@certenza/aws-cdk-infrastructure-commons 1.0.0

package/README.md

@@ -0,0 +1,76 @@
+# @certenza/aws-cdk-infrastructure-commons
+
+A private npm package containing common infrastructure utilities and resources for CDK typescript projects. This package provides reusable AWS CDK constructs and utilities to maintain consistency across infrastructure codebases.
+
+## Installation
+
+```bash
+npm install @certenza/aws-cdk-infrastructure-commons
+```
+
+## Usage
+
+```typescript
+import { cdkOutput } from "@certenza/aws-cdk-infrastructure-commons";
+
+// Use the utilities in your CDK stack
+cdkOutput(stack, "MyOutput", "my-value", "Description of the output");
+```
+
+## Available Resources
+
+### CDK Utilities
+
+- **`cdkOutput`** - Creates CDK outputs with consistent naming conventions
+
+### AWS Resources
+
+- **ACM** - AWS Certificate Manager utilities
+- **API Gateway** - API Gateway constructs and utilities
+- **CDK** - CDK and utilities
+- **DynamoDB** - DynamoDB table and index utilities
+- **Lambda** - Lambda function utilities
+- **Open Search** - Open Search utilities
+- **Route53** - DNS and routing utilities
+- **Secrets Manager** - Secrets Manager utilities
+- **SQS** - Simple Queue Service utilities
+
+## Project Structure
+
+```
+src/
+├── acm.ts              # AWS Certificate Manager utilities
+├── apigateway.ts       # API Gateway constructs
+├── cdk.ts              # CDK utility functions
+├── dynamodb.ts         # DynamoDB utilities
+├── lambda.ts           # Lambda function utilities
+├── opensearch.ts       # Open Search utilities
+├── route53.ts          # Route53 DNS utilities
+└── sqs.ts              # SQS queue utilities
+└── secretsmanager.ts   # Secrets manager utilities
+```
+
+## Development
+
+### Prerequisites
+
+- Node.js >= 22.0.0
+- npm
+
+### Setup
+
+```bash
+npm install
+```
+
+### Build
+
+```bash
+npm run build
+```
+
+### Publish
+
+```bash
+npm publish
+```

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+export * as cdk from "aws-cdk-lib";
+export * as apigateway from "aws-cdk-lib/aws-apigateway";
+export { Construct } from "constructs";
+export * from "./src/acm";
+export * from "./src/apigateway";
+export * from "./src/cdk";
+export * from "./src/dynamodb";
+export * from "./src/lambda";
+export * from "./src/route53";
+export * from "./src/sqs";
+export * from "./src/secretsmanager";
+export * from "./src/opensearch";

package/dist/index.js

@@ -0,0 +1,54 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Construct = exports.apigateway = exports.cdk = void 0;
+// Export all CDK libraries
+exports.cdk = __importStar(require("aws-cdk-lib"));
+exports.apigateway = __importStar(require("aws-cdk-lib/aws-apigateway"));
+var constructs_1 = require("constructs");
+Object.defineProperty(exports, "Construct", { enumerable: true, get: function () { return constructs_1.Construct; } });
+// Export all infrastructure resources
+__exportStar(require("./src/acm"), exports);
+__exportStar(require("./src/apigateway"), exports);
+__exportStar(require("./src/cdk"), exports);
+__exportStar(require("./src/dynamodb"), exports);
+__exportStar(require("./src/lambda"), exports);
+__exportStar(require("./src/route53"), exports);
+__exportStar(require("./src/sqs"), exports);
+__exportStar(require("./src/secretsmanager"), exports);
+__exportStar(require("./src/opensearch"), exports);

