class Provider (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.CustomResources.Provider |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/customresources#Provider |
 Java | software.amazon.awscdk.customresources.Provider |
 Python | aws_cdk.custom_resources.Provider |
 TypeScript (source) | aws-cdk-lib » custom_resources » Provider |
Implements
IConstruct, IDependable
Defines an AWS CloudFormation custom resource provider.
Example
// Create custom resource handler entrypoint
const handler = new lambda.Function(this , 'my-handler', {
runtime: lambda.Runtime.NODEJS_20_X,
handler: 'index.handler',
code: lambda.Code.fromInline(`
exports.handler = async (event, context) => {
return {
PhysicalResourceId: '1234',
NoEcho: true,
Data: {
mySecret: 'secret-value',
hello: 'world',
ghToken: 'gho_xxxxxxx',
},
};
};`),
});
// Provision a custom resource provider framework
const provider = new cr.Provider(this , 'my-provider', {
onEventHandler: handler,
});
new CustomResource(this , 'my-cr', {
serviceToken: provider.serviceToken,
});
Initializer
new Provider(scope: Construct, id: string, props: ProviderProps)
Parameters
- scope
Construct - id
string - props
ProviderProps
Construct Props
| Name | Type | Description |
|---|---|---|
| on | IFunction | The AWS Lambda function to invoke for all resource lifecycle operations (CREATE/UPDATE/DELETE). |
| disable | boolean | Whether logging for the waiter state machine is disabled. |
| is | IFunction | The AWS Lambda function to invoke in order to determine if the operation is complete. |
| log | ILog | The Log Group used for logging of events emitted by the custom resource's lambda function. |
| log | Retention | The number of days framework log events are kept in CloudWatch Logs. |
| provider | IKey | AWS KMS key used to encrypt provider lambda's environment variables. |
| provider | string | Provider Lambda name. |
| query | Duration | Time between calls to the isComplete handler which determines if the resource has been stabilized. |
| role? | IRole | AWS Lambda execution role. |
| security | ISecurity[] | Security groups to attach to the provider functions. |
| total | Duration | Total timeout for the entire operation. |
| vpc? | IVpc | The vpc to provision the lambda functions in. |
| vpc | Subnet | Which subnets from the VPC to place the lambda functions in. |
| waiter | Log | Defines what execution history events of the waiter state machine are logged and where they are logged. |
onEventHandler
Type:
IFunction
The AWS Lambda function to invoke for all resource lifecycle operations (CREATE/UPDATE/DELETE).
This function is responsible to begin the requested resource operation
(CREATE/UPDATE/DELETE) and return any additional properties to add to the
event, which will later be passed to isComplete. The PhysicalResourceId
property must be included in the response.
disableWaiterStateMachineLogging?
Type:
boolean
(optional, default: false)
Whether logging for the waiter state machine is disabled.
isCompleteHandler?
Type:
IFunction
(optional, default: provider is synchronous. This means that the onEvent handler
is expected to finish all lifecycle operations within the initial invocation.)
The AWS Lambda function to invoke in order to determine if the operation is complete.
This function will be called immediately after onEvent and then
periodically based on the configured query interval as long as it returns
false. If the function still returns false and the alloted timeout has
passed, the operation will fail.
logGroup?
Type:
ILog
(optional, default: a default log group created by AWS Lambda)
The Log Group used for logging of events emitted by the custom resource's lambda function.
Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.
logRetention?
Type:
Retention
(optional, default: logs.RetentionDays.INFINITE)
The number of days framework log events are kept in CloudWatch Logs.
When
updating this property, unsetting it doesn't remove the log retention policy.
To remove the retention policy, set the value to INFINITE.
This is a legacy API and we strongly recommend you migrate to logGroup if you can.
logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.
providerFunctionEnvEncryption?
Type:
IKey
(optional, default: AWS Lambda creates and uses an AWS managed customer master key (CMK))
AWS KMS key used to encrypt provider lambda's environment variables.
providerFunctionName?
Type:
string
(optional, default: CloudFormation default name from unique physical ID)
Provider Lambda name.
The provider lambda function name.
queryInterval?
Type:
Duration
(optional, default: Duration.seconds(5))
Time between calls to the isComplete handler which determines if the resource has been stabilized.
The first isComplete will be called immediately after handler and then
every queryInterval seconds, and until timeout has been reached or until
isComplete returns true.
role?
Type:
IRole
(optional, default: A default role will be created.)
AWS Lambda execution role.
The role that will be assumed by the AWS Lambda. Must be assumable by the 'lambda.amazonaws.com' service principal.
securityGroups?
Type:
ISecurity[]
(optional, default: If vpc is not supplied, no security groups are attached. Otherwise, a dedicated security
group is created for each function.)
Security groups to attach to the provider functions.
Only used if 'vpc' is supplied
totalTimeout?
Type:
Duration
(optional, default: Duration.minutes(30))
Total timeout for the entire operation.
The maximum timeout is 1 hour (yes, it can exceed the AWS Lambda 15 minutes)
vpc?
Type:
IVpc
(optional, default: functions are not provisioned inside a vpc.)
The vpc to provision the lambda functions in.
vpcSubnets?
Type:
Subnet
(optional, default: the Vpc default strategy if not specified)
Which subnets from the VPC to place the lambda functions in.
Only used if 'vpc' is supplied. Note: internet access for Lambdas requires a NAT gateway, so picking Public subnets is not allowed.
waiterStateMachineLogOptions?
Type:
Log
(optional, default: A default log group will be created if logging for the waiter state machine is enabled.)
Defines what execution history events of the waiter state machine are logged and where they are logged.
Properties
| Name | Type | Description |
|---|---|---|
| node | Node | The tree node. |
| on | IFunction | The user-defined AWS Lambda function which is invoked for all resource lifecycle operations (CREATE/UPDATE/DELETE). |
| service | string | The service token to use in order to define custom resources that are backed by this provider. |
| is | IFunction | The user-defined AWS Lambda function which is invoked asynchronously in order to determine if the operation is complete. |
node
Type:
Node
The tree node.
onEventHandler
Type:
IFunction
The user-defined AWS Lambda function which is invoked for all resource lifecycle operations (CREATE/UPDATE/DELETE).
serviceToken
Type:
string
The service token to use in order to define custom resources that are backed by this provider.
isCompleteHandler?
Type:
IFunction
(optional)
The user-defined AWS Lambda function which is invoked asynchronously in order to determine if the operation is complete.
Methods
| Name | Description |
|---|---|
| to | Returns a string representation of this construct. |
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.