@composurecdk/ec2 0.8.3 → 0.8.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commonjs/index.d.ts +16 -0
- package/dist/commonjs/index.d.ts.map +1 -1
- package/dist/commonjs/index.js +17 -1
- package/dist/commonjs/index.js.map +1 -1
- package/dist/commonjs/security-group-builder.d.ts.map +1 -1
- package/dist/commonjs/security-group-builder.js +7 -0
- package/dist/commonjs/security-group-builder.js.map +1 -1
- package/dist/commonjs/security-group-constraints.d.ts +17 -0
- package/dist/commonjs/security-group-constraints.d.ts.map +1 -0
- package/dist/commonjs/security-group-constraints.js +70 -0
- package/dist/commonjs/security-group-constraints.js.map +1 -0
- package/dist/commonjs/vpc-builder.d.ts.map +1 -1
- package/dist/commonjs/vpc-builder.js +11 -0
- package/dist/commonjs/vpc-builder.js.map +1 -1
- package/dist/esm/index.d.ts +16 -0
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +16 -0
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/security-group-builder.d.ts.map +1 -1
- package/dist/esm/security-group-builder.js +7 -0
- package/dist/esm/security-group-builder.js.map +1 -1
- package/dist/esm/security-group-constraints.d.ts +17 -0
- package/dist/esm/security-group-constraints.d.ts.map +1 -0
- package/dist/esm/security-group-constraints.js +66 -0
- package/dist/esm/security-group-constraints.js.map +1 -0
- package/dist/esm/vpc-builder.d.ts.map +1 -1
- package/dist/esm/vpc-builder.js +11 -0
- package/dist/esm/vpc-builder.js.map +1 -1
- package/package.json +1 -1
package/dist/commonjs/index.d.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { validateSecurityGroupDescription, validateSecurityGroupName } from "./security-group-constraints.js";
|
|
1
2
|
export { createInstanceBuilder, type IInstanceBuilder, type InstanceBuilderProps, type InstanceBuilderResult, } from "./instance-builder.js";
|
|
2
3
|
export { INSTANCE_DEFAULTS } from "./instance-defaults.js";
|
|
3
4
|
export { type InstanceAlarmConfig } from "./instance-alarm-config.js";
|
|
@@ -13,4 +14,19 @@ export { createVpcBuilder, type FlowLogsConfig, type IVpcBuilder, type VpcBuilde
|
|
|
13
14
|
export { VPC_DEFAULTS } from "./vpc-defaults.js";
|
|
14
15
|
export { createSecurityGroupBuilder, type ISecurityGroupBuilder, type SecurityGroupBuilderProps, type SecurityGroupBuilderResult, } from "./security-group-builder.js";
|
|
15
16
|
export { SECURITY_GROUP_DEFAULTS } from "./security-group-defaults.js";
|
|
17
|
+
/**
|
|
18
|
+
* This package's AWS-property constraints, grouped by application strategy.
|
|
19
|
+
* The `constraints.validate.*` / `constraints.sanitize.*` shape is identical
|
|
20
|
+
* in every builder package, so it is discoverable without importing anything
|
|
21
|
+
* beyond the package you already use. The underlying constraint definitions and
|
|
22
|
+
* `validate*` functions stay module-private — this namespace is the only public
|
|
23
|
+
* surface for them. See ADR-0010.
|
|
24
|
+
*/
|
|
25
|
+
export declare const constraints: {
|
|
26
|
+
validate: {
|
|
27
|
+
securityGroupDescription: typeof validateSecurityGroupDescription;
|
|
28
|
+
securityGroupName: typeof validateSecurityGroupName;
|
|
29
|
+
};
|
|
30
|
+
sanitize: {};
|
|
31
|
+
};
|
|
16
32
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,gCAAgC,EAChC,yBAAyB,EAC1B,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,qBAAqB,EACrB,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,KAAK,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,KAAK,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAC5E,OAAO,EAAE,KAAK,2BAA2B,EAAE,MAAM,wCAAwC,CAAC;AAC1F,OAAO,EAAE,gCAAgC,EAAE,MAAM,0CAA0C,CAAC;AAE5F,OAAO,EACL,mBAAmB,EACnB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,GACzB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAEnE,OAAO,EACL,gBAAgB,EAChB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,KAAK,gBAAgB,GACtB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EACL,0BAA0B,EAC1B,KAAK,qBAAqB,EAC1B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,GAChC,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAEvE;;;;;;;GAOG;AACH,eAAO,MAAM,WAAW;;;;;;CAMO,CAAC"}
|
package/dist/commonjs/index.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SECURITY_GROUP_DEFAULTS = exports.createSecurityGroupBuilder = exports.VPC_DEFAULTS = exports.createVpcBuilder = exports.VOLUME_ALARM_DEFAULTS = exports.VOLUME_DEFAULTS = exports.createVolumeBuilder = exports.VOLUME_ATTACHMENT_ALARM_DEFAULTS = exports.INSTANCE_ALARM_DEFAULTS = exports.INSTANCE_DEFAULTS = exports.createInstanceBuilder = void 0;
|
|
3
|
+
exports.constraints = exports.SECURITY_GROUP_DEFAULTS = exports.createSecurityGroupBuilder = exports.VPC_DEFAULTS = exports.createVpcBuilder = exports.VOLUME_ALARM_DEFAULTS = exports.VOLUME_DEFAULTS = exports.createVolumeBuilder = exports.VOLUME_ATTACHMENT_ALARM_DEFAULTS = exports.INSTANCE_ALARM_DEFAULTS = exports.INSTANCE_DEFAULTS = exports.createInstanceBuilder = void 0;
|
|
4
|
+
const security_group_constraints_js_1 = require("./security-group-constraints.js");
|
|
4
5
|
var instance_builder_js_1 = require("./instance-builder.js");
|
|
5
6
|
Object.defineProperty(exports, "createInstanceBuilder", { enumerable: true, get: function () { return instance_builder_js_1.createInstanceBuilder; } });
|
|
6
7
|
var instance_defaults_js_1 = require("./instance-defaults.js");
|
|
@@ -23,4 +24,19 @@ var security_group_builder_js_1 = require("./security-group-builder.js");
|
|
|
23
24
|
Object.defineProperty(exports, "createSecurityGroupBuilder", { enumerable: true, get: function () { return security_group_builder_js_1.createSecurityGroupBuilder; } });
|
|
24
25
|
var security_group_defaults_js_1 = require("./security-group-defaults.js");
|
|
25
26
|
Object.defineProperty(exports, "SECURITY_GROUP_DEFAULTS", { enumerable: true, get: function () { return security_group_defaults_js_1.SECURITY_GROUP_DEFAULTS; } });
|
|
27
|
+
/**
|
|
28
|
+
* This package's AWS-property constraints, grouped by application strategy.
|
|
29
|
+
* The `constraints.validate.*` / `constraints.sanitize.*` shape is identical
|
|
30
|
+
* in every builder package, so it is discoverable without importing anything
|
|
31
|
+
* beyond the package you already use. The underlying constraint definitions and
|
|
32
|
+
* `validate*` functions stay module-private — this namespace is the only public
|
|
33
|
+
* surface for them. See ADR-0010.