package/dist/src/acm.d.ts

@@ -0,0 +1,13 @@
+import * as acm from "aws-cdk-lib/aws-certificatemanager";
+import { Construct } from "constructs";
+import * as route53 from "aws-cdk-lib/aws-route53";
+/**
+ * Creates a certificate for a domain name
+ * @param scope - The scope of the certificate
+ * @param id - The id of the certificate
+ * @param domainName - The domain name of the certificate
+ * @param hostedZone - The hosted zone of the certificate
+ * @returns The certificate
+ */
+declare const createCertificate: (scope: Construct, id: string, domainName: string, hostedZone: route53.IHostedZone) => acm.Certificate;
+export { createCertificate };

package/dist/src/acm.js

@@ -0,0 +1,52 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createCertificate = void 0;
+const acm = __importStar(require("aws-cdk-lib/aws-certificatemanager"));
+/**
+ * Creates a certificate for a domain name
+ * @param scope - The scope of the certificate
+ * @param id - The id of the certificate
+ * @param domainName - The domain name of the certificate
+ * @param hostedZone - The hosted zone of the certificate
+ * @returns The certificate
+ */
+const createCertificate = (scope, id, domainName, hostedZone) => {
+    return new acm.Certificate(scope, id, {
+        domainName: domainName,
+        validation: acm.CertificateValidation.fromDns(hostedZone),
+    });
+};
+exports.createCertificate = createCertificate;

package/dist/src/apigateway.d.ts

@@ -0,0 +1,20 @@
+import * as apigateway from "aws-cdk-lib/aws-apigateway";
+import { Construct } from "constructs";
+/**
+ * Gets the domain name for the API Gateway
+ * @param environment - The environment to get the domain name for
+ * @param domainName - The root domain name (example: mydomain.com)
+ * @returns The domain name for the API Gateway
+ */
+declare const getApiGatewayDomainName: (service: string, domainName: string, environment: string) => string;
+/**
+ * Creates an API Gateway with the given parameters
+ * @param scope - The scope of the API Gateway
+ * @param apiName - The name of the API Gateway
+ * @param domainName - The domain name of the API Gateway
+ * @param hostedZoneId - The ID of the hosted zone
+ * @param zoneName - The name of the hosted zone
+ * @returns The API Gateway
+ */
+declare const createApiGateway: (scope: Construct, apiName: string, domainName: string, hostedZoneId: string, zoneName: string) => apigateway.RestApi;
+export { createApiGateway, getApiGatewayDomainName };

package/dist/src/apigateway.js

@@ -0,0 +1,95 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getApiGatewayDomainName = exports.createApiGateway = void 0;
+const apigateway = __importStar(require("aws-cdk-lib/aws-apigateway"));
+const logs = __importStar(require("aws-cdk-lib/aws-logs"));
+const route53 = __importStar(require("aws-cdk-lib/aws-route53"));
+const route53targets = __importStar(require("aws-cdk-lib/aws-route53-targets"));
+const acm_1 = require("./acm");
+const route53_1 = require("./route53");
+/**
+ * Gets the domain name for the API Gateway
+ * @param environment - The environment to get the domain name for
+ * @param domainName - The root domain name (example: mydomain.com)
+ * @returns The domain name for the API Gateway
+ */
+const getApiGatewayDomainName = (service, domainName, environment) => {
+    return environment === "production"
+        ? `api.${service}.${domainName}`
+        : `api.${service}.${environment}.${domainName}`;
+};
+exports.getApiGatewayDomainName = getApiGatewayDomainName;
+/**
+ * Creates an API Gateway with the given parameters
+ * @param scope - The scope of the API Gateway
+ * @param apiName - The name of the API Gateway
+ * @param domainName - The domain name of the API Gateway
+ * @param hostedZoneId - The ID of the hosted zone
+ * @param zoneName - The name of the hosted zone
+ * @returns The API Gateway
+ */
+const createApiGateway = (scope, apiName, domainName, hostedZoneId, zoneName) => {
+    // Import the existing hosted zone
+    const hostedZone = (0, route53_1.getHostedZone)(scope, "HostedZone", hostedZoneId, zoneName);
+    // Create a certificate for the API Gateway domain
+    const certificate = (0, acm_1.createCertificate)(scope, `ApiGatewayCertificate`, domainName, hostedZone);
+    const api = new apigateway.RestApi(scope, apiName, {
+        description: `Public API Gateway for ${apiName}`,
+        endpointTypes: [apigateway.EndpointType.REGIONAL],
+        domainName: {
+            domainName: domainName,
+            certificate: certificate,
+            securityPolicy: apigateway.SecurityPolicy.TLS_1_2,
+            endpointType: apigateway.EndpointType.REGIONAL,
+        },
+        deployOptions: {
+            loggingLevel: apigateway.MethodLoggingLevel.INFO,
+            dataTraceEnabled: false,
+            accessLogDestination: new apigateway.LogGroupLogDestination(new logs.LogGroup(scope, `${apiName}-AccessLogs`, {
+                retention: logs.RetentionDays.ONE_WEEK,
+            })),
+        },
+    });
+    // Create Route53 A record pointing to the API Gateway
+    new route53.ARecord(scope, `${apiName}-AliasRecord`, {
+        zone: hostedZone,
+        recordName: domainName.replace(`${hostedZone.zoneName}.`, ""),
+        target: route53.RecordTarget.fromAlias(new route53targets.ApiGateway(api)),
+    });
+    // Return the API Gateway
+    return api;
+};
+exports.createApiGateway = createApiGateway;

