@digitraffic/common 2026.3.17-1 → 2026.3.26-1-beta

package/dist/aws/infra/api/integration.js

@@ -0,0 +1,162 @@
+import { LambdaIntegration, PassthroughBehavior, } from "aws-cdk-lib/aws-apigateway";
+import { DigitrafficIntegrationResponse } from "../../runtime/digitraffic-integration-response.js";
+import { MediaType } from "../../types/mediatypes.js";
+const VELOCITY_ALL_PARAMS = `#foreach($paramName in $params.keySet())
+    #if( ! $paramMap.containsKey("_$paramName"))
+        #set($tmp = $paramMap.put($paramName, $params[$paramName]))
+    #end
+#end`;
+const VELOCITY_PASS_BODY = `#set($tmp = $paramMap.put('payload', $util.base64Encode($input.body)))`;
+export class DigitrafficIntegration {
+    lambda;
+    mediaType;
+    parameters = [];
+    deprecation = false;
+    sunset;
+    _passAllQueryParameters;
+    _passBody;
+    constructor(lambda, mediaType = MediaType.TEXT_PLAIN, deprecation = false, sunset) {
+        this.lambda = lambda;
+        this.mediaType = mediaType;
+        this.sunset = sunset;
+        this.deprecation = deprecation;
+        this._passAllQueryParameters = false;
+        this._passBody = false;
+    }
+    passAllQueryParameters() {
+        if (this.parameters.some((p) => p.type === "querystring")) {
+            throw new Error("Can't add query parameters with pass all");
+        }
+        this._passAllQueryParameters = true;
+        return this;
+    }
+    /**
+     * Body is passed as an base64-encoded string, so broken input should't break anything.  You should
+     * decode, parse and validate the input in the lambda.
+     *
+     * The encoded body will be passed to handler with name payload!!
+     */
+    passBody() {
+        this._passBody = true;
+        return this;
+    }
+    addParameter(type, name) {
+        if (name.startsWith("_")) {
+            throw new Error("Parameters can't start with _");
+        }
+        this.parameters.push({ type, name });
+        return this;
+    }
+    addPathParameter(...names) {
+        names.forEach((name) => {
+            this.addParameter("path", name);
+        });
+        return this;
+    }
+    addQueryParameter(...names) {
+        if (this._passAllQueryParameters) {
+            throw new Error("Can't add query parameters with pass all");
+        }
+        names.forEach((name) => {
+            this.addParameter("querystring", name);
+        });
+        return this;
+    }
+    addMultiValueQueryParameter(...names) {
+        names.forEach((name) => {
+            this.addParameter("multivaluequerystring", name);
+        });
+        return this;
+    }
+    /**
+     * Note that context parameter values needs to be in json format as they will be parsed in template as json.
+     * See createRequestTemplates below.
+     * @param names for the parameters
+     * @returns
+     */
+    addContextParameter(...names) {
+        names.forEach((name) => {
+            this.addParameter("context", name);
+        });
+        return this;
+    }
+    /**
+     * Do not use Authorization header as that will be consumed by ApiGW.
+     * If Authorization header is needed, use lambda authorizers.
+     * @param names for the headers
+     */
+    addHeaderParameter(...names) {
+        names.forEach((name) => {
+            this.addParameter("header", name);
