Skip to content

Instantly share code, notes, and snippets.

@jewelsjacobs

jewelsjacobs/github-status.ts

Created August 15, 2019 20:17
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jewelsjacobs/a0b627f3b9a176fbbb0d98f8ff7b1fea to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jewelsjacobs/a0b627f3b9a176fbbb0d98f8ff7b1fea to your computer and use it in GitHub Desktop.
Download ZIP
github stage status in codepipeline construct
Raw
github-status.ts
import lambda = require('@aws-cdk/aws-lambda');
import cdk = require('@aws-cdk/core');
import cp = require('@aws-cdk/aws-codepipeline');
import path = require('path');
import iam = require('@aws-cdk/aws-iam');
import targets = require('@aws-cdk/aws-events-targets');
export interface GithubStatusProps {
stage: cp.IStage;
gitHubSecretArn: string;
}
export class GithubStatus extends cdk.Construct {
public readonly response: string;
constructor(parent: cdk.Stack, name: string, props: GithubStatusProps) {
super(parent, name);
const statusLambda = new lambda.Function(this, 'StatusLambda', {
code: lambda.Code.asset(path.join(__dirname, 'lambda')),
handler: 'index.handler',
timeout: cdk.Duration.seconds(300),
runtime: lambda.Runtime.NODEJS_10_X,
environment: {
ACCESS_TOKEN: cdk.SecretValue.secretsManager(props.gitHubSecretArn)
}
});
const lambdaTarget = new targets.LambdaFunction(statusLambda);
props.stage.onStateChange('StageOnStateChange', lambdaTarget, {
eventPattern: {
detailType: ["CodePipeline Pipeline Execution State Change"],
source: ["aws.codepipeline"],
detail: {
state: ["STARTED", "SUCCEEDED", "FAILED"]
}
}
});
statusLambda.addToRolePolicy(new iam.PolicyStatement({
resources: [ '*' ],
actions: [ '*' ]
}));
}
}
@gbooth27
Copy link

gbooth27 commented Dec 13, 2019

Also I noticed you gave the lambda very broad IAM permissions. I changed

statusLambda.addToRolePolicy(new iam.PolicyStatement({
      resources: [ '*' ],
      actions: [ '*' ]
    }));

to

const statusLambdaPolicy = iam.ManagedPolicy.fromAwsManagedPolicyName(
            'AWSCodePipelineReadOnlyAccess'
)

statusLambda.role!.addManagedPolicy(statusLambdaPolicy)

and the function still works

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment