@aws-solutions-constructs/aws-wafwebacl-appsync 2.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/.eslintignore +4 -0
  2. package/.jsii +3343 -0
  3. package/README.md +137 -0
  4. package/architecture.png +0 -0
  5. package/lib/index.d.ts +49 -0
  6. package/lib/index.js +53 -0
  7. package/package.json +93 -0
  8. package/test/integ.no-arguments.d.ts +13 -0
  9. package/test/integ.no-arguments.expected.json +204 -0
  10. package/test/integ.no-arguments.js +32 -0
  11. package/test/test.wafwebacl-appsync.test.d.ts +13 -0
  12. package/test/test.wafwebacl-appsync.test.js +294 -0
package/README.md ADDED
@@ -0,0 +1,137 @@
1
+ # aws-wafwebacl-appsync module
2
+
3
+ <!--BEGIN STABILITY BANNER-->
4
+
5
+ ---
6
+
7
+ ![Stability: Experimental](https://img.shields.io/badge/stability-Experimental-important.svg?style=for-the-badge)
8
+
9
+ > All classes are under active development and subject to non-backward compatible changes or removal in any
10
+ > future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.
11
+ > This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
12
+
13
+ ---
14
+
15
+ <!--END STABILITY BANNER-->
16
+
17
+ | **Reference Documentation**: | <span style="font-weight: normal">https://docs.aws.amazon.com/solutions/latest/constructs/</span> |
18
+ | :--------------------------- | :------------------------------------------------------------------------------------------------ |
19
+
20
+ <div style="height:8px"></div>
21
+
22
+ | **Language** | **Package** |
23
+ | :--------------------------------------------------------------------------------------------- | --------------------------------------------------------- |
24
+ | ![Python Logo](https://docs.aws.amazon.com/cdk/api/latest/img/python32.png) Python | `aws_solutions_constructs.aws_wafwebacl_appsync` |
25
+ | ![Typescript Logo](https://docs.aws.amazon.com/cdk/api/latest/img/typescript32.png) Typescript | `@aws-solutions-constructs/aws-wafwebacl-appsync` |
26
+ | ![Java Logo](https://docs.aws.amazon.com/cdk/api/latest/img/java32.png) Java | `software.amazon.awsconstructs.services.wafwebaclappsync` |
27
+
28
+ ## Overview
29
+
30
+ This AWS Solutions Construct implements an AWS WAF web ACL connected to an AWS AppSync API.
31
+
32
+ Here is a minimal deployable pattern definition:
33
+
34
+ Typescript
35
+
36
+ ```typescript
37
+ import { Construct } from "constructs";
38
+ import { Stack, StackProps } from "aws-cdk-lib";
39
+ import {
40
+ WafwebaclToAppsyncProps,
41
+ WafwebaclToAppsync,
42
+ } from "@aws-solutions-constructs/aws-wafwebacl-appsync";
43
+
44
+ // Use an existing AppSync GraphQL API
45
+ const existingGraphQLApi = previouslyCreatedApi;
46
+
47
+ // This construct can only be attached to a configured AWS AppSync API.
48
+ new WafwebaclToAppsync(this, "test-wafwebacl-appsync", {
49
+ existingAppsyncApi: existingGraphQLApi,
50
+ });
51
+ ```
52
+
53
+ Python
54
+
55
+ ```python
56
+ from aws_solutions_constructs.aws_wafwebacl_appsync import WafwebaclToAppsyncProps, WafwebaclToAppsync
57
+ from aws_cdk import (
58
+ aws_route53 as route53,
59
+ Stack
60
+ )
61
+ from constructs import Construct
62
+
63
+ # Use an existing AppSync API
64
+ existingGraphQLApi = previouslyCreatedApi
65
+
66
+
67
+ # This construct can only be attached to a configured AWS AppSync API.
68
+ WafwebaclToAppsync(self, 'test_wafwebacl_appsync',
69
+ existing_appsync_api=existingGraphQLApi
70
+ )
71
+ ```
72
+
73
+ Java
74
+
75
+ ```java
76
+ import software.constructs.Construct;
77
+
78
+ import software.amazon.awscdk.Stack;
79
+ import software.amazon.awscdk.StackProps;
80
+ import software.amazon.awsconstructs.services.wafwebaclappsync.*;
81
+
82
+ // Use an existing AppSync API
83
+ final existingGraphQLApi = previouslyCreatedApi
84
+
85
+
86
+ // This construct can only be attached to a configured AWS AppSync API.
87
+ new WafwebaclToAppsync(this, "test-wafwebacl-appsync", new WafwebaclToAppsyncProps.Builder()
88
+ .existingAppsyncApi(existingGraphQLApi)
89
+ .build());
90
+ ```
91
+
92
+ ## Pattern Construct Props
93
+
94
+ | **Name** | **Type** | **Description** |
95
+ | :----------------- | :---------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
96
+ | existingAppsyncApi | [`appsync.CfnGraphQLApi`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_appsync.CfnGraphQLApi.html) | The existing Appsync CfnGraphQLApi object that will be protected with the WAF web ACL. _Note that a WAF web ACL can only be added to a configured AppSync API, so this construct only accepts an existing CfnGraphQLApi and does not accept CfnGraphQLApiProps._ |
97
+ | existingWebaclObj? | [`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACL.html) | Existing instance of a WAF web ACL, an error will occur if this and props is set. |
98
+ | webaclProps? | [`waf.CfnWebACLProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACLProps.html) | Optional user-provided props to override the default props for the AWS WAF web ACL. To use a different collection of managed rule sets, specify a new rules property. Use our [`wrapManagedRuleSet(managedGroupName: string, vendorName: string, priority: number)`](../core/lib/waf-defaults.ts) function from core to create an array entry from each desired managed rule set. |
99
+
100
+ ## Pattern Properties
101
+
102
+ | **Name** | **Type** | **Description** |
103
+ | :--------- | :---------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ |
104
+ | webacl | [`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACL.html) | Returns an instance of the waf.CfnWebACL created by the construct. |
105
+ | appsyncApi | [`appsync.CfnGraphQLApi`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_appsync.CfnGraphQLApi.html) | Returns an instance of the CfnGraphQLApi used by the pattern. |
106
+
107
+ ## Default settings
108
+
109
+ Out of the box implementation of the Construct without any override will set the following defaults:
110
+
111
+ ### AWS WAF
112
+
113
+ - Deploy a WAF web ACL with 7 [AWS managed rule groups](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html).
114
+
115
+ - AWSManagedRulesBotControlRuleSet
116
+ - AWSManagedRulesKnownBadInputsRuleSet
117
+ - AWSManagedRulesCommonRuleSet
118
+ - AWSManagedRulesAnonymousIpList
119
+ - AWSManagedRulesAmazonIpReputationList
120
+ - AWSManagedRulesAdminProtectionRuleSet
121
+ - AWSManagedRulesSQLiRuleSet
122
+
123
+ _Note that the default rules can be replaced by specifying the rules property of CfnWebACLProps_
124
+
125
+ - Send metrics to Amazon CloudWatch
126
+
127
+ ### AppSync API
128
+
129
+ - User provided AppSync graphql API object is used as-is
130
+
131
+ ## Architecture
132
+
133
+ ![Architecture Diagram](architecture.png)
134
+
135
+ ---
136
+
137
+ &copy; Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
package/architecture.png ADDED
Binary file
package/lib/index.d.ts ADDED
@@ -0,0 +1,49 @@
1
+ /**
2
+ * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
+ *
4
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
5
+ * with the License. A copy of the License is located at
6
+ *
7
+ * http://www.apache.org/licenses/LICENSE-2.0
8
+ *
9
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
10
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
11
+ * and limitations under the License.
12
+ */
13
+ import * as waf from "aws-cdk-lib/aws-wafv2";
14
+ import * as appsync from "aws-cdk-lib/aws-appsync";
15
+ import { Construct } from "constructs";
16
+ /**
17
+ * @summary The properties for the WafwebaclToAppsync class.
18
+ */
19
+ export interface WafwebaclToAppsyncProps {
20
+ /**
21
+ * The existing Appsync API that will be protected with the WAF web ACL.
22
+ */
23
+ readonly existingAppsyncApi: appsync.CfnGraphQLApi;
24
+ /**
25
+ * Existing instance of a WAF web ACL, an error will occur if this and props is set
26
+ */
27
+ readonly existingWebaclObj?: waf.CfnWebACL;
28
+ /**
29
+ * Optional user-provided props to override the default props for the AWS WAF web ACL.
30
+ *
31
+ * @default - Default properties are used.
32
+ */
33
+ readonly webaclProps?: waf.CfnWebACLProps;
34
+ }
35
+ /**
36
+ * @summary The WafwebaclToAppsync class.
37
+ */
38
+ export declare class WafwebaclToAppsync extends Construct {
39
+ readonly webacl: waf.CfnWebACL;
40
+ readonly appsyncApi: appsync.CfnGraphQLApi;
41
+ /**
42
+ * @summary Constructs a new instance of the WafwebaclToAppsync class.
43
+ * @param {cdk.App} scope - represents the scope for all the resources.
44
+ * @param {string} id - this is a a scope-unique id.
45
+ * @param {WafwebaclToAppsyncProps} props - user provided props for the construct.