+        });
+        return this;
+    }
+    build() {
+        const integrationResponses = this.createResponses();
+        return new LambdaIntegration(this.lambda, {
+            proxy: false,
+            integrationResponses,
+            requestParameters: undefined,
+            requestTemplates: this.parameters.length === 0 && !this._passAllQueryParameters
+                ? undefined
+                : this.createRequestTemplates(),
+            passthroughBehavior: PassthroughBehavior.WHEN_NO_MATCH,
+        });
+    }
+    // noinspection JSUnusedGlobalSymbols
+    createRequestParameters() {
+        const requestParameters = {};
+        // filter out context parameters
+        this.parameters
+            .filter((parameter) => parameter.type !== "context")
+            .forEach((parameter) => {
+            requestParameters[`integration.request.${parameter.type.replace("multivaluequerystring", "querystring")}.${parameter.name}`] = `method.request.${parameter.type}.${parameter.name}`;
+        });
+        return requestParameters;
+    }
+    createRequestTemplates() {
+        const parameterAssignments = [];
+        this.parameters.forEach((parameter) => {
+            if (parameter.type === "context") {
+                parameterAssignments.push(`#set($tmp = $paramMap.put('${parameter.name}', $util.escapeJavaScript($context.${parameter.name})))`);
+            }
+            else if (parameter.type === "multivaluequerystring") {
+                // make multivaluequerystring values to array
+                parameterAssignments.push(`#set($tmp = $paramMap.put('_${parameter.name}', $method.request.multivaluequerystring.${parameter.name}))`);
+            }
+            else if (parameter.type === "path") {
+                parameterAssignments.push(`#set($tmp = $paramMap.put('${parameter.name}', $util.escapeJavaScript($input.params().path['${parameter.name}'])))`);
+            }
+            else if (parameter.type === "header") {
+                parameterAssignments.push(`#set($tmp = $paramMap.put('${parameter.name}', $util.escapeJavaScript($input.params().header['${parameter.name}'])))`);
+            }
+            else {
+                parameterAssignments.push(`#set($tmp = $paramMap.put('${parameter.name}', $util.escapeJavaScript($params['${parameter.name}'])))`);
+            }
+        });
+        // parameters starting with _ will be handled as multivalue querystring
+        return {
+            [MediaType.APPLICATION_JSON]: `
+#set($paramMap = {})
+#set($params = $input.params().get("querystring"))
+${parameterAssignments.join("\n")}
+${this._passAllQueryParameters ? VELOCITY_ALL_PARAMS : ""}
+${this._passBody ? VELOCITY_PASS_BODY : ""}
+{
+#foreach($paramName in $paramMap.keySet())
+#if( $paramName.substring(0, 1) != '_')
+    "$paramName":"$paramMap.get($paramName)" #if($foreach.hasNext),\n#end
+#else
+    "$paramName.substring(1)": [#foreach($val in $paramMap.get($paramName))"$util.escapeJavaScript($val)"#if($foreach.hasNext),#end#end] #if($foreach.hasNext),\n#end
+#end
+#end
+}`,
+        };
+    }
+    createResponses() {
+        return [
+            DigitrafficIntegrationResponse.ok(this.mediaType, this.deprecation, this.sunset),
+        ];
+    }
+}
+//# sourceMappingURL=integration.js.map

