@aws-amplify/backend-notifications 0.0.0-test-20260708085627
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +235 -0
- package/lib/campaign-association-asset/index.js +48413 -0
- package/lib/constants.d.ts +122 -0
- package/lib/constants.js +125 -0
- package/lib/construct.d.ts +283 -0
- package/lib/construct.js +824 -0
- package/lib/factory.d.ts +53 -0
- package/lib/factory.js +158 -0
- package/lib/handler-asset/index.js +530 -0
- package/lib/index.d.ts +7 -0
- package/lib/index.js +5 -0
- package/lib/lambda/campaign-association/handler.d.ts +29 -0
- package/lib/lambda/campaign-association/handler.js +80 -0
- package/lib/lambda/campaign-association/integration.d.ts +59 -0
- package/lib/lambda/campaign-association/integration.js +108 -0
- package/lib/lambda/campaign-association/onboarding.d.ts +25 -0
- package/lib/lambda/campaign-association/onboarding.js +74 -0
- package/lib/lambda/identify/device_resolver.d.ts +18 -0
- package/lib/lambda/identify/device_resolver.js +56 -0
- package/lib/lambda/identify/handler.d.ts +17 -0
- package/lib/lambda/identify/handler.js +124 -0
- package/lib/lambda/identify/mapping.d.ts +61 -0
- package/lib/lambda/identify/mapping.js +171 -0
- package/lib/lambda/identify/merge_resolver.d.ts +26 -0
- package/lib/lambda/identify/merge_resolver.js +36 -0
- package/lib/lambda/identify/principal.d.ts +68 -0
- package/lib/lambda/identify/principal.js +48 -0
- package/lib/lambda/identify/profile_resolver.d.ts +35 -0
- package/lib/lambda/identify/profile_resolver.js +65 -0
- package/lib/lambda/identify/types.d.ts +90 -0
- package/lib/lambda/identify/types.js +10 -0
- package/lib/lambda/identify/validation.d.ts +15 -0
- package/lib/lambda/identify/validation.js +99 -0
- package/lib/lambda/push/delivery.d.ts +49 -0
- package/lib/lambda/push/delivery.js +120 -0
- package/lib/lambda/push/device_lookup.d.ts +35 -0
- package/lib/lambda/push/device_lookup.js +88 -0
- package/lib/lambda/push/eum_client.d.ts +31 -0
- package/lib/lambda/push/eum_client.js +140 -0
- package/lib/lambda/push/event.d.ts +32 -0
- package/lib/lambda/push/event.js +122 -0
- package/lib/lambda/push/fixtures/real_journey_event.d.ts +19 -0
- package/lib/lambda/push/fixtures/real_journey_event.js +22 -0
- package/lib/lambda/push/handler.d.ts +15 -0
- package/lib/lambda/push/handler.js +86 -0
- package/lib/lambda/push/message_template.d.ts +72 -0
- package/lib/lambda/push/message_template.js +270 -0
- package/lib/lambda/push/payload.d.ts +25 -0
- package/lib/lambda/push/payload.js +53 -0
- package/lib/lambda/push/types.d.ts +153 -0
- package/lib/lambda/push/types.js +4 -0
- package/lib/lambda/shared/retry.d.ts +18 -0
- package/lib/lambda/shared/retry.js +45 -0
- package/lib/object_types.d.ts +63 -0
- package/lib/object_types.js +131 -0
- package/lib/push-handler-asset/index.js +75517 -0
- package/lib/types.d.ts +125 -0
- package/lib/types.js +2 -0
- package/package.json +49 -0
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shared constants describing the Customer Profiles object model.
|
|
3
|
+
*
|
|
4
|
+
* Referenced by BOTH the CDK object-type definitions and the Lambda handler,
|
|
5
|
+
* so they must stay in lockstep.
|
|
6
|
+
*/
|
|
7
|
+
/** Profile object type. Declares the searchable identity key + attr schema. */
|
|
8
|
+
export declare const OBJECT_TYPE_PROFILE = "AmplifyProfile";
|
|
9
|
+
/**
|
|
10
|
+
* Guest profile object type. A distinct object type is
|
|
11
|
+
* required because Customer Profiles permits EXACTLY ONE `UNIQUE` key per object
|
|
12
|
+
* type AND `PutProfileObject` requires the ingested object to carry that UNIQUE
|
|
13
|
+
* key. The authed `AmplifyProfile` reserves its single UNIQUE key for
|
|
14
|
+
* `cognitoSub`, so guest profiles — keyed on the Identity Pool `identityId` —
|
|
15
|
+
* get their own object type whose UNIQUE key is `cognitoIdentityKey`. Both
|
|
16
|
+
* object types create ordinary profiles in the SAME domain; the device object
|
|
17
|
+
* type carries both identity keys as PROFILE keys so a device resolves to
|
|
18
|
+
* whichever profile it belongs to.
|
|
19
|
+
*/
|
|
20
|
+
export declare const OBJECT_TYPE_GUEST_PROFILE = "AmplifyGuestProfile";
|
|
21
|
+
/** Device object type. One object per stable deviceId; token is a field. */
|
|
22
|
+
export declare const OBJECT_TYPE_DEVICE = "AmplifyDevice";
|
|
23
|
+
/**
|
|
24
|
+
* Searchable profile key that binds a profile to a verified Cognito subject.
|
|
25
|
+
* Profiles are looked up by THIS key (SearchProfiles), never by the Attributes
|
|
26
|
+
* map. The same key name is used as the PROFILE-resolution key on the device
|
|
27
|
+
* object type so device objects merge into the correct profile.
|
|
28
|
+
*/
|
|
29
|
+
export declare const COGNITO_USER_KEY = "cognitoUserKey";
|
|
30
|
+
/**
|
|
31
|
+
* Searchable profile key that binds a profile to an
|
|
32
|
+
* UNAUTHENTICATED Cognito Identity Pool identity (the `cognitoIdentityId`, e.g.
|
|
33
|
+
* `us-east-1:<uuid>`). A guest has no JWT `sub`, so its profile is keyed by this
|
|
34
|
+
* key instead of {@link COGNITO_USER_KEY}. Also the PROFILE-resolution key on the
|
|
35
|
+
* device object type so a guest's device objects merge into the guest profile.
|
|
36
|
+
* On sign-in the guest profile is folded into the authed (sub-keyed) profile via
|
|
37
|
+
* MergeProfiles (see merge_resolver).
|
|
38
|
+
*/
|
|
39
|
+
export declare const COGNITO_IDENTITY_KEY = "cognitoIdentityKey";
|
|
40
|
+
/** Object field carrying the guest identity value (sourced into the key). */
|
|
41
|
+
export declare const COGNITO_IDENTITY_FIELD = "cognitoIdentityId";
|
|
42
|
+
/** Object field carrying the authed identity value (sourced into the key). */
|
|
43
|
+
export declare const COGNITO_SUB_FIELD = "cognitoSub";
|
|
44
|
+
/** Max length of a Customer Profiles attribute value (single string). */
|
|
45
|
+
export declare const MAX_ATTRIBUTE_LENGTH = 255;
|
|
46
|
+
/** Environment variable carrying the Customer Profiles domain name. */
|
|
47
|
+
export declare const ENV_DOMAIN_NAME = "PROFILES_DOMAIN_NAME";
|
|
48
|
+
/**
|
|
49
|
+
* Environment variable carrying the AWS End User Messaging / Pinpoint
|
|
50
|
+
* application (project) id the push-delivery Lambda calls `SendMessages`
|
|
51
|
+
* against.
|
|
52
|
+
*/
|
|
53
|
+
export declare const ENV_EUM_APPLICATION_ID = "EUM_APPLICATION_ID";
|
|
54
|
+
/**
|
|
55
|
+
* Amazon Connect integration type that binds a Q in Connect (Wisdom) knowledge
|
|
56
|
+
* base — the store for message templates — to a Connect instance. Used by the
|
|
57
|
+
* push Lambda's runtime knowledge-base discovery
|
|
58
|
+
* (ListIntegrationAssociations filtered to this type).
|
|
59
|
+
*/
|
|
60
|
+
export declare const Q_MESSAGE_TEMPLATES_INTEGRATION_TYPE = "Q_MESSAGE_TEMPLATES";
|
|
61
|
+
/**
|
|
62
|
+
* Channel subtype of the Q in Connect message templates this backend renders.
|
|
63
|
+
* Only PUSH templates are eligible for push-notification copy resolution.
|
|
64
|
+
*/
|
|
65
|
+
export declare const PUSH_CHANNEL_SUBTYPE = "PUSH";
|
|
66
|
+
/**
|
|
67
|
+
* Version qualifier appended to a message-template id to reference its ACTIVE
|
|
68
|
+
* (published) version — e.g. `GetMessageTemplate(<id>:$ACTIVE_VERSION)`.
|
|
69
|
+
*/
|
|
70
|
+
export declare const ACTIVE_VERSION_QUALIFIER = "$ACTIVE_VERSION";
|
|
71
|
+
/** Default push-notification title when the event carries none. */
|
|
72
|
+
export declare const DEFAULT_PUSH_TITLE = "Notification";
|
|
73
|
+
/** Default push-notification body when the event carries none. */
|
|
74
|
+
export declare const DEFAULT_PUSH_BODY = "You have a new notification.";
|
|
75
|
+
/**
|
|
76
|
+
* Service principals allowed to invoke the push-delivery Lambda via a
|
|
77
|
+
* resource-based policy. Amazon Connect Journey Custom-actions invoke Lambda
|
|
78
|
+
* under `connect.amazonaws.com`; Outbound Campaigns v2 uses
|
|
79
|
+
* `connect-campaigns.amazonaws.com`. Granting both lets the customer's Journey
|
|
80
|
+
* / campaign call the push Lambda without a broad wildcard principal.
|
|
81
|
+
*/
|
|
82
|
+
export declare const CONNECT_INVOKE_SERVICE_PRINCIPALS: string[];
|
|
83
|
+
/** Default profile / object-type expiration in days. */
|
|
84
|
+
export declare const DEFAULT_EXPIRATION_DAYS = 366;
|
|
85
|
+
/**
|
|
86
|
+
* Outbound Campaigns v2 <-> Customer Profiles object-type routing map. This
|
|
87
|
+
* label map binds a campaign channel to the BUILT-IN Customer Profiles object
|
|
88
|
+
* template of the same name; it is a routing/label map, NOT a set of object
|
|
89
|
+
* types that must be pre-created via PutProfileObjectType. The same map is
|
|
90
|
+
* supplied to BOTH `connectcampaignsv2:PutConnectInstanceIntegration` (as
|
|
91
|
+
* `integrationConfig.customerProfiles.objectTypeNames`) and
|
|
92
|
+
* `customer-profiles:PutIntegration` (as `ObjectTypeNames`) so Connect Journeys
|
|
93
|
+
* can target the domain's profiles.
|
|
94
|
+
*/
|
|
95
|
+
export declare const CAMPAIGN_OBJECT_TYPE_NAMES: {
|
|
96
|
+
readonly 'Campaign-Email': "Campaign-Email";
|
|
97
|
+
readonly 'Campaign-SMS': "Campaign-SMS";
|
|
98
|
+
readonly 'Campaign-Telephony': "Campaign-Telephony";
|
|
99
|
+
readonly 'Campaign-Orchestration': "Campaign-Orchestration";
|
|
100
|
+
};
|
|
101
|
+
/**
|
|
102
|
+
* Environment variable carrying the Amazon Connect instance id the campaign
|
|
103
|
+
* -association custom resource onboards to Outbound Campaigns v2 and associates
|
|
104
|
+
* the created Customer Profiles domain with.
|
|
105
|
+
*/
|
|
106
|
+
export declare const ENV_CONNECT_INSTANCE_ID = "CONNECT_INSTANCE_ID";
|
|
107
|
+
/** AWS service principal that owns the Outbound Campaigns service-linked role. */
|
|
108
|
+
export declare const CONNECT_CAMPAIGNS_SERVICE_NAME = "connect-campaigns.amazonaws.com";
|
|
109
|
+
/** IAM path prefix under which the Outbound Campaigns service-linked role lives. */
|
|
110
|
+
export declare const CONNECT_CAMPAIGNS_SLR_PATH_PREFIX = "/aws-service-role/connect-campaigns.amazonaws.com/";
|
|
111
|
+
/**
|
|
112
|
+
* Fixed key under `custom` in `amplify_outputs.json` where the notifications
|
|
113
|
+
* endpoint / region are surfaced to the client (`custom.CustomerProfiles`).
|
|
114
|
+
*
|
|
115
|
+
* This is intentionally NOT configurable: every first-party Amplify Gen2
|
|
116
|
+
* resource (`defineAuth` / `defineData` / `defineStorage` / `defineFunction`)
|
|
117
|
+
* writes its backend output to a fixed, well-known key rather than a
|
|
118
|
+
* caller-chosen one, so the client config contributors know where to read it.
|
|
119
|
+
* This resource follows the same convention with a single stable key.
|
|
120
|
+
*/
|
|
121
|
+
export declare const OUTPUT_KEY = "CustomerProfiles";
|
|
122
|
+
//# sourceMappingURL=constants.d.ts.map
|
package/lib/constants.js
ADDED
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shared constants describing the Customer Profiles object model.
|
|
3
|
+
*
|
|
4
|
+
* Referenced by BOTH the CDK object-type definitions and the Lambda handler,
|
|
5
|
+
* so they must stay in lockstep.
|
|
6
|
+
*/
|
|
7
|
+
/** Profile object type. Declares the searchable identity key + attr schema. */
|
|
8
|
+
export const OBJECT_TYPE_PROFILE = 'AmplifyProfile';
|
|
9
|
+
/**
|
|
10
|
+
* Guest profile object type. A distinct object type is
|
|
11
|
+
* required because Customer Profiles permits EXACTLY ONE `UNIQUE` key per object
|
|
12
|
+
* type AND `PutProfileObject` requires the ingested object to carry that UNIQUE
|
|
13
|
+
* key. The authed `AmplifyProfile` reserves its single UNIQUE key for
|
|
14
|
+
* `cognitoSub`, so guest profiles — keyed on the Identity Pool `identityId` —
|
|
15
|
+
* get their own object type whose UNIQUE key is `cognitoIdentityKey`. Both
|
|
16
|
+
* object types create ordinary profiles in the SAME domain; the device object
|
|
17
|
+
* type carries both identity keys as PROFILE keys so a device resolves to
|
|
18
|
+
* whichever profile it belongs to.
|
|
19
|
+
*/
|
|
20
|
+
export const OBJECT_TYPE_GUEST_PROFILE = 'AmplifyGuestProfile';
|
|
21
|
+
/** Device object type. One object per stable deviceId; token is a field. */
|
|
22
|
+
export const OBJECT_TYPE_DEVICE = 'AmplifyDevice';
|
|
23
|
+
/**
|
|
24
|
+
* Searchable profile key that binds a profile to a verified Cognito subject.
|
|
25
|
+
* Profiles are looked up by THIS key (SearchProfiles), never by the Attributes
|
|
26
|
+
* map. The same key name is used as the PROFILE-resolution key on the device
|
|
27
|
+
* object type so device objects merge into the correct profile.
|
|
28
|
+
*/
|
|
29
|
+
export const COGNITO_USER_KEY = 'cognitoUserKey';
|
|
30
|
+
/**
|
|
31
|
+
* Searchable profile key that binds a profile to an
|
|
32
|
+
* UNAUTHENTICATED Cognito Identity Pool identity (the `cognitoIdentityId`, e.g.
|
|
33
|
+
* `us-east-1:<uuid>`). A guest has no JWT `sub`, so its profile is keyed by this
|
|
34
|
+
* key instead of {@link COGNITO_USER_KEY}. Also the PROFILE-resolution key on the
|
|
35
|
+
* device object type so a guest's device objects merge into the guest profile.
|
|
36
|
+
* On sign-in the guest profile is folded into the authed (sub-keyed) profile via
|
|
37
|
+
* MergeProfiles (see merge_resolver).
|
|
38
|
+
*/
|
|
39
|
+
export const COGNITO_IDENTITY_KEY = 'cognitoIdentityKey';
|
|
40
|
+
/** Object field carrying the guest identity value (sourced into the key). */
|
|
41
|
+
export const COGNITO_IDENTITY_FIELD = 'cognitoIdentityId';
|
|
42
|
+
/** Object field carrying the authed identity value (sourced into the key). */
|
|
43
|
+
export const COGNITO_SUB_FIELD = 'cognitoSub';
|
|
44
|
+
/** Max length of a Customer Profiles attribute value (single string). */
|
|
45
|
+
export const MAX_ATTRIBUTE_LENGTH = 255;
|
|
46
|
+
/** Environment variable carrying the Customer Profiles domain name. */
|
|
47
|
+
export const ENV_DOMAIN_NAME = 'PROFILES_DOMAIN_NAME';
|
|
48
|
+
/**
|
|
49
|
+
* Environment variable carrying the AWS End User Messaging / Pinpoint
|
|
50
|
+
* application (project) id the push-delivery Lambda calls `SendMessages`
|
|
51
|
+
* against.
|
|
52
|
+
*/
|
|
53
|
+
export const ENV_EUM_APPLICATION_ID = 'EUM_APPLICATION_ID';
|
|
54
|
+
/**
|
|
55
|
+
* Amazon Connect integration type that binds a Q in Connect (Wisdom) knowledge
|
|
56
|
+
* base — the store for message templates — to a Connect instance. Used by the
|
|
57
|
+
* push Lambda's runtime knowledge-base discovery
|
|
58
|
+
* (ListIntegrationAssociations filtered to this type).
|
|
59
|
+
*/
|
|
60
|
+
export const Q_MESSAGE_TEMPLATES_INTEGRATION_TYPE = 'Q_MESSAGE_TEMPLATES';
|
|
61
|
+
/**
|
|
62
|
+
* Channel subtype of the Q in Connect message templates this backend renders.
|
|
63
|
+
* Only PUSH templates are eligible for push-notification copy resolution.
|
|
64
|
+
*/
|
|
65
|
+
export const PUSH_CHANNEL_SUBTYPE = 'PUSH';
|
|
66
|
+
/**
|
|
67
|
+
* Version qualifier appended to a message-template id to reference its ACTIVE
|
|
68
|
+
* (published) version — e.g. `GetMessageTemplate(<id>:$ACTIVE_VERSION)`.
|
|
69
|
+
*/
|
|
70
|
+
export const ACTIVE_VERSION_QUALIFIER = '$ACTIVE_VERSION';
|
|
71
|
+
/** Default push-notification title when the event carries none. */
|
|
72
|
+
export const DEFAULT_PUSH_TITLE = 'Notification';
|
|
73
|
+
/** Default push-notification body when the event carries none. */
|
|
74
|
+
export const DEFAULT_PUSH_BODY = 'You have a new notification.';
|
|
75
|
+
/**
|
|
76
|
+
* Service principals allowed to invoke the push-delivery Lambda via a
|
|
77
|
+
* resource-based policy. Amazon Connect Journey Custom-actions invoke Lambda
|
|
78
|
+
* under `connect.amazonaws.com`; Outbound Campaigns v2 uses
|
|
79
|
+
* `connect-campaigns.amazonaws.com`. Granting both lets the customer's Journey
|
|
80
|
+
* / campaign call the push Lambda without a broad wildcard principal.
|
|
81
|
+
*/
|
|
82
|
+
export const CONNECT_INVOKE_SERVICE_PRINCIPALS = [
|
|
83
|
+
'connect.amazonaws.com',
|
|
84
|
+
'connect-campaigns.amazonaws.com',
|
|
85
|
+
];
|
|
86
|
+
/** Default profile / object-type expiration in days. */
|
|
87
|
+
export const DEFAULT_EXPIRATION_DAYS = 366;
|
|
88
|
+
/**
|
|
89
|
+
* Outbound Campaigns v2 <-> Customer Profiles object-type routing map. This
|
|
90
|
+
* label map binds a campaign channel to the BUILT-IN Customer Profiles object
|
|
91
|
+
* template of the same name; it is a routing/label map, NOT a set of object
|
|
92
|
+
* types that must be pre-created via PutProfileObjectType. The same map is
|
|
93
|
+
* supplied to BOTH `connectcampaignsv2:PutConnectInstanceIntegration` (as
|
|
94
|
+
* `integrationConfig.customerProfiles.objectTypeNames`) and
|
|
95
|
+
* `customer-profiles:PutIntegration` (as `ObjectTypeNames`) so Connect Journeys
|
|
96
|
+
* can target the domain's profiles.
|
|
97
|
+
*/
|
|
98
|
+
export const CAMPAIGN_OBJECT_TYPE_NAMES = {
|
|
99
|
+
'Campaign-Email': 'Campaign-Email',
|
|
100
|
+
'Campaign-SMS': 'Campaign-SMS',
|
|
101
|
+
'Campaign-Telephony': 'Campaign-Telephony',
|
|
102
|
+
'Campaign-Orchestration': 'Campaign-Orchestration',
|
|
103
|
+
};
|
|
104
|
+
/**
|
|
105
|
+
* Environment variable carrying the Amazon Connect instance id the campaign
|
|
106
|
+
* -association custom resource onboards to Outbound Campaigns v2 and associates
|
|
107
|
+
* the created Customer Profiles domain with.
|
|
108
|
+
*/
|
|
109
|
+
export const ENV_CONNECT_INSTANCE_ID = 'CONNECT_INSTANCE_ID';
|
|
110
|
+
/** AWS service principal that owns the Outbound Campaigns service-linked role. */
|
|
111
|
+
export const CONNECT_CAMPAIGNS_SERVICE_NAME = 'connect-campaigns.amazonaws.com';
|
|
112
|
+
/** IAM path prefix under which the Outbound Campaigns service-linked role lives. */
|
|
113
|
+
export const CONNECT_CAMPAIGNS_SLR_PATH_PREFIX = '/aws-service-role/connect-campaigns.amazonaws.com/';
|
|
114
|
+
/**
|
|
115
|
+
* Fixed key under `custom` in `amplify_outputs.json` where the notifications
|
|
116
|
+
* endpoint / region are surfaced to the client (`custom.CustomerProfiles`).
|
|
117
|
+
*
|
|
118
|
+
* This is intentionally NOT configurable: every first-party Amplify Gen2
|
|
119
|
+
* resource (`defineAuth` / `defineData` / `defineStorage` / `defineFunction`)
|
|
120
|
+
* writes its backend output to a fixed, well-known key rather than a
|
|
121
|
+
* caller-chosen one, so the client config contributors know where to read it.
|
|
122
|
+
* This resource follows the same convention with a single stable key.
|
|
123
|
+
*/
|
|
124
|
+
