@digitraffic/common 2022.10.25-1 → 2022.10.28-2

package/dist/aws/infra/stack/rest_apis.js

@@ -0,0 +1,185 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createIpRestrictionPolicyDocument = exports.createDefaultPolicyDocument = exports.createRestApi = exports.setReturnCodeForMissingAuthenticationToken = exports.add401Support = exports.add404Support = exports.DigitrafficRestApi = void 0;
+const aws_apigateway_1 = require("aws-cdk-lib/aws-apigateway");
+const aws_iam_1 = require("aws-cdk-lib/aws-iam");
+const usage_plans_1 = require("../usage-plans");
+const api_model_1 = require("../../../utils/api-model");
+const mediatypes_1 = require("../../types/mediatypes");
+const R = require("ramda");
+class DigitrafficRestApi extends aws_apigateway_1.RestApi {
+    constructor(stack, apiId, apiName, allowFromIpAddresses, config) {
+        const policyDocument = allowFromIpAddresses == null ? createDefaultPolicyDocument() : createIpRestrictionPolicyDocument(allowFromIpAddresses);
+        // override default config with given extra config
+        const apiConfig = { ...{
+                deployOptions: {
+                    loggingLevel: aws_apigateway_1.MethodLoggingLevel.ERROR,
+                },
+                restApiName: apiName,
+                endpointTypes: [aws_apigateway_1.EndpointType.REGIONAL],
+                policy: policyDocument,
+            }, ...config };
+        super(stack, apiId, apiConfig);
+        this.apiKeyIds = [];
+        this.enableDocumentation = stack.configuration.stackFeatures?.enableDocumentation ?? true;
+        add404Support(this, stack);
+    }
+    hostname() {
+        return `${this.restApiId}.execute-api.${this.stack.region}.amazonaws.com`;
+    }
+    createUsagePlan(apiKeyId, apiKeyName) {
+        const newKeyId = (0, usage_plans_1.createUsagePlan)(this, apiKeyId, apiKeyName).keyId;
+        this.apiKeyIds.push(newKeyId);
+        return newKeyId;
+    }
+    createUsagePlanV2(apiName) {
+        const newKeyId = (0, usage_plans_1.createDefaultUsagePlan)(this, apiName).keyId;
+        this.apiKeyIds.push(newKeyId);
+        return newKeyId;
+    }
+    addJsonModel(modelName, schema) {
+        return this.getModelWithReference(this.addModel(modelName, {
+            contentType: mediatypes_1.MediaType.APPLICATION_JSON,
+            modelName,
+            schema,
+        }));
+    }
+    addCSVModel(modelName) {
+        return this.getModelWithReference(this.addModel(modelName, {
+            contentType: mediatypes_1.MediaType.TEXT_CSV,
+            modelName,
+            schema: {},
+        }));
+    }
+    getModelWithReference(model) {
+        return R.assoc('modelReference', (0, api_model_1.getModelReference)(model.modelId, this.restApiId), model);
+    }
+    addDocumentationPart(resource, parameterName, resourceName, type, properties) {
+        const location = {
+            type,
+            path: resource.path,
+            name: type !== 'METHOD' ? parameterName : undefined,
+        };
+        new aws_apigateway_1.CfnDocumentationPart(this.stack, resourceName, {
+            restApiId: resource.api.restApiId,
+            location,
+            properties: JSON.stringify(properties),
+        });
+    }
+    documentResource(resource, ...documentationPart) {
+        if (this.enableDocumentation) {
+            documentationPart.forEach(dp => this.addDocumentationPart(resource, dp.parameterName, `${resource.path}.${dp.parameterName}.Documentation`, dp.type, dp.documentationProperties));
+        }
+        else {
+            console.info("Skipping documentation for %s", resource.path);
+        }
+    }
+}
+exports.DigitrafficRestApi = DigitrafficRestApi;
+/**
+ * Due to AWS API design API Gateway will always return 403 'Missing Authentication Token' for requests
+ * with a non-existent endpoint. This function translates this response to a 404.
+ * Requests with an invalid or missing API key are not affected (still return 403 'Forbidden').
+ * @param restApi RestApi
+ * @param stack Construct
+ */
+function add404Support(restApi, stack) {
+    new aws_apigateway_1.GatewayResponse(stack, `MissingAuthenticationTokenResponse-${restApi.restApiName}`, {
+        restApi,
+        type: aws_apigateway_1.ResponseType.MISSING_AUTHENTICATION_TOKEN,
+        statusCode: '404',
+        templates: {
+            'application/json': '{"message": "Not found"}',
+        },
+    });
+}
+exports.add404Support = add404Support;
+function add401Support(restApi, stack) {
+    new aws_apigateway_1.GatewayResponse(stack, `AuthenticationFailedResponse-${restApi.restApiName}`, {
+        restApi,
+        type: aws_apigateway_1.ResponseType.UNAUTHORIZED,
+        statusCode: "401",
+        responseHeaders: {
+            'WWW-Authenticate': "'Basic'",
+        },
+    });
+}
+exports.add401Support = add401Support;
+/**
+ * Due to AWS API design API Gateway will always return 403 'Missing Authentication Token' for requests
+ * with a non-existent endpoint. This function converts this response to a custom one.
+ * Requests with an invalid or missing API key are not affected (still return 403 'Forbidden').
+ * @param returnCode
+ * @param message
+ * @param restApi RestApi
+ * @param stack Construct
+ */
+function setReturnCodeForMissingAuthenticationToken(returnCode, message, restApi, stack) {
+    new aws_apigateway_1.GatewayResponse(stack, `MissingAuthenticationTokenResponse-${restApi.restApiName}`, {
+        restApi,
+        type: aws_apigateway_1.ResponseType.MISSING_AUTHENTICATION_TOKEN,
+        statusCode: `${returnCode}`,
+        templates: {
+            'application/json': `{"message": ${message}}`,
+        },
+    });
+}
+exports.setReturnCodeForMissingAuthenticationToken = setReturnCodeForMissingAuthenticationToken;
+function createRestApi(stack, apiId, apiName, allowFromIpAddresses) {
+    const policyDocument = allowFromIpAddresses == null ? createDefaultPolicyDocument() : createIpRestrictionPolicyDocument(allowFromIpAddresses);
+    const restApi = new aws_apigateway_1.RestApi(stack, apiId, {
+        deployOptions: {
+            loggingLevel: aws_apigateway_1.MethodLoggingLevel.ERROR,
+        },
+        restApiName: apiName,
+        endpointTypes: [aws_apigateway_1.EndpointType.REGIONAL],
+        policy: policyDocument,
+    });
+    add404Support(restApi, stack);
+    return restApi;
+}
+exports.createRestApi = createRestApi;
+function createDefaultPolicyDocument() {
+    return new aws_iam_1.PolicyDocument({
+        statements: [
+            new aws_iam_1.PolicyStatement({
+                effect: aws_iam_1.Effect.ALLOW,
+                actions: [
+                    "execute-api:Invoke",
+                ],
+                resources: [
+                    "*",
+                ],
+                principals: [
+                    new aws_iam_1.AnyPrincipal(),
+                ],
+            }),
+        ],
+    });
+}
+exports.createDefaultPolicyDocument = createDefaultPolicyDocument;
+function createIpRestrictionPolicyDocument(allowFromIpAddresses) {
+    return new aws_iam_1.PolicyDocument({
+        statements: [
+            new aws_iam_1.PolicyStatement({
+                effect: aws_iam_1.Effect.ALLOW,
+                conditions: {
+                    "IpAddress": {
+                        "aws:SourceIp": allowFromIpAddresses,
+                    },
+                },
+                actions: [
+                    "execute-api:Invoke",
+                ],
+                resources: [
+                    "*",
+                ],
+                principals: [
+                    new aws_iam_1.AnyPrincipal(),
+                ],
+            }),
+        ],
+    });
+}
+exports.createIpRestrictionPolicyDocument = createIpRestrictionPolicyDocument;
+//# sourceMappingURL=rest_apis.js.map

package/dist/aws/infra/stack/rest_apis.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rest_apis.js","sourceRoot":"","sources":["../../../../src/aws/infra/stack/rest_apis.ts"],"names":[],"mappings":";;;AAAA,+DAOoC;AACpC,iDAA0F;AAG1F,gDAAuE;AAEvE,wDAA2D;AAC3D,uDAAiD;AAGjD,2BAA4B;AAE5B,MAAa,kBAAmB,SAAQ,wBAAO;IAI3C,YACI,KAAuB,EAAE,KAAa,EAAE,OAAe,EAAE,oBAA2C,EAAE,MAA8B;QAEpI,MAAM,cAAc,GAAG,oBAAoB,IAAI,IAAI,CAAC,CAAC,CAAC,2BAA2B,EAAE,CAAC,CAAC,CAAC,iCAAiC,CAAC,oBAAoB,CAAC,CAAC;QAE9I,kDAAkD;QAClD,MAAM,SAAS,GAAG,EAAC,GAAG;gBAClB,aAAa,EAAE;oBACX,YAAY,EAAE,mCAAkB,CAAC,KAAK;iBACzC;gBACD,WAAW,EAAE,OAAO;gBACpB,aAAa,EAAE,CAAC,6BAAY,CAAC,QAAQ,CAAC;gBACtC,MAAM,EAAE,cAAc;aACzB,EAAE,GAAG,MAAM,EAAC,CAAC;QAEd,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAE/B,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;QACpB,IAAI,CAAC,mBAAmB,GAAG,KAAK,CAAC,aAAa,CAAC,aAAa,EAAE,mBAAmB,IAAI,IAAI,CAAC;QAE1F,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,QAAQ;QACJ,OAAO,GAAG,IAAI,CAAC,SAAS,gBAAiB,IAAI,CAAC,KAA0B,CAAC,MAAM,gBAAgB,CAAC;IACpG,CAAC;IAED,eAAe,CAAC,QAAgB,EAAE,UAAkB;QAChD,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,KAAK,CAAC;QAEnE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO,QAAQ,CAAC;IACpB,CAAC;IAED,iBAAiB,CAAC,OAAe;QAC7B,MAAM,QAAQ,GAAG,IAAA,oCAAsB,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC;QAE7D,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE9B,OAAO,QAAQ,CAAC;IACpB,CAAC;IAED,YAAY,CAAC,SAAiB,EAAE,MAAkB;QAC9C,OAAO,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE;YACvD,WAAW,EAAE,sBAAS,CAAC,gBAAgB;YACvC,SAAS;YACT,MAAM;SACT,CAAC,CAAC,CAAC;IACR,CAAC;IAED,WAAW,CAAC,SAAiB;QACzB,OAAO,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE;YACvD,WAAW,EAAE,sBAAS,CAAC,QAAQ;YAC/B,SAAS;YACT,MAAM,EAAE,EAAE;SACb,CAAC,CAAC,CAAC;IACR,CAAC;IAEO,qBAAqB,CAAC,KAAY;QACtC,OAAO,CAAC,CAAC,KAAK,CAAC,gBAAgB,EAAE,IAAA,6BAAiB,EAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,CAAuB,CAAC;IACpH,CAAC;IAEO,oBAAoB,CACxB,QAAkB,EAAE,aAAqB,EAAE,YAAoB,EAAE,IAAY,EAAE,UAAmC;QAElH,MAAM,QAAQ,GAA0C;YACpD,IAAI;YACJ,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,IAAI,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;SACtD,CAAC;QAEF,IAAI,qCAAoB,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE;YAC/C,SAAS,EAAE,QAAQ,CAAC,GAAG,CAAC,SAAS;YACjC,QAAQ;YACR,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;SACzC,CAAC,CAAC;IACP,CAAC;IAED,gBAAgB,CAAC,QAAkB,EAAE,GAAG,iBAAsC;QAC1E,IAAG,IAAI,CAAC,mBAAmB,EAAE;YACzB,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,oBAAoB,CACrD,QAAQ,EAAE,EAAE,CAAC,aAAa,EAAE,GAAG,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC,aAAa,gBAAgB,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,uBAAuB,CACxH,CAAC,CAAC;SACN;aAAM;YACH,OAAO,CAAC,IAAI,CAAC,+BAA+B,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;SAChE;IACL,CAAC;CACJ;AA5FD,gDA4FC;AAED;;;;;;GAMG;AACH,SAAgB,aAAa,CAAC,OAAgB,EAAE,KAAgB;IAC5D,IAAI,gCAAe,CAAC,KAAK,EAAE,sCAAsC,OAAO,CAAC,WAAW,EAAE,EAAE;QACpF,OAAO;QACP,IAAI,EAAE,6BAAY,CAAC,4BAA4B;QAC/C,UAAU,EAAE,KAAK;QACjB,SAAS,EAAE;YACP,kBAAkB,EAAE,0BAA0B;SACjD;KACJ,CAAC,CAAC;AACP,CAAC;AATD,sCASC;AAED,SAAgB,aAAa,CAAC,OAAgB,EAAE,KAAgB;IAC5D,IAAI,gCAAe,CAAC,KAAK,EAAE,gCAAgC,OAAO,CAAC,WAAW,EAAE,EAAE;QAC9E,OAAO;QACP,IAAI,EAAE,6BAAY,CAAC,YAAY;QAC/B,UAAU,EAAE,KAAK;QACjB,eAAe,EAAE;YACb,kBAAkB,EAAE,SAAS;SAChC;KACJ,CAAC,CAAC;AACP,CAAC;AATD,sCASC;AAED;;;;;;;;GAQG;AACH,SAAgB,0CAA0C,CAAC,UAAkB,EACzE,OAAe,EACf,OAAgB,EAChB,KAAgB;IAEhB,IAAI,gCAAe,CAAC,KAAK,EAAE,sCAAsC,OAAO,CAAC,WAAW,EAAE,EAAE;QACpF,OAAO;QACP,IAAI,EAAE,6BAAY,CAAC,4BAA4B;QAC/C,UAAU,EAAE,GAAG,UAAU,EAAE;QAC3B,SAAS,EAAE;YACP,kBAAkB,EAAE,eAAe,OAAO,GAAG;SAChD;KACJ,CAAC,CAAC;AACP,CAAC;AAbD,gGAaC;AAED,SAAgB,aAAa,CAAC,KAAgB,EAAE,KAAa,EAAE,OAAe,EAAE,oBAA2C;IACvH,MAAM,cAAc,GAAG,oBAAoB,IAAI,IAAI,CAAC,CAAC,CAAC,2BAA2B,EAAE,CAAC,CAAC,CAAC,iCAAiC,CAAC,oBAAoB,CAAC,CAAC;IAC9I,MAAM,OAAO,GAAG,IAAI,wBAAO,CAAC,KAAK,EAAE,KAAK,EAAE;QACtC,aAAa,EAAE;YACX,YAAY,EAAE,mCAAkB,CAAC,KAAK;SACzC;QACD,WAAW,EAAE,OAAO;QACpB,aAAa,EAAE,CAAC,6BAAY,CAAC,QAAQ,CAAC;QACtC,MAAM,EAAE,cAAc;KACzB,CAAC,CAAC;IACH,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC9B,OAAO,OAAO,CAAC;AACnB,CAAC;AAZD,sCAYC;AAED,SAAgB,2BAA2B;IACvC,OAAO,IAAI,wBAAc,CAAC;QACtB,UAAU,EAAE;YACR,IAAI,yBAAe,CAAC;gBAChB,MAAM,EAAE,gBAAM,CAAC,KAAK;gBACpB,OAAO,EAAE;oBACL,oBAAoB;iBACvB;gBACD,SAAS,EAAE;oBACP,GAAG;iBACN;gBACD,UAAU,EAAE;oBACR,IAAI,sBAAY,EAAE;iBACrB;aACJ,CAAC;SACL;KACJ,CAAC,CAAC;AACP,CAAC;AAjBD,kEAiBC;AAGD,SAAgB,iCAAiC,CAAC,oBAA8B;IAC5E,OAAO,IAAI,wBAAc,CAAC;QACtB,UAAU,EAAE;YACR,IAAI,yBAAe,CAAC;gBAChB,MAAM,EAAE,gBAAM,CAAC,KAAK;gBACpB,UAAU,EAAE;oBACR,WAAW,EAAE;wBACT,cAAc,EAAE,oBAAoB;qBACvC;iBACJ;gBACD,OAAO,EAAE;oBACL,oBAAoB;iBACvB;gBACD,SAAS,EAAE;oBACP,GAAG;iBACN;gBACD,UAAU,EAAE;oBACR,IAAI,sBAAY,EAAE;iBACrB;aACJ,CAAC;SACL;KACJ,CAAC,CAAC;AACP,CAAC;AAtBD,8EAsBC"}

package/dist/aws/infra/stack/stack-checking-aspect.js

@@ -0,0 +1,174 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.StackCheckingAspect = void 0;
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_lambda_1 = require("aws-cdk-lib/aws-lambda");
+const aws_s3_1 = require("aws-cdk-lib/aws-s3");
+const stack_1 = require("./stack");
+const aws_apigateway_1 = require("aws-cdk-lib/aws-apigateway");
+const change_case_1 = require("change-case");
+const aws_sqs_1 = require("aws-cdk-lib/aws-sqs");
+const aws_logs_1 = require("aws-cdk-lib/aws-logs");
+const MAX_CONCURRENCY_LIMIT = 100;
+const NODE_RUNTIME = aws_lambda_1.Runtime.NODEJS_14_X.name;
+var ResourceType;
+(function (ResourceType) {
+    ResourceType["stackName"] = "STACK_NAME";
+    ResourceType["reservedConcurrentConcurrency"] = "RESERVED_CONCURRENT_CONCURRENCY";
+    ResourceType["functionTimeout"] = "FUNCTION_TIMEOUT";
+    ResourceType["functionMemorySize"] = "FUNCTION_MEMORY_SIZE";
+    ResourceType["functionRuntime"] = "FUNCTION_RUNTIME";
+    ResourceType["functionName"] = "FUNCTION_NAME";
+    ResourceType["tagSolution"] = "TAG_SOLUTION";
+    ResourceType["bucketPublicity"] = "BUCKET_PUBLICITY";
+    ResourceType["resourcePath"] = "RESOURCE_PATH";
+    ResourceType["queueEncryption"] = "QUEUE_ENCRYPTION";
+    ResourceType["logGroupRetention"] = "LOG_GROUP_RETENTION";
+})(ResourceType || (ResourceType = {}));
+class StackCheckingAspect {
+    constructor(stackShortName, whitelistedResources) {
+        this.stackShortName = stackShortName;
+        this.whitelistedResources = whitelistedResources;
+    }
+    static create(stack) {
+        return new StackCheckingAspect(stack.configuration.shortName, stack.configuration.whitelistedResources);
+    }
+    visit(node) {
+        //console.info("visiting class " + node.constructor.name);
+        this.checkStack(node);
+        this.checkFunction(node);
+        this.checkTags(node);
+        this.checkBucket(node);
+        this.checkResourceCasing(node);
+        this.checkQueueEncryption(node);
+        this.checkLogGroupRetention(node);
+    }
+    isWhitelisted(key) {
+        return this.whitelistedResources?.some((wl) => {
+            return key.matchAll(new RegExp(wl, "g"));
+        });
+    }
+    addAnnotation(node, key, message, isError = true) {
+        const resourceKey = `${node.node.path}/${key}`;
+        const isWhiteListed = this.isWhitelisted(resourceKey);
+        const annotationMessage = `${resourceKey}:${message}`;
+        // error && whitelisted -> warning
+        // warning && whitelisted -> nothing
+        if (isError && !isWhiteListed) {
+            aws_cdk_lib_1.Annotations.of(node).addError(annotationMessage);
+        }
+        else if ((!isError && !isWhiteListed) || (isError && isWhiteListed)) {
+            aws_cdk_lib_1.Annotations.of(node).addWarning(annotationMessage);
+        }
+    }
+    checkStack(node) {
+        if (node instanceof stack_1.DigitrafficStack) {
+            if ((node.stackName.includes("Test") ||
+                node.stackName.includes("Tst")) &&
+                node.configuration.production) {
+                this.addAnnotation(node, ResourceType.stackName, "Production is set for Test-stack");
+            }
+            if ((node.stackName.includes("Prod") ||
+                node.stackName.includes("Prd")) &&
+                !node.configuration.production) {
+                this.addAnnotation(node, ResourceType.stackName, "Production is not set for Production-stack");
+            }
+        }
+    }
+    checkFunction(node) {
+        if (node instanceof aws_lambda_1.CfnFunction) {
+            if (!node.reservedConcurrentExecutions) {
+                this.addAnnotation(node, ResourceType.reservedConcurrentConcurrency, "Function must have reservedConcurrentConcurrency");
+            }
+            else if (node.reservedConcurrentExecutions > MAX_CONCURRENCY_LIMIT) {
+                this.addAnnotation(node, ResourceType.reservedConcurrentConcurrency, "Function reservedConcurrentConcurrency too high!");
+            }
+            if (!node.timeout) {
+                this.addAnnotation(node, ResourceType.functionTimeout, "Function must have timeout");
+            }
+            if (!node.memorySize) {
+                this.addAnnotation(node, ResourceType.functionMemorySize, "Function must have memorySize");
+            }
+            if (node.runtime !== NODE_RUNTIME) {
+                this.addAnnotation(node, ResourceType.functionRuntime, `Function has wrong runtime ${node.runtime}!`);
+            }
+            if (this.stackShortName &&
+                node.functionName &&
+                !node.functionName.startsWith(this.stackShortName)) {
+                this.addAnnotation(node, ResourceType.functionName, `Function name does not begin with ${this.stackShortName}`);
+            }
+        }
+    }
+    checkTags(node) {
+        if (node instanceof aws_cdk_lib_1.Stack) {
+            if (!node.tags.tagValues()[stack_1.SOLUTION_KEY]) {
+                this.addAnnotation(node, ResourceType.tagSolution, "Solution tag is missing");
+            }
+        }
+    }
+    checkBucket(node) {
+        if (node instanceof aws_s3_1.CfnBucket) {
+            const c = node.publicAccessBlockConfiguration;
+            if (c) {
+                if (!c.blockPublicAcls ||
+                    !c.blockPublicPolicy ||
+                    !c.ignorePublicAcls ||
+                    !c.restrictPublicBuckets) {
+                    this.addAnnotation(node, ResourceType.bucketPublicity, "Check bucket publicity");
+                }
+            }
+        }
+    }
+    static isValidPath(path) {
+        // if path includes . or { check only the trailing part of path
+        if (path.includes(".")) {
+            return this.isValidPath(path.split(".")[0]);
+        }
+        if (path.includes("{")) {
+            return this.isValidPath(path.split("{")[0]);
+        }
+        return (0, change_case_1.paramCase)(path) === path;
+    }
+    static isValidQueryString(name) {
+        return (0, change_case_1.snakeCase)(name) === name;
+    }
+    checkResourceCasing(node) {
+        if (node instanceof aws_apigateway_1.CfnResource) {
+            if (!StackCheckingAspect.isValidPath(node.pathPart)) {
+                this.addAnnotation(node, ResourceType.resourcePath, "Path part should be in kebab-case");
+            }
+        }
+        else if (node instanceof aws_apigateway_1.CfnMethod) {
+            const integration = node.integration;
+            if (integration && integration.requestParameters) {
+                Object.keys(integration.requestParameters).forEach((key) => {
+                    const split = key.split(".");
+                    const type = split[2];
+                    const name = split[3];
+                    if (type === "querystring" &&
+                        !StackCheckingAspect.isValidQueryString(name)) {
+                        this.addAnnotation(node, name, "Querystring should be in snake_case");
+                    }
+                });
+            }
+        }
+    }
+    checkQueueEncryption(node) {
+        if (node instanceof aws_sqs_1.CfnQueue) {
+            if (!node.kmsMasterKeyId) {
+                this.addAnnotation(node, ResourceType.queueEncryption, "Queue must have encryption enabled");
+            }
+        }
+    }
+    checkLogGroupRetention(node) {
+        if (node instanceof aws_logs_1.LogRetention) {
+            const child = node.node.defaultChild;
+            const retention = child._cfnProperties.RetentionInDays;
+            if (!retention) {
+                this.addAnnotation(node, ResourceType.logGroupRetention, "Log group must define log group retention");
+            }
+        }
+    }
+}
+exports.StackCheckingAspect = StackCheckingAspect;
+//# sourceMappingURL=stack-checking-aspect.js.map

package/dist/aws/infra/stack/stack-checking-aspect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stack-checking-aspect.js","sourceRoot":"","sources":["../../../../src/aws/infra/stack/stack-checking-aspect.ts"],"names":[],"mappings":";;;AAAA,6CAA0D;AAC1D,uDAA8D;AAC9D,+CAA+C;AAC/C,mCAAyD;AAEzD,+DAAoE;AACpE,6CAAmD;AACnD,iDAA+C;AAC/C,mDAAoD;AAGpD,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,YAAY,GAAG,oBAAO,CAAC,WAAW,CAAC,IAAI,CAAC;AAE9C,IAAK,YAYJ;AAZD,WAAK,YAAY;IACb,wCAAwB,CAAA;IACxB,iFAAiE,CAAA;IACjE,oDAAoC,CAAA;IACpC,2DAA2C,CAAA;IAC3C,oDAAoC,CAAA;IACpC,8CAA8B,CAAA;IAC9B,4CAA4B,CAAA;IAC5B,oDAAoC,CAAA;IACpC,8CAA8B,CAAA;IAC9B,oDAAoC,CAAA;IACpC,yDAAyC,CAAA;AAC7C,CAAC,EAZI,YAAY,KAAZ,YAAY,QAYhB;AAED,MAAa,mBAAmB;IAI5B,YAAY,cAAuB,EAAE,oBAA+B;QAChE,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;IACrD,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAuB;QACjC,OAAO,IAAI,mBAAmB,CAC1B,KAAK,CAAC,aAAa,CAAC,SAAS,EAC7B,KAAK,CAAC,aAAa,CAAC,oBAAoB,CAC3C,CAAC;IACN,CAAC;IAEM,KAAK,CAAC,IAAgB;QACzB,0DAA0D;QAE1D,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACtB,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACzB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACrB,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACvB,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAEO,aAAa,CAAC,GAAW;QAC7B,OAAO,IAAI,CAAC,oBAAoB,EAAE,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE;YAC1C,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACP,CAAC;IAEO,aAAa,CACjB,IAAgB,EAChB,GAA0B,EAC1B,OAAe,EACf,OAAO,GAAG,IAAI;QAEd,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;QAC/C,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;QACtD,MAAM,iBAAiB,GAAG,GAAG,WAAW,IAAI,OAAO,EAAE,CAAC;QAEtD,kCAAkC;QAClC,oCAAoC;QACpC,IAAI,OAAO,IAAI,CAAC,aAAa,EAAE;YAC3B,yBAAW,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;SACpD;aAAM,IAAI,CAAC,CAAC,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,IAAI,aAAa,CAAC,EAAE;YACnE,yBAAW,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;SACtD;IACL,CAAC;IAEO,UAAU,CAAC,IAAgB;QAC/B,IAAI,IAAI,YAAY,wBAAgB,EAAE;YAClC,IACI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAC5B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;gBACnC,IAAI,CAAC,aAAa,CAAC,UAAU,EAC/B;gBACE,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,YAAY,CAAC,SAAS,EACtB,kCAAkC,CACrC,CAAC;aACL;YAED,IACI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAC5B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;gBACnC,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,EAChC;gBACE,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,YAAY,CAAC,SAAS,EACtB,4CAA4C,CAC/C,CAAC;aACL;SACJ;IACL,CAAC;IAEO,aAAa,CAAC,IAAgB;QAClC,IAAI,IAAI,YAAY,wBAAW,EAAE;YAC7B,IAAI,CAAC,IAAI,CAAC,4BAA4B,EAAE;gBACpC,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,YAAY,CAAC,6BAA6B,EAC1C,kDAAkD,CACrD,CAAC;aACL;iBAAM,IACH,IAAI,CAAC,4BAA4B,GAAG,qBAAqB,EAC3D;gBACE,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,YAAY,CAAC,6BAA6B,EAC1C,kDAAkD,CACrD,CAAC;aACL;YAED,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;gBACf,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,YAAY,CAAC,eAAe,EAC5B,4BAA4B,CAC/B,CAAC;aACL;YAED,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;gBAClB,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,YAAY,CAAC,kBAAkB,EAC/B,+BAA+B,CAClC,CAAC;aACL;YAED,IAAI,IAAI,CAAC,OAAO,KAAK,YAAY,EAAE;gBAC/B,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,YAAY,CAAC,eAAe,EAC5B,8BAA8B,IAAI,CAAC,OAAO,GAAG,CAChD,CAAC;aACL;YAED,IACI,IAAI,CAAC,cAAc;gBACnB,IAAI,CAAC,YAAY;gBACjB,CAAC,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,EACpD;gBACE,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,YAAY,CAAC,YAAY,EACzB,qCAAqC,IAAI,CAAC,cAAc,EAAE,CAC7D,CAAC;aACL;SACJ;IACL,CAAC;IAEO,SAAS,CAAC,IAAgB;QAC9B,IAAI,IAAI,YAAY,mBAAK,EAAE;YACvB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,oBAAY,CAAC,EAAE;gBACtC,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,YAAY,CAAC,WAAW,EACxB,yBAAyB,CAC5B,CAAC;aACL;SACJ;IACL,CAAC;IAEO,WAAW,CAAC,IAAgB;QAChC,IAAI,IAAI,YAAY,kBAAS,EAAE;YAC3B,MAAM,CAAC,GACH,IAAI,CAAC,8BAAkF,CAAC;YAE5F,IAAI,CAAC,EAAE;gBACH,IACI,CAAC,CAAC,CAAC,eAAe;oBAClB,CAAC,CAAC,CAAC,iBAAiB;oBACpB,CAAC,CAAC,CAAC,gBAAgB;oBACnB,CAAC,CAAC,CAAC,qBAAqB,EAC1B;oBACE,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,YAAY,CAAC,eAAe,EAC5B,wBAAwB,CAC3B,CAAC;iBACL;aACJ;SACJ;IACL,CAAC;IAEO,MAAM,CAAC,WAAW,CAAC,IAAY;QACnC,+DAA+D;QAC/D,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;YACpB,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC/C;QAED,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;YACpB,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC/C;QAED,OAAO,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,IAAI,CAAC;IACpC,CAAC;IAEO,MAAM,CAAC,kBAAkB,CAAC,IAAY;QAC1C,OAAO,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,IAAI,CAAC;IACpC,CAAC;IAEO,mBAAmB,CAAC,IAAgB;QACxC,IAAI,IAAI,YAAY,4BAAW,EAAE;YAC7B,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;gBACjD,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,YAAY,CAAC,YAAY,EACzB,mCAAmC,CACtC,CAAC;aACL;SACJ;aAAM,IAAI,IAAI,YAAY,0BAAS,EAAE;YAClC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAkC,CAAC;YAE5D,IAAI,WAAW,IAAI,WAAW,CAAC,iBAAiB,EAAE;gBAC9C,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;oBACvD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAC7B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;oBACtB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;oBAEtB,IACI,IAAI,KAAK,aAAa;wBACtB,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAC/C;wBACE,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,IAAI,EACJ,qCAAqC,CACxC,CAAC;qBACL;gBACL,CAAC,CAAC,CAAC;aACN;SACJ;IACL,CAAC;IAEO,oBAAoB,CAAC,IAAgB;QACzC,IAAI,IAAI,YAAY,kBAAQ,EAAE;YAC1B,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;gBACtB,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,YAAY,CAAC,eAAe,EAC5B,oCAAoC,CACvC,CAAC;aACL;SACJ;IACL,CAAC;IAEO,sBAAsB,CAAC,IAAgB;QAC3C,IAAI,IAAI,YAAY,uBAAY,EAAE;YAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,YAGvB,CAAC;YACF,MAAM,SAAS,GAAG,KAAK,CAAC,cAAc,CAAC,eAAe,CAAC;YAEvD,IAAI,CAAC,SAAS,EAAE;gBACZ,IAAI,CAAC,aAAa,CACd,IAAI,EACJ,YAAY,CAAC,iBAAiB,EAC9B,2CAA2C,CAC9C,CAAC;aACL;SACJ;IACL,CAAC;CACJ;AA1PD,kDA0PC"}

package/{aws → dist/aws}/infra/stack/stack.d.ts

@@ -11,7 +11,7 @@ export declare const SOLUTION_KEY = "Solution";
 export declare const SSM_KEY_WARNING_TOPIC: string;
 export declare const SSM_KEY_ALARM_TOPIC: string;
 export interface StackConfiguration {
-    readonly shortName?: string;
+    readonly shortName: string;
     readonly secretId?: string;
     readonly alarmTopicArn: string;
     readonly warningTopicArn: string;
@@ -30,15 +30,16 @@ export interface StackConfiguration {
     readonly whitelistedResources?: string[];
 }
 export declare class DigitrafficStack extends Stack {
-    readonly vpc: IVpc;
-    readonly lambdaDbSg: ISecurityGroup;
+    readonly vpc?: IVpc;
+    readonly lambdaDbSg?: ISecurityGroup;
     readonly alarmTopic: ITopic;
     readonly warningTopic: ITopic;
-    readonly secret: ISecret;
+    readonly secret?: ISecret;
     readonly configuration: StackConfiguration;
     constructor(scope: Construct, id: string, configuration: StackConfiguration);
     addAspects(): void;
     createLambdaEnvironment(): DBLambdaEnvironment;
     createDefaultLambdaEnvironment(dbApplication: string): DBLambdaEnvironment;
+    getSecret(): ISecret;
     grantSecret(...lambdas: AWSFunction[]): void;
 }

package/dist/aws/infra/stack/stack.js

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DigitrafficStack = exports.SSM_KEY_ALARM_TOPIC = exports.SSM_KEY_WARNING_TOPIC = exports.SOLUTION_KEY = void 0;
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_ec2_1 = require("aws-cdk-lib/aws-ec2");
+const aws_sns_1 = require("aws-cdk-lib/aws-sns");
+const aws_ssm_1 = require("aws-cdk-lib/aws-ssm");
+const aws_secretsmanager_1 = require("aws-cdk-lib/aws-secretsmanager");
+const stack_checking_aspect_1 = require("./stack-checking-aspect");
+const SSM_ROOT = "/digitraffic";
+exports.SOLUTION_KEY = "Solution";
+const MONITORING_ROOT = "/monitoring";
+exports.SSM_KEY_WARNING_TOPIC = `${SSM_ROOT}${MONITORING_ROOT}/warning-topic`;
+exports.SSM_KEY_ALARM_TOPIC = `${SSM_ROOT}${MONITORING_ROOT}/alarm-topic`;
+class DigitrafficStack extends aws_cdk_lib_1.Stack {
+    constructor(scope, id, configuration) {
+        super(scope, id, configuration.stackProps);
+        this.configuration = configuration;
+        if (configuration.secretId) {
+            this.secret = aws_secretsmanager_1.Secret.fromSecretNameV2(this, "Secret", configuration.secretId);
+        }
+        // VPC reference construction requires vpcId and availability zones
+        // private subnets are used in Lambda configuration
+        if (configuration.vpcId) {
+            this.vpc = aws_ec2_1.Vpc.fromVpcAttributes(this, "vpc", {
+                vpcId: configuration.vpcId,
+                privateSubnetIds: configuration.privateSubnetIds,
+                availabilityZones: configuration.availabilityZones ?? [],
+            });
+        }
+        // security group that allows Lambda database access
+        if (configuration.lambdaDbSgId) {
+            this.lambdaDbSg = aws_ec2_1.SecurityGroup.fromSecurityGroupId(this, "LambdaDbSG", configuration.lambdaDbSgId);
+        }
+        this.alarmTopic = aws_sns_1.Topic.fromTopicArn(this, "AlarmTopic", aws_ssm_1.StringParameter.fromStringParameterName(this, "AlarmTopicParam", exports.SSM_KEY_ALARM_TOPIC).stringValue);
+        this.warningTopic = aws_sns_1.Topic.fromTopicArn(this, "WarningTopic", aws_ssm_1.StringParameter.fromStringParameterName(this, "WarningTopicParam", exports.SSM_KEY_WARNING_TOPIC).stringValue);
+        this.addAspects();
+    }
+    addAspects() {
+        aws_cdk_lib_1.Aspects.of(this).add(stack_checking_aspect_1.StackCheckingAspect.create(this));
+    }
+    createLambdaEnvironment() {
+        return this.createDefaultLambdaEnvironment(this.configuration.shortName);
+    }
+    createDefaultLambdaEnvironment(dbApplication) {
+        return this.configuration.secretId
+            ? {
+                SECRET_ID: this.configuration.secretId,
+                DB_APPLICATION: dbApplication,
+            }
+            : {
+                DB_APPLICATION: dbApplication,
+            };
+    }
+    getSecret() {
+        if (this.secret === undefined) {
+            throw new Error("Secret is undefined");
+        }
+        return this.secret;
+    }
+    grantSecret(...lambdas) {
+        const secret = this.getSecret();
+        lambdas.forEach((l) => secret.grantRead(l));
+    }
+}
+exports.DigitrafficStack = DigitrafficStack;
+//# sourceMappingURL=stack.js.map