|
|
34
|
+
*/
|
|
35
|
+
exports.constraints = {
|
|
36
|
+
validate: {
|
|
37
|
+
securityGroupDescription: security_group_constraints_js_1.validateSecurityGroupDescription,
|
|
38
|
+
securityGroupName: security_group_constraints_js_1.validateSecurityGroupName,
|
|
39
|
+
},
|
|
40
|
+
sanitize: {},
|
|
41
|
+
};
|
|
26
42
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AACA,mFAGyC;AAEzC,6DAK+B;AAJ7B,4HAAA,qBAAqB,OAAA;AAKvB,+DAA2D;AAAlD,yHAAA,iBAAiB,OAAA;AAE1B,2EAAuE;AAA9D,qIAAA,uBAAuB,OAAA;AAGhC,mGAA4F;AAAnF,0JAAA,gCAAgC,OAAA;AAEzC,yDAK6B;AAJ3B,wHAAA,mBAAmB,OAAA;AAKrB,2DAAuD;AAA9C,qHAAA,eAAe,OAAA;AAExB,uEAAmE;AAA1D,iIAAA,qBAAqB,OAAA;AAE9B,mDAM0B;AALxB,kHAAA,gBAAgB,OAAA;AAMlB,qDAAiD;AAAxC,+GAAA,YAAY,OAAA;AAErB,yEAKqC;AAJnC,uIAAA,0BAA0B,OAAA;AAK5B,2EAAuE;AAA9D,qIAAA,uBAAuB,OAAA;AAEhC;;;;;;;GAOG;AACU,QAAA,WAAW,GAAG;IACzB,QAAQ,EAAE;QACR,wBAAwB,EAAE,gEAAgC;QAC1D,iBAAiB,EAAE,yDAAyB;KAC7C;IACD,QAAQ,EAAE,EAAE;CACiB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-group-builder.d.ts","sourceRoot":"","sources":["../../src/security-group-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,KAAK,EACV,KAAK,IAAI,EACT,KAAK,IAAI,EACT,aAAa,EACb,KAAK,kBAAkB,EACxB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,KAAK,SAAS,EAAW,KAAK,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC1F,OAAO,EAAE,KAAK,cAAc,EAAiB,MAAM,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"security-group-builder.d.ts","sourceRoot":"","sources":["../../src/security-group-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,KAAK,EACV,KAAK,IAAI,EACT,KAAK,IAAI,EACT,aAAa,EACb,KAAK,kBAAkB,EACxB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,KAAK,SAAS,EAAW,KAAK,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC1F,OAAO,EAAE,KAAK,cAAc,EAAiB,MAAM,8BAA8B,CAAC;AAOlF;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,yBAAyB,GAAG,IAAI,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAAC;AAExE;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,0BAA0B;IACzC,aAAa,EAAE,aAAa,CAAC;CAC9B;AAcD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AACH,MAAM,MAAM,qBAAqB,GAAG,cAAc,CAAC,yBAAyB,EAAE,oBAAoB,CAAC,CAAC;AAEpG,cAAM,oBAAqB,YAAW,SAAS,CAAC,0BAA0B,CAAC;;IACzE,KAAK,EAAE,OAAO,CAAC,yBAAyB,CAAC,CAAM;IAK/C;;;;;;;;;OASG;IACH,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI;IAKhC;;;;;;;;;OASG;IACH,cAAc,CAAC,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI;IAU/E;;;;;;;;;OASG;IACH,aAAa,CAAC,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI;IAU9E;;;;;;;;;;OAUG;IACH,cAAc,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI;IAQtD,gCAAgC;IAChC,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,oBAAoB,GAAG,IAAI;IAMhD,KAAK,CACH,KAAK,EAAE,UAAU,EACjB,EAAE,EAAE,MAAM,EACV,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC/B,0BAA0B;CAwD9B;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,0BAA0B,IAAI,qBAAqB,CAElE"}
|
|
@@ -5,6 +5,7 @@ const aws_ec2_1 = require("aws-cdk-lib/aws-ec2");
|
|
|
5
5
|
const core_1 = require("@composurecdk/core");
|
|
6
6
|
const cloudformation_1 = require("@composurecdk/cloudformation");
|
|
7
7
|
const security_group_defaults_js_1 = require("./security-group-defaults.js");
|
|
8
|
+
const security_group_constraints_js_1 = require("./security-group-constraints.js");
|
|
8
9
|
class SecurityGroupBuilder {
|
|
9
10
|
props = {};
|
|
10
11
|
#peerRules = [];
|
|
@@ -96,6 +97,12 @@ class SecurityGroupBuilder {
|
|
|
96
97
|
throw new Error(`SecurityGroupBuilder "${id}" requires a description. ` +
|
|
97
98
|
"Call .description() with a short summary of the SG's purpose.");
|
|
98
99
|
}
|
|
100
|
+
// Fail at synth, at the authoring call site, instead of CREATE_FAILED at
|
|
101
|
+
// deploy time. The validators skip unresolved tokens (ADR-0010).
|
|
102
|
+
(0, security_group_constraints_js_1.validateSecurityGroupDescription)(this.props.description);
|
|
103
|
+
if (this.props.securityGroupName !== undefined) {
|
|
104
|
+
(0, security_group_constraints_js_1.validateSecurityGroupName)(this.props.securityGroupName);
|
|
105
|
+
}
|
|
99
106
|
// Drop keys whose value is `undefined` so a fluent call like
|
|
100
107
|
// `.allowAllOutbound(undefined)` (common in "optional override" code:
|
|
101
108
|
// `b.allowAllOutbound(cfg?.allowAllOutbound)`) does not clobber the
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-group-builder.js","sourceRoot":"","sources":["../../src/security-group-builder.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"security-group-builder.js","sourceRoot":"","sources":["../../src/security-group-builder.ts"],"names":[],"mappings":";;AA6QA,gEAEC;AA/QD,iDAM6B;AAE7B,6CAA0F;AAC1F,iEAAkF;AAClF,6EAAuE;AACvE,mFAGyC;AA8FzC,MAAM,oBAAoB;IACxB,KAAK,GAAuC,EAAE,CAAC;IACtC,UAAU,GAAmB,EAAE,CAAC;IAChC,YAAY,GAAsB,EAAE,CAAC;IAC9C,IAAI,CAAoB;IAExB;;;;;;;;;OASG;IACH,GAAG,CAAC,GAAqB;QACvB,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;;OASG;IACH,cAAc,CAAC,IAAuB,EAAE,IAAU,EAAE,WAAoB;QACtE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YACnB,SAAS,EAAE,SAAS;YACpB,IAAI;YACJ,IAAI;YACJ,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;;OASG;IACH,aAAa,CAAC,IAAuB,EAAE,IAAU,EAAE,WAAoB;QACrE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YACnB,SAAS,EAAE,QAAQ;YACnB,IAAI;YACJ,IAAI;YACJ,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;;;OAUG;IACH,cAAc,CAAC,IAAU,EAAE,WAAoB;QAC7C,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;YACrB,IAAI;YACJ,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gCAAgC;IAChC,CAAC,iBAAU,CAAC,CAAC,MAA4B;QACvC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACxB,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3C,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CACH,KAAiB,EACjB,EAAU,EACV,OAAgC;QAEhC,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAA,cAAO,EAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACxE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,yBAAyB,EAAE,oBAAoB;gBAC7C,2CAA2C,CAC9C,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACjF,MAAM,IAAI,KAAK,CACb,yBAAyB,EAAE,4BAA4B;gBACrD,+DAA+D,CAClE,CAAC;QACJ,CAAC;QAED,yEAAyE;QACzE,iEAAiE;QACjE,IAAA,gEAAgC,EAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACzD,IAAI,IAAI,CAAC,KAAK,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;YAC/C,IAAA,yDAAyB,EAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAC1D,CAAC;QAED,6DAA6D;QAC7D,sEAAsE;QACtE,oEAAoE;QACpE,mDAAmD;QACnD,MAAM,SAAS,GAAuC,EAAE,CAAC;QACzD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAwC,EAAE,CAAC;YACjF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC9B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACvB,SAAqC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACtD,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAG;YAClB,GAAG,oDAAuB;YAC1B,GAAG,SAAS;YACZ,GAAG,EAAE,WAAW;SACK,CAAC;QAExB,MAAM,aAAa,GAAG,IAAI,uBAAa,CAAC,KAAK,EAAE,EAAE,EAAE,WAAW,CAAC,CAAC;QAEhE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,IAAA,cAAO,EAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACzC,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACjC,aAAa,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YAClE,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACrC,aAAa,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAC3E,CAAC;QAED,OAAO,EAAE,aAAa,EAAE,CAAC;IAC3B,CAAC;CACF;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,0BAA0B;IACxC,OAAO,IAAA,8BAAa,EAAkD,oBAAoB,CAAC,CAAC;AAC9F,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Validates an EC2 security group description. Unresolved CDK tokens are
|
|
3
|
+
* skipped — their value is resolved by CloudFormation and is not knowable at
|
|
4
|
+
* synth (ADR-0010).