46
+ * @access public
47
+ */
48
+ constructor(scope: Construct, id: string, props: WafwebaclToAppsyncProps);
49
+ }
package/lib/index.js ADDED
@@ -0,0 +1,53 @@
1
+ "use strict";
2
+ var _a;
3
+ Object.defineProperty(exports, "__esModule", { value: true });
4
+ exports.WafwebaclToAppsync = void 0;
5
+ const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
6
+ /**
7
+ * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
8
+ *
9
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
10
+ * with the License. A copy of the License is located at
11
+ *
12
+ * http://www.apache.org/licenses/LICENSE-2.0
13
+ *
14
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
15
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
16
+ * and limitations under the License.
17
+ */
18
+ // Imports
19
+ const waf = require("aws-cdk-lib/aws-wafv2");
20
+ const defaults = require("@aws-solutions-constructs/core");
21
+ // Note: To ensure CDKv2 compatibility, keep the import statement for Construct separate
22
+ const constructs_1 = require("constructs");
23
+ /**
24
+ * @summary The WafwebaclToAppsync class.
25
+ */
26
+ class WafwebaclToAppsync extends constructs_1.Construct {
27
+ /**
28
+ * @summary Constructs a new instance of the WafwebaclToAppsync class.
29
+ * @param {cdk.App} scope - represents the scope for all the resources.
30
+ * @param {string} id - this is a a scope-unique id.
31
+ * @param {WafwebaclToAppsyncProps} props - user provided props for the construct.
32
+ * @access public
33
+ */
34
+ constructor(scope, id, props) {
35
+ super(scope, id);
36
+ defaults.CheckProps(props);
37
+ // Build the Web ACL
38
+ this.webacl = defaults.buildWebacl(this, "REGIONAL", {
39
+ existingWebaclObj: props.existingWebaclObj,
40
+ webaclProps: props.webaclProps,
41
+ });
42
+ // Setup the Web ACL Association
43
+ new waf.CfnWebACLAssociation(scope, `${id}-WebACLAssociation`, {
44
+ webAclArn: this.webacl.attrArn,
45
+ resourceArn: props.existingAppsyncApi.attrArn,
46
+ });
47
+ this.appsyncApi = props.existingAppsyncApi;
48
+ }
49
+ }
50
+ exports.WafwebaclToAppsync = WafwebaclToAppsync;
51
+ _a = JSII_RTTI_SYMBOL_1;
52
+ WafwebaclToAppsync[_a] = { fqn: "@aws-solutions-constructs/aws-wafwebacl-appsync.WafwebaclToAppsync", version: "2.27.0" };
53
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBOzs7Ozs7Ozs7OztHQVdHO0FBRUgsVUFBVTtBQUNWLDZDQUE2QztBQUU3QywyREFBMkQ7QUFDM0Qsd0ZBQXdGO0FBQ3hGLDJDQUF1QztBQXNCdkM7O0dBRUc7QUFDSCxNQUFhLGtCQUFtQixTQUFRLHNCQUFTO0lBRy9DOzs7Ozs7T0FNRztJQUNILFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBOEI7UUFDdEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNqQixRQUFRLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRTNCLG9CQUFvQjtRQUNwQixJQUFJLENBQUMsTUFBTSxHQUFHLFFBQVEsQ0FBQyxXQUFXLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRTtZQUNuRCxpQkFBaUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO1lBQzFDLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztTQUMvQixDQUFDLENBQUM7UUFFSCxnQ0FBZ0M7UUFDaEMsSUFBSSxHQUFHLENBQUMsb0JBQW9CLENBQUMsS0FBSyxFQUFFLEdBQUcsRUFBRSxvQkFBb0IsRUFBRTtZQUM3RCxTQUFTLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPO1lBQzlCLFdBQVcsRUFBRSxLQUFLLENBQUMsa0JBQWtCLENBQUMsT0FBTztTQUM5QyxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsVUFBVSxHQUFHLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQztJQUM3QyxDQUFDOztBQTNCSCxnREE0QkMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqICBDb3B5cmlnaHQgMjAyMiBBbWF6b24uY29tLCBJbmMuIG9yIGl0cyBhZmZpbGlhdGVzLiBBbGwgUmlnaHRzIFJlc2VydmVkLlxuICpcbiAqICBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgXCJMaWNlbnNlXCIpLiBZb3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlXG4gKiAgd2l0aCB0aGUgTGljZW5zZS4gQSBjb3B5IG9mIHRoZSBMaWNlbnNlIGlzIGxvY2F0ZWQgYXRcbiAqXG4gKiAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMFxuICpcbiAqICBvciBpbiB0aGUgJ2xpY2Vuc2UnIGZpbGUgYWNjb21wYW55aW5nIHRoaXMgZmlsZS4gVGhpcyBmaWxlIGlzIGRpc3RyaWJ1dGVkIG9uIGFuICdBUyBJUycgQkFTSVMsIFdJVEhPVVQgV0FSUkFOVElFU1xuICogIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGV4cHJlc3Mgb3IgaW1wbGllZC4gU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zXG4gKiAgYW5kIGxpbWl0YXRpb25zIHVuZGVyIHRoZSBMaWNlbnNlLlxuICovXG5cbi8vIEltcG9ydHNcbmltcG9ydCAqIGFzIHdhZiBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXdhZnYyXCI7XG5pbXBvcnQgKiBhcyBhcHBzeW5jIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtYXBwc3luY1wiO1xuaW1wb3J0ICogYXMgZGVmYXVsdHMgZnJvbSBcIkBhd3Mtc29sdXRpb25zLWNvbnN0cnVjdHMvY29yZVwiO1xuLy8gTm90ZTogVG8gZW5zdXJlIENES3YyIGNvbXBhdGliaWxpdHksIGtlZXAgdGhlIGltcG9ydCBzdGF0ZW1lbnQgZm9yIENvbnN0cnVjdCBzZXBhcmF0ZVxuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcblxuLyoqXG4gKiBAc3VtbWFyeSBUaGUgcHJvcGVydGllcyBmb3IgdGhlIFdhZndlYmFjbFRvQXBwc3luYyBjbGFzcy5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBXYWZ3ZWJhY2xUb0FwcHN5bmNQcm9wcyB7XG4gIC8qKlxuICAgKiBUaGUgZXhpc3RpbmcgQXBwc3luYyBBUEkgdGhhdCB3aWxsIGJlIHByb3RlY3RlZCB3aXRoIHRoZSBXQUYgd2ViIEFDTC5cbiAgICovXG4gIHJlYWRvbmx5IGV4aXN0aW5nQXBwc3luY0FwaTogYXBwc3luYy5DZm5HcmFwaFFMQXBpO1xuICAvKipcbiAgICogRXhpc3RpbmcgaW5zdGFuY2Ugb2YgYSBXQUYgd2ViIEFDTCwgYW4gZXJyb3Igd2lsbCBvY2N1ciBpZiB0aGlzIGFuZCBwcm9wcyBpcyBzZXRcbiAgICovXG4gIHJlYWRvbmx5IGV4aXN0aW5nV2ViYWNsT2JqPzogd2FmLkNmbldlYkFDTDtcbiAgLyoqXG4gICAqIE9wdGlvbmFsIHVzZXItcHJvdmlkZWQgcHJvcHMgdG8gb3ZlcnJpZGUgdGhlIGRlZmF1bHQgcHJvcHMgZm9yIHRoZSBBV1MgV0FGIHdlYiBBQ0wuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gRGVmYXVsdCBwcm9wZXJ0aWVzIGFyZSB1c2VkLlxuICAgKi9cbiAgcmVhZG9ubHkgd2ViYWNsUHJvcHM/OiB3YWYuQ2ZuV2ViQUNMUHJvcHM7XG59XG5cbi8qKlxuICogQHN1bW1hcnkgVGhlIFdhZndlYmFjbFRvQXBwc3luYyBjbGFzcy5cbiAqL1xuZXhwb3J0IGNsYXNzIFdhZndlYmFjbFRvQXBwc3luYyBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHB1YmxpYyByZWFkb25seSB3ZWJhY2w6IHdhZi5DZm5XZWJBQ0w7XG4gIHB1YmxpYyByZWFkb25seSBhcHBzeW5jQXBpOiBhcHBzeW5jLkNmbkdyYXBoUUxBcGk7XG4gIC8qKlxuICAgKiBAc3VtbWFyeSBDb25zdHJ1Y3RzIGEgbmV3IGluc3RhbmNlIG9mIHRoZSBXYWZ3ZWJhY2xUb0FwcHN5bmMgY2xhc3MuXG4gICAqIEBwYXJhbSB7Y2RrLkFwcH0gc2NvcGUgLSByZXByZXNlbnRzIHRoZSBzY29wZSBmb3IgYWxsIHRoZSByZXNvdXJjZXMuXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBpZCAtIHRoaXMgaXMgYSBhIHNjb3BlLXVuaXF1ZSBpZC5cbiAgICogQHBhcmFtIHtXYWZ3ZWJhY2xUb0FwcHN5bmNQcm9wc30gcHJvcHMgLSB1c2VyIHByb3ZpZGVkIHByb3BzIGZvciB0aGUgY29uc3RydWN0LlxuICAgKiBAYWNjZXNzIHB1YmxpY1xuICAgKi9cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IFdhZndlYmFjbFRvQXBwc3luY1Byb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcbiAgICBkZWZhdWx0cy5DaGVja1Byb3BzKHByb3BzKTtcblxuICAgIC8vIEJ1aWxkIHRoZSBXZWIgQUNMXG4gICAgdGhpcy53ZWJhY2wgPSBkZWZhdWx0cy5idWlsZFdlYmFjbCh0aGlzLCBcIlJFR0lPTkFMXCIsIHtcbiAgICAgIGV4aXN0aW5nV2ViYWNsT2JqOiBwcm9wcy5leGlzdGluZ1dlYmFjbE9iaixcbiAgICAgIHdlYmFjbFByb3BzOiBwcm9wcy53ZWJhY2xQcm9wcyxcbiAgICB9KTtcblxuICAgIC8vIFNldHVwIHRoZSBXZWIgQUNMIEFzc29jaWF0aW9uXG4gICAgbmV3IHdhZi5DZm5XZWJBQ0xBc3NvY2lhdGlvbihzY29wZSwgYCR7aWR9LVdlYkFDTEFzc29jaWF0aW9uYCwge1xuICAgICAgd2ViQWNsQXJuOiB0aGlzLndlYmFjbC5hdHRyQXJuLFxuICAgICAgcmVzb3VyY2VBcm46IHByb3BzLmV4aXN0aW5nQXBwc3luY0FwaS5hdHRyQXJuLFxuICAgIH0pO1xuXG4gICAgdGhpcy5hcHBzeW5jQXBpID0gcHJvcHMuZXhpc3RpbmdBcHBzeW5jQXBpO1xuICB9XG59XG4iXX0=
