@bitblit/ratchet-epsilon-deployment 4.0.420-alpha → 4.0.421-alpha
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/build/index.d.ts +1 -0
- package/lib/build/index.js +2 -0
- package/lib/build/index.js.map +1 -0
- package/lib/build/ratchet-epsilon-deployment-info.d.ts +5 -0
- package/lib/build/ratchet-epsilon-deployment-info.js +15 -0
- package/lib/build/ratchet-epsilon-deployment-info.js.map +1 -0
- package/lib/deployment/cdk/bucket-and-source-configuration.d.ts +6 -0
- package/lib/deployment/cdk/bucket-and-source-configuration.js +2 -0
- package/lib/deployment/cdk/bucket-and-source-configuration.js.map +1 -0
- package/lib/deployment/cdk/epsilon-api-stack-feature.d.ts +5 -0
- package/lib/deployment/cdk/epsilon-api-stack-feature.js +7 -0
- package/lib/deployment/cdk/epsilon-api-stack-feature.js.map +1 -0
- package/lib/deployment/cdk/epsilon-api-stack-props.d.ts +19 -0
- package/lib/deployment/cdk/epsilon-api-stack-props.js +2 -0
- package/lib/deployment/cdk/epsilon-api-stack-props.js.map +1 -0
- package/lib/deployment/cdk/epsilon-api-stack.d.ts +9 -0
- package/lib/deployment/cdk/epsilon-api-stack.js +184 -0
- package/lib/deployment/cdk/epsilon-api-stack.js.map +1 -0
- package/lib/deployment/cdk/epsilon-lambda-to-cloudfront-path-mapping.d.ts +4 -0
- package/lib/deployment/cdk/epsilon-lambda-to-cloudfront-path-mapping.js +2 -0
- package/lib/deployment/cdk/epsilon-lambda-to-cloudfront-path-mapping.js.map +1 -0
- package/lib/deployment/cdk/epsilon-stack-util.d.ts +14 -0
- package/lib/deployment/cdk/epsilon-stack-util.js +99 -0
- package/lib/deployment/cdk/epsilon-stack-util.js.map +1 -0
- package/lib/deployment/cdk/epsilon-website-cache-behavior.d.ts +5 -0
- package/lib/deployment/cdk/epsilon-website-cache-behavior.js +7 -0
- package/lib/deployment/cdk/epsilon-website-cache-behavior.js.map +1 -0
- package/lib/deployment/cdk/epsilon-website-stack-props.d.ts +21 -0
- package/lib/deployment/cdk/epsilon-website-stack-props.js +5 -0
- package/lib/deployment/cdk/epsilon-website-stack-props.js.map +1 -0
- package/lib/deployment/cdk/epsilon-website-stack.d.ts +7 -0
- package/lib/deployment/cdk/epsilon-website-stack.js +183 -0
- package/lib/deployment/cdk/epsilon-website-stack.js.map +1 -0
- package/lib/deployment/cdk/simple-additional-s3-website-mapping.d.ts +4 -0
- package/lib/deployment/cdk/simple-additional-s3-website-mapping.js +2 -0
- package/lib/deployment/cdk/simple-additional-s3-website-mapping.js.map +1 -0
- package/lib/deployment/index.d.ts +10 -0
- package/lib/deployment/index.js +11 -0
- package/lib/deployment/index.js.map +1 -0
- package/package.json +11 -12
- package/lib/index.mjs +0 -2
- package/lib/types.d.ts +0 -101
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from './ratchet-epsilon-deployment-info.js';
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/build/index.ts"],"names":[],"mappings":"AAIA,cAAc,sCAAsC,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
export class RatchetEpsilonDeploymentInfo {
|
|
2
|
+
constructor() { }
|
|
3
|
+
static buildInformation() {
|
|
4
|
+
const val = {
|
|
5
|
+
version: 'LOCAL-SNAPSHOT',
|
|
6
|
+
hash: 'LOCAL-HASH',
|
|
7
|
+
branch: 'LOCAL-BRANCH',
|
|
8
|
+
tag: 'LOCAL-TAG',
|
|
9
|
+
timeBuiltISO: 'LOCAL-TIME-ISO',
|
|
10
|
+
notes: 'LOCAL-NOTES',
|
|
11
|
+
};
|
|
12
|
+
return val;
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=ratchet-epsilon-deployment-info.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ratchet-epsilon-deployment-info.js","sourceRoot":"","sources":["../../src/build/ratchet-epsilon-deployment-info.ts"],"names":[],"mappings":"AAEA,MAAM,OAAO,4BAA4B;IAGvC,gBAAuB,CAAC;IAEjB,MAAM,CAAC,gBAAgB;QAC5B,MAAM,GAAG,GAAqB;YAC5B,OAAO,EAAE,gBAAgB;YACzB,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,cAAc;YACtB,GAAG,EAAE,WAAW;YAChB,YAAY,EAAE,gBAAgB;YAC9B,KAAK,EAAE,aAAa;SACrB,CAAC;QACF,OAAO,GAAG,CAAC;IACb,CAAC;CACF"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"bucket-and-source-configuration.js","sourceRoot":"","sources":["../../../src/deployment/cdk/bucket-and-source-configuration.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export var EpsilonApiStackFeature;
|
|
2
|
+
(function (EpsilonApiStackFeature) {
|
|
3
|
+
EpsilonApiStackFeature["WebLambda"] = "WebLambda";
|
|
4
|
+
EpsilonApiStackFeature["BackgroundLambda"] = "BackgroundLambda";
|
|
5
|
+
EpsilonApiStackFeature["AwsBatchHandler"] = "AwsBatchHandler";
|
|
6
|
+
})(EpsilonApiStackFeature || (EpsilonApiStackFeature = {}));
|
|
7
|
+
//# sourceMappingURL=epsilon-api-stack-feature.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"epsilon-api-stack-feature.js","sourceRoot":"","sources":["../../../src/deployment/cdk/epsilon-api-stack-feature.ts"],"names":[],"mappings":"AAAA,MAAM,CAAN,IAAY,sBAIX;AAJD,WAAY,sBAAsB;IAChC,iDAAuB,CAAA;IACvB,+DAAqC,CAAA;IACrC,6DAAmC,CAAA;AACrC,CAAC,EAJW,sBAAsB,KAAtB,sBAAsB,QAIjC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { StackProps } from 'aws-cdk-lib';
|
|
2
|
+
import { PolicyStatement } from 'aws-cdk-lib/aws-iam';
|
|
3
|
+
import { EpsilonApiStackFeature } from './epsilon-api-stack-feature.js';
|
|
4
|
+
export interface EpsilonApiStackProps extends StackProps {
|
|
5
|
+
batchInstancesEc2KeyPairName?: string;
|
|
6
|
+
additionalPolicyStatements: PolicyStatement[];
|
|
7
|
+
disabledFeatures?: EpsilonApiStackFeature[];
|
|
8
|
+
dockerFileFolder: string;
|
|
9
|
+
dockerFileName: string;
|
|
10
|
+
lambdaSecurityGroupIds: string[];
|
|
11
|
+
vpcSubnetIds: string[];
|
|
12
|
+
vpcId: string;
|
|
13
|
+
extraEnvironmentalVars?: Record<string, string>;
|
|
14
|
+
webLambdaPingMinutes?: number;
|
|
15
|
+
webMemorySizeMb?: number;
|
|
16
|
+
backgroundMemorySizeMb?: number;
|
|
17
|
+
webTimeoutSeconds?: number;
|
|
18
|
+
backgroundTimeoutSeconds?: number;
|
|
19
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"epsilon-api-stack-props.js","sourceRoot":"","sources":["../../../src/deployment/cdk/epsilon-api-stack-props.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { Stack } from 'aws-cdk-lib';
|
|
2
|
+
import { Construct } from 'constructs';
|
|
3
|
+
import { EpsilonApiStackProps } from './epsilon-api-stack-props.js';
|
|
4
|
+
export declare class EpsilonApiStack extends Stack {
|
|
5
|
+
private webHandler;
|
|
6
|
+
private backgroundHandler;
|
|
7
|
+
apiDomain: string;
|
|
8
|
+
constructor(scope: Construct, id: string, props?: EpsilonApiStackProps);
|
|
9
|
+
}
|
|
@@ -0,0 +1,184 @@
|
|
|
1
|
+
import { Duration, Lazy, Size, Stack } from 'aws-cdk-lib';
|
|
2
|
+
import { DockerImageCode, DockerImageFunction, FunctionUrlAuthType, HttpMethod } from 'aws-cdk-lib/aws-lambda';
|
|
3
|
+
import { ManagedPolicy, PolicyDocument, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam';
|
|
4
|
+
import { Topic } from 'aws-cdk-lib/aws-sns';
|
|
5
|
+
import { Queue } from 'aws-cdk-lib/aws-sqs';
|
|
6
|
+
import { LambdaSubscription } from 'aws-cdk-lib/aws-sns-subscriptions';
|
|
7
|
+
import { Rule, Schedule } from 'aws-cdk-lib/aws-events';
|
|
8
|
+
import { LambdaFunction } from 'aws-cdk-lib/aws-events-targets';
|
|
9
|
+
import { DockerImageAsset } from 'aws-cdk-lib/aws-ecr-assets';
|
|
10
|
+
import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
|
|
11
|
+
import { EpsilonStackUtil } from './epsilon-stack-util.js';
|
|
12
|
+
import { RatchetEpsilonDeploymentInfo } from '../../build/ratchet-epsilon-deployment-info.js';
|
|
13
|
+
import { EcsFargateContainerDefinition, EcsJobDefinition, FargateComputeEnvironment, JobQueue, } from 'aws-cdk-lib/aws-batch';
|
|
14
|
+
import { SecurityGroup, Vpc } from 'aws-cdk-lib/aws-ec2';
|
|
15
|
+
import { ContainerImage } from 'aws-cdk-lib/aws-ecs';
|
|
16
|
+
import { EpsilonApiStackFeature } from './epsilon-api-stack-feature.js';
|
|
17
|
+
export class EpsilonApiStack extends Stack {
|
|
18
|
+
webHandler;
|
|
19
|
+
backgroundHandler;
|
|
20
|
+
apiDomain;
|
|
21
|
+
constructor(scope, id, props) {
|
|
22
|
+
super(scope, id, props);
|
|
23
|
+
const disabledFeatures = props?.disabledFeatures || [];
|
|
24
|
+
const dockerImageAsset = new DockerImageAsset(this, id + 'DockerImage', {
|
|
25
|
+
directory: props.dockerFileFolder,
|
|
26
|
+
file: props.dockerFileName,
|
|
27
|
+
});
|
|
28
|
+
const dockerImageCode = DockerImageCode.fromImageAsset(props.dockerFileFolder, { file: props.dockerFileName });
|
|
29
|
+
const notificationTopic = new Topic(this, id + 'WorkNotificationTopic');
|
|
30
|
+
const workQueue = new Queue(this, id + 'WorkQueue', {
|
|
31
|
+
fifo: true,
|
|
32
|
+
retentionPeriod: Duration.hours(8),
|
