Skip to content

Commit 2a43ea4

Browse files
enriquhlmouhib
enriquh
authored and
lmouhib
committed
Added enums to prevent accidental input on QuickSight Subscription props + minor fixes
1 parent 68bfc63 commit 2a43ea4

File tree

2 files changed

+22
-13
lines changed

2 files changed

+22
-13
lines changed

framework/src/consumption/lib/quicksight/quicksight-subscription-props.ts

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,8 @@ import { Duration, RemovalPolicy } from "aws-cdk-lib";
1111
export interface QuickSightSubscriptionProps {
1212

1313
/**
14-
* The name of your Amazon QuickSight account. This name is unique over all of Amazon Web Services, and it appears only when users sign in.
14+
* The name of your Amazon QuickSight account.
15+
* This name is unique over all of Amazon Web Services, and it appears only when users sign in.
1516
* You can't change AccountName value after the Amazon QuickSight account is created.
1617
*/
1718
readonly accountName: string;
@@ -25,7 +26,7 @@ export interface QuickSightSubscriptionProps {
2526
* The edition of Amazon QuickSight that you want your account to have. Currently, you can choose from ENTERPRISE or ENTERPRISE_AND_Q .
2627
* @default - ENTERPRISE is used as default.
2728
*/
28-
readonly edition: string;
29+
readonly edition: QuickSightEdition;
2930

3031
/**
3132
* The Amazon Web Services account ID of the account that you're using to create your Amazon QuickSight account.
@@ -36,8 +37,9 @@ export interface QuickSightSubscriptionProps {
3637
/**
3738
* The method that you want to use to authenticate your Amazon QuickSight account.
3839
* Only IAM_IDENTITY_CENTER, IAM_AND_QUICKSIGHT and IAM_ONLY are supported
40+
* @default
3941
*/
40-
readonly authenticationMethod: 'IAM_IDENTITY_CENTER'| 'IAM_AND_QUICKSIGHT' | 'IAM_ONLY';
42+
readonly authenticationMethod: QuickSightAuthenticationMethod;
4143

4244

4345
/**
@@ -76,4 +78,14 @@ export interface QuickSightSubscriptionProps {
7678
*/
7779
readonly removalPolicy?: RemovalPolicy;
7880

81+
}
82+
83+
export enum QuickSightAuthenticationMethod {
84+
IAM_IDENTITY_CENTER = 'IAM_IDENTITY_CENTER',
85+
IAM_AND_QUICKSIGHT = 'IAM_AND_QUICKSIGHT',
86+
IAM_ONLY = 'IAM_ONLY'
87+
}
88+
89+
export enum QuickSightEdition {
90+
ENTERPRISE = 'ENTERPRISE',
7991
}

framework/src/consumption/lib/quicksight/quicksight-subscription.ts

Lines changed: 7 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,10 @@
33

44
import { Context, TrackedConstruct, TrackedConstructProps } from "../../../utils";
55
import { DsfProvider } from '../../../utils/lib/dsf-provider';
6-
import { QuickSightSubscriptionProps } from './quicksight-subscription-props';
6+
import { QuickSightSubscriptionProps, QuickSightAuthenticationMethod } from './quicksight-subscription-props';
77
import { Construct } from 'constructs';
88
import { CustomResource, Duration, RemovalPolicy } from 'aws-cdk-lib';
9-
import { IRole, ManagedPolicy, PolicyDocument, Role , ServicePrincipal, PolicyStatement, Effect } from 'aws-cdk-lib/aws-iam';
9+
import { IRole, PolicyDocument, Role , ServicePrincipal, PolicyStatement, Effect } from 'aws-cdk-lib/aws-iam';
1010
import { ILogGroup } from 'aws-cdk-lib/aws-logs';
1111
import { IFunction } from 'aws-cdk-lib/aws-lambda';
1212

@@ -115,7 +115,7 @@ export class QuickSightSubscription extends TrackedConstruct{
115115
this.adminGroup = props.adminGroup;
116116
this.authorGroup = props.authorGroup;
117117
this.readerGroup = props.readerGroup;
118-
this.identityRegion = props.identityRegion;
118+
this.identityRegion = props.identityRegion;
119119

120120
this.policyActions = [
121121
"quicksight:Subscribe",
@@ -138,7 +138,7 @@ export class QuickSightSubscription extends TrackedConstruct{
138138
"sso:DescribeRegisteredRegions"
139139
]
140140

141-
if (props.authenticationMethod != 'IAM_IDENTITY_CENTER') {
141+
if (props.authenticationMethod != QuickSightAuthenticationMethod.IAM_IDENTITY_CENTER) {
142142
this.policyActions = this.policyActions.concat(
143143
[
144144
"ds:AuthorizeApplication",
@@ -154,10 +154,7 @@ export class QuickSightSubscription extends TrackedConstruct{
154154
}
155155

156156
this.executionRole = new Role(this, 'Role', {
157-
assumedBy: new ServicePrincipal('lambda.amazonaws.com'),
158-
managedPolicies: [
159-
ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaVPCAccessExecutionRole'),
160-
],
157+
assumedBy: new ServicePrincipal('lambda.amazonaws.com'),
161158
inlinePolicies: {
162159
QuickSightSubscription: new PolicyDocument({
163160
statements : [
@@ -171,7 +168,7 @@ export class QuickSightSubscription extends TrackedConstruct{
171168
}
172169
});
173170

174-
const timeout = props.executionTimeout || Duration.minutes(5);
171+
const timeout = props.executionTimeout ?? Duration.minutes(5);
175172

176173
const provider = new DsfProvider(this, 'CrProvider', {
177174
providerName: 'QuickSightSubscriptionProvider',
@@ -201,7 +198,7 @@ export class QuickSightSubscription extends TrackedConstruct{
201198
IDENTITY_REGION: props.identityRegion
202199
},
203200
},
204-
queryInterval: Duration.seconds(1),
201+
queryInterval: Duration.seconds(10),
205202
removalPolicy: this.removalPolicy,
206203
});
207204

0 commit comments

Comments
 (0)