@awsless/awsless 0.0.556 → 0.0.558

package/dist/bin.js

@@ -992,38 +992,36 @@ var OnLogDefaultSchema = z17.union([
   })
 ]).optional().describe("Define a subscription on all Lambda functions logs.");
 
-// src/feature/pubsub/schema.ts
+// src/feature/pubsub/appsync/schema.ts
 import { z as z18 } from "zod";
 var DomainSchema = ResourceIdSchema.describe("The domain id to link your Pubsub API with.");
 var PubSubDefaultSchema = z18.record(
   ResourceIdSchema,
   z18.object({
-    auth: FunctionSchema,
+    auth: FunctionSchema.describe("The authentication function for the pubsub API."),
     domain: DomainSchema.optional(),
-    subDomain: z18.string().optional()
-    // auth: z.union([
-    // 	ResourceIdSchema,
-    // 	z.object({
-    // 		authorizer: FunctionSchema,
-    // 		// ttl: AuthorizerTtl.default('1 hour'),
-    // 	}),
-    // ]),
-    // policy: z
-    // 	.object({
-    // 		publish: z.array(z.string()).optional(),
-    // 		subscribe: z.array(z.string()).optional(),
-    // 	})
-    // 	.optional(),
+    subDomain: z18.string().optional(),
+    namespaces: z18.array(z18.string()).optional().describe('The namespaces for the PubSub API. If not set, a single "default" namespace is created.'),
+    logLevel: z18.enum(["none", "info", "error", "debug", "all"]).optional().describe("The logging level for AppSync API. When set, logging is enabled.")
   })
-).optional().describe("Define the pubsub subscriber in your stack.");
+).optional().describe("Define the pubsub API configuration in your stack.");
 var PubSubSchema = z18.record(
   ResourceIdSchema,
   z18.object({
-    sql: z18.string().describe("The SQL statement used to query the IOT topic."),
-    sqlVersion: z18.enum(["2015-10-08", "2016-03-23", "beta"]).default("2016-03-23").describe("The version of the SQL rules engine to use when evaluating the rule."),
-    consumer: FunctionSchema.describe("The consuming lambda function properties.")
+    channels: z18.array(z18.string()).describe("The event channels this subscriber listens to."),
+    filter: z18.object({
+      eventType: z18.string().optional().describe("Filter events by event type.")
+      // Add more filter options as needed
+      // userId: z.string().optional(),
+      // custom: z.record(z.string(), z.any()).optional(),
+    }).optional().describe("Event filtering options."),
+    consumer: FunctionSchema.describe("The consuming lambda function properties."),
+    batchSize: z18.number().int().min(1).max(100).default(1).describe("Number of events to batch before invoking the consumer function."),
+    retryPolicy: z18.object({
+      maxRetries: z18.number().int().min(0).max(3).default(2).describe("Maximum number of retry attempts.")
+    }).optional().describe("Retry policy for failed event processing.")
   })
-).optional().describe("Define the pubsub subscriber in your stack.");
+).optional().describe("Define the pubsub event subscribers in your stack.");
 
 // src/feature/queue/schema.ts
 import { days as days2, hours, minutes as minutes2, seconds as seconds2 } from "@awsless/duration";
@@ -1665,7 +1663,7 @@ var SitesSchema = z34.record(
       cacheKey: z34.union([LocalEntrySchema.transform((v) => [v]), LocalEntrySchema.array()]).describe(
         `Specifies the files and directories to generate the cache key for your custom build command.`
       ),
-      configs: z34.string().array().describe("Define the config values for your build command.")
+      configs: z34.string().array().optional().describe("Define the config values for your build command.")
     }).optional().describe(`Specifies the build process for sites that need a build step.`),
     static: z34.union([LocalDirectorySchema, z34.boolean()]).optional().describe(
       "Specifies the path to the static files directory. Additionally you can also pass `true` when you don't have local static files, but still want to make an S3 bucket."
@@ -1721,10 +1719,10 @@ var SitesSchema = z34.record(
       origins: z34.string().array().default(["*"]),
       methods: z34.enum(["GET", "DELETE", "HEAD", "OPTIONS", "PATCH", "POST", "PUT", "ALL"]).array().default(["ALL"])
     }).optional().describe("Specify the cors headers."),
-    auth: z34.object({
-      username: z34.string().describe("Basic auth username"),
-      password: z34.string().describe("Basic auth password")
-    }).optional().describe("Enable basic authentication for the site"),
+    basicAuth: z34.object({
+      username: z34.string().describe("Basic auth username."),
+      password: z34.string().describe("Basic auth password.")
+    }).optional().describe("Enable basic authentication for the site."),
     security: z34.object({
       // contentSecurityPolicy: z.object({
       // 	override: z.boolean().default(false),
@@ -3899,7 +3897,8 @@ var onLogFeature = defineFeature({
       action: "lambda:InvokeFunction",
       principal: "logs.amazonaws.com",
       functionName: lambda.functionName,
-      sourceArn: `arn:aws:logs:${ctx.appConfig.region}:${ctx.accountId}:log-group:/aws/lambda/${ctx.app.name}--*`
+      sourceArn: `arn:aws:logs:${ctx.appConfig.region}:${ctx.accountId}:log-group:/aws/*/${ctx.app.name}--*`
+      // sourceArn: `arn:aws:logs:${ctx.appConfig.region}:${ctx.accountId}:log-group:/aws/lambda/${ctx.app.name}--*`,
     });
     ctx.shared.set("on-log", "consumer-arn", lambda.arn);
   }
@@ -3956,7 +3955,7 @@ var onFailureFeature = defineFeature({
   }
 });
 
-// src/feature/pubsub/index.ts
+// src/feature/pubsub/appsync/index.ts
 import { $ as $9, Group as Group9 } from "@awsless/formation";
 import { constantCase as constantCase5 } from "change-case";
 
@@ -3978,91 +3977,141 @@ var formatFullDomainName = (config2, id, subDomain) => {
   return domain2;
 };
 
-// src/feature/pubsub/index.ts
+// src/feature/pubsub/appsync/index.ts
 var pubsubFeature = defineFeature({
   name: "pubsub",
   onApp(ctx) {
-    for (const [id, props] of Object.entries(ctx.appConfig.defaults.pubsub ?? {})) {
+    for (const [id, props] of Object.entries(ctx.appConfig.defaults?.pubsub ?? {})) {
       const group = new Group9(ctx.base, "pubsub", id);
-      const { lambda } = createLambdaFunction(group, ctx, "pubsub-authorizer", id, props.auth);
+      const shortName = `${ctx.app.name}--${id}`;
       const name = formatGlobalResourceName({
         appName: ctx.app.name,
         resourceType: "pubsub",
         resourceName: id
       });
-      const authorizer = new $9.aws.iot.Authorizer(group, "authorizer", {
-        name,
-        authorizerFunctionArn: lambda.arn,
-        status: "ACTIVE",
-        signingDisabled: true,
-        enableCachingForHttp: false
+      const authGroup = new Group9(group, "auth", "lambda");
+      const { lambda: authLambda } = createLambdaFunction(authGroup, ctx, "pubsub", `${id}-auth`, {
+        ...props.auth,
+        description: `PubSub ${id} authorizer`
       });
-      new $9.aws.lambda.Permission(group, "permission", {
-        functionName: lambda.functionName,
-        action: "lambda:InvokeFunction",
-        principal: "iot.amazonaws.com",
-        sourceArn: authorizer.arn
+      let loggingRole;
+      if (props.logLevel) {
+        loggingRole = new $9.aws.iam.Role(group, "logging-role", {
+          name: shortId(`${name}-logging-role`),
+          assumeRolePolicy: JSON.stringify({
+            Version: "2012-10-17",
+            Statement: [
+              {
+                Effect: "Allow",
+                Principal: {
+                  Service: "appsync.amazonaws.com"
+                },
+                Action: "sts:AssumeRole"
+              }
+            ]
+          })
+        });
+        new $9.aws.iam.RolePolicyAttachment(group, "logs-policy", {
+          role: loggingRole.name,
+          policyArn: "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs"
+        });
+      }
+      const api = new $9.aws.appsync.Api(group, "api", {
+        name: shortName,
+        eventConfig: [
+          {
+            connectionAuthMode: [{ authType: "AWS_IAM" }, { authType: "AWS_LAMBDA" }],
+            authProvider: [
+              {
+                authType: "AWS_LAMBDA",
+                lambdaAuthorizerConfig: [
+                  {
+                    authorizerUri: authLambda.arn,
+                    authorizerResultTtlInSeconds: 300
+                  }
+                ]
+              },
+              {
+                authType: "AWS_IAM"
+              }
+            ],
+            defaultPublishAuthMode: [
+              {
+                authType: "AWS_IAM"
+              }
+            ],
+            defaultSubscribeAuthMode: [
+              {
+                authType: "AWS_LAMBDA"
+              },
+              {
+                authType: "AWS_IAM"
+              }
+            ],
+            logConfig: props.logLevel ? [
+              {
+                logLevel: props.logLevel.toUpperCase(),
+                cloudwatchLogsRoleArn: loggingRole.arn
+              }
+            ] : void 0
+          }
+        ]
       });
-      ctx.bind(`PUBSUB_${constantCase5(id)}_AUTHORIZER`, name);
-      const endpoint = $9.aws.iot.getEndpoint(group, "endpoint", {
-        endpointType: "iot:Data-ATS"
+      const namespaces = props.namespaces ?? ["default"];
+      for (const namespace of namespaces) {
+        new $9.aws.appsync.ChannelNamespace(group, `namespace-${namespace}`, {
+          name: namespace,
+          apiId: api.apiId
+        });
+      }
+      new $9.aws.lambda.Permission(group, "auth-permission", {
+        action: "lambda:InvokeFunction",
+        principal: "appsync.amazonaws.com",
+        functionName: authLambda.functionName,
+        sourceArn: api.apiArn
       });
       if (props.domain) {
         const domainName = formatFullDomainName(ctx.appConfig, props.domain, props.subDomain);
-        new $9.aws.iot.DomainConfiguration(group, "domain", {
-          name,
+        const zoneId = ctx.shared.entry("domain", `zone-id`, props.domain);
+        const certificateArn = ctx.shared.entry("domain", `certificate-arn`, props.domain);
+        const apiDomain = new $9.aws.appsync.DomainName(group, "domain", {
           domainName,
-          serverCertificateArns: [ctx.shared.entry("domain", `certificate-arn`, props.domain)],
-          authorizerConfig: {
-            defaultAuthorizerName: authorizer.name
-          }
-          // validationCertificate: ctx.shared.get(`global-certificate-${props.domain}-arn`),
+          certificateArn
+        });
+        new $9.aws.appsync.DomainNameApiAssociation(group, "domain-association", {
+          apiId: api.apiArn,
+          domainName: apiDomain.domainName
         });
         new $9.aws.route53.Record(group, "record", {
-          zoneId: ctx.shared.entry("domain", `zone-id`, props.domain),
-          name: domainName,
+          zoneId,
           type: "CNAME",
-          records: [endpoint.endpointAddress]
+          name: domainName,
+          records: [apiDomain.appsyncDomainName],
+          ttl: 300
         });
-        ctx.bind(`PUBSUB_${constantCase5(id)}_ENDPOINT`, domainName);
+        ctx.bind(`PUBSUB_${constantCase5(id)}_ENDPOINT`, `${domainName}/event`);
+        ctx.bind(`PUBSUB_${constantCase5(id)}_REALTIME_ENDPOINT`, `${domainName}/event/realtime`);
       } else {
-        ctx.bind(`PUBSUB_${constantCase5(id)}_ENDPOINT`, endpoint.endpointAddress);
+        ctx.bind(
+          `PUBSUB_${constantCase5(id)}_ENDPOINT`,
+          api.dns.pipe((dns) => dns.HTTP)
+        );
+        ctx.bind(
+          `PUBSUB_${constantCase5(id)}_REALTIME_ENDPOINT`,
+          api.dns.pipe((dns) => dns.REALTIME)
+        );
       }
     }
-    ctx.addGlobalPermission({
-      actions: [`iot:Publish`],
-      resources: [
-        //
-        `arn:aws:iot:${ctx.appConfig.region}:${ctx.accountId}:topic/*`,
-        `arn:aws:iot:${ctx.appConfig.region}:${ctx.accountId}:topic/${ctx.app.name}/pubsub/*`
-      ]
-    });
-  },
-  onStack(ctx) {
-    for (const [id, props] of Object.entries(ctx.stackConfig.pubsub ?? {})) {
-      const group = new Group9(ctx.stack, "pubsub", id);
-      const { lambda } = createAsyncLambdaFunction(group, ctx, `pubsub`, id, props.consumer);
-      const name = formatLocalResourceName({
-        appName: ctx.app.name,
-        stackName: ctx.stack.name,
-        resourceType: "pubsub",
-        resourceName: id
-      });
-      const topic = new $9.aws.iot.TopicRule(group, "rule", {
-        name: name.replaceAll("-", "_"),
-        enabled: true,
-        sql: props.sql,
-        sqlVersion: props.sqlVersion,
-        lambda: [{ functionArn: lambda.arn }]
-      });
-      new $9.aws.lambda.Permission(group, "permission", {
-        action: "lambda:InvokeFunction",
-        principal: "iot.amazonaws.com",
-        functionName: lambda.functionName,
-        sourceArn: topic.arn
-      });
-    }
   }
+  // Note: The onStack method would handle channel namespaces and subscriptions
+  // but is commented out for now as it needs to be refactored for AppSync Event API
+  // onStack(ctx) {
+  // 	// Channel namespaces and event handlers would be configured here
+  // 	// This would include:
+  // 	// 1. Creating channel namespaces with their own auth modes (overriding defaults)
+  // 	// 2. Setting up event handlers (Lambda functions) for specific channels
+  // 	// 3. Configuring event filtering and routing rules
+  // },
 });
 