package/dist/aws/infra/api/response.d.ts

@@ -0,0 +1,62 @@
+import type { IModel, JsonSchema, MethodResponse } from "aws-cdk-lib/aws-apigateway";
+import { MediaType } from "../../types/mediatypes.js";
+/**
+ * This is velocity-script, that assumes the response to be LambdaResponse(status and body).
+ * It will always return the body and status, but if status in something else than 200 OK the content-type
+ * will be overridden to text/plain. (it's assumed, that lambda will return error text).
+ *
+ * Body content must be base64-encoded! use LambdaResponse for this! This way you can also return
+ * non-textual content.
+ *
+ * If fileName is set, then Content-Disposition-header will be set to use it
+ * If timestamp is set, then ETag & Last-Modified headers will be set
+ */
+export declare const RESPONSE_DEFAULT_LAMBDA = "#set($inputRoot = $input.path('$'))##\n#if ($inputRoot.status != 200)##\n#set ($context.responseOverride.status = $inputRoot.status)##\n#set ($context.responseOverride.header.Content-Type = 'text/plain')##\n#end##\n#set ($context.responseOverride.header.Access-Control-Allow-Origin = '*')##\n#if (\"$!inputRoot.timestamp\" != \"\")##\n#set ($context.responseOverride.header.Last-Modified = $inputRoot.timestamp)##\n#end##\n#if (\"$!inputRoot.etag\" != \"\")##\n#set ($context.responseOverride.header.ETag = $inputRoot.etag)##\n#end##\n#if (\"$!inputRoot.fileName\" != \"\")##\n#set ($disposition = 'attachment; filename=\"FN\"')##\n#set ($context.responseOverride.header.Content-Disposition = $disposition.replaceAll('FN', $inputRoot.fileName))##\n#end##\n$util.base64Decode($inputRoot.body)";
+/**
+ * Use this for deprecated integrations.
+ * Will add HTTP headers Deprecation and Sunset to response.
+ * Example:
+ *  Deprecation: true
+ *  Sunset: Tue, 20 Dec 2022 00:00:00 GMT
+ * @param sunset Sunset date as string in ISO 8601 date-time format (YYYY-MM-DD)
+ */
+export declare const getDeprecatedDefaultLambdaResponse: (sunset?: string) => string;
+/**
+ * @deprecated
+ */
+export declare const MessageModel: {
+    contentType: MediaType;
+    modelName: string;
+    schema: JsonSchema;
+};
+export declare const NotFoundResponse: string;
+/**
+ * @deprecated
+ */
+export declare const BadRequestResponseTemplate: {
+    "application/json": string;
+};
+/**
+ * @deprecated
+ */
+export declare const NotFoundResponseTemplate: {
+    "application/json": string;
+};
+/**
+ * @deprecated
+ */
+export declare const XmlResponseTemplate: {
+    "application/xml": string;
+};
+/**
+ * @deprecated
+ */
+export declare const InternalServerErrorResponseTemplate: {
+    "application/json": string;
+};
+export declare const DigitrafficMethodResponse: {
+    response(statusCode: string, model: IModel, mediaType: MediaType, disableCors?: boolean, deprecation?: boolean, sunset?: boolean): MethodResponse;
+    response200(model: IModel, mediaType?: MediaType, deprecation?: boolean, sunset?: boolean): MethodResponse;
+    response500(model?: IModel, mediaType?: MediaType): MethodResponse;
+    response400(model?: IModel, mediaType?: MediaType): MethodResponse;
+};