package/package.json ADDED
@@ -0,0 +1,93 @@
1
+ {
2
+ "name": "@aws-solutions-constructs/aws-wafwebacl-appsync",
3
+ "version": "2.27.0",
4
+ "description": "CDK constructs for defining an AWS web WAF connected to an AWS AppSync API.",
5
+ "main": "lib/index.js",
6
+ "types": "lib/index.d.ts",
7
+ "repository": {
8
+ "type": "git",
9
+ "url": "https://github.com/awslabs/aws-solutions-constructs.git",
10
+ "directory": "source/patterns/@aws-solutions-constructs/aws-wafwebacl-appsync"
11
+ },
12
+ "author": {
13
+ "name": "Amazon Web Services",
14
+ "url": "https://aws.amazon.com",
15
+ "organization": true
16
+ },
17
+ "license": "Apache-2.0",
18
+ "scripts": {
19
+ "build": "tsc -b .",
20
+ "lint": "eslint -c ../eslintrc.yml --ext=.js,.ts . && tslint --project .",
21
+ "lint-fix": "eslint -c ../eslintrc.yml --ext=.js,.ts --fix .",
22
+ "test": "jest --coverage",
23
+ "clean": "tsc -b --clean",
24
+ "watch": "tsc -b -w",
25
+ "integ": "cdk-integ",
26
+ "integ-assert": "cdk-integ-assert-v2",
27
+ "integ-no-clean": "cdk-integ --no-clean",
28
+ "jsii": "jsii",
29
+ "jsii-pacmak": "jsii-pacmak",
30
+ "build+lint+test": "npm run jsii && npm run lint && npm test && npm run integ-assert",
31
+ "snapshot-update": "npm run jsii && npm test -- -u && npm run integ-assert"
32
+ },
33
+ "jsii": {
34
+ "outdir": "dist",
35
+ "targets": {
36
+ "java": {
37
+ "package": "software.amazon.awsconstructs.services.wafwebaclappsync",
38
+ "maven": {
39
+ "groupId": "software.amazon.awsconstructs",
40
+ "artifactId": "wafwebaclappsync"
41
+ }
42
+ },
43
+ "dotnet": {
44
+ "namespace": "Amazon.SolutionsConstructs.AWS.WafwebaclAppsync",
45
+ "packageId": "Amazon.SolutionsConstructs.AWS.WafwebaclAppsync",
46
+ "signAssembly": true,
47
+ "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png"
48
+ },
49
+ "python": {
50
+ "distName": "aws-solutions-constructs.aws-wafwebacl-appsync",
51
+ "module": "aws_solutions_constructs.aws_wafwebacl_appsync"
52
+ }
53
+ }
54
+ },
55
+ "dependencies": {
56
+ "@aws-solutions-constructs/core": "2.27.0"
57
+ },
58
+ "devDependencies": {
59
+ "@aws-cdk/assert": "2.50.0",
60
+ "@types/jest": "^27.4.0",
61
+ "@types/node": "^10.3.0",
62
+ "aws-cdk-lib": "2.50.0",
63
+ "constructs": "^10.0.0"
64
+ },
65
+ "jest": {
66
+ "moduleFileExtensions": [
67
+ "js"
68
+ ],
69
+ "coverageReporters": [
70
+ "text",
71
+ [
72
+ "lcov",
73
+ {
74
+ "projectRoot": "../../../../"
75
+ }
76
+ ]
77
+ ]
78
+ },
79
+ "peerDependencies": {
80
+ "@aws-solutions-constructs/core": "2.27.0",
81
+ "aws-cdk-lib": "^2.50.0",
82
+ "constructs": "^10.0.0"
83
+ },
84
+ "keywords": [
85
+ "aws",
86
+ "cdk",
87
+ "awscdk",
88
+ "AWS Solutions Constructs",
89
+ "AWS WAF Web ACL",
90
+ "AWS AppSync",
91
+ "GraphQL"
92
+ ]
93
+ }
package/test/integ.no-arguments.d.ts ADDED
@@ -0,0 +1,13 @@
1
+ /**
2
+ * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
+ *
4
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
5
+ * with the License. A copy of the License is located at
6
+ *
7
+ * http://www.apache.org/licenses/LICENSE-2.0
8
+ *
9
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
10
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
11
+ * and limitations under the License.
