feat(iot): allow setting Actions of TopicRule

[yamatatsu]

I'm trying to implement aws-iot L2 Constructs.

This PR is the next step of #16681

refar:

• feat(iot): add the TopicRule L2 construct #16681 (comment)

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[gitpod-io]

[yamatatsu]

I met following error on yarn build at aws-iot 🤔

error: [awslint:no-unused-type:@aws-cdk/aws-iot.ActionConfig] type or enum is not used by exported classes (declared at lib/action.ts:19)
error: [awslint:no-unused-type:@aws-cdk/aws-iot.IAction] type or enum is not used by exported classes (declared at lib/action.ts:7)

And I confirmed this error was suppressed when using the IAction in TopicRule.

Shall we implement using the IAction in TopicRule as possible as simple? (ex. not implement addAction())

[skinny85]

Shall we implement using the IAction in TopicRule as possible as simple? (ex. not implement addAction())

Yes, we should implement using IAction in this PR too (add actions: IAction[] to TopicRuleProps, and then use it inside TopicRule). If you want to implement TopicRule.addAction() in this PR, I'm fine with that too.

[skinny85]

Putting in "Request changes" to clear this one from my To-Do list. @yamatatsu please re-request my review when this is ready!

Pull request has been modified.

[skinny85]

Now that we have the @aws-cdk/aws-iot-actions module on master, let's add a single implementation of IAction there, and use that in the ReadMe of @aws-cdk/aws-iot, instead of an anonymous object.

Pull request has been modified.

[skinny85]

Looks great @yamatatsu! Minor suggestions before we merge this in.

[skinny85]

Can you use function.grantInvoke() instead?

[yamatatsu]

@skinny85 Thank you for your review!

In my understanding, using addPermission() is better. Because a lambda resource policy created by using grantInvoke() is more lax than using addPermission().

As described in this document, lambda resource policy fields sourceAccount and sourceArn are required (or recommended?). But functions.grantInvoke() cannot add sourceAccount and sourceArn as this code.

For confirmation, I tried following code instead of this.func.addPermission():

this.func.grantInvoke({ grantPrincipal: new iam.ServicePrincipal('iot.amazonaws.com') });

Then there is template difference as following:

[skinny85]

OK, fair enough 🙂.

Pull request has been modified.

[skinny85]

This is almost perfect @yamatatsu! Change the account in LambdaAction, and rename it to LambdaFunctionAction, and we'll merge this in!

[skinny85]

Suggested change

	bind(rule: iot.ITopicRule): iot.ActionConfig {
	bind(topicRule: iot.ITopicRule): iot.ActionConfig {

[skinny85]

Suggested change

	bind(rule: ITopicRule): ActionConfig;
	bind(topicRule: ITopicRule): ActionConfig;

[skinny85]

Let's rename this to LambdaFunctionAction.

Pull request has been modified.

[yamatatsu]

@skinny85 I've addressed the comments!👍

[skinny85]

Looks perfect @yamatatsu, thanks for incorporating all of my comments!

[mergify]

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
• Commit ID: c86e5f0
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository