npm - @composurecdk/ec2 - Versions diffs - 0.6.0 → 0.8.0 - Mend

@composurecdk/ec2 0.6.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (150) hide show

package/README.md +121 -0
package/dist/commonjs/index.d.ts +14 -0
package/dist/commonjs/index.d.ts.map +1 -0
package/dist/commonjs/index.js +22 -0
package/dist/commonjs/index.js.map +1 -0
package/dist/commonjs/instance-alarm-config.d.ts.map +1 -0
package/dist/commonjs/instance-alarm-config.js +3 -0
package/dist/commonjs/instance-alarm-config.js.map +1 -0
package/dist/commonjs/instance-alarm-defaults.d.ts.map +1 -0
package/dist/commonjs/instance-alarm-defaults.js +65 -0
package/dist/commonjs/instance-alarm-defaults.js.map +1 -0
package/dist/commonjs/instance-alarms.d.ts.map +1 -0
package/dist/commonjs/instance-alarms.js +132 -0
package/dist/commonjs/instance-alarms.js.map +1 -0
package/dist/{instance-builder.d.ts → commonjs/instance-builder.d.ts} +44 -6
package/dist/commonjs/instance-builder.d.ts.map +1 -0
package/dist/commonjs/instance-builder.js +135 -0
package/dist/commonjs/instance-builder.js.map +1 -0
package/dist/commonjs/instance-defaults.d.ts.map +1 -0
package/dist/commonjs/instance-defaults.js +62 -0
package/dist/commonjs/instance-defaults.js.map +1 -0
package/dist/commonjs/instance-volume-attachment-config.d.ts +34 -0
package/dist/commonjs/instance-volume-attachment-config.d.ts.map +1 -0
package/dist/commonjs/instance-volume-attachment-config.js +3 -0
package/dist/commonjs/instance-volume-attachment-config.js.map +1 -0
package/dist/commonjs/instance-volume-attachment-defaults.d.ts +14 -0
package/dist/commonjs/instance-volume-attachment-defaults.d.ts.map +1 -0
package/dist/commonjs/instance-volume-attachment-defaults.js +27 -0
package/dist/commonjs/instance-volume-attachment-defaults.js.map +1 -0
package/dist/commonjs/instance-volume-attachments.d.ts +59 -0
package/dist/commonjs/instance-volume-attachments.d.ts.map +1 -0
package/dist/commonjs/instance-volume-attachments.js +107 -0
package/dist/commonjs/instance-volume-attachments.js.map +1 -0
package/dist/commonjs/package.json +3 -0
package/dist/commonjs/volume-alarm-config.d.ts +35 -0
package/dist/commonjs/volume-alarm-config.d.ts.map +1 -0
package/dist/commonjs/volume-alarm-config.js +3 -0
package/dist/commonjs/volume-alarm-config.js.map +1 -0
package/dist/commonjs/volume-alarm-defaults.d.ts +17 -0
package/dist/commonjs/volume-alarm-defaults.d.ts.map +1 -0
package/dist/commonjs/volume-alarm-defaults.js +30 -0
package/dist/commonjs/volume-alarm-defaults.js.map +1 -0
package/dist/commonjs/volume-alarms.d.ts +29 -0
package/dist/commonjs/volume-alarms.d.ts.map +1 -0
package/dist/commonjs/volume-alarms.js +92 -0
package/dist/commonjs/volume-alarms.js.map +1 -0
package/dist/commonjs/volume-builder.d.ts +171 -0
package/dist/commonjs/volume-builder.d.ts.map +1 -0
package/dist/commonjs/volume-builder.js +98 -0
package/dist/commonjs/volume-builder.js.map +1 -0
package/dist/commonjs/volume-defaults.d.ts +15 -0
package/dist/commonjs/volume-defaults.d.ts.map +1 -0
package/dist/commonjs/volume-defaults.js +50 -0
package/dist/commonjs/volume-defaults.js.map +1 -0
package/dist/{vpc-builder.d.ts → commonjs/vpc-builder.d.ts} +3 -2
package/dist/commonjs/vpc-builder.d.ts.map +1 -0
package/dist/commonjs/vpc-builder.js +82 -0
package/dist/commonjs/vpc-builder.js.map +1 -0
package/dist/commonjs/vpc-defaults.d.ts.map +1 -0
package/dist/commonjs/vpc-defaults.js +58 -0
package/dist/commonjs/vpc-defaults.js.map +1 -0
package/dist/esm/index.d.ts +14 -0
package/dist/esm/index.d.ts.map +1 -0
package/dist/esm/index.js +10 -0
package/dist/esm/index.js.map +1 -0
package/dist/esm/instance-alarm-config.d.ts +62 -0
package/dist/esm/instance-alarm-config.d.ts.map +1 -0
package/dist/esm/instance-alarm-config.js.map +1 -0
package/dist/esm/instance-alarm-defaults.d.ts +20 -0
package/dist/esm/instance-alarm-defaults.d.ts.map +1 -0
package/dist/esm/instance-alarm-defaults.js.map +1 -0
package/dist/esm/instance-alarms.d.ts +28 -0
package/dist/esm/instance-alarms.d.ts.map +1 -0
package/dist/esm/instance-alarms.js.map +1 -0
package/dist/esm/instance-builder.d.ts +223 -0
package/dist/esm/instance-builder.d.ts.map +1 -0
package/dist/{instance-builder.js → esm/instance-builder.js} +49 -4
package/dist/esm/instance-builder.js.map +1 -0
package/dist/esm/instance-defaults.d.ts +14 -0
package/dist/esm/instance-defaults.d.ts.map +1 -0
package/dist/esm/instance-defaults.js.map +1 -0
package/dist/esm/instance-volume-attachment-config.d.ts +34 -0
package/dist/esm/instance-volume-attachment-config.d.ts.map +1 -0
package/dist/esm/instance-volume-attachment-config.js +2 -0
package/dist/esm/instance-volume-attachment-config.js.map +1 -0
package/dist/esm/instance-volume-attachment-defaults.d.ts +14 -0
package/dist/esm/instance-volume-attachment-defaults.d.ts.map +1 -0
package/dist/esm/instance-volume-attachment-defaults.js +24 -0
package/dist/esm/instance-volume-attachment-defaults.js.map +1 -0
package/dist/esm/instance-volume-attachments.d.ts +59 -0
package/dist/esm/instance-volume-attachments.d.ts.map +1 -0
package/dist/esm/instance-volume-attachments.js +104 -0
package/dist/esm/instance-volume-attachments.js.map +1 -0
package/dist/esm/package.json +3 -0
package/dist/esm/volume-alarm-config.d.ts +35 -0
package/dist/esm/volume-alarm-config.d.ts.map +1 -0
package/dist/esm/volume-alarm-config.js +2 -0
package/dist/esm/volume-alarm-config.js.map +1 -0
package/dist/esm/volume-alarm-defaults.d.ts +17 -0
package/dist/esm/volume-alarm-defaults.d.ts.map +1 -0
package/dist/esm/volume-alarm-defaults.js +27 -0
package/dist/esm/volume-alarm-defaults.js.map +1 -0
package/dist/esm/volume-alarms.d.ts +29 -0
package/dist/esm/volume-alarms.d.ts.map +1 -0
package/dist/esm/volume-alarms.js +88 -0
package/dist/esm/volume-alarms.js.map +1 -0
package/dist/esm/volume-builder.d.ts +171 -0
package/dist/esm/volume-builder.d.ts.map +1 -0
package/dist/esm/volume-builder.js +95 -0
package/dist/esm/volume-builder.js.map +1 -0
package/dist/esm/volume-defaults.d.ts +15 -0
package/dist/esm/volume-defaults.d.ts.map +1 -0
package/dist/esm/volume-defaults.js +47 -0
package/dist/esm/volume-defaults.js.map +1 -0
package/dist/esm/vpc-builder.d.ts +110 -0
package/dist/esm/vpc-builder.d.ts.map +1 -0
package/dist/{vpc-builder.js → esm/vpc-builder.js} +2 -2
package/dist/esm/vpc-builder.js.map +1 -0
package/dist/esm/vpc-defaults.d.ts +15 -0
package/dist/esm/vpc-defaults.d.ts.map +1 -0
package/dist/esm/vpc-defaults.js.map +1 -0
package/package.json +36 -17
package/dist/index.d.ts +0 -7
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -6
package/dist/index.js.map +0 -1
package/dist/instance-alarm-config.d.ts.map +0 -1
package/dist/instance-alarm-config.js.map +0 -1
package/dist/instance-alarm-defaults.d.ts.map +0 -1
package/dist/instance-alarm-defaults.js.map +0 -1
package/dist/instance-alarms.d.ts.map +0 -1
package/dist/instance-alarms.js.map +0 -1
package/dist/instance-builder.d.ts.map +0 -1
package/dist/instance-builder.js.map +0 -1
package/dist/instance-defaults.d.ts.map +0 -1
package/dist/instance-defaults.js.map +0 -1
package/dist/vpc-builder.d.ts.map +0 -1
package/dist/vpc-builder.js.map +0 -1
package/dist/vpc-defaults.d.ts.map +0 -1
package/dist/vpc-defaults.js.map +0 -1
/package/dist/{instance-alarm-config.d.ts → commonjs/instance-alarm-config.d.ts} +0 -0
/package/dist/{instance-alarm-defaults.d.ts → commonjs/instance-alarm-defaults.d.ts} +0 -0
/package/dist/{instance-alarms.d.ts → commonjs/instance-alarms.d.ts} +0 -0
/package/dist/{instance-defaults.d.ts → commonjs/instance-defaults.d.ts} +0 -0
/package/dist/{vpc-defaults.d.ts → commonjs/vpc-defaults.d.ts} +0 -0
/package/dist/{instance-alarm-config.js → esm/instance-alarm-config.js} +0 -0
/package/dist/{instance-alarm-defaults.js → esm/instance-alarm-defaults.js} +0 -0
/package/dist/{instance-alarms.js → esm/instance-alarms.js} +0 -0
/package/dist/{instance-defaults.js → esm/instance-defaults.js} +0 -0
/package/dist/{vpc-defaults.js → esm/vpc-defaults.js} +0 -0

package/dist/commonjs/volume-builder.d.ts ADDED Viewed

@@ -0,0 +1,171 @@
+import { type Alarm } from "aws-cdk-lib/aws-cloudwatch";
+import { Volume, type VolumeProps } from "aws-cdk-lib/aws-ec2";
+import { type IKey } from "aws-cdk-lib/aws-kms";
+import { type IConstruct } from "constructs";
+import { COPY_STATE, type Lifecycle, type Resolvable } from "@composurecdk/core";
+import { type ITaggedBuilder } from "@composurecdk/cloudformation";
+import { AlarmDefinitionBuilder } from "@composurecdk/cloudwatch";
+import type { VolumeAlarmConfig } from "./volume-alarm-config.js";
+/**
+ * Configuration properties for the EBS volume builder.
+ *
+ * Extends the CDK {@link VolumeProps} but lifts the cross-component-wiring
+ * props to {@link Resolvable} so they can be supplied as either concrete
+ * values or {@link Ref}s to sibling components in a {@link compose}d system:
+ *
+ * - `availabilityZone` is supplied via the dedicated
+ *   {@link IVolumeBuilder.availabilityZone | .availabilityZone()} method
+ *   so it can be wired from a sibling `VpcBuilder`.
+ * - `encryptionKey` is exposed on the builder as a `Resolvable<IKey>`
+ *   setter so a sibling KMS key builder can supply a CMK.
+ *
+ * Other props (`size`, `volumeType`, `iops`, `throughput`, `enableMultiAttach`,
+ * `autoEnableIo`, `removalPolicy`, etc.) are passed through with their CDK
+ * types unchanged because they are almost always constructed inline rather
+ * than referenced from another component.
+ */
+export interface VolumeBuilderProps extends Omit<VolumeProps, "availabilityZone" | "encryptionKey"> {
+    /**
+     * Customer-managed KMS key (CMK) used to encrypt the volume.
+     *
+     * Accepts a concrete {@link IKey} or a {@link Ref} that resolves to one
+     * at build time (e.g. a sibling key builder in the same composed system).
+     *
+     * @default - the account's default EBS KMS key, applied because
+     *   `encrypted: true` is set in {@link VOLUME_DEFAULTS}.
+     *
+     * @see https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_data_rest_encrypt.html
+     */
+    encryptionKey?: Resolvable<IKey>;
+    /**
+     * Configuration for AWS-recommended CloudWatch alarms.
+     *
+     * By default, the builder creates recommended alarms with sensible
+     * thresholds for every applicable metric. Individual alarms can be
+     * customized or disabled. Set to `false` to disable all alarms.
+     *
+     * No alarm actions are configured by default since notification methods
+     * are user-specific. Access alarms from the build result or use an
+     * `afterBuild` hook to apply actions.
+     *
+     * Contextual alarms (`burstBalance`) are only created when the
+     * corresponding volume configuration is present — e.g., a burstable
+     * `gp2`/`st1`/`sc1` volume type.
+     *
+     * @see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Best_Practice_Recommended_Alarms_AWS_Services.html#EBS
+     */
+    recommendedAlarms?: VolumeAlarmConfig | false;
+}
+/**
+ * The build output of a {@link IVolumeBuilder}. Contains the CDK constructs
+ * created during {@link Lifecycle.build}, keyed by role.
+ */
+export interface VolumeBuilderResult {
+    volume: Volume;
+    /**
+     * CloudWatch alarms created for the volume, keyed by alarm name.
+     *
+     * Includes both AWS-recommended alarms and any custom alarms added
+     * via {@link IVolumeBuilder.addAlarm}. Access individual alarms by
+     * key (e.g., `result.alarms.burstBalance`).
+     *
+     * No alarm actions are configured — apply them via the result or an
+     * `afterBuild` hook.
+     *
+     * @see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Best_Practice_Recommended_Alarms_AWS_Services.html#EBS
+     */
+    alarms: Record<string, Alarm>;
+}
+/**
+ * A fluent builder for configuring and creating an AWS EBS volume.
+ *
+ * Each configuration property from the CDK {@link VolumeProps} is exposed
+ * as an overloaded method: call with a value to set it (returns the builder
+ * for chaining), or call with no arguments to read the current value.
+ *
+ * The `availabilityZone` is set via the dedicated
+ * {@link IVolumeBuilder.availabilityZone | .availabilityZone()} method that
+ * accepts a {@link Resolvable} value for cross-component wiring (e.g., to
+ * a sibling {@link IVpcBuilder}). The `encryptionKey` setter likewise
+ * accepts a {@link Resolvable} value so a sibling KMS-key builder's output
+ * can be supplied via {@link ref}.
+ *
+ * The builder implements {@link Lifecycle}, so it can be used directly as a
+ * component in a {@link compose | composed system}. When built, it creates
+ * an EBS volume with the configured properties and returns a
+ * {@link VolumeBuilderResult}.
+ *
+ * AWS-recommended CloudWatch alarms are created by default. Alarms can be
+ * customized or disabled via the `recommendedAlarms` property. Custom
+ * alarms can be added via the {@link addAlarm} method.
+ *
+ * @see https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Volume.html
+ *
+ * @example
+ * ```ts
+ * const data = createVolumeBuilder()
+ *   .availabilityZone(ref<VpcBuilderResult>("network").map(r => r.vpc.availabilityZones[0]))
+ *   .size(Size.gibibytes(50));
+ * ```
+ */
+export type IVolumeBuilder = ITaggedBuilder<VolumeBuilderProps, VolumeBuilder>;
+declare class VolumeBuilder implements Lifecycle<VolumeBuilderResult> {
+    #private;
+    props: Partial<VolumeBuilderProps>;
+    /**
+     * Sets the Availability Zone the volume will be created in.
+     *
+     * Accepts a concrete AZ string or a {@link Ref} that resolves to one at
+     * build time. This is how cross-component wiring works — e.g., to a
+     * sibling {@link IVpcBuilder} via
+     * `ref<VpcBuilderResult>("network").map(r => r.vpc.availabilityZones[0])`.
+     *
+     * @param availabilityZone - The AZ string or a Ref to one.
+     * @returns This builder for chaining.
+     */
+    availabilityZone(availabilityZone: Resolvable<string>): this;
+    /**
+     * Adds a custom CloudWatch alarm to be created alongside the recommended
+     * alarms. The provided callback receives an {@link AlarmDefinitionBuilder}
+     * scoped to the built {@link Volume}; configure it fluently and return it.
+     *
+     * @param key - A unique key for the alarm (used to generate the alarm id).
+     * @param configure - Callback that configures the alarm definition.
+     * @returns This builder for chaining.
+     */
+    addAlarm(key: string, configure: (alarm: AlarmDefinitionBuilder<Volume>) => AlarmDefinitionBuilder<Volume>): this;
+    /** @internal — see ADR-0005. */
+    [COPY_STATE](target: VolumeBuilder): void;
+    build(scope: IConstruct, id: string, context?: Record<string, object>): VolumeBuilderResult;
+}
+/**
+ * Creates a new {@link IVolumeBuilder} for configuring an AWS EBS volume.
+ *
+ * This is the entry point for defining an EBS volume component. The
+ * returned builder exposes every {@link VolumeBuilderProps} property as a
+ * fluent setter/getter, plus
+ * {@link IVolumeBuilder.availabilityZone | .availabilityZone()} for
+ * cross-component AZ wiring with Ref support. It implements
+ * {@link Lifecycle} for use with {@link compose}.
+ *
+ * @returns A fluent builder for an AWS EBS volume.
+ *
+ * @example
+ * ```ts
+ * const data = createVolumeBuilder()
+ *   .availabilityZone(ref<VpcBuilderResult>("network").map(r => r.vpc.availabilityZones[0]))
+ *   .size(Size.gibibytes(50));
+ *
+ * // Use standalone:
+ * const result = data.build(stack, "Data", { network });
+ *
+ * // Or compose into a system:
+ * const system = compose(
+ *   { network: createVpcBuilder(), data },
+ *   { network: [], data: ["network"] },
+ * );
+ * ```
+ */
+export declare function createVolumeBuilder(): IVolumeBuilder;
+export {};
+//# sourceMappingURL=volume-builder.d.ts.map

package/dist/commonjs/volume-builder.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"volume-builder.d.ts","sourceRoot":"","sources":["../../src/volume-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,MAAM,EAAE,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAE,KAAK,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,KAAK,SAAS,EAAW,KAAK,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC1F,OAAO,EAAE,KAAK,cAAc,EAAiB,MAAM,8BAA8B,CAAC;AAClF,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAIlE;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,kBAAmB,SAAQ,IAAI,CAC9C,WAAW,EACX,kBAAkB,GAAG,eAAe,CACrC;IACC;;;;;;;;;;OAUG;IACH,aAAa,CAAC,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC;IAEjC;;;;;;;;;;;;;;;;OAgBG;IACH,iBAAiB,CAAC,EAAE,iBAAiB,GAAG,KAAK,CAAC;CAC/C;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;;;;;;;OAWG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;CAC/B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,MAAM,cAAc,GAAG,cAAc,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;AAE/E,cAAM,aAAc,YAAW,SAAS,CAAC,mBAAmB,CAAC;;IAC3D,KAAK,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAM;IAIxC;;;;;;;;;;OAUG;IACH,gBAAgB,CAAC,gBAAgB,EAAE,UAAU,CAAC,MAAM,CAAC,GAAG,IAAI;IAK5D;;;;;;;;OAQG;IACH,QAAQ,CACN,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,CAAC,KAAK,EAAE,sBAAsB,CAAC,MAAM,CAAC,KAAK,sBAAsB,CAAC,MAAM,CAAC,GACnF,IAAI;IAKP,gCAAgC;IAChC,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI;IAKzC,KAAK,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,mBAAmB;CAkC5F;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAgB,mBAAmB,IAAI,cAAc,CAEpD"}

package/dist/commonjs/volume-builder.js ADDED Viewed

@@ -0,0 +1,98 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createVolumeBuilder = createVolumeBuilder;
+const aws_ec2_1 = require("aws-cdk-lib/aws-ec2");
+const core_1 = require("@composurecdk/core");
+const cloudformation_1 = require("@composurecdk/cloudformation");
+const cloudwatch_1 = require("@composurecdk/cloudwatch");
+const volume_alarms_js_1 = require("./volume-alarms.js");
+const volume_defaults_js_1 = require("./volume-defaults.js");
+class VolumeBuilder {
+    props = {};
+    #customAlarms = [];
+    #availabilityZone;
+    /**
+     * Sets the Availability Zone the volume will be created in.
+     *
+     * Accepts a concrete AZ string or a {@link Ref} that resolves to one at
+     * build time. This is how cross-component wiring works — e.g., to a
+     * sibling {@link IVpcBuilder} via
+     * `ref<VpcBuilderResult>("network").map(r => r.vpc.availabilityZones[0])`.
+     *
+     * @param availabilityZone - The AZ string or a Ref to one.
+     * @returns This builder for chaining.
+     */
+    availabilityZone(availabilityZone) {
+        this.#availabilityZone = availabilityZone;
+        return this;
+    }
+    /**
+     * Adds a custom CloudWatch alarm to be created alongside the recommended
+     * alarms. The provided callback receives an {@link AlarmDefinitionBuilder}
+     * scoped to the built {@link Volume}; configure it fluently and return it.
+     *
+     * @param key - A unique key for the alarm (used to generate the alarm id).
+     * @param configure - Callback that configures the alarm definition.
+     * @returns This builder for chaining.
+     */
+    addAlarm(key, configure) {
+        this.#customAlarms.push(configure(new cloudwatch_1.AlarmDefinitionBuilder(key)));
+        return this;
+    }
+    /** @internal — see ADR-0005. */
+    [core_1.COPY_STATE](target) {
+        target.#availabilityZone = this.#availabilityZone;
+        target.#customAlarms.push(...this.#customAlarms);
+    }
+    build(scope, id, context) {
+        const resolvedAz = this.#availabilityZone
+            ? (0, core_1.resolve)(this.#availabilityZone, context)
+            : undefined;
+        if (resolvedAz === undefined) {
+            throw new Error(`VolumeBuilder "${id}" requires an availability zone. ` +
+                `Call .availabilityZone() with a string or a Ref to one.`);
+        }
+        const { recommendedAlarms: alarmConfig, encryptionKey, ...volumeProps } = this.props;
+        const mergedProps = {
+            ...volume_defaults_js_1.VOLUME_DEFAULTS,
+            ...volumeProps,
+            availabilityZone: resolvedAz,
+            ...(encryptionKey !== undefined ? { encryptionKey: (0, core_1.resolve)(encryptionKey, context) } : {}),
+        };
+        const volume = new aws_ec2_1.Volume(scope, id, mergedProps);
+        const alarms = (0, volume_alarms_js_1.createVolumeAlarms)(scope, id, volume, alarmConfig, mergedProps.volumeType, this.#customAlarms);
+        return { volume, alarms };
+    }
+}
+/**
+ * Creates a new {@link IVolumeBuilder} for configuring an AWS EBS volume.
+ *
+ * This is the entry point for defining an EBS volume component. The
+ * returned builder exposes every {@link VolumeBuilderProps} property as a
+ * fluent setter/getter, plus
+ * {@link IVolumeBuilder.availabilityZone | .availabilityZone()} for
+ * cross-component AZ wiring with Ref support. It implements
+ * {@link Lifecycle} for use with {@link compose}.
+ *
+ * @returns A fluent builder for an AWS EBS volume.
+ *
+ * @example
+ * ```ts
+ * const data = createVolumeBuilder()
+ *   .availabilityZone(ref<VpcBuilderResult>("network").map(r => r.vpc.availabilityZones[0]))
+ *   .size(Size.gibibytes(50));
+ *
+ * // Use standalone:
+ * const result = data.build(stack, "Data", { network });
+ *
+ * // Or compose into a system:
+ * const system = compose(
+ *   { network: createVpcBuilder(), data },
+ *   { network: [], data: ["network"] },
+ * );
+ * ```
+ */
+function createVolumeBuilder() {
+    return (0, cloudformation_1.taggedBuilder)(VolumeBuilder);
+}
+//# sourceMappingURL=volume-builder.js.map

package/dist/commonjs/volume-builder.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"volume-builder.js","sourceRoot":"","sources":["../../src/volume-builder.ts"],"names":[],"mappings":";;AAsOA,kDAEC;AAvOD,iDAA+D;AAG/D,6CAA0F;AAC1F,iEAAkF;AAClF,yDAAkE;AAElE,yDAAwD;AACxD,6DAAuD;AAiHvD,MAAM,aAAa;IACjB,KAAK,GAAgC,EAAE,CAAC;IAC/B,aAAa,GAAqC,EAAE,CAAC;IAC9D,iBAAiB,CAAsB;IAEvC;;;;;;;;;;OAUG;IACH,gBAAgB,CAAC,gBAAoC;QACnD,IAAI,CAAC,iBAAiB,GAAG,gBAAgB,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;OAQG;IACH,QAAQ,CACN,GAAW,EACX,SAAoF;QAEpF,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,mCAAsB,CAAS,GAAG,CAAC,CAAC,CAAC,CAAC;QAC5E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gCAAgC;IAChC,CAAC,iBAAU,CAAC,CAAC,MAAqB;QAChC,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAClD,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,KAAiB,EAAE,EAAU,EAAE,OAAgC;QACnE,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB;YACvC,CAAC,CAAC,IAAA,cAAO,EAAC,IAAI,CAAC,iBAAiB,EAAE,OAAO,CAAC;YAC1C,CAAC,CAAC,SAAS,CAAC;QAEd,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CACb,kBAAkB,EAAE,mCAAmC;gBACrD,yDAAyD,CAC5D,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,iBAAiB,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAErF,MAAM,WAAW,GAAG;YAClB,GAAG,oCAAe;YAClB,GAAG,WAAW;YACd,gBAAgB,EAAE,UAAU;YAC5B,GAAG,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAA,cAAO,EAAC,aAAa,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5E,CAAC;QAEjB,MAAM,MAAM,GAAG,IAAI,gBAAM,CAAC,KAAK,EAAE,EAAE,EAAE,WAAW,CAAC,CAAC;QAElD,MAAM,MAAM,GAAG,IAAA,qCAAkB,EAC/B,KAAK,EACL,EAAE,EACF,MAAM,EACN,WAAW,EACX,WAAW,CAAC,UAAU,EACtB,IAAI,CAAC,aAAa,CACnB,CAAC;QAEF,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC5B,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,SAAgB,mBAAmB;IACjC,OAAO,IAAA,8BAAa,EAAoC,aAAa,CAAC,CAAC;AACzE,CAAC"}

package/dist/commonjs/volume-defaults.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import { type VolumeProps } from "aws-cdk-lib/aws-ec2";
+/**
+ * Secure, AWS-recommended defaults applied to every EBS volume built with
+ * {@link createVolumeBuilder}. Each property can be individually overridden
+ * via the builder's fluent API.
+ *
+ * Three properties intentionally have no default — they are application-
+ * specific and must be supplied explicitly:
+ *   - `availabilityZone` (via the builder's `.availabilityZone()` method)
+ *   - `size`
+ *   - `iops` / `throughput` (only when opting into a volume type that
+ *     requires them, e.g. `io1`/`io2`)
+ */
+export declare const VOLUME_DEFAULTS: Partial<VolumeProps>;
+//# sourceMappingURL=volume-defaults.d.ts.map

package/dist/commonjs/volume-defaults.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"volume-defaults.d.ts","sourceRoot":"","sources":["../../src/volume-defaults.ts"],"names":[],"mappings":"AACA,OAAO,EAAuB,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAE5E;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,eAAe,EAAE,OAAO,CAAC,WAAW,CAkChD,CAAC"}

package/dist/commonjs/volume-defaults.js ADDED Viewed

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VOLUME_DEFAULTS = void 0;
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_ec2_1 = require("aws-cdk-lib/aws-ec2");
+/**
+ * Secure, AWS-recommended defaults applied to every EBS volume built with
+ * {@link createVolumeBuilder}. Each property can be individually overridden
+ * via the builder's fluent API.
+ *
+ * Three properties intentionally have no default — they are application-
+ * specific and must be supplied explicitly:
+ *   - `availabilityZone` (via the builder's `.availabilityZone()` method)
+ *   - `size`
+ *   - `iops` / `throughput` (only when opting into a volume type that
+ *     requires them, e.g. `io1`/`io2`)
+ */
+exports.VOLUME_DEFAULTS = {
+    /**
+     * GP3 is the current-generation general-purpose SSD — cheaper and faster
+     * than GP2 at equivalent sizes, and matches the root-volume choice in
+     * {@link INSTANCE_DEFAULTS}.
+     * @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/general-purpose.html
+     */
+    volumeType: aws_ec2_1.EbsDeviceVolumeType.GP3,
+    /**
+     * Encrypt the volume at rest. Defaults to the account's default EBS KMS
+     * key; pass an `encryptionKey` to use a customer-managed key (CMK) for
+     * sensitive workloads per SEC08-BP02.
+     * @see https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_data_rest_encrypt.html
+     * @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
+     */
+    encrypted: true,
+    /**
+     * When EBS detects inconsistent data on boot it disables I/O until the
+     * operator acknowledges. For a persistent data volume the safer default
+     * is to let I/O resume so the instance can come up unattended; override
+     * to `false` for workloads that prefer to block on potential corruption.
+     * @see https://docs.aws.amazon.com/ebs/latest/userguide/monitoring-volume-events.html
+     */
+    autoEnableIo: true,
+    /**
+     * Mirrors `BUCKET_DEFAULTS.removalPolicy`. A destroyed volume is
+     * unrecoverable; an orphaned volume is a $/month nuisance. Err on the
+     * side of retention — flip to `DESTROY` explicitly for ephemeral data.
+     * @see https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/rel_planning_for_recovery_back_up_data.html
+     */
+    removalPolicy: aws_cdk_lib_1.RemovalPolicy.RETAIN,
+};
+//# sourceMappingURL=volume-defaults.js.map

package/dist/commonjs/volume-defaults.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"volume-defaults.js","sourceRoot":"","sources":["../../src/volume-defaults.ts"],"names":[],"mappings":";;;AAAA,6CAA4C;AAC5C,iDAA4E;AAE5E;;;;;;;;;;;GAWG;AACU,QAAA,eAAe,GAAyB;IACnD;;;;;OAKG;IACH,UAAU,EAAE,6BAAmB,CAAC,GAAG;IAEnC;;;;;;OAMG;IACH,SAAS,EAAE,IAAI;IAEf;;;;;;OAMG;IACH,YAAY,EAAE,IAAI;IAElB;;;;;OAKG;IACH,aAAa,EAAE,2BAAa,CAAC,MAAM;CACpC,CAAC"}

package/dist/{vpc-builder.d.ts → commonjs/vpc-builder.d.ts} RENAMED Viewed

@@ -1,7 +1,8 @@
 import { FlowLogDestination, Vpc, type VpcProps } from "aws-cdk-lib/aws-ec2";
 import { type LogGroup } from "aws-cdk-lib/aws-logs";
 import { type IConstruct } from "constructs";
-import { type IBuilder, type Lifecycle } from "@composurecdk/core";
+import { type Lifecycle } from "@composurecdk/core";
+import { type ITaggedBuilder } from "@composurecdk/cloudformation";
 import { type ILogGroupBuilder } from "@composurecdk/logs";
 /**
  * Configures how VPC flow logs are handled. Pass `false` to disable flow
@@ -76,7 +77,7 @@ export interface VpcBuilderResult {
  * const network = createVpcBuilder().maxAzs(3).natGateways(3);
  * ```
  */
-export type IVpcBuilder = IBuilder<VpcBuilderProps, VpcBuilder>;
+export type IVpcBuilder = ITaggedBuilder<VpcBuilderProps, VpcBuilder>;
 declare class VpcBuilder implements Lifecycle<VpcBuilderResult> {
     props: Partial<VpcBuilderProps>;
     build(scope: IConstruct, id: string): VpcBuilderResult;

package/dist/commonjs/vpc-builder.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"vpc-builder.d.ts","sourceRoot":"","sources":["../../src/vpc-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,GAAG,EAAE,KAAK,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC7E,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,KAAK,cAAc,EAAiB,MAAM,8BAA8B,CAAC;AAClF,OAAO,EAAyB,KAAK,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAGlF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,cAAc,GACtB,KAAK,GACL;IACE,gFAAgF;IAChF,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC;;;;OAIG;IACH,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,gBAAgB,KAAK,gBAAgB,CAAC;CACvD,CAAC;AAEN;;;;;;GAMG;AACH,MAAM,WAAW,eAAgB,SAAQ,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC;IACjE,wFAAwF;IACxF,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,GAAG,CAAC;IAET;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAE,QAAQ,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,MAAM,WAAW,GAAG,cAAc,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;AAItE,cAAM,UAAW,YAAW,SAAS,CAAC,gBAAgB,CAAC;IACrD,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,CAAM;IAErC,KAAK,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,GAAG,gBAAgB;CAgBvD;AA2CD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAE9C"}

package/dist/commonjs/vpc-builder.js ADDED Viewed

@@ -0,0 +1,82 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createVpcBuilder = createVpcBuilder;
+const aws_ec2_1 = require("aws-cdk-lib/aws-ec2");
+const cloudformation_1 = require("@composurecdk/cloudformation");
+const logs_1 = require("@composurecdk/logs");
+const vpc_defaults_js_1 = require("./vpc-defaults.js");
+const DEFAULT_FLOW_LOG_KEY = "DefaultFlowLog";
+class VpcBuilder {
+    props = {};
+    build(scope, id) {
+        const { flowLogs: flowLogsConfig, ...vpcProps } = this.props;
+        const { flowLogsLogGroup, flowLogProps } = resolveFlowLogs(scope, id, flowLogsConfig);
+        const mergedProps = {
+            ...vpc_defaults_js_1.VPC_DEFAULTS,
+            ...flowLogProps,
+            ...vpcProps,
+        };
+        return {
+            vpc: new aws_ec2_1.Vpc(scope, id, mergedProps),
+            flowLogsLogGroup,
+        };
+    }
+}
+function resolveFlowLogs(scope, id, cfg) {
+    if (cfg === false) {
+        return { flowLogProps: {} };
+    }
+    if (cfg?.destination !== undefined) {
+        if (cfg.configure !== undefined) {
+            throw new Error("flowLogs: 'configure' cannot be combined with 'destination' — " +
+                "the destination is user-managed and not built by this builder.");
+        }
+        return {
+            flowLogProps: {
+                flowLogs: { [DEFAULT_FLOW_LOG_KEY]: { destination: cfg.destination } },
+            },
+        };
+    }
+    let subBuilder = (0, logs_1.createLogGroupBuilder)();
+    if (cfg?.configure) {
+        subBuilder = cfg.configure(subBuilder);
+    }
+    const flowLogsLogGroup = subBuilder.build(scope, `${id}FlowLogsLogGroup`).logGroup;
+    return {
+        flowLogsLogGroup,
+        flowLogProps: {
+            flowLogs: {
+                [DEFAULT_FLOW_LOG_KEY]: {
+                    destination: aws_ec2_1.FlowLogDestination.toCloudWatchLogs(flowLogsLogGroup),
+                },
+            },
+        },
+    };
+}
+/**
+ * Creates a new {@link IVpcBuilder} for configuring an AWS VPC.
+ *
+ * This is the entry point for defining a VPC component. The returned builder
+ * exposes every {@link VpcBuilderProps} property as a fluent setter/getter
+ * and implements {@link Lifecycle} for use with {@link compose}.
+ *
+ * @returns A fluent builder for an AWS VPC.
+ *
+ * @example
+ * ```ts
+ * const network = createVpcBuilder().maxAzs(3).natGateways(3);
+ *
+ * // Use standalone:
+ * const result = network.build(stack, "Network");
+ *
+ * // Or compose into a system:
+ * const system = compose(
+ *   { network, server: createInstanceBuilder() },
+ *   { network: [], server: ["network"] },
+ * );
+ * ```
+ */
+function createVpcBuilder() {
+    return (0, cloudformation_1.taggedBuilder)(VpcBuilder);
+}
+//# sourceMappingURL=vpc-builder.js.map

