npm - @cdklabs/cdk-appmod-catalog-blueprints - Versions diffs - 1.0.0 - Mend

@cdklabs/cdk-appmod-catalog-blueprints 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (105) hide show

package/lib/utilities/observability/bedrock-observability.js ADDED Viewed

@@ -0,0 +1,131 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BedrockObservability = void 0;
+const path = require("path");
+const aws_lambda_python_alpha_1 = require("@aws-cdk/aws-lambda-python-alpha");
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_iam_1 = require("aws-cdk-lib/aws-iam");
+const aws_kms_1 = require("aws-cdk-lib/aws-kms");
+const aws_lambda_1 = require("aws-cdk-lib/aws-lambda");
+const aws_logs_1 = require("aws-cdk-lib/aws-logs");
+const custom_resources_1 = require("aws-cdk-lib/custom-resources");
+const constructs_1 = require("constructs");
+const framework_1 = require("../../framework");
+const lambda_iam_utils_1 = require("../lambda-iam-utils");
+class BedrockObservability extends constructs_1.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const { region, account } = aws_cdk_lib_1.Stack.of(this);
+        const logGroupName = `/aws/bedrock/${aws_cdk_lib_1.Names.uniqueResourceName(this, {
+            maxLength: 100,
+        })}`;
+        const logGroupArn = `arn:aws:logs:${region}:${account}:log-group:${logGroupName}`;
+        const logStreamArn = `${logGroupArn}:log-stream:aws/bedrock/modelinvocations`;
+        this.encryptionKey = props?.logGroupDataProtection?.logGroupEncryptionKey || new aws_kms_1.Key(this, 'BedrockInvocationLoggingEncryptionKey', {
+            removalPolicy: props?.removalPolicy || aws_cdk_lib_1.RemovalPolicy.DESTROY,
+            enableKeyRotation: true,
+        });
+        this.encryptionKey.grantEncryptDecrypt(new aws_iam_1.ServicePrincipal('logs.amazonaws.com', {
+            conditions: {
+                ArnEquals: {
+                    'kms:EncryptionContext:aws:logs:arn': logGroupArn,
+                },
+            },
+        }));
+        this.logGroup = new aws_logs_1.LogGroup(this, 'BedrockInvocationLogGroup', {
+            logGroupName,
+            encryptionKey: this.encryptionKey,
+            removalPolicy: props?.removalPolicy || aws_cdk_lib_1.RemovalPolicy.DESTROY,
+            dataProtectionPolicy: props?.logGroupDataProtection?.dataProtectionIdentifiers ? new aws_logs_1.DataProtectionPolicy({
+                identifiers: props?.logGroupDataProtection?.dataProtectionIdentifiers,
+            }) : undefined,
+        });
+        this.loggingRole = props?.loggingRole || new aws_iam_1.Role(this, 'BedrockInvocationLoggingRole', {
+            assumedBy: new aws_iam_1.ServicePrincipal('bedrock.amazonaws.com', {
+                conditions: {
+                    StringEquals: {
+                        'aws:SourceAccount': account,
+                    },
+                    ArnLike: {
+                        'aws:SourceArn': `arn:aws:bedrock:${region}:${account}:*`,
+                    },
+                },
+            }),
+            inlinePolicies: {
+                BedrockLoggingPolicy: new aws_iam_1.PolicyDocument({
+                    statements: [
+                        new aws_iam_1.PolicyStatement({
+                            effect: aws_iam_1.Effect.ALLOW,
+                            actions: [
+                                'logs:CreateLogStream',
+                                'logs:PutLogEvents',
+                            ],
+                            resources: [
+                                logStreamArn,
+                            ],
+                        }),
+                    ],
+                }),
+            },
+        });
+        // Lambda function role with least privilege
+        const lambdaRole = new aws_iam_1.Role(this, 'BedrockLoggingConfigRole', {
+            assumedBy: new aws_iam_1.ServicePrincipal('lambda.amazonaws.com'),
+            inlinePolicies: {
+                BedrockLoggingConfigPolicy: new aws_iam_1.PolicyDocument({
+                    statements: [
+                        new aws_iam_1.PolicyStatement({
+                            effect: aws_iam_1.Effect.ALLOW,
+                            actions: [
+                                'bedrock:GetModelInvocationLoggingConfiguration',
+                                'bedrock:PutModelInvocationLoggingConfiguration',
+                            ],
+                            resources: ['*'],
+                        }),
+                        new aws_iam_1.PolicyStatement({
+                            effect: aws_iam_1.Effect.ALLOW,
+                            actions: [
+                                'iam:PassRole',
+                            ],
