@digitraffic/common 2022.11.1-1 → 2022.11.10-1

package/dist/aws/infra/stacks/db-stack.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"db-stack.js","sourceRoot":"","sources":["../../../../src/aws/infra/stacks/db-stack.ts"],"names":[],"mappings":";;;AAAA,6CAA6D;AAE7D,iDAAgE;AAChE,iDAS6B;AAC7B,uEAAwD;AACxD,gDAAwD;AAiBxD;;;;;;;GAOG;AAEH,MAAa,OAAQ,SAAQ,mBAAK;IAS9B,YACI,KAAgB,EAChB,EAAU,EACV,GAA4B,EAC5B,aAA8B;QAE9B,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE;YACb,GAAG,EAAE,GAAG,CAAC,GAAG;SACf,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QAE7D,IAAA,yBAAW,EACP,IAAI,EACJ,GAAG,CAAC,eAAe,EACnB,OAAO,CAAC,8BAA8B,EACtC,OAAO,CAAC,iBAAiB,CAC5B,CAAC;QACF,IAAA,yBAAW,EACP,IAAI,EACJ,GAAG,CAAC,eAAe,EACnB,OAAO,CAAC,kCAAkC,EAC1C,OAAO,CAAC,eAAe,CAAC,QAAQ,CACnC,CAAC;QACF,IAAA,yBAAW,EACP,IAAI,EACJ,GAAG,CAAC,eAAe,EACnB,OAAO,CAAC,iCAAiC,EACzC,OAAO,CAAC,mBAAmB,CAAC,QAAQ,CACvC,CAAC;IACN,CAAC;IAED,mBAAmB,CACf,GAA4B,EAC5B,aAA8B;QAE9B,MAAM,YAAY,GAAG,GAAG,CAAC,eAAe,GAAG,KAAK,CAAC;QACjD,MAAM,MAAM,GAAG,2BAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,WAAW,EAAE;YAC1D,iBAAiB,EAAE,aAAa,CAAC,SAAS;SAC7C,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,uBAAa,CAAC,mBAAmB,CACnD,IAAI,EACJ,eAAe,EACf,aAAa,CAAC,eAAe,CAChC,CAAC;QACF,MAAM,GAAG,GAAG,IAAA,uBAAS,EAAC,IAAI,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC;QAEjD,MAAM,cAAc,GAAG,aAAa,CAAC,oBAAoB;YACrD,CAAC,CAAC,IAAI,wBAAc,CACd,IAAI,EACJ,mBAAmB,aAAa,CAAC,SAAS,CAAC,0BAA0B,EAAE,EACvE;gBACI,MAAM,EAAE,+BAAqB,CAAC,cAAc,CAAC;oBACzC,OAAO,EAAE,aAAa,CAAC,SAAS;iBACnC,CAAC;gBACF,UAAU,EAAE;oBACR,0BAA0B,EAAE,KAAK;oBACjC,gBAAgB,EAAE,GAAG;iBACxB;aACJ,CACJ;YACH,CAAC,CAAC,wBAAc,CAAC,sBAAsB,CACjC,IAAI,EACJ,gBAAgB,EAChB,4BAA4B,aAAa,CAAC,SAAS,CAAC,0BAA0B,EAAE,CACnF,CAAC;QAER,MAAM,OAAO,GAAG,IAAI,qCAA2B,CAAC,IAAI,EAAE,YAAY,EAAE;YAChE,kBAAkB,EAAE,aAAa,CAAC,kBAAkB;YACpD,MAAM,EAAE,+BAAqB,CAAC,cAAc,CAAC;gBACzC,OAAO,EAAE,aAAa,CAAC,SAAS;aACnC,CAAC;YACF,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,uBAAuB,EAAE,iCAAuB,CAAC,OAAO;YACxD,sBAAsB,EAAE,YAAY,GAAG,GAAG;YAC1C,qBAAqB,EAAE,CAAC,YAAY,CAAC;YACrC,MAAM,EAAE;gBACJ,SAAS,EAAE,sBAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5B,eAAe,EAAE,aAAa;aACjC;YACD,0BAA0B,EAAE,qBAAqB;YACjD,kBAAkB,EAAE,IAAI;YACxB,aAAa,EAAE,2BAAa,CAAC,MAAM;YACnC,IAAI,EAAE,OAAO,CAAC,YAAY;YAC1B,aAAa,EAAE;gBACX,uBAAuB,EAAE,IAAI;gBAC7B,wBAAwB,EAAE,KAAK;gBAC/B,yBAAyB,EAAE,IAAI;gBAC/B,GAAG;gBACH,cAAc,EAAE,CAAC,aAAa,CAAC;gBAC/B,UAAU,EAAE;oBACR,UAAU,EAAE,oBAAU,CAAC,gBAAgB;iBAC1C;gBACD,YAAY,EAAE,aAAa,CAAC,cAAc;gBAC1C,cAAc;aACjB;YACD,WAAW,EAAE,qBAAW,CAAC,UAAU,CAAC,MAAM,CAAC;YAC3C,cAAc;SACjB,CAAC,CAAC;QAEH,kEAAkE;QAClE,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAC7C,CAAC,KAAK,EAA0B,EAAE,CAAC,KAAK,YAAY,uBAAa,CACpE,CAAC;QACF,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE;YAC3B,MAAM,IAAI,KAAK,CACX,sDAAsD,CACzD,CAAC;SACL;QACD,YAAY,CAAC,OAAO,CAChB,CAAC,WAAW,EAAE,EAAE,CAAC,OAAO,WAAW,CAAC,aAAa,CACpD,CAAC;QAEF,OAAO,OAAO,CAAC;IACnB,CAAC;;AA3HL,0BA4HC;AA3HiB,sCAA8B,GAAG,YAAY,CAAC;AAC9C,yCAAiC,GAC3C,4BAA4B,CAAC;AACnB,0CAAkC,GAC5C,4BAA4B,CAAC;AAEnB,oBAAY,GAAG,IAAI,CAAC"}

package/dist/aws/infra/stacks/intra-stack-configuration.d.ts

@@ -0,0 +1,5 @@
+import { Environment } from "aws-cdk-lib";
+export interface InfraStackConfiguration {
+    readonly env: Environment;
+    readonly environmentName: string;
+}

package/dist/aws/infra/stacks/intra-stack-configuration.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=intra-stack-configuration.js.map

package/dist/aws/infra/stacks/intra-stack-configuration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"intra-stack-configuration.js","sourceRoot":"","sources":["../../../../src/aws/infra/stacks/intra-stack-configuration.ts"],"names":[],"mappings":""}

package/dist/aws/infra/stacks/network-stack.d.ts

@@ -0,0 +1,12 @@
+import { Stack } from "aws-cdk-lib";
+import { Construct } from "constructs";
+import { Vpc } from "aws-cdk-lib/aws-ec2";
+import { InfraStackConfiguration } from "./intra-stack-configuration";
+export interface NetworkConfiguration {
+    readonly vpcName: string;
+    readonly cidr: string;
+}
+export declare class NetworkStack extends Stack {
+    constructor(scope: Construct, id: string, isc: InfraStackConfiguration, configuration: NetworkConfiguration);
+    createVpc(configuration: NetworkConfiguration): Vpc;
+}

package/dist/aws/infra/stacks/network-stack.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NetworkStack = void 0;
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_ec2_1 = require("aws-cdk-lib/aws-ec2");
+class NetworkStack extends aws_cdk_lib_1.Stack {
+    constructor(scope, id, isc, configuration) {
+        super(scope, id, {
+            env: isc.env,
+        });
+        this.createVpc(configuration);
+    }
+    createVpc(configuration) {
+        return new aws_ec2_1.Vpc(this, "DigitrafficVPC", {
+            vpcName: configuration.vpcName,
+            availabilityZones: ["eu-west-1a", "eu-west-1b"],
+            enableDnsHostnames: true,
+            enableDnsSupport: true,
+            cidr: configuration.cidr,
+            subnetConfiguration: [
+                {
+                    name: "public",
+                    cidrMask: 24,
+                    subnetType: aws_ec2_1.SubnetType.PUBLIC,
+                },
+                {
+                    name: "private",
+                    cidrMask: 24,
+                    subnetType: aws_ec2_1.SubnetType.PRIVATE_WITH_NAT,
+                },
+            ],
+        });
+    }
+}
+exports.NetworkStack = NetworkStack;
+//# sourceMappingURL=network-stack.js.map

package/dist/aws/infra/stacks/network-stack.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"network-stack.js","sourceRoot":"","sources":["../../../../src/aws/infra/stacks/network-stack.ts"],"names":[],"mappings":";;;AAAA,6CAAoC;AAEpC,iDAAsD;AAQtD,MAAa,YAAa,SAAQ,mBAAK;IACnC,YACI,KAAgB,EAChB,EAAU,EACV,GAA4B,EAC5B,aAAmC;QAEnC,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE;YACb,GAAG,EAAE,GAAG,CAAC,GAAG;SACf,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IAClC,CAAC;IAED,SAAS,CAAC,aAAmC;QACzC,OAAO,IAAI,aAAG,CAAC,IAAI,EAAE,gBAAgB,EAAE;YACnC,OAAO,EAAE,aAAa,CAAC,OAAO;YAC9B,iBAAiB,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;YAC/C,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;YACtB,IAAI,EAAE,aAAa,CAAC,IAAI;YACxB,mBAAmB,EAAE;gBACjB;oBACI,IAAI,EAAE,QAAQ;oBACd,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,oBAAU,CAAC,MAAM;iBAChC;gBACD;oBACI,IAAI,EAAE,SAAS;oBACf,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,oBAAU,CAAC,gBAAgB;iBAC1C;aACJ;SACJ,CAAC,CAAC;IACP,CAAC;CACJ;AAnCD,oCAmCC"}

package/dist/aws/infra/usage-plans.d.ts

@@ -1,4 +1,4 @@
-import { IApiKey, RestApi } from 'aws-cdk-lib/aws-apigateway';
+import { IApiKey, RestApi } from "aws-cdk-lib/aws-apigateway";
 /**
  * Creates an usage plan for a REST API with a single API key
  * @param api The REST API
@@ -11,5 +11,6 @@ export declare function createUsagePlan(api: RestApi, apiKeyId: string, apiKeyNa
  * Creates a default usage plan for a REST API with a single API key
  * @param api The REST API
  * @param apiName Name of the api. Will generate key: apiName + ' API Key' and plan: apiName + ' API Usage Plan'
+ * @param value Optional value for the API key
  */
-export declare function createDefaultUsagePlan(api: RestApi, apiName: string): IApiKey;
+export declare function createDefaultUsagePlan(api: RestApi, apiName: string, value?: string): IApiKey;

package/dist/aws/infra/usage-plans.js

@@ -24,11 +24,12 @@ exports.createUsagePlan = createUsagePlan;
  * Creates a default usage plan for a REST API with a single API key
  * @param api The REST API
  * @param apiName Name of the api. Will generate key: apiName + ' API Key' and plan: apiName + ' API Usage Plan'
+ * @param value Optional value for the API key
  */
-function createDefaultUsagePlan(api, apiName) {
-    const apiKeyName = apiName + ' API Key';
-    const usagePlanName = apiName + ' API Usage Plan';
-    const apiKey = api.addApiKey(apiKeyName, { apiKeyName: apiKeyName });
+function createDefaultUsagePlan(api, apiName, value) {
+    const apiKeyName = apiName + " API Key";
+    const usagePlanName = apiName + " API Usage Plan";
+    const apiKey = api.addApiKey(apiKeyName, { apiKeyName: apiKeyName, value });
     const plan = api.addUsagePlan(usagePlanName, {
         name: usagePlanName,
     });