|
33
|
+
visibilityTimeout: Duration.minutes(5),
|
|
34
|
+
contentBasedDeduplication: true,
|
|
35
|
+
...props,
|
|
36
|
+
});
|
|
37
|
+
const interApiGenericEventTopic = new Topic(this, id + 'InterApiTopic');
|
|
38
|
+
const epsilonEnv = {
|
|
39
|
+
EPSILON_AWS_REGION: StringRatchet.safeString(Stack.of(this).region),
|
|
40
|
+
EPSILON_AWS_AVAILABILITY_ZONES: StringRatchet.safeString(JSON.stringify(Stack.of(this).availabilityZones)),
|
|
41
|
+
EPSILON_BACKGROUND_SQS_QUEUE_URL: StringRatchet.safeString(workQueue.queueUrl),
|
|
42
|
+
EPSILON_BACKGROUND_SNS_TOPIC_ARN: StringRatchet.safeString(notificationTopic.topicArn),
|
|
43
|
+
EPSILON_INTER_API_EVENT_TOPIC_ARN: StringRatchet.safeString(interApiGenericEventTopic.topicArn),
|
|
44
|
+
EPSILON_LIB_BUILD_HASH: StringRatchet.safeString(RatchetEpsilonDeploymentInfo.buildInformation().hash),
|
|
45
|
+
EPSILON_LIB_BUILD_TIME: StringRatchet.safeString(RatchetEpsilonDeploymentInfo.buildInformation().timeBuiltISO),
|
|
46
|
+
EPSILON_LIB_BUILD_BRANCH_OR_TAG: StringRatchet.safeString(RatchetEpsilonDeploymentInfo.buildInformation().branch || RatchetEpsilonDeploymentInfo.buildInformation().tag),
|
|
47
|
+
EPSILON_LIB_BUILD_VERSION: StringRatchet.safeString(RatchetEpsilonDeploymentInfo.buildInformation().version),
|
|
48
|
+
};
|
|
49
|
+
const env = Object.assign({}, props.extraEnvironmentalVars || {}, epsilonEnv);
|
|
50
|
+
if (!disabledFeatures.includes(EpsilonApiStackFeature.AwsBatchHandler)) {
|
|
51
|
+
const executionRole = new Role(this, id + 'BatchExecutionRole', {
|
|
52
|
+
assumedBy: new ServicePrincipal('ecs-tasks.amazonaws.com'),
|
|
53
|
+
managedPolicies: [ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaVPCAccessExecutionRole')],
|
|
54
|
+
inlinePolicies: {
|
|
55
|
+
root: new PolicyDocument({
|
|
56
|
+
statements: EpsilonStackUtil.ECS_POLICY_STATEMENTS,
|
|
57
|
+
}),
|
|
58
|
+
},
|
|
59
|
+
});
|
|
60
|
+
const jobRole = new Role(this, id + 'BatchJobRole', {
|
|
61
|
+
assumedBy: new ServicePrincipal('ecs-tasks.amazonaws.com'),
|
|
62
|
+
managedPolicies: [ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaVPCAccessExecutionRole')],
|
|
63
|
+
inlinePolicies: {
|
|
64
|
+
root: new PolicyDocument({
|
|
65
|
+
statements: EpsilonStackUtil.createDefaultPolicyStatementList(props, workQueue, notificationTopic, interApiGenericEventTopic),
|
|
66
|
+
}),
|
|
67
|
+
},
|
|
68
|
+
});
|
|
69
|
+
const compEnvProps = {
|
|
70
|
+
vpc: Vpc.fromLookup(this, `Vpc`, { vpcId: props.vpcId }),
|
|
71
|
+
computeEnvironmentName: id + 'ComputeEnv',
|
|
72
|
+
enabled: true,
|
|
73
|
+
maxvCpus: 16,
|
|
74
|
+
replaceComputeEnvironment: false,
|
|
75
|
+
securityGroups: props.lambdaSecurityGroupIds.map((sgId, index) => SecurityGroup.fromSecurityGroupId(this, `SecurityGroup${index}`, `sg-${sgId}`)),
|
|
76
|
+
serviceRole: Role.fromRoleArn(this, `${id}ServiceRole`, 'arn:aws:iam::' + props.env.account + ':role/AWSBatchServiceRole'),
|
|
77
|
+
spot: false,
|
|
78
|
+
terminateOnUpdate: false,
|
|
79
|
+
updateTimeout: Duration.hours(4),
|
|
80
|
+
updateToLatestImageVersion: true,
|
|
81
|
+
};
|
|
82
|
+
const compEnv = new FargateComputeEnvironment(this, id + 'ComputeEnv', compEnvProps);
|
|
83
|
+
const batchJobQueueProps = {
|
|
84
|
+
computeEnvironments: [{ order: 1, computeEnvironment: compEnv }],
|
|
85
|
+
enabled: true,
|
|
86
|
+
jobQueueName: id + 'BatchJobQueue',
|
|
87
|
+
priority: 10,
|
|
88
|
+
schedulingPolicy: undefined,
|
|
89
|
+
};
|
|
90
|
+
const batchJobQueue = new JobQueue(this, id + 'BatchJobQueue', batchJobQueueProps);
|
|
91
|
+
const batchEnvVars = EpsilonStackUtil.toEnvironmentVariables([
|
|
92
|
+
env,
|
|
93
|
+
props.extraEnvironmentalVars || {},
|
|
94
|
+
{
|
|
95
|
+
EPSILON_RUNNING_IN_AWS_BATCH: true,
|
|
96
|
+
},
|
|
97
|
+
]);
|
|
98
|
+
const containerDef = {
|
|
99
|
+
cpu: 4,
|
|
100
|
+
image: ContainerImage.fromRegistry(dockerImageAsset.imageUri),
|
|
101
|
+
memory: Size.mebibytes(8192),
|
|
102
|
+
assignPublicIp: true,
|
|
103
|
+
command: ['Ref::taskName', 'Ref::taskDataBase64', 'Ref::traceId', 'Ref::traceDepth', 'Ref::taskMetaDataBase64'],
|
|
104
|
+
environment: batchEnvVars,
|
|
105
|
+
executionRole: executionRole,
|
|
106
|
+
jobRole: jobRole,
|
|
107
|
+
readonlyRootFilesystem: false,
|
|
108
|
+
volumes: [],
|
|
109
|
+
};
|
|
110
|
+
const fargateContainerDefinitionDef = new EcsFargateContainerDefinition(this, `${id}FargateContainerDefinition`, containerDef);
|
|
111
|
+
const jobProps = {
|
|
112
|
+
jobDefinitionName: id + 'JobDefinition',
|
|
113
|
+
retryAttempts: 3,
|
|
114
|
+
retryStrategies: undefined,
|
|
115
|
+
schedulingPriority: undefined,
|
|
116
|
+
timeout: undefined,
|
|
117
|
+
container: fargateContainerDefinitionDef,
|
|
118
|
+
};
|
|
119
|
+
const jobDef = new EcsJobDefinition(this, id + 'JobDefinition', jobProps);
|
|
120
|
+
env['EPSILON_AWS_BATCH_JOB_DEFINITION_ARN'] = jobDef.jobDefinitionArn;
|
|
121
|
+
env['EPSILON_AWS_BATCH_JOB_QUEUE_ARN'] = batchJobQueue.jobQueueArn;
|
|
122
|
+
}
|
|
123
|
+
const lambdaRole = new Role(this, 'customRole', {
|
|
124
|
+
roleName: id + 'LambdaCustomRole',
|
|
125
|
+
assumedBy: new ServicePrincipal('lambda.amazonaws.com'),
|
|
126
|
+
managedPolicies: [ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaVPCAccessExecutionRole')],
|
|
127
|
+
inlinePolicies: {
|
|
128
|
+
root: new PolicyDocument({
|
|
129
|
+
statements: EpsilonStackUtil.createDefaultPolicyStatementList(props, workQueue, notificationTopic, interApiGenericEventTopic),
|
|
130
|
+
}),
|
|
131
|
+
},
|
|
132
|
+
});
|
|
133
|
+
if (!disabledFeatures.includes(EpsilonApiStackFeature.WebLambda)) {
|
|
134
|
+
this.webHandler = new DockerImageFunction(this, id + 'Web', {
|
|
135
|
+
retryAttempts: 2,
|
|
136
|
+
memorySize: props.webMemorySizeMb || 128,
|
|
137
|
+
ephemeralStorageSize: Size.mebibytes(512),
|
|
138
|
+
timeout: Duration.seconds(props.webTimeoutSeconds || 20),
|
|
139
|
+
code: dockerImageCode,
|
|
140
|
+
role: lambdaRole,
|
|
141
|
+
environment: env,
|
|
142
|
+
});
|
|
143
|
+
if (props?.webLambdaPingMinutes && props.webLambdaPingMinutes > 0) {
|
|
144
|
+
const rule = new Rule(this, id + 'WebKeepaliveRule', {
|
|
145
|
+
schedule: Schedule.rate(Duration.minutes(Math.ceil(props.webLambdaPingMinutes))),
|
|
146
|
+
});
|
|
147
|
+
rule.addTarget(new LambdaFunction(this.webHandler));
|
|
148
|
+
}
|
|
149
|
+
const fnUrl = this.webHandler.addFunctionUrl({
|
|
150
|
+
authType: FunctionUrlAuthType.NONE,
|
|
151
|
+
cors: {
|
|
152
|
+
allowedOrigins: ['*'],
|
|
153
|
+
allowedHeaders: ['Content-Type', 'X-Amz-Date', 'Authorization', 'X-Api-Key'],
|
|
154
|
+
allowedMethods: [HttpMethod.ALL],
|
|
155
|
+
allowCredentials: true,
|
|
156
|
+
},
|
|
157
|
+
});
|
|
158
|
+
this.apiDomain = Lazy.uncachedString({
|
|
159
|
+
produce: (context) => {
|
|
160
|
+
const resolved = context.resolve(fnUrl.url);
|
|
161
|
+
return { 'Fn::Select': [2, { 'Fn::Split': ['/', resolved] }] };
|
|
162
|
+
},
|
|
163
|
+
});
|
|
164
|
+
}
|
|
165
|
+
if (!disabledFeatures.includes(EpsilonApiStackFeature.BackgroundLambda)) {
|
|
166
|
+
this.backgroundHandler = new DockerImageFunction(this, id + 'Background', {
|
|
167
|
+
retryAttempts: 2,
|
|
168
|
+
memorySize: props.backgroundMemorySizeMb || 3000,
|
|
169
|
+
ephemeralStorageSize: Size.mebibytes(512),
|
|
170
|
+
timeout: Duration.seconds(props.backgroundTimeoutSeconds || 900),
|
|
171
|
+
code: dockerImageCode,
|
|
172
|
+
role: lambdaRole,
|
|
173
|
+
environment: env,
|
|
174
|
+
});
|
|
175
|
+
notificationTopic.addSubscription(new LambdaSubscription(this.backgroundHandler));
|
|
176
|
+
interApiGenericEventTopic.addSubscription(new LambdaSubscription(this.backgroundHandler));
|
|
177
|
+
const rule = new Rule(this, id + 'CronRule', {
|
|
178
|
+
schedule: Schedule.rate(Duration.minutes(1)),
|
|
179
|
+
});
|
|
180
|
+
rule.addTarget(new LambdaFunction(this.backgroundHandler));
|
|
181
|
+
}
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
