npm - @digitraffic/common - Versions diffs - 2022.10.25-1 → 2022.10.28-2 - Mend

@digitraffic/common 2022.10.25-1 → 2022.10.28-2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (332) hide show

package/{aws → dist/aws}/infra/api/integration.d.ts +0 -0
package/dist/aws/infra/api/integration.js +52 -0
package/dist/aws/infra/api/integration.js.map +1 -0
package/{aws → dist/aws}/infra/api/response.d.ts +0 -0
package/dist/aws/infra/api/response.js +61 -0
package/dist/aws/infra/api/response.js.map +1 -0
package/{aws → dist/aws}/infra/api/responses.d.ts +3 -3
package/dist/aws/infra/api/responses.js +82 -0
package/dist/aws/infra/api/responses.js.map +1 -0
package/{aws → dist/aws}/infra/api/static-integration.d.ts +0 -0
package/dist/aws/infra/api/static-integration.js +54 -0
package/dist/aws/infra/api/static-integration.js.map +1 -0
package/{aws → dist/aws}/infra/canaries/canary-alarm.d.ts +0 -0
package/dist/aws/infra/canaries/canary-alarm.js +26 -0
package/dist/aws/infra/canaries/canary-alarm.js.map +1 -0
package/dist/aws/infra/canaries/canary-keys.d.ts +3 -0
package/dist/aws/infra/canaries/canary-keys.js +7 -0
package/dist/aws/infra/canaries/canary-keys.js.map +1 -0
package/{aws → dist/aws}/infra/canaries/canary-parameters.d.ts +0 -0
package/dist/aws/infra/canaries/canary-parameters.js +3 -0
package/dist/aws/infra/canaries/canary-parameters.js.map +1 -0
package/{aws → dist/aws}/infra/canaries/canary-role.d.ts +0 -0
package/dist/aws/infra/canaries/canary-role.js +46 -0
package/dist/aws/infra/canaries/canary-role.js.map +1 -0
package/{aws → dist/aws}/infra/canaries/canary.d.ts +0 -0
package/dist/aws/infra/canaries/canary.js +32 -0
package/dist/aws/infra/canaries/canary.js.map +1 -0
package/{aws → dist/aws}/infra/canaries/database-canary.d.ts +0 -0
package/dist/aws/infra/canaries/database-canary.js +70 -0
package/dist/aws/infra/canaries/database-canary.js.map +1 -0
package/{aws → dist/aws}/infra/canaries/database-checker.d.ts +2 -2
package/dist/aws/infra/canaries/database-checker.js +103 -0
package/dist/aws/infra/canaries/database-checker.js.map +1 -0
package/{aws → dist/aws}/infra/canaries/url-canary.d.ts +0 -3
package/dist/aws/infra/canaries/url-canary.js +47 -0
package/dist/aws/infra/canaries/url-canary.js.map +1 -0
package/{aws → dist/aws}/infra/canaries/url-checker.d.ts +0 -0
package/dist/aws/infra/canaries/url-checker.js +252 -0
package/dist/aws/infra/canaries/url-checker.js.map +1 -0
package/{aws → dist/aws}/infra/documentation.d.ts +0 -0
package/dist/aws/infra/documentation.js +95 -0
package/dist/aws/infra/documentation.js.map +1 -0
package/{aws → dist/aws}/infra/scheduler.d.ts +7 -7
package/dist/aws/infra/scheduler.js +31 -0
package/dist/aws/infra/scheduler.js.map +1 -0
package/{aws → dist/aws}/infra/security-rule.d.ts +0 -0
package/dist/aws/infra/security-rule.js +39 -0
package/dist/aws/infra/security-rule.js.map +1 -0
package/{aws → dist/aws}/infra/sqs-integration.d.ts +0 -0
package/dist/aws/infra/sqs-integration.js +93 -0
package/dist/aws/infra/sqs-integration.js.map +1 -0
package/{aws → dist/aws}/infra/sqs-queue.d.ts +0 -0
package/dist/aws/infra/sqs-queue.js +130 -0
package/dist/aws/infra/sqs-queue.js.map +1 -0
package/{aws → dist/aws}/infra/stack/lambda-configs.d.ts +5 -5
package/dist/aws/infra/stack/lambda-configs.js +105 -0
package/dist/aws/infra/stack/lambda-configs.js.map +1 -0
package/{aws → dist/aws}/infra/stack/monitoredfunction.d.ts +1 -1
package/dist/aws/infra/stack/monitoredfunction.js +143 -0
package/dist/aws/infra/stack/monitoredfunction.js.map +1 -0
package/{aws → dist/aws}/infra/stack/rest_apis.d.ts +0 -0
package/dist/aws/infra/stack/rest_apis.js +185 -0
package/dist/aws/infra/stack/rest_apis.js.map +1 -0
package/{aws → dist/aws}/infra/stack/stack-checking-aspect.d.ts +0 -0
package/dist/aws/infra/stack/stack-checking-aspect.js +174 -0
package/dist/aws/infra/stack/stack-checking-aspect.js.map +1 -0
package/{aws → dist/aws}/infra/stack/stack.d.ts +5 -4
package/dist/aws/infra/stack/stack.js +67 -0
package/dist/aws/infra/stack/stack.js.map +1 -0
package/{aws → dist/aws}/infra/stack/subscription.d.ts +3 -3
package/dist/aws/infra/stack/subscription.js +42 -0
package/dist/aws/infra/stack/subscription.js.map +1 -0
package/{aws → dist/aws}/infra/usage-plans.d.ts +0 -0
package/dist/aws/infra/usage-plans.js +42 -0
package/dist/aws/infra/usage-plans.js.map +1 -0
package/{aws → dist/aws}/runtime/apikey.d.ts +0 -0
package/dist/aws/runtime/apikey.js +13 -0
package/dist/aws/runtime/apikey.js.map +1 -0
package/{aws → dist/aws}/runtime/digitraffic-integration-response.d.ts +0 -0
package/dist/aws/runtime/digitraffic-integration-response.js +26 -0