+                            resources: [
+                                this.loggingRole.roleArn,
+                            ],
+                        }),
+                    ],
+                }),
+            },
+        });
+        const generatedLogPermissions = lambda_iam_utils_1.LambdaIamUtils.createLogsPermissions({
+            account,
+            functionName: 'bedrock-manage-logging-function',
+            region,
+            scope: this,
+        });
+        // PythonFunction for managing Bedrock logging configuration
+        const manageLoggingFunction = new aws_lambda_python_alpha_1.PythonFunction(this, 'BedrockManageLoggingFunction', {
+            functionName: generatedLogPermissions.uniqueFunctionName,
+            entry: path.join(__dirname, 'resources', 'bedrock-manage-logging-configuration'),
+            runtime: framework_1.DefaultRuntimes.PYTHON,
+            architecture: aws_lambda_1.Architecture.X86_64,
+            role: lambdaRole,
+        });
+        for (const statement of generatedLogPermissions.policyStatements) {
+            manageLoggingFunction.role?.addToPrincipalPolicy(statement);
+        }
+        // Custom resource provider
+        const provider = new custom_resources_1.Provider(this, 'BedrockLoggingProvider', {
+            onEventHandler: manageLoggingFunction,
+        });
+        // Custom resource to configure Bedrock logging
+        new aws_cdk_lib_1.CustomResource(this, 'BedrockLoggingConfig', {
+            serviceToken: provider.serviceToken,
+            properties: {
+                logGroupName: this.logGroup.logGroupName,
+                roleArn: this.loggingRole.roleArn,
+                override: props?.overrideExistingConfiguration || false,
+            },
+        });
+    }
+}
+exports.BedrockObservability = BedrockObservability;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmVkcm9jay1vYnNlcnZhYmlsaXR5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vdXNlLWNhc2VzL3V0aWxpdGllcy9vYnNlcnZhYmlsaXR5L2JlZHJvY2stb2JzZXJ2YWJpbGl0eS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2QkFBNkI7QUFDN0IsOEVBQWtFO0FBQ2xFLDZDQUEwRTtBQUMxRSxpREFBc0c7QUFDdEcsaURBQTBDO0FBQzFDLHVEQUFzRDtBQUN0RCxtREFBc0U7QUFDdEUsbUVBQXdEO0FBQ3hELDJDQUF1QztBQUV2QywrQ0FBa0Q7QUFDbEQsMERBQXFEO0FBU3JELE1BQWEsb0JBQXFCLFNBQVEsc0JBQVM7SUFLakQsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUFpQztRQUN6RSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ2pCLE1BQU0sRUFBRSxNQUFNLEVBQUUsT0FBTyxFQUFFLEdBQUcsbUJBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFM0MsTUFBTSxZQUFZLEdBQUcsZ0JBQWdCLG1CQUFLLENBQUMsa0JBQWtCLENBQUMsSUFBSSxFQUFFO1lBQ2xFLFNBQVMsRUFBRSxHQUFHO1NBQ2YsQ0FBQyxFQUFFLENBQUM7UUFFTCxNQUFNLFdBQVcsR0FBRyxnQkFBZ0IsTUFBTSxJQUFJLE9BQU8sY0FBYyxZQUFZLEVBQUUsQ0FBQztRQUNsRixNQUFNLFlBQVksR0FBRyxHQUFHLFdBQVcsMENBQTBDLENBQUM7UUFFOUUsSUFBSSxDQUFDLGFBQWEsR0FBRyxLQUFLLEVBQUUsc0JBQXNCLEVBQUUscUJBQXFCLElBQUksSUFBSSxhQUFHLENBQUMsSUFBSSxFQUFFLHVDQUF1QyxFQUFFO1lBQ2xJLGFBQWEsRUFBRSxLQUFLLEVBQUUsYUFBYSxJQUFJLDJCQUFhLENBQUMsT0FBTztZQUM1RCxpQkFBaUIsRUFBRSxJQUFJO1NBQ3hCLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxhQUFhLENBQUMsbUJBQW1CLENBQUMsSUFBSSwwQkFBZ0IsQ0FBQyxvQkFBb0IsRUFBRTtZQUNoRixVQUFVLEVBQUU7Z0JBQ1YsU0FBUyxFQUFFO29CQUNULG9DQUFvQyxFQUFFLFdBQVc7aUJBQ2xEO2FBQ0Y7U0FDRixDQUFDLENBQUMsQ0FBQztRQUVKLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxtQkFBUSxDQUFDLElBQUksRUFBRSwyQkFBMkIsRUFBRTtZQUM5RCxZQUFZO1lBQ1osYUFBYSxFQUFFLElBQUksQ0FBQyxhQUFhO1lBQ2pDLGFBQWEsRUFBRSxLQUFLLEVBQUUsYUFBYSxJQUFJLDJCQUFhLENBQUMsT0FBTztZQUM1RCxvQkFBb0IsRUFBRSxLQUFLLEVBQUUsc0JBQXNCLEVBQUUseUJBQXlCLENBQUMsQ0FBQyxDQUFDLElBQUksK0JBQW9CLENBQUM7Z0JBQ3hHLFdBQVcsRUFBRSxLQUFLLEVBQUUsc0JBQXNCLEVBQUUseUJBQXlCO2FBQ3RFLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUztTQUNmLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxXQUFXLEdBQUcsS0FBSyxFQUFFLFdBQVcsSUFBSSxJQUFJLGNBQUksQ0FBQyxJQUFJLEVBQUUsOEJBQThCLEVBQUU7WUFDdEYsU0FBUyxFQUFFLElBQUksMEJBQWdCLENBQUMsdUJBQXVCLEVBQUU7Z0JBQ3ZELFVBQVUsRUFBRTtvQkFDVixZQUFZLEVBQUU7d0JBQ1osbUJBQW1CLEVBQUUsT0FBTztxQkFDN0I7b0JBQ0QsT0FBTyxFQUFFO3dCQUNQLGVBQWUsRUFBRSxtQkFBbUIsTUFBTSxJQUFJLE9BQU8sSUFBSTtxQkFDMUQ7aUJBQ0Y7YUFDRixDQUFDO1lBQ0YsY0FBYyxFQUFFO2dCQUNkLG9CQUFvQixFQUFFLElBQUksd0JBQWMsQ0FBQztvQkFDdkMsVUFBVSxFQUFFO3dCQUNWLElBQUkseUJBQWUsQ0FBQzs0QkFDbEIsTUFBTSxFQUFFLGdCQUFNLENBQUMsS0FBSzs0QkFDcEIsT0FBTyxFQUFFO2dDQUNQLHNCQUFzQjtnQ0FDdEIsbUJBQW1COzZCQUNwQjs0QkFDRCxTQUFTLEVBQUU7Z0NBQ1QsWUFBWTs2QkFDYjt5QkFDRixDQUFDO3FCQUNIO2lCQUNGLENBQUM7YUFDSDtTQUNGLENBQUMsQ0FBQztRQUVILDRDQUE0QztRQUM1QyxNQUFNLFVBQVUsR0FBRyxJQUFJLGNBQUksQ0FBQyxJQUFJLEVBQUUsMEJBQTBCLEVBQUU7WUFDNUQsU0FBUyxFQUFFLElBQUksMEJBQWdCLENBQUMsc0JBQXNCLENBQUM7WUFDdkQsY0FBYyxFQUFFO2dCQUNkLDBCQUEwQixFQUFFLElBQUksd0JBQWMsQ0FBQztvQkFDN0MsVUFBVSxFQUFFO3dCQUNWLElBQUkseUJBQWUsQ0FBQzs0QkFDbEIsTUFBTSxFQUFFLGdCQUFNLENBQUMsS0FBSzs0QkFDcEIsT0FBTyxFQUFFO2dDQUNQLGdEQUFnRDtnQ0FDaEQsZ0RBQWdEOzZCQUNqRDs0QkFDRCxTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7eUJBQ2pCLENBQUM7d0JBQ0YsSUFBSSx5QkFBZSxDQUFDOzRCQUNsQixNQUFNLEVBQUUsZ0JBQU0sQ0FBQyxLQUFLOzRCQUNwQixPQUFPLEVBQUU7Z0NBQ1AsY0FBYzs2QkFDZjs0QkFDRCxTQUFTLEVBQUU7Z0NBQ1QsSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPOzZCQUN6Qjt5QkFDRixDQUFDO3FCQUNIO2lCQUNGLENBQUM7YUFDSDtTQUNGLENBQUMsQ0FBQztRQUVILE1BQU0sdUJBQXVCLEdBQUcsaUNBQWMsQ0FBQyxxQkFBcUIsQ0FBQztZQUNuRSxPQUFPO1lBQ1AsWUFBWSxFQUFFLGlDQUFpQztZQUMvQyxNQUFNO1lBQ04sS0FBSyxFQUFFLElBQUk7U0FDWixDQUFDLENBQUM7UUFFSCw0REFBNEQ7UUFDNUQsTUFBTSxxQkFBcUIsR0FBRyxJQUFJLHdDQUFjLENBQUMsSUFBSSxFQUFFLDhCQUE4QixFQUFFO1lBQ3JGLFlBQVksRUFBRSx1QkFBdUIsQ0FBQyxrQkFBa0I7WUFDeEQsS0FBSyxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLFdBQVcsRUFBRSxzQ0FBc0MsQ0FBQztZQUNoRixPQUFPLEVBQUUsMkJBQWUsQ0FBQyxNQUFNO1lBQy9CLFlBQVksRUFBRSx5QkFBWSxDQUFDLE1BQU07WUFDakMsSUFBSSxFQUFFLFVBQVU7U0FDakIsQ0FBQyxDQUFDO1FBRUgsS0FBSyxNQUFNLFNBQVMsSUFBSSx1QkFBdUIsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ2pFLHFCQUFxQixDQUFDLElBQUksRUFBRSxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUM5RCxDQUFDO1FBRUQsMkJBQTJCO1FBQzNCLE1BQU0sUUFBUSxHQUFHLElBQUksMkJBQVEsQ0FBQyxJQUFJLEVBQUUsd0JBQXdCLEVBQUU7WUFDNUQsY0FBYyxFQUFFLHFCQUFxQjtTQUN0QyxDQUFDLENBQUM7UUFFSCwrQ0FBK0M7UUFDL0MsSUFBSSw0QkFBYyxDQUFDLElBQUksRUFBRSxzQkFBc0IsRUFBRTtZQUMvQyxZQUFZLEVBQUUsUUFBUSxDQUFDLFlBQVk7WUFDbkMsVUFBVSxFQUFFO2dCQUNWLFlBQVksRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLFlBQVk7Z0JBQ3hDLE9BQU8sRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU87Z0JBQ2pDLFFBQVEsRUFBRSxLQUFLLEVBQUUsNkJBQTZCLElBQUksS0FBSzthQUN4RDtTQUNGLENBQUMsQ0FBQztJQUNMLENBQUM7Q0FDRjtBQWxJRCxvREFrSUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBwYXRoIGZyb20gJ3BhdGgnO1xuaW1wb3J0IHsgUHl0aG9uRnVuY3Rpb24gfSBmcm9tICdAYXdzLWNkay9hd3MtbGFtYmRhLXB5dGhvbi1hbHBoYSc7XG5pbXBvcnQgeyBDdXN0b21SZXNvdXJjZSwgTmFtZXMsIFJlbW92YWxQb2xpY3ksIFN0YWNrIH0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0IHsgUm9sZSwgU2VydmljZVByaW5jaXBhbCwgUG9saWN5U3RhdGVtZW50LCBFZmZlY3QsIFBvbGljeURvY3VtZW50IH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWlhbSc7XG5pbXBvcnQgeyBLZXkgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3Mta21zJztcbmltcG9ydCB7IEFyY2hpdGVjdHVyZSB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1sYW1iZGEnO1xuaW1wb3J0IHsgRGF0YVByb3RlY3Rpb25Qb2xpY3ksIExvZ0dyb3VwIH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWxvZ3MnO1xuaW1wb3J0IHsgUHJvdmlkZXIgfSBmcm9tICdhd3MtY2RrLWxpYi9jdXN0b20tcmVzb3VyY2VzJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuaW1wb3J0IHsgTG9nR3JvdXBEYXRhUHJvdGVjdGlvblByb3BzIH0gZnJvbSAnLi9sb2ctZ3JvdXAtZGF0YS1wcm90ZWN0aW9uLXByb3BzJztcbmltcG9ydCB7IERlZmF1bHRSdW50aW1lcyB9IGZyb20gJy4uLy4uL2ZyYW1ld29yayc7XG5pbXBvcnQgeyBMYW1iZGFJYW1VdGlscyB9IGZyb20gJy4uL2xhbWJkYS1pYW0tdXRpbHMnO1xuXG5leHBvcnQgaW50ZXJmYWNlIEJlZHJvY2tPYnNlcnZhYmlsaXR5UHJvcHMge1xuICByZWFkb25seSBsb2dHcm91cERhdGFQcm90ZWN0aW9uPzogTG9nR3JvdXBEYXRhUHJvdGVjdGlvblByb3BzO1xuICByZWFkb25seSBsb2dnaW5nUm9sZT86IFJvbGU7XG4gIHJlYWRvbmx5IG92ZXJyaWRlRXhpc3RpbmdDb25maWd1cmF0aW9uPzogYm9vbGVhbjtcbiAgcmVhZG9ubHkgcmVtb3ZhbFBvbGljeT86IFJlbW92YWxQb2xpY3k7XG59XG5cbmV4cG9ydCBjbGFzcyBCZWRyb2NrT2JzZXJ2YWJpbGl0eSBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHJlYWRvbmx5IGxvZ0dyb3VwOiBMb2dHcm91cDtcbiAgcmVhZG9ubHkgbG9nZ2luZ1JvbGU6IFJvbGU7XG4gIHJlYWRvbmx5IGVuY3J5cHRpb25LZXk6IEtleTtcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wcz86IEJlZHJvY2tPYnNlcnZhYmlsaXR5UHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuICAgIGNvbnN0IHsgcmVnaW9uLCBhY2NvdW50IH0gPSBTdGFjay5vZih0aGlzKTtcblxuICAgIGNvbnN0IGxvZ0dyb3VwTmFtZSA9IGAvYXdzL2JlZHJvY2svJHtOYW1lcy51bmlxdWVSZXNvdXJjZU5hbWUodGhpcywge1xuICAgICAgbWF4TGVuZ3RoOiAxMDAsXG4gICAgfSl9YDtcblxuICAgIGNvbnN0IGxvZ0dyb3VwQXJuID0gYGFybjphd3M6bG9nczoke3JlZ2lvbn06JHthY2NvdW50fTpsb2ctZ3JvdXA6JHtsb2dHcm91cE5hbWV9YDtcbiAgICBjb25zdCBsb2dTdHJlYW1Bcm4gPSBgJHtsb2dHcm91cEFybn06bG9nLXN0cmVhbTphd3MvYmVkcm9jay9tb2RlbGludm9jYXRpb25zYDtcblxuICAgIHRoaXMuZW5jcnlwdGlvbktleSA9IHByb3BzPy5sb2dHcm91cERhdGFQcm90ZWN0aW9uPy5sb2dHcm91cEVuY3J5cHRpb25LZXkgfHwgbmV3IEtleSh0aGlzLCAnQmVkcm9ja0ludm9jYXRpb25Mb2dnaW5nRW5jcnlwdGlvbktleScsIHtcbiAgICAgIHJlbW92YWxQb2xpY3k6IHByb3BzPy5yZW1vdmFsUG9saWN5IHx8IFJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICAgIGVuYWJsZUtleVJvdGF0aW9uOiB0cnVlLFxuICAgIH0pO1xuXG4gICAgdGhpcy5lbmNyeXB0aW9uS2V5LmdyYW50RW5jcnlwdERlY3J5cHQobmV3IFNlcnZpY2VQcmluY2lwYWwoJ2xvZ3MuYW1hem9uYXdzLmNvbScsIHtcbiAgICAgIGNvbmRpdGlvbnM6IHtcbiAgICAgICAgQXJuRXF1YWxzOiB7XG4gICAgICAgICAgJ2ttczpFbmNyeXB0aW9uQ29udGV4dDphd3M6bG9nczphcm4nOiBsb2dHcm91cEFybixcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSkpO1xuXG4gICAgdGhpcy5sb2dHcm91cCA9IG5ldyBMb2dHcm91cCh0aGlzLCAnQmVkcm9ja0ludm9jYXRpb25Mb2dHcm91cCcsIHtcbiAgICAgIGxvZ0dyb3VwTmFtZSxcbiAgICAgIGVuY3J5cHRpb25LZXk6IHRoaXMuZW5jcnlwdGlvbktleSxcbiAgICAgIHJlbW92YWxQb2xpY3k6IHByb3BzPy5yZW1vdmFsUG9saWN5IHx8IFJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICAgIGRhdGFQcm90ZWN0aW9uUG9saWN5OiBwcm9wcz8ubG9nR3JvdXBEYXRhUHJvdGVjdGlvbj8uZGF0YVByb3RlY3Rpb25JZGVudGlmaWVycyA/IG5ldyBEYXRhUHJvdGVjdGlvblBvbGljeSh7XG4gICAgICAgIGlkZW50aWZpZXJzOiBwcm9wcz8ubG9nR3JvdXBEYXRhUHJvdGVjdGlvbj8uZGF0YVByb3RlY3Rpb25JZGVudGlmaWVycyxcbiAgICAgIH0pIDogdW5kZWZpbmVkLFxuICAgIH0pO1xuXG4gICAgdGhpcy5sb2dnaW5nUm9sZSA9IHByb3BzPy5sb2dnaW5nUm9sZSB8fCBuZXcgUm9sZSh0aGlzLCAnQmVkcm9ja0ludm9jYXRpb25Mb2dnaW5nUm9sZScsIHtcbiAgICAgIGFzc3VtZWRCeTogbmV3IFNlcnZpY2VQcmluY2lwYWwoJ2JlZHJvY2suYW1hem9uYXdzLmNvbScsIHtcbiAgICAgICAgY29uZGl0aW9uczoge1xuICAgICAgICAgIFN0cmluZ0VxdWFsczoge1xuICAgICAgICAgICAgJ2F3czpTb3VyY2VBY2NvdW50JzogYWNjb3VudCxcbiAgICAgICAgICB9LFxuICAgICAgICAgIEFybkxpa2U6IHtcbiAgICAgICAgICAgICdhd3M6U291cmNlQXJuJzogYGFybjphd3M6YmVkcm9jazoke3JlZ2lvbn06JHthY2NvdW50fToqYCxcbiAgICAgICAgICB9LFxuICAgICAgICB9LFxuICAgICAgfSksXG4gICAgICBpbmxpbmVQb2xpY2llczoge1xuICAgICAgICBCZWRyb2NrTG9nZ2luZ1BvbGljeTogbmV3IFBvbGljeURvY3VtZW50KHtcbiAgICAgICAgICBzdGF0ZW1lbnRzOiBbXG4gICAgICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICAgICAgZWZmZWN0OiBFZmZlY3QuQUxMT1csXG4gICAgICAgICAgICAgIGFjdGlvbnM6IFtcbiAgICAgICAgICAgICAgICAnbG9nczpDcmVhdGVMb2dTdHJlYW0nLFxuICAgICAgICAgICAgICAgICdsb2dzOlB1dExvZ0V2ZW50cycsXG4gICAgICAgICAgICAgIF0sXG4gICAgICAgICAgICAgIHJlc291cmNlczogW1xuICAgICAgICAgICAgICAgIGxvZ1N0cmVhbUFybixcbiAgICAgICAgICAgICAgXSxcbiAgICAgICAgICAgIH0pLFxuICAgICAgICAgIF0sXG4gICAgICAgIH0pLFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIC8vIExhbWJkYSBmdW5jdGlvbiByb2xlIHdpdGggbGVhc3QgcHJpdmlsZWdlXG4gICAgY29uc3QgbGFtYmRhUm9sZSA9IG5ldyBSb2xlKHRoaXMsICdCZWRyb2NrTG9nZ2luZ0NvbmZpZ1JvbGUnLCB7XG4gICAgICBhc3N1bWVkQnk6IG5ldyBTZXJ2aWNlUHJpbmNpcGFsKCdsYW1iZGEuYW1hem9uYXdzLmNvbScpLFxuICAgICAgaW5saW5lUG9saWNpZXM6IHtcbiAgICAgICAgQmVkcm9ja0xvZ2dpbmdDb25maWdQb2xpY3k6IG5ldyBQb2xpY3lEb2N1bWVudCh7XG4gICAgICAgICAgc3RhdGVtZW50czogW1xuICAgICAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgICAgIGVmZmVjdDogRWZmZWN0LkFMTE9XLFxuICAgICAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAgICAgJ2JlZHJvY2s6R2V0TW9kZWxJbnZvY2F0aW9uTG9nZ2luZ0NvbmZpZ3VyYXRpb24nLFxuICAgICAgICAgICAgICAgICdiZWRyb2NrOlB1dE1vZGVsSW52b2NhdGlvbkxvZ2dpbmdDb25maWd1cmF0aW9uJyxcbiAgICAgICAgICAgICAgXSxcbiAgICAgICAgICAgICAgcmVzb3VyY2VzOiBbJyonXSxcbiAgICAgICAgICAgIH0pLFxuICAgICAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgICAgIGVmZmVjdDogRWZmZWN0LkFMTE9XLFxuICAgICAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAgICAgJ2lhbTpQYXNzUm9sZScsXG4gICAgICAgICAgICAgIF0sXG4gICAgICAgICAgICAgIHJlc291cmNlczogW1xuICAgICAgICAgICAgICAgIHRoaXMubG9nZ2luZ1JvbGUucm9sZUFybixcbiAgICAgICAgICAgICAgXSxcbiAgICAgICAgICAgIH0pLFxuICAgICAgICAgIF0sXG4gICAgICAgIH0pLFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIGNvbnN0IGdlbmVyYXRlZExvZ1Blcm1pc3Npb25zID0gTGFtYmRhSWFtVXRpbHMuY3JlYXRlTG9nc1Blcm1pc3Npb25zKHtcbiAgICAgIGFjY291bnQsXG4gICAgICBmdW5jdGlvbk5hbWU6ICdiZWRyb2NrLW1hbmFnZS1sb2dnaW5nLWZ1bmN0aW9uJyxcbiAgICAgIHJlZ2lvbixcbiAgICAgIHNjb3BlOiB0aGlzLFxuICAgIH0pO1xuXG4gICAgLy8gUHl0aG9uRnVuY3Rpb24gZm9yIG1hbmFnaW5nIEJlZHJvY2sgbG9nZ2luZyBjb25maWd1cmF0aW9uXG4gICAgY29uc3QgbWFuYWdlTG9nZ2luZ0Z1bmN0aW9uID0gbmV3IFB5dGhvbkZ1bmN0aW9uKHRoaXMsICdCZWRyb2NrTWFuYWdlTG9nZ2luZ0Z1bmN0aW9uJywge1xuICAgICAgZnVuY3Rpb25OYW1lOiBnZW5lcmF0ZWRMb2dQZXJtaXNzaW9ucy51bmlxdWVGdW5jdGlvbk5hbWUsXG4gICAgICBlbnRyeTogcGF0aC5qb2luKF9fZGlybmFtZSwgJ3Jlc291cmNlcycsICdiZWRyb2NrLW1hbmFnZS1sb2dnaW5nLWNvbmZpZ3VyYXRpb24nKSxcbiAgICAgIHJ1bnRpbWU6IERlZmF1bHRSdW50aW1lcy5QWVRIT04sXG4gICAgICBhcmNoaXRlY3R1cmU6IEFyY2hpdGVjdHVyZS5YODZfNjQsXG4gICAgICByb2xlOiBsYW1iZGFSb2xlLFxuICAgIH0pO1xuXG4gICAgZm9yIChjb25zdCBzdGF0ZW1lbnQgb2YgZ2VuZXJhdGVkTG9nUGVybWlzc2lvbnMucG9saWN5U3RhdGVtZW50cykge1xuICAgICAgbWFuYWdlTG9nZ2luZ0Z1bmN0aW9uLnJvbGU/LmFkZFRvUHJpbmNpcGFsUG9saWN5KHN0YXRlbWVudCk7XG4gICAgfVxuXG4gICAgLy8gQ3VzdG9tIHJlc291cmNlIHByb3ZpZGVyXG4gICAgY29uc3QgcHJvdmlkZXIgPSBuZXcgUHJvdmlkZXIodGhpcywgJ0JlZHJvY2tMb2dnaW5nUHJvdmlkZXInLCB7XG4gICAgICBvbkV2ZW50SGFuZGxlcjogbWFuYWdlTG9nZ2luZ0Z1bmN0aW9uLFxuICAgIH0pO1xuXG4gICAgLy8gQ3VzdG9tIHJlc291cmNlIHRvIGNvbmZpZ3VyZSBCZWRyb2NrIGxvZ2dpbmdcbiAgICBuZXcgQ3VzdG9tUmVzb3VyY2UodGhpcywgJ0JlZHJvY2tMb2dnaW5nQ29uZmlnJywge1xuICAgICAgc2VydmljZVRva2VuOiBwcm92aWRlci5zZXJ2aWNlVG9rZW4sXG4gICAgICBwcm9wZXJ0aWVzOiB7XG4gICAgICAgIGxvZ0dyb3VwTmFtZTogdGhpcy5sb2dHcm91cC5sb2dHcm91cE5hbWUsXG4gICAgICAgIHJvbGVBcm46IHRoaXMubG9nZ2luZ1JvbGUucm9sZUFybixcbiAgICAgICAgb3ZlcnJpZGU6IHByb3BzPy5vdmVycmlkZUV4aXN0aW5nQ29uZmlndXJhdGlvbiB8fCBmYWxzZSxcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cbn0iXX0=