package/dist/src/cdk.d.ts

@@ -0,0 +1,10 @@
+import * as cdk from "aws-cdk-lib";
+/**
+ * Creates a CDK output
+ * @param stack - The stack to create the output in
+ * @param id - The id of the output
+ * @param value - The value of the output
+ * @param description - The description of the output
+ */
+declare const cdkOutput: (stack: cdk.Stack, id: string, value: string, description: string) => void;
+export { cdkOutput };

package/dist/src/cdk.js

@@ -0,0 +1,52 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cdkOutput = void 0;
+const cdk = __importStar(require("aws-cdk-lib"));
+/**
+ * Creates a CDK output
+ * @param stack - The stack to create the output in
+ * @param id - The id of the output
+ * @param value - The value of the output
+ * @param description - The description of the output
+ */
+const cdkOutput = (stack, id, value, description) => {
+    new cdk.CfnOutput(stack, id, {
+        value,
+        description,
+        exportName: `${stack.stackName}-${id}`,
+    });
+};
+exports.cdkOutput = cdkOutput;

package/dist/src/dynamodb.d.ts

@@ -0,0 +1,33 @@
+import * as cdk from "aws-cdk-lib";
+import * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import { Construct } from "constructs";
+/**
+ * The key for the DynamoDB table
+ * @param pk - The partition key
+ * @param sk - The sort key
+ */
+type DynamoDBKeys = {
+    pk: string;
+    sk?: string;
+};
+/**
+ * The index for the DynamoDB table
+ * @param name - The name of the index
+ * @param keys - The keys for the index
+ */
+type DynamoDBIndex = {
+    name: string;
+    keys: DynamoDBKeys;
+};
+/**
+ * Creates a DynamoDB table
+ * @param scope - The scope of the DynamoDB table
+ * @param tableName - The name of the DynamoDB table
+ * @param keys - The keys of the DynamoDB table
+ * @param indexes - The indexes of the DynamoDB table
+ * @param options - The options of the DynamoDB table
+ * @returns The DynamoDB table
+ */
+declare const createDynamoDBTable: (scope: Construct, tableName: string, keys: DynamoDBKeys, indexes: DynamoDBIndex[], options?: Partial<dynamodb.TableProps>) => cdk.aws_dynamodb.Table;
+export { createDynamoDBTable };
+export type { DynamoDBIndex, DynamoDBKeys };