package/dist/aws/runtime/digitraffic-integration-response.js.map +1 -0
package/{aws → dist/aws}/runtime/environment.d.ts +0 -0
package/dist/aws/runtime/environment.js +12 -0
package/dist/aws/runtime/environment.js.map +1 -0
package/{aws → dist/aws}/runtime/messaging.d.ts +0 -0
package/dist/aws/runtime/messaging.js +31 -0
package/dist/aws/runtime/messaging.js.map +1 -0
package/{aws → dist/aws}/runtime/s3.d.ts +0 -0
package/dist/aws/runtime/s3.js +30 -0
package/dist/aws/runtime/s3.js.map +1 -0
package/{aws → dist/aws}/runtime/secrets/dbsecret.d.ts +0 -0
package/dist/aws/runtime/secrets/dbsecret.js +96 -0
package/dist/aws/runtime/secrets/dbsecret.js.map +1 -0
package/{aws → dist/aws}/runtime/secrets/proxy-holder.d.ts +0 -0
package/dist/aws/runtime/secrets/proxy-holder.js +27 -0
package/dist/aws/runtime/secrets/proxy-holder.js.map +1 -0
package/{aws → dist/aws}/runtime/secrets/rds-holder.d.ts +0 -0
package/dist/aws/runtime/secrets/rds-holder.js +27 -0
package/dist/aws/runtime/secrets/rds-holder.js.map +1 -0
package/{aws → dist/aws}/runtime/secrets/secret-holder.d.ts +0 -0
package/dist/aws/runtime/secrets/secret-holder.js +76 -0
package/dist/aws/runtime/secrets/secret-holder.js.map +1 -0
package/{aws → dist/aws}/runtime/secrets/secret.d.ts +0 -0
package/dist/aws/runtime/secrets/secret.js +43 -0
package/dist/aws/runtime/secrets/secret.js.map +1 -0
package/{aws → dist/aws}/types/errors.d.ts +4 -0
package/dist/aws/types/errors.js +16 -0
package/dist/aws/types/errors.js.map +1 -0
package/{aws → dist/aws}/types/lambda-response.d.ts +4 -3
package/dist/aws/types/lambda-response.js +33 -0
package/dist/aws/types/lambda-response.js.map +1 -0
package/{aws → dist/aws}/types/mediatypes.d.ts +1 -1
package/dist/aws/types/mediatypes.js +16 -0
package/dist/aws/types/mediatypes.js.map +1 -0
package/{aws → dist/aws}/types/model-with-reference.d.ts +0 -0
package/dist/aws/types/model-with-reference.js +3 -0
package/dist/aws/types/model-with-reference.js.map +1 -0
package/{aws → dist/aws}/types/proxytypes.d.ts +0 -0
package/dist/aws/types/proxytypes.js +3 -0
package/dist/aws/types/proxytypes.js.map +1 -0
package/{aws → dist/aws}/types/tags.d.ts +0 -0
package/dist/aws/types/tags.js +7 -0
package/dist/aws/types/tags.js.map +1 -0
package/{database → dist/database}/cached.d.ts +0 -0
package/dist/database/cached.js +32 -0
package/dist/database/cached.js.map +1 -0
package/{database → dist/database}/database.d.ts +0 -0
package/dist/database/database.js +70 -0
package/dist/database/database.js.map +1 -0
package/{database → dist/database}/last-updated.d.ts +0 -0
package/dist/database/last-updated.js +54 -0
package/dist/database/last-updated.js.map +1 -0
package/{database → dist/database}/models.d.ts +0 -0
package/dist/database/models.js +3 -0
package/dist/database/models.js.map +1 -0
package/{marine → dist/marine}/id_utils.d.ts +0 -0
package/dist/marine/id_utils.js +33 -0
package/dist/marine/id_utils.js.map +1 -0
package/{marine → dist/marine}/rtz.d.ts +0 -0
package/dist/marine/rtz.js +3 -0
package/dist/marine/rtz.js.map +1 -0
package/{test → dist/test}/asserter.d.ts +0 -0
package/dist/test/asserter.js +45 -0
package/dist/test/asserter.js.map +1 -0
package/{test → dist/test}/db-testutils.d.ts +0 -0
package/dist/test/db-testutils.js +31 -0
package/dist/test/db-testutils.js.map +1 -0
package/{test → dist/test}/httpserver.d.ts +2 -1
package/dist/test/httpserver.js +74 -0
package/dist/test/httpserver.js.map +1 -0
package/{test → dist/test}/secret.d.ts +0 -0
package/dist/test/secret.js +25 -0
package/dist/test/secret.js.map +1 -0
package/{test → dist/test}/secrets-manager.d.ts +0 -0
package/dist/test/secrets-manager.js +59 -0
package/dist/test/secrets-manager.js.map +1 -0
package/{test → dist/test}/testutils.d.ts +0 -0
package/dist/test/testutils.js +44 -0
package/dist/test/testutils.js.map +1 -0
package/dist/types/either.d.ts +9 -0
package/dist/types/either.js +3 -0
package/dist/types/either.js.map +1 -0
package/{types → dist/types}/input-error.d.ts +0 -0
package/dist/types/input-error.js +7 -0
package/dist/types/input-error.js.map +1 -0
package/{types → dist/types}/language.d.ts +0 -0
package/dist/types/language.js +10 -0
package/dist/types/language.js.map +1 -0
package/{types → dist/types}/traffictype.d.ts +0 -0
package/dist/types/traffictype.js +13 -0
package/dist/types/traffictype.js.map +1 -0
package/{types → dist/types}/validator.d.ts +0 -0
package/dist/types/validator.js +14 -0
package/dist/types/validator.js.map +1 -0
package/{utils → dist/utils}/api-model.d.ts +0 -0
package/dist/utils/api-model.js +129 -0
package/dist/utils/api-model.js.map +1 -0
package/{utils → dist/utils}/base64.d.ts +0 -0
package/dist/utils/base64.js +21 -0
package/dist/utils/base64.js.map +1 -0
package/{utils → dist/utils}/date-utils.d.ts +0 -0
package/dist/utils/date-utils.js +34 -0
package/dist/utils/date-utils.js.map +1 -0
package/{utils → dist/utils}/geojson-types.d.ts +0 -0
package/dist/utils/geojson-types.js +18 -0
package/dist/utils/geojson-types.js.map +1 -0
package/{utils → dist/utils}/geometry.d.ts +0 -0
package/dist/utils/geometry.js +164 -0
package/dist/utils/geometry.js.map +1 -0
package/{utils → dist/utils}/retry.d.ts +0 -0
package/dist/utils/retry.js +50 -0
package/dist/utils/retry.js.map +1 -0
package/{utils → dist/utils}/slack.d.ts +0 -0
package/dist/utils/slack.js +25 -0
package/dist/utils/slack.js.map +1 -0
package/{utils → dist/utils}/utils.d.ts +16 -0
package/dist/utils/utils.js +75 -0
package/dist/utils/utils.js.map +1 -0
package/package.json +12 -10
package/src/@types/geojson-validation/index.d.ts +4 -0
package/src/aws/infra/api/integration.ts +73 -0
package/src/aws/infra/api/response.ts +67 -0
package/src/aws/infra/api/responses.ts +124 -0
package/src/aws/infra/api/static-integration.ts +62 -0
package/src/aws/infra/canaries/canary-alarm.ts +31 -0
package/src/aws/infra/canaries/canary-keys.ts +3 -0
package/src/aws/infra/canaries/canary-parameters.ts +19 -0
package/src/aws/infra/canaries/canary-role.ts +47 -0
package/src/aws/infra/canaries/canary.ts +46 -0
package/src/aws/infra/canaries/database-canary.ts +98 -0
package/src/aws/infra/canaries/database-checker.ts +155 -0
package/src/aws/infra/canaries/url-canary.ts +74 -0
package/src/aws/infra/canaries/url-checker.ts +366 -0
package/src/aws/infra/documentation.ts +124 -0
package/src/aws/infra/scheduler.ts +59 -0
package/src/aws/infra/security-rule.ts +38 -0
package/src/aws/infra/sqs-integration.ts +102 -0
package/src/aws/infra/sqs-queue.ts +148 -0
package/src/aws/infra/stack/lambda-configs.ts +207 -0
package/src/aws/infra/stack/monitoredfunction.ts +342 -0
package/src/aws/infra/stack/rest_apis.ts +223 -0
package/src/aws/infra/stack/stack-checking-aspect.ts +279 -0
package/src/aws/infra/stack/stack.ts +145 -0
package/src/aws/infra/stack/subscription.ts +58 -0
package/src/aws/infra/usage-plans.ts +41 -0
package/src/aws/runtime/apikey.ts +9 -0
package/src/aws/runtime/digitraffic-integration-response.ts +28 -0
package/src/aws/runtime/environment.ts +9 -0
package/src/aws/runtime/messaging.ts +26 -0
package/src/aws/runtime/s3.ts +44 -0
package/src/aws/runtime/secrets/dbsecret.ts +116 -0
package/src/aws/runtime/secrets/proxy-holder.ts +37 -0
package/src/aws/runtime/secrets/rds-holder.ts +33 -0
package/src/aws/runtime/secrets/secret-holder.ts +116 -0
package/src/aws/runtime/secrets/secret.ts +50 -0
package/src/aws/types/errors.ts +14 -0
package/src/aws/types/lambda-response.ts +43 -0
package/src/aws/types/mediatypes.ts +11 -0
package/src/aws/types/model-with-reference.ts +8 -0
package/src/aws/types/proxytypes.ts +27 -0
package/src/aws/types/tags.ts +3 -0
package/src/database/cached.ts +35 -0
package/src/database/database.ts +96 -0
package/src/database/last-updated.ts +59 -0
package/src/database/models.ts +7 -0
package/src/marine/id_utils.ts +30 -0
package/src/marine/rtz.ts +57 -0
package/src/test/asserter.ts +48 -0
package/src/test/db-testutils.ts +44 -0
package/src/test/httpserver.ts +96 -0
package/src/test/secret.ts +23 -0
package/src/test/secrets-manager.ts +34 -0
package/src/test/testutils.ts +39 -0
package/src/types/either.ts +3 -0
package/src/types/input-error.ts +2 -0
package/src/types/language.ts +3 -0
package/src/types/traffictype.ts +8 -0
package/src/types/validator.ts +10 -0
package/src/utils/api-model.ts +133 -0
package/src/utils/base64.ts +16 -0
package/src/utils/date-utils.ts +30 -0
package/src/utils/geojson-types.ts +22 -0
package/src/utils/geometry.ts +164 -0
package/src/utils/retry.ts +49 -0
package/src/utils/slack.ts +22 -0
package/src/utils/utils.ts +105 -0
package/aws/infra/api/integration.js +0 -52
package/aws/infra/api/response.js +0 -61
package/aws/infra/api/responses.js +0 -79
package/aws/infra/api/static-integration.js +0 -54
package/aws/infra/canaries/canary-alarm.js +0 -26
package/aws/infra/canaries/canary-parameters.js +0 -3
package/aws/infra/canaries/canary-role.js +0 -46
package/aws/infra/canaries/canary.js +0 -32
package/aws/infra/canaries/database-canary.js +0 -55
package/aws/infra/canaries/database-checker.js +0 -109
package/aws/infra/canaries/url-canary.js +0 -46
package/aws/infra/canaries/url-checker.js +0 -238
package/aws/infra/documentation.js +0 -95
package/aws/infra/scheduler.js +0 -31
package/aws/infra/security-rule.js +0 -39
package/aws/infra/sqs-integration.js +0 -93
package/aws/infra/sqs-queue.js +0 -130
package/aws/infra/stack/lambda-configs.js +0 -93
package/aws/infra/stack/monitoredfunction.js +0 -135
package/aws/infra/stack/rest_apis.js +0 -185
package/aws/infra/stack/stack-checking-aspect.js +0 -174
package/aws/infra/stack/stack.js +0 -60
package/aws/infra/stack/subscription.js +0 -41
package/aws/infra/usage-plans.js +0 -42
package/aws/runtime/apikey.js +0 -13
package/aws/runtime/digitraffic-integration-response.js +0 -26
package/aws/runtime/environment.js +0 -12
package/aws/runtime/messaging.js +0 -31
package/aws/runtime/s3.js +0 -30
package/aws/runtime/secrets/dbsecret.js +0 -96
package/aws/runtime/secrets/proxy-holder.js +0 -26
package/aws/runtime/secrets/rds-holder.js +0 -26
package/aws/runtime/secrets/secret-holder.js +0 -73
package/aws/runtime/secrets/secret.js +0 -43
package/aws/types/errors.js +0 -9
package/aws/types/lambda-response.js +0 -28
package/aws/types/mediatypes.js +0 -15
package/aws/types/model-with-reference.js +0 -3
package/aws/types/proxytypes.js +0 -3
package/aws/types/tags.js +0 -7
package/database/cached.js +0 -32
package/database/database.js +0 -62
package/database/last-updated.js +0 -54
package/database/models.js +0 -3
package/index.d.ts +0 -1
package/index.js +0 -18
package/marine/id_utils.js +0 -33
package/marine/rtz.js +0 -3
package/test/asserter.js +0 -45
package/test/db-testutils.js +0 -31
package/test/httpserver.js +0 -67
package/test/secret.js +0 -25
package/test/secrets-manager.js +0 -59
package/test/testutils.js +0 -44
package/types/input-error.js +0 -7
package/types/language.js +0 -10
package/types/traffictype.js +0 -13
package/types/validator.js +0 -14
package/utils/api-model.js +0 -129
package/utils/base64.js +0 -21
package/utils/date-utils.js +0 -34
package/utils/geojson-types.js +0 -18
package/utils/geometry.js +0 -140
package/utils/retry.js +0 -50
package/utils/slack.js +0 -25
package/utils/utils.js +0 -64

package/src/aws/infra/documentation.ts ADDED Viewed

@@ -0,0 +1,124 @@
+import {Construct} from "constructs";
+import {CfnDocumentationPart, Resource} from "aws-cdk-lib/aws-apigateway";
+// Documentation parts are objects that describe an API Gateway API or parts of an API
+// https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-documenting-api.html
+/**
+ * Add description to a query parameter
+ * @param name query parameter name
+ * @param description query parameter description
+ * @param resource REST API resource
+ * @param stack CloudFormation stack
+ *
+ * @deprecated Use DigitrafficRestApi.documentResource
+ */
+export function addQueryParameterDescription(name: string,
+    description: string,
+    resource: Resource,
+    stack: Construct) {
+    new CfnDocumentationPart(stack, `${name}Documentation`, {
+        restApiId: resource.api.restApiId,
+        location: {
+            type: 'QUERY_PARAMETER',
+            name,
+            path: resource.path,
+        },
+        properties: JSON.stringify({description}),
+    });
+}
+/**
+ * Add a documentation part to a method
+ * @param methodDescription
+ * @param documentationProperties
+ * @param resource REST API resource
+ * @param stack CloudFormation stack
+ */
+export function addDocumentation(methodDescription: string,
+    documentationProperties: object,
+    resource: Resource,
+    stack: Construct) {
+    new CfnDocumentationPart(stack, `${methodDescription}Documentation`, {
+        restApiId: resource.api.restApiId,
+        location: {
+            type: 'METHOD',
+            path: resource.path,
+        },
+        properties: JSON.stringify(documentationProperties),
+    });
+}
+/**
+ * Adds OpenAPI tags to an API method
+ * @param methodDescription Description of API method
+ * @param tags OpenAPI tags
+ * @param resource REST API resource
+ * @param stack CloudFormation stack
+ */
+export function addTags(methodDescription: string,
+    tags: string[],
+    resource: Resource,
+    stack: Construct) {
+    addDocumentation(methodDescription, {tags}, resource, stack);
+}
+/**
+ * Adds OpenAPI tags and a method summary to an API method
+ *
+ * @deprecated Use DigitrafficRestApi.documentResource
+ *
+ * @param methodDescription Description of API method
+ * @param tags OpenAPI tags
+ * @param summary OpenAPI summary
+ * @param resource REST API resource
+ * @param stack CloudFormation stack
+ */
+export function addTagsAndSummary(
+    methodDescription: string,
+    tags: string[],
+    summary: string,
+    resource: Resource,
+    stack: Construct,
+) {
+    addDocumentation(methodDescription, {tags, summary}, resource, stack);
+}
+export interface DocumentationProperties {
+    description?: string
+    tags?: string[]
+    summary?: string
+    deprecated?: boolean
+}
+export class DocumentationPart {
+    readonly parameterName: string;
+    readonly type: string;
+    readonly documentationProperties: DocumentationProperties;
+    private constructor(parameterName: string, documentationProperties: DocumentationProperties, type: string) {
+        this.parameterName = parameterName;
+        this.documentationProperties = documentationProperties;
+        this.type = type;
+    }
+    deprecated(note: string): DocumentationPart {
+        // deprecated is not supported ATM: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-known-issues.html
+        this.documentationProperties.deprecated = true;
+        this.documentationProperties.summary+= '. ' + note;
+        return this;
+    }
+    static queryParameter(parameterName: string, description: string) {
+        return new DocumentationPart(parameterName, {description}, "QUERY_PARAMETER");
+    }
+    static pathParameter(parameterName: string, description: string) {
+        return new DocumentationPart(parameterName, {description}, "PATH_PARAMETER");
+    }
+    static method(tags: string[], name: string, summary: string) {
+        return new DocumentationPart(name, {tags, summary}, "METHOD");
+    }
+}

package/src/aws/infra/scheduler.ts ADDED Viewed

@@ -0,0 +1,59 @@
+import { Rule, Schedule } from "aws-cdk-lib/aws-events";
+import { Duration } from "aws-cdk-lib";
+import { LambdaFunction } from "aws-cdk-lib/aws-events-targets";
+import { Function as AWSFunction } from "aws-cdk-lib/aws-lambda";
+import { Construct } from "constructs";
+export class Scheduler extends Rule {
+    constructor(
+        stack: Construct,
+        ruleName: string,
+        schedule: Schedule,
+        lambda?: AWSFunction
+    ) {
+        super(stack, ruleName, { ruleName, schedule });
+        if (lambda) {
+            this.addTarget(new LambdaFunction(lambda));
+        }
+    }
+    static everyMinute(
+        stack: Construct,
+        ruleName: string,
+        lambda?: AWSFunction
+    ) {
+        return Scheduler.every(stack, ruleName, Duration.minutes(1), lambda);
+    }
+    static everyMinutes(
+        stack: Construct,
+        ruleName: string,
+        minutes: number,
+        lambda?: AWSFunction
+    ) {
+        return Scheduler.every(
+            stack,
+            ruleName,
+            Duration.minutes(minutes),
+            lambda
+        );
+    }
+    static everyHour(stack: Construct, ruleName: string, lambda?: AWSFunction) {
+        return Scheduler.every(stack, ruleName, Duration.hours(1), lambda);
+    }
+    static everyDay(stack: Construct, ruleName: string, lambda?: AWSFunction) {
+        return Scheduler.every(stack, ruleName, Duration.days(1), lambda);
+    }
+    static every(
+        stack: Construct,
+        ruleName: string,
+        duration: Duration,
+        lambda?: AWSFunction
+    ) {
+        return new Scheduler(stack, ruleName, Schedule.rate(duration), lambda);
+    }
+}

package/src/aws/infra/security-rule.ts ADDED Viewed

@@ -0,0 +1,38 @@
+import {Construct} from "constructs";
+import {Rule} from "aws-cdk-lib/aws-events";
+import {ITopic} from "aws-cdk-lib/aws-sns";
+import {SnsTopic} from "aws-cdk-lib/aws-events-targets";
+/**
+ * Automatic rule for Security Hub.  Send notification to given topic if the following conditions apply:
+ * * There is a finding with a status of NEW
+ * * It has severity of HIGH or CRITICAL
+ * * It is in a FAILED state
+ */
+export class DigitrafficSecurityRule extends Rule {
+    constructor(scope: Construct, topic: ITopic) {
+        const ruleName = 'SecurityHubRule';
+        super(scope, ruleName, {
+            ruleName,
+            eventPattern: {
+                source: ['aws.securityhub'],
+                detailType: ["Security Hub Findings - Imported"],
+                detail: {
+                    findings: {
+                        "Compliance": {
+                            "Status": ["FAILED"],
+                        },
+                        "Workflow": {
+                            "Status": ["NEW"],
+                        },
+                        "Severity": {
+                            "Label": ["HIGH", "CRITICAL"],
+                        },
+                    },
+                },
+            },
+        });
+        this.addTarget(new SnsTopic(topic));
+    }
+}

package/src/aws/infra/sqs-integration.ts ADDED Viewed

@@ -0,0 +1,102 @@
+import {Aws} from "aws-cdk-lib";
+import {AwsIntegration, PassthroughBehavior, RequestValidator, Resource} from "aws-cdk-lib/aws-apigateway";
+import {Queue} from "aws-cdk-lib/aws-sqs";
+import {PolicyStatement, Role, ServicePrincipal} from "aws-cdk-lib/aws-iam";
+import {IModel} from "aws-cdk-lib/aws-apigateway/lib/model";
+import {Construct} from "constructs";
+export function attachQueueToApiGatewayResource(
+    stack: Construct,
+    queue: Queue,
+    resource: Resource,
+    requestValidator: RequestValidator,
+    resourceName: string,
+    apiKeyRequired: boolean,
+    requestModels?: {[param: string]: IModel},
+) {
+    // role for API Gateway
+    const apiGwRole = new Role(stack, `${resourceName}APIGatewayToSQSRole`, {
+        assumedBy: new ServicePrincipal('apigateway.amazonaws.com'),
+    });
+    // grants API Gateway the right to send SQS messages
+    apiGwRole.addToPolicy(new PolicyStatement({
+        resources: [
+            queue.queueArn,
+        ],
+        actions: [
+            'sqs:SendMessage',
+        ],
+    }));
+    // grants API Gateway the right write CloudWatch Logs
+    apiGwRole.addToPolicy(new PolicyStatement({
+        resources: [
+            '*',
+        ],
+        actions: [
+            'logs:CreateLogGroup',
+            'logs:CreateLogStream',
+            'logs:DescribeLogGroups',
+            'logs:DescribeLogStreams',
+            'logs:PutLogEvents',
+            'logs:GetLogEvents',
+            'logs:FilterLogEvents',
+        ],
+    }));
+    // create an integration between API Gateway and an SQS queue
+    const fifoMessageGroupId = queue.fifo ? '&MessageGroupId=AlwaysSameFifoGroup' : '';
+    const sqsIntegration = new AwsIntegration({
+        service: 'sqs',
+        integrationHttpMethod: 'POST',
+        options: {
+            passthroughBehavior: PassthroughBehavior.NEVER,
+            credentialsRole: apiGwRole,
+            requestParameters: {
+                // SQS requires the Content-Type of the HTTP request to be application/x-www-form-urlencoded
+                'integration.request.header.Content-Type': "'application/x-www-form-urlencoded'",
+            },
+            requestTemplates: {
+                // map the JSON request to a form parameter, FIFO needs also MessageGroupId
+                // https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_SendMessage.html
+                'application/json': `Action=SendMessage${fifoMessageGroupId}&MessageBody=$util.urlEncode($input.body)`,
+            },
+            // these are required by SQS
+            integrationResponses: [
+                {
+                    statusCode: '200',
+                    responseTemplates: {
+                        'text/html': 'Success',
+                    },
+                },
+                {
+                    statusCode: '500',
+                    responseTemplates: {
+                        'text/html': 'Error',
+                    },
+                    selectionPattern: '500',
+                },
+            ],
+        },
+        path: `${Aws.ACCOUNT_ID}/${queue.queueName}`,
+    });
+    resource.addMethod('POST', sqsIntegration, {
+        requestValidator,
+        apiKeyRequired,
+        requestModels: requestModels ?? {},
+        methodResponses: [
+            {
+                statusCode: '200',
+                responseParameters: {
+                    'method.response.header.Content-Type': true,
+                },
+            },
+            {
+                statusCode: '500',
+                responseParameters: {
+                    'method.response.header.Content-Type': true,
+                },
+            },
+        ],
+    });
+}

package/src/aws/infra/sqs-queue.ts ADDED Viewed

@@ -0,0 +1,148 @@
+import {Queue, QueueEncryption, QueueProps} from "aws-cdk-lib/aws-sqs";
+import {Duration} from "aws-cdk-lib";
+import {BlockPublicAccess, Bucket} from "aws-cdk-lib/aws-s3";
+import {PolicyStatement} from "aws-cdk-lib/aws-iam";
+import {InlineCode, Runtime} from "aws-cdk-lib/aws-lambda";
+import {RetentionDays} from "aws-cdk-lib/aws-logs";
+import {SqsEventSource} from "aws-cdk-lib/aws-lambda-event-sources";
+import {ComparisonOperator, TreatMissingData} from "aws-cdk-lib/aws-cloudwatch";
+import {SnsAction} from "aws-cdk-lib/aws-cloudwatch-actions";
+import {ManagedUpload} from "aws-sdk/clients/s3";
+import {S3} from "aws-sdk";
+import {SQSEvent, SQSHandler, SQSRecord} from "aws-lambda";
+import {Construct} from "constructs";
+import {DigitrafficStack} from "./stack/stack";
+import {MonitoredFunction} from "./stack/monitoredfunction";
+/**
+ * Construct for creating SQS-queues.
+ *
+ * If you don't config your own deadLetterQueue, this will create a dlq for you, also a lambda function, a s3 bucket
+ * and an alarm for the queue.  Anything that goes to the dlq will be written into the bucket and the alarm is activated.
+ */
+export class DigitrafficSqsQueue extends Queue {
+    constructor(scope: Construct, name: string, props: QueueProps) {
+        super(scope, name, props);
+    }
+    static create(stack: DigitrafficStack, name: string, props: QueueProps): DigitrafficSqsQueue {
+        const queueName = `${stack.configuration.shortName}-${name}-Queue`;
+        const queueProps = {...props, ...{
+            encryption: QueueEncryption.KMS_MANAGED,
+            queueName,
+            deadLetterQueue: props.deadLetterQueue || {
+                maxReceiveCount: 2,
+                queue: DigitrafficDLQueue.create(stack, name),
+            },
+        }};
+        return new DigitrafficSqsQueue(stack, queueName, queueProps);
+    }
+}
+export class DigitrafficDLQueue {
+    static create(stack: DigitrafficStack, name: string): DigitrafficSqsQueue {
+        const dlqName = `${stack.configuration.shortName}-${name}-DLQ`;
+        const dlq = new DigitrafficSqsQueue(stack, dlqName, {
+            queueName: dlqName,
+            visibilityTimeout: Duration.seconds(60),
+            encryption: QueueEncryption.KMS_MANAGED,
+        });
+        const dlqBucket = new Bucket(stack, `${dlqName}-Bucket`, {
+            blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
+        });
+        const dlqFunctionName = `${dlqName}-Function`;
+        const lambda = MonitoredFunction.create(stack, dlqFunctionName, {
+            runtime: Runtime.NODEJS_14_X,
+            logRetention: RetentionDays.ONE_YEAR,
+            functionName: dlqFunctionName,
+            code: getDlqCode(dlqBucket.bucketName),
+            timeout: Duration.seconds(10),
+            handler: 'index.handler',
+            memorySize: 128,
+            reservedConcurrentExecutions: 1,
+        });
+        const statement = new PolicyStatement();
+        statement.addActions('s3:PutObject');
+        statement.addActions('s3:PutObjectAcl');
+        statement.addResources(dlqBucket.bucketArn + '/*');
+        lambda.addToRolePolicy(statement);
+        lambda.addEventSource(new SqsEventSource(dlq));
+        addDLQAlarm(stack, dlqName, dlq);
+        return dlq;
+    }
+}
+function addDLQAlarm(stack: DigitrafficStack, dlqName: string, dlq: Queue) {
+    const alarmName = `${dlqName}-Alarm`;
+    dlq.metricNumberOfMessagesReceived({
+        period: Duration.minutes(5),
+    }).createAlarm(stack, alarmName, {
+        alarmName,
+        threshold: 0,
+        evaluationPeriods: 1,
+        treatMissingData: TreatMissingData.NOT_BREACHING,
+        comparisonOperator: ComparisonOperator.GREATER_THAN_THRESHOLD,
+    }).addAlarmAction(new SnsAction(stack.warningTopic));
+}
+function getDlqCode(bName: string): InlineCode {
+    const functionBody = DLQ_LAMBDA_CODE
+        .replace("__bucketName__", bName)
+        .replace("__upload__", uploadToS3.toString())
+        .replace("__doUpload__", doUpload.toString())
+        .replace("__handler__", createHandler().toString().substring(23)); // remove function handler() from signature
+    return new InlineCode(functionBody);
+}
+async function uploadToS3(s3: S3, bName: string, body: string, objectName: string): Promise<void> {
+    try {
+        console.info('writing %s to %s', objectName, bName);
+        await doUpload(s3, bName, body, objectName);
+    } catch (error) {
+        console.warn(error);
+        console.warn('method=uploadToS3 retrying upload to bucket %s', bName);
+        try {
+            await doUpload(s3, bName, body, objectName);
+        } catch (e2) {
+            console.error('method=uploadToS3 failed retrying upload to bucket %s', bName);
+        }
+    }
+}
+function doUpload(s3: S3, bName: string, Body: string, Key: string): Promise<ManagedUpload.SendData> {
+    return s3.upload({
+        Bucket: bName, Body, Key,
+    }).promise();
+}
+// bucketName is unused, will be overridden in the actual lambda code below
+const bucketName = '';
+function createHandler(): SQSHandler {
+    return async function handler(event: SQSEvent): Promise<void> {
+        // eslint-disable-next-line @typescript-eslint/no-var-requires
+        const AWS = require('aws-sdk');
+        const millis = new Date().getTime();
+        await Promise.all(event.Records.map((e: SQSRecord, idx: number) =>
+            uploadToS3(new AWS.S3(), bucketName, e.body, `dlq-${millis}-${idx}.json`)));
+    };
+}
+const DLQ_LAMBDA_CODE = `const AWS = require('aws-sdk');
+const bucketName = "__bucketName__";
+__upload__
+__doUpload__
+exports.handler = async (event) => __handler__
+`;

package/src/aws/infra/stack/lambda-configs.ts ADDED Viewed

@@ -0,0 +1,207 @@
+import {
+    Architecture,
+    AssetCode,
+    Code,
+    FunctionProps,
+    Runtime,
+} from "aws-cdk-lib/aws-lambda";
+import { Duration } from "aws-cdk-lib";
+import { ISecurityGroup, IVpc, SubnetSelection } from "aws-cdk-lib/aws-ec2";
+import { RetentionDays } from "aws-cdk-lib/aws-logs";
+import { Role } from "aws-cdk-lib/aws-iam";
+import { DigitrafficStack } from "./stack";
+import { MonitoredFunctionAlarmProps } from "./monitoredfunction";
+export type LambdaEnvironment = Record<string, string>;
+export type DBLambdaEnvironment = LambdaEnvironment & {
+    SECRET_ID?: string;
+    DB_APPLICATION: string;
+};
+export interface LambdaConfiguration {
+    vpcId: string;
+    allowFromIpAddresses?: string[];
+    privateSubnetIds: string[];
+    availabilityZones: string[];
+    lambdaDbSgId: string;
+    dbProps?: DbProps;
+    defaultLambdaDurationSeconds?: number;
+    logsDestinationArn: string;
+    memorySize?: number;
+    runtime?: Runtime;
+}
+declare interface DbProps {
+    username: string;
+    password: string;
+    uri?: string;
+    ro_uri?: string;
+}
+export function databaseFunctionProps(
+    stack: DigitrafficStack,
+    environment: LambdaEnvironment,
+    lambdaName: string,
+    simpleLambdaName: string,
+    config?: FunctionParameters
+): FunctionProps {
+    const vpcSubnets = stack.vpc
+        ? {
+              subnets: stack.vpc.privateSubnets,
+          }
+        : undefined;
+    return {
+        ...lambdaFunctionProps(
+            stack,
+            environment,
+            lambdaName,
+            simpleLambdaName,
+            config
+        ),
+        ...{
+            vpc: stack.vpc || undefined,
+            vpcSubnets,
+            securityGroup: stack.lambdaDbSg || undefined,
+        },
+    };
+}
+export function lambdaFunctionProps(
+    stack: DigitrafficStack,
+    environment: LambdaEnvironment,
+    lambdaName: string,
+    simpleLambdaName: string,
+    config?: FunctionParameters
+): FunctionProps {
+    return {
+        runtime: config?.runtime || Runtime.NODEJS_14_X,
+        architecture: config?.architecture || Architecture.ARM_64,
+        memorySize: config?.memorySize || 128,
+        functionName: lambdaName,
+        role: config?.role,
+        timeout: Duration.seconds(config?.timeout || 60),
+        logRetention: RetentionDays.ONE_YEAR,
+        reservedConcurrentExecutions: config?.reservedConcurrentExecutions || 2,
+        code: getAssetCode(simpleLambdaName, config),
+        handler: `${simpleLambdaName}.handler`,
+        environment,
+    };
+}
+function getAssetCode(
+    simpleLambdaName: string,
+    config?: FunctionParameters
+): AssetCode {
+    const lambdaPath = config?.singleLambda
+        ? `dist/lambda/`
+        : `dist/lambda/${simpleLambdaName}`;
+    return new AssetCode(lambdaPath);
+}
+/**
+ * Creates a base configuration for a Lambda that uses an RDS database
+ * @param vpc "Private" Lambdas are associated with a VPC
+ * @param lambdaDbSg Security Group shared by Lambda and RDS
+ * @param props Database connection properties for the Lambda
+ * @param config Lambda configuration
+ */
+export function dbLambdaConfiguration(
+    vpc: IVpc,
+    lambdaDbSg: ISecurityGroup,
+    props: LambdaConfiguration,
+    config: FunctionParameters
+): FunctionProps {
+    return {
+        runtime: props.runtime || Runtime.NODEJS_14_X,
+        memorySize: props.memorySize || config.memorySize || 1024,
+        functionName: config.functionName,
+        code: config.code,
+        role: config.role,
+        handler: config.handler,
+        timeout: Duration.seconds(
+            config.timeout || props.defaultLambdaDurationSeconds || 60
+        ),
+        environment: config.environment || {
+            DB_USER: props.dbProps?.username ?? "",
+            DB_PASS: props.dbProps?.password ?? "",
+            DB_URI:
+                (config.readOnly
+                    ? props.dbProps?.ro_uri
+                    : props.dbProps?.uri) ?? "",
+        },
+        logRetention: RetentionDays.ONE_YEAR,
+        vpc: vpc,
+        vpcSubnets: {
+            subnets: vpc.privateSubnets,
+        },
+        securityGroups: [lambdaDbSg],
+        reservedConcurrentExecutions: config.reservedConcurrentExecutions || 3,
+    };
+}
+export function defaultLambdaConfiguration(
+    config: FunctionParameters
+): FunctionProps {
+    const props: FunctionProps = {
+        runtime: Runtime.NODEJS_14_X,
+        memorySize: config.memorySize ?? 128,
+        functionName: config.functionName,
+        handler: config.handler,
+        environment: config.environment ?? {},
+        logRetention: RetentionDays.ONE_YEAR,
+        reservedConcurrentExecutions: config.reservedConcurrentExecutions,
+        code: config.code,
+        role: config.role,
+        timeout: Duration.seconds(config.timeout || 10),
+    };
+    if (config.vpc) {
+        return {
+            ...props,
+            ...{
+                vpc: config.vpc,
+                vpcSubnets: {
+                    subnets: config.vpc?.privateSubnets,
+                },
+            },
+        };
+    }
+    return props;
+}
+export interface FunctionParameters {
+    memorySize?: number;
+    timeout?: number;
+    functionName?: string;
+    code: Code;
+    handler: string;
+    readOnly?: boolean;
+    environment?: {
+        [key: string]: string;
+    };
+    reservedConcurrentExecutions?: number;
+    role?: Role;
+    vpc?: IVpc;
+    vpcSubnets?: SubnetSelection;
+    runtime?: Runtime;
+    architecture?: Architecture;
+    singleLambda?: boolean;
+}
+export type MonitoredFunctionParameters = {
+    readonly memorySize?: number;
+    readonly timeout?: number;
+    readonly functionName?: string;
+    readonly reservedConcurrentExecutions?: number;
+    readonly role?: Role;
+    readonly runtime?: Runtime;
+    readonly architecture?: Architecture;
+    readonly singleLambda?: boolean;
+    readonly durationAlarmProps?: MonitoredFunctionAlarmProps;
+    readonly durationWarningProps?: MonitoredFunctionAlarmProps;
+    readonly errorAlarmProps?: MonitoredFunctionAlarmProps;
+    readonly throttleAlarmProps?: MonitoredFunctionAlarmProps;
+} & FunctionParameters;