package/dist/commonjs/vpc-builder.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"vpc-builder.js","sourceRoot":"","sources":["../../src/vpc-builder.ts"],"names":[],"mappings":";;AAgLA,4CAEC;AAlLD,iDAA6E;AAI7E,iEAAkF;AAClF,6CAAkF;AAClF,uDAAiD;AAmFjD,MAAM,oBAAoB,GAAG,gBAAgB,CAAC;AAE9C,MAAM,UAAU;IACd,KAAK,GAA6B,EAAE,CAAC;IAErC,KAAK,CAAC,KAAiB,EAAE,EAAU;QACjC,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAE7D,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,GAAG,eAAe,CAAC,KAAK,EAAE,EAAE,EAAE,cAAc,CAAC,CAAC;QAEtF,MAAM,WAAW,GAAG;YAClB,GAAG,8BAAY;YACf,GAAG,YAAY;YACf,GAAG,QAAQ;SACZ,CAAC;QAEF,OAAO;YACL,GAAG,EAAE,IAAI,aAAG,CAAC,KAAK,EAAE,EAAE,EAAE,WAAW,CAAC;YACpC,gBAAgB;SACjB,CAAC;IACJ,CAAC;CACF;AAED,SAAS,eAAe,CACtB,KAAiB,EACjB,EAAU,EACV,GAA+B;IAE/B,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,OAAO,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;IAC9B,CAAC;IAED,IAAI,GAAG,EAAE,WAAW,KAAK,SAAS,EAAE,CAAC;QACnC,IAAI,GAAG,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,gEAAgE;gBAC9D,gEAAgE,CACnE,CAAC;QACJ,CAAC;QACD,OAAO;YACL,YAAY,EAAE;gBACZ,QAAQ,EAAE,EAAE,CAAC,oBAAoB,CAAC,EAAE,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE;aACvE;SACF,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,GAAG,IAAA,4BAAqB,GAAE,CAAC;IACzC,IAAI,GAAG,EAAE,SAAS,EAAE,CAAC;QACnB,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,gBAAgB,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC;IAEnF,OAAO;QACL,gBAAgB;QAChB,YAAY,EAAE;YACZ,QAAQ,EAAE;gBACR,CAAC,oBAAoB,CAAC,EAAE;oBACtB,WAAW,EAAE,4BAAkB,CAAC,gBAAgB,CAAC,gBAAgB,CAAC;iBACnE;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,SAAgB,gBAAgB;IAC9B,OAAO,IAAA,8BAAa,EAA8B,UAAU,CAAC,CAAC;AAChE,CAAC"}

package/dist/commonjs/vpc-defaults.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"vpc-defaults.d.ts","sourceRoot":"","sources":["../../src/vpc-defaults.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAEpD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,YAAY,EAAE,OAAO,CAAC,QAAQ,CA6C1C,CAAC"}

package/dist/commonjs/vpc-defaults.js ADDED Viewed

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VPC_DEFAULTS = void 0;
+/**
+ * Secure, cost-conscious defaults applied to every VPC built with
+ * {@link createVpcBuilder}. Each property can be individually overridden
+ * via the builder's fluent API.
+ *
+ * Subnet layout uses CDK defaults (one public + one private-with-egress
+ * subnet per AZ) — override `subnetConfiguration` for custom topologies.
+ *
+ * Flow logs are created separately by the builder (not via this defaults
+ * object) so the destination log group can be auto-managed with
+ * well-architected retention/removal policies.
+ */
+exports.VPC_DEFAULTS = {
+    /**
+     * Two availability zones strike a balance between high availability
+     * and cost. Override to 3+ AZs for production workloads that need
+     * stricter HA guarantees.
+     * @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
+     */
+    maxAzs: 2,
+    /**
+     * Single NAT gateway is a cost-conscious default. Production HA
+     * workloads should override this to match `maxAzs` so a single-AZ
+     * NAT failure does not partition private-subnet egress.
+     * @see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
+     */
+    natGateways: 1,
+    /**
+     * Required for internal DNS resolution for most AWS managed services
+     * (ALB, RDS, VPC endpoints). Default-on in AWS but set explicitly for
+     * safety across CDK feature-flag configurations.
+     * @see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html
+     */
+    enableDnsSupport: true,
+    /**
+     * Required alongside DNS support for instances to receive public DNS
+     * hostnames. Needed for most hostname-based TLS and service discovery
+     * scenarios.
+     * @see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html
+     */
+    enableDnsHostnames: true,
+    /**
+     * Strip all rules from the default security group. This prevents
+     * accidentally using the default SG (which allows all intra-SG
+     * traffic and no ingress) and forces explicit SG design — a
+     * foundational well-architected security practice.
+     *
+     * Also enabled by the `@aws-cdk/aws-ec2:restrictDefaultSecurityGroup`
+     * feature flag; we set it explicitly so the guarantee holds regardless
+     * of CDK context configuration.
+     * @see https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html#restrictdefaultsecuritygroup
+     */
+    restrictDefaultSecurityGroup: true,
+};
+//# sourceMappingURL=vpc-defaults.js.map

package/dist/commonjs/vpc-defaults.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"vpc-defaults.js","sourceRoot":"","sources":["../../src/vpc-defaults.ts"],"names":[],"mappings":";;;AAEA;;;;;;;;;;;GAWG;AACU,QAAA,YAAY,GAAsB;IAC7C;;;;;OAKG;IACH,MAAM,EAAE,CAAC;IAET;;;;;OAKG;IACH,WAAW,EAAE,CAAC;IAEd;;;;;OAKG;IACH,gBAAgB,EAAE,IAAI;IAEtB;;;;;OAKG;IACH,kBAAkB,EAAE,IAAI;IAExB;;;;;;;;;;OAUG;IACH,4BAA4B,EAAE,IAAI;CACnC,CAAC"}

package/dist/esm/index.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+export { createInstanceBuilder, type IInstanceBuilder, type InstanceBuilderProps, type InstanceBuilderResult, } from "./instance-builder.js";
+export { INSTANCE_DEFAULTS } from "./instance-defaults.js";
+export { type InstanceAlarmConfig } from "./instance-alarm-config.js";
+export { INSTANCE_ALARM_DEFAULTS } from "./instance-alarm-defaults.js";
+export { type AttachVolumeOptions } from "./instance-volume-attachments.js";
+export { type VolumeAttachmentAlarmConfig } from "./instance-volume-attachment-config.js";
+export { VOLUME_ATTACHMENT_ALARM_DEFAULTS } from "./instance-volume-attachment-defaults.js";
+export { createVolumeBuilder, type IVolumeBuilder, type VolumeBuilderProps, type VolumeBuilderResult, } from "./volume-builder.js";
+export { VOLUME_DEFAULTS } from "./volume-defaults.js";
+export { type VolumeAlarmConfig } from "./volume-alarm-config.js";