package/dist/aws/infra/api/response.js

@@ -0,0 +1,132 @@
+import { JsonSchemaType, JsonSchemaVersion, Model, } from "aws-cdk-lib/aws-apigateway";
+import { dateFromIsoString } from "../../../utils/date-utils.js";
+import { MediaType } from "../../types/mediatypes.js";
+/**
+ * This is velocity-script, that assumes the response to be LambdaResponse(status and body).
+ * It will always return the body and status, but if status in something else than 200 OK the content-type
+ * will be overridden to text/plain. (it's assumed, that lambda will return error text).
+ *
+ * Body content must be base64-encoded! use LambdaResponse for this! This way you can also return
+ * non-textual content.
+ *
+ * If fileName is set, then Content-Disposition-header will be set to use it
+ * If timestamp is set, then ETag & Last-Modified headers will be set
+ */
+export const RESPONSE_DEFAULT_LAMBDA = `#set($inputRoot = $input.path('$'))##
+#if ($inputRoot.status != 200)##
+#set ($context.responseOverride.status = $inputRoot.status)##
+#set ($context.responseOverride.header.Content-Type = 'text/plain')##
+#end##
+#set ($context.responseOverride.header.Access-Control-Allow-Origin = '*')##
+#if ("$!inputRoot.timestamp" != "")##
+#set ($context.responseOverride.header.Last-Modified = $inputRoot.timestamp)##
+#end##
+#if ("$!inputRoot.etag" != "")##
+#set ($context.responseOverride.header.ETag = $inputRoot.etag)##
+#end##
+#if ("$!inputRoot.fileName" != "")##
+#set ($disposition = 'attachment; filename="FN"')##
+#set ($context.responseOverride.header.Content-Disposition = $disposition.replaceAll('FN', $inputRoot.fileName))##
+#end##
+$util.base64Decode($inputRoot.body)`;
+/**
+ * Use this for deprecated integrations.
+ * Will add HTTP headers Deprecation and Sunset to response.
+ * Example:
+ *  Deprecation: true
+ *  Sunset: Tue, 20 Dec 2022 00:00:00 GMT
+ * @param sunset Sunset date as string in ISO 8601 date-time format (YYYY-MM-DD)
+ */
+export const getDeprecatedDefaultLambdaResponse = (sunset) => {
+    const setDeprecationHeaders = `#set ($context.responseOverride.header.Deprecation = 'true')
+    ${sunset
+        ? `#set ($context.responseOverride.header.Sunset = '${dateFromIsoString(sunset).toUTCString()}')`
+        : ""}`;
+    return RESPONSE_DEFAULT_LAMBDA.concat(setDeprecationHeaders);
+};
+const BODY_FROM_INPUT_PATH = "$input.path('$').body";
+/**
+ * @deprecated
+ */
+const messageSchema = {
+    schema: JsonSchemaVersion.DRAFT4,
+    type: JsonSchemaType.OBJECT,
+    description: "Response with message",
+    properties: {
+        message: {
+            type: JsonSchemaType.STRING,
+            description: "Response message",
+        },
+    },
+};
+/**
+ * @deprecated
+ */
+export const MessageModel = {
+    contentType: MediaType.APPLICATION_JSON,
+    modelName: "MessageResponseModel",
+    schema: messageSchema,
+};
+const NotFoundMessage = "Not Found";
+export const NotFoundResponse = JSON.stringify({ message: NotFoundMessage });
+const InternalServerErrorMessage = "Error";
+const InternalServerErrorResponse = JSON.stringify({
+    message: InternalServerErrorMessage,
+});
+const BadRequestMessage = "Bad Request";
+const BadRequestResponse = JSON.stringify({ message: BadRequestMessage });
+/**
+ * @deprecated
+ */
+export const BadRequestResponseTemplate = {
+    [MediaType.APPLICATION_JSON]: BadRequestResponse,
+};
+/**
+ * @deprecated
+ */
+export const NotFoundResponseTemplate = {
+    [MediaType.APPLICATION_JSON]: NotFoundResponse,
+};
+/**
+ * @deprecated
+ */
+export const XmlResponseTemplate = {
+    [MediaType.APPLICATION_XML]: BODY_FROM_INPUT_PATH,
+};
+/**
+ * @deprecated
+ */
+export const InternalServerErrorResponseTemplate = {
+    [MediaType.APPLICATION_JSON]: InternalServerErrorResponse,
+};
+export const DigitrafficMethodResponse = {
+    response(statusCode, model, mediaType, disableCors = false, deprecation = false, sunset = false) {
+        return {
+            statusCode,
+            responseModels: {
+                [mediaType]: model,
+            },
+            responseParameters: {
+                ...(!disableCors && {
+                    "method.response.header.Access-Control-Allow-Origin": true,
+                }),
+                ...(deprecation && {
+                    "method.response.header.Deprecation": true,
+                }),
+                ...(sunset && {
+                    "method.response.header.Sunset": true,
+                }),
+            },
+        };
+    },
+    response200(model, mediaType = MediaType.APPLICATION_JSON, deprecation = false, sunset = false) {
+        return DigitrafficMethodResponse.response("200", model, mediaType, false, deprecation, sunset);
+    },
+    response500(model = Model.EMPTY_MODEL, mediaType = MediaType.APPLICATION_JSON) {
+        return DigitrafficMethodResponse.response("500", model, mediaType, false);
+    },
+    response400(model = Model.EMPTY_MODEL, mediaType = MediaType.APPLICATION_JSON) {
+        return DigitrafficMethodResponse.response("400", model, mediaType, false);
+    },
+};
+//# sourceMappingURL=response.js.map

