@fjall/components-infrastructure 0.80.4 → 0.82.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/__tests__/setup.js +1 -78
- package/dist/lib/app.d.ts +5 -0
- package/dist/lib/app.js +29 -1
- package/dist/lib/config/aws/ecrDefaultImage.js +23 -21
- package/dist/lib/patterns/aws/compute.d.ts +29 -21
- package/dist/lib/patterns/aws/compute.js +10 -3
- package/dist/lib/patterns/aws/database.d.ts +1 -0
- package/dist/lib/patterns/aws/database.js +33 -3
- package/dist/lib/patterns/aws/storage.d.ts +1 -0
- package/dist/lib/patterns/aws/storage.js +23 -1
- package/dist/lib/resources/aws/compute/ecs.d.ts +50 -2
- package/dist/lib/resources/aws/compute/ecs.js +134 -18
- package/dist/lib/resources/aws/compute/ecsFreeTier.d.ts +2 -1
- package/dist/lib/resources/aws/compute/ecsFreeTier.js +1 -352
- package/dist/lib/resources/aws/compute/ecsSpot.d.ts +2 -1
- package/dist/lib/resources/aws/compute/ecsSpot.js +1 -332
- package/dist/lib/resources/aws/compute/utilities/capacityProviderDrainWaiter.js +1 -180
- package/dist/lib/resources/aws/monitoring/monitoringRole.js +61 -4
- package/dist/lib/resources/aws/utilities/cfnOutput.js +1 -13
- package/package.json +3 -3
- package/dist/lib/patterns/aws/cdn.d.ts +0 -133
- package/dist/lib/patterns/aws/cdn.js +0 -216
- package/dist/lib/patterns/aws/dynamodb.d.ts +0 -66
- package/dist/lib/patterns/aws/dynamodb.js +0 -106
- package/dist/lib/patterns/aws/loadBalancer.d.ts +0 -163
- package/dist/lib/patterns/aws/loadBalancer.js +0 -278
- package/dist/lib/patterns/aws/queue.d.ts +0 -61
- package/dist/lib/patterns/aws/queue.js +0 -103
- package/dist/lib/resources/aws/cdn/cloudFront.d.ts +0 -65
- package/dist/lib/resources/aws/cdn/cloudFront.js +0 -135
- package/dist/lib/resources/aws/cdn/index.d.ts +0 -1
- package/dist/lib/resources/aws/cdn/index.js +0 -18
- package/dist/lib/resources/aws/compute/capacityProviderDrainWaiter.d.ts +0 -20
- package/dist/lib/resources/aws/compute/capacityProviderDrainWaiter.js +0 -180
- package/dist/lib/resources/aws/database/dynamodb.d.ts +0 -70
- package/dist/lib/resources/aws/database/dynamodb.js +0 -170
- package/dist/lib/resources/aws/database/rdsDeletionWaiter.d.ts +0 -33
- package/dist/lib/resources/aws/database/rdsDeletionWaiter.js +0 -74
- package/dist/lib/resources/aws/messaging/index.d.ts +0 -1
- package/dist/lib/resources/aws/messaging/index.js +0 -18
- package/dist/lib/resources/aws/messaging/sqs.d.ts +0 -65