package/lib/utilities/observability/cloudfront-distribution-observability-property-injector.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { InjectionContext, IPropertyInjector } from 'aws-cdk-lib';
+export declare class CloudfrontDistributionObservabilityPropertyInjector implements IPropertyInjector {
+    readonly constructUniqueId: string;
+    constructor();
+    inject(originalProps: any, context: InjectionContext): any;
+}

package/lib/utilities/observability/cloudfront-distribution-observability-property-injector.js ADDED Viewed

@@ -0,0 +1,22 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CloudfrontDistributionObservabilityPropertyInjector = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const aws_cloudfront_1 = require("aws-cdk-lib/aws-cloudfront");
+class CloudfrontDistributionObservabilityPropertyInjector {
+    constructor() {
+        this.constructUniqueId = aws_cloudfront_1.Distribution.PROPERTY_INJECTION_ID;
+    }
+    inject(originalProps, context) {
+        return {
+            enableLogging: true,
+            logFilePrefix: `${context.id}-distribution-`,
+            ...originalProps,
+        };
+    }
+}
+exports.CloudfrontDistributionObservabilityPropertyInjector = CloudfrontDistributionObservabilityPropertyInjector;
+_a = JSII_RTTI_SYMBOL_1;
+CloudfrontDistributionObservabilityPropertyInjector[_a] = { fqn: "@cdklabs/cdk-appmod-catalog-blueprints.CloudfrontDistributionObservabilityPropertyInjector", version: "1.0.0" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xvdWRmcm9udC1kaXN0cmlidXRpb24tb2JzZXJ2YWJpbGl0eS1wcm9wZXJ0eS1pbmplY3Rvci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3VzZS1jYXNlcy91dGlsaXRpZXMvb2JzZXJ2YWJpbGl0eS9jbG91ZGZyb250LWRpc3RyaWJ1dGlvbi1vYnNlcnZhYmlsaXR5LXByb3BlcnR5LWluamVjdG9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQ0EsK0RBQTBEO0FBRTFELE1BQWEsbURBQW1EO0lBRzlEO1FBQ0UsSUFBSSxDQUFDLGlCQUFpQixHQUFHLDZCQUFZLENBQUMscUJBQXFCLENBQUM7SUFDOUQsQ0FBQztJQUVELE1BQU0sQ0FBQyxhQUFrQixFQUFFLE9BQXlCO1FBQ2xELE9BQU87WUFDTCxhQUFhLEVBQUUsSUFBSTtZQUNuQixhQUFhLEVBQUUsR0FBRyxPQUFPLENBQUMsRUFBRSxnQkFBZ0I7WUFDNUMsR0FBRyxhQUFhO1NBQ2pCLENBQUM7SUFDSixDQUFDOztBQWJILGtIQWVDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSW5qZWN0aW9uQ29udGV4dCwgSVByb3BlcnR5SW5qZWN0b3IgfSBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgeyBEaXN0cmlidXRpb24gfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtY2xvdWRmcm9udCc7XG5cbmV4cG9ydCBjbGFzcyBDbG91ZGZyb250RGlzdHJpYnV0aW9uT2JzZXJ2YWJpbGl0eVByb3BlcnR5SW5qZWN0b3IgaW1wbGVtZW50cyBJUHJvcGVydHlJbmplY3RvciB7XG4gIHJlYWRvbmx5IGNvbnN0cnVjdFVuaXF1ZUlkOiBzdHJpbmc7XG5cbiAgY29uc3RydWN0b3IoKSB7XG4gICAgdGhpcy5jb25zdHJ1Y3RVbmlxdWVJZCA9IERpc3RyaWJ1dGlvbi5QUk9QRVJUWV9JTkpFQ1RJT05fSUQ7XG4gIH1cblxuICBpbmplY3Qob3JpZ2luYWxQcm9wczogYW55LCBjb250ZXh0OiBJbmplY3Rpb25Db250ZXh0KTogYW55IHtcbiAgICByZXR1cm4ge1xuICAgICAgZW5hYmxlTG9nZ2luZzogdHJ1ZSxcbiAgICAgIGxvZ0ZpbGVQcmVmaXg6IGAke2NvbnRleHQuaWR9LWRpc3RyaWJ1dGlvbi1gLFxuICAgICAgLi4ub3JpZ2luYWxQcm9wcyxcbiAgICB9O1xuICB9XG5cbn0iXX0=

