package com.aws.samples.cdk.constructs.iam.permissions;
import io.vavr.collection.List;
import software.amazon.awscdk.core.Aws;
import software.amazon.awscdk.core.Fn;
import software.amazon.awssdk.core.SdkSystemSetting;
public interface IamResource {
default String getResourceTypeSeparator() {
return ":";
}
default String getResourceValueSeparator() {
return "/";
}
default String getIamString() {
String delimiter = "";
List<String> elements = List.of("arn:aws:", getServiceIdentifier(), ":", getRegion(), ":", getAccountId(), getResourceTypeSeparator(), getResourceType(), getResourceValueSeparator(), getResourceValue());
if (SharedPermissions.isRunningInLambda()) {
// Running inside of Lambda, use a normal string
return String.join(delimiter, elements);
} else {
// Running inside of CDK, use CloudFormation join function
return Fn.join(delimiter, elements.asJava());
}
}
default String getServiceIdentifier() {
throw new RuntimeException("Service identifier has not been defined for this resource. This is a bug in [" + this.getClass().getSimpleName() + "]");
}
default String getAccountId() {
if (SharedPermissions.isRunningInLambda()) {
// Running inside of Lambda, use actual values
return SharedPermissions.getAccountId();
}
// Running inside of CDK, use CloudFormation placeholders
return Aws.ACCOUNT_ID;
}
default String getRegion() {
if (SharedPermissions.isRunningInLambda()) {
// Running inside of Lambda, use actual values
return SdkSystemSetting.AWS_REGION.getStringValueOrThrow();
}
// Running inside of CDK, use CloudFormation placeholders
return Aws.REGION;
}
/**
* This value is used in ARNs (e.g. "arn:aws:SERVICE_IDENTIFIER:REGION:ACCOUNT_ID:RESOURCE_TYPE/RESOURCE_VALUE")
*
* @return
*/
String getResourceValue();
/**
* This value is used in ARNs (e.g. "arn:aws:SERVICE_IDENTIFIER:REGION:ACCOUNT_ID:RESOURCE_TYPE/RESOURCE_VALUE")
*
* @return
*/
default String getResourceType() {
return null;
}
}