|
|
5
|
+
*
|
|
6
|
+
* @throws on invalid input.
|
|
7
|
+
*/
|
|
8
|
+
export declare function validateSecurityGroupDescription(raw: string): void;
|
|
9
|
+
/**
|
|
10
|
+
* Validates an EC2 security group name. AWS additionally reserves the `sg-`
|
|
11
|
+
* prefix for generated group IDs, so a user-supplied name must not use it.
|
|
12
|
+
* Unresolved CDK tokens are skipped (ADR-0010).
|
|
13
|
+
*
|
|
14
|
+
* @throws on invalid input.
|
|
15
|
+
*/
|
|
16
|
+
export declare function validateSecurityGroupName(raw: string): void;
|
|
17
|
+
//# sourceMappingURL=security-group-constraints.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-group-constraints.d.ts","sourceRoot":"","sources":["../../src/security-group-constraints.ts"],"names":[],"mappings":"AA2CA;;;;;;GAMG;AACH,wBAAgB,gCAAgC,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAGlE;AAED;;;;;;GAMG;AACH,wBAAgB,yBAAyB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAQ3D"}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.validateSecurityGroupDescription = validateSecurityGroupDescription;
|
|
4
|
+
exports.validateSecurityGroupName = validateSecurityGroupName;
|
|
5
|
+
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
6
|
+
const cloudformation_1 = require("@composurecdk/cloudformation");
|
|
7
|
+
/**
|
|
8
|
+
* AWS-property constraints for EC2 security groups.
|
|
9
|
+
*
|
|
10
|
+
* The catalogue mechanism (`stringConstraint` / `validateString`) lives in
|
|
11
|
+
* `@composurecdk/cloudformation`; this per-resource data lives next to the
|
|
12
|
+
* builder that enforces it. The trigger for the catalogue was an em-dash in a
|
|
13
|
+
* `GroupDescription` reaching CloudFormation and failing at CREATE_FAILED — a
|
|
14
|
+
* `validate*` call in `build()` turns that into a `cdk synth` error. See
|
|
15
|
+
* ADR-0010.
|
|
16
|
+
*
|
|
17
|
+
* The constraints themselves are module-private; the package exposes only the
|
|
18
|
+
* `validate*` functions (via the `constraints` namespace in the package index).
|
|
19
|
+
*
|
|
20
|
+
* `GroupDescription` and `GroupName` share the same EC2 character set, so they
|
|
21
|
+
* spread the same class fragments; the comma/bracket tail beyond the shared
|
|
22
|
+
* `charSets.AWS_NAME_PUNCT` spine is EC2-specific and stays local.
|
|
23
|
+
*/
|
|
24
|
+
const SG_TAIL = ",\\[\\]&;{}!$*";
|
|
25
|
+
const SG_CHAR_CLASS = `${cloudformation_1.charSets.ALNUM}${cloudformation_1.charSets.AWS_NAME_PUNCT}${SG_TAIL}`;
|
|
26
|
+
const SG_ALLOWED = "ASCII letters, digits, spaces and ._-:/()#,@[]+=&;{}!$*";
|
|
27
|
+
const SG_SOURCE = "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html";
|
|
28
|
+
const SECURITY_GROUP_DESCRIPTION = (0, cloudformation_1.stringConstraint)({
|
|
29
|
+
name: "EC2 SecurityGroup GroupDescription",
|
|
30
|
+
charClass: SG_CHAR_CLASS,
|
|
31
|
+
maxLength: 255,
|
|
32
|
+
allowed: SG_ALLOWED,
|
|
33
|
+
source: SG_SOURCE,
|
|
34
|
+
});
|
|
35
|
+
const SECURITY_GROUP_NAME = (0, cloudformation_1.stringConstraint)({
|
|
36
|
+
name: "EC2 SecurityGroup GroupName",
|
|
37
|
+
charClass: SG_CHAR_CLASS,
|
|
38
|
+
minLength: 1,
|
|
39
|
+
maxLength: 255,
|
|
40
|
+
allowed: SG_ALLOWED,
|
|
41
|
+
source: SG_SOURCE,
|
|
42
|
+
});
|
|
43
|
+
/**
|
|
44
|
+
* Validates an EC2 security group description. Unresolved CDK tokens are
|
|
45
|
+
* skipped — their value is resolved by CloudFormation and is not knowable at
|
|
46
|
+
* synth (ADR-0010).
|
|
47
|
+
*
|
|
48
|
+
* @throws on invalid input.
|
|
49
|
+
*/
|
|
50
|
+
function validateSecurityGroupDescription(raw) {
|
|
51
|
+
if (aws_cdk_lib_1.Token.isUnresolved(raw))
|
|
52
|
+
return;
|
|
53
|
+
(0, cloudformation_1.validateString)(raw, SECURITY_GROUP_DESCRIPTION);
|
|
54
|
+
}
|
|
55
|
+
/**
|
|
56
|
+
* Validates an EC2 security group name. AWS additionally reserves the `sg-`
|
|
57
|
+
* prefix for generated group IDs, so a user-supplied name must not use it.
|
|
58
|
+
* Unresolved CDK tokens are skipped (ADR-0010).
|
|
59
|
+
*
|
|
60
|
+
* @throws on invalid input.