package/dist/aws/infra/stack/stack.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stack.js","sourceRoot":"","sources":["../../../../src/aws/infra/stack/stack.ts"],"names":[],"mappings":";;;AAAA,6CAAyD;AACzD,iDAA+D;AAE/D,iDAAoD;AACpD,iDAAsD;AACtD,uEAAiE;AAGjE,mEAA8D;AAK9D,MAAM,QAAQ,GAAG,cAAc,CAAC;AACnB,QAAA,YAAY,GAAG,UAAU,CAAC;AACvC,MAAM,eAAe,GAAG,aAAa,CAAC;AAEzB,QAAA,qBAAqB,GAAG,GAAG,QAAQ,GAAG,eAAe,gBAAgB,CAAC;AACtE,QAAA,mBAAmB,GAAG,GAAG,QAAQ,GAAG,eAAe,cAAc,CAAC;AA2B/E,MAAa,gBAAiB,SAAQ,mBAAK;IASvC,YACI,KAAgB,EAChB,EAAU,EACV,aAAiC;QAEjC,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,IAAI,aAAa,CAAC,QAAQ,EAAE;YACxB,IAAI,CAAC,MAAM,GAAG,2BAAM,CAAC,gBAAgB,CACjC,IAAI,EACJ,QAAQ,EACR,aAAa,CAAC,QAAQ,CACzB,CAAC;SACL;QAED,mEAAmE;QACnE,mDAAmD;QACnD,IAAI,aAAa,CAAC,KAAK,EAAE;YACrB,IAAI,CAAC,GAAG,GAAG,aAAG,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,EAAE;gBAC1C,KAAK,EAAE,aAAa,CAAC,KAAK;gBAC1B,gBAAgB,EAAE,aAAa,CAAC,gBAAgB;gBAChD,iBAAiB,EAAE,aAAa,CAAC,iBAAiB,IAAI,EAAE;aAC3D,CAAC,CAAC;SACN;QAED,oDAAoD;QACpD,IAAI,aAAa,CAAC,YAAY,EAAE;YAC5B,IAAI,CAAC,UAAU,GAAG,uBAAa,CAAC,mBAAmB,CAC/C,IAAI,EACJ,YAAY,EACZ,aAAa,CAAC,YAAY,CAC7B,CAAC;SACL;QAED,IAAI,CAAC,UAAU,GAAG,eAAK,CAAC,YAAY,CAChC,IAAI,EACJ,YAAY,EACZ,yBAAe,CAAC,uBAAuB,CACnC,IAAI,EACJ,iBAAiB,EACjB,2BAAmB,CACtB,CAAC,WAAW,CAChB,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,eAAK,CAAC,YAAY,CAClC,IAAI,EACJ,cAAc,EACd,yBAAe,CAAC,uBAAuB,CACnC,IAAI,EACJ,mBAAmB,EACnB,6BAAqB,CACxB,CAAC,WAAW,CAChB,CAAC;QAEF,IAAI,CAAC,UAAU,EAAE,CAAC;IACtB,CAAC;IAED,UAAU;QACN,qBAAO,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,2CAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,uBAAuB;QACnB,OAAO,IAAI,CAAC,8BAA8B,CACtC,IAAI,CAAC,aAAa,CAAC,SAAS,CAC/B,CAAC;IACN,CAAC;IAED,8BAA8B,CAAC,aAAqB;QAChD,OAAO,IAAI,CAAC,aAAa,CAAC,QAAQ;YAC9B,CAAC,CAAC;gBACI,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ;gBACtC,cAAc,EAAE,aAAa;aAChC;YACH,CAAC,CAAC;gBACI,cAAc,EAAE,aAAa;aAChC,CAAC;IACZ,CAAC;IAED,SAAS;QACL,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE;YAC3B,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;SAC1C;QACD,OAAO,IAAI,CAAC,MAAM,CAAC;IACvB,CAAC;IAED,WAAW,CAAC,GAAG,OAAsB;QACjC,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAc,EAAE,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7D,CAAC;CACJ;AAnGD,4CAmGC"}

package/{aws → dist/aws}/infra/stack/subscription.d.ts

@@ -1,5 +1,5 @@
-import { CfnSubscriptionFilter } from 'aws-cdk-lib/aws-logs';
-import { Function } from 'aws-cdk-lib/aws-lambda';
+import { CfnSubscriptionFilter } from "aws-cdk-lib/aws-logs";
+import { Function as AWSFunction } from "aws-cdk-lib/aws-lambda";
 import { DigitrafficStack } from "./stack";
 import { Construct } from "constructs";
 import { MonitoredFunction } from "./monitoredfunction";
@@ -11,7 +11,7 @@ import { MonitoredFunction } from "./monitoredfunction";
  * @param logDestinationArn Destination for streamed logs
  * @param stack CloudFormation stack
  */
-export declare function createSubscription(lambda: Function, lambdaName: string, logDestinationArn: string | undefined, stack: Construct): CfnSubscriptionFilter | undefined;
+export declare function createSubscription(lambda: AWSFunction, lambdaName: string, logDestinationArn: string | undefined, stack: Construct): CfnSubscriptionFilter | undefined;
 export declare class DigitrafficLogSubscriptions {
     constructor(stack: DigitrafficStack, ...lambdas: MonitoredFunction[]);
 }

package/dist/aws/infra/stack/subscription.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DigitrafficLogSubscriptions = exports.createSubscription = void 0;
+const aws_logs_1 = require("aws-cdk-lib/aws-logs");
+/**
+ * Creates a subscription filter that subscribes to a Lambda Log Group and delivers the logs to another destination.
+ * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html
+ * @param lambda The Lambda function, needed to create a dependency
+ * @param lambdaName The Lambda name from which the Log Group name is derived
+ * @param logDestinationArn Destination for streamed logs
+ * @param stack CloudFormation stack
+ */
+function createSubscription(lambda, lambdaName, logDestinationArn, stack) {
+    if (logDestinationArn == undefined) {
+        return undefined;
+    }
+    const filter = new aws_logs_1.CfnSubscriptionFilter(stack, `${lambdaName}LogsSubscription`, {
+        logGroupName: `/aws/lambda/${lambdaName}`,
+        filterPattern: "",
+        destinationArn: logDestinationArn,
+    });
+    filter.node.addDependency(lambda);
+    return filter;
+}
+exports.createSubscription = createSubscription;
+class DigitrafficLogSubscriptions {
+    constructor(stack, ...lambdas) {
+        const destinationArn = stack.configuration.logsDestinationArn;
+        if (destinationArn !== undefined) {
+            lambdas.forEach((lambda) => {
+                const filter = new aws_logs_1.CfnSubscriptionFilter(stack, `${lambda.givenName}LogsSubscription`, {
+                    logGroupName: `/aws/lambda/${lambda.givenName}`,
+                    filterPattern: "",
+                    destinationArn,
+                });
+                filter.node.addDependency(lambda);
+            });
+        }
+    }
+}
+exports.DigitrafficLogSubscriptions = DigitrafficLogSubscriptions;
+//# sourceMappingURL=subscription.js.map