package/lib/utilities/observability/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export * from './lambda-observability-property-injector';
+export * from './state-machine-observability-property-injector';
+export * from './cloudfront-distribution-observability-property-injector';
+export * from './observable';
+export * from './powertools-config';
+export * from './log-group-data-protection-props';

package/lib/utilities/observability/index.js ADDED Viewed

@@ -0,0 +1,25 @@
+"use strict";
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./lambda-observability-property-injector"), exports);
+__exportStar(require("./state-machine-observability-property-injector"), exports);
+__exportStar(require("./cloudfront-distribution-observability-property-injector"), exports);
+__exportStar(require("./observable"), exports);
+__exportStar(require("./powertools-config"), exports);
+__exportStar(require("./log-group-data-protection-props"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi91c2UtY2FzZXMvdXRpbGl0aWVzL29ic2VydmFiaWxpdHkvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLHFFQUFxRTtBQUNyRSxzQ0FBc0M7Ozs7Ozs7Ozs7Ozs7Ozs7QUFFdEMsMkVBQXlEO0FBQ3pELGtGQUFnRTtBQUNoRSw0RkFBMEU7QUFDMUUsK0NBQTZCO0FBQzdCLHNEQUFvQztBQUNwQyxvRUFBa0QiLCJzb3VyY2VzQ29udGVudCI6WyIvLyBDb3B5cmlnaHQgQW1hem9uLmNvbSwgSW5jLiBvciBpdHMgYWZmaWxpYXRlcy4gQWxsIFJpZ2h0cyBSZXNlcnZlZC5cbi8vIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wXG5cbmV4cG9ydCAqIGZyb20gJy4vbGFtYmRhLW9ic2VydmFiaWxpdHktcHJvcGVydHktaW5qZWN0b3InO1xuZXhwb3J0ICogZnJvbSAnLi9zdGF0ZS1tYWNoaW5lLW9ic2VydmFiaWxpdHktcHJvcGVydHktaW5qZWN0b3InO1xuZXhwb3J0ICogZnJvbSAnLi9jbG91ZGZyb250LWRpc3RyaWJ1dGlvbi1vYnNlcnZhYmlsaXR5LXByb3BlcnR5LWluamVjdG9yJztcbmV4cG9ydCAqIGZyb20gJy4vb2JzZXJ2YWJsZSc7XG5leHBvcnQgKiBmcm9tICcuL3Bvd2VydG9vbHMtY29uZmlnJztcbmV4cG9ydCAqIGZyb20gJy4vbG9nLWdyb3VwLWRhdGEtcHJvdGVjdGlvbi1wcm9wcyc7Il19

package/lib/utilities/observability/lambda-observability-property-injector.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { InjectionContext, IPropertyInjector } from 'aws-cdk-lib';
+import { LogGroupDataProtectionProps } from './log-group-data-protection-props';
+export declare class LambdaObservabilityPropertyInjector implements IPropertyInjector {
+    readonly constructUniqueId: string;
+    readonly logGroupDataProtection: LogGroupDataProtectionProps;
+    constructor(logGroupDataProtection: LogGroupDataProtectionProps);
+    inject(originalProps: any, _context: InjectionContext): any;
+}

package/lib/utilities/observability/lambda-observability-property-injector.js ADDED Viewed