- package/dist/lib/resources/aws/messaging/sqs.js +0 -195
- package/dist/lib/resources/aws/networking/vpcEndpoint.d.ts +0 -20
- package/dist/lib/resources/aws/networking/vpcEndpoint.js +0 -59
- package/dist/lib/resources/aws/networking/vpcEndpoints.d.ts +0 -71
- package/dist/lib/resources/aws/networking/vpcEndpoints.js +0 -125
- package/dist/lib/resources/aws/utilities/cfnOutput.test.d.ts +0 -1
- package/dist/lib/resources/aws/utilities/cfnOutput.test.js +0 -102
- package/dist/lib/utils/sanitizeCfnKey.d.ts +0 -5
- package/dist/lib/utils/sanitizeCfnKey.js +0 -11
- package/dist/lib/utils/tagResource.d.ts +0 -24
- package/dist/lib/utils/tagResource.js +0 -30
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.S3Storage = exports.StorageFactory = void 0;
|
|
4
4
|
const constructs_1 = require("constructs");
|
|
5
|
+
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
6
|
const storage_1 = require("../../resources/aws/storage");
|
|
6
7
|
class StorageFactory {
|
|
7
8
|
static build(id, props) {
|
|
@@ -45,6 +46,7 @@ class S3Storage extends constructs_1.Construct {
|
|
|
45
46
|
encryptionKey: props.kmsKeyArn ? undefined : undefined, // KMS key handling
|
|
46
47
|
publicReadAccess: props.publicReadAccess
|
|
47
48
|
});
|
|
49
|
+
this.addOutputs();
|
|
48
50
|
}
|
|
49
51
|
addWebsiteBucket(props) {
|
|
50
52
|
this.bucket = new storage_1.S3WebsiteBucket(this, `${this.id}Bucket`, {
|
|
@@ -55,6 +57,7 @@ class S3Storage extends constructs_1.Construct {
|
|
|
55
57
|
websiteErrorDocument: props.websiteErrorDocument,
|
|
56
58
|
cors: props.cors
|
|
57
59
|
});
|
|
60
|
+
this.addOutputs();
|
|
58
61
|
}
|
|
59
62
|
addPublicReadBucket(props) {
|
|
60
63
|
this.bucket = new storage_1.S3PublicReadBucket(this, `${this.id}Bucket`, {
|
|
@@ -62,6 +65,25 @@ class S3Storage extends constructs_1.Construct {
|
|
|
62
65
|
versioned: props.versioned,
|
|
63
66
|
encryption: props.encryption
|
|
64
67
|
});
|
|
68
|
+
this.addOutputs();
|
|
69
|
+
}
|
|
70
|
+
addOutputs() {
|
|
71
|
+
const stackName = aws_cdk_lib_1.Stack.of(this).stackName;
|
|
72
|
+
// Export bucket ARN for monitoring
|
|
73
|
+
// Use stack name prefix to ensure uniqueness across apps in same region
|
|
74
|
+
new aws_cdk_lib_1.CfnOutput(this, `${this.id}BucketArn`, {
|
|
75
|
+
key: `${stackName}${this.id}BucketArn`,
|
|
76
|
+
exportName: `${stackName}${this.id}BucketArn`,
|
|
77
|
+
value: this.bucket.bucketArn,
|
|
78
|
+
description: `S3 Bucket ARN for ${this.id}`
