@certenza/aws-cdk-infrastructure-commons 1.1.2 → 2.0.0

package/dist/src/apigateway.js

@@ -75,17 +75,13 @@ const createApiGateway = (scope, apiName, domainName, hostedZoneId, zoneName) =>
     const api = new apigateway.RestApi(scope, apiName, {
         description: `Public API Gateway for ${apiName}`,
         endpointTypes: [apigateway.EndpointType.REGIONAL],
-        domainName: {
-            domainName: domainName,
-            certificate: certificate,
-            securityPolicy: apigateway.SecurityPolicy.TLS_1_2,
-            endpointType: apigateway.EndpointType.REGIONAL,
-        },
         deploy: false, // Don't auto-deploy - we'll create deployment and stage manually
     });
     // Create execution log group with the exact name API Gateway expects
     // API Gateway creates execution logs in the format: API-Gateway-Execution-Logs_{api-id}/{stage-name}
     // By creating it first, API Gateway will use our log group instead of creating a new one
+    // Note: The log group name depends on api.restApiId (a token), so CloudFormation will
+    // create the API first to resolve the token, then create the log group with the resolved name
     const executionLogGroup = new logs.LogGroup(scope, `${apiName}-ExecutionLogs`, {
         logGroupName: cdk.Token.asString(cdk.Fn.join("/", [
             cdk.Fn.join("_", [
@@ -95,14 +91,14 @@ const createApiGateway = (scope, apiName, domainName, hostedZoneId, zoneName) =>
             "prod", // Default stage name
         ])),
         retention: logs.RetentionDays.ONE_MONTH, // Budget-friendly: 1 month retention
-        removalPolicy: cdk.RemovalPolicy.DESTROY, // Retain log group even if API is deleted
+        removalPolicy: cdk.RemovalPolicy.DESTROY, // Destroy log group when API is deleted
     });
     // Create deployment
     const deployment = new apigateway.Deployment(scope, `${apiName}-Deployment`, {
         api: api,
     });
     // Create stage with logging configuration
-    // The execution log group must exist before the stage is created
+    // The execution log group must exist before the stage is created so API Gateway uses it
     const stage = new apigateway.Stage(scope, `${apiName}-Stage`, {
         deployment: deployment,
         stageName: "prod",
@@ -111,12 +107,31 @@ const createApiGateway = (scope, apiName, domainName, hostedZoneId, zoneName) =>
         accessLogDestination: new apigateway.LogGroupLogDestination(accessLogGroup),
     });
     // Ensure the execution log group is created before the stage
+    // This is necessary because the stage doesn't reference the log group directly,
+    // but API Gateway needs it to exist when the stage is created
     stage.node.addDependency(executionLogGroup);
-    // Create Route53 A record pointing to the API Gateway
+    // Create custom domain name with TLS 1.2 security policy
+    // CDK automatically ensures the certificate is validated before creating the domain
+    const apiDomain = new apigateway.DomainName(scope, `${apiName}-Domain`, {
+        domainName: domainName,
+        certificate: certificate,
+        securityPolicy: apigateway.SecurityPolicy.TLS_1_2, // Enforce TLS 1.2 minimum
+        endpointType: apigateway.EndpointType.REGIONAL,
+    });
+    // Map the custom domain to the API stage
+    // CDK automatically handles dependencies: BasePathMapping depends on apiDomain, api, and stage
+    new apigateway.BasePathMapping(scope, `${apiName}-BasePathMapping`, {
+        domainName: apiDomain,
+        restApi: api,
+        stage: stage,
+    });
+    // Create Route53 A record pointing to the API Gateway custom domain
+    // CDK automatically handles dependency: Route53 record waits for domain to be created
+    // via the alias target (ApiGatewayDomain)
     new route53.ARecord(scope, `${apiName}-AliasRecord`, {
         zone: hostedZone,
         recordName: domainName.replace(`${hostedZone.zoneName}.`, ""),
-        target: route53.RecordTarget.fromAlias(new route53targets.ApiGateway(api)),
+        target: route53.RecordTarget.fromAlias(new route53targets.ApiGatewayDomain(apiDomain)),
     });
     // Return the API Gateway
     return api;

package/dist/src/lambda.js

@@ -64,7 +64,7 @@ const createLambdaFunction = (scope, functionName, environment, props = {}) => {
         entry: `src/lambdas/${functionName}/handler.ts`,
         functionName: functionName,
         handler: "handler",
-        runtime: lambda.Runtime.NODEJS_22_X,
+        runtime: lambda.Runtime.NODEJS_24_X,
         architecture: lambda.Architecture.ARM_64,
         memorySize: 256,
         timeout: cdk.Duration.seconds(30),
@@ -76,7 +76,7 @@ const createLambdaFunction = (scope, functionName, environment, props = {}) => {
         bundling: {
             minify: true,
             sourceMap: false,
-            target: "es2022",
+            target: "es2024",
             format: nodejs.OutputFormat.CJS,
             mainFields: ["module", "main"],
             externalModules: ["aws-sdk", "util", "crypto", "stream"], // AWS SDK is provided by Lambda runtime

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@certenza/aws-cdk-infrastructure-commons",
-    "version": "1.1.2",
+    "version": "2.0.0",
     "description": "Common infrastructure reusable utilities and resources for Certenza projects",
     "main": "dist/index.js",
     "types": "dist/index.d.ts",
@@ -36,15 +36,15 @@
     },
     "homepage": "https://github.com/certenza/aws-cdk-infrastructure-commons#readme",
     "dependencies": {
-        "aws-cdk-lib": "^2.227.0"
+        "aws-cdk-lib": "^2.230.0"
     },
     "devDependencies": {
-        "@types/node": "^22.0.0",
-        "prettier": "^3.0.0",
+        "@types/node": "^24.0.0",
+        "prettier": "^3.7.2",
         "rimraf": "^6.1.2",
         "typescript": "^5.9.3"
     },
     "engines": {
-        "node": ">=22.0.0"
+        "node": ">=24.0.0"
     }
 }