//# sourceMappingURL=epsilon-api-stack.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"epsilon-api-stack.js","sourceRoot":"","sources":["../../../src/deployment/cdk/epsilon-api-stack.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AAE1D,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAe,mBAAmB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAC5H,OAAO,EAAE,aAAa,EAAE,cAAc,EAAmB,IAAI,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC7G,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AAEvE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,6CAA6C,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,4BAA4B,EAAE,MAAM,gDAAgD,CAAC;AAC9F,OAAO,EACL,6BAA6B,EAE7B,gBAAgB,EAEhB,yBAAyB,EAEzB,QAAQ,GAET,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAC;AAEzD,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAExE,MAAM,OAAO,eAAgB,SAAQ,KAAK;IAChC,UAAU,CAAsB;IAChC,iBAAiB,CAAsB;IAExC,SAAS,CAAS;IAEzB,YAAY,KAAgB,EAAE,EAAU,EAAE,KAA4B;QACpE,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QAExB,MAAM,gBAAgB,GAA6B,KAAK,EAAE,gBAAgB,IAAI,EAAE,CAAC;QAGjF,MAAM,gBAAgB,GAAqB,IAAI,gBAAgB,CAAC,IAAI,EAAE,EAAE,GAAG,aAAa,EAAE;YACxF,SAAS,EAAE,KAAK,CAAC,gBAAgB;YACjC,IAAI,EAAE,KAAK,CAAC,cAAc;SAC3B,CAAC,CAAC;QACH,MAAM,eAAe,GAAoB,eAAe,CAAC,cAAc,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,cAAc,EAAE,CAAC,CAAC;QAEhI,MAAM,iBAAiB,GAAU,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,GAAG,uBAAuB,CAAC,CAAC;QAC/E,MAAM,SAAS,GAAU,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,GAAG,WAAW,EAAE;YACzD,IAAI,EAAE,IAAI;YACV,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;YAClC,iBAAiB,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACtC,yBAAyB,EAAE,IAAI;YAC/B,GAAG,KAAK;SACT,CAAC,CAAC;QAEH,MAAM,yBAAyB,GAAU,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,GAAG,eAAe,CAAC,CAAC;QAE/E,MAAM,UAAU,GAA2B;YACzC,kBAAkB,EAAE,aAAa,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YACnE,8BAA8B,EAAE,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,iBAAiB,CAAC,CAAC;YAC1G,gCAAgC,EAAE,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,QAAQ,CAAC;YAC9E,gCAAgC,EAAE,aAAa,CAAC,UAAU,CAAC,iBAAiB,CAAC,QAAQ,CAAC;YACtF,iCAAiC,EAAE,aAAa,CAAC,UAAU,CAAC,yBAAyB,CAAC,QAAQ,CAAC;YAC/F,sBAAsB,EAAE,aAAa,CAAC,UAAU,CAAC,4BAA4B,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC;YACtG,sBAAsB,EAAE,aAAa,CAAC,UAAU,CAAC,4BAA4B,CAAC,gBAAgB,EAAE,CAAC,YAAY,CAAC;YAC9G,+BAA+B,EAAE,aAAa,CAAC,UAAU,CACvD,4BAA4B,CAAC,gBAAgB,EAAE,CAAC,MAAM,IAAI,4BAA4B,CAAC,gBAAgB,EAAE,CAAC,GAAG,CAC9G;YACD,yBAAyB,EAAE,aAAa,CAAC,UAAU,CAAC,4BAA4B,CAAC,gBAAgB,EAAE,CAAC,OAAO,CAAC;SAC7G,CAAC;QACF,MAAM,GAAG,GAA2B,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,sBAAsB,IAAI,EAAE,EAAE,UAAU,CAAC,CAAC;QAEtG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE,CAAC;YAGvE,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,GAAG,oBAAoB,EAAE;gBAC9D,SAAS,EAAE,IAAI,gBAAgB,CAAC,yBAAyB,CAAC;gBAC1D,eAAe,EAAE,CAAC,aAAa,CAAC,wBAAwB,CAAC,8CAA8C,CAAC,CAAC;gBACzG,cAAc,EAAE;oBACd,IAAI,EAAE,IAAI,cAAc,CAAC;wBACvB,UAAU,EAAE,gBAAgB,CAAC,qBAAqB;qBACnD,CAAC;iBACH;aACF,CAAC,CAAC;YAGH,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,GAAG,cAAc,EAAE;gBAClD,SAAS,EAAE,IAAI,gBAAgB,CAAC,yBAAyB,CAAC;gBAC1D,eAAe,EAAE,CAAC,aAAa,CAAC,wBAAwB,CAAC,8CAA8C,CAAC,CAAC;gBACzG,cAAc,EAAE;oBACd,IAAI,EAAE,IAAI,cAAc,CAAC;wBACvB,UAAU,EAAE,gBAAgB,CAAC,gCAAgC,CAAC,KAAK,EAAE,SAAS,EAAE,iBAAiB,EAAE,yBAAyB,CAAC;qBAC9H,CAAC;iBACH;aACF,CAAC,CAAC;YAQH,MAAM,YAAY,GAAmC;gBACnD,GAAG,EAAE,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC;gBACxD,sBAAsB,EAAE,EAAE,GAAG,YAAY;gBACzC,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,EAAE;gBACZ,yBAAyB,EAAE,KAAK;gBAChC,cAAc,EAAE,KAAK,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAC/D,aAAa,CAAC,mBAAmB,CAAC,IAAI,EAAE,gBAAgB,KAAK,EAAE,EAAE,MAAM,IAAI,EAAE,CAAC,CAC/E;gBACD,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,GAAG,EAAE,aAAa,EAAE,eAAe,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,GAAG,2BAA2B,CAAC;gBAC1H,IAAI,EAAE,KAAK;gBACX,iBAAiB,EAAE,KAAK;gBACxB,aAAa,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;gBAChC,0BAA0B,EAAE,IAAI;aAEjC,CAAC;YAEF,MAAM,OAAO,GAA8B,IAAI,yBAAyB,CAAC,IAAI,EAAE,EAAE,GAAG,YAAY,EAAE,YAAY,CAAC,CAAC;YAEhH,MAAM,kBAAkB,GAAkB;gBACxC,mBAAmB,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC;gBAChE,OAAO,EAAE,IAAI;gBACb,YAAY,EAAE,EAAE,GAAG,eAAe;gBAClC,QAAQ,EAAE,EAAE;gBACZ,gBAAgB,EAAE,SAAS;aAC5B,CAAC;YAEF,MAAM,aAAa,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,GAAG,eAAe,EAAE,kBAAkB,CAAC,CAAC;YAEnF,MAAM,YAAY,GAAwB,gBAAgB,CAAC,sBAAsB,CAAC;gBAChF,GAAG;gBACH,KAAK,CAAC,sBAAsB,IAAI,EAAE;gBAClC;oBACE,4BAA4B,EAAE,IAAI;iBACnC;aACF,CAAC,CAAC;YAEH,MAAM,YAAY,GAAuC;gBACvD,GAAG,EAAE,CAAC;gBACN,KAAK,EAAE,cAAc,CAAC,YAAY,CAAC,gBAAgB,CAAC,QAAQ,CAAC;gBAC7D,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;gBAC5B,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,CAAC,eAAe,EAAE,qBAAqB,EAAE,cAAc,EAAE,iBAAiB,EAAE,yBAAyB,CAAC;gBAC/G,WAAW,EAAE,YAAY;gBACzB,aAAa,EAAE,aAAa;gBAE5B,OAAO,EAAE,OAAO;gBAEhB,sBAAsB,EAAE,KAAK;gBAG7B,OAAO,EAAE,EAAE;aACZ,CAAC;YAEF,MAAM,6BAA6B,GAAG,IAAI,6BAA6B,CAAC,IAAI,EAAE,GAAG,EAAE,4BAA4B,EAAE,YAAY,CAAC,CAAC;YAE/H,MAAM,QAAQ,GAA0B;gBACtC,iBAAiB,EAAE,EAAE,GAAG,eAAe;gBACvC,aAAa,EAAE,CAAC;gBAChB,eAAe,EAAE,SAAS;gBAC1B,kBAAkB,EAAE,SAAS;gBAC7B,OAAO,EAAE,SAAS;gBAClB,SAAS,EAAE,6BAA6B;aACzC,CAAC;YAEF,MAAM,MAAM,GAAqB,IAAI,gBAAgB,CAAC,IAAI,EAAE,EAAE,GAAG,eAAe,EAAE,QAAQ,CAAC,CAAC;YAG5F,GAAG,CAAC,sCAAsC,CAAC,GAAG,MAAM,CAAC,gBAAgB,CAAC;YACtE,GAAG,CAAC,iCAAiC,CAAC,GAAG,aAAa,CAAC,WAAW,CAAC;QACrE,CAAC;QAGD,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,YAAY,EAAE;YAC9C,QAAQ,EAAE,EAAE,GAAG,kBAAkB;YACjC,SAAS,EAAE,IAAI,gBAAgB,CAAC,sBAAsB,CAAC;YACvD,eAAe,EAAE,CAAC,aAAa,CAAC,wBAAwB,CAAC,8CAA8C,CAAC,CAAC;YACzG,cAAc,EAAE;gBACd,IAAI,EAAE,IAAI,cAAc,CAAC;oBACvB,UAAU,EAAE,gBAAgB,CAAC,gCAAgC,CAAC,KAAK,EAAE,SAAS,EAAE,iBAAiB,EAAE,yBAAyB,CAAC;iBAC9H,CAAC;aACH;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,sBAAsB,CAAC,SAAS,CAAC,EAAE,CAAC;YACjE,IAAI,CAAC,UAAU,GAAG,IAAI,mBAAmB,CAAC,IAAI,EAAE,EAAE,GAAG,KAAK,EAAE;gBAE1D,aAAa,EAAE,CAAC;gBAEhB,UAAU,EAAE,KAAK,CAAC,eAAe,IAAI,GAAG;gBACxC,oBAAoB,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC;gBACzC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC;gBACxD,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,UAAU;gBAChB,WAAW,EAAE,GAAG;aACjB,CAAC,CAAC;YAEH,IAAI,KAAK,EAAE,oBAAoB,IAAI,KAAK,CAAC,oBAAoB,GAAG,CAAC,EAAE,CAAC;gBAElE,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,GAAG,kBAAkB,EAAE;oBACnD,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;iBACjF,CAAC,CAAC;gBACH,IAAI,CAAC,SAAS,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YACtD,CAAC;YAED,MAAM,KAAK,GAAgB,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC;gBACxD,QAAQ,EAAE,mBAAmB,CAAC,IAAI;gBAClC,IAAI,EAAE;oBACJ,cAAc,EAAE,CAAC,GAAG,CAAC;oBACrB,cAAc,EAAE,CAAC,cAAc,EAAE,YAAY,EAAE,eAAe,EAAE,WAAW,CAAC;oBAC5E,cAAc,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;oBAChC,gBAAgB,EAAE,IAAI;iBACvB;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC;gBACnC,OAAO,EAAE,CAAC,OAAO,EAAE,EAAE;oBACnB,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAC5C,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,WAAW,EAAE,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,CAAC,EAAS,CAAC;gBACxE,CAAC;aACF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACxE,IAAI,CAAC,iBAAiB,GAAG,IAAI,mBAAmB,CAAC,IAAI,EAAE,EAAE,GAAG,YAAY,EAAE;gBAExE,aAAa,EAAE,CAAC;gBAEhB,UAAU,EAAE,KAAK,CAAC,sBAAsB,IAAI,IAAI;gBAChD,oBAAoB,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC;gBACzC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,wBAAwB,IAAI,GAAG,CAAC;gBAChE,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,UAAU;gBAChB,WAAW,EAAE,GAAG;aACjB,CAAC,CAAC;YAEH,iBAAiB,CAAC,eAAe,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;YAClF,yBAAyB,CAAC,eAAe,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;YAG1F,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,GAAG,UAAU,EAAE;gBAC3C,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;aAC7C,CAAC,CAAC;YACH,IAAI,CAAC,SAAS,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"epsilon-lambda-to-cloudfront-path-mapping.js","sourceRoot":"","sources":["../../../src/deployment/cdk/epsilon-lambda-to-cloudfront-path-mapping.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { PolicyStatement } from 'aws-cdk-lib/aws-iam';
|
|
2
|
+
import { Topic } from 'aws-cdk-lib/aws-sns';
|
|
3
|
+
import { Queue } from 'aws-cdk-lib/aws-sqs';
|
|
4
|
+
import { EpsilonApiStackProps } from './epsilon-api-stack-props.js';
|
|
5
|
+
export declare class EpsilonStackUtil {
|
|
6
|
+
private constructor();
|
|
7
|
+
static toEnvironmentVariables(input: Record<string, any>[]): Record<string, string>;
|
|
8
|
+
static createDefaultPolicyStatementList(props: EpsilonApiStackProps, backgroundLambdaSqs: Queue, backgroundLambdaSns: Topic, interApiSns: Topic): PolicyStatement[];
|
|
9
|
+
static readonly ALLOW_ECS: PolicyStatement;
|
|
10
|
+
static readonly ALLOW_ECR: PolicyStatement;
|
|
11
|
+
static readonly ALLOW_RESTRICTED_LOGS: PolicyStatement;
|
|
12
|
+
static readonly ALLOW_FARGATE_SECRET_READING: PolicyStatement[];
