diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/README.md b/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/README.md index 23d351c80..e47c799ba 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/README.md @@ -26,16 +26,19 @@ This AWS Solutions Construct implements an AWS Events rule and an AWS SNS Topic. Here is a minimal deployable pattern definition: -``` javascript -const { EventsRuleToSNSTopicProps, EventsRuleToSNSTopic } = require('@aws-solutions-constructs/aws-events-rule-sns'); +``` typescript +import { EventsRuleToSNSTopicProps, EventsRuleToSNSTopic } from "@aws-solutions-constructs/aws-events-rule-sns"; const props: EventsRuleToSNSTopicProps = { eventRuleProps: { - schedule: events.Schedule.rate(Duration.minutes(5)) + schedule: events.Schedule.rate(Duration.minutes(5)), + }, + topicsProps: { + displayName: 'event-rule-sns' } }; -new EventsRuleToSNSTopic(stack, 'test-events-rule-sns', props); +new EventsRuleToSNSTopic(this, 'test-events-rule-sns', props); ``` ## Initializer @@ -54,8 +57,10 @@ _Parameters_ | **Name** | **Type** | **Description** | |:-------------|:----------------|-----------------| -|snsTopicProps?|[`sns.TopicProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-sns.TopicProps.html)|User provided props to override the default props for the SNS Topic. | |eventRuleProps|[`events.RuleProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-events.RuleProps.html)|User provided eventRuleProps to override the defaults. | +|existingTopicObj?|[`sns.Topic`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-lambda.Function.html)|Existing instance of SNS Topic object, if this is set then the topicProps is ignored.| +|topicProps?|[`sns.TopicProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-sns.TopicProps.html)|User provided props to override the default props for the SNS Topic. | + ## Pattern Properties @@ -71,6 +76,11 @@ Out of the box implementation of the Construct without any override will set the ### Amazon CloudWatch Events Rule * Grant least privilege permissions to CloudWatch Events to publish to the SNS Topic +### Amazon SNS Topic +* Configure least privilege access permissions for SNS Topic +* Enable server-side encryption forSNS Topic using AWS managed KMS Key +* Enforce encryption of data in transit + ## Architecture ![Architecture Diagram](architecture.png) diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/lib/index.ts index 89c504eeb..a8684746a 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/lib/index.ts @@ -24,7 +24,7 @@ export interface EventsRuleToSNSTopicProps { * * @default - Default props are used */ - readonly snsTopicProps?: sns.TopicProps + readonly topicsProps?: sns.TopicProps /** * User provided eventRuleProps to override the defaults * @@ -58,7 +58,7 @@ export class EventsRuleToSNSTopic extends Construct { //Setup the sns topic. [this.snsTopic] = defaults.buildTopic(this, { existingTopicObj: props.existingTopicObj, - topicProps: props.snsTopicProps + topicProps: props.topicsProps }); //Setup the event rule target as sns topic. diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/README.md b/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/README.md index d15ea0827..2d067c2f3 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/README.md @@ -26,13 +26,19 @@ This AWS Solutions Construct implements an AWS Events rule and an AWS SQS Queue. Here is a minimal deployable pattern definition: -``` javascript -const { EventsRuleToSQSQueueProps, EventsRuleToSQSQueue } = require('@aws-solutions-constructs/aws-events-rule-sqs'); +``` typescript +import { EventsRuleToSQSQueueProps, EventsRuleToSQSQueue } from ('@aws-solutions-constructs/aws-events-rule-sqs'); const props: EventsRuleToSQSQueueProps = { eventRuleProps: { schedule: events.Schedule.rate(Duration.minutes(5)) - } + }, + queueProps: { + queueName: 'event-rule-sqs', + fifo: true + }, + enableQueuePurging: false, + deployDeadLetterQueue: false }; new EventsRuleToSQSQueue(stack, 'test-events-rule-sqs', props); @@ -54,8 +60,13 @@ _Parameters_ | **Name** | **Type** | **Description** | |:-------------|:----------------|-----------------| -|sqsQueueProps?|[`sqs.QueueProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-sqs.QueueProps.html)|User provided props to override the default props for the SQS Queue. | |eventRuleProps|[`events.RuleProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-events.RuleProps.html)|User provided eventRuleProps to override the defaults. | +|existingQueueObj?|[`sqs.Queue`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-sqs.Queue.html)|An optional, existing SQS queue to be used instead of the default queue. If an existing queue is provided, the `queueProps` property will be ignored.| +|queueProps?|[`sqs.QueueProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-sqs.QueueProps.html)|User provided props to override the default props for the SQS Queue. | +|enableQueuePurging?|`boolean`|Whether to grant additional permissions to the Lambda function enabling it to purge the SQS queue. Defaults to `false`.| +|deployDeadLetterQueue?|`boolean`|Whether to create a secondary queue to be used as a dead letter queue. Defaults to `true`.| +|deadLetterQueueProps?|[`sqs.QueueProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-sqs.QueueProps.html)|Optional user-provided props to override the default props for the dead letter queue. Only used if the `deployDeadLetterQueue` property is set to true.| +|maxReceiveCount?|`number`|The number of times a message can be unsuccessfully dequeued before being moved to the dead letter queue. Defaults to `15`.| ## Pattern Properties @@ -71,6 +82,11 @@ Out of the box implementation of the Construct without any override will set the ### Amazon CloudWatch Events Rule * Grant least privilege permissions to CloudWatch Events to publish to the SQS Queue +### Amazon SQS Queue +* Deploy SQS dead-letter queue for the source SQS Queue. +* Enable server-side encryption for source SQS Queue using AWS Managed KMS Key. +* Enforce encryption of data in transit + ## Architecture ![Architecture Diagram](architecture.png) diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/lib/index.ts index 659de70b5..38d511424 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/lib/index.ts @@ -22,6 +22,12 @@ import { overrideProps } from '@aws-solutions-constructs/core'; * @summary The properties for the EventsRuleToSQS Construct */ export interface EventsRuleToSQSProps { + /** + * User provided eventRuleProps to override the defaults + * + * @default - None + */ + readonly eventRuleProps: events.RuleProps /** * Existing instance of SQS queue object, if this is set then the queueProps is ignored. * @@ -34,6 +40,12 @@ export interface EventsRuleToSQSProps { * @default - Default props are used */ readonly queueProps?: sqs.QueueProps, + /** + * Whether to grant additional permissions to the Lambda function enabling it to purge the SQS queue. + * + * @default - "false", disabled by default. + */ + readonly enableQueuePurging?: boolean, /** * Optional user provided properties for the dead letter queue * @@ -52,12 +64,6 @@ export interface EventsRuleToSQSProps { * @default - required field if deployDeadLetterQueue=true. */ readonly maxReceiveCount?: number - /** - * User provided eventRuleProps to override the defaults - * - * @default - None - */ - readonly eventRuleProps: events.RuleProps } export class EventsRuleToSQS extends Construct { @@ -106,6 +112,11 @@ export class EventsRuleToSQS extends Construct { this.eventsRule = new events.Rule(this, 'EventsRule', eventsRuleProps); + // Enable queue purging permissions for the event rule, if enabled + if (props.enableQueuePurging) { + this.sqsQueue.grantPurge(new ArnPrincipal(this.eventsRule.ruleArn)); + } + //Policy for event to be able to send messages to the queue this.sqsQueue.grantSendMessages(new ArnPrincipal(this.eventsRule.ruleArn)) }