+export { VOLUME_ALARM_DEFAULTS } from "./volume-alarm-defaults.js";
+export { createVpcBuilder, type FlowLogsConfig, type IVpcBuilder, type VpcBuilderProps, type VpcBuilderResult, } from "./vpc-builder.js";
+export { VPC_DEFAULTS } from "./vpc-defaults.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/esm/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,KAAK,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,KAAK,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAC5E,OAAO,EAAE,KAAK,2BAA2B,EAAE,MAAM,wCAAwC,CAAC;AAC1F,OAAO,EAAE,gCAAgC,EAAE,MAAM,0CAA0C,CAAC;AAE5F,OAAO,EACL,mBAAmB,EACnB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,GACzB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAEnE,OAAO,EACL,gBAAgB,EAChB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,KAAK,gBAAgB,GACtB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/esm/index.js ADDED Viewed

@@ -0,0 +1,10 @@
+export { createInstanceBuilder, } from "./instance-builder.js";
+export { INSTANCE_DEFAULTS } from "./instance-defaults.js";
+export { INSTANCE_ALARM_DEFAULTS } from "./instance-alarm-defaults.js";
+export { VOLUME_ATTACHMENT_ALARM_DEFAULTS } from "./instance-volume-attachment-defaults.js";
+export { createVolumeBuilder, } from "./volume-builder.js";
+export { VOLUME_DEFAULTS } from "./volume-defaults.js";
+export { VOLUME_ALARM_DEFAULTS } from "./volume-alarm-defaults.js";
+export { createVpcBuilder, } from "./vpc-builder.js";
+export { VPC_DEFAULTS } from "./vpc-defaults.js";
+//# sourceMappingURL=index.js.map

package/dist/esm/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,GAItB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAGvE,OAAO,EAAE,gCAAgC,EAAE,MAAM,0CAA0C,CAAC;AAE5F,OAAO,EACL,mBAAmB,GAIpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAEnE,OAAO,EACL,gBAAgB,GAKjB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/esm/instance-alarm-config.d.ts ADDED Viewed

@@ -0,0 +1,62 @@
+import type { AlarmConfig } from "@composurecdk/cloudwatch";
+/**
+ * Controls which recommended alarms are created for an EC2 instance.
+ * All alarms are enabled by default with AWS-recommended thresholds.
+ * Set individual alarms to `false` to disable them, or provide an
+ * {@link AlarmConfig} to tune thresholds.
+ *
+ * @see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Best_Practice_Recommended_Alarms_AWS_Services.html#EC2
+ */
+export interface InstanceAlarmConfig {
+    /**
+     * Master switch: set to `false` to disable all recommended alarms.
+     * Individual alarms can also be disabled via their own entry.
+     * @default true
+     */
+    enabled?: boolean;
+    /**
+     * Alarm when CPU utilization is sustained at a high level.
+     *
+     * Metric: `AWS/EC2 CPUUtilization`, statistic Average, period 1 minute.
+     * Default threshold: > 80% over 5 consecutive minutes.
+     *
+     * @see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Best_Practice_Recommended_Alarms_AWS_Services.html#EC2
+     */
+    cpuUtilization?: AlarmConfig | false;
+    /**
+     * Alarm when the instance fails its EC2 or system status checks.
+     *
+     * Metric: `AWS/EC2 StatusCheckFailed`, statistic Sum, period 1 minute.
+     * Default threshold: > 0 failures over 2 consecutive minutes.
+     *
+     * @see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Best_Practice_Recommended_Alarms_AWS_Services.html#EC2
+     */
+    statusCheckFailed?: AlarmConfig | false;
+    /**
+     * Alarm when the instance's attached EBS volumes are unreachable or
+     * unable to complete I/O — typically a host or storage-subsystem issue.
+     *
+     * Metric: `AWS/EC2 StatusCheckFailed_AttachedEBS`, statistic Maximum,
+     * period 1 minute. Default threshold: >= 1 over 10 consecutive minutes
+     * (the longer window reflects that EBS infrastructure usually self-heals
+     * within a few minutes).
+     *
+     * @see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Best_Practice_Recommended_Alarms_AWS_Services.html#EC2
+     */
+    attachedEbsStatusCheckFailed?: AlarmConfig | false;
+    /**
+     * Alarm when burstable (T-family) CPU credit balance falls low,
+     * indicating the instance is about to be throttled to baseline.
+     *
+     * Only created when the `instanceType` family is one of: t2, t3, t3a, t4g.
+     * For other instance types this alarm is skipped entirely.
+     *
+     * Metric: `AWS/EC2 CPUCreditBalance`, statistic Minimum, period 5 minutes.
+     * Default threshold: < 50 credits over 3 consecutive 5-minute windows.
+     *
+     * @see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Best_Practice_Recommended_Alarms_AWS_Services.html#EC2
+     * @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-credits-baseline-concepts.html
+     */
+    cpuCreditBalance?: AlarmConfig | false;
+}
+//# sourceMappingURL=instance-alarm-config.d.ts.map

package/dist/esm/instance-alarm-config.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"instance-alarm-config.d.ts","sourceRoot":"","sources":["../../src/instance-alarm-config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAE5D;;;;;;;GAOG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;;;;;OAOG;IACH,cAAc,CAAC,EAAE,WAAW,GAAG,KAAK,CAAC;IAErC;;;;;;;OAOG;IACH,iBAAiB,CAAC,EAAE,WAAW,GAAG,KAAK,CAAC;IAExC;;;;;;;;;;OAUG;IACH,4BAA4B,CAAC,EAAE,WAAW,GAAG,KAAK,CAAC;IAEnD;;;;;;;;;;;;OAYG;IACH,gBAAgB,CAAC,EAAE,WAAW,GAAG,KAAK,CAAC;CACxC"}

package/dist/esm/instance-alarm-config.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"instance-alarm-config.js","sourceRoot":"","sources":["../../src/instance-alarm-config.ts"],"names":[],"mappings":""}