package/dist/aws/infra/api/responses.d.ts

@@ -0,0 +1,60 @@
+import type { IModel, IntegrationResponse, MethodResponse } from "aws-cdk-lib/aws-apigateway";
+import { LambdaIntegration, PassthroughBehavior } from "aws-cdk-lib/aws-apigateway";
+import type { Function as AWSFunction } from "aws-cdk-lib/aws-lambda";
+import type { MediaType } from "../../types/mediatypes.js";
+/**
+ * @deprecated
+ */
+export declare const RESPONSE_200_OK: IntegrationResponse;
+/**
+ * @deprecated
+ */
+export declare const RESPONSE_400_BAD_REQUEST: IntegrationResponse;
+/**
+ * @deprecated
+ */
+export declare const RESPONSE_500_SERVER_ERROR: IntegrationResponse;
+/**
+ * @deprecated
+ */
+export declare const RESPONSE_CORS_INTEGRATION: {
+    responseParameters: {
+        "method.response.header.Access-Control-Allow-Origin": string;
+    };
+};
+/**
+ * @deprecated
+ */
+export declare const RESPONSE_404_NOT_FOUND: {
+    statusCode: string;
+    selectionPattern: string;
+    responseTemplates: {
+        "application/json": string;
+    };
+};
+/**
+ * @deprecated Use DigitrafficMethodResponse
+ */
+export declare function methodResponse(status: string, contentType: MediaType, model: IModel, parameters?: Record<string, boolean>): MethodResponse;
+interface IntegrationOptions {
+    requestParameters?: {
+        [dest: string]: string;
+    };
+    requestTemplates?: {
+        [contentType: string]: string;
+    };
+    responses?: IntegrationResponse[];
+    disableCors?: boolean;
+    xml?: boolean;
+    passthroughBehavior?: PassthroughBehavior;
+}
+/**
+ * Creates a default Lambda integration for a REST API resource _root_
+ * @param lambdaFunction The Lambda function
+ * @param options Options
+ *
+ * @deprecated Use DigitrafficIntegration
+ */
+export declare function defaultIntegration(lambdaFunction: AWSFunction, options?: IntegrationOptions): LambdaIntegration;
+export declare function getResponse(response: IntegrationResponse, options?: IntegrationOptions): IntegrationResponse;
+export {};

package/dist/aws/infra/api/responses.js

@@ -0,0 +1,90 @@
+import { LambdaIntegration, PassthroughBehavior, } from "aws-cdk-lib/aws-apigateway";
+import { BAD_REQUEST_MESSAGE, ERROR_MESSAGE, NOT_FOUND_MESSAGE, } from "../../types/errors.js";
+import { BadRequestResponseTemplate, InternalServerErrorResponseTemplate, NotFoundResponseTemplate, XmlResponseTemplate, } from "./response.js";
+/**
+ * @deprecated
+ */
+export const RESPONSE_200_OK = {
+    statusCode: "200",
+};
+/**
+ * @deprecated
+ */
+export const RESPONSE_400_BAD_REQUEST = {
+    statusCode: "400",
+    selectionPattern: BAD_REQUEST_MESSAGE,
+    responseTemplates: BadRequestResponseTemplate,
+};
+/**
+ * @deprecated
+ */
+export const RESPONSE_500_SERVER_ERROR = {
+    statusCode: "500",
+    selectionPattern: ERROR_MESSAGE,
+    responseTemplates: InternalServerErrorResponseTemplate,
+};
+/**
+ * @deprecated
+ */
+const RESPONSE_XML = {
+    responseTemplates: XmlResponseTemplate,
+};
+/**
+ * @deprecated
+ */
+export const RESPONSE_CORS_INTEGRATION = {
+    responseParameters: {
+        "method.response.header.Access-Control-Allow-Origin": "'*'",
+    },
+};
+/**
+ * @deprecated
+ */
+export const RESPONSE_404_NOT_FOUND = {
+    statusCode: "404",
+    selectionPattern: NOT_FOUND_MESSAGE,
+    responseTemplates: NotFoundResponseTemplate,
+};
+/**
+ * @deprecated Use DigitrafficMethodResponse
+ */
+export function methodResponse(status, contentType, model, parameters) {
+    return {
+        statusCode: status,
+        responseModels: {
+            [contentType]: model,
+        },
+        responseParameters: parameters ?? {},
+    };
+}
+/**
+ * Creates a default Lambda integration for a REST API resource _root_
+ * @param lambdaFunction The Lambda function
+ * @param options Options
+ *
+ * @deprecated Use DigitrafficIntegration
+ */
+export function defaultIntegration(lambdaFunction, options) {
+    return new LambdaIntegration(lambdaFunction, {
+        proxy: false,
+        integrationResponses: options?.responses ?? [
+            getResponse(RESPONSE_200_OK, options),
+            getResponse(RESPONSE_400_BAD_REQUEST, options),
+            getResponse(RESPONSE_404_NOT_FOUND, options),
+            getResponse(RESPONSE_500_SERVER_ERROR, options),
+        ],
+        requestParameters: options?.requestParameters ?? {},
+        requestTemplates: options?.requestTemplates ?? {},
+        passthroughBehavior: options?.passthroughBehavior ?? PassthroughBehavior.WHEN_NO_MATCH,
+    });
+}
+export function getResponse(response, options) {
+    if (options?.xml) {
+        response = { ...response, ...RESPONSE_XML };
+    }
+    if (!options?.disableCors) {
+        response = { ...response, ...RESPONSE_CORS_INTEGRATION };
+    }
+    return response;
+}
+//# sourceMappingURL=responses.js.map

package/dist/aws/infra/api/static-integration.d.ts

@@ -0,0 +1,16 @@
+import type { IModel, IntegrationResponse, MethodResponse, Resource } from "aws-cdk-lib/aws-apigateway";
+import { MockIntegration } from "aws-cdk-lib/aws-apigateway";
+import { MediaType } from "../../types/mediatypes.js";
+/**
+ * Static integration, that returns the given response with given mediaType from given resource.
+ *
+ * @param resource
+ * @param mediaType
+ * @param response
+ */
+export declare class DigitrafficStaticIntegration extends MockIntegration {
+    constructor(resource: Resource, mediaType: MediaType, response: string, model: IModel, enableCors?: boolean, apiKeyRequired?: boolean, headers?: Record<string, string>);
+    static json<K>(resource: Resource, response: K, model: IModel, enableCors?: boolean, apiKeyRequired?: boolean, headers?: Record<string, string>): DigitrafficStaticIntegration;
+    static createIntegrationResponse(response: string, mediaType: MediaType, headers?: Record<string, string>): IntegrationResponse;
+    static createMethodResponse(headers: Record<string, string>, mediaType: MediaType, model: IModel): MethodResponse;
+}

package/dist/aws/infra/api/static-integration.js

@@ -0,0 +1,76 @@
+import { MockIntegration, PassthroughBehavior, } from "aws-cdk-lib/aws-apigateway";
+import { MediaType } from "../../types/mediatypes.js";
+const INTEGRATION_RESPONSE_200 = `{
+    "statusCode": 200
+}`;
+/**
+ * Static integration, that returns the given response with given mediaType from given resource.
+ *
+ * @param resource
+ * @param mediaType
+ * @param response
+ */
+export class DigitrafficStaticIntegration extends MockIntegration {
+    constructor(resource, mediaType, response, model, enableCors = true, apiKeyRequired = true, headers = {}) {
+        if (enableCors) {
+            headers = { ...headers, "Access-Control-Allow-Origin": "*" };
+        }
+        const integrationResponse = DigitrafficStaticIntegration.createIntegrationResponse(response, mediaType, headers);
+        super({
+            passthroughBehavior: PassthroughBehavior.WHEN_NO_TEMPLATES,
+            requestTemplates: {
+                [mediaType]: INTEGRATION_RESPONSE_200,
+            },
+            integrationResponses: [integrationResponse],
+        });
+        ["GET", "HEAD"].forEach((httpMethod) => {
+            resource.addMethod(httpMethod, this, {
+                apiKeyRequired,
+                methodResponses: [
+                    DigitrafficStaticIntegration.createMethodResponse(headers, mediaType, model),
+                ],
+            });
+        });
+    }
+    static json(resource, response, model, enableCors = true, apiKeyRequired = true, headers = {}) {
+        return new DigitrafficStaticIntegration(resource, MediaType.APPLICATION_JSON, JSON.stringify(response), model, enableCors, apiKeyRequired, headers);
+    }
+    static createIntegrationResponse(response, mediaType, headers = {}) {
+        const params = mapRecord(headers, (entry) => [
+            `method.response.header.${entry[0]}`,
+            `'${entry[1]}'`,
+        ]);
+        return {
+            statusCode: "200",
+            responseTemplates: {
+                [mediaType]: response,
+            },
+            responseParameters: params,
+        };
+    }
+    static createMethodResponse(headers, mediaType, model) {
+        const allowedHeaders = Object.keys(headers);
+        const entries = Object.fromEntries(allowedHeaders.map((key) => [key, true]));
+        return {
+            statusCode: "200",
+            responseParameters: prefixKeys("method.response.header.", entries),
+            responseModels: {
+                [mediaType]: model,
+            },
+        };
+    }
+}
+function mapRecord(obj, func) {
+    const mappedEntries = Object.entries(obj).map((entry) => func(entry));
+    return Object.fromEntries(mappedEntries);
+}
+/**
+ * Create a new Record with prefix added to each of the keys.
+ *
+ * @param prefix
+ * @param obj
+ */
+function prefixKeys(prefix, obj) {
+    return mapRecord(obj, (entry) => [prefix + entry[0], entry[1]]);
+}
+//# sourceMappingURL=static-integration.js.map

