def resource_arn(self):
if self.__lambda_client is None:
region = self.__stack_info.region
self.__lambda_client = aws_utils.ClientWrapper(
self.__stack_info.session.client('lambda'))
return aws_utils.get_resource_arn(self.stack.resource_definitions,
self.stack.stack_arn,
self.type,
self.physical_id,
lambda_client=self.__lambda_client)
def get_resource_arn(self, stack_id, logical_resource_id):
cf = self.context.aws.client('cloudformation', region=util.get_region_from_arn(stack_id))
try:
res = cf.describe_stack_resource(
StackName=stack_id,
LogicalResourceId=logical_resource_id)
except ClientError as e:
if optional and e.response['Error']['Code'] == 'ValidationError':
return None
raise HandledError('Could not get the id for the {} resource from the {} stack.'.format( logical_resource_id, stack_id ), e)
resource_name = res['StackResourceDetail']['PhysicalResourceId']
resource_type = res['StackResourceDetail']['ResourceType']
type_definitions = self.context.resource_types.get_type_definitions_for_stack_id(stack_id)
return aws_utils.get_resource_arn(type_definitions, stack_id, resource_type, resource_name, True)
def __get_mappings(context, deployment_name, exclusions, role, args=None):
iam = context.aws.client('iam')
mappings = {}
deployment_stack_id = context.config.get_deployment_stack_id(
deployment_name)
region = util.get_region_from_arn(deployment_stack_id)
account_id = util.get_account_id_from_arn(deployment_stack_id)
# Assemble and add the iam role ARN to the server mappings
deployment_access_stack_id = context.config.get_deployment_access_stack_id(
deployment_name, True if args is not None and args.is_gui else False)
server_role_id = context.stack.get_physical_resource_id(
deployment_access_stack_id, role, optional=True)
server_role_arn = iam.get_role(RoleName=server_role_id).get('Role',
{}).get(
'Arn', '')
context.view.retrieving_mappings(deployment_name, deployment_stack_id,
role)
player_accessible_arns = __get_player_accessible_arns(
context, deployment_name, role, args)
lambda_client = context.aws.client('lambda', region=region)
resources = context.stack.describe_resources(deployment_stack_id,
recursive=True)
for logical_name, description in six.iteritems(resources):
if logical_name in exclusions:
continue
physical_resource_id = custom_resource_utils.get_embedded_physical_id(
description.get('PhysicalResourceId'))
if physical_resource_id:
if __is_user_pool_resource(description):
mappings[logical_name] = {
'PhysicalResourceId': physical_resource_id,
'ResourceType': description['ResourceType'],
'UserPoolClients': description[
'UserPoolClients'] # include client id / secret
}
else:
stack_id = description['StackId']
s3_client = context.aws.client('s3')
type_definitions = context.resource_types.get_type_definitions_for_stack_id(
stack_id, s3_client)
resource_arn = aws_utils.get_resource_arn(
type_definitions=type_definitions,
stack_arn=stack_id,
resource_type=description['ResourceType'],
physical_id=physical_resource_id,
optional=True,
lambda_client=lambda_client)
if resource_arn and resource_arn in player_accessible_arns:
if __is_service_api_resource(description):
__add_service_api_mapping(context, logical_name,
description, mappings)
else:
mappings[logical_name] = {
'PhysicalResourceId': physical_resource_id,
'ResourceType': description['ResourceType']
}
k_exchange_token_handler_name = 'PlayerAccessTokenExchange'
if k_exchange_token_handler_name not in exclusions:
login_exchange_handler = context.stack.get_physical_resource_id(
context.config.project_stack_id, k_exchange_token_handler_name)
if login_exchange_handler is not None:
mappings[k_exchange_token_handler_name] = {
'PhysicalResourceId': login_exchange_handler,
'ResourceType': 'AWS::Lambda::Function'
}
# now let's grab the player identity stuff and make sure we add it to the mappings.
access_stack_arn = context.config.get_deployment_access_stack_id(
deployment_name, True if args is not None and args.is_gui else False)
if access_stack_arn is not None:
access_resources = context.stack.describe_resources(access_stack_arn,
recursive=True)
for logical_name, description in six.iteritems(access_resources):
if description['ResourceType'] == 'Custom::CognitoIdentityPool':
if logical_name in exclusions:
continue
mappings[logical_name] = {
'PhysicalResourceId':
custom_resource_utils.get_embedded_physical_id(
description['PhysicalResourceId']),
'ResourceType':
description['ResourceType']
}
if 'region' not in exclusions:
mappings['region'] = {
'PhysicalResourceId': region,
'ResourceType': 'Configuration'
}
if 'account_id' not in exclusions:
mappings['account_id'] = {
'PhysicalResourceId': account_id,
'ResourceType': 'Configuration'
}
if 'server_role_arn' not in exclusions and role is not 'AuthenticatedPlayer':
mappings['server_role_arn'] = {
'PhysicalResourceId': server_role_arn,
'ResourceType': 'Configuration'
}
return mappings