12
+ */
13
+ export {};
package/test/integ.no-arguments.expected.json ADDED
@@ -0,0 +1,204 @@
1
+ {
2
+ "Resources": {
3
+ "newgraphqlapi": {
4
+ "Type": "AWS::AppSync::GraphQLApi",
5
+ "Properties": {
6
+ "AuthenticationType": "API_KEY",
7
+ "Name": "api"
8
+ }
9
+ },
10
+ "testwafwebaclappsynctestwafwebaclappsyncWebACLA64C38D0": {
11
+ "Type": "AWS::WAFv2::WebACL",
12
+ "Properties": {
13
+ "DefaultAction": {
14
+ "Allow": {}
15
+ },
16
+ "Scope": "REGIONAL",
17
+ "VisibilityConfig": {
18
+ "CloudWatchMetricsEnabled": true,
19
+ "MetricName": "webACL",
20
+ "SampledRequestsEnabled": true
21
+ },
22
+ "Rules": [
23
+ {
24
+ "Name": "AWS-AWSManagedRulesBotControlRuleSet",
25
+ "OverrideAction": {
26
+ "None": {}
27
+ },
28
+ "Priority": 0,
29
+ "Statement": {
30
+ "ManagedRuleGroupStatement": {
31
+ "Name": "AWSManagedRulesBotControlRuleSet",
32
+ "VendorName": "AWS"
33
+ }
34
+ },
35
+ "VisibilityConfig": {
36
+ "CloudWatchMetricsEnabled": true,
37
+ "MetricName": "AWSManagedRulesBotControlRuleSet",
38
+ "SampledRequestsEnabled": true
39
+ }
40
+ },
41
+ {
42
+ "Name": "AWS-AWSManagedRulesKnownBadInputsRuleSet",
43
+ "OverrideAction": {
44
+ "None": {}
45
+ },
46
+ "Priority": 1,
47
+ "Statement": {
48
+ "ManagedRuleGroupStatement": {
49
+ "Name": "AWSManagedRulesKnownBadInputsRuleSet",
50
+ "VendorName": "AWS"
51
+ }
52
+ },
53
+ "VisibilityConfig": {
54
+ "CloudWatchMetricsEnabled": true,
55
+ "MetricName": "AWSManagedRulesKnownBadInputsRuleSet",
56
+ "SampledRequestsEnabled": true
57
+ }
58
+ },
59
+ {
60
+ "Name": "AWS-AWSManagedRulesCommonRuleSet",
61
+ "OverrideAction": {
62
+ "None": {}
63
+ },
64
+ "Priority": 2,
65
+ "Statement": {
66
+ "ManagedRuleGroupStatement": {
67
+ "Name": "AWSManagedRulesCommonRuleSet",
68
+ "VendorName": "AWS"
69
+ }
70
+ },
71
+ "VisibilityConfig": {
72
+ "CloudWatchMetricsEnabled": true,
73
+ "MetricName": "AWSManagedRulesCommonRuleSet",
74
+ "SampledRequestsEnabled": true
75
+ }
76
+ },
77
+ {
78
+ "Name": "AWS-AWSManagedRulesAnonymousIpList",
79
+ "OverrideAction": {
80
+ "None": {}
81
+ },
82
+ "Priority": 3,
83
+ "Statement": {
84
+ "ManagedRuleGroupStatement": {
85
+ "Name": "AWSManagedRulesAnonymousIpList",
86
+ "VendorName": "AWS"
87
+ }
88
+ },
89
+ "VisibilityConfig": {
90
+ "CloudWatchMetricsEnabled": true,
91
+ "MetricName": "AWSManagedRulesAnonymousIpList",
92
+ "SampledRequestsEnabled": true
93
+ }
94
+ },
95
+ {
96
+ "Name": "AWS-AWSManagedRulesAmazonIpReputationList",
97
+ "OverrideAction": {
98
+ "None": {}
99
+ },
100
+ "Priority": 4,
101
+ "Statement": {
102
+ "ManagedRuleGroupStatement": {
103
+ "Name": "AWSManagedRulesAmazonIpReputationList",
104
+ "VendorName": "AWS"
105
+ }
106
+ },
107
+ "VisibilityConfig": {
108
+ "CloudWatchMetricsEnabled": true,
109
+ "MetricName": "AWSManagedRulesAmazonIpReputationList",
110
+ "SampledRequestsEnabled": true
111
+ }
112
+ },
113
+ {
114
+ "Name": "AWS-AWSManagedRulesAdminProtectionRuleSet",
115
+ "OverrideAction": {
116
+ "None": {}
117
