closes #4906 * update doc for role
aws · Nov 10, 2019 · 98fb888 · 98fb888
1 parent f4a41d1
commit 98fb888
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 1 deletion.
diff --git a/packages/@aws-cdk/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts b/packages/@aws-cdk/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts
@@ -132,6 +132,16 @@ export interface AwsCustomResourceProps {
    */
   readonly policyStatements?: iam.PolicyStatement[];
 
+  /**
+   * The execution role for the Lambda function implementing this custom
+   * resource provider. This role will apply to all `AwsCustomResource`
+   * instances in the stack. The role must be assumable by the
+   * `lambda.amazonaws.com` service principal.
+   *
+   * @default - a new role is created
+   */
+  readonly role?: iam.IRole;
+
   /**
    * The timeout for the Lambda function implementing this custom resource.
    *
@@ -165,6 +175,7 @@ export class AwsCustomResource extends cdk.Construct implements iam.IGrantable {
       uuid: '679f53fa-c002-430c-b0da-5b7982bd2287',
       lambdaPurpose: 'AWS',
       timeout: props.timeout || cdk.Duration.seconds(30),
+      role: props.role,
     });
     this.grantPrincipal = provider.grantPrincipal;
 

diff --git a/...s/@aws-cdk/custom-resources/test/aws-custom-resource/aws-custom-resource-provider.test.ts b/...s/@aws-cdk/custom-resources/test/aws-custom-resource/aws-custom-resource-provider.test.ts
@@ -7,6 +7,8 @@ import { handler } from '../../lib/aws-custom-resource/runtime';
 
 AWS.setSDK(require.resolve('aws-sdk'));
 
+console.log = jest.fn(); // tslint:disable-line no-console
+
 const eventCommon = {
   ServiceToken: 'token',
   ResponseURL: 'https://localhost',

diff --git a/packages/@aws-cdk/custom-resources/test/aws-custom-resource/aws-custom-resource.test.ts b/packages/@aws-cdk/custom-resources/test/aws-custom-resource/aws-custom-resource.test.ts
@@ -283,4 +283,27 @@ test('implements IGrantable', () => {
       Version: '2012-10-17'
     }
   });
-});
+});
+
+test('can use existing role', () => {
+  // GIVEN
+  const stack = new cdk.Stack();
+  const role = iam.Role.fromRoleArn(stack, 'Role', 'arn:aws:iam::123456789012:role/CoolRole');
+
+  // WHEN
+  new AwsCustomResource(stack, 'AwsSdk', {
+    onCreate: {
+      service: 'service',
+      action: 'action',
+      physicalResourceId: 'id'
+    },
+    role
+  });
+
+  // THEN
+  expect(stack).toHaveResource('AWS::Lambda::Function', {
+    Role: 'arn:aws:iam::123456789012:role/CoolRole'
+  });
+
+  expect(stack).not.toHaveResource('AWS::IAM::Role');
+});
diff --git a/packages/@aws-cdk/custom-resources/test/provider-framework/runtime.test.ts b/packages/@aws-cdk/custom-resources/test/provider-framework/runtime.test.ts
@@ -6,6 +6,8 @@ import framework = require('../../lib/provider-framework/runtime/framework');
 import outbound = require('../../lib/provider-framework/runtime/outbound');
 import mocks = require('./mocks');
 
+console.log = jest.fn();
+
 cfnResponse.includeStackTraces = false;
 
 const MOCK_PHYSICAL_ID = 'mock-physical-resource-id';