@digitraffic/common 2024.1.10-1 → 2024.1.19-1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/aws/infra/api/handler-factory.d.ts +2 -2
- package/dist/aws/infra/api/handler-factory.js +4 -9
- package/dist/aws/infra/api/integration.d.ts +1 -1
- package/dist/aws/infra/api/integration.js +9 -13
- package/dist/aws/infra/api/response.d.ts +2 -3
- package/dist/aws/infra/api/response.js +25 -30
- package/dist/aws/infra/api/responses.d.ts +2 -3
- package/dist/aws/infra/api/responses.js +25 -31
- package/dist/aws/infra/api/static-integration.d.ts +1 -1
- package/dist/aws/infra/api/static-integration.js +7 -11
- package/dist/aws/infra/canaries/canary-alarm.d.ts +1 -1
- package/dist/aws/infra/canaries/canary-alarm.js +7 -11
- package/dist/aws/infra/canaries/canary-keys.js +3 -6
- package/dist/aws/infra/canaries/canary-parameters.js +1 -2
- package/dist/aws/infra/canaries/canary-role.js +8 -12
- package/dist/aws/infra/canaries/canary.d.ts +2 -2
- package/dist/aws/infra/canaries/canary.js +9 -13
- package/dist/aws/infra/canaries/database-canary.d.ts +3 -3
- package/dist/aws/infra/canaries/database-canary.js +8 -12
- package/dist/aws/infra/canaries/database-checker.d.ts +1 -1
- package/dist/aws/infra/canaries/database-checker.js +10 -14
- package/dist/aws/infra/canaries/url-canary.d.ts +4 -4
- package/dist/aws/infra/canaries/url-canary.js +8 -12
- package/dist/aws/infra/canaries/url-checker.d.ts +2 -2
- package/dist/aws/infra/canaries/url-checker.js +33 -40
- package/dist/aws/infra/documentation.js +8 -16
- package/dist/aws/infra/import-util.js +10 -18
- package/dist/aws/infra/scheduler.js +10 -14
- package/dist/aws/infra/security-rule.js +4 -8
- package/dist/aws/infra/sqs-integration.d.ts +1 -2
- package/dist/aws/infra/sqs-integration.js +11 -15
- package/dist/aws/infra/sqs-queue.d.ts +1 -1
- package/dist/aws/infra/sqs-queue.js +30 -35
- package/dist/aws/infra/stack/lambda-configs.d.ts +2 -2
- package/dist/aws/infra/stack/lambda-configs.js +14 -20
- package/dist/aws/infra/stack/monitoredfunction.d.ts +3 -3
- package/dist/aws/infra/stack/monitoredfunction.js +19 -27
- package/dist/aws/infra/stack/parameters.d.ts +1 -1
- package/dist/aws/infra/stack/parameters.js +5 -10
- package/dist/aws/infra/stack/rest_apis.d.ts +3 -3
- package/dist/aws/infra/stack/rest_apis.js +41 -54
- package/dist/aws/infra/stack/stack-checking-aspect.d.ts +1 -1
- package/dist/aws/infra/stack/stack-checking-aspect.js +24 -31
- package/dist/aws/infra/stack/stack.d.ts +3 -4
- package/dist/aws/infra/stack/stack.js +16 -20
- package/dist/aws/infra/stack/subscription.d.ts +2 -2
- package/dist/aws/infra/stack/subscription.js +5 -10
- package/dist/aws/infra/stacks/db-dns-stack.d.ts +2 -2
- package/dist/aws/infra/stacks/db-dns-stack.js +25 -29
- package/dist/aws/infra/stacks/db-proxy-stack.d.ts +2 -2
- package/dist/aws/infra/stacks/db-proxy-stack.js +23 -27
- package/dist/aws/infra/stacks/db-stack.d.ts +3 -4
- package/dist/aws/infra/stacks/db-stack.js +30 -34
- package/dist/aws/infra/stacks/intra-stack-configuration.js +1 -2
- package/dist/aws/infra/stacks/network-stack.d.ts +2 -2
- package/dist/aws/infra/stacks/network-stack.js +14 -18
- package/dist/aws/infra/usage-plans.js +2 -7
- package/dist/aws/runtime/apikey.js +3 -7
- package/dist/aws/runtime/digitraffic-integration-response.d.ts +1 -1
- package/dist/aws/runtime/digitraffic-integration-response.js +7 -11
- package/dist/aws/runtime/dt-logger-default.d.ts +2 -2
- package/dist/aws/runtime/dt-logger-default.js +2 -5
- package/dist/aws/runtime/dt-logger.d.ts +1 -1
- package/dist/aws/runtime/dt-logger.js +3 -10
- package/dist/aws/runtime/environment.js +3 -7
- package/dist/aws/runtime/messaging.js +1 -5
- package/dist/aws/runtime/s3.js +3 -7
- package/dist/aws/runtime/secrets/dbsecret.d.ts +1 -1
- package/dist/aws/runtime/secrets/dbsecret.js +5 -9
- package/dist/aws/runtime/secrets/proxy-holder.js +12 -16
- package/dist/aws/runtime/secrets/rds-holder.js +12 -16
- package/dist/aws/runtime/secrets/secret-holder.d.ts +1 -1
- package/dist/aws/runtime/secrets/secret-holder.js +9 -13
- package/dist/aws/runtime/secrets/secret.js +7 -11
- package/dist/aws/types/errors.js +5 -9
- package/dist/aws/types/lambda-response.js +3 -10
- package/dist/aws/types/mediatypes.js +2 -5
- package/dist/aws/types/model-with-reference.js +1 -2
- package/dist/aws/types/proxytypes.js +1 -2
- package/dist/aws/types/tags.js +2 -5
- package/dist/database/cached.d.ts +1 -1
- package/dist/database/cached.js +8 -14
- package/dist/database/database.js +14 -21
- package/dist/database/last-updated.d.ts +1 -1
- package/dist/database/last-updated.js +8 -17
- package/dist/database/models.js +1 -2
- package/dist/index.d.ts +1 -0
- package/dist/index.js +2 -0
- package/dist/marine/id_utils.js +3 -9
- package/dist/marine/rtz.js +1 -2
- package/dist/test/asserter.js +1 -5
- package/dist/test/db-testutils.d.ts +1 -1
- package/dist/test/db-testutils.js +8 -13
- package/dist/test/httpserver.js +10 -14
- package/dist/test/secrets-manager.js +9 -35
- package/dist/test/testutils.js +8 -19
- package/dist/types/async-timeout-error.js +1 -5
- package/dist/types/aws-env.js +1 -2
- package/dist/types/either.js +1 -2
- package/dist/types/http-error.js +1 -5
- package/dist/types/input-error.js +1 -5
- package/dist/types/language.js +2 -5
- package/dist/types/nullable.d.ts +1 -1
- package/dist/types/nullable.js +1 -2
- package/dist/types/traffictype.js +2 -5
- package/dist/types/urn.js +1 -2
- package/dist/types/util-types.js +1 -2
- package/dist/types/validator.js +4 -9
- package/dist/utils/api-model.d.ts +1 -1
- package/dist/utils/api-model.js +17 -27
- package/dist/utils/base64.d.ts +1 -1
- package/dist/utils/base64.js +2 -7
- package/dist/utils/date-utils.js +9 -16
- package/dist/utils/geojson-types.js +2 -7
- package/dist/utils/geometry.js +15 -48
- package/dist/utils/logging.d.ts +1 -1
- package/dist/utils/logging.js +8 -13
- package/dist/utils/retry.js +21 -26
- package/dist/utils/slack.js +7 -14
- package/dist/utils/utils.d.ts +2 -2
- package/dist/utils/utils.js +14 -29
- package/package.json +107 -18
- package/src/aws/infra/api/handler-factory.ts +3 -3
- package/src/aws/infra/api/integration.ts +2 -2
- package/src/aws/infra/api/response.ts +3 -3
- package/src/aws/infra/api/responses.ts +4 -4
- package/src/aws/infra/api/static-integration.ts +2 -2
- package/src/aws/infra/canaries/canary-alarm.ts +1 -1
- package/src/aws/infra/canaries/canary.ts +3 -3
- package/src/aws/infra/canaries/database-canary.ts +3 -3
- package/src/aws/infra/canaries/database-checker.ts +6 -6
- package/src/aws/infra/canaries/url-canary.ts +6 -6
- package/src/aws/infra/canaries/url-checker.ts +8 -8
- package/src/aws/infra/sqs-integration.ts +1 -1
- package/src/aws/infra/sqs-queue.ts +2 -2
- package/src/aws/infra/stack/lambda-configs.ts +2 -2
- package/src/aws/infra/stack/monitoredfunction.ts +4 -4
- package/src/aws/infra/stack/parameters.ts +1 -1
- package/src/aws/infra/stack/rest_apis.ts +6 -6
- package/src/aws/infra/stack/stack-checking-aspect.ts +1 -1
- package/src/aws/infra/stack/stack.ts +4 -5
- package/src/aws/infra/stack/subscription.ts +2 -2
- package/src/aws/infra/stacks/db-dns-stack.ts +4 -4
- package/src/aws/infra/stacks/db-proxy-stack.ts +5 -5
- package/src/aws/infra/stacks/db-stack.ts +5 -5
- package/src/aws/infra/stacks/network-stack.ts +3 -3
- package/src/aws/runtime/digitraffic-integration-response.ts +2 -2
- package/src/aws/runtime/dt-logger-default.ts +2 -2
- package/src/aws/runtime/secrets/dbsecret.ts +1 -1
- package/src/aws/runtime/secrets/proxy-holder.ts +4 -4
- package/src/aws/runtime/secrets/rds-holder.ts +4 -4
- package/src/aws/runtime/secrets/secret-holder.ts +4 -4