+ },
118
+ "Priority": 5,
119
+ "Statement": {
120
+ "ManagedRuleGroupStatement": {
121
+ "Name": "AWSManagedRulesAdminProtectionRuleSet",
122
+ "VendorName": "AWS"
123
+ }
124
+ },
125
+ "VisibilityConfig": {
126
+ "CloudWatchMetricsEnabled": true,
127
+ "MetricName": "AWSManagedRulesAdminProtectionRuleSet",
128
+ "SampledRequestsEnabled": true
129
+ }
130
+ },
131
+ {
132
+ "Name": "AWS-AWSManagedRulesSQLiRuleSet",
133
+ "OverrideAction": {
134
+ "None": {}
135
+ },
136
+ "Priority": 6,
137
+ "Statement": {
138
+ "ManagedRuleGroupStatement": {
139
+ "Name": "AWSManagedRulesSQLiRuleSet",
140
+ "VendorName": "AWS"
141
+ }
142
+ },
143
+ "VisibilityConfig": {
144
+ "CloudWatchMetricsEnabled": true,
145
+ "MetricName": "AWSManagedRulesSQLiRuleSet",
146
+ "SampledRequestsEnabled": true
147
+ }
148
+ }
149
+ ]
150
+ }
151
+ },
152
+ "testwafwebaclappsyncWebACLAssociation": {
153
+ "Type": "AWS::WAFv2::WebACLAssociation",
154
+ "Properties": {
155
+ "ResourceArn": {
156
+ "Fn::GetAtt": [
157
+ "newgraphqlapi",
158
+ "Arn"
159
+ ]
160
+ },
161
+ "WebACLArn": {
162
+ "Fn::GetAtt": [
163
+ "testwafwebaclappsynctestwafwebaclappsyncWebACLA64C38D0",
164
+ "Arn"
165
+ ]
166
+ }
167
+ }
168
+ }
169
+ },
170
+ "Parameters": {
171
+ "BootstrapVersion": {
172
+ "Type": "AWS::SSM::Parameter::Value<String>",
173
+ "Default": "/cdk-bootstrap/hnb659fds/version",
174
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
175
+ }
176
+ },
177
+ "Rules": {
178
+ "CheckBootstrapVersion": {
179
+ "Assertions": [
180
+ {
181
+ "Assert": {
182
+ "Fn::Not": [
183
+ {
184
+ "Fn::Contains": [
185
+ [
186
+ "1",
187
+ "2",
188
+ "3",
189
+ "4",
190
+ "5"
191
+ ],
192
+ {
193
+ "Ref": "BootstrapVersion"
194
+ }
195
+ ]
196
+ }
197
+ ]
198
+ },
199
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
200
+ }
201
+ ]
202
+ }
203
+ }
204
+ }
package/test/integ.no-arguments.js ADDED
@@ -0,0 +1,32 @@
1
+ "use strict";
2
+ /**
3
+ * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4
+ *
5
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
6
+ * with the License. A copy of the License is located at
7
+ *
8
+ * http://www.apache.org/licenses/LICENSE-2.0
9
+ *
10
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
11
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
12
+ * and limitations under the License.
13
+ */
14
+ Object.defineProperty(exports, "__esModule", { value: true });
15
+ /// !cdk-integ *
16
+ const aws_cdk_lib_1 = require("aws-cdk-lib");
17
+ const lib_1 = require("../lib");
18
+ const core_1 = require("@aws-solutions-constructs/core");
19
+ const appsync = require("aws-cdk-lib/aws-appsync");
20
+ const app = new aws_cdk_lib_1.App();
21
+ // Empty arguments
22
+ const stack = new aws_cdk_lib_1.Stack(app, core_1.generateIntegStackName(__filename));
23
+ const api = new appsync.CfnGraphQLApi(stack, "new-graphql-api", {
24
+ name: "api",
25
+ authenticationType: "API_KEY",
26
+ });
27
+ // This construct can only be attached to a configured Appsync API.