package/dist/src/dynamodb.js

@@ -0,0 +1,99 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createDynamoDBTable = void 0;
+const cdk = __importStar(require("aws-cdk-lib"));
+const dynamodb = __importStar(require("aws-cdk-lib/aws-dynamodb"));
+/**
+ * Creates a DynamoDB table
+ * @param scope - The scope of the DynamoDB table
+ * @param tableName - The name of the DynamoDB table
+ * @param keys - The keys of the DynamoDB table
+ * @param indexes - The indexes of the DynamoDB table
+ * @param options - The options of the DynamoDB table
+ * @returns The DynamoDB table
+ */
+const createDynamoDBTable = (scope, tableName, keys, indexes, options = {}) => {
+    // Create the table props
+    let tableProps = {
+        tableName,
+        partitionKey: {
+            name: keys.pk,
+            type: dynamodb.AttributeType.STRING,
+        },
+        billingMode: dynamodb.BillingMode.PAY_PER_REQUEST, // On-demand
+        removalPolicy: cdk.RemovalPolicy.DESTROY, // For testing; use RETAIN in production
+        ...options,
+    };
+    // If a sort key is provided, add it to the table props
+    if (keys.sk) {
+        tableProps = {
+            ...tableProps,
+            sortKey: {
+                name: keys.sk,
+                type: dynamodb.AttributeType.STRING,
+            },
+        };
+    }
+    // Create the DynamoDB table
+    let table = new dynamodb.Table(scope, `${tableName}Table`, tableProps);
+    // Add the Global Secondary Indexes
+    indexes.forEach(index => {
+        // Create the index props
+        let indexProps = {
+            indexName: index.name,
+            partitionKey: {
+                name: index.keys.pk,
+                type: dynamodb.AttributeType.STRING,
+            },
+            projectionType: dynamodb.ProjectionType.ALL, // Include all attributes in the index
+        };
+        // If a sort key is provided, add it to the index props
+        if (index.keys.sk) {
+            indexProps = {
+                ...indexProps,
+                sortKey: {
+                    name: index.keys.sk,
+                    type: dynamodb.AttributeType.STRING,
+                },
+            };
+        }
+        // Add the index to the table
+        table.addGlobalSecondaryIndex(indexProps);
+    });
+    // Return the DynamoDB table
+    return table;
+};
+exports.createDynamoDBTable = createDynamoDBTable;

package/dist/src/lambda.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Lambda functions and integrations
+ */
+import * as cdk from "aws-cdk-lib";
+import * as lambda from "aws-cdk-lib/aws-lambda";
+import * as nodejs from "aws-cdk-lib/aws-lambda-nodejs";
+import { Construct } from "constructs";
+/**
+ * Properties for creating a lambda function
+ * @param policies - The policies of the lambda function
+ * @param environmentVariables - The environment variables of the lambda function
+ * @param options - The options of the lambda function
+ */
+type CreateLambdaFunctionProps = {
+    policies?: cdk.aws_iam.PolicyStatementProps[];
+    environmentVariables?: Record<string, string>;
+    options?: Partial<nodejs.NodejsFunctionProps>;
+};
+/**
+ * Creates a lambda function with the given parameters
+ * @param scope - The scope of the lambda function
+ * @param functionName - The name of the lambda function (will be also used as the id)
+ * @param environment - The environment of the lambda function
+ * @param props - The properties of the lambda function
+ * @returns The lambda function
+ */
+declare const createLambdaFunction: (scope: Construct, functionName: string, environment: string, props?: CreateLambdaFunctionProps) => nodejs.NodejsFunction;
+/**
+ * Creates a lambda integration for a lambda function
+ * @param lambdaFunction - The lambda function to create an integration for
+ * @returns The lambda integration
+ */
+declare const createLambdaApiGatewayIntegration: (lambdaFunction: lambda.Function) => cdk.aws_apigateway.LambdaIntegration;
+export { createLambdaFunction, createLambdaApiGatewayIntegration };
+export type { CreateLambdaFunctionProps };