package/dist/aws/infra/usage-plans.js.map

@@ -1 +1 @@
-{"version":3,"file":"usage-plans.js","sourceRoot":"","sources":["../../../src/aws/infra/usage-plans.ts"],"names":[],"mappings":";;;AAEA;;;;;;GAMG;AACH,SAAgB,eAAe,CAAC,GAAY,EAAE,QAAgB,EAAE,UAAkB;IAC9E,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,UAAU,EAAE;QACtC,IAAI,EAAE,UAAU;KACnB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,CAAC;QACb,KAAK,EAAE,GAAG,CAAC,eAAe;KAC7B,CAAC,CAAC;IACH,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEvB,OAAO,MAAM,CAAC;AAClB,CAAC;AAXD,0CAWC;AAED;;;;GAIG;AACH,SAAgB,sBAAsB,CAAC,GAAY,EAAE,OAAe;IAChE,MAAM,UAAU,GAAG,OAAO,GAAG,UAAU,CAAC;IACxC,MAAM,aAAa,GAAG,OAAO,GAAG,iBAAiB,CAAC;IAClD,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;IACrE,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,aAAa,EAAE;QACzC,IAAI,EAAE,aAAa;KACtB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,CAAC;QACb,KAAK,EAAE,GAAG,CAAC,eAAe;KAC7B,CAAC,CAAC;IACH,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEvB,OAAO,MAAM,CAAC;AAClB,CAAC;AAbD,wDAaC"}
+{"version":3,"file":"usage-plans.js","sourceRoot":"","sources":["../../../src/aws/infra/usage-plans.ts"],"names":[],"mappings":";;;AAEA;;;;;;GAMG;AACH,SAAgB,eAAe,CAC3B,GAAY,EACZ,QAAgB,EAChB,UAAkB;IAElB,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,UAAU,EAAE;QACtC,IAAI,EAAE,UAAU;KACnB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,CAAC;QACb,KAAK,EAAE,GAAG,CAAC,eAAe;KAC7B,CAAC,CAAC;IACH,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEvB,OAAO,MAAM,CAAC;AAClB,CAAC;AAfD,0CAeC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAClC,GAAY,EACZ,OAAe,EACf,KAAc;IAEd,MAAM,UAAU,GAAG,OAAO,GAAG,UAAU,CAAC;IACxC,MAAM,aAAa,GAAG,OAAO,GAAG,iBAAiB,CAAC;IAClD,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5E,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,aAAa,EAAE;QACzC,IAAI,EAAE,aAAa;KACtB,CAAC,CAAC;IACH,IAAI,CAAC,WAAW,CAAC;QACb,KAAK,EAAE,GAAG,CAAC,eAAe;KAC7B,CAAC,CAAC;IACH,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEvB,OAAO,MAAM,CAAC;AAClB,CAAC;AAjBD,wDAiBC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@digitraffic/common",
-  "version": "2022.11.1-1",
+  "version": "2022.11.10-1",
   "description": "",
   "repository": {
     "type": "git",
@@ -26,9 +26,9 @@
     "src/**/*.ts"
   ],
   "dependencies": {
-    "@aws-cdk/aws-synthetics-alpha": "2.47.0-alpha.0",
+    "@aws-cdk/aws-synthetics-alpha": "2.50.0-alpha.0",
     "@types/geojson": "^7946.0.10",
-    "aws-cdk-lib": "2.47.0",
+    "aws-cdk-lib": "2.50.0",
     "aws-sdk": "2.1241.0",
     "axios": "^0.21.1",
     "change-case": "4.1.2",

package/src/aws/infra/canaries/canary.ts

@@ -21,7 +21,7 @@ export class DigitrafficCanary extends Canary {
         environmentVariables: LambdaEnvironment
     ) {
         super(scope, canaryName, {
-            runtime: Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_6,
+            runtime: Runtime.SYNTHETICS_NODEJS_PUPPETEER_3_8,
             role,
             test: Test.custom({
                 code: new AssetCode("dist", {

package/src/aws/infra/canaries/database-checker.ts

@@ -20,11 +20,7 @@ abstract class DatabaseCheck<T> {
     abstract check(value: T): void;
 }
 