- package/src/aws/runtime/secrets/secret.ts +2 -2
- package/src/database/cached.ts +1 -1
- package/src/database/database.ts +3 -3
- package/src/database/last-updated.ts +1 -1
- package/src/index.ts +2 -0
- package/src/test/db-testutils.ts +2 -2
- package/src/test/secrets-manager.ts +2 -2
- package/src/types/nullable.ts +1 -1
- package/src/utils/api-model.ts +1 -1
- package/src/utils/geometry.ts +5 -3
- package/src/utils/logging.ts +2 -2
- package/src/utils/retry.ts +3 -3
- package/src/utils/slack.ts +2 -2
- package/src/utils/utils.ts +3 -3
|
@@ -1,20 +1,14 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
};
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
const stack_1 = require("./stack");
|
|
11
|
-
const aws_apigateway_1 = require("aws-cdk-lib/aws-apigateway");
|
|
12
|
-
const aws_sqs_1 = require("aws-cdk-lib/aws-sqs");
|
|
13
|
-
const aws_logs_1 = require("aws-cdk-lib/aws-logs");
|
|
14
|
-
const change_case_1 = require("change-case");
|
|
15
|
-
const lodash_1 = __importDefault(require("lodash"));
|
|
1
|
+
import { Annotations, Stack } from "aws-cdk-lib";
|
|
2
|
+
import { CfnFunction, Runtime } from "aws-cdk-lib/aws-lambda";
|
|
3
|
+
import { CfnBucket } from "aws-cdk-lib/aws-s3";
|
|
4
|
+
import { DigitrafficStack, SOLUTION_KEY } from "./stack.js";
|
|
5
|
+
import { CfnMethod, CfnResource } from "aws-cdk-lib/aws-apigateway";
|
|
6
|
+
import { CfnQueue } from "aws-cdk-lib/aws-sqs";
|
|
7
|
+
import { LogRetention } from "aws-cdk-lib/aws-logs";
|
|
8
|
+
import { kebabCase } from "change-case";
|
|
9
|
+
import _ from "lodash";
|
|
16
10
|
const MAX_CONCURRENCY_LIMIT = 100;
|
|
17
|
-
const NODE_RUNTIMES = [
|
|
11
|
+
const NODE_RUNTIMES = [Runtime.NODEJS_20_X.name, Runtime.NODEJS_18_X.name];
|
|
18
12
|
var ResourceType;
|
|
19
13
|
(function (ResourceType) {
|
|
20
14
|
ResourceType["stackName"] = "STACK_NAME";
|
|
@@ -29,7 +23,7 @@ var ResourceType;
|
|
|
29
23
|
ResourceType["queueEncryption"] = "QUEUE_ENCRYPTION";
|
|
30
24
|
ResourceType["logGroupRetention"] = "LOG_GROUP_RETENTION";
|
|
31
25
|
})(ResourceType || (ResourceType = {}));
|
|
32
|
-
class StackCheckingAspect {
|
|
26
|
+
export class StackCheckingAspect {
|
|
33
27
|
constructor(stackShortName, whitelistedResources) {
|
|
34
28
|
this.stackShortName = stackShortName;
|
|
35
29
|
this.whitelistedResources = whitelistedResources;
|
|
@@ -59,14 +53,14 @@ class StackCheckingAspect {
|
|
|
59
53
|
// error && whitelisted -> warning
|
|
60
54
|
// warning && whitelisted -> nothing
|
|
61
55
|
if (isError && !isWhiteListed) {
|
|
62
|
-
|
|
56
|
+
Annotations.of(node).addError(annotationMessage);
|
|
63
57
|
}
|
|
64
58
|
else if ((!isError && !isWhiteListed) || (isError && isWhiteListed)) {
|
|
65
|
-
|
|
59
|
+
Annotations.of(node).addWarning(annotationMessage);
|
|
66
60
|
}
|
|
67
61
|
}
|
|
68
62
|
checkStack(node) {
|
|
69
|
-
if (node instanceof
|
|
63
|
+
if (node instanceof DigitrafficStack) {
|
|
70
64
|
if ((node.stackName.includes("Test") || node.stackName.includes("Tst")) &&
|
|
71
65
|
node.configuration.production) {
|
|
72
66
|
this.addAnnotation(node, ResourceType.stackName, "Production is set for Test-stack");
|
|
@@ -78,7 +72,7 @@ class StackCheckingAspect {
|
|
|
78
72
|
}
|
|
79
73
|
}
|
|
80
74
|
checkFunction(node) {
|
|
81
|
-
if (node instanceof
|
|
75
|
+
if (node instanceof CfnFunction) {
|
|
82
76
|
if (!node.reservedConcurrentExecutions) {
|
|
83
77
|
this.addAnnotation(node, ResourceType.reservedConcurrentConcurrency, "Function must have reservedConcurrentConcurrency");
|
|
84
78
|
}
|
|
@@ -102,14 +96,14 @@ class StackCheckingAspect {
|
|
|
102
96
|
}
|
|
103
97
|
}
|
|
104
98
|
checkTags(node) {
|
|
105
|
-
if (node instanceof
|
|
106
|
-
if (!node.tags.tagValues()[
|
|
99
|
+
if (node instanceof Stack) {
|
|
100
|
+
if (!node.tags.tagValues()[SOLUTION_KEY]) {