export const OUTPUT_KEY = 'CustomerProfiles';
|
|
125
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uc3RhbnRzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2NvbnN0YW50cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7R0FLRztBQUVILCtFQUErRTtBQUMvRSxNQUFNLENBQUMsTUFBTSxtQkFBbUIsR0FBRyxnQkFBZ0IsQ0FBQztBQUVwRDs7Ozs7Ozs7OztHQVVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0seUJBQXlCLEdBQUcscUJBQXFCLENBQUM7QUFFL0QsNEVBQTRFO0FBQzVFLE1BQU0sQ0FBQyxNQUFNLGtCQUFrQixHQUFHLGVBQWUsQ0FBQztBQUVsRDs7Ozs7R0FLRztBQUNILE1BQU0sQ0FBQyxNQUFNLGdCQUFnQixHQUFHLGdCQUFnQixDQUFDO0FBRWpEOzs7Ozs7OztHQVFHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sb0JBQW9CLEdBQUcsb0JBQW9CLENBQUM7QUFFekQsNkVBQTZFO0FBQzdFLE1BQU0sQ0FBQyxNQUFNLHNCQUFzQixHQUFHLG1CQUFtQixDQUFDO0FBRTFELDhFQUE4RTtBQUM5RSxNQUFNLENBQUMsTUFBTSxpQkFBaUIsR0FBRyxZQUFZLENBQUM7QUFFOUMseUVBQXlFO0FBQ3pFLE1BQU0sQ0FBQyxNQUFNLG9CQUFvQixHQUFHLEdBQUcsQ0FBQztBQUV4Qyx1RUFBdUU7QUFDdkUsTUFBTSxDQUFDLE1BQU0sZUFBZSxHQUFHLHNCQUFzQixDQUFDO0FBRXREOzs7O0dBSUc7QUFDSCxNQUFNLENBQUMsTUFBTSxzQkFBc0IsR0FBRyxvQkFBb0IsQ0FBQztBQUUzRDs7Ozs7R0FLRztBQUNILE1BQU0sQ0FBQyxNQUFNLG9DQUFvQyxHQUFHLHFCQUFxQixDQUFDO0FBRTFFOzs7R0FHRztBQUNILE1BQU0sQ0FBQyxNQUFNLG9CQUFvQixHQUFHLE1BQU0sQ0FBQztBQUUzQzs7O0dBR0c7QUFDSCxNQUFNLENBQUMsTUFBTSx3QkFBd0IsR0FBRyxpQkFBaUIsQ0FBQztBQUUxRCxtRUFBbUU7QUFDbkUsTUFBTSxDQUFDLE1BQU0sa0JBQWtCLEdBQUcsY0FBYyxDQUFDO0FBRWpELGtFQUFrRTtBQUNsRSxNQUFNLENBQUMsTUFBTSxpQkFBaUIsR0FBRyw4QkFBOEIsQ0FBQztBQUVoRTs7Ozs7O0dBTUc7QUFDSCxNQUFNLENBQUMsTUFBTSxpQ0FBaUMsR0FBRztJQUMvQyx1QkFBdUI7SUFDdkIsaUNBQWlDO0NBQ2xDLENBQUM7QUFFRix3REFBd0Q7QUFDeEQsTUFBTSxDQUFDLE1BQU0sdUJBQXVCLEdBQUcsR0FBRyxDQUFDO0FBRTNDOzs7Ozs7Ozs7R0FTRztBQUNILE1BQU0sQ0FBQyxNQUFNLDBCQUEwQixHQUFHO0lBQ3hDLGdCQUFnQixFQUFFLGdCQUFnQjtJQUNsQyxjQUFjLEVBQUUsY0FBYztJQUM5QixvQkFBb0IsRUFBRSxvQkFBb0I7SUFDMUMsd0JBQXdCLEVBQUUsd0JBQXdCO0NBQzFDLENBQUM7QUFFWDs7OztHQUlHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sdUJBQXVCLEdBQUcscUJBQXFCLENBQUM7QUFFN0Qsa0ZBQWtGO0FBQ2xGLE1BQU0sQ0FBQyxNQUFNLDhCQUE4QixHQUFHLGlDQUFpQyxDQUFDO0FBRWhGLG9GQUFvRjtBQUNwRixNQUFNLENBQUMsTUFBTSxpQ0FBaUMsR0FDNUMsb0RBQW9ELENBQUM7QUFFdkQ7Ozs7Ozs7OztHQVNHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHLGtCQUFrQixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBTaGFyZWQgY29uc3RhbnRzIGRlc2NyaWJpbmcgdGhlIEN1c3RvbWVyIFByb2ZpbGVzIG9iamVjdCBtb2RlbC5cbiAqXG4gKiBSZWZlcmVuY2VkIGJ5IEJPVEggdGhlIENESyBvYmplY3QtdHlwZSBkZWZpbml0aW9ucyBhbmQgdGhlIExhbWJkYSBoYW5kbGVyLFxuICogc28gdGhleSBtdXN0IHN0YXkgaW4gbG9ja3N0ZXAuXG4gKi9cblxuLyoqIFByb2ZpbGUgb2JqZWN0IHR5cGUuIERlY2xhcmVzIHRoZSBzZWFyY2hhYmxlIGlkZW50aXR5IGtleSArIGF0dHIgc2NoZW1hLiAqL1xuZXhwb3J0IGNvbnN0IE9CSkVDVF9UWVBFX1BST0ZJTEUgPSAnQW1wbGlmeVByb2ZpbGUnO1xuXG4vKipcbiAqIEd1ZXN0IHByb2ZpbGUgb2JqZWN0IHR5cGUuIEEgZGlzdGluY3Qgb2JqZWN0IHR5cGUgaXNcbiAqIHJlcXVpcmVkIGJlY2F1c2UgQ3VzdG9tZXIgUHJvZmlsZXMgcGVybWl0cyBFWEFDVExZIE9ORSBgVU5JUVVFYCBrZXkgcGVyIG9iamVjdFxuICogdHlwZSBBTkQgYFB1dFByb2ZpbGVPYmplY3RgIHJlcXVpcmVzIHRoZSBpbmdlc3RlZCBvYmplY3QgdG8gY2FycnkgdGhhdCBVTklRVUVcbiAqIGtleS4gVGhlIGF1dGhlZCBgQW1wbGlmeVByb2ZpbGVgIHJlc2VydmVzIGl0cyBzaW5nbGUgVU5JUVVFIGtleSBmb3JcbiAqIGBjb2duaXRvU3ViYCwgc28gZ3Vlc3QgcHJvZmlsZXMg4oCUIGtleWVkIG9uIHRoZSBJZGVudGl0eSBQb29sIGBpZGVudGl0eUlkYCDigJRcbiAqIGdldCB0aGVpciBvd24gb2JqZWN0IHR5cGUgd2hvc2UgVU5JUVVFIGtleSBpcyBgY29nbml0b0lkZW50aXR5S2V5YC4gQm90aFxuICogb2JqZWN0IHR5cGVzIGNyZWF0ZSBvcmRpbmFyeSBwcm9maWxlcyBpbiB0aGUgU0FNRSBkb21haW47IHRoZSBkZXZpY2Ugb2JqZWN0XG4gKiB0eXBlIGNhcnJpZXMgYm90aCBpZGVudGl0eSBrZXlzIGFzIFBST0ZJTEUga2V5cyBzbyBhIGRldmljZSByZXNvbHZlcyB0b1xuICogd2hpY2hldmVyIHByb2ZpbGUgaXQgYmVsb25ncyB0by5cbiAqL1xuZXhwb3J0IGNvbnN0IE9CSkVDVF9UWVBFX0dVRVNUX1BST0ZJTEUgPSAnQW1wbGlmeUd1ZXN0UHJvZmlsZSc7XG5cbi8qKiBEZXZpY2Ugb2JqZWN0IHR5cGUuIE9uZSBvYmplY3QgcGVyIHN0YWJsZSBkZXZpY2VJZDsgdG9rZW4gaXMgYSBmaWVsZC4gKi9cbmV4cG9ydCBjb25zdCBPQkpFQ1RfVFlQRV9ERVZJQ0UgPSAnQW1wbGlmeURldmljZSc7XG5cbi8qKlxuICogU2VhcmNoYWJsZSBwcm9maWxlIGtleSB0aGF0IGJpbmRzIGEgcHJvZmlsZSB0byBhIHZlcmlmaWVkIENvZ25pdG8gc3ViamVjdC5cbiAqIFByb2ZpbGVzIGFyZSBsb29rZWQgdXAgYnkgVEhJUyBrZXkgKFNlYXJjaFByb2ZpbGVzKSwgbmV2ZXIgYnkgdGhlIEF0dHJpYnV0ZXNcbiAqIG1hcC4gVGhlIHNhbWUga2V5IG5hbWUgaXMgdXNlZCBhcyB0aGUgUFJPRklMRS1yZXNvbHV0aW9uIGtleSBvbiB0aGUgZGV2aWNlXG4gKiBvYmplY3QgdHlwZSBzbyBkZXZpY2Ugb2JqZWN0cyBtZXJnZSBpbnRvIHRoZSBjb3JyZWN0IHByb2ZpbGUuXG4gKi9cbmV4cG9ydCBjb25zdCBDT0dOSVRPX1VTRVJfS0VZID0gJ2NvZ25pdG9Vc2VyS2V5JztcblxuLyoqXG4gKiBTZWFyY2hhYmxlIHByb2ZpbGUga2V5IHRoYXQgYmluZHMgYSBwcm9maWxlIHRvIGFuXG4gKiBVTkFVVEhFTlRJQ0FURUQgQ29nbml0byBJZGVudGl0eSBQb29sIGlkZW50aXR5ICh0aGUgYGNvZ25pdG9JZGVudGl0eUlkYCwgZS5nLlxuICogYHVzLWVhc3QtMTo8dXVpZD5gKS4gQSBndWVzdCBoYXMgbm8gSldUIGBzdWJgLCBzbyBpdHMgcHJvZmlsZSBpcyBrZXllZCBieSB0aGlzXG4gKiBrZXkgaW5zdGVhZCBvZiB7QGxpbmsgQ09HTklUT19VU0VSX0tFWX0uIEFsc28gdGhlIFBST0ZJTEUtcmVzb2x1dGlvbiBrZXkgb24gdGhlXG4gKiBkZXZpY2Ugb2JqZWN0IHR5cGUgc28gYSBndWVzdCdzIGRldmljZSBvYmplY3RzIG1lcmdlIGludG8gdGhlIGd1ZXN0IHByb2ZpbGUuXG4gKiBPbiBzaWduLWluIHRoZSBndWVzdCBwcm9maWxlIGlzIGZvbGRlZCBpbnRvIHRoZSBhdXRoZWQgKHN1Yi1rZXllZCkgcHJvZmlsZSB2aWFcbiAqIE1lcmdlUHJvZmlsZXMgKHNlZSBtZXJnZV9yZXNvbHZlcikuXG4gKi9cbmV4cG9ydCBjb25zdCBDT0dOSVRPX0lERU5USVRZX0tFWSA9ICdjb2duaXRvSWRlbnRpdHlLZXknO1xuXG4vKiogT2JqZWN0IGZpZWxkIGNhcnJ5aW5nIHRoZSBndWVzdCBpZGVudGl0eSB2YWx1ZSAoc291cmNlZCBpbnRvIHRoZSBrZXkpLiAqL1xuZXhwb3J0IGNvbnN0IENPR05JVE9fSURFTlRJVFlfRklFTEQgPSAnY29nbml0b0lkZW50aXR5SWQnO1xuXG4vKiogT2JqZWN0IGZpZWxkIGNhcnJ5aW5nIHRoZSBhdXRoZWQgaWRlbnRpdHkgdmFsdWUgKHNvdXJjZWQgaW50byB0aGUga2V5KS4gKi9cbmV4cG9ydCBjb25zdCBDT0dOSVRPX1NVQl9GSUVMRCA9ICdjb2duaXRvU3ViJztcblxuLyoqIE1heCBsZW5ndGggb2YgYSBDdXN0b21lciBQcm9maWxlcyBhdHRyaWJ1dGUgdmFsdWUgKHNpbmdsZSBzdHJpbmcpLiAqL1xuZXhwb3J0IGNvbnN0IE1BWF9BVFRSSUJVVEVfTEVOR1RIID0gMjU1O1xuXG4vKiogRW52aXJvbm1lbnQgdmFyaWFibGUgY2FycnlpbmcgdGhlIEN1c3RvbWVyIFByb2ZpbGVzIGRvbWFpbiBuYW1lLiAqL1xuZXhwb3J0IGNvbnN0IEVOVl9ET01BSU5fTkFNRSA9ICdQUk9GSUxFU19ET01BSU5fTkFNRSc7XG5cbi8qKlxuICogRW52aXJvbm1lbnQgdmFyaWFibGUgY2FycnlpbmcgdGhlIEFXUyBFbmQgVXNlciBNZXNzYWdpbmcgLyBQaW5wb2ludFxuICogYXBwbGljYXRpb24gKHByb2plY3QpIGlkIHRoZSBwdXNoLWRlbGl2ZXJ5IExhbWJkYSBjYWxscyBgU2VuZE1lc3NhZ2VzYFxuICogYWdhaW5zdC5cbiAqL1xuZXhwb3J0IGNvbnN0IEVOVl9FVU1fQVBQTElDQVRJT05fSUQgPSAnRVVNX0FQUExJQ0FUSU9OX0lEJztcblxuLyoqXG4gKiBBbWF6b24gQ29ubmVjdCBpbnRlZ3JhdGlvbiB0eXBlIHRoYXQgYmluZHMgYSBRIGluIENvbm5lY3QgKFdpc2RvbSkga25vd2xlZGdlXG4gKiBiYXNlIOKAlCB0aGUgc3RvcmUgZm9yIG1lc3NhZ2UgdGVtcGxhdGVzIOKAlCB0byBhIENvbm5lY3QgaW5zdGFuY2UuIFVzZWQgYnkgdGhlXG4gKiBwdXNoIExhbWJkYSdzIHJ1bnRpbWUga25vd2xlZGdlLWJhc2UgZGlzY292ZXJ5XG4gKiAoTGlzdEludGVncmF0aW9uQXNzb2NpYXRpb25zIGZpbHRlcmVkIHRvIHRoaXMgdHlwZSkuXG4gKi9cbmV4cG9ydCBjb25zdCBRX01FU1NBR0VfVEVNUExBVEVTX0lOVEVHUkFUSU9OX1RZUEUgPSAnUV9NRVNTQUdFX1RFTVBMQVRFUyc7XG5cbi8qKlxuICogQ2hhbm5lbCBzdWJ0eXBlIG9mIHRoZSBRIGluIENvbm5lY3QgbWVzc2FnZSB0ZW1wbGF0ZXMgdGhpcyBiYWNrZW5kIHJlbmRlcnMuXG4gKiBPbmx5IFBVU0ggdGVtcGxhdGVzIGFyZSBlbGlnaWJsZSBmb3IgcHVzaC1ub3RpZmljYXRpb24gY29weSByZXNvbHV0aW9uLlxuICovXG5leHBvcnQgY29uc3QgUFVTSF9DSEFOTkVMX1NVQlRZUEUgPSAnUFVTSCc7XG5cbi8qKlxuICogVmVyc2lvbiBxdWFsaWZpZXIgYXBwZW5kZWQgdG8gYSBtZXNzYWdlLXRlbXBsYXRlIGlkIHRvIHJlZmVyZW5jZSBpdHMgQUNUSVZFXG4gKiAocHVibGlzaGVkKSB2ZXJzaW9uIOKAlCBlLmcuIGBHZXRNZXNzYWdlVGVtcGxhdGUoPGlkPjokQUNUSVZFX1ZFUlNJT04pYC5cbiAqL1xuZXhwb3J0IGNvbnN0IEFDVElWRV9WRVJTSU9OX1FVQUxJRklFUiA9ICckQUNUSVZFX1ZFUlNJT04nO1xuXG4vKiogRGVmYXVsdCBwdXNoLW5vdGlmaWNhdGlvbiB0aXRsZSB3aGVuIHRoZSBldmVudCBjYXJyaWVzIG5vbmUuICovXG5leHBvcnQgY29uc3QgREVGQVVMVF9QVVNIX1RJVExFID0gJ05vdGlmaWNhdGlvbic7XG5cbi8qKiBEZWZhdWx0IHB1c2gtbm90aWZpY2F0aW9uIGJvZHkgd2hlbiB0aGUgZXZlbnQgY2FycmllcyBub25lLiAqL1xuZXhwb3J0IGNvbnN0IERFRkFVTFRfUFVTSF9CT0RZID0gJ1lvdSBoYXZlIGEgbmV3IG5vdGlmaWNhdGlvbi4nO1xuXG4vKipcbiAqIFNlcnZpY2UgcHJpbmNpcGFscyBhbGxvd2VkIHRvIGludm9rZSB0aGUgcHVzaC1kZWxpdmVyeSBMYW1iZGEgdmlhIGFcbiAqIHJlc291cmNlLWJhc2VkIHBvbGljeS4gQW1hem9uIENvbm5lY3QgSm91cm5leSBDdXN0b20tYWN0aW9ucyBpbnZva2UgTGFtYmRhXG4gKiB1bmRlciBgY29ubmVjdC5hbWF6b25hd3MuY29tYDsgT3V0Ym91bmQgQ2FtcGFpZ25zIHYyIHVzZXNcbiAqIGBjb25uZWN0LWNhbXBhaWducy5hbWF6b25hd3MuY29tYC4gR3JhbnRpbmcgYm90aCBsZXRzIHRoZSBjdXN0b21lcidzIEpvdXJuZXlcbiAqIC8gY2FtcGFpZ24gY2FsbCB0aGUgcHVzaCBMYW1iZGEgd2l0aG91dCBhIGJyb2FkIHdpbGRjYXJkIHByaW5jaXBhbC5cbiAqL1xuZXhwb3J0IGNvbnN0IENPTk5FQ1RfSU5WT0tFX1NFUlZJQ0VfUFJJTkNJUEFMUyA9IFtcbiAgJ2Nvbm5lY3QuYW1hem9uYXdzLmNvbScsXG4gICdjb25uZWN0LWNhbXBhaWducy5hbWF6b25hd3MuY29tJyxcbl07XG5cbi8qKiBEZWZhdWx0IHByb2ZpbGUgLyBvYmplY3QtdHlwZSBleHBpcmF0aW9uIGluIGRheXMuICovXG5leHBvcnQgY29uc3QgREVGQVVMVF9FWFBJUkFUSU9OX0RBWVMgPSAzNjY7XG5cbi8qKlxuICogT3V0Ym91bmQgQ2FtcGFpZ25zIHYyIDwtPiBDdXN0b21lciBQcm9maWxlcyBvYmplY3QtdHlwZSByb3V0aW5nIG1hcC4gVGhpc1xuICogbGFiZWwgbWFwIGJpbmRzIGEgY2FtcGFpZ24gY2hhbm5lbCB0byB0aGUgQlVJTFQtSU4gQ3VzdG9tZXIgUHJvZmlsZXMgb2JqZWN0XG4gKiB0ZW1wbGF0ZSBvZiB0aGUgc2FtZSBuYW1lOyBpdCBpcyBhIHJvdXRpbmcvbGFiZWwgbWFwLCBOT1QgYSBzZXQgb2Ygb2JqZWN0XG4gKiB0eXBlcyB0aGF0IG11c3QgYmUgcHJlLWNyZWF0ZWQgdmlhIFB1dFByb2ZpbGVPYmplY3RUeXBlLiBUaGUgc2FtZSBtYXAgaXNcbiAqIHN1cHBsaWVkIHRvIEJPVEggYGNvbm5lY3RjYW1wYWlnbnN2MjpQdXRDb25uZWN0SW5zdGFuY2VJbnRlZ3JhdGlvbmAgKGFzXG4gKiBgaW50ZWdyYXRpb25