package/dist/src/lambda.js

@@ -0,0 +1,121 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createLambdaApiGatewayIntegration = exports.createLambdaFunction = void 0;
+/**
+ * Lambda functions and integrations
+ */
+const cdk = __importStar(require("aws-cdk-lib"));
+const lambda = __importStar(require("aws-cdk-lib/aws-lambda"));
+const nodejs = __importStar(require("aws-cdk-lib/aws-lambda-nodejs"));
+const logs = __importStar(require("aws-cdk-lib/aws-logs"));
+const apigateway = __importStar(require("aws-cdk-lib/aws-apigateway"));
+/**
+ * Creates a lambda function with the given parameters
+ * @param scope - The scope of the lambda function
+ * @param functionName - The name of the lambda function (will be also used as the id)
+ * @param environment - The environment of the lambda function
+ * @param props - The properties of the lambda function
+ * @returns The lambda function
+ */
+const createLambdaFunction = (scope, functionName, environment, props = {}) => {
+    // Define the id of the lambda function
+    const id = functionName;
+    // Define the policies of the lambda function
+    const policies = props.policies ?? [];
+    // Define the environment variables of the lambda function
+    const environmentVariables = props.environmentVariables ?? {};
+    // Define the options of the lambda function
+    const options = props.options ?? {};
+    // Create the lambda function
+    const lambdaFunction = new nodejs.NodejsFunction(scope, id, {
+        entry: `src/lambdas/${functionName}/handler.ts`,
+        functionName: functionName,
+        handler: "handler",
+        runtime: lambda.Runtime.NODEJS_22_X,
+        architecture: lambda.Architecture.ARM_64,
+        memorySize: 256,
+        timeout: cdk.Duration.seconds(30),
+        environment: {
+            ENVIRONMENT: environment,
+            NODE_ENV: environment === "production" ? "production" : "development",
+            ...environmentVariables,
+        },
+        bundling: {
+            minify: true,
+            sourceMap: false,
+            target: "es2022",
+            format: nodejs.OutputFormat.CJS,
+            mainFields: ["module", "main"],
+            externalModules: ["aws-sdk", "util", "crypto", "stream"], // AWS SDK is provided by Lambda runtime
+            forceDockerBundling: false, // Use esbuild directly instead of Docker
+            platform: "node",
+        },
+        description: `${id} lambda function for ${environment} environment`,
+        logGroup: new logs.LogGroup(scope, `${id}-LogGroup`, {
+            retention: logs.RetentionDays.ONE_WEEK, // Budget-friendly: 1 week retention
+            removalPolicy: environment === "production"
+                ? cdk.RemovalPolicy.RETAIN
+                : cdk.RemovalPolicy.DESTROY,
+        }),
+        ...options,
+    });
+    // Add the policies to the lambda function
+    policies.forEach((policy) => {
+        // Add the policy to the lambda function
+        lambdaFunction.addToRolePolicy(new cdk.aws_iam.PolicyStatement(policy));
+    });
+    // Return the lambda function
+    return lambdaFunction;
+};
+exports.createLambdaFunction = createLambdaFunction;
+/**
+ * Creates a lambda integration for a lambda function
+ * @param lambdaFunction - The lambda function to create an integration for
+ * @returns The lambda integration
+ */
+const createLambdaApiGatewayIntegration = (lambdaFunction) => {
+    return new apigateway.LambdaIntegration(lambdaFunction, {
+        requestTemplates: {
+            "application/json": JSON.stringify({
+                httpMethod: "$context.httpMethod",
+                path: "$context.path",
+                queryStringParameters: "$input.params().querystring",
+                body: "$input.json('$')",
+            }),
+        },
+    });
+};
+exports.createLambdaApiGatewayIntegration = createLambdaApiGatewayIntegration;

package/dist/src/opensearch.d.ts

@@ -0,0 +1,13 @@
+import * as opensearch from "aws-cdk-lib/aws-opensearchservice";
+import { Construct } from "constructs";
+/**
+ * Creates an OpenSearch domain
+ * @param scope - The scope to create the domain in
+ * @param id - The id of the domain
+ * @param account - The account to create the domain in
+ * @param capacity - The capacity of the domain
+ * @param volumeSize - The size of the volume in GB
+ * @returns The OpenSearch domain
+ */
+declare const createOpenSearchDomain: (scope: Construct, id: string, account: string, capacity: opensearch.CapacityConfig, volumeSize: number) => opensearch.Domain;
+export { createOpenSearchDomain };