|
|
61
|
+
*/
|
|
62
|
+
function validateSecurityGroupName(raw) {
|
|
63
|
+
if (aws_cdk_lib_1.Token.isUnresolved(raw))
|
|
64
|
+
return;
|
|
65
|
+
if (raw.startsWith("sg-")) {
|
|
66
|
+
throw new Error(`EC2 SecurityGroup GroupName "${raw}" must not start with the reserved "sg-" prefix. See ${SG_SOURCE}.`);
|
|
67
|
+
}
|
|
68
|
+
(0, cloudformation_1.validateString)(raw, SECURITY_GROUP_NAME);
|
|
69
|
+
}
|
|
70
|
+
//# sourceMappingURL=security-group-constraints.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-group-constraints.js","sourceRoot":"","sources":["../../src/security-group-constraints.ts"],"names":[],"mappings":";;AAkDA,4EAGC;AASD,8DAQC;AAtED,6CAAoC;AACpC,iEAA0F;AAE1F;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,GAAG,gBAAgB,CAAC;AACjC,MAAM,aAAa,GAAG,GAAG,yBAAQ,CAAC,KAAK,GAAG,yBAAQ,CAAC,cAAc,GAAG,OAAO,EAAE,CAAC;AAC9E,MAAM,UAAU,GAAG,yDAAyD,CAAC;AAC7E,MAAM,SAAS,GACb,qFAAqF,CAAC;AAExF,MAAM,0BAA0B,GAAG,IAAA,iCAAgB,EAAC;IAClD,IAAI,EAAE,oCAAoC;IAC1C,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,GAAG;IACd,OAAO,EAAE,UAAU;IACnB,MAAM,EAAE,SAAS;CAClB,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,IAAA,iCAAgB,EAAC;IAC3C,IAAI,EAAE,6BAA6B;IACnC,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,CAAC;IACZ,SAAS,EAAE,GAAG;IACd,OAAO,EAAE,UAAU;IACnB,MAAM,EAAE,SAAS;CAClB,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,SAAgB,gCAAgC,CAAC,GAAW;IAC1D,IAAI,mBAAK,CAAC,YAAY,CAAC,GAAG,CAAC;QAAE,OAAO;IACpC,IAAA,+BAAc,EAAC,GAAG,EAAE,0BAA0B,CAAC,CAAC;AAClD,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,yBAAyB,CAAC,GAAW;IACnD,IAAI,mBAAK,CAAC,YAAY,CAAC,GAAG,CAAC;QAAE,OAAO;IACpC,IAAI,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACb,gCAAgC,GAAG,wDAAwD,SAAS,GAAG,CACxG,CAAC;IACJ,CAAC;IACD,IAAA,+BAAc,EAAC,GAAG,EAAE,mBAAmB,CAAC,CAAC;AAC3C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vpc-builder.d.ts","sourceRoot":"","sources":["../../src/vpc-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,GAAG,EAAE,KAAK,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC7E,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,KAAK,cAAc,EAAiB,MAAM,8BAA8B,CAAC;AAClF,OAAO,EAAyB,KAAK,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAGlF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,cAAc,GACtB,KAAK,GACL;IACE,gFAAgF;IAChF,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC;;;;OAIG;IACH,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,gBAAgB,KAAK,gBAAgB,CAAC;CACvD,CAAC;AAEN;;;;;;GAMG;AACH,MAAM,WAAW,eAAgB,SAAQ,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC;IACjE,wFAAwF;IACxF,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,GAAG,CAAC;IAET;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAE,QAAQ,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,MAAM,WAAW,GAAG,cAAc,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;AAItE,cAAM,UAAW,YAAW,SAAS,CAAC,gBAAgB,CAAC;IACrD,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,CAAM;IAErC,KAAK,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,GAAG,gBAAgB;
|
|
1
|
+
{"version":3,"file":"vpc-builder.d.ts","sourceRoot":"","sources":["../../src/vpc-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,GAAG,EAAE,KAAK,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC7E,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,KAAK,cAAc,EAAiB,MAAM,8BAA8B,CAAC;AAClF,OAAO,EAAyB,KAAK,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAGlF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,cAAc,GACtB,KAAK,GACL;IACE,gFAAgF;IAChF,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC;;;;OAIG;IACH,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,gBAAgB,KAAK,gBAAgB,CAAC;CACvD,CAAC;AAEN;;;;;;GAMG;AACH,MAAM,WAAW,eAAgB,SAAQ,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC;IACjE,wFAAwF;IACxF,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,GAAG,CAAC;IAET;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAE,QAAQ,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,MAAM,WAAW,GAAG,cAAc,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;AAItE,cAAM,UAAW,YAAW,SAAS,CAAC,gBAAgB,CAAC;IACrD,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,CAAM;IAErC,KAAK,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,GAAG,gBAAgB;CA8BvD;AA2CD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAE9C"}
|
|
@@ -11,11 +11,22 @@ class VpcBuilder {
|
|
|
11
11
|
build(scope, id) {
|
|
12
12
|
const { flowLogs: flowLogsConfig, ...vpcProps } = this.props;
|
|
13
13
|
const { flowLogsLogGroup, flowLogProps } = resolveFlowLogs(scope, id, flowLogsConfig);
|
|
14
|
+
// CDK accepts `availabilityZones` or `maxAzs`, but not both. When the user
|
|
15
|
+
// pins AZs explicitly, the default `maxAzs` must yield to their intent;
|
|
16
|
+
// setting both is a genuine conflict and fails fast.
|
|
17
|
+
const userPinnedAzs = vpcProps.availabilityZones !== undefined;
|
|
18
|
+
if (userPinnedAzs && vpcProps.maxAzs !== undefined) {
|
|
19
|
+
throw new Error(`VpcBuilder "${id}": .availabilityZones() and .maxAzs() are mutually exclusive — ` +
|
|
20
|
+
`CDK accepts one or the other, not both.`);
|
|
21
|
+
}
|
|
14
22
|
const mergedProps = {
|
|
15
23
|
...vpc_defaults_js_1.VPC_DEFAULTS,
|
|
16
24
|
...flowLogProps,
|
|
17
25
|
...vpcProps,
|
|
18
26
|
};
|
|
27
|
+
if (userPinnedAzs) {
|
|
28
|
+
delete mergedProps.maxAzs;
|
|
29
|
+
}
|
|
19
30
|
return {
|
|
20
31
|
vpc: new aws_ec2_1.Vpc(scope, id, mergedProps),
|
|
21
32
|
flowLogsLogGroup,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vpc-builder.js","sourceRoot":"","sources":["../../src/vpc-builder.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"vpc-builder.js","sourceRoot":"","sources":["../../src/vpc-builder.ts"],"names":[],"mappings":";;AA8LA,4CAEC;AAhMD,iDAA6E;AAI7E,iEAAkF;AAClF,6CAAkF;AAClF,uDAAiD;AAmFjD,MAAM,oBAAoB,GAAG,gBAAgB,CAAC;AAE9C,MAAM,UAAU;IACd,KAAK,GAA6B,EAAE,CAAC;IAErC,KAAK,CAAC,KAAiB,EAAE,EAAU;QACjC,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAE7D,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,GAAG,eAAe,CAAC,KAAK,EAAE,EAAE,EAAE,cAAc,CAAC,CAAC;QAEtF,2EAA2E;QAC3E,wEAAwE;QACxE,qDAAqD;QACrD,MAAM,aAAa,GAAG,QAAQ,CAAC,iBAAiB,KAAK,SAAS,CAAC;QAC/D,IAAI,aAAa,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,eAAe,EAAE,iEAAiE;gBAChF,yCAAyC,CAC5C,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG;YAClB,GAAG,8BAAY;YACf,GAAG,YAAY;YACf,GAAG,QAAQ;SACZ,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,WAAW,CAAC,MAAM,CAAC;QAC5B,CAAC;QAED,OAAO;YACL,GAAG,EAAE,IAAI,aAAG,CAAC,KAAK,EAAE,EAAE,EAAE,WAAW,CAAC;YACpC,gBAAgB;SACjB,CAAC;IACJ,CAAC;CACF;AAED,SAAS,eAAe,CACtB,KAAiB,EACjB,EAAU,EACV,GAA+B;IAE/B,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,OAAO,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;IAC9B,CAAC;IAED,IAAI,GAAG,EAAE,WAAW,KAAK,SAAS,EAAE,CAAC;QACnC,IAAI,GAAG,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,gEAAgE;gBAC9D,gEAAgE,CACnE,CAAC;QACJ,CAAC;QACD,OAAO;YACL,YAAY,EAAE;gBACZ,QAAQ,EAAE,EAAE,CAAC,oBAAoB,CAAC,EAAE,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE;aACvE;SACF,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,GAAG,IAAA,4BAAqB,GAAE,CAAC;IACzC,IAAI,GAAG,EAAE,SAAS,EAAE,CAAC;QACnB,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,gBAAgB,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC;IAEnF,OAAO;QACL,gBAAgB;QAChB,YAAY,EAAE;YACZ,QAAQ,EAAE;gBACR,CAAC,oBAAoB,CAAC,EAAE;oBACtB,WAAW,EAAE,4BAAkB,CAAC,gBAAgB,CAAC,gBAAgB,CAAC;iBACnE;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,SAAgB,gBAAgB;IAC9B,OAAO,IAAA,8BAAa,EAA8B,UAAU,CAAC,CAAC;AAChE,CAAC"}
|
package/dist/esm/index.d.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { validateSecurityGroupDescription, validateSecurityGroupName } from "./security-group-constraints.js";
|
|
1
2
|
export { createInstanceBuilder, type IInstanceBuilder, type InstanceBuilderProps, type InstanceBuilderResult, } from "./instance-builder.js";
|
|
2
3
|
export { INSTANCE_DEFAULTS } from "./instance-defaults.js";
|
|
3
4
|
export { type InstanceAlarmConfig } from "./instance-alarm-config.js";
|
|
@@ -13,4 +14,19 @@ export { createVpcBuilder, type FlowLogsConfig, type IVpcBuilder, type VpcBuilde
|
|
|
13
14
|
export { VPC_DEFAULTS } from "./vpc-defaults.js";
|
|
14
15
|
export { createSecurityGroupBuilder, type ISecurityGroupBuilder, type SecurityGroupBuilderProps, type SecurityGroupBuilderResult, } from "./security-group-builder.js";
|
|
15
16
|
export { SECURITY_GROUP_DEFAULTS } from "./security-group-defaults.js";
|
|
17
|
+
/**
|
|
18
|
+
* This package's AWS-property constraints, grouped by application strategy.
|
|
19
|
+
* The `constraints.validate.*` / `constraints.sanitize.*` shape is identical
|
|
20
|
+
* in every builder package, so it is discoverable without importing anything
|
|
21
|
+
* beyond the package you already use. The underlying constraint definitions and
|
|
22
|
+
* `validate*` functions stay module-private — this namespace is the only public
|
|
23
|
+
* surface for them. See ADR-0010.
|
|
24
|
+
*/
|
|
25
|
+
export declare const constraints: {
|
|
26
|
+
validate: {
|
|
27
|
+
securityGroupDescription: typeof validateSecurityGroupDescription;
|
|
28
|
+
securityGroupName: typeof validateSecurityGroupName;
|
|
29
|
+
};
|
|
30
|
+
sanitize: {};
|
|
31
|
+
};
|
|
16
32
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/esm/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,gCAAgC,EAChC,yBAAyB,EAC1B,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,qBAAqB,EACrB,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,KAAK,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,KAAK,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAC5E,OAAO,EAAE,KAAK,2BAA2B,EAAE,MAAM,wCAAwC,CAAC;AAC1F,OAAO,EAAE,gCAAgC,EAAE,MAAM,0CAA0C,CAAC;AAE5F,OAAO,EACL,mBAAmB,EACnB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,GACzB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAEnE,OAAO,EACL,gBAAgB,EAChB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,KAAK,gBAAgB,GACtB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EACL,0BAA0B,EAC1B,KAAK,qBAAqB,EAC1B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,GAChC,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAEvE;;;;;;;GAOG;AACH,eAAO,MAAM,WAAW;;;;;;CAMO,CAAC"}
|
package/dist/esm/index.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { validateSecurityGroupDescription, validateSecurityGroupName, } from "./security-group-constraints.js";
|
|
1
2
|
export { createInstanceBuilder, } from "./instance-builder.js";
|
|
2
3
|
export { INSTANCE_DEFAULTS } from "./instance-defaults.js";
|
|
3
4
|
export { INSTANCE_ALARM_DEFAULTS } from "./instance-alarm-defaults.js";
|
|
@@ -9,4 +10,19 @@ export { createVpcBuilder, } from "./vpc-builder.js";
|
|
|
9
10
|
export { VPC_DEFAULTS } from "./vpc-defaults.js";
|
|
10
11
|
export { createSecurityGroupBuilder, } from "./security-group-builder.js";
|
|
11
12
|
export { SECURITY_GROUP_DEFAULTS } from "./security-group-defaults.js";
|
|
13
|
+
/**
|
|
14
|
+
* This package's AWS-property constraints, grouped by application strategy.
|
|
15
|
+
* The `constraints.validate.*` / `constraints.sanitize.*` shape is identical
|
|
16
|
+
* in every builder package, so it is discoverable without importing anything
|
|
17
|
+
* beyond the package you already use. The underlying constraint definitions and
|
|
18
|
+
* `validate*` functions stay module-private — this namespace is the only public
|
|
19
|
+
* surface for them. See ADR-0010.