-// For backwards compatibility disable following rule for BaseResponse.
-// eslint-disable-next-line @typescript-eslint/no-empty-interface
-interface BaseResponse {}
-
-interface CountResponse extends BaseResponse {
+interface CountResponse {
     count: number;
 }
 
@@ -40,8 +36,12 @@ class CountDatabaseCheck extends DatabaseCheck<CountResponse> {
     ) {
         super(name, sql);
 
+        if (!sql.toLowerCase().includes("select count(*)")) {
+            throw new Error("sql must contain select count(*)");
+        }
+
         if (minCount == null && maxCount == null) {
-            throw new Error("no max or min given!");
+            throw new Error("no max or min given");
         }
 
         this.minCount = minCount;
@@ -49,30 +49,23 @@ class CountDatabaseCheck extends DatabaseCheck<CountResponse> {
     }
 
     check(value: CountResponse) {
-        if (!value) {
-            this.failed = true;
-            throw new Error("no return value");
-        } else {
-            if ("count" in value) {
-                if (this.minCount && value.count < this.minCount) {
-                    this.failed = true;
-                    throw new Error(
-                        `count was ${value.count}, minimum is ${this.minCount}`
-                    );
-                }
-                if (this.maxCount && value.count > this.maxCount) {
-                    this.failed = true;
-                    throw new Error(
-                        `count was ${value.count}, max is ${this.maxCount}`
-                    );
-                }
-            } else {
+        if ("count" in value) {
+            if (this.minCount && value.count < this.minCount) {
                 this.failed = true;
-
-                console.info("received " + JSON.stringify(value));
-
-                throw new Error("no count available");
+                throw new Error(
+                    `count was ${value.count}, minimum is ${this.minCount}`
+                );
+            }
+            if (this.maxCount && value.count > this.maxCount) {
+                this.failed = true;
+                throw new Error(
+                    `count was ${value.count}, max is ${this.maxCount}`
+                );
             }
+        } else {
+            this.failed = true;
+
+            throw new Error("no count available");
         }
     }
 }
@@ -84,9 +77,13 @@ const stepConfig = {
     screenshotOnStepFailure: false,
 };
 
-export class DatabaseChecker {
+/**
+ * Checker for sql that checks the count.  Meaning that the
+ * sql must be structured as select(*) from table where something.
+ */
+export class DatabaseCountChecker {
     credentialsFunction: () => Promise<void>;
-    checks: DatabaseCheck<BaseResponse>[];
+    checks: DatabaseCheck<CountResponse>[];
 
     private constructor(credentialsFunction: () => Promise<void>) {
         this.credentialsFunction = credentialsFunction;
@@ -98,30 +95,39 @@ export class DatabaseChecker {
     }
 
     static createForProxy() {
-        return new DatabaseChecker(() =>
+        return new DatabaseCountChecker(() =>
             new ProxyHolder(getEnvVariable("SECRET_ID")).setCredentials()
         );
     }
 
     static createForRds() {
-        return new DatabaseChecker(() =>
+        return new DatabaseCountChecker(() =>
             new RdsHolder(getEnvVariable("SECRET_ID")).setCredentials()
         );
     }
 
