@fjall/components-infrastructure 0.86.0 → 0.87.3

package/dist/lib/patterns/aws/connections.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Shared connection processor for unified connector interface.
+ *
+ * This module provides the `processConnections` function that handles
+ * both security group rules (IConnectable) and IAM grants (IGrantable)
+ * in a unified way.
+ *
+ * @example
+ * // In ECS service setup
+ * processConnections(
+ *   serviceProps.connections,
+ *   serviceData.taskRole,  // IGrantable for IAM
+ *   service               // IConnectable for security groups
+ * );
+ *
+ * @example
+ * // In Lambda setup
+ * processConnections(
+ *   props.connections,
+ *   this.lambdaFunction,  // IGrantable (execution role)
+ *   this.lambdaFunction   // IConnectable (security group)
+ * );
+ */
+import { type IConnectable } from "aws-cdk-lib/aws-ec2";
+import { type IGrantable } from "aws-cdk-lib/aws-iam";
+import { type ConnectionSpec, type ConnectionResult } from "./interfaces/connector.js";
+/**
+ * Process connections from compute resources to data resources.
+ *
+ * Handles the unified connector interface, dispatching to:
+ * - Security group rules for IConnectable and ISecurityGroupConnector resources
+ * - IAM grants for IStorageConnector, IDynamoDBConnector, and IQueueConnector resources
+ *
+ * @param connections - Array of connection specifications
+ * @param grantee - The IAM grantee (task role, execution role, etc.)
+ * @param connectable - Optional IConnectable for security group rules
+ * @returns Array of connection results
+ *
+ * @example
+ * processConnections(
+ *   [database, { resource: bucket, access: "read" }, queue],
+ *   taskRole,
+ *   service
+ * );
+ */
+export declare function processConnections(connections: ConnectionSpec[], grantee: IGrantable, connectable?: IConnectable): ConnectionResult[];

package/dist/lib/patterns/aws/connections.js

@@ -0,0 +1,159 @@
+"use strict";
+/**
+ * Shared connection processor for unified connector interface.
+ *
+ * This module provides the `processConnections` function that handles
+ * both security group rules (IConnectable) and IAM grants (IGrantable)
+ * in a unified way.
+ *
+ * @example
+ * // In ECS service setup
+ * processConnections(
+ *   serviceProps.connections,
+ *   serviceData.taskRole,  // IGrantable for IAM
+ *   service               // IConnectable for security groups
+ * );
+ *
+ * @example
+ * // In Lambda setup
+ * processConnections(
+ *   props.connections,
+ *   this.lambdaFunction,  // IGrantable (execution role)
+ *   this.lambdaFunction   // IConnectable (security group)
+ * );
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.processConnections = processConnections;
+const connector_js_1 = require("./interfaces/connector.js");
+/** Default access levels for each connector type. */
+const DEFAULT_ACCESS = {
+    storage: "readWrite",
+    dynamodb: "readWrite",
+    queue: "full"
+};
+/** Grant storage access based on access level. */
+function processStorageConnection(connector, grantee, access) {
+    switch (access) {
+        case "read":
+            return connector.grantRead(grantee);
+        case "write":
+            return connector.grantWrite(grantee);
+        case "readWrite":
+            return connector.grantReadWrite(grantee);
+    }
+}
+/** Grant DynamoDB access based on access level. */
+function processDynamoDBConnection(connector, grantee, access) {
+    switch (access) {
+        case "read":
+            return connector.grantReadData(grantee);
+        case "write":
+            return connector.grantWriteData(grantee);
+        case "readWrite":
+            return connector.grantReadWriteData(grantee);
+    }
+}
+/** Grant queue access based on access level. */
+function processQueueConnection(connector, grantee, access) {
+    switch (access) {
+        case "send":
+            return connector.grantSendMessages(grantee);
+        case "consume":
+            return connector.grantConsumeMessages(grantee);
+        case "full":
+            return connector.grantFull(grantee);
+    }
+}
+/** Build an IAM connection result. */
+function buildIamResult(connector, grant) {
+    return { resource: connector, grant, connectionType: connector_js_1.CONNECTION_TYPE.IAM };
+}
+/** Build a security group connection result. */
+function buildSecurityGroupResult(resource) {
+    return { resource, connectionType: connector_js_1.CONNECTION_TYPE.SECURITY_GROUP };
+}
+/** Validate and narrow access type for storage/dynamodb connectors. */
+function validateConnectionAccess(access, connectorType, defaultAccess) {
+    if (access === undefined)
+        return defaultAccess;
+    if ((0, connector_js_1.isConnectionAccess)(access))
+        return access;
+    throw new Error(`Invalid access "${access}" for ${connectorType} connector. ` +
+        `Valid values: read, write, readWrite`);
+}
+/** Validate and narrow access type for queue connectors. */
+function validateMessagingAccess(access, defaultAccess) {
+    if (access === undefined)
+        return defaultAccess;
+    if ((0, connector_js_1.isMessagingAccess)(access))
+        return access;
+    throw new Error(`Invalid access "${access}" for queue connector. ` +
+        `Valid values: send, consume, full`);
+}
+/**
+ * Require IConnectable for security group operations.
+ * Throws a descriptive error if not provided.
+ */
+function requireConnectable(connectable, context) {
+    if (!connectable) {
+        throw new Error(`${context} requires an IConnectable to be provided. ` +
+            "Ensure the compute resource (ECS, EC2, Lambda with VPC) implements IConnectable.");
+    }
+}
+/**
+ * Process connections from compute resources to data resources.
+ *
+ * Handles the unified connector interface, dispatching to:
+ * - Security group rules for IConnectable and ISecurityGroupConnector resources
+ * - IAM grants for IStorageConnector, IDynamoDBConnector, and IQueueConnector resources
+ *
+ * @param connections - Array of connection specifications
+ * @param grantee - The IAM grantee (task role, execution role, etc.)
+ * @param connectable - Optional IConnectable for security group rules
+ * @returns Array of connection results
+ *
+ * @example
+ * processConnections(
+ *   [database, { resource: bucket, access: "read" }, queue],
+ *   taskRole,
+ *   service
+ * );
+ */
+function processConnections(connections, grantee, connectable) {
+    return connections.map((spec) => {
+        const { resource, access } = (0, connector_js_1.isConnectionConfig)(spec)
+            ? { resource: spec.resource, access: spec.access }
+            : { resource: spec, access: undefined };
+        // Handle unified connector interface (isConnector now returns AnyConnector)
+        if ((0, connector_js_1.isConnector)(resource)) {
+            switch (resource.connectorType) {
+                case "storage": {
+                    const validAccess = validateConnectionAccess(access, "storage", DEFAULT_ACCESS.storage);
+                    return buildIamResult(resource, processStorageConnection(resource, grantee, validAccess));
+                }
+                case "dynamodb": {
+                    const validAccess = validateConnectionAccess(access, "dynamodb", DEFAULT_ACCESS.dynamodb);
+                    return buildIamResult(resource, processDynamoDBConnection(resource, grantee, validAccess));
+                }
+                case "queue": {
+                    const validAccess = validateMessagingAccess(access, DEFAULT_ACCESS.queue);
+                    return buildIamResult(resource, processQueueConnection(resource, grantee, validAccess));
+                }
+                case "securityGroup":
+                case "relational": {
+                    requireConnectable(connectable, `${resource.connectorType} connector`);
+                    connectable.connections.allowToDefaultPort(resource);
+                    return buildSecurityGroupResult(resource);
+                }
+            }
+        }