|
|
79
|
+
});
|
|
80
|
+
// Export bucket name for convenience
|
|
81
|
+
new aws_cdk_lib_1.CfnOutput(this, `${this.id}BucketName`, {
|
|
82
|
+
key: `${stackName}${this.id}BucketName`,
|
|
83
|
+
exportName: `${stackName}${this.id}BucketName`,
|
|
84
|
+
value: this.bucket.bucketName,
|
|
85
|
+
description: `S3 Bucket Name for ${this.id}`
|
|
86
|
+
});
|
|
65
87
|
}
|
|
66
88
|
getBucket() {
|
|
67
89
|
return this.bucket;
|
|
@@ -77,4 +99,4 @@ class S3Storage extends constructs_1.Construct {
|
|
|
77
99
|
}
|
|
78
100
|
}
|
|
79
101
|
exports.S3Storage = S3Storage;
|
|
80
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
102
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RvcmFnZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9wYXR0ZXJucy9hd3Mvc3RvcmFnZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwyQ0FBdUM7QUFFdkMsNkNBQStDO0FBRy9DLHlEQUtxQztBQWdDckMsTUFBYSxjQUFjO0lBQ3pCLE1BQU0sQ0FBQyxLQUFLLENBQXFCLEVBQVUsRUFBRSxLQUFRO1FBQ25ELE9BQU8sQ0FBQyxHQUFRLEVBQUUsS0FBZ0IsRUFBRSxFQUFFO1lBQ3BDLE9BQU8sSUFBSSxTQUFTLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUN6QyxDQUFDLENBQUM7SUFDSixDQUFDO0NBQ0Y7QUFORCx3Q0FNQztBQUVELE1BQWEsU0FBVSxTQUFRLHNCQUFTO0lBT3RDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBZTtRQUN2RCxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ2pCLElBQUksQ0FBQyxFQUFFLEdBQUcsRUFBRSxDQUFDO1FBQ2IsSUFBSSxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUM7UUFDbkIsSUFBSSxDQUFDLFVBQVUsR0FBRyxLQUFLLENBQUMsVUFBVSxDQUFDO1FBRW5DLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDMUIsQ0FBQztJQUVELFdBQVcsQ0FBQyxLQUFlO1FBQ3pCLFFBQVEsS0FBSyxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ3pCLEtBQUssU0FBUztnQkFDWixJQUFJLENBQUMsZ0JBQWdCLENBQUMsS0FBSyxDQUFDLENBQUM7Z0JBQzdCLE1BQU07WUFDUixLQUFLLFNBQVM7Z0JBQ1osSUFBSSxDQUFDLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxDQUFDO2dCQUM3QixNQUFNO1lBQ1IsS0FBSyxZQUFZO2dCQUNmLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxLQUFLLENBQUMsQ0FBQztnQkFDaEMsTUFBTTtZQUNSLE9BQU8sQ0FBQyxDQUFDLENBQUM7Z0JBQ1IsdUJBQXVCO2dCQUN2QixNQUFNLFdBQVcsR0FBVSxLQUFLLENBQUM7Z0JBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQ2IsOEJBQStCLEtBQWEsQ0FBQyxVQUFVLEVBQUUsQ0FDMUQsQ0FBQztZQUNKLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUVPLGdCQUFnQixDQUFDLEtBQXFCO1FBQzVDLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxrQkFBUSxDQUFDLElBQUksRUFBRSxHQUFHLElBQUksQ0FBQyxFQUFFLFFBQVEsRUFBRTtZQUNuRCxlQUFlLEVBQUUsS0FBSyxDQUFDLGVBQWU7WUFDdEMsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO1lBQzFCLFVBQVUsRUFBRSxLQUFLLENBQUMsVUFBaUI7WUFDbkMsYUFBYSxFQUFFLEtBQUssQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsU0FBUyxFQUFFLG1CQUFtQjtZQUMzRSxnQkFBZ0IsRUFBRSxLQUFLLENBQUMsZ0JBQWdCO1NBQ3pDLENBQUMsQ0FBQztRQUNILElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztJQUNwQixDQUFDO0lBRU8sZ0JBQWdCLENBQUMsS0FBcUI7UUFDNUMsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLHlCQUFlLENBQUMsSUFBSSxFQUFFLEdBQUcsSUFBSSxDQUFDLEVBQUUsUUFBUSxFQUFFO1lBQzFELGVBQWUsRUFBRSxLQUFLLENBQUMsZUFBZTtZQUN0QyxTQUFTLEVBQUUsS0FBSyxDQUFDLFNBQVM7WUFDMUIsVUFBVSxFQUFFLEtBQUssQ0FBQyxVQUFpQjtZQUNuQyxvQkFBb0IsRUFBRSxLQUFLLENBQUMsb0JBQW9CO1lBQ2hELG9CQUFvQixFQUFFLEtBQUssQ0FBQyxvQkFBb0I7WUFDaEQsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFXO1NBQ3hCLENBQUMsQ0FBQztRQUNILElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztJQUNwQixDQUFDO0lBRU8sbUJBQW1CLENBQUMsS0FBd0I7UUFDbEQsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLDRCQUFrQixDQUFDLElBQUksRUFBRSxHQUFHLElBQUksQ0FBQyxFQUFFLFFBQVEsRUFBRTtZQUM3RCxlQUFlLEVBQUUsS0FBSyxDQUFDLGVBQWU7WUFDdEMsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO1lBQzFCLFVBQVUsRUFBRSxLQUFLLENBQUMsVUFBaUI7U0FDcEMsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO0lBQ3BCLENBQUM7SUFFTyxVQUFVO1FBQ2hCLE1BQU0sU0FBUyxHQUFHLG1CQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLFNBQVMsQ0FBQztRQUUzQyxtQ0FBbUM7UUFDbkMsd0VBQXdFO1FBQ3hFLElBQUksdUJBQVMsQ0FBQyxJQUFJLEVBQUUsR0FBRyxJQUFJLENBQUMsRUFBRSxXQUFXLEVBQUU7WUFDekMsR0FBRyxFQUFFLEdBQUcsU0FBUyxHQUFHLElBQUksQ0FBQyxFQUFFLFdBQVc7WUFDdEMsVUFBVSxFQUFFLEdBQUcsU0FBUyxHQUFHLElBQUksQ0FBQyxFQUFFLFdBQVc7WUFDN0MsS0FBSyxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsU0FBUztZQUM1QixXQUFXLEVBQUUscUJBQXFCLElBQUksQ0FBQyxFQUFFLEVBQUU7U0FDNUMsQ0FBQyxDQUFDO1FBRUgscUNBQXFDO1FBQ3JDLElBQUksdUJBQVMsQ0FBQyxJQUFJLEVBQUUsR0FBRyxJQUFJLENBQUMsRUFBRSxZQUFZLEVBQUU7WUFDMUMsR0FBRyxFQUFFLEdBQUcsU0FBUyxHQUFHLElBQUksQ0FBQyxFQUFFLFlBQVk7WUFDdkMsVUFBVSxFQUFFLEdBQUcsU0FBUyxHQUFHLElBQUksQ0FBQyxFQUFFLFlBQVk7WUFDOUMsS0FBSyxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsVUFBVTtZQUM3QixXQUFXLEVBQUUsc0JBQXNCLElBQUksQ0FBQyxFQUFFLEVBQUU7U0FDN0MsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELFNBQVM7UUFDUCxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUM7SUFDckIsQ0FBQztJQUVELGFBQWE7UUFDWCxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsVUFBVSxDQUFDO0lBQ2hDLENBQUM7SUFFRCxZQUFZO1FBQ1YsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQztJQUMvQixDQUFDO0lBRUQsYUFBYTtRQUNYLE9BQU8sSUFBSSxDQUFDLFVBQVUsQ0FBQztJQUN6QixDQUFDO0NBQ0Y7QUF6R0QsOEJBeUdDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCB7IHR5cGUgSUJ1Y2tldCB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczNcIjtcbmltcG9ydCB7IENmbk91dHB1dCwgU3RhY2sgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcblxuaW1wb3J0IHR5cGUgQXBwIGZyb20gXCIuLi8uLi9hcHBcIjtcbmltcG9ydCB7XG4gIFMzQnVja2V0LFxuICBTM1dlYnNpdGVCdWNrZXQsXG4gIFMzUHVibGljUmVhZEJ1Y2tldCxcbiAgdHlwZSBCYWNrdXBWYXVsdFRpZXJcbn0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3Mvc3RvcmFnZVwiO1xuXG50eXBlIFMzQnVja2V0VHlwZSA9IFwicHJpdmF0ZVwiIHwgXCJ3ZWJzaXRlXCIgfCBcInB1YmxpY1JlYWRcIjtcblxudHlwZSBCYXNlUzNQcm9wcyA9IHtcbiAgYmFja3VwVmF1bHRUaWVyPzogQmFja3VwVmF1bHRUaWVyO1xuICB2ZXJzaW9uZWQ/OiBib29sZWFuO1xuICBlbmNyeXB0aW9uPzogXCJBRVMyNTZcIiB8IFwiS01TXCI7XG4gIGttc0tleUFybj86IHN0cmluZztcbn07XG5cbmV4cG9ydCBpbnRlcmZhY2UgUHJpdmF0ZVMzUHJvcHMgZXh0ZW5kcyBCYXNlUzNQcm9wcyB7XG4gIGJ1Y2tldFR5cGU6IFwicHJpdmF0ZVwiO1xuICBwdWJsaWNSZWFkQWNjZXNzPzogYm9vbGVhbjtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBXZWJzaXRlUzNQcm9wcyBleHRlbmRzIEJhc2VTM1Byb3BzIHtcbiAgYnVja2V0VHlwZTogXCJ3ZWJzaXRlXCI7XG4gIHdlYnNpdGVJbmRleERvY3VtZW50Pzogc3RyaW5nO1xuICB3ZWJzaXRlRXJyb3JEb2N1bWVudD86IHN0cmluZztcbiAgY29ycz86IEFycmF5PHtcbiAgICBhbGxvd2VkT3JpZ2luczogc3RyaW5nW107XG4gICAgYWxsb3dlZE1ldGhvZHM6IHN0cmluZ1tdO1xuICB9Pjtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBQdWJsaWNSZWFkUzNQcm9wcyBleHRlbmRzIEJhc2VTM1Byb3BzIHtcbiAgYnVja2V0VHlwZTogXCJwdWJsaWNSZWFkXCI7XG59XG5cbmV4cG9ydCB0eXBlIElTM1Byb3BzID0gUHJpdmF0ZVMzUHJvcHMgfCBXZWJzaXRlUzNQcm9wcyB8IFB1YmxpY1JlYWRTM1Byb3BzO1xuXG5leHBvcnQgY2xhc3MgU3RvcmFnZUZhY3Rvcnkge1xuICBzdGF0aWMgYnVpbGQ8VCBleHRlbmRzIElTM1Byb3BzPihpZDogc3RyaW5nLCBwcm9wczogVCkge1xuICAgIHJldHVybiAoYXBwOiBBcHAsIHNjb3BlOiBDb25zdHJ1Y3QpID0+IHtcbiAgICAgIHJldHVybiBuZXcgUzNTdG9yYWdlKHNjb3BlLCBpZCwgcHJvcHMpO1xuICAgIH07XG4gIH1cbn1cblxuZXhwb3J0IGNsYXNzIFMzU3RvcmFnZSBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHB1YmxpYyBpZDogc3RyaW5nO1xuICBwdWJsaWMgc2NvcGU6IENvbnN0cnVjdDtcblxuICBwcml2YXRlIGJ1Y2tldDogUzNCdWNrZXQgfCBTM1dlYnNpdGVCdWNrZXQgfCBTM1B1YmxpY1JlYWRCdWNrZXQ7XG4gIHByaXZhdGUgYnVja2V0VHlwZTogUzNCdWNrZXRUeXBlO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBJUzNQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG4gICAgdGhpcy5pZCA9IGlkO1xuICAgIHRoaXMuc2NvcGUgPSBzY29wZTtcbiAgICB0aGlzLmJ1Y2tldFR5cGUgPSBwcm9wcy5idWNrZXRUeXBlO1xuXG4gICAgdGhpcy5hZGRTM0J1Y2tldChwcm9wcyk7XG4gIH1cblxuICBhZGRTM0J1Y2tldChwcm9wczogSVMzUHJvcHMpIHtcbiAgICBzd2l0Y2ggKHByb3BzLmJ1Y2tldFR5cGUpIHtcbiAgICAgIGNhc2UgXCJwcml2YXRlXCI6XG4gICAgICAgIHRoaXMuYWRkUHJpdmF0ZUJ1Y2tldChwcm9wcyk7XG4gICAgICAgIGJyZWFrO1xuICAgICAgY2FzZSBcIndlYnNpdGVcIjpcbiAgICAgICAgdGhpcy5hZGRXZWJzaXRlQnVja2V0KHByb3BzKTtcbiAgICAgICAgYnJlYWs7XG4gICAgICBjYXNlIFwicHVibGljUmVhZFwiOlxuICAgICAgICB0aGlzLmFkZFB1YmxpY1JlYWRCdWNrZXQocHJvcHMpO1xuICAgICAgICBicmVhaztcbiAgICAgIGRlZmF1bHQ6IHtcbiAgICAgICAgLy8gRXhoYXVzdGl2ZW5lc3MgY2hlY2tcbiAgICAgICAgY29uc3QgX2V4aGF1c3RpdmU6IG5ldmVyID0gcHJvcHM7XG4gICAgICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgICAgICBgVW5zdXBwb3J0ZWQgUzMgYnVja2V0IHR5cGUgJHsocHJvcHMgYXMgYW55KS5idWNrZXRUeXBlfWBcbiAgICAgICAgKTtcbiAgICAgIH1cbiAgICB9XG4gIH1cblxuICBwcml2YXRlIGFkZFByaXZhdGVCdWNrZXQocHJvcHM6IFByaXZhdGVTM1Byb3BzKSB7XG4gICAgdGhpcy5idWNrZXQgPSBuZXcgUzNCdWNrZXQodGhpcywgYCR7dGhpcy5pZH1CdWNrZXRgLCB7XG4gICAgICBiYWNrdXBWYXVsdFRpZXI6IHByb3BzLmJhY2t1cFZhdWx0VGllcixcbiAgICAgIHZlcnNpb25lZDogcHJvcHMudmVyc2lvbmVkLFxuICAgICAgZW5jcnlwdGlvbjogcHJvcHMuZW5jcnlwdGlvbiBhcyBhbnksXG4gICAgICBlbmNyeXB0aW9uS2V5OiBwcm9wcy5rbXNLZXlBcm4gPyB1bmRlZmluZWQgOiB1bmRlZmluZWQsIC8vIEtNUyBrZXkgaGFuZGxpbmdcbiAgICAgIHB1YmxpY1JlYWRBY2Nlc3M6IHByb3BzLnB1YmxpY1JlYWRBY2Nlc3NcbiAgICB9KTtcbiAgICB0aGlzLmFkZE91dHB1dHMoKTtcbiAgfVxuXG4gIHByaXZhdGUgYWRkV2Vic2l0ZUJ1Y2tldChwcm9wczogV2Vic2l0ZVMzUHJvcHMpIHtcbiAgICB0aGlzLmJ1Y2tldCA9IG5ldyBTM1dlYnNpdGVCdWNrZXQodGhpcywgYCR7dGhpcy5pZH1CdWNrZXRgLCB7XG4gICAgICBiYWNrdXBWYXVsdFRpZXI6IHByb3BzLmJhY2t1cFZhdWx0VGllcixcbiAgICAgIHZlcnNpb25lZDogcHJvcHMudmVyc2lvbmVkLFxuICAgICAgZW5jcnlwdGlvbjogcHJvcHMuZW5jcnlwdGlvbiBhcyBhbnksXG4gICAgICB3ZWJzaXRlSW5kZXhEb2N1bWVudDogcHJvcHMud2Vic2l0ZUluZGV4RG9jdW1lbnQsXG4gICAgICB3ZWJzaXRlRXJyb3JEb2N1bWVudDogcHJvcHMud2Vic2l0ZUVycm9yRG9jdW1lbnQsXG4gICAgICBjb3JzOiBwcm9wcy5jb3JzIGFzIGFueVxuICAgIH0pO1xuICAgIHRoaXMuYWRkT3V0cHV0cygpO1xuICB9XG5cbiAgcHJpdmF0ZSBhZGRQdWJsaWNSZWFkQnVja2V0KHByb3BzOiBQdWJsaWNSZWFkUzNQcm9wcykge1xuICAgIHRoaXMuYnVja2V0ID0gbmV3IFMzUHVibGljUmVhZEJ1Y2tldCh0aGlzLCBgJHt0aGlzLmlkfUJ1Y2tldGAsIHtcbiAgICAgIGJhY2t1cFZhdWx0VGllcjogcHJvcHMuYmFja3VwVmF1bHRUaWVyLFxuICAgICAgdmVyc2lvbmVkOiBwcm9wcy52ZXJzaW9uZWQsXG4gICAgICBlbmNyeXB0aW9uOiBwcm9wcy5lbmNyeXB0aW9uIGFzIGFueVxuICAgIH0pO1xuICAgIHRoaXMuYWRkT3V0cHV0cygpO1xuICB9XG5cbiAgcHJpdmF0ZSBhZGRPdXRwdXRzKCkge1xuICAgIGNvbnN0IHN0YWNrTmFtZSA9IFN0YWNrLm9mKHRoaXMpLnN0YWNrTmFtZTtcblxuICAgIC8vIEV4cG9ydCBidWNrZXQgQVJOIGZvciBtb25pdG9yaW5nXG4gICAgLy8gVXNlIHN0YWNrIG5hbWUgcHJlZml4IHRvIGVuc3VyZSB1bmlxdWVuZXNzIGFjcm9zcyBhcHBzIGluIHNhbWUgcmVnaW9uXG4gICAgbmV3IENmbk91dHB1dCh0aGlzLCBgJHt0aGlzLmlkfUJ1Y2tldEFybmAsIHtcbiAgICAgIGtleTogYCR7c3RhY2tOYW1lfSR7dGhpcy5pZH1CdWNrZXRBcm5gLFxuICAgICAgZXhwb3J0TmFtZTogYCR7c3RhY2tOYW1lfSR7dGhpcy5pZH1CdWNrZXRBcm5gLFxuICAgICAgdmFsdWU6IHRoaXMuYnVja2V0LmJ1Y2tldEFybixcbiAgICAgIGRlc2NyaXB0aW9uOiBgUzMgQnVja2V0IEFSTiBmb3IgJHt0aGlzLmlkfWBcbiAgICB9KTtcblxuICAgIC8vIEV4cG9ydCBidWNrZXQgbmFtZSBmb3IgY29udmVuaWVuY2VcbiAgICBuZXcgQ2ZuT3V0cHV0KHRoaXMsIGAke3RoaXMuaWR9QnVja2V0TmFtZWAsIHtcbiAgICAgIGtleTogYCR7c3RhY2tOYW1lfSR7dGhpcy5pZH1CdWNrZXROYW1lYCxcbiAgICAgIGV4cG9ydE5hbWU6IGAke3N0YWNrTmFtZX0ke3RoaXMuaWR9QnVja2V0TmFtZWAsXG4gICAgICB2YWx1ZTogdGhpcy5idWNrZXQuYnVja2V0TmFtZSxcbiAgICAgIGRlc2NyaXB0aW9uOiBgUzMgQnVja2V0IE5hbWUgZm9yICR7dGhpcy5pZH1gXG4gICAgfSk7XG4gIH1cblxuICBnZXRCdWNrZXQoKTogSUJ1Y2tldCB7XG4gICAgcmV0dXJuIHRoaXMuYnVja2V0O1xuICB9XG5cbiAgZ2V0QnVja2V0TmFtZSgpOiBzdHJpbmcge1xuICAgIHJldHVybiB0aGlzLmJ1Y2tldC5idWNrZXROYW1lO1xuICB9XG5cbiAgZ2V0QnVja2V0QXJuKCk6IHN0cmluZyB7XG4gICAgcmV0dXJuIHRoaXMuYnVja2V0LmJ1Y2tldEFybjtcbiAgfVxuXG4gIGdldEJ1Y2tldFR5cGUoKTogUzNCdWNrZXRUeXBlIHtcbiAgICByZXR1cm4gdGhpcy5idWNrZXRUeXBlO1xuICB9XG59XG4iXX0=
|
|
@@ -27,10 +27,12 @@ export interface Ec2CapacityConfig {
|
|
|
27
27
|
instanceType?: string;
|
|
28
28
|
/** AMI hardware type. Default: "ARM" (Graviton - better cost/performance) */
|
|
29
29
|
amiHardwareType?: "ARM" | "STANDARD";
|
|
30
|
-
/** Minimum number of instances. Default:
|
|
30
|
+
/** Minimum number of instances. Default: 1 */
|
|
31
31
|
minCapacity?: number;
|
|
32
32
|
/** Maximum number of instances. Default: 3 */
|
|
33
33
|
maxCapacity?: number;
|
|
34
|
+
/** Desired number of EC2 instances. Default: 2 (for availability) */
|
|
35
|
+
desiredCount?: number;
|
|
34
36
|
/** Memory limit in MiB for the container. Default: 1024 */
|
|
35
37
|
memoryLimitMiB?: number;
|
|
36
38
|
}
|
|
@@ -87,10 +89,18 @@ export interface EcsClusterContainerConfig {
|
|
|
87
89
|
port?: number;
|
|
88
90
|
/** Environment variables */
|
|
89
91
|
environment?: Record<string, string>;
|
|
90
|
-
/** Secrets imported from other resources */
|
|
92
|
+
/** Secrets imported from other resources (AWS Secrets Manager) */
|
|
91
93
|
secretsImport?: {
|
|
92
94
|
[key: string]: SecretImport;
|
|
93
95
|
};
|
|
96
|
+
/**
|
|
97
|
+
* Secrets from AWS SSM Parameter Store.