-    one(name: string, sql: string) {
+    /**
+     * Expect that the count is 1
+     */
+    expectOne(name: string, sql: string) {
         this.checks.push(new CountDatabaseCheck(name, sql, 1, 1));
 
         return this;
     }
 
-    empty(name: string, sql: string) {
+    /**
+     * Expect that the count is 0
+     */
+    expectZero(name: string, sql: string) {
         this.checks.push(new CountDatabaseCheck(name, sql, null, 0));
 
         return this;
     }
 
-    notEmpty(name: string, sql: string) {
+    /**
+     * Expect that the count is 1 or more
+     */
+    expectOneOrMore(name: string, sql: string) {
         this.checks.push(new CountDatabaseCheck(name, sql, 1, null));
 
         return this;
@@ -137,7 +143,7 @@ export class DatabaseChecker {
             for (const check of this.checks) {
                 console.info("canary checking sql " + check.sql);
 
-                const value = await db.oneOrNone(check.sql);
+                const value = await db.one<CountResponse>(check.sql);
                 const checkFunction = () => {
                     check.check(value);
                 };

package/src/aws/infra/canaries/url-checker.ts

@@ -152,7 +152,7 @@ export class UrlChecker {
             requestOptions,
             validateStatusCodeAndContentType(
                 403,
-                mediaType || MediaType.APPLICATION_JSON
+                mediaType ?? MediaType.APPLICATION_JSON
             )
         );
     }

package/src/aws/infra/import-util.ts

@@ -0,0 +1,57 @@
+import { IVpc, Vpc } from "aws-cdk-lib/aws-ec2";
+import { CfnOutput, Fn, Stack } from "aws-cdk-lib";
+import { Construct } from "constructs";
+
+export class OldStackImports {
+    public static AURORAINSTANCE_SG_IMPORT_NAME = "AuroraInstanceSG";
+    public static RDSPROXY_SG_IMPORT_NAME = "RDSProxySG";
+}
+
+/**
+ * Import VPC from other stack outputs
+ */
+export function importVpc(scope: Construct, environmentName: string): IVpc {
+    const vpcId = importValue(environmentName, "VPCID");
+    const privateSubnetIds = [
+        importValue(environmentName, "digitrafficprivateASubnet"),
+        importValue(environmentName, "digitrafficprivateBSubnet"),
+    ];
+    const availabilityZones = ["euw1-az1", "euw1-az2"];
+
+    // VPC reference construction requires vpcId and availability zones
+    // private subnets are used in Lambda configuration
+    return Vpc.fromVpcAttributes(scope, "vpc", {
+        vpcId,
+        privateSubnetIds,
+        availabilityZones,
+    });
+}
+
+/**
+ * Import value from other stack output.  Stack outputs are named with
+ * digitraffic-${environmentName}-${name} pattern and this function takes care of it
+ */
+export function importValue(environmentName: string, name: string): string {
+    return Fn.importValue(outputName(environmentName, name));
+}
+
+/**
+ * Export value as stack output.  Use same naming pattern as importValue.
+ */
+export function exportValue(
+    stack: Stack,
+    environmentName: string,
+    name: string,
+    value: string
+) {
+    const exportName = outputName(environmentName, name);
+
+    new CfnOutput(stack, exportName, {
+        exportName,
+        value,
+    });
+}
+
+export function outputName(environmentName: string, name: string): string {
+    return `digitraffic-${environmentName}-${name}`;
+}

package/src/aws/infra/stack/rest_apis.ts

@@ -78,8 +78,8 @@ export class DigitrafficRestApi extends RestApi {
         return newKeyId;
     }
 
-    createUsagePlanV2(apiName: string): string {
-        const newKeyId = createDefaultUsagePlan(this, apiName).keyId;
+    createUsagePlanV2(apiName: string, apiKey?: string): string {
+        const newKeyId = createDefaultUsagePlan(this, apiName, apiKey).keyId;
 
         this.apiKeyIds.push(newKeyId);
 