Db25maWcuY3VzdG9tZXJQcm9maWxlcy5vYmplY3RUeXBlTmFtZXNgKSBhbmRcbiAqIGBjdXN0b21lci1wcm9maWxlczpQdXRJbnRlZ3JhdGlvbmAgKGFzIGBPYmplY3RUeXBlTmFtZXNgKSBzbyBDb25uZWN0IEpvdXJuZXlzXG4gKiBjYW4gdGFyZ2V0IHRoZSBkb21haW4ncyBwcm9maWxlcy5cbiAqL1xuZXhwb3J0IGNvbnN0IENBTVBBSUdOX09CSkVDVF9UWVBFX05BTUVTID0ge1xuICAnQ2FtcGFpZ24tRW1haWwnOiAnQ2FtcGFpZ24tRW1haWwnLFxuICAnQ2FtcGFpZ24tU01TJzogJ0NhbXBhaWduLVNNUycsXG4gICdDYW1wYWlnbi1UZWxlcGhvbnknOiAnQ2FtcGFpZ24tVGVsZXBob255JyxcbiAgJ0NhbXBhaWduLU9yY2hlc3RyYXRpb24nOiAnQ2FtcGFpZ24tT3JjaGVzdHJhdGlvbicsXG59IGFzIGNvbnN0O1xuXG4vKipcbiAqIEVudmlyb25tZW50IHZhcmlhYmxlIGNhcnJ5aW5nIHRoZSBBbWF6b24gQ29ubmVjdCBpbnN0YW5jZSBpZCB0aGUgY2FtcGFpZ25cbiAqIC1hc3NvY2lhdGlvbiBjdXN0b20gcmVzb3VyY2Ugb25ib2FyZHMgdG8gT3V0Ym91bmQgQ2FtcGFpZ25zIHYyIGFuZCBhc3NvY2lhdGVzXG4gKiB0aGUgY3JlYXRlZCBDdXN0b21lciBQcm9maWxlcyBkb21haW4gd2l0aC5cbiAqL1xuZXhwb3J0IGNvbnN0IEVOVl9DT05ORUNUX0lOU1RBTkNFX0lEID0gJ0NPTk5FQ1RfSU5TVEFOQ0VfSUQnO1xuXG4vKiogQVdTIHNlcnZpY2UgcHJpbmNpcGFsIHRoYXQgb3ducyB0aGUgT3V0Ym91bmQgQ2FtcGFpZ25zIHNlcnZpY2UtbGlua2VkIHJvbGUuICovXG5leHBvcnQgY29uc3QgQ09OTkVDVF9DQU1QQUlHTlNfU0VSVklDRV9OQU1FID0gJ2Nvbm5lY3QtY2FtcGFpZ25zLmFtYXpvbmF3cy5jb20nO1xuXG4vKiogSUFNIHBhdGggcHJlZml4IHVuZGVyIHdoaWNoIHRoZSBPdXRib3VuZCBDYW1wYWlnbnMgc2VydmljZS1saW5rZWQgcm9sZSBsaXZlcy4gKi9cbmV4cG9ydCBjb25zdCBDT05ORUNUX0NBTVBBSUdOU19TTFJfUEFUSF9QUkVGSVggPVxuICAnL2F3cy1zZXJ2aWNlLXJvbGUvY29ubmVjdC1jYW1wYWlnbnMuYW1hem9uYXdzLmNvbS8nO1xuXG4vKipcbiAqIEZpeGVkIGtleSB1bmRlciBgY3VzdG9tYCBpbiBgYW1wbGlmeV9vdXRwdXRzLmpzb25gIHdoZXJlIHRoZSBub3RpZmljYXRpb25zXG4gKiBlbmRwb2ludCAvIHJlZ2lvbiBhcmUgc3VyZmFjZWQgdG8gdGhlIGNsaWVudCAoYGN1c3RvbS5DdXN0b21lclByb2ZpbGVzYCkuXG4gKlxuICogVGhpcyBpcyBpbnRlbnRpb25hbGx5IE5PVCBjb25maWd1cmFibGU6IGV2ZXJ5IGZpcnN0LXBhcnR5IEFtcGxpZnkgR2VuMlxuICogcmVzb3VyY2UgKGBkZWZpbmVBdXRoYCAvIGBkZWZpbmVEYXRhYCAvIGBkZWZpbmVTdG9yYWdlYCAvIGBkZWZpbmVGdW5jdGlvbmApXG4gKiB3cml0ZXMgaXRzIGJhY2tlbmQgb3V0cHV0IHRvIGEgZml4ZWQsIHdlbGwta25vd24ga2V5IHJhdGhlciB0aGFuIGFcbiAqIGNhbGxlci1jaG9zZW4gb25lLCBzbyB0aGUgY2xpZW50IGNvbmZpZyBjb250cmlidXRvcnMga25vdyB3aGVyZSB0byByZWFkIGl0LlxuICogVGhpcyByZXNvdXJjZSBmb2xsb3dzIHRoZSBzYW1lIGNvbnZlbnRpb24gd2l0aCBhIHNpbmdsZSBzdGFibGUga2V5LlxuICovXG5leHBvcnQgY29uc3QgT1VUUFVUX0tFWSA9ICdDdXN0b21lclByb2ZpbGVzJztcbiJdfQ==
|
|
@@ -0,0 +1,283 @@
|
|
|
1
|
+
import { Stack } from 'aws-cdk-lib';
|
|
2
|
+
import { Construct } from 'constructs';
|
|
3
|
+
import * as lambda from 'aws-cdk-lib/aws-lambda';
|
|
4
|
+
import { CfnDomain, CfnObjectType } from 'aws-cdk-lib/aws-customerprofiles';
|
|
5
|
+
import { CfnInstance } from 'aws-cdk-lib/aws-connect';
|
|
6
|
+
import { CfnAPNSChannel, CfnAPNSSandboxChannel, CfnApp, CfnGCMChannel } from 'aws-cdk-lib/aws-pinpoint';
|
|
7
|
+
import * as apigwv2 from 'aws-cdk-lib/aws-apigatewayv2';
|
|
8
|
+
import { ResourceProvider, StackProvider } from '@aws-amplify/plugin-types';
|
|
9
|
+
/** CDK resources exposed by {@link AmplifyNotifications}. */
|
|
10
|
+
export type NotificationsResources = {
|
|
11
|
+
/** The identify-user Lambda function. */
|
|
12
|
+
identifyUserFunction: lambda.IFunction;
|
|
13
|
+
/** The HTTP API fronting the identify-user route. */
|
|
14
|
+
httpApi: apigwv2.HttpApi;
|
|
15
|
+
/** The AmplifyProfile object type registered on the domain. */
|
|
16
|
+
profileObjectType: CfnObjectType;
|
|
17
|
+
/** The AmplifyGuestProfile object type registered on the domain. */
|
|
18
|
+
guestProfileObjectType: CfnObjectType;
|
|
19
|
+
/** The AmplifyDevice object type registered on the domain. */
|
|
20
|
+
deviceObjectType: CfnObjectType;
|
|
21
|
+
/**
|
|
22
|
+
* The push-delivery Lambda function, wired as the target of a Connect Journey
|
|
23
|
+
* Custom-action (Invoke Lambda).
|
|
24
|
+
*/
|
|
25
|
+
pushFunction: lambda.IFunction;
|
|
26
|
+
/** The AWS End User Messaging / Pinpoint application backing push delivery. */
|
|
27
|
+
pushApplication: CfnApp;
|
|
28
|
+
/**
|
|
29
|
+
* The APNs channel enabled on the push application, when `apnsChannel` is
|
|
30
|
+
* configured. `undefined` when no APNs configuration was provided. Either the
|
|
31
|
+
* production (`CfnAPNSChannel`) or sandbox (`CfnAPNSSandboxChannel`) channel,
|
|
32
|
+
* depending on `apnsChannel.sandbox`.
|
|
33
|
+
*/
|
|
34
|
+
apnsChannel?: CfnAPNSChannel | CfnAPNSSandboxChannel;
|
|
35
|
+
/**
|
|
36
|
+
* The GCM/FCM channel enabled on the push application, when `fcmChannel` is
|
|
37
|
+
* configured. `undefined` when no FCM configuration was provided.