package/dist/src/opensearch.js

@@ -0,0 +1,72 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createOpenSearchDomain = void 0;
+const cdk = __importStar(require("aws-cdk-lib"));
+const opensearch = __importStar(require("aws-cdk-lib/aws-opensearchservice"));
+const ec2 = __importStar(require("aws-cdk-lib/aws-ec2"));
+const iam = __importStar(require("aws-cdk-lib/aws-iam"));
+/**
+ * Creates an OpenSearch domain
+ * @param scope - The scope to create the domain in
+ * @param id - The id of the domain
+ * @param account - The account to create the domain in
+ * @param capacity - The capacity of the domain
+ * @param volumeSize - The size of the volume in GB
+ * @returns The OpenSearch domain
+ */
+const createOpenSearchDomain = (scope, id, account, capacity, volumeSize) => {
+    return new opensearch.Domain(scope, id, {
+        version: opensearch.EngineVersion.OPENSEARCH_2_19,
+        capacity,
+        ebs: {
+            volumeSize,
+            volumeType: ec2.EbsDeviceVolumeType.GP3,
+        },
+        encryptionAtRest: { enabled: true },
+        nodeToNodeEncryption: true,
+        enforceHttps: true,
+        accessPolicies: [
+            new iam.PolicyStatement({
+                effect: iam.Effect.ALLOW,
+                principals: [new iam.AccountPrincipal(account)],
+                actions: ["es:*"],
+                resources: ["*"],
+            }),
+        ],
+        removalPolicy: cdk.RemovalPolicy.DESTROY,
+    });
+};
+exports.createOpenSearchDomain = createOpenSearchDomain;

package/dist/src/route53.d.ts

@@ -0,0 +1,19 @@
+import * as route53 from "aws-cdk-lib/aws-route53";
+import { Construct } from "constructs";
+/**
+ * Gets the hosted zone name for the API Gateway
+ * @param environment - The environment to get the hosted zone name for
+ * @param domainName - The root domain name (example: mydomain.com)
+ * @returns The hosted zone name for the API Gateway
+ */
+declare const getHostedZoneName: (environment: string, domainName: string) => string;
+/**
+ * Gets a hosted zone from an ID and name
+ * @param scope - The scope of the hosted zone
+ * @param id - The id of the hosted zone
+ * @param hostedZoneId - The ID of the hosted zone
+ * @param zoneName - The name of the hosted zone
+ * @returns The imported hosted zone
+ */
+declare const getHostedZone: (scope: Construct, id: string, hostedZoneId: string, zoneName: string) => route53.IHostedZone;
+export { getHostedZone, getHostedZoneName };

package/dist/src/route53.js

@@ -0,0 +1,64 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getHostedZoneName = exports.getHostedZone = void 0;
+const route53 = __importStar(require("aws-cdk-lib/aws-route53"));
+/**
+ * Gets the hosted zone name for the API Gateway
+ * @param environment - The environment to get the hosted zone name for
+ * @param domainName - The root domain name (example: mydomain.com)
+ * @returns The hosted zone name for the API Gateway
+ */
+const getHostedZoneName = (environment, domainName) => {
+    return environment === "production"
+        ? domainName
+        : `${environment}.${domainName}`;
+};
+exports.getHostedZoneName = getHostedZoneName;
+/**
+ * Gets a hosted zone from an ID and name
+ * @param scope - The scope of the hosted zone
+ * @param id - The id of the hosted zone
+ * @param hostedZoneId - The ID of the hosted zone
+ * @param zoneName - The name of the hosted zone
+ * @returns The imported hosted zone
+ */
+const getHostedZone = (scope, id, hostedZoneId, zoneName) => {
+    return route53.HostedZone.fromHostedZoneAttributes(scope, id, {
+        hostedZoneId,
+        zoneName,
+    });
+};
+exports.getHostedZone = getHostedZone;