package/src/aws/infra/stacks/db-dns-stack.ts

@@ -0,0 +1,88 @@
+import { Duration, RemovalPolicy, Stack } from "aws-cdk-lib";
+import { Construct } from "constructs";
+import {
+    PrivateHostedZone,
+    RecordSet,
+    RecordTarget,
+    RecordType,
+} from "aws-cdk-lib/aws-route53";
+import { InfraStackConfiguration } from "./intra-stack-configuration";
+import { importValue, importVpc } from "../import-util";
+import { DbStack } from "./db-stack";
+import { DbProxyStack } from "./db-proxy-stack";
+
+const DEFAULT_RECORD_TTL = Duration.seconds(30);
+
+/**
+ * Creates a dns local zone and creates records for cluster endpoints and proxy endpoints.
+ *
+ */
+export class DbDnsStack extends Stack {
+    constructor(scope: Construct, id: string, isc: InfraStackConfiguration) {
+        super(scope, id, {
+            env: isc.env,
+        });
+
+        this.createDnsRecords(isc);
+    }
+
+    createDnsRecords(isc: InfraStackConfiguration) {
+        const vpc = importVpc(this, isc.environmentName);
+        const zone = new PrivateHostedZone(this, "DNSHostedZone", {
+            zoneName: isc.environmentName + ".local",
+            vpc,
+        });
+
+        zone.applyRemovalPolicy(RemovalPolicy.RETAIN);
+
+        const clusterReaderEndpoint = importValue(
+            isc.environmentName,
+            DbStack.CLUSTER_READ_ENDPOINT_EXPORT_NAME
+        );
+        const clusterWriterEndpoint = importValue(
+            isc.environmentName,
+            DbStack.CLUSTER_WRITE_ENDPOINT_EXPORT_NAME
+        );
+
+        const proxyReaderEndpoint = importValue(
+            isc.environmentName,
+            DbProxyStack.PROXY_READER_EXPORT_NAME
+        );
+        const proxyWriterEndpoint = importValue(
+            isc.environmentName,
+            DbProxyStack.PROXY_WRITER_EXPORT_NAME
+        );
+
+        new RecordSet(this, "ReaderRecord", {
+            recordType: RecordType.CNAME,
+            recordName: `db-ro.${isc.environmentName}.local`,
+            target: RecordTarget.fromValues(clusterReaderEndpoint),
+            ttl: DEFAULT_RECORD_TTL,
+            zone,
+        });
+
+        new RecordSet(this, "WriterRecord", {
+            recordType: RecordType.CNAME,
+            recordName: `db.${isc.environmentName}.local`,
+            target: RecordTarget.fromValues(clusterWriterEndpoint),
+            ttl: DEFAULT_RECORD_TTL,
+            zone,
+        });
+
+        new RecordSet(this, "ProxyReaderRecord", {
+            recordType: RecordType.CNAME,
+            recordName: `proxy-ro.${isc.environmentName}.local`,
+            target: RecordTarget.fromValues(proxyReaderEndpoint),
+            ttl: DEFAULT_RECORD_TTL,
+            zone,
+        });
+
+        new RecordSet(this, "ProxyWriterRecord", {
+            recordType: RecordType.CNAME,
+            recordName: `proxy.${isc.environmentName}.local`,
+            target: RecordTarget.fromValues(proxyWriterEndpoint),
+            ttl: DEFAULT_RECORD_TTL,
+            zone,
+        });
+    }
+}