 // src/feature/queue/index.ts
@@ -5305,7 +5354,7 @@ var siteFeature = defineFeature({
         runtime: `cloudfront-js-2.0`,
         comment: `Viewer Request - ${name}`,
         publish: true,
-        code: getViewerRequestFunctionCode(domainName, bucket, functionUrl, props.auth),
+        code: getViewerRequestFunctionCode(domainName, bucket, functionUrl, props.basicAuth),
         keyValueStoreAssociations: kvs ? [kvs.arn] : void 0
       });
       const distribution = new $15.aws.cloudfront.Distribution(group, "distribution", {
@@ -5946,7 +5995,8 @@ var testFeature = defineFeature({
       ctx.addWarning({
         message: [
           `Stack ${color.info(ctx.stack.name)} has no tests defined.`,
-          `Consider adding test cases to ensure stability.`
+          `Consider adding test cases to ensure stability.`,
+          `If your stack doesn't need tests you can set the tests field to \`false\``
         ].join(" ")
       });
     }
@@ -7011,7 +7061,8 @@ var createFargateTask = (parentGroup, ctx, ns, id, local) => {
   let logGroup;
   if (props.log.retention && props.log.retention.value > 0n) {
     logGroup = new $25.aws.cloudwatch.LogGroup(group, "log", {
-      name: `/aws/ecs/${name}`,
+      // name: `/aws/ecs/${name}`,
+      name: `/aws/lambda/${name}`,
       retentionInDays: toDays8(props.log.retention)
     });
     const onLogArn = getGlobalOnLog(ctx);
@@ -7091,7 +7142,8 @@ var createFargateTask = (parentGroup, ctx, ns, id, local) => {
                 logConfiguration: {
                   logDriver: "awslogs",
                   options: {
-                    "awslogs-group": `/aws/ecs/${name}`,
+                    // 'awslogs-group': `/aws/ecs/${name}`,
+                    "awslogs-group": `/aws/lambda/${name}`,
                     "awslogs-region": ctx.appConfig.region,
                     "awslogs-stream-prefix": "ecs"
                     // mode: 'non-blocking',

package/dist/build-json-schema.js

@@ -384,38 +384,36 @@ var OnLogDefaultSchema = z14.union([
   })
 ]).optional().describe("Define a subscription on all Lambda functions logs.");
 