|
|
13
|
+
static readonly ECS_POLICY_STATEMENTS: PolicyStatement[];
|
|
14
|
+
}
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
import { Logger } from '@bitblit/ratchet-common/logger/logger';
|
|
2
|
+
import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
|
|
3
|
+
import { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';
|
|
4
|
+
export class EpsilonStackUtil {
|
|
5
|
+
constructor() { }
|
|
6
|
+
static toEnvironmentVariables(input) {
|
|
7
|
+
const rval = {};
|
|
8
|
+
input.forEach((inval) => {
|
|
9
|
+
Object.keys(inval).forEach((k) => {
|
|
10
|
+
rval[k] = StringRatchet.safeString(inval[k]);
|
|
11
|
+
});
|
|
12
|
+
});
|
|
13
|
+
return rval;
|
|
14
|
+
}
|
|
15
|
+
static createDefaultPolicyStatementList(props, backgroundLambdaSqs, backgroundLambdaSns, interApiSns) {
|
|
16
|
+
const rval = (props.additionalPolicyStatements || []).concat([
|
|
17
|
+
new PolicyStatement({
|
|
18
|
+
effect: Effect.ALLOW,
|
|
19
|
+
actions: ['logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents'],
|
|
20
|
+
resources: ['arn:aws:logs:*:*:*'],
|
|
21
|
+
}),
|
|
22
|
+
new PolicyStatement({
|
|
23
|
+
effect: Effect.ALLOW,
|
|
24
|
+
actions: ['ses:SendEmail', 'ses:SendRawEmail'],
|
|
25
|
+
resources: ['arn:aws:ses:*'],
|
|
26
|
+
}),
|
|
27
|
+
new PolicyStatement({
|
|
28
|
+
effect: Effect.ALLOW,
|
|
29
|
+
actions: ['sqs:*'],
|
|
30
|
+
resources: [backgroundLambdaSqs.queueArn],
|
|
31
|
+
}),
|
|
32
|
+
new PolicyStatement({
|
|
33
|
+
effect: Effect.ALLOW,
|
|
34
|
+
actions: ['sns:*'],
|
|
35
|
+
resources: [backgroundLambdaSns.topicArn, interApiSns.topicArn],
|
|
36
|
+
}),
|
|
37
|
+
new PolicyStatement({
|
|
38
|
+
effect: Effect.ALLOW,
|
|
39
|
+
actions: ['batch:*'],
|
|
40
|
+
resources: ['*'],
|
|
41
|
+
}),
|
|
42
|
+
new PolicyStatement({
|
|
43
|
+
effect: Effect.ALLOW,
|
|
44
|
+
actions: ['ec2:DescribeSecurityGroups'],
|
|
45
|
+
resources: ['*'],
|
|
46
|
+
}),
|
|
47
|
+
new PolicyStatement({
|
|
48
|
+
effect: Effect.ALLOW,
|
|
49
|
+
actions: ['ec2:DescribeSubnets'],
|
|
50
|
+
resources: ['*'],
|
|
51
|
+
}),
|
|
52
|
+
new PolicyStatement({
|
|
53
|
+
effect: Effect.ALLOW,
|
|
54
|
+
actions: ['ec2:DescribeVpcs'],
|
|
55
|
+
resources: ['*'],
|
|
56
|
+
}),
|
|
57
|
+
]);
|
|
58
|
+
Logger.info('Created policy statement list: %j', rval);
|
|
59
|
+
return rval;
|
|
60
|
+
}
|
|
61
|
+
static ALLOW_ECS = new PolicyStatement({
|
|
62
|
+
effect: Effect.ALLOW,
|
|
63
|
+
actions: ['ecs:*'],
|
|
64
|
+
resources: ['*'],
|
|
65
|
+
});
|
|
66
|
+
static ALLOW_ECR = new PolicyStatement({
|
|
67
|
+
effect: Effect.ALLOW,
|
|
68
|
+
actions: ['ecr:BatchCheckLayerAvailability', 'ecr:BatchGetImage', 'ecr:GetDownloadUrlForLayer', 'ecr:GetAuthorizationToken'],
|
|
69
|
+
resources: ['*'],
|
|
70
|
+
});
|
|
71
|
+
static ALLOW_RESTRICTED_LOGS = new PolicyStatement({
|
|
72
|
+
effect: Effect.ALLOW,
|
|
73
|
+
actions: ['logs:CreateLogStream', 'logs:PutLogEvents', 'logs:DescribeLogStreams', 'logs:CreateLogGroup'],
|
|
74
|
+
resources: ['*'],
|
|
75
|
+
});
|
|
76
|
+
static ALLOW_FARGATE_SECRET_READING = [
|
|
77
|
+
new PolicyStatement({
|
|
78
|
+
effect: Effect.ALLOW,
|
|
79
|
+
actions: ['ssm:GetParameters'],
|
|
80
|
+
resources: ['*'],
|
|
81
|
+
}),
|
|
82
|
+
new PolicyStatement({
|
|
83
|
+
effect: Effect.ALLOW,
|
|
84
|
+
actions: ['secretsmanager:GetSecretValue'],
|
|
85
|
+
resources: ['*'],
|
|
86
|
+
}),
|
|
87
|
+
new PolicyStatement({
|
|
88
|
+
effect: Effect.ALLOW,
|
|
89
|
+
actions: ['kms:Decrypt'],
|
|
90
|
+
resources: ['*'],
|
|
91
|
+
}),
|
|
92
|
+
];
|
|
93
|
+
static ECS_POLICY_STATEMENTS = [
|
|
94
|
+
EpsilonStackUtil.ALLOW_ECS,
|
|
95
|
+
EpsilonStackUtil.ALLOW_ECR,
|
|
96
|
+
EpsilonStackUtil.ALLOW_RESTRICTED_LOGS,
|
|
97
|
+
].concat(EpsilonStackUtil.ALLOW_FARGATE_SECRET_READING);
|
|
98
|
+
}
|
|
99
|
+
//# sourceMappingURL=epsilon-stack-util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"epsilon-stack-util.js","sourceRoot":"","sources":["../../../src/deployment/cdk/epsilon-stack-util.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,uCAAuC,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,6CAA6C,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAK9D,MAAM,OAAO,gBAAgB;IAG3B,gBAAuB,CAAC;IAEjB,MAAM,CAAC,sBAAsB,CAAC,KAA4B;QAC/D,MAAM,IAAI,GAA2B,EAAE,CAAC;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YACtB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;gBAC/B,IAAI,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/C,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,MAAM,CAAC,gCAAgC,CAC5C,KAA2B,EAC3B,mBAA0B,EAC1B,mBAA0B,EAC1B,WAAkB;QAElB,MAAM,IAAI,GAAsB,CAAC,KAAK,CAAC,0BAA0B,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YAC9E,IAAI,eAAe,CAAC;gBAClB,MAAM,EAAE,MAAM,CAAC,KAAK;gBACpB,OAAO,EAAE,CAAC,qBAAqB,EAAE,sBAAsB,EAAE,mBAAmB,CAAC;gBAC7E,SAAS,EAAE,CAAC,oBAAoB,CAAC;aAClC,CAAC;YACF,IAAI,eAAe,CAAC;gBAClB,MAAM,EAAE,MAAM,CAAC,KAAK;gBACpB,OAAO,EAAE,CAAC,eAAe,EAAE,kBAAkB,CAAC;gBAC9C,SAAS,EAAE,CAAC,eAAe,CAAC;aAC7B,CAAC;YACF,IAAI,eAAe,CAAC;gBAClB,MAAM,EAAE,MAAM,CAAC,KAAK;gBACpB,OAAO,EAAE,CAAC,OAAO,CAAC;gBAClB,SAAS,EAAE,CAAC,mBAAmB,CAAC,QAAQ,CAAC;aAC1C,CAAC;YACF,IAAI,eAAe,CAAC;gBAClB,MAAM,EAAE,MAAM,CAAC,KAAK;gBACpB,OAAO,EAAE,CAAC,OAAO,CAAC;gBAClB,SAAS,EAAE,CAAC,mBAAmB,CAAC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC;aAChE,CAAC;YACF,IAAI,eAAe,CAAC;gBAClB,MAAM,EAAE,MAAM,CAAC,KAAK;gBACpB,OAAO,EAAE,CAAC,SAAS,CAAC;gBACpB,SAAS,EAAE,CAAC,GAAG,CAAC;aACjB,CAAC;YACF,IAAI,eAAe,CAAC;gBAClB,MAAM,EAAE,MAAM,CAAC,KAAK;gBACpB,OAAO,EAAE,CAAC,4BAA4B,CAAC;gBACvC,SAAS,EAAE,CAAC,GAAG,CAAC;aACjB,CAAC;YACF,IAAI,eAAe,CAAC;gBAClB,MAAM,EAAE,MAAM,CAAC,KAAK;gBACpB,OAAO,EAAE,CAAC,qBAAqB,CAAC;gBAChC,SAAS,EAAE,CAAC,GAAG,CAAC;aACjB,CAAC;YACF,IAAI,eAAe,CAAC;gBAClB,MAAM,EAAE,MAAM,CAAC,KAAK;gBACpB,OAAO,EAAE,CAAC,kBAAkB,CAAC;gBAC7B,SAAS,EAAE,CAAC,GAAG,CAAC;aACjB,CAAC;SACH,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,IAAI,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,MAAM,CAAU,SAAS,GAAoB,IAAI,eAAe,CAAC;QACtE,MAAM,EAAE,MAAM,CAAC,KAAK;QACpB,OAAO,EAAE,CAAC,OAAO,CAAC;QAClB,SAAS,EAAE,CAAC,GAAG,CAAC;KACjB,CAAC,CAAC;IAEI,MAAM,CAAU,SAAS,GAAoB,IAAI,eAAe,CAAC;QACtE,MAAM,EAAE,MAAM,CAAC,KAAK;QACpB,OAAO,EAAE,CAAC,iCAAiC,EAAE,mBAAmB,EAAE,4BAA4B,EAAE,2BAA2B,CAAC;QAC5H,SAAS,EAAE,CAAC,GAAG,CAAC;KACjB,CAAC,CAAC;IAEI,MAAM,CAAU,qBAAqB,GAAoB,IAAI,eAAe,CAAC;QAClF,MAAM,EAAE,MAAM,CAAC,KAAK;QACpB,OAAO,EAAE,CAAC,sBAAsB,EAAE,mBAAmB,EAAE,yBAAyB,EAAE,qBAAqB,CAAC;QACxG,SAAS,EAAE,CAAC,GAAG,CAAC;KACjB,CAAC,CAAC;IAGI,MAAM,CAAU,4BAA4B,GAAsB;QACvE,IAAI,eAAe,CAAC;YAClB,MAAM,EAAE,MAAM,CAAC,KAAK;YACpB,OAAO,EAAE,CAAC,mBAAmB,CAAC;YAC9B,SAAS,EAAE,CAAC,GAAG,CAAC;SACjB,CAAC;QACF,IAAI,eAAe,CAAC;YAClB,MAAM,EAAE,MAAM,CAAC,KAAK;YACpB,OAAO,EAAE,CAAC,+BAA+B,CAAC;YAC1C,SAAS,EAAE,CAAC,GAAG,CAAC;SACjB,CAAC;QACF,IAAI,eAAe,CAAC;YAClB,MAAM,EAAE,MAAM,CAAC,KAAK;YACpB,OAAO,EAAE,CAAC,aAAa,CAAC;YACxB,SAAS,EAAE,CAAC,GAAG,CAAC;SACjB,CAAC;KACH,CAAC;IAEK,MAAM,CAAU,qBAAqB,GAAsB;QAChE,gBAAgB,CAAC,SAAS;QAC1B,gBAAgB,CAAC,SAAS;QAC1B,gBAAgB,CAAC,qBAAqB;KACvC,CAAC,MAAM,CAAC,gBAAgB,CAAC,4BAA4B,CAAC,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export var EpsilonWebsiteCacheBehavior;
|
|
2
|
+
(function (EpsilonWebsiteCacheBehavior) {
|
|
3
|
+
EpsilonWebsiteCacheBehavior["Default"] = "Default";
|
|
4
|
+
EpsilonWebsiteCacheBehavior["NoCache"] = "NoCache";
|
|
5
|
+
EpsilonWebsiteCacheBehavior["Custom"] = "Custom";
|
|
6
|
+
})(EpsilonWebsiteCacheBehavior || (EpsilonWebsiteCacheBehavior = {}));
|
|
7
|
+
//# sourceMappingURL=epsilon-website-cache-behavior.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"epsilon-website-cache-behavior.js","sourceRoot":"","sources":["../../../src/deployment/cdk/epsilon-website-cache-behavior.ts"],"names":[],"mappings":"AAAA,MAAM,CAAN,IAAY,2BAIX;AAJD,WAAY,2BAA2B;IACrC,kDAAmB,CAAA;IACnB,kDAAmB,CAAA;IACnB,gDAAiB,CAAA;AACnB,CAAC,EAJW,2BAA2B,KAA3B,2BAA2B,QAItC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { StackProps } from 'aws-cdk-lib';
|
|
2
|
+
import { SimpleAdditionalS3WebsiteMapping } from './simple-additional-s3-website-mapping.js';
|
|
3
|
+
import { EpsilonLambdaToCloudfrontPathMapping } from './epsilon-lambda-to-cloudfront-path-mapping.js';
|
|
4
|
+
import { Behavior } from 'aws-cdk-lib/aws-cloudfront';
|
|
5
|
+
import { EpsilonWebsiteCacheBehavior } from './epsilon-website-cache-behavior.js';
|
|
6
|
+
export interface EpsilonWebsiteStackProps extends StackProps {
|
|
7
|
+
targetBucketName: string;
|
|
8
|
+
cloudFrontHttpsCertificateArn: string;
|
|
9
|
+
cloudFrontDomainNames: string[];
|