|
|
107
101
|
this.addAnnotation(node, ResourceType.tagSolution, "Solution tag is missing");
|
|
108
102
|
}
|
|
109
103
|
}
|
|
110
104
|
}
|
|
111
105
|
checkBucket(node) {
|
|
112
|
-
if (node instanceof
|
|
106
|
+
if (node instanceof CfnBucket) {
|
|
113
107
|
const c = node.publicAccessBlockConfiguration;
|
|
114
108
|
if (c &&
|
|
115
109
|
(!c.blockPublicAcls ||
|
|
@@ -128,18 +122,18 @@ class StackCheckingAspect {
|
|
|
128
122
|
if (path.includes("{")) {
|
|
129
123
|
return this.isValidPath(path.split("{")[0]);
|
|
130
124
|
}
|
|
131
|
-
return
|
|
125
|
+
return kebabCase(path) === path;
|
|
132
126
|
}
|
|
133
127
|
static isValidQueryString(name) {
|
|
134
|
-
return
|
|
128
|
+
return _.snakeCase(name) === name;
|
|
135
129
|
}
|
|
136
130
|
checkResourceCasing(node) {
|
|
137
|
-
if (node instanceof
|
|
131
|
+
if (node instanceof CfnResource) {
|
|
138
132
|
if (!StackCheckingAspect.isValidPath(node.pathPart)) {
|
|
139
133
|
this.addAnnotation(node, ResourceType.resourcePath, "Path part should be in kebab-case");
|
|
140
134
|
}
|
|
141
135
|
}
|
|
142
|
-
else if (node instanceof
|
|
136
|
+
else if (node instanceof CfnMethod) {
|
|
143
137
|
const integration = node.integration;
|
|
144
138
|
if (integration?.requestParameters) {
|
|
145
139
|
Object.keys(integration.requestParameters).forEach((key) => {
|
|
@@ -154,14 +148,14 @@ class StackCheckingAspect {
|
|
|
154
148
|
}
|
|
155
149
|
}
|
|
156
150
|
checkQueueEncryption(node) {
|
|
157
|
-
if (node instanceof
|
|
151
|
+
if (node instanceof CfnQueue) {
|
|
158
152
|
if (!node.kmsMasterKeyId) {
|
|
159
153
|
this.addAnnotation(node, ResourceType.queueEncryption, "Queue must have encryption enabled");
|
|
160
154
|
}
|
|
161
155
|
}
|
|
162
156
|
}
|
|
163
157
|
checkLogGroupRetention(node) {
|
|
164
|
-
if (node instanceof
|
|
158
|
+
if (node instanceof LogRetention) {
|
|
165
159
|
const child = node.node.defaultChild;
|
|
166
160
|
const retention = child._cfnProperties.RetentionInDays;
|
|
167
161
|
if (!retention) {
|
|
@@ -170,5 +164,4 @@ class StackCheckingAspect {
|
|
|
170
164
|
}
|
|
171
165
|
}
|
|
172
166
|
}
|
|
173
|
-
exports.StackCheckingAspect = StackCheckingAspect;
|
|
174
167
|
//# sourceMappingURL=stack-checking-aspect.js.map
|
|
@@ -1,12 +1,11 @@
|
|
|
1
1
|
import { Stack, StackProps } from "aws-cdk-lib";
|
|
2
|
-
import { IVpc } from "aws-cdk-lib/aws-ec2";
|
|
3
|
-
import { ISecurityGroup } from "aws-cdk-lib/aws-ec2/lib/security-group";
|
|
2
|
+
import { type ISecurityGroup, IVpc } from "aws-cdk-lib/aws-ec2";
|
|
4
3
|
import { ITopic } from "aws-cdk-lib/aws-sns";
|
|
5
4
|
import { ISecret } from "aws-cdk-lib/aws-secretsmanager";
|
|
6
5
|
import { Function as AWSFunction } from "aws-cdk-lib/aws-lambda";
|
|
7
6
|
import { Construct } from "constructs";
|
|
8
|
-
import { TrafficType } from "../../../types/traffictype";
|
|
9
|
-
import { DBLambdaEnvironment } from "./lambda-configs";
|
|
7
|
+
import { TrafficType } from "../../../types/traffictype.js";
|
|
8
|
+
import { DBLambdaEnvironment } from "./lambda-configs.js";
|
|
10
9
|
export declare const SOLUTION_KEY = "Solution";
|
|
11
10
|
export declare const SSM_KEY_WARNING_TOPIC = "/digitraffic/monitoring/warning-topic";
|
|
12
11
|
export declare const SSM_KEY_ALARM_TOPIC = "/digitraffic/monitoring/alarm-topic";
|
|
@@ -1,28 +1,25 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
const aws_ssm_1 = require("aws-cdk-lib/aws-ssm");
|
|
8
|
-
const aws_secretsmanager_1 = require("aws-cdk-lib/aws-secretsmanager");
|
|
9
|
-
const stack_checking_aspect_1 = require("./stack-checking-aspect");
|
|
1
|
+
import { Aspects, Stack } from "aws-cdk-lib";
|
|
2
|
+
import { SecurityGroup, Vpc } from "aws-cdk-lib/aws-ec2";
|
|
3
|
+
import { Topic } from "aws-cdk-lib/aws-sns";
|
|
4
|
+
import { StringParameter } from "aws-cdk-lib/aws-ssm";
|
|
5
|
+
import { Secret } from "aws-cdk-lib/aws-secretsmanager";
|
|
6
|
+
import { StackCheckingAspect } from "./stack-checking-aspect.js";
|
|
10
7
|
const SSM_ROOT = "/digitraffic";
|
|
11
|
-
|
|
8
|
+
export const SOLUTION_KEY = "Solution";
|
|
12
9
|
const MONITORING_ROOT = "/monitoring";
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
class DigitrafficStack extends
|
|
10
|
+
export const SSM_KEY_WARNING_TOPIC = `${SSM_ROOT}${MONITORING_ROOT}/warning-topic`;
|
|
11
|
+
export const SSM_KEY_ALARM_TOPIC = `${SSM_ROOT}${MONITORING_ROOT}/alarm-topic`;
|
|
12
|
+
export class DigitrafficStack extends Stack {
|
|
16
13
|
constructor(scope, id, configuration) {
|
|
17
14
|
super(scope, id, configuration.stackProps);
|
|
18
15
|
this.configuration = configuration;
|
|
19
16
|
if (configuration.secretId) {
|
|
20
|
-
this.secret =
|
|
17
|
+
this.secret = Secret.fromSecretNameV2(this, "Secret", configuration.secretId);
|
|
21
18
|
}
|
|
22
19
|
// VPC reference construction requires vpcId and availability zones
|
|
23
20
|
// private subnets are used in Lambda configuration
|
|
24
21
|
if (configuration.vpcId) {
|
|
25
|
-
this.vpc =
|
|
22
|
+
this.vpc = Vpc.fromVpcAttributes(this, "vpc", {
|
|
26
23
|
vpcId: configuration.vpcId,
|
|
27
24
|
privateSubnetIds: configuration.privateSubnetIds,
|
|
28
25
|
availabilityZones: configuration.availabilityZones ?? [],
|
|
@@ -30,14 +27,14 @@ class DigitrafficStack extends aws_cdk_lib_1.Stack {
|
|
|
30
27
|
}
|
|
31
28
|
// security group that allows Lambda database access
|
|
32
29
|
if (configuration.lambdaDbSgId) {
|
|
33
|
-
this.lambdaDbSg =
|
|
30
|
+
this.lambdaDbSg = SecurityGroup.fromSecurityGroupId(this, "LambdaDbSG", configuration.lambdaDbSgId);
|
|
34
31
|
}
|
|
35
|
-
this.alarmTopic =
|
|
36
|
-
this.warningTopic =
|
|
32
|
+
this.alarmTopic = Topic.fromTopicArn(this, "AlarmTopic", StringParameter.fromStringParameterName(this, "AlarmTopicParam", SSM_KEY_ALARM_TOPIC).stringValue);
|
|
33
|
+
this.warningTopic = Topic.fromTopicArn(this, "WarningTopic", StringParameter.fromStringParameterName(this, "WarningTopicParam", SSM_KEY_WARNING_TOPIC).stringValue);
|
|
37
34
|
this.addAspects();
|
|
38
35
|
}
|
|
39
36
|
addAspects() {
|
|
40
|
-
|
|
37
|
+
Aspects.of(this).add(StackCheckingAspect.create(this));
|
|
41
38
|
}
|
|
42
39
|
createLambdaEnvironment() {
|
|
43
40
|
return this.createDefaultLambdaEnvironment(this.configuration.shortName);
|
|
@@ -63,5 +60,4 @@ class DigitrafficStack extends aws_cdk_lib_1.Stack {
|
|
|
63
60
|
lambdas.forEach((l) => secret.grantRead(l));
|
|
64
61
|
}
|
|
65
62
|
}
|
|
66
|
-
exports.DigitrafficStack = DigitrafficStack;
|
|
67
63
|
//# sourceMappingURL=stack.js.map
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { CfnSubscriptionFilter } from "aws-cdk-lib/aws-logs";
|
|
2
2
|
import { Function as AWSFunction } from "aws-cdk-lib/aws-lambda";
|
|
3
|
-
import { DigitrafficStack } from "./stack";
|
|
3
|
+
import { DigitrafficStack } from "./stack.js";
|
|
4
4
|
import { Construct } from "constructs";
|
|
5
|
-
import { MonitoredFunction } from "./monitoredfunction";
|
|
5
|
+
import { MonitoredFunction } from "./monitoredfunction.js";
|
|
6
6
|
/**
|
|
7
7
|
* Creates a subscription filter that subscribes to a Lambda Log Group and delivers the logs to another destination.
|
|
8
8
|
* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html
|
|
@@ -1,7 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.DigitrafficLogSubscriptions = exports.createSubscription = void 0;
|
|
4
|
-
const aws_logs_1 = require("aws-cdk-lib/aws-logs");
|
|
1
|
+
import { CfnSubscriptionFilter } from "aws-cdk-lib/aws-logs";
|
|
5
2
|
/**
|
|
6
3
|
* Creates a subscription filter that subscribes to a Lambda Log Group and delivers the logs to another destination.
|
|
7
4
|
* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html
|
|
@@ -10,11 +7,11 @@ const aws_logs_1 = require("aws-cdk-lib/aws-logs");
|
|
|
10
7
|
* @param logDestinationArn Destination for streamed logs
|
|
11
8
|
* @param stack CloudFormation stack
|
|
12
9
|
*/
|
|
13
|
-
function createSubscription(lambda, lambdaName, logDestinationArn, stack) {
|
|
10
|
+
export function createSubscription(lambda, lambdaName, logDestinationArn, stack) {
|
|
14
11
|
if (logDestinationArn == undefined) {
|
|
15
12
|
return undefined;
|
|
16
13
|
}
|
|
17
|
-
const filter = new
|
|
14
|
+
const filter = new CfnSubscriptionFilter(stack, `${lambdaName}LogsSubscription`, {
|
|
18
15
|
logGroupName: `/aws/lambda/${lambdaName}`,
|
|
19
16
|
filterPattern: "",
|
|
20
17
|
destinationArn: logDestinationArn,
|
|
@@ -22,13 +19,12 @@ function createSubscription(lambda, lambdaName, logDestinationArn, stack) {
|
|
|
22
19
|
filter.node.addDependency(lambda);
|
|
23
20
|
return filter;
|
|
24
21
|
}
|
|
25
|
-
|
|
26
|
-
class DigitrafficLogSubscriptions {
|
|
22
|
+
export class DigitrafficLogSubscriptions {
|
|
27
23
|
constructor(stack, ...lambdas) {
|
|
28
24
|
const destinationArn = stack.configuration.logsDestinationArn;
|
|
29
25
|
if (destinationArn !== undefined) {
|
|
30
26
|
lambdas.forEach((lambda) => {
|
|
31
|
-
const filter = new
|
|
27
|
+
const filter = new CfnSubscriptionFilter(stack, `${lambda.givenName}LogsSubscription`, {
|
|
32
28
|
logGroupName: `/aws/lambda/${lambda.givenName}`,
|
|
33
29
|
filterPattern: "",
|
|
34
30
|
destinationArn,
|
|
@@ -38,5 +34,4 @@ class DigitrafficLogSubscriptions {
|
|
|
38
34
|
}
|
|
39
35
|
}
|
|
40
36
|
}
|
|
41
|
-
exports.DigitrafficLogSubscriptions = DigitrafficLogSubscriptions;
|
|
42
37
|
//# sourceMappingURL=subscription.js.map
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Stack } from "aws-cdk-lib";
|
|
2
|
-
import { Construct } from "constructs
|
|
3
|
-
import { InfraStackConfiguration } from "./intra-stack-configuration";
|
|
2
|
+
import { type Construct } from "constructs";
|
|
3
|
+
import { InfraStackConfiguration } from "./intra-stack-configuration.js";
|
|
4
4
|
/**
|
|
5
5
|
* Creates a dns local zone and creates records for cluster endpoints and proxy endpoints.
|
|
6
6
|
*
|
|
@@ -1,18 +1,15 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
const
|
|
6
|
-
const import_util_1 = require("../import-util");
|
|
7
|
-
const parameters_1 = require("../stack/parameters");
|
|
8
|
-
const DEFAULT_RECORD_TTL = aws_cdk_lib_1.Duration.seconds(30);
|
|
1
|
+
import { Duration, RemovalPolicy, Stack } from "aws-cdk-lib";
|
|
2
|
+
import { PrivateHostedZone, RecordSet, RecordTarget, RecordType, } from "aws-cdk-lib/aws-route53";
|
|
3
|
+
import { importVpc } from "../import-util.js";
|
|
4
|
+
import { getParameterValue } from "../stack/parameters.js";
|
|
5
|
+
const DEFAULT_RECORD_TTL = Duration.seconds(30);
|
|
9
6
|
/**
|
|
10
7
|
* Creates a dns local zone and creates records for cluster endpoints and proxy endpoints.
|
|
11
8
|
*
|
|
12
9
|
* Please note, that created PrivateHostedZone has RETAIN removalPolicy, so if you want to delete this stack,
|
|
13
10
|
* you must remove the zone by hand after.
|
|
14
11
|
*/
|
|
15
|
-
class DbDnsStack extends
|
|
12
|
+
export class DbDnsStack extends Stack {
|
|
16
13
|
constructor(scope, id, isc) {
|
|
17
14
|
super(scope, id, {
|
|
18
15
|
env: isc.env,
|
|
@@ -20,45 +17,44 @@ class DbDnsStack extends aws_cdk_lib_1.Stack {
|
|
|
20
17
|
this.createDnsRecords(isc);
|
|
21
18
|
}
|
|
22
19
|
createDnsRecords(isc) {
|
|
23
|
-
const vpc =
|
|
24
|
-
const zone = new
|
|
20
|
+
const vpc = importVpc(this, isc.environmentName);
|
|
21
|
+
const zone = new PrivateHostedZone(this, "DNSHostedZone", {
|
|
25
22
|
zoneName: isc.environmentName + ".local",
|
|
26
23
|
vpc,
|
|
27
24
|
});
|
|
28
|
-
zone.applyRemovalPolicy(
|
|
29
|
-
const clusterReaderEndpoint =
|
|
30
|
-
const clusterWriterEndpoint =
|
|
31
|
-
const proxyReaderEndpoint =
|
|
32
|
-
const proxyWriterEndpoint =
|
|
33
|
-
new
|
|
34
|
-
recordType:
|
|
25
|
+
zone.applyRemovalPolicy(RemovalPolicy.RETAIN);
|
|
26
|
+
const clusterReaderEndpoint = getParameterValue(this, "cluster.reader");
|
|
27
|
+
const clusterWriterEndpoint = getParameterValue(this, "cluster.writer");
|
|
28
|
+
const proxyReaderEndpoint = getParameterValue(this, "proxy.reader");
|
|
29
|
+
const proxyWriterEndpoint = getParameterValue(this, "proxy.writer");
|
|
30
|
+
new RecordSet(this, "ReaderRecord", {
|
|
31
|
+
recordType: RecordType.CNAME,
|
|
35
32
|
recordName: `db-ro.${isc.environmentName}.local`,
|
|
36
|
-
target:
|
|
33
|
+
target: RecordTarget.fromValues(clusterReaderEndpoint),
|
|
37
34
|
ttl: DEFAULT_RECORD_TTL,
|
|
38
35
|
zone,
|
|
39
36
|
});
|
|
40
|
-
new
|
|
41
|
-
recordType:
|
|
37
|
+
new RecordSet(this, "WriterRecord", {
|
|
38
|
+
recordType: RecordType.CNAME,
|
|
42
39
|
recordName: `db.${isc.environmentName}.local`,
|
|
43
|
-
target:
|
|
40
|
+
target: RecordTarget.fromValues(clusterWriterEndpoint),
|
|
44
41
|
ttl: DEFAULT_RECORD_TTL,
|
|
45
42
|
zone,
|
|
46
43
|
});
|
|
47
|
-
new
|
|
48
|
-
recordType:
|
|
44
|
+
new RecordSet(this, "ProxyReaderRecord", {
|
|
45
|
+
recordType: RecordType.CNAME,
|
|
49
46
|
recordName: `proxy-ro.${isc.environmentName}.local`,
|
|
50
|
-
target:
|
|
47
|
+
target: RecordTarget.fromValues(proxyReaderEndpoint),
|
|
51
48
|
ttl: DEFAULT_RECORD_TTL,
|
|
52
49
|
zone,
|
|
53
50
|
});
|
|
54
|
-
new
|
|
55
|
-
recordType:
|
|
51
|
+
new RecordSet(this, "ProxyWriterRecord", {
|
|
52
|
+
recordType: RecordType.CNAME,
|
|
56
53
|
recordName: `proxy.${isc.environmentName}.local`,
|
|
57
|
-
target:
|
|
54
|
+
target: RecordTarget.fromValues(proxyWriterEndpoint),
|
|
58
55
|
ttl: DEFAULT_RECORD_TTL,
|
|
59
56
|
zone,
|
|
60
57
|
});
|
|
61
58
|
}
|
|
62
59
|
}
|
|
63
|
-
exports.DbDnsStack = DbDnsStack;
|
|
64
60
|
//# sourceMappingURL=db-dns-stack.js.map
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
import { CfnDBProxyEndpoint, DatabaseProxy } from "aws-cdk-lib/aws-rds";
|
|
2
2
|
import { ISecret } from "aws-cdk-lib/aws-secretsmanager";
|
|
3
3
|
import { IVpc } from "aws-cdk-lib/aws-ec2";
|
|
4
|
-
import { InfraStackConfiguration } from "./intra-stack-configuration";
|
|
4
|
+
import { InfraStackConfiguration } from "./intra-stack-configuration.js";
|
|
5
5
|
import { Stack } from "aws-cdk-lib/core";
|
|
6
|
-
import { Construct } from "constructs/lib/construct";
|
|
6
|
+
import { Construct } from "constructs/lib/construct.js";
|
|
7
7
|
export interface ProxyConfiguration {
|
|
8
8
|
readonly secretArn: string;
|
|
9
9
|
readonly name?: string;
|
|
@@ -1,17 +1,14 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
const import_util_1 = require("../import-util");
|
|
9
|
-
const parameters_1 = require("../stack/parameters");
|
|
10
|
-
const core_1 = require("aws-cdk-lib/core");
|
|
1
|
+
import { CfnDBProxyEndpoint, DatabaseCluster, DatabaseClusterEngine, DatabaseProxy, ProxyTarget, } from "aws-cdk-lib/aws-rds";
|
|
2
|
+
import { Secret } from "aws-cdk-lib/aws-secretsmanager";
|
|
3
|
+
import { SecurityGroup } from "aws-cdk-lib/aws-ec2";
|
|
4
|
+
import { DbStack } from "./db-stack.js";
|
|
5
|
+
import { exportValue, importVpc } from "../import-util.js";
|
|
6
|
+
import { createParameter } from "../stack/parameters.js";
|
|
7
|
+
import { Stack, Duration } from "aws-cdk-lib/core";
|
|
11
8
|
/**
|
|
12
9
|
* A stack that creates a Database proxy.