package/dist/aws/infra/stack/subscription.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"subscription.js","sourceRoot":"","sources":["../../../../src/aws/infra/stack/subscription.ts"],"names":[],"mappings":";;;AAAA,mDAA6D;AAM7D;;;;;;;GAOG;AACH,SAAgB,kBAAkB,CAC9B,MAAmB,EACnB,UAAkB,EAClB,iBAAqC,EACrC,KAAgB;IAEhB,IAAI,iBAAiB,IAAI,SAAS,EAAE;QAChC,OAAO,SAAS,CAAC;KACpB;IACD,MAAM,MAAM,GAAG,IAAI,gCAAqB,CACpC,KAAK,EACL,GAAG,UAAU,kBAAkB,EAC/B;QACI,YAAY,EAAE,eAAe,UAAU,EAAE;QACzC,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,iBAAiB;KACpC,CACJ,CAAC;IAEF,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;IAElC,OAAO,MAAM,CAAC;AAClB,CAAC;AAtBD,gDAsBC;AAED,MAAa,2BAA2B;IACpC,YAAY,KAAuB,EAAE,GAAG,OAA4B;QAChE,MAAM,cAAc,GAAG,KAAK,CAAC,aAAa,CAAC,kBAAkB,CAAC;QAC9D,IAAI,cAAc,KAAK,SAAS,EAAE;YAC9B,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;gBACvB,MAAM,MAAM,GAAG,IAAI,gCAAqB,CACpC,KAAK,EACL,GAAG,MAAM,CAAC,SAAS,kBAAkB,EACrC;oBACI,YAAY,EAAE,eAAe,MAAM,CAAC,SAAS,EAAE;oBAC/C,aAAa,EAAE,EAAE;oBACjB,cAAc;iBACjB,CACJ,CAAC;gBAEF,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YACtC,CAAC,CAAC,CAAC;SACN;IACL,CAAC;CACJ;AAnBD,kEAmBC"}

package/dist/aws/infra/usage-plans.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createDefaultUsagePlan = exports.createUsagePlan = void 0;
+/**
+ * Creates an usage plan for a REST API with a single API key
+ * @param api The REST API
+ * @param apiKeyId Id for the API key, this is a surrogate id for CDK, not displayed anywhere
+ * @param apiKeyName Name for the API key, this is displayed in the AWS Console
+ * @deprecated Creates randomized API key names, use createDefaultUsagePlan instead
+ */
+function createUsagePlan(api, apiKeyId, apiKeyName) {
+    const apiKey = api.addApiKey(apiKeyId);
+    const plan = api.addUsagePlan(apiKeyName, {
+        name: apiKeyName,
+    });
+    plan.addApiStage({
+        stage: api.deploymentStage,
+    });
+    plan.addApiKey(apiKey);
+    return apiKey;
+}
+exports.createUsagePlan = createUsagePlan;
+/**
+ * Creates a default usage plan for a REST API with a single API key
+ * @param api The REST API
+ * @param apiName Name of the api. Will generate key: apiName + ' API Key' and plan: apiName + ' API Usage Plan'
+ */
+function createDefaultUsagePlan(api, apiName) {
+    const apiKeyName = apiName + ' API Key';
+    const usagePlanName = apiName + ' API Usage Plan';
+    const apiKey = api.addApiKey(apiKeyName, { apiKeyName: apiKeyName });
+    const plan = api.addUsagePlan(usagePlanName, {
+        name: usagePlanName,
+    });
+    plan.addApiStage({
+        stage: api.deploymentStage,
+    });
+    plan.addApiKey(apiKey);
+    return apiKey;
+}
+exports.createDefaultUsagePlan = createDefaultUsagePlan;
+//# sourceMappingURL=usage-plans.js.map

package/dist/aws/infra/usage-plans.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"usage-plans.js","sourceRoot":"","sources":["../../../src/aws/infra/usage-plans.ts"],"names":[],"mappings":";;;AAEA;;;;;;GAMG;AACH,SAAgB,eAAe,CAAC,GAAY,EAAE,QAAgB,EAAE,UAAkB;IAC9E,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,UAAU,EAAE;QACtC,IAAI,EAAE,UAAU;KACnB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,CAAC;QACb,KAAK,EAAE,GAAG,CAAC,eAAe;KAC7B,CAAC,CAAC;IACH,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEvB,OAAO,MAAM,CAAC;AAClB,CAAC;AAXD,0CAWC;AAED;;;;GAIG;AACH,SAAgB,sBAAsB,CAAC,GAAY,EAAE,OAAe;IAChE,MAAM,UAAU,GAAG,OAAO,GAAG,UAAU,CAAC;IACxC,MAAM,aAAa,GAAG,OAAO,GAAG,iBAAiB,CAAC;IAClD,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;IACrE,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,aAAa,EAAE;QACzC,IAAI,EAAE,aAAa;KACtB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,CAAC;QACb,KAAK,EAAE,GAAG,CAAC,eAAe;KAC7B,CAAC,CAAC;IACH,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEvB,OAAO,MAAM,CAAC;AAClB,CAAC;AAbD,wDAaC"}

package/dist/aws/runtime/apikey.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getApiKeyFromAPIGateway = void 0;
+const aws_sdk_1 = require("aws-sdk");
+function getApiKeyFromAPIGateway(keyId) {
+    const agw = new aws_sdk_1.APIGateway();
+    return agw.getApiKey({
+        apiKey: keyId,
+        includeValue: true,
+    }).promise();
+}
+exports.getApiKeyFromAPIGateway = getApiKeyFromAPIGateway;
+//# sourceMappingURL=apikey.js.map

package/dist/aws/runtime/apikey.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"apikey.js","sourceRoot":"","sources":["../../../src/aws/runtime/apikey.ts"],"names":[],"mappings":";;;AAAA,qCAAmC;AAEnC,SAAgB,uBAAuB,CAAC,KAAa;IACjD,MAAM,GAAG,GAAG,IAAI,oBAAU,EAAE,CAAC;IAC7B,OAAO,GAAG,CAAC,SAAS,CAAC;QACjB,MAAM,EAAE,KAAK;QACb,YAAY,EAAE,IAAI;KACrB,CAAC,CAAC,OAAO,EAAE,CAAC;AACjB,CAAC;AAND,0DAMC"}

package/dist/aws/runtime/digitraffic-integration-response.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DigitrafficIntegrationResponse = void 0;
+const mediatypes_1 = require("../types/mediatypes");
+const response_1 = require("../infra/api/response");
+class DigitrafficIntegrationResponse {
+    static ok(mediaType) {
+        return this.create("200", mediaType);
+    }
+    static badRequest(mediaType) {
+        return this.create("400", mediaType ?? mediatypes_1.MediaType.TEXT_PLAIN);
+    }
+    static notImplemented(mediaType) {
+        return this.create("501", mediaType ?? mediatypes_1.MediaType.TEXT_PLAIN);
+    }
+    static create(statusCode, mediaType) {
+        return {
+            statusCode,
+            responseTemplates: {
+                [mediaType]: response_1.RESPONSE_DEFAULT_LAMBDA,
+            },
+        };
+    }
+}
+exports.DigitrafficIntegrationResponse = DigitrafficIntegrationResponse;
+//# sourceMappingURL=digitraffic-integration-response.js.map