feat(secretsmanager): provide method to interact with metrics publisher Lambda function (#219)

Based on a customer request since they want to monitor the function too.

---

_By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license_

Author: Eugene Cheung

API.md

@@ -20,7 +20,7 @@ import { SecretsManagerSecretMetricFactory } from "./SecretsManagerSecretMetricF
 
 export class SecretsManagerMetricsPublisher extends Construct {
   private static instances: Record<string, SecretsManagerMetricsPublisher> = {};
-  private readonly lambda: IFunction;
+  public readonly lambda: IFunction;
 
   private constructor(scope: MonitoringScope) {
     super(scope, "SecretsManagerMetricsPublisher");

lib/monitoring/aws-secretsmanager/SecretsManagerMetricsPublisher.ts

@@ -3,6 +3,7 @@ import {
   HorizontalAnnotation,
   IWidget,
 } from "aws-cdk-lib/aws-cloudwatch";
+import { IFunction } from "aws-cdk-lib/aws-lambda";
 
 import {
   AgeAlarmFactory,
@@ -26,6 +27,10 @@ import {
   SecretsManagerSecretMetricFactoryProps,
 } from "./SecretsManagerSecretMetricFactory";
 
+export interface IPublisherConsumer {
+  consume(lambdaFunction: IFunction): void;
+}
+
 export interface SecretsManagerSecretMonitoringOptions
   extends BaseMonitoringProps {
   readonly addDaysSinceLastChangeAlarm?: Record<
@@ -41,6 +46,12 @@ export interface SecretsManagerSecretMonitoringOptions
    * @default - true, if `addDaysSinceLastRotationAlarm` is set, otherwise `false`.
    */
   readonly showLastRotationWidget?: boolean;
+
+  /**
+   * Provides access to the underlying metrics publisher Lambda function.
+   * This may be useful if you want to monitor the function itself.
+   */
+  readonly usePublisher?: IPublisherConsumer;
 }
 
 /**
@@ -116,6 +127,7 @@ export class SecretsManagerSecretMonitoring extends Monitoring {
     }
 
     props.useCreatedAlarms?.consume(this.createdAlarms());
+    props.usePublisher?.consume(publisher.lambda);
   }
 
   private getDaysSinceLastChangeWidget() {

lib/monitoring/aws-secretsmanager/SecretsManagerSecretMonitoring.ts

@@ -1,5 +1,6 @@
 import { App, Duration, Stack } from "aws-cdk-lib";
 import { Template } from "aws-cdk-lib/assertions";
+import { IFunction } from "aws-cdk-lib/aws-lambda";
 import { Secret } from "aws-cdk-lib/aws-secretsmanager";
 
 import {
@@ -29,6 +30,7 @@ test("snapshot test", () => {
 
   let numAlarmsCreated = 0;
 
+  let lambdaFunction1: IFunction;
   new SecretsManagerSecretMonitoring(scope, {
     secret: secret1,
     addDaysSinceLastChangeAlarm: {
@@ -46,8 +48,14 @@ test("snapshot test", () => {
         numAlarmsCreated += alarms.length;
       },
     },
+    usePublisher: {
+      consume(lambdaFunction: IFunction) {
+        lambdaFunction1 = lambdaFunction;
+      },
+    },
   });
 
+  let lambdaFunction2: IFunction;
   new SecretsManagerSecretMonitoring(scope, {
     secret: secret2,
     addDaysSinceLastRotationAlarm: {
@@ -61,8 +69,14 @@ test("snapshot test", () => {
         numAlarmsCreated += alarms.length;
       },
     },
+    usePublisher: {
+      consume(lambdaFunction: IFunction) {
+        lambdaFunction2 = lambdaFunction;
+      },
+    },
   });
 
+  let lambdaFunction3: IFunction;
   new SecretsManagerSecretMonitoring(scope, {
     secret: secret3,
     addDaysSinceLastChangeAlarm: {
@@ -77,10 +91,19 @@ test("snapshot test", () => {
         numAlarmsCreated += alarms.length;
       },
     },
+    usePublisher: {
+      consume(lambdaFunction: IFunction) {
+        lambdaFunction3 = lambdaFunction;
+      },
+    },
   });
 
   expect(numAlarmsCreated).toStrictEqual(4);
 
+  // All the same instance since multiple publishers shouldn't be created
+  expect(lambdaFunction1!).toBe(lambdaFunction2!);
+  expect(lambdaFunction2!).toBe(lambdaFunction3!);
+
   forceStableAssetKeys(stack);
 
   expect(Template.fromStack(stack)).toMatchSnapshot();