blogpost_crossAccountRole_customizeUserTemplate_2.js

const cuid = require('cuid')
const AWS = require('aws-sdk')

// Add these to your lambda's environment variables
const REGION = 'us-east-1'
const SNS_ARN = process.env.SNS_ARN
const TEMPLATE_URL = process.env.TEMPLATE_URL
const TRUSTED_ACCOUNT = process.env.TRUSTED_ACCOUNT

var SNS = new AWS.SNS();

async function addPermissionToSns(userAccountId) {
  const snsPermissionRequest = {
    TopicArn: SNS_ARN,
    AWSAccountId: [userAccountId],
    ActionName: ['Publish'],
    Label: `AddCustomerPermission-${userAccountId}`,
  }
  await SNS.addPermission(snsPermissionRequest).promise()
}

function generateStackUrl(userExternalId) {

  const baseUrl = new URL('https://console.aws.amazon.com/cloudformation/home')
  baseUrl.searchParams.append('region', REGION)
  baseUrl.hash = ('/stacks/create/review')

  //These are not really query params: they are passed to the client and use the same annotation
  const searchParams = new URLSearchParams()
  searchParams.append('stackName', 'CoolCompany-Role')
  searchParams.append('templateURL', TEMPLATE_URL)
  searchParams.append('param_ExternalId', userExternalId)
  searchParams.append('param_TrustedAccount', TRUSTED_ACCOUNT)
  searchParams.append('param_SnsArn', SNS_ARN)

  return `${baseUrl.href}?${searchParams}`
}

module.exports.handler = async (event, context) => {

  console.log("Generating user template")

  const userAccountId = event.queryStringParameters.userAccountId
  const externalId = cuid()
  await addPermissionToSns(userAccountId)

  let generatedUrl = generateStackUrl(externalId)
  console.log(`Generated Url: ${generatedUrl}`)

  return {
    statusCode: 200,
    requestUrl: generatedUrl
  }
}