refactor(parameters): moved ssm resource creation to AwsCustomResource (#1319)

* refactor: moved ssm resource creation to AwsCustomResource

* chore: removed unused function

Author: dreamorosi

Diff for: packages/parameters/tests/e2e/ssmProvider.class.test.ts

@@ -22,10 +22,7 @@ import {
   TEARDOWN_TIMEOUT, 
   TEST_CASE_TIMEOUT 
 } from './constants';
-import {
-  createSecureStringProvider,
-  createSSMSecureString
-} from '../helpers/parametersUtils';
+import { createSSMSecureString } from '../helpers/parametersUtils';
 
 const runtime: string = process.env.RUNTIME || 'nodejs18x';
 
@@ -127,13 +124,6 @@ describe(`parameters E2E tests (ssmProvider) for runtime: ${runtime}`, () => {
       runtime,
     });
 
-    // Create Custom Resource provider:
-    // will be used to create some SSM parameters not supported by CDK
-    const provider = createSecureStringProvider({
-      stack,
-      parametersPrefix: `${RESOURCE_NAME_PREFIX}-${runtime}-${uuid.substring(0,5)}`
-    });
-
     // Create SSM parameters
     const parameterGetA = new StringParameter(stack, 'Param-a', {
       parameterName: paramA,
@@ -146,15 +136,13 @@ describe(`parameters E2E tests (ssmProvider) for runtime: ${runtime}`, () => {
 
     const parameterEncryptedA = createSSMSecureString({
       stack,
-      provider,
       id: 'Param-encrypted-a',
       name: paramEncryptedA,
       value: paramEncryptedAValue,
     });
 
     const parameterEncryptedB = createSSMSecureString({
       stack,
-      provider,
       id: 'Param-encrypted-b',
       name: paramEncryptedB,
       value: paramEncryptedBValue,

Diff for: packages/parameters/tests/helpers/parametersUtils.ts

@@ -1,9 +1,5 @@
-import { Stack, RemovalPolicy, CustomResource, Duration } from 'aws-cdk-lib';
-import { PhysicalResourceId, Provider } from 'aws-cdk-lib/custom-resources';
-import { RetentionDays } from 'aws-cdk-lib/aws-logs';
-import { NodejsFunction } from 'aws-cdk-lib/aws-lambda-nodejs';
-import { Runtime } from 'aws-cdk-lib/aws-lambda';
-import { PolicyStatement } from 'aws-cdk-lib/aws-iam';
+import { Stack, RemovalPolicy } from 'aws-cdk-lib';
+import { PhysicalResourceId } from 'aws-cdk-lib/custom-resources';
 import { StringParameter, IStringParameter } from 'aws-cdk-lib/aws-ssm';
 import { Table, TableProps, BillingMode } from 'aws-cdk-lib/aws-dynamodb';
 import {
@@ -138,70 +134,43 @@ const createAppConfigConfigurationProfile = (options: CreateAppConfigConfigurati
   });
 };
 
-export type CreateSecureStringProviderOptions = {
-  stack: Stack
-  parametersPrefix: string
-};
-
-const createSecureStringProvider = (options: CreateSecureStringProviderOptions): Provider => {
-  const { stack, parametersPrefix } = options;
-
-  const ssmSecureStringHandlerFn = new NodejsFunction(
-    stack,
-    'ssm-securestring-handler',
-    {
-      entry: 'tests/helpers/ssmSecureStringCdk.ts',
-      handler: 'handler',
-      bundling: {
-        minify: true,
-        sourceMap: true,
-        target: 'es2020',
-        externalModules: [],
-      },
-      runtime: Runtime.NODEJS_18_X,
-      timeout: Duration.seconds(15),
-    });
-  ssmSecureStringHandlerFn.addToRolePolicy(
-    new PolicyStatement({
-      actions: [
-        'ssm:PutParameter',
-        'ssm:DeleteParameter',
-      ],
-      resources: [
-        `arn:aws:ssm:${stack.region}:${stack.account}:parameter/${parametersPrefix}*`,
-      ],
-    }),
-  );
-
-  return new Provider(stack, 'ssm-secure-string-provider', {
-    onEventHandler: ssmSecureStringHandlerFn,
-    logRetention: RetentionDays.ONE_DAY,
-  });
-};
-
 export type CreateSSMSecureStringOptions = {
   stack: Stack
-  provider: Provider
   id: string
   name: string
   value: string
 };
 
 const createSSMSecureString = (options: CreateSSMSecureStringOptions): IStringParameter => {
-  const { stack, provider, id, name, value } = options;
+  const { stack, id, name, value } = options;
 
-  new CustomResource(stack, `custom-${id}`, {
-    serviceToken: provider.serviceToken,
-    properties: {
-      Name: name,
-      Value: value,
+  const paramCreator = new AwsCustomResource(stack, `create-${id}`, {
+    onCreate: {
+      service: 'SSM',
+      action: 'putParameter',
+      parameters: {
+        Name: name,
+        Value: value,
+        Type: 'SecureString',
+      },
+      physicalResourceId: PhysicalResourceId.of(id),
     },
+    onDelete: {
+      service: 'SSM',
+      action: 'deleteParameter',
+      parameters: {
+        Name: name,
+      },
+    },
+    policy: AwsCustomResourcePolicy.fromSdkCalls({
+      resources: AwsCustomResourcePolicy.ANY_RESOURCE,
+    }),
   });
 
   const param = StringParameter.fromSecureStringParameterAttributes(stack, id, {
     parameterName: name,
   });
-  param.node.addDependency(provider);
+  param.node.addDependency(paramCreator);
 
   return param;
 };
@@ -237,6 +206,5 @@ export {
   createBaseAppConfigResources,
   createAppConfigConfigurationProfile,
   createSSMSecureString,
-  createSecureStringProvider,
   putDynamoDBItem,
 };