|
|
13
10
|
*/
|
|
14
|
-
class DbProxyStack extends
|
|
11
|
+
export class DbProxyStack extends Stack {
|
|
15
12
|
constructor(scope, id, isc, configuration) {
|
|
16
13
|
super(scope, id, {
|
|
17
14
|
env: isc.env,
|
|
@@ -20,49 +17,49 @@ class DbProxyStack extends core_1.Stack {
|
|
|
20
17
|
if (configuration.clusterIdentifier === "") {
|
|
21
18
|
throw new Error("Empty cluster identifier!");
|
|
22
19
|
}
|
|
23
|
-
const vpc =
|
|
24
|
-
const secret =
|
|
20
|
+
const vpc = importVpc(this, isc.environmentName);
|
|
21
|
+
const secret = Secret.fromSecretAttributes(this, "proxy-secret", {
|
|
25
22
|
secretCompleteArn: configuration.secretArn,
|
|
26
23
|
});
|
|
27
24
|
const proxy = this.createProxy(vpc, secret, configuration);
|
|
28
25
|
const readerEndpoint = this.createProxyEndpoints(vpc, proxy, configuration.securityGroupId);
|
|
29
|
-
|
|
30
|
-
|
|
26
|
+
createParameter(this, "proxy.reader", readerEndpoint.attrEndpoint);
|
|
27
|
+
createParameter(this, "proxy.writer", proxy.endpoint);
|
|
31
28
|
this.setOutputs(proxy);
|
|
32
29
|
}
|
|
33
30
|
setOutputs(proxy) {
|
|
34
31
|
// if only one instance, then there is no reader-endpoint
|
|
35
|
-
|
|
36
|
-
|
|
32
|
+
exportValue(this, this.isc.environmentName, DbProxyStack.PROXY_READER_EXPORT_NAME, proxy.endpoint);
|
|
33
|
+
exportValue(this, this.isc.environmentName, DbProxyStack.PROXY_WRITER_EXPORT_NAME, proxy.endpoint);
|
|
37
34
|
}
|
|
38
35
|
createProxy(vpc, secret, configuration) {
|
|
39
36
|
const proxyId = `${this.isc.environmentName}-proxy`;
|
|
40
|
-
const securityGroup =
|
|
41
|
-
const cluster =
|
|
37
|
+
const securityGroup = SecurityGroup.fromSecurityGroupId(this, "securitygroup", configuration.securityGroupId);
|
|
38
|
+
const cluster = DatabaseCluster.fromDatabaseClusterAttributes(this, "db-cluster", {
|
|
42
39
|
clusterIdentifier: configuration.clusterIdentifier,
|
|
43
|
-
engine:
|
|
44
|
-
port:
|
|
40
|
+
engine: DatabaseClusterEngine.AURORA_POSTGRESQL,
|
|
41
|
+
port: DbStack.CLUSTER_PORT,
|
|
45
42
|
});
|
|
46
43
|
// CDK tries to allow connections between proxy and cluster
|
|
47
44
|
// this does not work on cluster references
|
|
48
45
|
cluster.connections.allowDefaultPortFrom = () => {
|
|
49
46
|
/* nothing */
|
|
50
47
|
};
|
|
51
|
-
return new
|
|
48
|
+
return new DatabaseProxy(this, proxyId, {
|
|
52
49
|
dbProxyName: configuration.name ?? "AuroraProxy",
|
|
53
50
|
securityGroups: [securityGroup],
|
|
54
|
-
proxyTarget:
|
|
55
|
-
idleClientTimeout:
|
|
51
|
+
proxyTarget: ProxyTarget.fromCluster(cluster),
|
|
52
|
+
idleClientTimeout: Duration.seconds(1800),
|
|
56
53
|
maxConnectionsPercent: 50,
|
|
57
54
|
maxIdleConnectionsPercent: 25,
|
|
58
|
-
borrowTimeout:
|
|
55
|
+
borrowTimeout: Duration.seconds(120),
|
|
59
56
|
requireTLS: false,
|
|
60
57
|
secrets: [secret],
|
|
61
58
|
vpc: vpc,
|
|
62
59
|
});
|
|
63
60
|
}
|
|
64
61
|
createProxyEndpoints(vpc, proxy, securityGroupId) {
|
|
65
|
-
return new
|
|
62
|
+
return new CfnDBProxyEndpoint(this, "ReaderEndpoint", {
|
|
66
63
|
dbProxyEndpointName: "ReaderEndpoint",
|
|
67
64
|
dbProxyName: proxy.dbProxyName,
|
|
68
65
|
vpcSubnetIds: vpc.privateSubnets.map((sub) => sub.subnetId),
|
|
@@ -71,7 +68,6 @@ class DbProxyStack extends core_1.Stack {
|
|
|
71
68
|
});
|
|
72
69
|
}
|
|
73
70
|
}
|
|
74
|
-
exports.DbProxyStack = DbProxyStack;
|
|
75
71
|
DbProxyStack.PROXY_READER_EXPORT_NAME = "db-reader-endpoint";
|
|
76
72
|
DbProxyStack.PROXY_WRITER_EXPORT_NAME = "db-writer-endpoint";
|
|
77
73
|
//# sourceMappingURL=db-proxy-stack.js.map
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
import { InstanceType, IVpc } from "aws-cdk-lib/aws-ec2";
|
|
2
|
-
import { ISecurityGroup } from "aws-cdk-lib/aws-ec2/lib/security-group";
|
|
1
|
+
import { InstanceType, IVpc, type ISecurityGroup } from "aws-cdk-lib/aws-ec2";
|
|
3
2
|
import { AuroraPostgresEngineVersion, DatabaseCluster, DatabaseClusterProps, IParameterGroup } from "aws-cdk-lib/aws-rds";
|
|
4
|
-
import { Construct } from "constructs/lib/construct";
|
|
5
|
-
import { InfraStackConfiguration } from "./intra-stack-configuration";
|
|
3
|
+
import { Construct } from "constructs/lib/construct.js";
|
|
4
|
+
import { InfraStackConfiguration } from "./intra-stack-configuration.js";
|
|
6
5
|
import { Stack } from "aws-cdk-lib/core";
|
|
7
6
|
export interface DbConfiguration {
|
|
8
7
|
readonly cluster?: ClusterConfiguration;
|