@@ -0,0 +1,43 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LambdaObservabilityPropertyInjector = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_iam_1 = require("aws-cdk-lib/aws-iam");
+const aws_lambda_1 = require("aws-cdk-lib/aws-lambda");
+const aws_logs_1 = require("aws-cdk-lib/aws-logs");
+class LambdaObservabilityPropertyInjector {
+    constructor(logGroupDataProtection) {
+        this.constructUniqueId = aws_lambda_1.Function.PROPERTY_INJECTION_ID;
+        this.logGroupDataProtection = logGroupDataProtection;
+    }
+    inject(originalProps, _context) {
+        const { region, account } = aws_cdk_lib_1.Stack.of(_context.scope);
+        const logGroupName = `/aws/lambda/${originalProps.functionName}`;
+        const logGroupArn = `arn:aws:logs:${region}:${account}:log-group:${logGroupName}`;
+        this.logGroupDataProtection.logGroupEncryptionKey?.grantEncryptDecrypt(new aws_iam_1.ServicePrincipal('logs.amazonaws.com', {
+            conditions: {
+                ArnEquals: {
+                    'kms:EncryptionContext:aws:logs:arn': logGroupArn,
+                },
+            },
+        }));
+        return {
+            LogGroup: new aws_logs_1.LogGroup(_context.scope, `${_context.id}-LogGroup`, {
+                logGroupName,
+                encryptionKey: this.logGroupDataProtection.logGroupEncryptionKey,
+                dataProtectionPolicy: this.logGroupDataProtection.dataProtectionIdentifiers ? new aws_logs_1.DataProtectionPolicy({
+                    identifiers: this.logGroupDataProtection.dataProtectionIdentifiers,
+                }) : undefined,
+                removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
+            }),
+            tracing: aws_lambda_1.Tracing.ACTIVE,
+            ...originalProps,
+        };
+    }
+}
+exports.LambdaObservabilityPropertyInjector = LambdaObservabilityPropertyInjector;
+_a = JSII_RTTI_SYMBOL_1;
+LambdaObservabilityPropertyInjector[_a] = { fqn: "@cdklabs/cdk-appmod-catalog-blueprints.LambdaObservabilityPropertyInjector", version: "1.0.0" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGFtYmRhLW9ic2VydmFiaWxpdHktcHJvcGVydHktaW5qZWN0b3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi91c2UtY2FzZXMvdXRpbGl0aWVzL29ic2VydmFiaWxpdHkvbGFtYmRhLW9ic2VydmFiaWxpdHktcHJvcGVydHktaW5qZWN0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw2Q0FBd0Y7QUFDeEYsaURBQXVEO0FBQ3ZELHVEQUEyRDtBQUMzRCxtREFBc0U7QUFHdEUsTUFBYSxtQ0FBbUM7SUFJOUMsWUFBWSxzQkFBbUQ7UUFDN0QsSUFBSSxDQUFDLGlCQUFpQixHQUFHLHFCQUFRLENBQUMscUJBQXFCLENBQUM7UUFDeEQsSUFBSSxDQUFDLHNCQUFzQixHQUFHLHNCQUFzQixDQUFDO0lBQ3ZELENBQUM7SUFFRCxNQUFNLENBQUMsYUFBa0IsRUFBRSxRQUEwQjtRQUNuRCxNQUFNLEVBQUUsTUFBTSxFQUFFLE9BQU8sRUFBRSxHQUFHLG1CQUFLLENBQUMsRUFBRSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNyRCxNQUFNLFlBQVksR0FBRyxlQUFlLGFBQWEsQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUNqRSxNQUFNLFdBQVcsR0FBRyxnQkFBZ0IsTUFBTSxJQUFJLE9BQU8sY0FBYyxZQUFZLEVBQUUsQ0FBQztRQUNsRixJQUFJLENBQUMsc0JBQXNCLENBQUMscUJBQXFCLEVBQUUsbUJBQW1CLENBQUMsSUFBSSwwQkFBZ0IsQ0FBQyxvQkFBb0IsRUFBRTtZQUNoSCxVQUFVLEVBQUU7Z0JBQ1YsU0FBUyxFQUFFO29CQUNULG9DQUFvQyxFQUFFLFdBQVc7aUJBQ2xEO2FBQ0Y7U0FDRixDQUFDLENBQUMsQ0FBQztRQUVKLE9BQU87WUFDTCxRQUFRLEVBQUUsSUFBSSxtQkFBUSxDQUFDLFFBQVEsQ0FBQyxLQUFLLEVBQUUsR0FBRyxRQUFRLENBQUMsRUFBRSxXQUFXLEVBQUU7Z0JBQ2hFLFlBQVk7Z0JBQ1osYUFBYSxFQUFFLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxxQkFBcUI7Z0JBQ2hFLG9CQUFvQixFQUFFLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDLENBQUMsSUFBSSwrQkFBb0IsQ0FBQztvQkFDckcsV0FBVyxFQUFFLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyx5QkFBeUI7aUJBQ25FLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUztnQkFDZCxhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO2FBQ3JDLENBQUM7WUFDRixPQUFPLEVBQUUsb0JBQU8sQ0FBQyxNQUFNO1lBQ3ZCLEdBQUcsYUFBYTtTQUNqQixDQUFDO0lBQ0osQ0FBQzs7QUFqQ0gsa0ZBbUNDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSW5qZWN0aW9uQ29udGV4dCwgSVByb3BlcnR5SW5qZWN0b3IsIFJlbW92YWxQb2xpY3ksIFN0YWNrIH0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0IHsgU2VydmljZVByaW5jaXBhbCB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1pYW0nO1xuaW1wb3J0IHsgRnVuY3Rpb24sIFRyYWNpbmcgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtbGFtYmRhJztcbmltcG9ydCB7IERhdGFQcm90ZWN0aW9uUG9saWN5LCBMb2dHcm91cCB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1sb2dzJztcbmltcG9ydCB7IExvZ0dyb3VwRGF0YVByb3RlY3Rpb25Qcm9wcyB9IGZyb20gJy4vbG9nLWdyb3VwLWRhdGEtcHJvdGVjdGlvbi1wcm9wcyc7XG5cbmV4cG9ydCBjbGFzcyBMYW1iZGFPYnNlcnZhYmlsaXR5UHJvcGVydHlJbmplY3RvciBpbXBsZW1lbnRzIElQcm9wZXJ0eUluamVjdG9yIHtcbiAgcmVhZG9ubHkgY29uc3RydWN0VW5pcXVlSWQ6IHN0cmluZztcbiAgcmVhZG9ubHkgbG9nR3JvdXBEYXRhUHJvdGVjdGlvbjogTG9nR3JvdXBEYXRhUHJvdGVjdGlvblByb3BzO1xuXG4gIGNvbnN0cnVjdG9yKGxvZ0dyb3VwRGF0YVByb3RlY3Rpb246IExvZ0dyb3VwRGF0YVByb3RlY3Rpb25Qcm9wcykge1xuICAgIHRoaXMuY29uc3RydWN0VW5pcXVlSWQgPSBGdW5jdGlvbi5QUk9QRVJUWV9JTkpFQ1RJT05fSUQ7XG4gICAgdGhpcy5sb2dHcm91cERhdGFQcm90ZWN0aW9uID0gbG9nR3JvdXBEYXRhUHJvdGVjdGlvbjtcbiAgfVxuXG4gIGluamVjdChvcmlnaW5hbFByb3BzOiBhbnksIF9jb250ZXh0OiBJbmplY3Rpb25Db250ZXh0KTogYW55IHtcbiAgICBjb25zdCB7IHJlZ2lvbiwgYWNjb3VudCB9ID0gU3RhY2sub2YoX2NvbnRleHQuc2NvcGUpO1xuICAgIGNvbnN0IGxvZ0dyb3VwTmFtZSA9IGAvYXdzL2xhbWJkYS8ke29yaWdpbmFsUHJvcHMuZnVuY3Rpb25OYW1lfWA7XG4gICAgY29uc3QgbG9nR3JvdXBBcm4gPSBgYXJuOmF3czpsb2dzOiR7cmVnaW9ufToke2FjY291bnR9OmxvZy1ncm91cDoke2xvZ0dyb3VwTmFtZX1gO1xuICAgIHRoaXMubG9nR3JvdXBEYXRhUHJvdGVjdGlvbi5sb2dHcm91cEVuY3J5cHRpb25LZXk/LmdyYW50RW5jcnlwdERlY3J5cHQobmV3IFNlcnZpY2VQcmluY2lwYWwoJ2xvZ3MuYW1hem9uYXdzLmNvbScsIHtcbiAgICAgIGNvbmRpdGlvbnM6IHtcbiAgICAgICAgQXJuRXF1YWxzOiB7XG4gICAgICAgICAgJ2ttczpFbmNyeXB0aW9uQ29udGV4dDphd3M6bG9nczphcm4nOiBsb2dHcm91cEFybixcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSkpO1xuXG4gICAgcmV0dXJuIHtcbiAgICAgIExvZ0dyb3VwOiBuZXcgTG9nR3JvdXAoX2NvbnRleHQuc2NvcGUsIGAke19jb250ZXh0LmlkfS1Mb2dHcm91cGAsIHtcbiAgICAgICAgbG9nR3JvdXBOYW1lLFxuICAgICAgICBlbmNyeXB0aW9uS2V5OiB0aGlzLmxvZ0dyb3VwRGF0YVByb3RlY3Rpb24ubG9nR3JvdXBFbmNyeXB0aW9uS2V5LFxuICAgICAgICBkYXRhUHJvdGVjdGlvblBvbGljeTogdGhpcy5sb2dHcm91cERhdGFQcm90ZWN0aW9uLmRhdGFQcm90ZWN0aW9uSWRlbnRpZmllcnMgPyBuZXcgRGF0YVByb3RlY3Rpb25Qb2xpY3koe1xuICAgICAgICAgIGlkZW50aWZpZXJzOiB0aGlzLmxvZ0dyb3VwRGF0YVByb3RlY3Rpb24uZGF0YVByb3RlY3Rpb25JZGVudGlmaWVycyxcbiAgICAgICAgfSkgOiB1bmRlZmluZWQsXG4gICAgICAgIHJlbW92YWxQb2xpY3k6IFJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICAgIH0pLFxuICAgICAgdHJhY2luZzogVHJhY2luZy5BQ1RJVkUsXG4gICAgICAuLi5vcmlnaW5hbFByb3BzLFxuICAgIH07XG4gIH1cblxufSJdfQ==