|
|
20
|
+
*/
|
|
21
|
+
export const constraints = {
|
|
22
|
+
validate: {
|
|
23
|
+
securityGroupDescription: validateSecurityGroupDescription,
|
|
24
|
+
securityGroupName: validateSecurityGroupName,
|
|
25
|
+
},
|
|
26
|
+
sanitize: {},
|
|
27
|
+
};
|
|
12
28
|
//# sourceMappingURL=index.js.map
|
package/dist/esm/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,gCAAgC,EAChC,yBAAyB,GAC1B,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,qBAAqB,GAItB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAGvE,OAAO,EAAE,gCAAgC,EAAE,MAAM,0CAA0C,CAAC;AAE5F,OAAO,EACL,mBAAmB,GAIpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAEnE,OAAO,EACL,gBAAgB,GAKjB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EACL,0BAA0B,GAI3B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAEvE;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,QAAQ,EAAE;QACR,wBAAwB,EAAE,gCAAgC;QAC1D,iBAAiB,EAAE,yBAAyB;KAC7C;IACD,QAAQ,EAAE,EAAE;CACiB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-group-builder.d.ts","sourceRoot":"","sources":["../../src/security-group-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,KAAK,EACV,KAAK,IAAI,EACT,KAAK,IAAI,EACT,aAAa,EACb,KAAK,kBAAkB,EACxB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,KAAK,SAAS,EAAW,KAAK,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC1F,OAAO,EAAE,KAAK,cAAc,EAAiB,MAAM,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"security-group-builder.d.ts","sourceRoot":"","sources":["../../src/security-group-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,KAAK,EACV,KAAK,IAAI,EACT,KAAK,IAAI,EACT,aAAa,EACb,KAAK,kBAAkB,EACxB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,KAAK,SAAS,EAAW,KAAK,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC1F,OAAO,EAAE,KAAK,cAAc,EAAiB,MAAM,8BAA8B,CAAC;AAOlF;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,yBAAyB,GAAG,IAAI,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAAC;AAExE;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,0BAA0B;IACzC,aAAa,EAAE,aAAa,CAAC;CAC9B;AAcD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AACH,MAAM,MAAM,qBAAqB,GAAG,cAAc,CAAC,yBAAyB,EAAE,oBAAoB,CAAC,CAAC;AAEpG,cAAM,oBAAqB,YAAW,SAAS,CAAC,0BAA0B,CAAC;;IACzE,KAAK,EAAE,OAAO,CAAC,yBAAyB,CAAC,CAAM;IAK/C;;;;;;;;;OASG;IACH,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI;IAKhC;;;;;;;;;OASG;IACH,cAAc,CAAC,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI;IAU/E;;;;;;;;;OASG;IACH,aAAa,CAAC,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI;IAU9E;;;;;;;;;;OAUG;IACH,cAAc,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI;IAQtD,gCAAgC;IAChC,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,oBAAoB,GAAG,IAAI;IAMhD,KAAK,CACH,KAAK,EAAE,UAAU,EACjB,EAAE,EAAE,MAAM,EACV,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC/B,0BAA0B;CAwD9B;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,0BAA0B,IAAI,qBAAqB,CAElE"}
|
|
@@ -2,6 +2,7 @@ import { SecurityGroup, } from "aws-cdk-lib/aws-ec2";
|
|
|
2
2
|
import { COPY_STATE, resolve } from "@composurecdk/core";
|
|
3
3
|
import { taggedBuilder } from "@composurecdk/cloudformation";
|
|
4
4
|
import { SECURITY_GROUP_DEFAULTS } from "./security-group-defaults.js";
|
|
5
|
+
import { validateSecurityGroupDescription, validateSecurityGroupName, } from "./security-group-constraints.js";
|
|
5
6
|
class SecurityGroupBuilder {
|
|
6
7
|
props = {};
|
|
7
8
|
#peerRules = [];
|
|
@@ -93,6 +94,12 @@ class SecurityGroupBuilder {
|
|
|
93
94
|
throw new Error(`SecurityGroupBuilder "${id}" requires a description. ` +
|
|
94
95
|
"Call .description() with a short summary of the SG's purpose.");
|
|
95
96
|
}
|
|
97
|
+
// Fail at synth, at the authoring call site, instead of CREATE_FAILED at
|
|
98
|
+
// deploy time. The validators skip unresolved tokens (ADR-0010).
|
|
99
|
+
validateSecurityGroupDescription(this.props.description);
|
|
100
|
+
if (this.props.securityGroupName !== undefined) {
|
|
101
|
+
validateSecurityGroupName(this.props.securityGroupName);
|
|
102
|
+
}
|
|
96
103
|
// Drop keys whose value is `undefined` so a fluent call like
|
|
97
104
|
// `.allowAllOutbound(undefined)` (common in "optional override" code:
|
|
98
105
|
// `b.allowAllOutbound(cfg?.allowAllOutbound)`) does not clobber the
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-group-builder.js","sourceRoot":"","sources":["../../src/security-group-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,aAAa,GAEd,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,UAAU,EAAkB,OAAO,EAAmB,MAAM,oBAAoB,CAAC;AAC1F,OAAO,EAAuB,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAClF,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"security-group-builder.js","sourceRoot":"","sources":["../../src/security-group-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,aAAa,GAEd,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,UAAU,EAAkB,OAAO,EAAmB,MAAM,oBAAoB,CAAC;AAC1F,OAAO,EAAuB,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAClF,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EACL,gCAAgC,EAChC,yBAAyB,GAC1B,MAAM,iCAAiC,CAAC;AA8FzC,MAAM,oBAAoB;IACxB,KAAK,GAAuC,EAAE,CAAC;IACtC,UAAU,GAAmB,EAAE,CAAC;IAChC,YAAY,GAAsB,EAAE,CAAC;IAC9C,IAAI,CAAoB;IAExB;;;;;;;;;OASG;IACH,GAAG,CAAC,GAAqB;QACvB,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;;OASG;IACH,cAAc,CAAC,IAAuB,EAAE,IAAU,EAAE,WAAoB;QACtE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YACnB,SAAS,EAAE,SAAS;YACpB,IAAI;YACJ,IAAI;YACJ,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;;OASG;IACH,aAAa,CAAC,IAAuB,EAAE,IAAU,EAAE,WAAoB;QACrE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YACnB,SAAS,EAAE,QAAQ;YACnB,IAAI;YACJ,IAAI;YACJ,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;;;OAUG;IACH,cAAc,CAAC,IAAU,EAAE,WAAoB;QAC7C,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;YACrB,IAAI;YACJ,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gCAAgC;IAChC,CAAC,UAAU,CAAC,CAAC,MAA4B;QACvC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACxB,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3C,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CACH,KAAiB,EACjB,EAAU,EACV,OAAgC;QAEhC,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACxE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,yBAAyB,EAAE,oBAAoB;gBAC7C,2CAA2C,CAC9C,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACjF,MAAM,IAAI,KAAK,CACb,yBAAyB,EAAE,4BAA4B;gBACrD,+DAA+D,CAClE,CAAC;QACJ,CAAC;QAED,yEAAyE;QACzE,iEAAiE;QACjE,gCAAgC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACzD,IAAI,IAAI,CAAC,KAAK,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;YAC/C,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAC1D,CAAC;QAED,6DAA6D;QAC7D,sEAAsE;QACtE,oEAAoE;QACpE,mDAAmD;QACnD,MAAM,SAAS,GAAuC,EAAE,CAAC;QACzD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAwC,EAAE,CAAC;YACjF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC9B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACvB,SAAqC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACtD,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAG;YAClB,GAAG,uBAAuB;YAC1B,GAAG,SAAS;YACZ,GAAG,EAAE,WAAW;SACK,CAAC;QAExB,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC,KAAK,EAAE,EAAE,EAAE,WAAW,CAAC,CAAC;QAEhE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACzC,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACjC,aAAa,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YAClE,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACrC,aAAa,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAC3E,CAAC;QAED,OAAO,EAAE,aAAa,EAAE,CAAC;IAC3B,CAAC;CACF;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,0BAA0B;IACxC,OAAO,aAAa,CAAkD,oBAAoB,CAAC,CAAC;AAC9F,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Validates an EC2 security group description. Unresolved CDK tokens are
|
|
3
|
+
* skipped — their value is resolved by CloudFormation and is not knowable at
|
|
4
|
+
* synth (ADR-0010).
|
|
5
|
+
*
|
|
6
|
+
* @throws on invalid input.