|
10
|
+
apiMappings: EpsilonLambdaToCloudfrontPathMapping[];
|
|
11
|
+
pathsToAssets: string[];
|
|
12
|
+
route53Handling: EpsilonWebsiteStackPropsRoute53Handling;
|
|
13
|
+
simpleAdditionalMappings?: SimpleAdditionalS3WebsiteMapping[];
|
|
14
|
+
websiteCacheBehavior?: EpsilonWebsiteCacheBehavior;
|
|
15
|
+
websiteBehaviorOverride?: Behavior[];
|
|
16
|
+
}
|
|
17
|
+
export declare const EpsilonWebsiteStackPropsRoute53Handling: {
|
|
18
|
+
Update: string;
|
|
19
|
+
DoNotUpdate: string;
|
|
20
|
+
};
|
|
21
|
+
export type EpsilonWebsiteStackPropsRoute53Handling = (typeof EpsilonWebsiteStackPropsRoute53Handling)[keyof typeof EpsilonWebsiteStackPropsRoute53Handling];
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"epsilon-website-stack-props.js","sourceRoot":"","sources":["../../../src/deployment/cdk/epsilon-website-stack-props.ts"],"names":[],"mappings":"AAoBA,MAAM,CAAC,MAAM,uCAAuC,GAAG;IACrD,MAAM,EAAE,QAAQ;IAChB,WAAW,EAAE,aAAa;CAC3B,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { Stack } from 'aws-cdk-lib';
|
|
2
|
+
import { Construct } from 'constructs';
|
|
3
|
+
import { EpsilonWebsiteStackProps } from './epsilon-website-stack-props.js';
|
|
4
|
+
export declare class EpsilonWebsiteStack extends Stack {
|
|
5
|
+
constructor(scope: Construct, id: string, props?: EpsilonWebsiteStackProps);
|
|
6
|
+
static extractApexDomain(domainName: string): string;
|
|
7
|
+
}
|
|
@@ -0,0 +1,183 @@
|
|
|
1
|
+
import { Bucket, BucketEncryption } from 'aws-cdk-lib/aws-s3';
|
|
2
|
+
import { Duration, Stack } from 'aws-cdk-lib';
|
|
3
|
+
import path from 'path';
|
|
4
|
+
import { CloudFrontAllowedCachedMethods, CloudFrontAllowedMethods, CloudFrontWebDistribution, HttpVersion, OriginAccessIdentity, OriginProtocolPolicy, PriceClass, ViewerProtocolPolicy, } from 'aws-cdk-lib/aws-cloudfront';
|
|
5
|
+
import { HostedZone, RecordSet, RecordType } from 'aws-cdk-lib/aws-route53';
|
|
6
|
+
import { CloudFrontTarget } from 'aws-cdk-lib/aws-route53-targets';
|
|
7
|
+
import { BucketDeployment, Source } from 'aws-cdk-lib/aws-s3-deployment';
|
|
8
|
+
import { EpsilonWebsiteStackPropsRoute53Handling } from './epsilon-website-stack-props.js';
|
|
9
|
+
import { ErrorRatchet } from '@bitblit/ratchet-common/lang/error-ratchet';
|
|
10
|
+
import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
|
|
11
|
+
import { EpsilonWebsiteCacheBehavior } from './epsilon-website-cache-behavior.js';
|
|
12
|
+
export class EpsilonWebsiteStack extends Stack {
|
|
13
|
+
constructor(scope, id, props) {
|
|
14
|
+
super(scope, id, props);
|
|
15
|
+
const originAccessId = new OriginAccessIdentity(this, id + 'OriginAccessId');
|
|
16
|
+
const websiteBucket = new Bucket(this, id + 'DeployBucket', {
|
|
17
|
+
bucketName: props.targetBucketName,
|
|
18
|
+
versioned: false,
|
|
19
|
+
publicReadAccess: false,
|
|
20
|
+
encryption: BucketEncryption.S3_MANAGED,
|
|
21
|
+
});
|
|
22
|
+
const extraBucketAndSource = (props.simpleAdditionalMappings || []).map((eb) => {
|
|
23
|
+
const nextBucket = Bucket.fromBucketAttributes(this, eb.bucketName + 'ImportedBucket', {
|
|
24
|
+
bucketName: eb.bucketName,
|
|
25
|
+
});
|
|
26
|
+
const nextBS = {
|
|
27
|
+
bucket: nextBucket,
|
|
28
|
+
sourceConfig: {
|
|
29
|
+
s3OriginSource: {
|
|
30
|
+
s3BucketSource: nextBucket,
|
|
31
|
+
originAccessIdentity: originAccessId,
|
|
32
|
+
},
|
|
33
|
+
behaviors: [
|
|
34
|
+
{
|
|
35
|
+
pathPattern: eb.pathPattern,
|
|
36
|
+
isDefaultBehavior: false,
|
|
37
|
+
compress: true,
|
|
38
|
+
defaultTtl: Duration.seconds(1),
|
|
39
|
+
minTtl: Duration.seconds(1),
|
|
40
|
+
maxTtl: Duration.seconds(1),
|
|
41
|
+
forwardedValues: {
|
|
42
|
+
queryString: false,
|
|
43
|
+
},
|
|
44
|
+
},
|
|
45
|
+
],
|
|
46
|
+
},
|
|
47
|
+
};
|
|
48
|
+
return nextBS;
|
|
49
|
+
});
|
|
50
|
+
if (props.websiteCacheBehavior === EpsilonWebsiteCacheBehavior.Custom && !props?.websiteBehaviorOverride?.length) {
|
|
51
|
+
throw ErrorRatchet.fErr('Custom cache behavior selected but no custom provided');
|
|
52
|
+
}
|
|
53
|
+
if (props.websiteCacheBehavior !== EpsilonWebsiteCacheBehavior.Custom && props?.websiteBehaviorOverride?.length) {
|
|
54
|
+
throw ErrorRatchet.fErr('Custom cache behavior not selected but custom provided');
|
|
55
|
+
}
|
|
56
|
+
let websiteBehaviors;
|
|
57
|
+
switch (props.websiteCacheBehavior) {
|
|
58
|
+
case EpsilonWebsiteCacheBehavior.NoCache:
|
|
59
|
+
websiteBehaviors = [
|
|
60
|
+
{
|
|
61
|
+
isDefaultBehavior: true,
|
|
62
|
+
compress: true,
|
|
63
|
+
defaultTtl: Duration.seconds(0),
|
|
64
|
+
minTtl: Duration.seconds(0),
|
|
65
|
+
maxTtl: Duration.seconds(0),
|
|
66
|
+
forwardedValues: {
|
|
67
|
+
queryString: false,
|
|
68
|
+
},
|
|
69
|
+
},
|
|
70
|
+
];
|
|
71
|
+
break;
|
|
72
|
+
case EpsilonWebsiteCacheBehavior.Custom:
|
|
73
|
+
websiteBehaviors = props.websiteBehaviorOverride;
|
|
74
|
+
break;
|
|
75
|
+
default:
|
|
76
|
+
websiteBehaviors = [
|
|
77
|
+
{
|
|
78
|
+
isDefaultBehavior: true,
|
|
79
|
+
compress: true,
|
|
80
|
+
defaultTtl: Duration.seconds(1),
|
|
81
|
+
minTtl: Duration.seconds(1),
|
|
82
|
+
maxTtl: Duration.seconds(1),
|
|
83
|
+
forwardedValues: {
|
|
84
|
+
queryString: false,
|
|
85
|
+
},
|
|
86
|
+
},
|
|
87
|
+
];
|
|
88
|
+
break;
|
|
89
|
+
}
|
|
90
|
+
const assetSource = {
|
|
91
|
+
s3OriginSource: {
|
|
92
|
+
s3BucketSource: websiteBucket,
|
|
93
|
+
originAccessIdentity: originAccessId,
|
|
94
|
+
},
|
|
95
|
+
behaviors: websiteBehaviors,
|
|
96
|
+
};
|
|
97
|
+
const apiSources = (props.apiMappings || []).map((s) => {
|
|
98
|
+
const next = {
|
|
99
|
+
customOriginSource: {
|
|
100
|
+
domainName: s.apiDomainName,
|
|
101
|
+
originProtocolPolicy: OriginProtocolPolicy.HTTPS_ONLY,
|
|
102
|
+
},
|
|
103
|
+
behaviors: [
|
|
104
|
+
{
|
|
105
|
+
compress: true,
|
|
106
|
+
forwardedValues: {
|
|
107
|
+
queryString: true,
|
|
108
|
+
cookies: {
|
|
109
|
+
forward: 'whitelist',
|
|
110
|
+
whitelistedNames: ['idToken'],
|
|
111
|
+
},
|
|
112
|
+
headers: ['Accept', 'Referer', 'Authorization', 'Content-Type'],
|
|
113
|
+
},
|
|
114
|
+
pathPattern: s.pathPattern,
|
|
115
|
+
defaultTtl: Duration.seconds(0),
|
|
116
|
+
maxTtl: Duration.seconds(0),
|
|
117
|
+
minTtl: Duration.seconds(0),
|
|
118
|
+
allowedMethods: CloudFrontAllowedMethods.ALL,
|
|
119
|
+
cachedMethods: CloudFrontAllowedCachedMethods.GET_HEAD,
|
|
120
|
+
},
|
|
121
|
+
],
|
|
122
|
+
};
|
|
123
|
+
return next;
|
|
124
|
+
});
|
|
125
|
+
const distributionProps = {
|
|
126
|
+
httpVersion: HttpVersion.HTTP2,
|
|
127
|
+
defaultRootObject: 'index.html',
|
|
128
|
+
originConfigs: [assetSource, ...apiSources, ...extraBucketAndSource.map((s) => s.sourceConfig)],
|
|
129
|
+
errorConfigurations: [
|
|
130
|
+
{
|
|
131
|
+
errorCode: 404,
|
|
132
|
+
errorCachingMinTtl: 300,
|
|
133
|
+
responseCode: 200,
|
|
134
|
+
responsePagePath: '/index.html',
|
|
135
|
+
},
|
|
136
|
+
{
|
|
137
|
+
errorCode: 403,
|
|
138
|
+
errorCachingMinTtl: 300,
|
|
139
|
+
responseCode: 200,
|
|
140
|
+
responsePagePath: '/index.html',
|
|
141
|
+
},
|
|
142
|
+
],
|
|
143
|
+
priceClass: PriceClass.PRICE_CLASS_ALL,
|
|
144
|
+
viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
|
|
145
|
+
viewerCertificate: {
|
|
146
|
+
aliases: props.cloudFrontDomainNames,
|
|
147
|
+
props: {
|
|
148
|
+
acmCertificateArn: props.cloudFrontHttpsCertificateArn,
|
|
149
|
+
sslSupportMethod: 'sni-only',
|
|
150
|
+
},
|
|
151
|
+
},
|
|
152
|
+
};
|
|
153
|
+
const cloudfrontDistro = new CloudFrontWebDistribution(this, id + 'CloudfrontDistro', distributionProps);
|
|
154
|
+
if (props?.route53Handling === EpsilonWebsiteStackPropsRoute53Handling.Update) {
|
|
155
|
+
if (props?.cloudFrontDomainNames?.length) {
|
|
156
|
+
for (let i = 0; i < props.cloudFrontDomainNames.length; i++) {
|
|
157
|
+
const domain = new RecordSet(this, id + 'DomainName-' + props.cloudFrontDomainNames[i], {
|
|
158
|
+
recordType: RecordType.A,
|
|
159
|
+
recordName: props.cloudFrontDomainNames[i],
|
|
160
|
+
target: {
|
|
161
|
+
aliasTarget: new CloudFrontTarget(cloudfrontDistro),
|
|
162
|
+
},
|
|
163
|
+
zone: HostedZone.fromLookup(this, id, { domainName: EpsilonWebsiteStack.extractApexDomain(props.cloudFrontDomainNames[i]) }),
|
|
164
|
+
});
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
new BucketDeployment(this, id + 'SiteDeploy', {
|
|
169
|
+
sources: props.pathsToAssets.map((inPath) => Source.asset(path.resolve(inPath))),
|
|
170
|
+
destinationBucket: websiteBucket,
|
|
171
|
+