package/dist/src/secretsmanager.d.ts

@@ -0,0 +1,18 @@
+import { Construct } from "constructs";
+import * as secretsmanager from "aws-cdk-lib/aws-secretsmanager";
+/**
+ * Creates a secret in the AWS Secrets Manager
+ * @param scope - The scope of the secret
+ * @param id - The id of the secret
+ * @param props - The properties of the secret
+ * @returns The secret
+ */
+declare const createSecret: (scope: Construct, id: string, props?: Partial<secretsmanager.SecretProps>) => secretsmanager.Secret;
+/**
+ * Gets a secret from the AWS Secrets Manager
+ * @param scope - The scope of the secret
+ * @param id - The id of the secret
+ * @returns The secret
+ */
+declare const getSecret: (scope: Construct, id: string, secretName: string) => secretsmanager.ISecret;
+export { createSecret, getSecret };

package/dist/src/secretsmanager.js

@@ -0,0 +1,66 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getSecret = exports.createSecret = void 0;
+const secretsmanager = __importStar(require("aws-cdk-lib/aws-secretsmanager"));
+/**
+ * Creates a secret in the AWS Secrets Manager
+ * @param scope - The scope of the secret
+ * @param id - The id of the secret
+ * @param props - The properties of the secret
+ * @returns The secret
+ */
+const createSecret = (scope, id, props = {}) => {
+    // Create the secret
+    const secret = new secretsmanager.Secret(scope, id, {
+        secretName: id,
+        description: `${id} secret`,
+        ...props,
+    });
+    return secret;
+};
+exports.createSecret = createSecret;
+/**
+ * Gets a secret from the AWS Secrets Manager
+ * @param scope - The scope of the secret
+ * @param id - The id of the secret
+ * @returns The secret
+ */
+const getSecret = (scope, id, secretName) => {
+    // Get the secret from the AWS Secrets Manager
+    const secret = secretsmanager.Secret.fromSecretNameV2(scope, id, secretName);
+    return secret;
+};
+exports.getSecret = getSecret;

package/dist/src/sqs.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Library to create SQS queues
+ */
+import * as cdk from "aws-cdk-lib";
+import * as sqs from "aws-cdk-lib/aws-sqs";
+import * as apigateway from "aws-cdk-lib/aws-apigateway";
+import { Construct } from "constructs";
+/**
+ * Creates a new SQS queue
+ * @param scope - The scope of the queue
+ * @param id - The id of the queue
+ * @param props - The properties of the queue
+ * @returns The queue
+ */
+declare const createSqsQueue: (scope: Construct, id: string, props: Partial<sqs.QueueProps>) => cdk.aws_sqs.Queue;
+/**
+ * Creates an API Gateway integration with an SQS queue
+ * @param scope - The scope of the construct
+ * @param queue - The SQS queue to integrate with
+ * @returns The SQS API Gateway integration
+ */
+declare const createSQSApiGatewayIntegration: (scope: Construct, queue: sqs.Queue) => apigateway.AwsIntegration;
+export { createSqsQueue, createSQSApiGatewayIntegration };