28
+ new lib_1.WafwebaclToAppsync(stack, "test-wafwebacl-appsync", {
29
+ existingAppsyncApi: api,
30
+ });
31
+ app.synth();
32
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcubm8tYXJndW1lbnRzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiaW50ZWcubm8tYXJndW1lbnRzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7R0FXRzs7QUFFSCxnQkFBZ0I7QUFDaEIsNkNBQXlDO0FBQ3pDLGdDQUE0QztBQUM1Qyx5REFBd0U7QUFDeEUsbURBQW1EO0FBRW5ELE1BQU0sR0FBRyxHQUFHLElBQUksaUJBQUcsRUFBRSxDQUFDO0FBRXRCLGtCQUFrQjtBQUNsQixNQUFNLEtBQUssR0FBRyxJQUFJLG1CQUFLLENBQUMsR0FBRyxFQUFFLDZCQUFzQixDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7QUFFakUsTUFBTSxHQUFHLEdBQUcsSUFBSSxPQUFPLENBQUMsYUFBYSxDQUFDLEtBQUssRUFBRSxpQkFBaUIsRUFBRTtJQUM5RCxJQUFJLEVBQUUsS0FBSztJQUNYLGtCQUFrQixFQUFFLFNBQVM7Q0FDOUIsQ0FBQyxDQUFDO0FBRUgsbUVBQW1FO0FBQ25FLElBQUksd0JBQWtCLENBQUMsS0FBSyxFQUFFLHdCQUF3QixFQUFFO0lBQ3RELGtCQUFrQixFQUFFLEdBQUc7Q0FDeEIsQ0FBQyxDQUFDO0FBRUgsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IDIwMjIgQW1hem9uLmNvbSwgSW5jLiBvciBpdHMgYWZmaWxpYXRlcy4gQWxsIFJpZ2h0cyBSZXNlcnZlZC5cbiAqXG4gKiAgTGljZW5zZWQgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uIDIuMCAodGhlIFwiTGljZW5zZVwiKS4gWW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZVxuICogIHdpdGggdGhlIExpY2Vuc2UuIEEgY29weSBvZiB0aGUgTGljZW5zZSBpcyBsb2NhdGVkIGF0XG4gKlxuICogICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjBcbiAqXG4gKiAgb3IgaW4gdGhlICdsaWNlbnNlJyBmaWxlIGFjY29tcGFueWluZyB0aGlzIGZpbGUuIFRoaXMgZmlsZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAnQVMgSVMnIEJBU0lTLCBXSVRIT1VUIFdBUlJBTlRJRVNcbiAqICBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBleHByZXNzIG9yIGltcGxpZWQuIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZyBwZXJtaXNzaW9uc1xuICogIGFuZCBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS5cbiAqL1xuXG4vLy8gIWNkay1pbnRlZyAqXG5pbXBvcnQgeyBBcHAsIFN0YWNrIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgeyBXYWZ3ZWJhY2xUb0FwcHN5bmMgfSBmcm9tIFwiLi4vbGliXCI7XG5pbXBvcnQgeyBnZW5lcmF0ZUludGVnU3RhY2tOYW1lIH0gZnJvbSBcIkBhd3Mtc29sdXRpb25zLWNvbnN0cnVjdHMvY29yZVwiO1xuaW1wb3J0ICogYXMgYXBwc3luYyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWFwcHN5bmNcIjtcblxuY29uc3QgYXBwID0gbmV3IEFwcCgpO1xuXG4vLyBFbXB0eSBhcmd1bWVudHNcbmNvbnN0IHN0YWNrID0gbmV3IFN0YWNrKGFwcCwgZ2VuZXJhdGVJbnRlZ1N0YWNrTmFtZShfX2ZpbGVuYW1lKSk7XG5cbmNvbnN0IGFwaSA9IG5ldyBhcHBzeW5jLkNmbkdyYXBoUUxBcGkoc3RhY2ssIFwibmV3LWdyYXBocWwtYXBpXCIsIHtcbiAgbmFtZTogXCJhcGlcIixcbiAgYXV0aGVudGljYXRpb25UeXBlOiBcIkFQSV9LRVlcIixcbn0pO1xuXG4vLyBUaGlzIGNvbnN0cnVjdCBjYW4gb25seSBiZSBhdHRhY2hlZCB0byBhIGNvbmZpZ3VyZWQgQXBwc3luYyBBUEkuXG5uZXcgV2Fmd2ViYWNsVG9BcHBzeW5jKHN0YWNrLCBcInRlc3Qtd2Fmd2ViYWNsLWFwcHN5bmNcIiwge1xuICBleGlzdGluZ0FwcHN5bmNBcGk6IGFwaSxcbn0pO1xuXG5hcHAuc3ludGgoKTtcbiJdfQ==
package/test/test.wafwebacl-appsync.test.d.ts ADDED
@@ -0,0 +1,13 @@
1
+ /**
2
+ * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
+ *
4
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
5
+ * with the License. A copy of the License is located at
6
+ *
7
+ * http://www.apache.org/licenses/LICENSE-2.0
8
+ *
9
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
10
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
11
+ * and limitations under the License.
12
+ */
13
+ import "@aws-cdk/assert/jest";