|
|
98
|
+
* Array of secret names that will be fetched from the service's SSM namespace.
|
|
99
|
+
*
|
|
100
|
+
* @example
|
|
101
|
+
* ssmSecrets: ["API_KEY", "DB_PASSWORD"]
|
|
102
|
+
*/
|
|
103
|
+
ssmSecrets?: string[];
|
|
94
104
|
/** Command to run in the container */
|
|
95
105
|
command?: string[];
|
|
96
106
|
/** Entry point for the container */
|
|
@@ -221,6 +231,15 @@ export interface EcsServiceProps {
|
|
|
221
231
|
* Services with matching ec2Config share an ASG for efficiency.
|
|
222
232
|
*/
|
|
223
233
|
ec2Config?: Ec2CapacityConfig;
|
|
234
|
+
/**
|
|
235
|
+
* SSM Parameter Store path for secrets.
|
|
236
|
+
* If containers have ssmSecrets defined, this path is used as the base path.
|
|
237
|
+
* Format: /<app>/<cluster>/<service>
|
|
238
|
+
*
|
|
239
|
+
* @example
|
|
240
|
+
* ssmSecretsPath: "/myapp/api-cluster/users"
|
|
241
|
+
*/
|
|
242
|
+
ssmSecretsPath?: string;
|
|
224
243
|
}
|
|
225
244
|
/**
|
|
226
245
|
* Props for creating an ECS cluster with multiple services.
|
|
@@ -228,6 +247,12 @@ export interface EcsServiceProps {
|
|
|
228
247
|
export type EcsClusterProps = {
|
|
229
248
|
/** Cluster name */
|
|
230
249
|
clusterName: string;
|
|
250
|
+
/**
|
|
251
|
+
* Application name for SSM secrets namespace.
|
|
252
|
+
* Required when any container uses ssmSecrets without explicit ssmSecretsPath.
|
|
253
|
+
* Used to build the path: /<appName>/<clusterName>/<serviceName>
|
|
254
|
+
*/
|
|
255
|
+
appName?: string;
|
|
231
256
|
/** VPC to deploy into */
|
|
232
257
|
vpc?: IVpc;
|
|
233
258
|
/** Default ECR repository or container image */
|
|
@@ -373,6 +398,29 @@ export default class EcsCluster extends Construct implements IConnectable {
|
|
|
373
398
|
* Checks if a service uses an EC2 capacity provider.
|
|
374
399
|
*/
|
|
375
400
|
private isServiceEc2;
|
|
401
|
+
/**
|
|
402
|
+
* Validates an SSM path component for correctness.
|
|
403
|
+
* SSM parameter paths have specific constraints that must be enforced.
|
|
404
|
+
*
|
|
405
|
+
* @param component - The path component to validate
|
|
406
|
+
* @param fieldName - Name of the field for error messages
|
|
407
|
+
* @throws Error if the component is invalid
|
|
408
|
+
*/
|
|
409
|
+
private validateSsmPathComponent;
|
|
410
|
+
/**
|
|
411
|
+
* Derives the SSM secrets path for a service.
|
|
412
|
+
* Uses explicit path if provided, otherwise derives from app/cluster/service names.
|
|
413
|
+
*
|
|
414
|
+
* @param serviceName - The service name
|
|
415
|
+
* @param explicitPath - Optional explicit path override
|
|
416
|
+
* @returns The SSM secrets path (e.g., /myapp/ApiCluster/users)
|
|
417
|
+
*/
|
|
418
|
+
/**
|
|
419
|
+
* Collects all Secrets Manager secret names from secretsImport across all services.
|
|
420
|
+
* Used to scope IAM permissions for least-privilege access.
|
|
421
|
+
*/
|
|
422
|
+
private collectSecretsManagerSecretNames;
|
|
423
|
+
private deriveSsmSecretsPath;
|
|
376
424
|
/**
|
|
377
425
|
* Generates a unique key for EC2 config (for ASG deduplication).
|
|
378
426
|
* Services with matching keys share an ASG.
|