|
|
7
|
+
*/
|
|
8
|
+
export declare function validateSecurityGroupDescription(raw: string): void;
|
|
9
|
+
/**
|
|
10
|
+
* Validates an EC2 security group name. AWS additionally reserves the `sg-`
|
|
11
|
+
* prefix for generated group IDs, so a user-supplied name must not use it.
|
|
12
|
+
* Unresolved CDK tokens are skipped (ADR-0010).
|
|
13
|
+
*
|
|
14
|
+
* @throws on invalid input.
|
|
15
|
+
*/
|
|
16
|
+
export declare function validateSecurityGroupName(raw: string): void;
|
|
17
|
+
//# sourceMappingURL=security-group-constraints.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-group-constraints.d.ts","sourceRoot":"","sources":["../../src/security-group-constraints.ts"],"names":[],"mappings":"AA2CA;;;;;;GAMG;AACH,wBAAgB,gCAAgC,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAGlE;AAED;;;;;;GAMG;AACH,wBAAgB,yBAAyB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAQ3D"}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
import { Token } from "aws-cdk-lib";
|
|
2
|
+
import { charSets, stringConstraint, validateString } from "@composurecdk/cloudformation";
|
|
3
|
+
/**
|
|
4
|
+
* AWS-property constraints for EC2 security groups.
|
|
5
|
+
*
|
|
6
|
+
* The catalogue mechanism (`stringConstraint` / `validateString`) lives in
|
|
7
|
+
* `@composurecdk/cloudformation`; this per-resource data lives next to the
|
|
8
|
+
* builder that enforces it. The trigger for the catalogue was an em-dash in a
|
|
9
|
+
* `GroupDescription` reaching CloudFormation and failing at CREATE_FAILED — a
|
|
10
|
+
* `validate*` call in `build()` turns that into a `cdk synth` error. See
|
|
11
|
+
* ADR-0010.
|
|
12
|
+
*
|
|
13
|
+
* The constraints themselves are module-private; the package exposes only the
|
|
14
|
+
* `validate*` functions (via the `constraints` namespace in the package index).
|
|
15
|
+
*
|
|
16
|
+
* `GroupDescription` and `GroupName` share the same EC2 character set, so they
|
|
17
|
+
* spread the same class fragments; the comma/bracket tail beyond the shared
|
|
18
|
+
* `charSets.AWS_NAME_PUNCT` spine is EC2-specific and stays local.
|
|
19
|
+
*/
|
|
20
|
+
const SG_TAIL = ",\\[\\]&;{}!$*";
|
|
21
|
+
const SG_CHAR_CLASS = `${charSets.ALNUM}${charSets.AWS_NAME_PUNCT}${SG_TAIL}`;
|
|
22
|
+
const SG_ALLOWED = "ASCII letters, digits, spaces and ._-:/()#,@[]+=&;{}!$*";
|
|
23
|
+
const SG_SOURCE = "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html";
|
|
24
|
+
const SECURITY_GROUP_DESCRIPTION = stringConstraint({
|
|
25
|
+
name: "EC2 SecurityGroup GroupDescription",
|
|
26
|
+
charClass: SG_CHAR_CLASS,
|
|
27
|
+
maxLength: 255,
|
|
28
|
+
allowed: SG_ALLOWED,
|
|
29
|
+
source: SG_SOURCE,
|
|
30
|
+
});
|
|
31
|
+
const SECURITY_GROUP_NAME = stringConstraint({
|
|
32
|
+
name: "EC2 SecurityGroup GroupName",
|
|
33
|
+
charClass: SG_CHAR_CLASS,
|
|
34
|
+
minLength: 1,
|
|
35
|
+
maxLength: 255,
|
|
36
|
+
allowed: SG_ALLOWED,
|
|
37
|
+
source: SG_SOURCE,
|
|
38
|
+
});
|
|
39
|
+
/**
|
|
40
|
+
* Validates an EC2 security group description. Unresolved CDK tokens are
|
|
41
|
+
* skipped — their value is resolved by CloudFormation and is not knowable at
|
|
42
|
+
* synth (ADR-0010).
|
|
43
|
+
*
|
|
44
|
+
* @throws on invalid input.
|
|
45
|
+
*/
|
|
46
|
+
export function validateSecurityGroupDescription(raw) {
|
|
47
|
+
if (Token.isUnresolved(raw))
|
|
48
|
+
return;
|
|
49
|
+
validateString(raw, SECURITY_GROUP_DESCRIPTION);
|
|
50
|
+
}
|
|
51
|
+
/**
|
|
52
|
+
* Validates an EC2 security group name. AWS additionally reserves the `sg-`
|
|
53
|
+
* prefix for generated group IDs, so a user-supplied name must not use it.
|
|
54
|
+
* Unresolved CDK tokens are skipped (ADR-0010).
|
|
55
|
+
*
|
|
56
|
+
* @throws on invalid input.
|
|
57
|
+
*/
|
|
58
|
+
export function validateSecurityGroupName(raw) {
|
|
59
|
+
if (Token.isUnresolved(raw))
|
|
60
|
+
return;
|
|
61
|
+
if (raw.startsWith("sg-")) {
|
|
62
|
+
throw new Error(`EC2 SecurityGroup GroupName "${raw}" must not start with the reserved "sg-" prefix. See ${SG_SOURCE}.`);
|
|
63
|
+
}
|
|
64
|
+
validateString(raw, SECURITY_GROUP_NAME);
|
|
65
|
+
}
|
|
66
|
+
//# sourceMappingURL=security-group-constraints.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-group-constraints.js","sourceRoot":"","sources":["../../src/security-group-constraints.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AACpC,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAE1F;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,GAAG,gBAAgB,CAAC;AACjC,MAAM,aAAa,GAAG,GAAG,QAAQ,CAAC,KAAK,GAAG,QAAQ,CAAC,cAAc,GAAG,OAAO,EAAE,CAAC;AAC9E,MAAM,UAAU,GAAG,yDAAyD,CAAC;AAC7E,MAAM,SAAS,GACb,qFAAqF,CAAC;AAExF,MAAM,0BAA0B,GAAG,gBAAgB,CAAC;IAClD,IAAI,EAAE,oCAAoC;IAC1C,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,GAAG;IACd,OAAO,EAAE,UAAU;IACnB,MAAM,EAAE,SAAS;CAClB,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,gBAAgB,CAAC;IAC3C,IAAI,EAAE,6BAA6B;IACnC,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,CAAC;IACZ,SAAS,EAAE,GAAG;IACd,OAAO,EAAE,UAAU;IACnB,MAAM,EAAE,SAAS;CAClB,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,MAAM,UAAU,gCAAgC,CAAC,GAAW;IAC1D,IAAI,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC;QAAE,OAAO;IACpC,cAAc,CAAC,GAAG,EAAE,0BAA0B,CAAC,CAAC;AAClD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,yBAAyB,CAAC,GAAW;IACnD,IAAI,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC;QAAE,OAAO;IACpC,IAAI,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACb,gCAAgC,GAAG,wDAAwD,SAAS,GAAG,CACxG,CAAC;IACJ,CAAC;IACD,cAAc,CAAC,GAAG,EAAE,mBAAmB,CAAC,CAAC;AAC3C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vpc-builder.d.ts","sourceRoot":"","sources":["../../src/vpc-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,GAAG,EAAE,KAAK,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC7E,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,KAAK,cAAc,EAAiB,MAAM,8BAA8B,CAAC;AAClF,OAAO,EAAyB,KAAK,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAGlF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,cAAc,GACtB,KAAK,GACL;IACE,gFAAgF;IAChF,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC;;;;OAIG;IACH,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,gBAAgB,KAAK,gBAAgB,CAAC;CACvD,CAAC;AAEN;;;;;;GAMG;AACH,MAAM,WAAW,eAAgB,SAAQ,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC;IACjE,wFAAwF;IACxF,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,GAAG,CAAC;IAET;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAE,QAAQ,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,MAAM,WAAW,GAAG,cAAc,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;AAItE,cAAM,UAAW,YAAW,SAAS,CAAC,gBAAgB,CAAC;IACrD,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,CAAM;IAErC,KAAK,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,GAAG,gBAAgB;