-// src/feature/pubsub/schema.ts
+// src/feature/pubsub/appsync/schema.ts
 import { z as z15 } from "zod";
 var DomainSchema = ResourceIdSchema.describe("The domain id to link your Pubsub API with.");
 var PubSubDefaultSchema = z15.record(
   ResourceIdSchema,
   z15.object({
-    auth: FunctionSchema,
+    auth: FunctionSchema.describe("The authentication function for the pubsub API."),
     domain: DomainSchema.optional(),
-    subDomain: z15.string().optional()
-    // auth: z.union([
-    // 	ResourceIdSchema,
-    // 	z.object({
-    // 		authorizer: FunctionSchema,
-    // 		// ttl: AuthorizerTtl.default('1 hour'),
-    // 	}),
-    // ]),
-    // policy: z
-    // 	.object({
-    // 		publish: z.array(z.string()).optional(),
-    // 		subscribe: z.array(z.string()).optional(),
-    // 	})
-    // 	.optional(),
+    subDomain: z15.string().optional(),
+    namespaces: z15.array(z15.string()).optional().describe('The namespaces for the PubSub API. If not set, a single "default" namespace is created.'),
+    logLevel: z15.enum(["none", "info", "error", "debug", "all"]).optional().describe("The logging level for AppSync API. When set, logging is enabled.")
   })
-).optional().describe("Define the pubsub subscriber in your stack.");
+).optional().describe("Define the pubsub API configuration in your stack.");
 var PubSubSchema = z15.record(
   ResourceIdSchema,
   z15.object({
-    sql: z15.string().describe("The SQL statement used to query the IOT topic."),
-    sqlVersion: z15.enum(["2015-10-08", "2016-03-23", "beta"]).default("2016-03-23").describe("The version of the SQL rules engine to use when evaluating the rule."),
-    consumer: FunctionSchema.describe("The consuming lambda function properties.")
+    channels: z15.array(z15.string()).describe("The event channels this subscriber listens to."),
+    filter: z15.object({
+      eventType: z15.string().optional().describe("Filter events by event type.")
+      // Add more filter options as needed
+      // userId: z.string().optional(),
+      // custom: z.record(z.string(), z.any()).optional(),
+    }).optional().describe("Event filtering options."),
+    consumer: FunctionSchema.describe("The consuming lambda function properties."),
+    batchSize: z15.number().int().min(1).max(100).default(1).describe("Number of events to batch before invoking the consumer function."),
+    retryPolicy: z15.object({
+      maxRetries: z15.number().int().min(0).max(3).default(2).describe("Maximum number of retry attempts.")
+    }).optional().describe("Retry policy for failed event processing.")
   })
-).optional().describe("Define the pubsub subscriber in your stack.");
+).optional().describe("Define the pubsub event subscribers in your stack.");
 
 // src/feature/queue/schema.ts
 import { days as days2, hours, minutes as minutes2, seconds as seconds2 } from "@awsless/duration";
@@ -1057,7 +1055,7 @@ var SitesSchema = z31.record(
       cacheKey: z31.union([LocalEntrySchema.transform((v) => [v]), LocalEntrySchema.array()]).describe(
         `Specifies the files and directories to generate the cache key for your custom build command.`
       ),
-      configs: z31.string().array().describe("Define the config values for your build command.")
+      configs: z31.string().array().optional().describe("Define the config values for your build command.")
     }).optional().describe(`Specifies the build process for sites that need a build step.`),
     static: z31.union([LocalDirectorySchema, z31.boolean()]).optional().describe(
       "Specifies the path to the static files directory. Additionally you can also pass `true` when you don't have local static files, but still want to make an S3 bucket."
@@ -1113,10 +1111,10 @@ var SitesSchema = z31.record(
       origins: z31.string().array().default(["*"]),
       methods: z31.enum(["GET", "DELETE", "HEAD", "OPTIONS", "PATCH", "POST", "PUT", "ALL"]).array().default(["ALL"])
     }).optional().describe("Specify the cors headers."),
-    auth: z31.object({
-      username: z31.string().describe("Basic auth username"),
-      password: z31.string().describe("Basic auth password")
-    }).optional().describe("Enable basic authentication for the site"),
+    basicAuth: z31.object({
+      username: z31.string().describe("Basic auth username."),
+      password: z31.string().describe("Basic auth password.")
+    }).optional().describe("Enable basic authentication for the site."),
     security: z31.object({
       // contentSecurityPolicy: z.object({
       // 	override: z.boolean().default(false),

package/dist/prebuild/rpc/HASH

@@ -1 +1 @@
-355b49989570d95758c09af3e91d59c93fcf2284
+e4e6754c9211e7052132876e9d5853a8fca5bafe