distribution: cloudfrontDistro,
|
|
172
|
+
distributionPaths: ['/*'],
|
|
173
|
+
});
|
|
174
|
+
}
|
|
175
|
+
static extractApexDomain(domainName) {
|
|
176
|
+
const pieces = StringRatchet.trimToEmpty(domainName).split('.');
|
|
177
|
+
if (pieces.length < 2) {
|
|
178
|
+
ErrorRatchet.throwFormattedErr('Not a valid domain name : %s', domainName);
|
|
179
|
+
}
|
|
180
|
+
return pieces[pieces.length - 2] + '.' + pieces[pieces.length - 1];
|
|
181
|
+
}
|
|
182
|
+
}
|
|
183
|
+
//# sourceMappingURL=epsilon-website-stack.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"epsilon-website-stack.js","sourceRoot":"","sources":["../../../src/deployment/cdk/epsilon-website-stack.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AAE9C,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAEL,8BAA8B,EAC9B,wBAAwB,EACxB,yBAAyB,EAEzB,WAAW,EACX,oBAAoB,EACpB,oBAAoB,EACpB,UAAU,EAEV,oBAAoB,GACrB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAA4B,uCAAuC,EAAE,MAAM,kCAAkC,CAAC;AACrH,OAAO,EAAE,YAAY,EAAE,MAAM,4CAA4C,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,MAAM,6CAA6C,CAAC;AAE5E,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAElF,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,YAAY,KAAgB,EAAE,EAAU,EAAE,KAAgC;QACxE,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QAExB,MAAM,cAAc,GAAyB,IAAI,oBAAoB,CAAC,IAAI,EAAE,EAAE,GAAG,gBAAgB,CAAC,CAAC;QAEnG,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,GAAG,cAAc,EAAE;YAC1D,UAAU,EAAE,KAAK,CAAC,gBAAgB;YAGlC,SAAS,EAAE,KAAK;YAChB,gBAAgB,EAAE,KAAK;YACvB,UAAU,EAAE,gBAAgB,CAAC,UAAU;SA2BxC,CAAC,CAAC;QAGH,MAAM,oBAAoB,GAAmC,CAAC,KAAK,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;YAC7G,MAAM,UAAU,GAAG,MAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,GAAG,gBAAgB,EAAE;gBACrF,UAAU,EAAE,EAAE,CAAC,UAAU;aAC1B,CAAC,CAAC;YAEH,MAAM,MAAM,GAAiC;gBAC3C,MAAM,EAAE,UAAU;gBAClB,YAAY,EAAE;oBACZ,cAAc,EAAE;wBACd,cAAc,EAAE,UAAU;wBAC1B,oBAAoB,EAAE,cAAc;qBACrC;oBACD,SAAS,EAAE;wBACT;4BACE,WAAW,EAAE,EAAE,CAAC,WAAW;4BAC3B,iBAAiB,EAAE,KAAK;4BACxB,QAAQ,EAAE,IAAI;4BAEd,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;4BAC/B,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;4BAC3B,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;4BAC3B,eAAe,EAAE;gCACf,WAAW,EAAE,KAAK;6BACnB;yBACF;qBACF;iBACF;aACF,CAAC;YACF,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC,CAAC;QAKH,IAAI,KAAK,CAAC,oBAAoB,KAAK,2BAA2B,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,uBAAuB,EAAE,MAAM,EAAE,CAAC;YACjH,MAAM,YAAY,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QACnF,CAAC;QACD,IAAI,KAAK,CAAC,oBAAoB,KAAK,2BAA2B,CAAC,MAAM,IAAI,KAAK,EAAE,uBAAuB,EAAE,MAAM,EAAE,CAAC;YAChH,MAAM,YAAY,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QACpF,CAAC;QACD,IAAI,gBAA4B,CAAC;QACjC,QAAQ,KAAK,CAAC,oBAAoB,EAAE,CAAC;YAEnC,KAAK,2BAA2B,CAAC,OAAO;gBACtC,gBAAgB,GAAG;oBACjB;wBACE,iBAAiB,EAAE,IAAI;wBACvB,QAAQ,EAAE,IAAI;wBACd,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;wBAC/B,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;wBAC3B,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;wBAC3B,eAAe,EAAE;4BACf,WAAW,EAAE,KAAK;yBACnB;qBACF;iBACF,CAAC;gBACF,MAAM;YACR,KAAK,2BAA2B,CAAC,MAAM;gBACrC,gBAAgB,GAAG,KAAK,CAAC,uBAAuB,CAAC;gBACjD,MAAM;YACR;gBACE,gBAAgB,GAAG;oBACjB;wBACE,iBAAiB,EAAE,IAAI;wBACvB,QAAQ,EAAE,IAAI;wBACd,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;wBAC/B,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;wBAC3B,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;wBAC3B,eAAe,EAAE;4BACf,WAAW,EAAE,KAAK;yBACnB;qBACF;iBACF,CAAC;gBACF,MAAM;QACV,CAAC;QAED,MAAM,WAAW,GAAwB;YACvC,cAAc,EAAE;gBACd,cAAc,EAAE,aAAa;gBAC7B,oBAAoB,EAAE,cAAc;aACrC;YACD,SAAS,EAAE,gBAAgB;SAC5B,CAAC;QAGF,MAAM,UAAU,GAA0B,CAAC,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC5E,MAAM,IAAI,GAAwB;gBAChC,kBAAkB,EAAE;oBAClB,UAAU,EAAE,CAAC,CAAC,aAAa;oBAC3B,oBAAoB,EAAE,oBAAoB,CAAC,UAAU;iBACtD;gBAED,SAAS,EAAE;oBACT;wBACE,QAAQ,EAAE,IAAI;wBACd,eAAe,EAAE;4BACf,WAAW,EAAE,IAAI;4BACjB,OAAO,EAAE;gCACP,OAAO,EAAE,WAAW;gCACpB,gBAAgB,EAAE,CAAC,SAAS,CAAC;6BAC9B;4BACD,OAAO,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,cAAc,CAAC;yBAChE;wBACD,WAAW,EAAE,CAAC,CAAC,WAAW;wBAC1B,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;wBAC/B,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;wBAC3B,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;wBAC3B,cAAc,EAAE,wBAAwB,CAAC,GAAG;wBAC5C,aAAa,EAAE,8BAA8B,CAAC,QAAQ;qBACvD;iBACF;aACF,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,MAAM,iBAAiB,GAAmC;YACxD,WAAW,EAAE,WAAW,CAAC,KAAK;YAC9B,iBAAiB,EAAE,YAAY;YAC/B,aAAa,EAAE,CAAC,WAAW,EAAE,GAAG,UAAU,EAAE,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;YAC/F,mBAAmB,EAAE;gBACnB;oBACE,SAAS,EAAE,GAAG;oBACd,kBAAkB,EAAE,GAAG;oBACvB,YAAY,EAAE,GAAG;oBACjB,gBAAgB,EAAE,aAAa;iBAChC;gBACD;oBACE,SAAS,EAAE,GAAG;oBACd,kBAAkB,EAAE,GAAG;oBACvB,YAAY,EAAE,GAAG;oBACjB,gBAAgB,EAAE,aAAa;iBAChC;aACF;YACD,UAAU,EAAE,UAAU,CAAC,eAAe;YACtC,oBAAoB,EAAE,oBAAoB,CAAC,iBAAiB;YAC5D,iBAAiB,EAAE;gBACjB,OAAO,EAAE,KAAK,CAAC,qBAAqB;gBACpC,KAAK,EAAE;oBACL,iBAAiB,EAAE,KAAK,CAAC,6BAA6B;oBACtD,gBAAgB,EAAE,UAAU;iBAC7B;aACF;SACF,CAAC;QAEF,MAAM,gBAAgB,GAA8B,IAAI,yBAAyB,CAAC,IAAI,EAAE,EAAE,GAAG,kBAAkB,EAAE,iBAAiB,CAAC,CAAC;QAGpI,IAAI,KAAK,EAAE,eAAe,KAAK,uCAAuC,CAAC,MAAM,EAAE,CAAC;YAC9E,IAAI,KAAK,EAAE,qBAAqB,EAAE,MAAM,EAAE,CAAC;gBACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,qBAAqB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC5D,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,EAAE,GAAG,aAAa,GAAG,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE;wBACtF,UAAU,EAAE,UAAU,CAAC,CAAC;wBACxB,UAAU,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;wBAC1C,MAAM,EAAE;4BACN,WAAW,EAAE,IAAI,gBAAgB,CAAC,gBAAgB,CAAC;yBACpD;wBACD,IAAI,EAAE,UAAU,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,mBAAmB,CAAC,iBAAiB,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;qBAC7H,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAGD,IAAI,gBAAgB,CAAC,IAAI,EAAE,EAAE,GAAG,YAAY,EAAE;YAC5C,OAAO,EAAE,KAAK,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YAChF,iBAAiB,EAAE,aAAa;YAChC,YAAY,EAAE,gBAAgB;YAC9B,iBAAiB,EAAE,CAAC,IAAI,CAAC;SAC1B,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,iBAAiB,CAAC,UAAkB;QAChD,MAAM,MAAM,GAAa,aAAa,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC1E,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,YAAY,CAAC,iBAAiB,CAAC,8BAA8B,EAAE,UAAU,CAAC,CAAC;QAC7E,CAAC;QACD,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACrE,CAAC;CACF"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"simple-additional-s3-website-mapping.js","sourceRoot":"","sources":["../../../src/deployment/cdk/simple-additional-s3-website-mapping.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
export * from './cdk/bucket-and-source-configuration.js';
|
|
2
|
+
export * from './cdk/epsilon-api-stack-feature.js';
|
|
3
|
+
export * from './cdk/epsilon-api-stack-props.js';
|
|
4
|
+
export * from './cdk/epsilon-api-stack.js';
|
|
5
|
+
export * from './cdk/epsilon-lambda-to-cloudfront-path-mapping.js';
|
|
6
|
+
export * from './cdk/epsilon-stack-util.js';
|
|
7
|
+
export * from './cdk/epsilon-website-cache-behavior.js';
|
|
8
|
+
export * from './cdk/epsilon-website-stack-props.js';
|
|
9
|
+
export * from './cdk/epsilon-website-stack.js';
|
|
10
|
+
export * from './cdk/simple-additional-s3-website-mapping.js';
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export * from './cdk/bucket-and-source-configuration.js';
|
|
2
|
+
export * from './cdk/epsilon-api-stack-feature.js';
|
|
3
|
+
export * from './cdk/epsilon-api-stack-props.js';
|
|
4
|
+
export * from './cdk/epsilon-api-stack.js';
|
|
5
|
+
export * from './cdk/epsilon-lambda-to-cloudfront-path-mapping.js';
|
|
6
|
+
export * from './cdk/epsilon-stack-util.js';
|
|
7
|
+
export * from './cdk/epsilon-website-cache-behavior.js';
|
|
8
|
+
export * from './cdk/epsilon-website-stack-props.js';
|
|
9
|
+
export * from './cdk/epsilon-website-stack.js';
|
|
10
|
+
export * from './cdk/simple-additional-s3-website-mapping.js';
|
|
11
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/deployment/index.ts"],"names":[],"mappings":"AAIA,cAAc,0CAA0C,CAAC;AACzD,cAAc,oCAAoC,CAAC;AACnD,cAAc,kCAAkC,CAAC;AACjD,cAAc,4BAA4B,CAAC;AAC3C,cAAc,oDAAoD,CAAC;AACnE,cAAc,6BAA6B,CAAC;AAC5C,cAAc,yCAAyC,CAAC;AACxD,cAAc,sCAAsC,CAAC;AACrD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,+CAA+C,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,19 +1,18 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@bitblit/ratchet-epsilon-deployment",
|
|
3
|
-
"version": "4.0.