|
|
1
|
+
{"version":3,"file":"vpc-builder.d.ts","sourceRoot":"","sources":["../../src/vpc-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,GAAG,EAAE,KAAK,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC7E,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,KAAK,cAAc,EAAiB,MAAM,8BAA8B,CAAC;AAClF,OAAO,EAAyB,KAAK,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAGlF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,cAAc,GACtB,KAAK,GACL;IACE,gFAAgF;IAChF,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC;;;;OAIG;IACH,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,gBAAgB,KAAK,gBAAgB,CAAC;CACvD,CAAC;AAEN;;;;;;GAMG;AACH,MAAM,WAAW,eAAgB,SAAQ,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC;IACjE,wFAAwF;IACxF,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,GAAG,CAAC;IAET;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAE,QAAQ,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,MAAM,WAAW,GAAG,cAAc,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;AAItE,cAAM,UAAW,YAAW,SAAS,CAAC,gBAAgB,CAAC;IACrD,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,CAAM;IAErC,KAAK,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,GAAG,gBAAgB;CA8BvD;AA2CD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAE9C"}
|
package/dist/esm/vpc-builder.js
CHANGED
|
@@ -8,11 +8,22 @@ class VpcBuilder {
|
|
|
8
8
|
build(scope, id) {
|
|
9
9
|
const { flowLogs: flowLogsConfig, ...vpcProps } = this.props;
|
|
10
10
|
const { flowLogsLogGroup, flowLogProps } = resolveFlowLogs(scope, id, flowLogsConfig);
|
|
11
|
+
// CDK accepts `availabilityZones` or `maxAzs`, but not both. When the user
|
|
12
|
+
// pins AZs explicitly, the default `maxAzs` must yield to their intent;
|
|
13
|
+
// setting both is a genuine conflict and fails fast.
|
|
14
|
+
const userPinnedAzs = vpcProps.availabilityZones !== undefined;
|
|
15
|
+
if (userPinnedAzs && vpcProps.maxAzs !== undefined) {
|
|
16
|
+
throw new Error(`VpcBuilder "${id}": .availabilityZones() and .maxAzs() are mutually exclusive — ` +
|
|
17
|
+
`CDK accepts one or the other, not both.`);
|
|
18
|
+
}
|
|
11
19
|
const mergedProps = {
|
|
12
20
|
...VPC_DEFAULTS,
|
|
13
21
|
...flowLogProps,
|
|
14
22
|
...vpcProps,
|
|
15
23
|
};
|
|
24
|
+
if (userPinnedAzs) {
|
|
25
|
+
delete mergedProps.maxAzs;
|
|
26
|
+
}
|
|
16
27
|
return {
|
|
17
28
|
vpc: new Vpc(scope, id, mergedProps),
|
|
18
29
|
flowLogsLogGroup,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vpc-builder.js","sourceRoot":"","sources":["../../src/vpc-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,GAAG,EAAiB,MAAM,qBAAqB,CAAC;AAI7E,OAAO,EAAuB,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAClF,OAAO,EAAE,qBAAqB,EAAyB,MAAM,oBAAoB,CAAC;AAClF,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAmFjD,MAAM,oBAAoB,GAAG,gBAAgB,CAAC;AAE9C,MAAM,UAAU;IACd,KAAK,GAA6B,EAAE,CAAC;IAErC,KAAK,CAAC,KAAiB,EAAE,EAAU;QACjC,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAE7D,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,GAAG,eAAe,CAAC,KAAK,EAAE,EAAE,EAAE,cAAc,CAAC,CAAC;QAEtF,MAAM,WAAW,GAAG;YAClB,GAAG,YAAY;YACf,GAAG,YAAY;YACf,GAAG,QAAQ;SACZ,CAAC;
|
|
1
|
+
{"version":3,"file":"vpc-builder.js","sourceRoot":"","sources":["../../src/vpc-builder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,GAAG,EAAiB,MAAM,qBAAqB,CAAC;AAI7E,OAAO,EAAuB,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAClF,OAAO,EAAE,qBAAqB,EAAyB,MAAM,oBAAoB,CAAC;AAClF,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAmFjD,MAAM,oBAAoB,GAAG,gBAAgB,CAAC;AAE9C,MAAM,UAAU;IACd,KAAK,GAA6B,EAAE,CAAC;IAErC,KAAK,CAAC,KAAiB,EAAE,EAAU;QACjC,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAE7D,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,GAAG,eAAe,CAAC,KAAK,EAAE,EAAE,EAAE,cAAc,CAAC,CAAC;QAEtF,2EAA2E;QAC3E,wEAAwE;QACxE,qDAAqD;QACrD,MAAM,aAAa,GAAG,QAAQ,CAAC,iBAAiB,KAAK,SAAS,CAAC;QAC/D,IAAI,aAAa,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,eAAe,EAAE,iEAAiE;gBAChF,yCAAyC,CAC5C,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG;YAClB,GAAG,YAAY;YACf,GAAG,YAAY;YACf,GAAG,QAAQ;SACZ,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,WAAW,CAAC,MAAM,CAAC;QAC5B,CAAC;QAED,OAAO;YACL,GAAG,EAAE,IAAI,GAAG,CAAC,KAAK,EAAE,EAAE,EAAE,WAAW,CAAC;YACpC,gBAAgB;SACjB,CAAC;IACJ,CAAC;CACF;AAED,SAAS,eAAe,CACtB,KAAiB,EACjB,EAAU,EACV,GAA+B;IAE/B,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,OAAO,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;IAC9B,CAAC;IAED,IAAI,GAAG,EAAE,WAAW,KAAK,SAAS,EAAE,CAAC;QACnC,IAAI,GAAG,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,gEAAgE;gBAC9D,gEAAgE,CACnE,CAAC;QACJ,CAAC;QACD,OAAO;YACL,YAAY,EAAE;gBACZ,QAAQ,EAAE,EAAE,CAAC,oBAAoB,CAAC,EAAE,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE;aACvE;SACF,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,GAAG,qBAAqB,EAAE,CAAC;IACzC,IAAI,GAAG,EAAE,SAAS,EAAE,CAAC;QACnB,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,gBAAgB,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC;IAEnF,OAAO;QACL,gBAAgB;QAChB,YAAY,EAAE;YACZ,QAAQ,EAAE;gBACR,CAAC,oBAAoB,CAAC,EAAE;oBACtB,WAAW,EAAE,kBAAkB,CAAC,gBAAgB,CAAC,gBAAgB,CAAC;iBACnE;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,aAAa,CAA8B,UAAU,CAAC,CAAC;AAChE,CAAC"}
|