package/lib/utilities/observability/log-group-data-protection-props.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { Key } from 'aws-cdk-lib/aws-kms';
+import { DataIdentifier } from 'aws-cdk-lib/aws-logs';
+/**
+ * Props to enable various data protection configuration
+ * for CloudWatch Log Groups
+ */
+export interface LogGroupDataProtectionProps {
+    /**
+     * Encryption key that would be used to encrypt the relevant log group
+     * @default a new KMS key would automatically be created
+     */
+    readonly logGroupEncryptionKey?: Key;
+    /**
+     * List of DataIdentifiers that would be used as part of the
+     * Data Protection Policy that would be created for the log group
+     * @default Data Protection Policy won't be enabled
+     */
+    readonly dataProtectionIdentifiers?: DataIdentifier[];
+}

package/lib/utilities/observability/log-group-data-protection-props.js ADDED Viewed

@@ -0,0 +1,5 @@
+"use strict";
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibG9nLWdyb3VwLWRhdGEtcHJvdGVjdGlvbi1wcm9wcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3VzZS1jYXNlcy91dGlsaXRpZXMvb2JzZXJ2YWJpbGl0eS9sb2ctZ3JvdXAtZGF0YS1wcm90ZWN0aW9uLXByb3BzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxxRUFBcUU7QUFDckUsc0NBQXNDIiwic291cmNlc0NvbnRlbnQiOlsiLy8gQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4vLyBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMFxuXG5pbXBvcnQgeyBLZXkgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3Mta21zJztcbmltcG9ydCB7IERhdGFJZGVudGlmaWVyIH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWxvZ3MnO1xuXG4vKipcbiAqIFByb3BzIHRvIGVuYWJsZSB2YXJpb3VzIGRhdGEgcHJvdGVjdGlvbiBjb25maWd1cmF0aW9uXG4gKiBmb3IgQ2xvdWRXYXRjaCBMb2cgR3JvdXBzXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgTG9nR3JvdXBEYXRhUHJvdGVjdGlvblByb3BzIHtcbiAgLyoqXG4gICAqIEVuY3J5cHRpb24ga2V5IHRoYXQgd291bGQgYmUgdXNlZCB0byBlbmNyeXB0IHRoZSByZWxldmFudCBsb2cgZ3JvdXBcbiAgICogQGRlZmF1bHQgYSBuZXcgS01TIGtleSB3b3VsZCBhdXRvbWF0aWNhbGx5IGJlIGNyZWF0ZWRcbiAgICovXG4gIHJlYWRvbmx5IGxvZ0dyb3VwRW5jcnlwdGlvbktleT86IEtleTtcblxuICAvKipcbiAgICogTGlzdCBvZiBEYXRhSWRlbnRpZmllcnMgdGhhdCB3b3VsZCBiZSB1c2VkIGFzIHBhcnQgb2YgdGhlXG4gICAqIERhdGEgUHJvdGVjdGlvbiBQb2xpY3kgdGhhdCB3b3VsZCBiZSBjcmVhdGVkIGZvciB0aGUgbG9nIGdyb3VwXG4gICAqIEBkZWZhdWx0IERhdGEgUHJvdGVjdGlvbiBQb2xpY3kgd29uJ3QgYmUgZW5hYmxlZFxuICAgKi9cbiAgcmVhZG9ubHkgZGF0YVByb3RlY3Rpb25JZGVudGlmaWVycz86IERhdGFJZGVudGlmaWVyW107XG59Il19

package/lib/utilities/observability/observability.d.ts ADDED Viewed

@@ -0,0 +1,83 @@
+import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch';
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as logs from 'aws-cdk-lib/aws-logs';
+import * as s3 from 'aws-cdk-lib/aws-s3';
+import * as sqs from 'aws-cdk-lib/aws-sqs';
+import * as stepfunctions from 'aws-cdk-lib/aws-stepfunctions';
+import { Construct } from 'constructs';
+/**
+ * Configuration for observability features
+ */
+export interface ObservabilityConfig {
+    /** Enable CloudWatch Dashboard */
+    readonly enableDashboard?: boolean;
+    /** Enable CloudWatch Alarms */
+    readonly enableAlarms?: boolean;
+    /** Enable AWS X-Ray tracing */
+    readonly enableTracing?: boolean;
+    /** Log retention period in days */
+    readonly logRetentionDays?: logs.RetentionDays;
+    /** Custom dashboard name */
+    readonly dashboardName?: string;
+    /** SNS topic ARN for alarm notifications */
+    readonly alarmNotificationTopicArn?: string;
+    /** Custom metric namespace */
+    readonly metricsNamespace?: string;
+}
+/**
+ * Resources that need observability monitoring
+ */
+export interface ObservabilityResources {
+    /** Step Functions state machine (optional) */
+    readonly stateMachine?: stepfunctions.StateMachine;
+    /** Lambda functions to monitor */
+    readonly lambdaFunctions: lambda.Function[];
+    /** SQS queues to monitor (optional) */
+    readonly sqsQueues?: sqs.Queue[];
+    /** S3 buckets for storage (optional) */
+    readonly s3Buckets?: s3.IBucket[];
+    /** Dead letter queue (optional) */
+    readonly deadLetterQueue?: sqs.IQueue;
+    /** Use case name for labeling */
+    readonly useCaseName: string;
+}
+/**
+ * Comprehensive observability construct for serverless use cases
+ */
+export declare class ServerlessObservability extends Construct {
+    /** CloudWatch Dashboard for monitoring */
+    readonly dashboard?: cloudwatch.Dashboard;
+    /** CloudWatch Log Groups */
+    readonly logGroups: logs.LogGroup[];
+    /** CloudWatch Alarms */
+    readonly alarms: cloudwatch.Alarm[];
+    /** Metrics namespace */
+    readonly metricsNamespace: string;
+    constructor(scope: Construct, id: string, resources: ObservabilityResources, config?: ObservabilityConfig);
+    /**
+     * Create log groups for Lambda functions with proper retention
+     */
+    private createLogGroups;
+    /**
+     * Enable AWS X-Ray tracing for all resources
+     */
+    private enableTracing;
+    /**
+     * Create CloudWatch alarms for monitoring critical metrics
+     */
+    private createAlarms;
+    /**
+     * Create comprehensive CloudWatch dashboard
+     */
+    private createDashboard;
+    /**
+     * Add custom widget to the dashboard
+     */
+    addCustomWidget(widget: cloudwatch.IWidget): void;
+    /**
+     * Create a custom metric for use case specific events
+     */
+    createCustomMetric(metricName: string, dimensionsMap?: {
+        [key: string]: string;
+    }): cloudwatch.Metric;
+}