|
|
3
|
+
"version": "4.0.421-alpha",
|
|
4
4
|
"description": "Epsilon CDK extensions to simplify deployment",
|
|
5
5
|
"sideEffects": false,
|
|
6
6
|
"type": "module",
|
|
7
|
-
"module": "./lib/index.mjs",
|
|
8
|
-
"types": "./lib/types.d.ts",
|
|
9
7
|
"files": [
|
|
10
8
|
"lib/**",
|
|
11
9
|
"bin/**"
|
|
12
10
|
],
|
|
13
11
|
"exports": {
|
|
14
|
-
".":
|
|
15
|
-
|
|
16
|
-
"import": "./lib
|
|
12
|
+
"./package.json": "./package.json",
|
|
13
|
+
"./*": {
|
|
14
|
+
"import": "./lib/*.js",
|
|
15
|
+
"types": "./lib/*.d.ts"
|
|
17
16
|
}
|
|
18
17
|
},
|
|
19
18
|
"contributors": [
|
|
@@ -51,15 +50,15 @@
|
|
|
51
50
|
},
|
|
52
51
|
"license": "Apache-2.0",
|
|
53
52
|
"dependencies": {
|
|
54
|
-
"@bitblit/ratchet-aws": "4.0.
|
|
55
|
-
"@bitblit/ratchet-common": "4.0.
|
|
56
|
-
"@bitblit/ratchet-epsilon-common": "4.0.
|
|
57
|
-
"aws-cdk-lib": "2.
|
|
53
|
+
"@bitblit/ratchet-aws": "4.0.421-alpha",
|
|
54
|
+
"@bitblit/ratchet-common": "4.0.421-alpha",
|
|
55
|
+
"@bitblit/ratchet-epsilon-common": "4.0.421-alpha",
|
|
56
|
+
"aws-cdk-lib": "2.151.0",
|
|
58
57
|
"constructs": "10.3.0"
|
|
59
58
|
},
|
|
60
59
|
"peerDependencies": {
|
|
61
|
-
"@bitblit/ratchet-common": "4.0.
|
|
62
|
-
"aws-cdk-lib": "^2.
|
|
60
|
+
"@bitblit/ratchet-common": "4.0.421-alpha",
|
|
61
|
+
"aws-cdk-lib": "^2.151.0",
|
|
63
62
|
"constructs": "^10.3.0"
|
|
64
63
|
}
|
|
65
64
|
}
|
package/lib/index.mjs
DELETED
|
@@ -1,2 +0,0 @@
|
|
|
1
|
-
import{Stack as e,Duration as t,Size as o,Lazy as s}from"aws-cdk-lib";import{DockerImageCode as a,DockerImageFunction as i,FunctionUrlAuthType as r,HttpMethod as n}from"aws-cdk-lib/aws-lambda";import{PolicyStatement as c,Effect as m,Role as l,ServicePrincipal as d,ManagedPolicy as u,PolicyDocument as f}from"aws-cdk-lib/aws-iam";import{Topic as p}from"aws-cdk-lib/aws-sns";import{Queue as b}from"aws-cdk-lib/aws-sqs";import{LambdaSubscription as h}from"aws-cdk-lib/aws-sns-subscriptions";import{Rule as w,Schedule as L}from"aws-cdk-lib/aws-events";import{LambdaFunction as A}from"aws-cdk-lib/aws-events-targets";import{DockerImageAsset as S}from"aws-cdk-lib/aws-ecr-assets";import{StringRatchet as g,Logger as E,ErrorRatchet as C}from"@bitblit/ratchet-common";import{FargateComputeEnvironment as N,JobQueue as O,EcsFargateContainerDefinition as _,EcsJobDefinition as T}from"aws-cdk-lib/aws-batch";import{Vpc as I,SecurityGroup as v}from"aws-cdk-lib/aws-ec2";import{ContainerImage as k}from"aws-cdk-lib/aws-ecs";import{Bucket as y,BucketEncryption as P}from"aws-cdk-lib/aws-s3";import B from"path";import{OriginAccessIdentity as D,OriginProtocolPolicy as R,CloudFrontAllowedMethods as W,CloudFrontAllowedCachedMethods as H,HttpVersion as G,PriceClass as M,ViewerProtocolPolicy as F,CloudFrontWebDistribution as x}from"aws-cdk-lib/aws-cloudfront";import{RecordSet as U,RecordType as V,HostedZone as z}from"aws-cdk-lib/aws-route53";import{CloudFrontTarget as j}from"aws-cdk-lib/aws-route53-targets";import{BucketDeployment as q,Source as J}from"aws-cdk-lib/aws-s3-deployment";class Q{constructor(){}static buildInformation(){return{version:"420",hash:"4470745cd9544530657f21b58e096ebea701451a",branch:"alpha-2024-07-30-6",tag:"alpha-2024-07-30-6",timeBuiltISO:"2024-07-30T23:41:38-0700",notes:"No notes"}}}var K,Y;!function(e){e.WebLambda="WebLambda",e.BackgroundLambda="BackgroundLambda",e.AwsBatchHandler="AwsBatchHandler"}(K||(K={}));class ${constructor(){}static toEnvironmentVariables(e){const t={};return e.forEach((e=>{Object.keys(e).forEach((o=>{t[o]=g.safeString(e[o])}))})),t}static createDefaultPolicyStatementList(e,t,o,s){const a=(e.additionalPolicyStatements||[]).concat([new c({effect:m.ALLOW,actions:["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],resources:["arn:aws:logs:*:*:*"]}),new c({effect:m.ALLOW,actions:["ses:SendEmail","ses:SendRawEmail"],resources:["arn:aws:ses:*"]}),new c({effect:m.ALLOW,actions:["sqs:*"],resources:[t.queueArn]}),new c({effect:m.ALLOW,actions:["sns:*"],resources:[o.topicArn,s.topicArn]}),new c({effect:m.ALLOW,actions:["batch:*"],resources:["*"]}),new c({effect:m.ALLOW,actions:["ec2:DescribeSecurityGroups"],resources:["*"]}),new c({effect:m.ALLOW,actions:["ec2:DescribeSubnets"],resources:["*"]}),new c({effect:m.ALLOW,actions:["ec2:DescribeVpcs"],resources:["*"]})]);return E.info("Created policy statement list: %j",a),a}static ALLOW_ECS=new c({effect:m.ALLOW,actions:["ecs:*"],resources:["*"]});static ALLOW_ECR=new c({effect:m.ALLOW,actions:["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:GetDownloadUrlForLayer","ecr:GetAuthorizationToken"],resources:["*"]});static ALLOW_RESTRICTED_LOGS=new c({effect:m.ALLOW,actions:["logs:CreateLogStream","logs:PutLogEvents","logs:DescribeLogStreams","logs:CreateLogGroup"],resources:["*"]});static ALLOW_FARGATE_SECRET_READING=[new c({effect:m.ALLOW,actions:["ssm:GetParameters"],resources:["*"]}),new c({effect:m.ALLOW,actions:["secretsmanager:GetSecretValue"],resources:["*"]}),new c({effect:m.ALLOW,actions:["kms:Decrypt"],resources:["*"]})];static ECS_POLICY_STATEMENTS=[$.ALLOW_ECS,$.ALLOW_ECR,$.ALLOW_RESTRICTED_LOGS].concat($.ALLOW_FARGATE_SECRET_READING)}class X extends e{webHandler;backgroundHandler;apiDomain;constructor(c,m,E){super(c,m,E);const C=E?.disabledFeatures||[],y=new S(this,m+"DockerImage",{directory:E.dockerFileFolder,file:E.dockerFileName}),P=a.fromImageAsset(E.dockerFileFolder,{file:E.dockerFileName}),B=new p(this,m+"WorkNotificationTopic"),D=new b(this,m+"WorkQueue",{fifo:!0,retentionPeriod:t.hours(8),visibilityTimeout:t.minutes(5),contentBasedDeduplication:!0,...E}),R=new p(this,m+"InterApiTopic"),W={EPSILON_AWS_REGION:g.safeString(e.of(this).region),EPSILON_AWS_AVAILABILITY_ZONES:g.safeString(JSON.stringify(e.of(this).availabilityZones)),EPSILON_BACKGROUND_SQS_QUEUE_URL:g.safeString(D.queueUrl),EPSILON_BACKGROUND_SNS_TOPIC_ARN:g.safeString(B.topicArn),EPSILON_INTER_API_EVENT_TOPIC_ARN:g.safeString(R.topicArn),EPSILON_LIB_BUILD_HASH:g.safeString(Q.buildInformation().hash),EPSILON_LIB_BUILD_TIME:g.safeString(Q.buildInformation().timeBuiltISO),EPSILON_LIB_BUILD_BRANCH_OR_TAG:g.safeString(Q.buildInformation().branch||Q.buildInformation().tag),EPSILON_LIB_BUILD_VERSION:g.safeString(Q.buildInformation().version)},H=Object.assign({},E.extraEnvironmentalVars||{},W);if(!C.includes(K.AwsBatchHandler)){const e=new l(this,m+"BatchExecutionRole",{assumedBy:new d("ecs-tasks.amazonaws.com"),managedPolicies:[u.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole")],inlinePolicies:{root:new f({statements:$.ECS_POLICY_STATEMENTS})}}),s=new l(this,m+"BatchJobRole",{assumedBy:new d("ecs-tasks.amazonaws.com"),managedPolicies:[u.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole")],inlinePolicies:{root:new f({statements:$.createDefaultPolicyStatementList(E,D,B,R)})}}),a={vpc:I.fromLookup(this,"Vpc",{vpcId:E.vpcId}),computeEnvironmentName:m+"ComputeEnv",enabled:!0,maxvCpus:16,replaceComputeEnvironment:!1,securityGroups:E.lambdaSecurityGroupIds.map(((e,t)=>v.fromSecurityGroupId(this,`SecurityGroup${t}`,`sg-${e}`))),serviceRole:l.fromRoleArn(this,`${m}ServiceRole`,"arn:aws:iam::"+E.env.account+":role/AWSBatchServiceRole"),spot:!1,terminateOnUpdate:!1,updateTimeout:t.hours(4),updateToLatestImageVersion:!0},i=new N(this,m+"ComputeEnv",a),r=new O(this,m+"BatchJobQueue",{computeEnvironments:[{order:1,computeEnvironment:i}],enabled:!0,jobQueueName:m+"BatchJobQueue",priority:10,schedulingPolicy:void 0}),n=$.toEnvironmentVariables([H,E.extraEnvironmentalVars||{},{EPSILON_RUNNING_IN_AWS_BATCH:!0}]),c={cpu:4,image:k.fromRegistry(y.imageUri),memory:o.mebibytes(8192),assignPublicIp:!0,command:["Ref::taskName","Ref::taskDataBase64","Ref::traceId","Ref::traceDepth","Ref::taskMetaDataBase64"],environment:n,executionRole:e,jobRole:s,readonlyRootFilesystem:!1,volumes:[]},p=new _(this,`${m}FargateContainerDefinition`,c),b=new T(this,m+"JobDefinition",{jobDefinitionName:m+"JobDefinition",retryAttempts:3,retryStrategies:void 0,schedulingPriority:void 0,timeout:void 0,container:p});H.EPSILON_AWS_BATCH_JOB_DEFINITION_ARN=b.jobDefinitionArn,H.EPSILON_AWS_BATCH_JOB_QUEUE_ARN=r.jobQueueArn}const G=new l(this,"customRole",{roleName:m+"LambdaCustomRole",assumedBy:new d("lambda.amazonaws.com"),managedPolicies:[u.