|
|
38
|
+
*/
|
|
39
|
+
gcmChannel?: CfnGCMChannel;
|
|
40
|
+
/**
|
|
41
|
+
* The Amazon Connect instance created in create-from-scratch mode (when
|
|
42
|
+
* `domainName` is omitted). `undefined` in attach mode.
|
|
43
|
+
*/
|
|
44
|
+
connectInstance?: CfnInstance;
|
|
45
|
+
/**
|
|
46
|
+
* The Customer Profiles domain created in create-from-scratch mode (when
|
|
47
|
+
* `domainName` is omitted). `undefined` in attach mode, where the object types
|
|
48
|
+
* are registered into a pre-existing domain the construct does not own.
|
|
49
|
+
*/
|
|
50
|
+
profilesDomain?: CfnDomain;
|
|
51
|
+
};
|
|
52
|
+
export type AmplifyNotificationsProps = {
|
|
53
|
+
/**
|
|
54
|
+
* The JWT issuer URL the HTTP API authorizer trusts. For a Cognito user pool
|
|
55
|
+
* this is `https://cognito-idp.<region>.amazonaws.com/<userPoolId>`.
|
|
56
|
+
*/
|
|
57
|
+
readonly jwtIssuer: string;
|
|
58
|
+
/**
|
|
59
|
+
* Allowed JWT audiences. For a Cognito user pool this is the app client id(s)
|
|
60
|
+
* (matched against `aud` for id tokens / `client_id` for access tokens).
|
|
61
|
+
*/
|
|
62
|
+
readonly jwtAudience: string[];
|
|
63
|
+
/**
|
|
64
|
+
* Name of an EXISTING Customer Profiles domain to attach to — e.g. the domain
|
|
65
|
+
* Amazon Connect auto-creates when Customer Profiles is enabled on an
|
|
66
|
+
* instance. When provided, the construct runs in ATTACH mode: it registers the
|
|
67
|
+
* AmplifyProfile / AmplifyDevice object types INTO this domain and never
|
|
68
|
+
* creates an instance or a domain.
|
|
69
|
+
*
|
|
70
|
+
* OMIT this to run in the default CREATE-FROM-SCRATCH mode: the construct
|
|
71
|
+
* provisions a brand-new Amazon Connect instance AND a brand-new Customer
|
|
72
|
+
* Profiles domain (with generated, stable names) and wires everything into
|
|
73
|
+
* that new domain — so a caller needs zero pre-existing Connect setup.
|
|
74
|
+
*/
|
|
75
|
+
readonly domainName?: string;
|
|
76
|
+
/**
|
|
77
|
+
* CREATE mode only: override the auto-generated Amazon Connect instance alias.
|
|
78
|
+
* Ignored in attach mode. When omitted, a deterministic-yet-unique alias is
|
|
79
|
+
* derived from the construct's scope so it is stable across deploy/delete and
|
|
80
|
+
* unique per app. Lowercase alphanumeric characters + hyphens; must not start
|
|
81
|
+
* with
|
|
82
|
+
* `d-`.
|
|
83
|
+
*/
|
|
84
|
+
readonly instanceAlias?: string;
|
|
85
|
+
/**
|
|
86
|
+
* Override the directory containing the pre-bundled Lambda asset (an
|
|
87
|
+
* `index.js` exporting `handler`). Defaults to the handler bundled inside this
|
|
88
|
+
* package (`lib/handler-asset`, produced by `post:compile`).
|
|
89
|
+
*/
|
|
90
|
+
readonly lambdaCodePath?: string;
|
|
91
|
+
/** Profile / object-type expiration in days. Default: 366. */
|
|
92
|
+
readonly expirationDays?: number;
|
|
93
|
+
/**
|
|
94
|
+
* Override the directory containing the pre-bundled push Lambda asset (an
|
|
95
|
+
* `index.js` exporting `handler`). Defaults to the handler bundled inside this
|
|
96
|
+
* package (`lib/push-handler-asset`, produced by `post:compile`).
|
|
97
|
+
*/
|
|
98
|
+
readonly pushLambdaCodePath?: string;
|
|
99
|
+
/**
|
|
100
|
+
* Override the directory containing the pre-bundled campaign-association
|
|
101
|
+
* custom-resource Lambda asset (an `index.js` exporting `handler`). Defaults to
|
|
102
|
+
* the handler bundled inside this package (`lib/campaign-association-asset`,
|
|
103
|
+
* produced by `post:compile`). Only used in create-from-scratch mode.
|
|
104
|
+
*/
|
|
105
|
+
readonly campaignAssociationLambdaCodePath?: string;
|
|
106
|
+
/**
|
|
107
|
+
* OPTIONAL APNs channel configuration (token / `.p8` auth). When provided, the
|
|
108
|
+
* construct enables the APNs channel on the created End User Messaging
|
|
109
|
+
* (Pinpoint) application. All values are plain strings — the Amplify Gen2
|
|
110
|
+
* factory resolves the `.p8` key from an Amplify `secret()` before passing it
|
|
111
|
+
* here, keeping this construct framework-agnostic. When omitted, no APNs
|
|
112
|
+
* channel is configured.
|
|
113
|
+
*/
|
|
114
|
+
readonly apnsChannel?: {
|
|
115
|
+
/** The APNs token signing key contents (the `AuthKey_<keyId>.p8` file). */
|
|
116
|
+
readonly tokenKey: string;
|
|
117
|
+
/** The 10-character key identifier assigned to the APNs signing key. */
|
|
118
|
+
readonly keyId: string;
|
|
119
|
+
/** The Apple Developer account team identifier. */
|
|
120
|
+
readonly teamId: string;
|
|
121
|
+
/** The iOS app bundle identifier. */
|
|
122
|
+
readonly bundleId: string;
|
|
123
|
+
/**
|
|
124
|
+
* Configure the APNs **sandbox** channel instead of the production channel.
|
|
125
|
+
* @default false
|
|
126
|
+
*/
|
|
127
|
+
readonly sandbox?: boolean;
|
|
128
|
+
};
|
|
129
|
+
/**
|
|
130
|
+
* OPTIONAL FCM/GCM channel configuration (FCM HTTP v1 auth). When provided, the
|
|
131
|
+
* construct enables the GCM channel on the created End User Messaging
|
|
132
|
+
* (Pinpoint) application. The value is a plain string — the Amplify Gen2
|
|
133
|
+
* factory resolves the service-account JSON from an Amplify `secret()` before
|
|
134
|
+
* passing it here. When omitted, no GCM channel is configured.
|
|
135
|
+
*/
|
|
136
|
+
readonly fcmChannel?: {
|
|
137
|
+
/** The FCM HTTP v1 service-account JSON credential contents. */
|
|
138
|
+
readonly serviceJson: string;
|
|
139
|
+
};
|
|
140
|
+
};
|
|
141
|
+
/**
|
|
142
|
+
* Amazon Connect Customer Profiles backend for the identifyUser contract,
|
|
143
|
+
* packaged as an AWS CDK construct. Provisions:
|
|
144
|
+
* - AmplifyProfile object type: searchable `cognitoUserKey` (PROFILE + UNIQUE)
|
|
145
|
+
* identity key + person / targeting attribute schema.
|
|
146
|
+
* - AmplifyDevice object type: PROFILE-resolution key = `cognitoUserKey`,
|
|
147
|
+
* UNIQUE object key = stable `deviceId`; device fields stored raw.
|
|
148
|
+
* - identify-user Lambda with least-privilege profile:* on this domain only.
|
|
149
|
+
* - HTTP API + JWT authorizer bound to the supplied issuer / audience.
|
|
150
|
+
* - push-delivery Lambda (Connect Journey Custom-action target) + a minimal
|
|
151
|
+
* AWS End User Messaging (Pinpoint) application for `SendMessages`.
|
|
152
|
+
*
|
|
153
|
+
* It operates in one of two modes, chosen by whether `domainName` is provided:
|
|
154
|
+
*
|
|
155
|
+
* - CREATE-FROM-SCRATCH (default, `domainName` omitted): the construct also
|
|
156
|
+
* provisions a brand-new Amazon Connect instance (`AWS::Connect::Instance`,
|
|
157
|
+
* CONNECT_MANAGED, inbound/outbound enabled) AND a brand-new Customer
|
|
158
|
+
* Profiles domain (`AWS::CustomerProfiles::Domain`) with generated, stable
|
|
159
|
+
* names, then registers the object types INTO that new domain. The object
|
|
160
|
+
* types depend on the created domain so they provision after it and are torn
|
|
161
|
+
* down before it. A caller needs zero pre-existing Connect setup.