package/dist/src/sqs.js

@@ -0,0 +1,113 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSQSApiGatewayIntegration = exports.createSqsQueue = void 0;
+/**
+ * Library to create SQS queues
+ */
+const cdk = __importStar(require("aws-cdk-lib"));
+const sqs = __importStar(require("aws-cdk-lib/aws-sqs"));
+const iam = __importStar(require("aws-cdk-lib/aws-iam"));
+const apigateway = __importStar(require("aws-cdk-lib/aws-apigateway"));
+/**
+ * Creates a new SQS queue
+ * @param scope - The scope of the queue
+ * @param id - The id of the queue
+ * @param props - The properties of the queue
+ * @returns The queue
+ */
+const createSqsQueue = (scope, id, props) => {
+    const queue = new sqs.Queue(scope, id, {
+        visibilityTimeout: cdk.Duration.seconds(30),
+        ...props,
+    });
+    return queue;
+};
+exports.createSqsQueue = createSqsQueue;
+/**
+ * Creates an API Gateway integration with an SQS queue
+ * @param scope - The scope of the construct
+ * @param queue - The SQS queue to integrate with
+ * @returns The SQS API Gateway integration
+ */
+const createSQSApiGatewayIntegration = (scope, queue) => {
+    // Add resource policy to allow API Gateway to send messages to SQS
+    const apiGatewaySqsRole = new iam.Role(scope, "ApiGatewaySqsRole", {
+        assumedBy: new iam.ServicePrincipal("apigateway.amazonaws.com"),
+    });
+    // Grant send messages permission to the API Gateway role
+    queue.grantSendMessages(apiGatewaySqsRole);
+    // Define the error response
+    const error500Response = [
+        {
+            origin: "server",
+            code: "server_error",
+            message: "Something went wrong",
+        },
+    ];
+    // Define the success response
+    const success200Response = { message: "Message sent" };
+    // Create the SQS API Gateway integration
+    return new apigateway.AwsIntegration({
+        service: "sqs",
+        action: "SendMessage",
+        integrationHttpMethod: "POST",
+        options: {
+            credentialsRole: apiGatewaySqsRole,
+            requestParameters: {
+                "integration.request.header.Content-Type": "'application/x-www-form-urlencoded'",
+            },
+            requestTemplates: {
+                "application/json": `Action=SendMessage&MessageBody=$util.urlEncode($input.body)&QueueUrl=${queue.queueUrl}`,
+            },
+            integrationResponses: [
+                {
+                    statusCode: "200",
+                    responseTemplates: {
+                        "application/json": JSON.stringify(success200Response),
+                    },
+                },
+                {
+                    statusCode: "500",
+                    selectionPattern: ".*Error.*",
+                    responseTemplates: {
+                        "application/json": JSON.stringify(error500Response),
+                    },
+                },
+            ],
+        },
+    });
+};
+exports.createSQSApiGatewayIntegration = createSQSApiGatewayIntegration;

package/package.json

@@ -0,0 +1,50 @@
+{
+    "name": "@certenza/aws-cdk-infrastructure-commons",
+    "version": "1.0.0",
+    "description": "Common infrastructure reusable utilities and resources for Certenza projects",
+    "main": "dist/index.js",
+    "types": "dist/index.d.ts",
+    "files": [
+        "dist/**/*"
+    ],
+    "scripts": {
+        "build": "tsc",
+        "clean": "rimraf dist",
+        "prebuild": "npm run clean",
+        "prepublishOnly": "npm run build",
+        "test": "echo \"Error: no test specified\" && exit 1",
+        "format": "prettier --write .",
+        "format:check": "prettier --check ."
+    },
+    "keywords": [
+        "aws",
+        "cdk",
+        "infrastructure",
+        "typescript"
+    ],
+    "author": "Certenza",
+    "license": "MIT",
+    "publishConfig": {
+        "access": "restricted"
+    },
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/certenza/aws-cdk-infrastructure-commons.git"
+    },
+    "bugs": {
+        "url": "https://github.com/certenza/aws-cdk-infrastructure-commons/issues"
+    },
+    "homepage": "https://github.com/certenza/aws-cdk-infrastructure-commons#readme",
+    "dependencies": {
+        "aws-cdk-lib": "^2.227.0"
+    },
+    "devDependencies": {
+        "@types/node": "^22.0.0",
+        "prettier": "^3.0.0",
+        "rimraf": "^6.1.2",
+        "typescript": "^5.9.3"
+    },
+    "engines": {
+        "node": ">=22.0.0"
+    }
+}