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole")],inlinePolicies:{root:new f({statements:$.createDefaultPolicyStatementList(E,D,B,R)})}});if(!C.includes(K.WebLambda)){if(this.webHandler=new i(this,m+"Web",{retryAttempts:2,memorySize:E.webMemorySizeMb||128,ephemeralStorageSize:o.mebibytes(512),timeout:t.seconds(E.webTimeoutSeconds||20),code:P,role:G,environment:H}),E?.webLambdaPingMinutes&&E.webLambdaPingMinutes>0){new w(this,m+"WebKeepaliveRule",{schedule:L.rate(t.minutes(Math.ceil(E.webLambdaPingMinutes)))}).addTarget(new A(this.webHandler))}const e=this.webHandler.addFunctionUrl({authType:r.NONE,cors:{allowedOrigins:["*"],allowedHeaders:["Content-Type","X-Amz-Date","Authorization","X-Api-Key"],allowedMethods:[n.ALL],allowCredentials:!0}});this.apiDomain=s.uncachedString({produce:t=>({"Fn::Select":[2,{"Fn::Split":["/",t.resolve(e.url)]}]})})}if(!C.includes(K.BackgroundLambda)){this.backgroundHandler=new i(this,m+"Background",{retryAttempts:2,memorySize:E.backgroundMemorySizeMb||3e3,ephemeralStorageSize:o.mebibytes(512),timeout:t.seconds(E.backgroundTimeoutSeconds||900),code:P,role:G,environment:H}),B.addSubscription(new h(this.backgroundHandler)),R.addSubscription(new h(this.backgroundHandler));new w(this,m+"CronRule",{schedule:L.rate(t.minutes(1))}).addTarget(new A(this.backgroundHandler))}}}!function(e){e.Default="Default",e.NoCache="NoCache",e.Custom="Custom"}(Y||(Y={}));const Z={Update:"Update",DoNotUpdate:"DoNotUpdate"};class ee extends e{constructor(e,o,s){super(e,o,s);const a=new D(this,o+"OriginAccessId"),i=new y(this,o+"DeployBucket",{bucketName:s.targetBucketName,versioned:!1,publicReadAccess:!1,encryption:P.S3_MANAGED}),r=(s.simpleAdditionalMappings||[]).map((e=>{const o=y.fromBucketAttributes(this,e.bucketName+"ImportedBucket",{bucketName:e.bucketName});return{bucket:o,sourceConfig:{s3OriginSource:{s3BucketSource:o,originAccessIdentity:a},behaviors:[{pathPattern:e.pathPattern,isDefaultBehavior:!1,compress:!0,defaultTtl:t.seconds(1),minTtl:t.seconds(1),maxTtl:t.seconds(1),forwardedValues:{queryString:!1}}]}}}));if(s.websiteCacheBehavior===Y.Custom&&!s?.websiteBehaviorOverride?.length)throw C.fErr("Custom cache behavior selected but no custom provided");if(s.websiteCacheBehavior!==Y.Custom&&s?.websiteBehaviorOverride?.length)throw C.fErr("Custom cache behavior not selected but custom provided");let n;switch(s.websiteCacheBehavior){case Y.NoCache:n=[{isDefaultBehavior:!0,compress:!0,defaultTtl:t.seconds(0),minTtl:t.seconds(0),maxTtl:t.seconds(0),forwardedValues:{queryString:!1}}];break;case Y.Custom:n=s.websiteBehaviorOverride;break;default:n=[{isDefaultBehavior:!0,compress:!0,defaultTtl:t.seconds(1),minTtl:t.seconds(1),maxTtl:t.seconds(1),forwardedValues:{queryString:!1}}]}const c={s3OriginSource:{s3BucketSource:i,originAccessIdentity:a},behaviors:n},m=(s.apiMappings||[]).map((e=>({customOriginSource:{domainName:e.apiDomainName,originProtocolPolicy:R.HTTPS_ONLY},behaviors:[{compress:!0,forwardedValues:{queryString:!0,cookies:{forward:"whitelist",whitelistedNames:["idToken"]},headers:["Accept","Referer","Authorization","Content-Type"]},pathPattern:e.pathPattern,defaultTtl:t.seconds(0),maxTtl:t.seconds(0),minTtl:t.seconds(0),allowedMethods:W.ALL,cachedMethods:H.GET_HEAD}]}))),l={httpVersion:G.HTTP2,defaultRootObject:"index.html",originConfigs:[c,...m,...r.map((e=>e.sourceConfig))],errorConfigurations:[{errorCode:404,errorCachingMinTtl:300,responseCode:200,responsePagePath:"/index.html"},{errorCode:403,errorCachingMinTtl:300,responseCode:200,responsePagePath:"/index.html"}],priceClass:M.PRICE_CLASS_ALL,viewerProtocolPolicy:F.REDIRECT_TO_HTTPS,viewerCertificate:{aliases:s.cloudFrontDomainNames,props:{acmCertificateArn:s.cloudFrontHttpsCertificateArn,sslSupportMethod:"sni-only"}}},d=new x(this,o+"CloudfrontDistro",l);if(s?.route53Handling===Z.Update&&s?.cloudFrontDomainNames?.length)for(let e=0;e<s.cloudFrontDomainNames.length;e++)new U(this,o+"DomainName-"+s.cloudFrontDomainNames[e],{recordType:V.A,recordName:s.cloudFrontDomainNames[e],target:{aliasTarget:new j(d)},zone:z.fromLookup(this,o,{domainName:ee.extractApexDomain(s.cloudFrontDomainNames[e])})});new q(this,o+"SiteDeploy",{sources:s.pathsToAssets.map((e=>J.asset(B.resolve(e)))),destinationBucket:i,distribution:d,distributionPaths:["/*"]})}static extractApexDomain(e){const t=g.trimToEmpty(e).split(".");return t.length<2&&C.throwFormattedErr("Not a valid domain name : %s",e),t[t.length-2]+"."+t[t.length-1]}}export{X as EpsilonApiStack,K as EpsilonApiStackFeature,$ as EpsilonStackUtil,Y as EpsilonWebsiteCacheBehavior,ee as EpsilonWebsiteStack,Z as EpsilonWebsiteStackPropsRoute53Handling,Q as RatchetEpsilonDeploymentInfo};
|
|
2
|
-
//# sourceMappingURL=index.mjs.map
|
package/lib/types.d.ts
DELETED
|
@@ -1,101 +0,0 @@
|
|
|
1
|
-
import { BuildInformation } from '@bitblit/ratchet-common';
|
|
2
|
-
import { IBucket } from 'aws-cdk-lib/aws-s3';
|
|
3
|
-
import { SourceConfiguration, Behavior } from 'aws-cdk-lib/aws-cloudfront';
|
|
4
|
-
import { StackProps, Stack } from 'aws-cdk-lib';
|
|
5
|
-
import { PolicyStatement } from 'aws-cdk-lib/aws-iam';
|
|
6
|
-
import { Construct } from 'constructs';
|
|
7
|
-
import { Topic } from 'aws-cdk-lib/aws-sns';
|
|
8
|
-
import { Queue } from 'aws-cdk-lib/aws-sqs';
|
|
9
|
-
|
|
10
|
-
declare class RatchetEpsilonDeploymentInfo {
|
|
11
|
-
private constructor();
|
|
12
|
-
static buildInformation(): BuildInformation;
|
|
13
|
-
}
|
|
14
|
-
|
|
15
|
-
interface BucketAndSourceConfiguration {
|
|
16
|
-
bucket: IBucket;
|
|
17
|
-
sourceConfig: SourceConfiguration;
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
declare enum EpsilonApiStackFeature {
|
|
21
|
-
WebLambda = "WebLambda",
|
|
22
|
-
BackgroundLambda = "BackgroundLambda",
|
|
23
|
-
AwsBatchHandler = "AwsBatchHandler"
|
|
24
|
-
}
|
|
25
|
-
|
|
26
|
-
interface EpsilonApiStackProps extends StackProps {
|
|
27
|
-
batchInstancesEc2KeyPairName?: string;
|
|
28
|
-
additionalPolicyStatements: PolicyStatement[];
|
|
29
|
-
disabledFeatures?: EpsilonApiStackFeature[];
|
|
30
|
-
dockerFileFolder: string;
|
|
31
|
-
dockerFileName: string;
|
|
32
|
-
lambdaSecurityGroupIds: string[];
|
|
33
|
-
vpcSubnetIds: string[];
|
|
34
|
-
vpcId: string;
|
|
35
|
-
extraEnvironmentalVars?: Record<string, string>;
|
|
36
|
-
webLambdaPingMinutes?: number;
|
|
37
|
-
webMemorySizeMb?: number;
|
|
38
|
-
backgroundMemorySizeMb?: number;
|
|
39
|
-
webTimeoutSeconds?: number;
|
|
40
|
-
backgroundTimeoutSeconds?: number;
|
|
41
|
-
}
|
|
42
|
-
|
|
43
|
-
declare class EpsilonApiStack extends Stack {
|
|
44
|
-
private webHandler;
|
|
45
|
-
private backgroundHandler;
|
|
46
|
-
apiDomain: string;
|
|
47
|
-
constructor(scope: Construct, id: string, props?: EpsilonApiStackProps);
|
|
48
|
-
}
|
|
49
|
-
|
|
50
|
-
interface EpsilonLambdaToCloudfrontPathMapping {
|
|
51
|
-
apiDomainName: string;
|
|
52
|
-
pathPattern: string;
|
|
53
|
-
}
|
|
54
|
-
|
|
55
|
-
declare class EpsilonStackUtil {
|
|
56
|
-
private constructor();
|
|
57
|
-
static toEnvironmentVariables(input: Record<string, any>[]): {
|
|
58
|
-
[key: string]: string;
|
|
59
|
-
};
|
|
60
|
-
static createDefaultPolicyStatementList(props: EpsilonApiStackProps, backgroundLambdaSqs: Queue, backgroundLambdaSns: Topic, interApiSns: Topic): PolicyStatement[];
|
|
61
|
-
static readonly ALLOW_ECS: PolicyStatement;
|
|
62
|
-
static readonly ALLOW_ECR: PolicyStatement;
|
|
63
|
-
static readonly ALLOW_RESTRICTED_LOGS: PolicyStatement;
|
|
64
|
-
static readonly ALLOW_FARGATE_SECRET_READING: PolicyStatement[];
|
|
65
|
-
static readonly ECS_POLICY_STATEMENTS: PolicyStatement[];
|
|
66
|
-
}
|
|
67
|
-
|
|
68
|
-
declare enum EpsilonWebsiteCacheBehavior {
|
|
69
|
-
Default = "Default",
|
|
70
|
-
NoCache = "NoCache",
|
|
71
|
-
Custom = "Custom"
|
|
72
|
-
}
|
|
73
|
-
|
|
74
|
-
interface SimpleAdditionalS3WebsiteMapping {
|
|
75
|
-
bucketName: string;
|
|
76
|
-
pathPattern: string;
|
|
77
|
-
}
|
|
78
|
-
|
|
79
|
-
interface EpsilonWebsiteStackProps extends StackProps {
|
|
80
|
-
targetBucketName: string;
|
|
81
|
-
cloudFrontHttpsCertificateArn: string;
|
|
82
|
-
cloudFrontDomainNames: string[];
|
|
83
|
-
apiMappings: EpsilonLambdaToCloudfrontPathMapping[];
|
|
84
|
-
pathsToAssets: string[];
|
|
85
|
-
route53Handling: EpsilonWebsiteStackPropsRoute53Handling;
|
|
86
|
-
simpleAdditionalMappings?: SimpleAdditionalS3WebsiteMapping[];
|
|
87
|
-
websiteCacheBehavior?: EpsilonWebsiteCacheBehavior;
|
|
88
|
-
websiteBehaviorOverride?: Behavior[];
|
|
89
|
-
}
|
|
90
|
-
declare const EpsilonWebsiteStackPropsRoute53Handling: {
|
|
91
|
-
Update: string;
|
|
92
|
-
DoNotUpdate: string;
|
|
93
|
-
};
|
|
94
|
-
type EpsilonWebsiteStackPropsRoute53Handling = (typeof EpsilonWebsiteStackPropsRoute53Handling)[keyof typeof EpsilonWebsiteStackPropsRoute53Handling];
|
|
95
|
-
|
|
96
|
-
declare class EpsilonWebsiteStack extends Stack {
|
|
97
|
-
constructor(scope: Construct, id: string, props?: EpsilonWebsiteStackProps);
|
|
98
|
-
static extractApexDomain(domainName: string): string;
|
|
99
|
-
}
|
|
100
|
-
|
|
101
|
-
export { type BucketAndSourceConfiguration, EpsilonApiStack, EpsilonApiStackFeature, type EpsilonApiStackProps, type EpsilonLambdaToCloudfrontPathMapping, EpsilonStackUtil, EpsilonWebsiteCacheBehavior, EpsilonWebsiteStack, type EpsilonWebsiteStackProps, EpsilonWebsiteStackPropsRoute53Handling, RatchetEpsilonDeploymentInfo, type SimpleAdditionalS3WebsiteMapping };
|