|
|
162
|
+
* - ATTACH (`domainName` provided): the construct registers the two object
|
|
163
|
+
* types INTO the existing `domainName` (additive) — such as the domain
|
|
164
|
+
* Amazon Connect auto-creates when Customer Profiles is enabled on an
|
|
165
|
+
* instance — WITHOUT creating an instance or a domain, and without touching
|
|
166
|
+
* the domain's other integrations (CTR, Outbound Campaigns) or its Identity
|
|
167
|
+
* Resolution setting.
|
|
168
|
+
*
|
|
169
|
+
* In either mode, identify works against the domain standalone. Outbound
|
|
170
|
+
* Campaigns association — so journeys can target these profiles — is AUTOMATIC
|
|
171
|
+
* in create-from-scratch mode (a Lambda-backed custom resource associates the
|
|
172
|
+
* new domain with the new instance's Outbound Campaigns v2 at deploy time). In
|
|
173
|
+
* attach mode, associating the pre-existing domain is the user's responsibility
|
|
174
|
+
* and is left untouched.
|
|
175
|
+
*
|
|
176
|
+
* This construct is framework-agnostic (aws-cdk-lib + constructs only). The
|
|
177
|
+
* `defineNotifications` factory wraps it for Amplify Gen2 backends, wiring the
|
|
178
|
+
* JWT authorizer to the app's Cognito user pool and surfacing the endpoint via
|
|
179
|
+
* backend outputs.
|
|
180
|
+
*/
|
|
181
|
+
export declare class AmplifyNotifications extends Construct implements ResourceProvider<NotificationsResources>, StackProvider {
|
|
182
|
+
/** CDK resources for lower-level access. */
|
|
183
|
+
readonly resources: NotificationsResources;
|
|
184
|
+
/** The stack this construct belongs to. */
|
|
185
|
+
readonly stack: Stack;
|
|
186
|
+
/** Base invoke URL. Clients call `POST {apiEndpoint}/identify-user`. */
|
|
187
|
+
readonly apiEndpoint: string;
|
|
188
|
+
/** The route path appended to {@link apiEndpoint}. */
|
|
189
|
+
readonly identifyUserPath = "/identify-user";
|
|
190
|
+
/**
|
|
191
|
+
* The GUEST route path appended to {@link apiEndpoint}.
|
|
192
|
+
* IAM/SigV4-authorized; unauthenticated Identity Pool callers sign requests to
|
|
193
|
+
* `POST {apiEndpoint}/identify-user-guest`.
|
|
194
|
+
*/
|
|
195
|
+
readonly guestIdentifyUserPath = "/identify-user-guest";
|
|
196
|
+
/**
|
|
197
|
+
* The `execute-api:Invoke` ARN of the GUEST route, to
|
|
198
|
+
* grant to the app's Cognito Identity Pool UNAUTHENTICATED role so guests can
|
|
199
|
+
* call the route. Scoped to POST on the guest path of this API's default
|
|
200
|
+
* stage.
|
|
201
|
+
*/
|
|
202
|
+
readonly guestRouteInvokeArn: string;
|
|
203
|
+
/** The Customer Profiles domain name the object types are registered into. */
|
|
204
|
+
readonly domainName: string;
|
|
205
|
+
/**
|
|
206
|
+
* `true` when this construct created the Customer Profiles domain + Connect
|
|
207
|
+
* instance (create-from-scratch mode); `false` when it attached to an existing
|
|
208
|
+
* domain named by `domainName`.
|
|
209
|
+
*/
|
|
210
|
+
readonly createsResources: boolean;
|
|
211
|
+
/**
|
|
212
|
+
* Id of the Amazon Connect instance created in create-from-scratch mode.
|
|
213
|
+
* `undefined` in attach mode.
|
|
214
|
+
*/
|
|
215
|
+
readonly connectInstanceId?: string;
|
|
216
|
+
/**
|
|
217
|
+
* ARN of the Amazon Connect instance created in create-from-scratch mode.
|
|
218
|
+
* `undefined` in attach mode.
|
|
219
|
+
*/
|
|
220
|
+
readonly connectInstanceArn?: string;
|
|
221
|
+
/**
|
|
222
|
+
* ARN of the push-delivery Lambda, to wire as a Connect Journey Custom-action
|
|
223
|
+
* (Invoke Lambda) target.
|
|
224
|
+
*/
|
|
225
|
+
readonly pushFunctionArn: string;
|
|
226
|
+
/**
|
|
227
|
+
* The AWS End User Messaging / Pinpoint application id this construct created
|
|
228
|
+
* and the push Lambda calls `SendMessages` against.
|
|
229
|
+
*/
|
|
230
|
+
readonly eumApplicationId: string;
|
|
231
|
+
/**
|
|
232
|
+
* Registers the AmplifyProfile / AmplifyDevice object types into the Customer
|
|
233
|
+
* Profiles domain (created here in create-from-scratch mode, or the existing
|
|
234
|
+
* `domainName` in attach mode), the identify-user Lambda + JWT-authorized HTTP
|
|
235
|
+
* API, and the push-delivery Lambda + AWS End User Messaging application for
|
|
236
|
+
* this notifications backend.
|
|
237
|
+
*/
|
|
238
|
+
constructor(scope: Construct, id: string, props: AmplifyNotificationsProps);
|
|
239
|
+
/**
|
|
240
|
+
* Create-from-scratch ONLY: a Lambda-backed CDK custom resource that
|
|
241
|
+
* associates the created Customer Profiles domain with the created Amazon
|
|
242
|
+
* Connect instance's Outbound Campaigns v2 at deploy time, so Connect Journeys
|
|
243
|
+
* can target the domain's profiles with no manual console step.
|
|
244
|
+
*
|
|
245
|
+
* A `custom-resources.Provider` fronts the handler because onboarding is
|
|
246
|
+
* asynchronous: the handler starts the instance-onboarding job, then POLLS
|
|
247
|
+
* GetInstanceOnboardingJobStatus until SUCCEEDED (an `AwsCustomResource` can't
|
|
248
|
+
* poll). onCreate/onUpdate are idempotent; onDelete best-effort reverses the
|
|
249
|
+
* integrations + offboards, never failing teardown. The resource depends on
|
|
250
|
+
* both the instance and the domain so it runs after they exist and is torn
|
|
251
|
+
* down before them.
|
|
252
|
+
*/
|
|
253
|
+
private addCampaignAssociation;
|
|
254
|
+
/**
|
|
255
|
+
* Deterministic, stable, per-app base name for the created Connect instance
|
|
256
|
+
* and Customer Profiles domain (create-from-scratch mode).
|
|
257
|
+
*
|
|
258
|
+
* The name must be STABLE across deploy and delete (so CFN resolves the same
|
|
259
|
+
* resource on teardown) and UNIQUE per app / environment (so two apps in the
|
|
260
|
+
* same account don't collide on the globally-unique Connect alias). It is
|
|
261
|
+
* derived from a short hash of the root stack name (which, in Amplify Gen2,
|
|
262
|
+
* embeds the app namespace + branch) plus this construct's path — both stable
|
|
263
|
+
* inputs.
|
|
264
|
+
*
|
|
265
|
+
* The `amazon-connect-` prefix is REQUIRED, not cosmetic: Amazon Connect's
|
|
266
|
+
* AWS-managed service-linked-role policy (`AmazonConnectServiceLinkedRolePolicy`,
|
|
267
|
+
* statement `AllowCustomerProfilesForConnectDomain`) grants the instance's
|
|
268
|
+
* role `profile:*` ONLY on `arn:aws:profile:*:*:domains/amazon-connect-*`. A
|
|
269
|
+
* domain named otherwise is unreachable by the instance — the Connect console
|
|
270
|
+
* and Journey segment builder then report "does not have permissions to access
|
|
271
|
+
* Customer Profiles". The SLR is AWS-protected (no inline policy can be added)
|
|
272
|
+
* and the managed policy is not editable, so the domain name is the only lever.
|
|
273
|
+
*/
|
|
274
|
+
private generateResourceName;
|
|
275
|
+
/**
|
|
276
|
+
* Coerce an arbitrary string into a valid Amazon Connect instance alias:
|
|
277
|
+
* lowercase alphanumeric characters + single hyphens, no leading/trailing hyphen, not
|
|
278
|
+
* starting with the reserved `d-` prefix, and within Connect's 1–62 char
|
|
279
|
+
* bound.
|
|
280
|
+
*/
|
|
281
|
+
private sanitizeInstanceAlias;
|
|
282
|
+
}
|
|
283
|
+
//# sourceMappingURL=construct.d.ts.map
|