scionwest/gist:310593bc994405ee3773783a744894a0

## gistfile1.txt
import axios from 'axios';

import { LogFactory, Logger, LogService, MangaLaterFunction, IdentityIAM, IdentitySTS, UserIAM, UserSTS, LogMessageTypes } from '@manga-later/sdk-javascript';
import { Context, CloudFormationCustomResourceEvent, CloudFormationCustomResourceResponse } from 'aws-lambda';

import AWSXRay from 'aws-xray-sdk';
import aws from 'aws-sdk';
const AWS = AWSXRay.captureAWS(aws);

export const SecureStringHandler = async (event: CloudFormationCustomResourceEvent, context: Context): Promise<void> => {
    const identity: IdentityIAM | IdentitySTS | undefined = await getIdentity();
    if (!identity) {
        await sendResponse(event, responseFactory.createResponse(false));
        throw new Error('Could not get Identity from Lambda');
    }

    // Instantiate the appropriate function for the request type.
    let lambdaFunction: MangaLaterFunction;

    if (event.RequestType === RequestTypes.CREATE) {
        lambdaFunction = new CreateSecureStringFunction(logger, secureStringService, responseFactory, event, context);
    } else if (event.RequestType === RequestTypes.DELETE) {
        lambdaFunction = new DeleteSecureStringFunction(logger, secureStringService, responseFactory, event);
    } else if (event.RequestType === RequestTypes.UPDATE) {
        const createFunction = new CreateSecureStringFunction(logger, secureStringService, responseFactory, event, context);
        const deleteFunction = new DeleteSecureStringFunction(logger, secureStringService, responseFactory, event);
        lambdaFunction = new UpdateSecureStringFunction(logger, createFunction, deleteFunction);
    } else {
        const lambdaResponse = responseFactory.createResponse(false);
        await sendResponse(event, lambdaResponse);
        throw new Error('Unsupported Request Type used');
    }

    // Run the function and then notify CloudFormation that the function is completed.
    logger.info(LogFactory.appMessage('Handler configuration completed'));

    const result = await lambdaFunction.run();
    await sendResponse(event, result as CloudFormationCustomResourceResponse);
    logger.info(LogFactory.appMessage('Handler completed execution'));
}

async function getIdentity(): Promise<IdentityIAM | IdentitySTS | undefined> {
    console.info('Looking for calling identity');
    const sts = new AWS.STS();
    try {
        const callerResult = await sts.getCallerIdentity().promise();
        if (!callerResult.Arn){
            return undefined;
        }

        const arnParts = callerResult.Arn.split(':');
        const provider = arnParts[2]; //Should return sts or iam out of the arn:aws:iam string
        if (provider === 'sts') {
            return new UserSTS(callerResult.Arn);
        } else if (provider === 'iam') {
            return new UserIAM(callerResult.Arn);
        }
    } catch(err) {
        console.error(err as Error);
        return undefined;
    }

    return undefined;
}
	import axios from 'axios';

	import { LogFactory, Logger, LogService, MangaLaterFunction, IdentityIAM, IdentitySTS, UserIAM, UserSTS, LogMessageTypes } from '@manga-later/sdk-javascript';
	import { Context, CloudFormationCustomResourceEvent, CloudFormationCustomResourceResponse } from 'aws-lambda';

	import AWSXRay from 'aws-xray-sdk';
	import aws from 'aws-sdk';
	const AWS = AWSXRay.captureAWS(aws);

	export const SecureStringHandler = async (event: CloudFormationCustomResourceEvent, context: Context): Promise<void> => {
	const identity: IdentityIAM \| IdentitySTS \| undefined = await getIdentity();
	if (!identity) {
	await sendResponse(event, responseFactory.createResponse(false));
	throw new Error('Could not get Identity from Lambda');
	}

	// Instantiate the appropriate function for the request type.
	let lambdaFunction: MangaLaterFunction;

	if (event.RequestType === RequestTypes.CREATE) {
	lambdaFunction = new CreateSecureStringFunction(logger, secureStringService, responseFactory, event, context);
	} else if (event.RequestType === RequestTypes.DELETE) {
	lambdaFunction = new DeleteSecureStringFunction(logger, secureStringService, responseFactory, event);
	} else if (event.RequestType === RequestTypes.UPDATE) {
	const createFunction = new CreateSecureStringFunction(logger, secureStringService, responseFactory, event, context);
	const deleteFunction = new DeleteSecureStringFunction(logger, secureStringService, responseFactory, event);
	lambdaFunction = new UpdateSecureStringFunction(logger, createFunction, deleteFunction);
	} else {
	const lambdaResponse = responseFactory.createResponse(false);
	await sendResponse(event, lambdaResponse);
	throw new Error('Unsupported Request Type used');
	}

	// Run the function and then notify CloudFormation that the function is completed.
	logger.info(LogFactory.appMessage('Handler configuration completed'));

	const result = await lambdaFunction.run();
	await sendResponse(event, result as CloudFormationCustomResourceResponse);
	logger.info(LogFactory.appMessage('Handler completed execution'));
	}

	async function getIdentity(): Promise<IdentityIAM \| IdentitySTS \| undefined> {
	console.info('Looking for calling identity');
	const sts = new AWS.STS();
	try {
	const callerResult = await sts.getCallerIdentity().promise();
	if (!callerResult.Arn){
	return undefined;
	}

	const arnParts = callerResult.Arn.split(':');
	const provider = arnParts[2]; //Should return sts or iam out of the arn:aws:iam string
	if (provider === 'sts') {
	return new UserSTS(callerResult.Arn);
	} else if (provider === 'iam') {
	return new UserIAM(callerResult.Arn);
	}
	} catch(err) {
	console.error(err as Error);
	return undefined;
	}

	return undefined;
	}