package/src/aws/infra/stacks/db-proxy-stack.ts

@@ -0,0 +1,129 @@
+import { Duration, Stack } from "aws-cdk-lib";
+import { Construct } from "constructs";
+import {
+    CfnDBProxyEndpoint,
+    DatabaseCluster,
+    DatabaseClusterEngine,
+    DatabaseProxy,
+    ProxyTarget,
+} from "aws-cdk-lib/aws-rds";
+import { ISecret, Secret } from "aws-cdk-lib/aws-secretsmanager";
+import { IVpc, SecurityGroup } from "aws-cdk-lib/aws-ec2";
+import { InfraStackConfiguration } from "./intra-stack-configuration";
+import { DbConfiguration, DbStack } from "./db-stack";
+import { exportValue, importValue, importVpc } from "../import-util";
+
+/**
+ * A stack that creates a Database proxy.
+ */
+export class DbProxyStack extends Stack {
+    public static PROXY_READER_EXPORT_NAME = "db-reader-endpoint";
+    public static PROXY_WRITER_EXPORT_NAME = "db-writer-endpoint";
+
+    readonly isc: InfraStackConfiguration;
+
+    constructor(
+        scope: Construct,
+        id: string,
+        isc: InfraStackConfiguration,
+        configuration: DbConfiguration
+    ) {
+        super(scope, id, {
+            env: isc.env,
+        });
+
+        this.isc = isc;
+
+        const vpc = importVpc(this, isc.environmentName);
+        const secret = Secret.fromSecretAttributes(this, "proxy-secret", {
+            secretCompleteArn: configuration.secretArn,
+        });
+        const proxy = this.createProxy(vpc, secret, configuration);
+        const readerEndpoint = this.createProxyEndpoints(
+            vpc,
+            proxy,
+            configuration.securityGroupId
+        );
+        this.setOutputs(configuration, proxy, readerEndpoint);
+    }
+
+    createProxy(vpc: IVpc, secret: ISecret, configuration: DbConfiguration) {
+        const proxyId = `${this.isc.environmentName}-proxy`;
+        const securityGroup = SecurityGroup.fromSecurityGroupId(
+            this,
+            "securitygroup",
+            configuration.securityGroupId
+        );
+
+        const cluster = DatabaseCluster.fromDatabaseClusterAttributes(
+            this,
+            "db-cluster",
+            {
+                clusterIdentifier: importValue(
+                    this.isc.environmentName,
+                    DbStack.CLUSTER_IDENTIFIER_EXPORT_NAME
+                ),
+                engine: DatabaseClusterEngine.AURORA_POSTGRESQL,
+                port: DbStack.CLUSTER_PORT,
+            }
+        );
+
+        // CDK tries to allow connections between proxy and cluster
+        // this does not work on cluster references
+        cluster.connections.allowDefaultPortFrom = () => {
+            /* nothing */
+        };
+
+        return new DatabaseProxy(this, proxyId, {
+            dbProxyName: configuration.dbProxyName ?? "AuroraProxy",
+            securityGroups: [securityGroup],
+            proxyTarget: ProxyTarget.fromCluster(cluster),
+            idleClientTimeout: Duration.seconds(1800),
+            maxConnectionsPercent: 50,
+            maxIdleConnectionsPercent: 25,
+            borrowTimeout: Duration.seconds(120),
+            requireTLS: false,
+            secrets: [secret],
+            vpc: vpc,
+        });
+    }
+
+    createProxyEndpoints(
+        vpc: IVpc,
+        proxy: DatabaseProxy,
+        securityGroupId: string
+    ) {
+        return new CfnDBProxyEndpoint(this, "ReaderEndpoint", {
+            dbProxyEndpointName: "ReaderEndpoint",
+            dbProxyName: proxy.dbProxyName,
+            vpcSubnetIds: vpc.privateSubnets.map((sub) => sub.subnetId),
+            vpcSecurityGroupIds: [securityGroupId],
+            targetRole: "READ_ONLY",
+        });
+    }
+
+    setOutputs(
+        configuration: DbConfiguration,
+        proxy: DatabaseProxy,
+        proxyEndpoint: CfnDBProxyEndpoint
+    ) {
+        const readerEndpoint =
+            configuration.instances > 1
+                ? proxyEndpoint.attrEndpoint
+                : proxy.endpoint;
+
+        // if only one instance, then there is no reader-endpoint
+        exportValue(
+            this,
+            this.isc.environmentName,
+            DbProxyStack.PROXY_READER_EXPORT_NAME,
+            readerEndpoint
+        );
+        exportValue(
+            this,
+            this.isc.environmentName,
+            DbProxyStack.PROXY_WRITER_EXPORT_NAME,
+            proxy.endpoint
+        );
+    }
+}