package/dist/aws/infra/bucket-policy.d.ts

@@ -0,0 +1,38 @@
+import { Effect } from "aws-cdk-lib/aws-iam";
+import type { Bucket } from "aws-cdk-lib/aws-s3";
+export interface BaseGrantConfiguration {
+    readonly bucket: Bucket;
+    /**
+     * Specify resources
+     *
+     * @default bucketArn + "/*"
+     */
+    readonly resources?: string[];
+    /**
+     * Specify granted actions
+     *
+     * @default ["s3:GetObject"]
+     */
+    readonly actions?: string[];
+    /**
+     * Allow or deny
+     *
+     * @default Effect.ALLOW
+     */
+    readonly effect?: Effect;
+}
+export interface CloudfrontGrantConfiguration extends BaseGrantConfiguration {
+    readonly distributionArn: string;
+}
+export interface CloudfrontOAIGrantConfiguration extends BaseGrantConfiguration {
+    readonly canonicalUserId: string;
+}
+/**
+ * Grant given cloudfront distribution rights to given bucket
+ */
+export declare function grantOACRights(config: CloudfrontGrantConfiguration): void;
+/**
+ * Grant given distribution OAI rights to given bucket.
+ * @deprecated use OAC and grantCloudfrontRights
+ */
+export declare function grantOAIRights(config: CloudfrontOAIGrantConfiguration): void;

package/dist/aws/infra/bucket-policy.js

@@ -0,0 +1,30 @@
+import { CanonicalUserPrincipal, Effect, PolicyStatement, ServicePrincipal, } from "aws-cdk-lib/aws-iam";
+/**
+ * Grant given cloudfront distribution rights to given bucket
+ */
+export function grantOACRights(config) {
+    config.bucket.addToResourcePolicy(new PolicyStatement({
+        effect: config.effect ?? Effect.ALLOW,
+        principals: [new ServicePrincipal("cloudfront.amazonaws.com")],
+        resources: config.resources ?? [`${config.bucket.bucketArn}/*`],
+        actions: config.actions ?? ["s3:GetObject"],
+        conditions: {
+            StringEquals: {
+                "AWS:SourceArn": config.distributionArn,
+            },
+        },
+    }));
+}
+/**
+ * Grant given distribution OAI rights to given bucket.
+ * @deprecated use OAC and grantCloudfrontRights
+ */
+export function grantOAIRights(config) {
+    config.bucket.addToResourcePolicy(new PolicyStatement({
+        effect: config.effect ?? Effect.ALLOW,
+        principals: [new CanonicalUserPrincipal(config.canonicalUserId)],
+        resources: config.resources ?? [`${config.bucket.bucketArn}/*`],
+        actions: config.actions ?? ["s3:GetObject"],
+    }));
+}
+//# sourceMappingURL=bucket-policy.js.map

package/dist/aws/infra/canaries/canary-alarm.d.ts

@@ -0,0 +1,6 @@
+import type { Canary } from "aws-cdk-lib/aws-synthetics";
+import type { Construct } from "constructs";
+import type { CanaryParameters } from "./canary-parameters.js";
+export declare class CanaryAlarm {
+    constructor(stack: Construct, canary: Canary, params: CanaryParameters);
+}