+        // Legacy IConnectable path
+        if ((0, connector_js_1.isConnectable)(resource)) {
+            requireConnectable(connectable, "IConnectable resource");
+            connectable.connections.allowToDefaultPort(resource);
+            return buildSecurityGroupResult(resource);
+        }
+        throw new Error("Connection resource must be either an IConnector or IConnectable");
+    });
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29ubmVjdGlvbnMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvcGF0dGVybnMvYXdzL2Nvbm5lY3Rpb25zLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQXNCRzs7QUF5SkgsZ0RBdUVDO0FBNU5ELDREQWVtQztBQUVuQyxxREFBcUQ7QUFDckQsTUFBTSxjQUFjLEdBQUc7SUFDckIsT0FBTyxFQUFFLFdBQVc7SUFDcEIsUUFBUSxFQUFFLFdBQVc7SUFDckIsS0FBSyxFQUFFLE1BQU07Q0FDTCxDQUFDO0FBRVgsa0RBQWtEO0FBQ2xELFNBQVMsd0JBQXdCLENBQy9CLFNBQTRCLEVBQzVCLE9BQW1CLEVBQ25CLE1BQXdCO0lBRXhCLFFBQVEsTUFBTSxFQUFFLENBQUM7UUFDZixLQUFLLE1BQU07WUFDVCxPQUFPLFNBQVMsQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdEMsS0FBSyxPQUFPO1lBQ1YsT0FBTyxTQUFTLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3ZDLEtBQUssV0FBVztZQUNkLE9BQU8sU0FBUyxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUM3QyxDQUFDO0FBQ0gsQ0FBQztBQUVELG1EQUFtRDtBQUNuRCxTQUFTLHlCQUF5QixDQUNoQyxTQUE2QixFQUM3QixPQUFtQixFQUNuQixNQUF3QjtJQUV4QixRQUFRLE1BQU0sRUFBRSxDQUFDO1FBQ2YsS0FBSyxNQUFNO1lBQ1QsT0FBTyxTQUFTLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzFDLEtBQUssT0FBTztZQUNWLE9BQU8sU0FBUyxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMzQyxLQUFLLFdBQVc7WUFDZCxPQUFPLFNBQVMsQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNqRCxDQUFDO0FBQ0gsQ0FBQztBQUVELGdEQUFnRDtBQUNoRCxTQUFTLHNCQUFzQixDQUM3QixTQUEwQixFQUMxQixPQUFtQixFQUNuQixNQUF1QjtJQUV2QixRQUFRLE1BQU0sRUFBRSxDQUFDO1FBQ2YsS0FBSyxNQUFNO1lBQ1QsT0FBTyxTQUFTLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDOUMsS0FBSyxTQUFTO1lBQ1osT0FBTyxTQUFTLENBQUMsb0JBQW9CLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDakQsS0FBSyxNQUFNO1lBQ1QsT0FBTyxTQUFTLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQ3hDLENBQUM7QUFDSCxDQUFDO0FBRUQsc0NBQXNDO0FBQ3RDLFNBQVMsY0FBYyxDQUNyQixTQUF1QixFQUN2QixLQUFZO0lBRVosT0FBTyxFQUFFLFFBQVEsRUFBRSxTQUFTLEVBQUUsS0FBSyxFQUFFLGNBQWMsRUFBRSw4QkFBZSxDQUFDLEdBQUcsRUFBRSxDQUFDO0FBQzdFLENBQUM7QUFFRCxnREFBZ0Q7QUFDaEQsU0FBUyx3QkFBd0IsQ0FDL0IsUUFBcUM7SUFFckMsT0FBTyxFQUFFLFFBQVEsRUFBRSxjQUFjLEVBQUUsOEJBQWUsQ0FBQyxjQUFjLEVBQUUsQ0FBQztBQUN0RSxDQUFDO0FBRUQsdUVBQXVFO0FBQ3ZFLFNBQVMsd0JBQXdCLENBQy9CLE1BQXNELEVBQ3RELGFBQXFCLEVBQ3JCLGFBQStCO0lBRS9CLElBQUksTUFBTSxLQUFLLFNBQVM7UUFBRSxPQUFPLGFBQWEsQ0FBQztJQUMvQyxJQUFJLElBQUEsaUNBQWtCLEVBQUMsTUFBTSxDQUFDO1FBQUUsT0FBTyxNQUFNLENBQUM7SUFDOUMsTUFBTSxJQUFJLEtBQUssQ0FDYixtQkFBbUIsTUFBTSxTQUFTLGFBQWEsY0FBYztRQUMzRCxzQ0FBc0MsQ0FDekMsQ0FBQztBQUNKLENBQUM7QUFFRCw0REFBNEQ7QUFDNUQsU0FBUyx1QkFBdUIsQ0FDOUIsTUFBc0QsRUFDdEQsYUFBOEI7SUFFOUIsSUFBSSxNQUFNLEtBQUssU0FBUztRQUFFLE9BQU8sYUFBYSxDQUFDO0lBQy9DLElBQUksSUFBQSxnQ0FBaUIsRUFBQyxNQUFNLENBQUM7UUFBRSxPQUFPLE1BQU0sQ0FBQztJQUM3QyxNQUFNLElBQUksS0FBSyxDQUNiLG1CQUFtQixNQUFNLHlCQUF5QjtRQUNoRCxtQ0FBbUMsQ0FDdEMsQ0FBQztBQUNKLENBQUM7QUFFRDs7O0dBR0c7QUFDSCxTQUFTLGtCQUFrQixDQUN6QixXQUFxQyxFQUNyQyxPQUFlO0lBRWYsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ2pCLE1BQU0sSUFBSSxLQUFLLENBQ2IsR0FBRyxPQUFPLDRDQUE0QztZQUNwRCxrRkFBa0YsQ0FDckYsQ0FBQztJQUNKLENBQUM7QUFDSCxDQUFDO0FBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQWtCRztBQUNILFNBQWdCLGtCQUFrQixDQUNoQyxXQUE2QixFQUM3QixPQUFtQixFQUNuQixXQUEwQjtJQUUxQixPQUFPLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRTtRQUM5QixNQUFNLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxHQUFHLElBQUEsaUNBQWtCLEVBQUMsSUFBSSxDQUFDO1lBQ25ELENBQUMsQ0FBQyxFQUFFLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUSxFQUFFLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTSxFQUFFO1lBQ2xELENBQUMsQ0FBQyxFQUFFLFFBQVEsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLFNBQVMsRUFBRSxDQUFDO1FBRTFDLDRFQUE0RTtRQUM1RSxJQUFJLElBQUEsMEJBQVcsRUFBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1lBQzFCLFFBQVEsUUFBUSxDQUFDLGFBQWEsRUFBRSxDQUFDO2dCQUMvQixLQUFLLFNBQVMsQ0FBQyxDQUFDLENBQUM7b0JBQ2YsTUFBTSxXQUFXLEdBQUcsd0JBQXdCLENBQzFDLE1BQU0sRUFDTixTQUFTLEVBQ1QsY0FBYyxDQUFDLE9BQU8sQ0FDdkIsQ0FBQztvQkFDRixPQUFPLGNBQWMsQ0FDbkIsUUFBUSxFQUNSLHdCQUF3QixDQUFDLFFBQVEsRUFBRSxPQUFPLEVBQUUsV0FBVyxDQUFDLENBQ3pELENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxLQUFLLFVBQVUsQ0FBQyxDQUFDLENBQUM7b0JBQ2hCLE1BQU0sV0FBVyxHQUFHLHdCQUF3QixDQUMxQyxNQUFNLEVBQ04sVUFBVSxFQUNWLGNBQWMsQ0FBQyxRQUFRLENBQ3hCLENBQUM7b0JBQ0YsT0FBTyxjQUFjLENBQ25CLFFBQVEsRUFDUix5QkFBeUIsQ0FBQyxRQUFRLEVBQUUsT0FBTyxFQUFFLFdBQVcsQ0FBQyxDQUMxRCxDQUFDO2dCQUNKLENBQUM7Z0JBRUQsS0FBSyxPQUFPLENBQUMsQ0FBQyxDQUFDO29CQUNiLE1BQU0sV0FBVyxHQUFHLHVCQUF1QixDQUN6QyxNQUFNLEVBQ04sY0FBYyxDQUFDLEtBQUssQ0FDckIsQ0FBQztvQkFDRixPQUFPLGNBQWMsQ0FDbkIsUUFBUSxFQUNSLHNCQUFzQixDQUFDLFFBQVEsRUFBRSxPQUFPLEVBQUUsV0FBVyxDQUFDLENBQ3ZELENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxLQUFLLGVBQWUsQ0FBQztnQkFDckIsS0FBSyxZQUFZLENBQUMsQ0FBQyxDQUFDO29CQUNsQixrQkFBa0IsQ0FDaEIsV0FBVyxFQUNYLEdBQUcsUUFBUSxDQUFDLGFBQWEsWUFBWSxDQUN0QyxDQUFDO29CQUNGLFdBQVcsQ0FBQyxXQUFXLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLENBQUM7b0JBQ3JELE9BQU8sd0JBQXdCLENBQUMsUUFBUSxDQUFDLENBQUM7Z0JBQzVDLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELDJCQUEyQjtRQUMzQixJQUFJLElBQUEsNEJBQWEsRUFBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1lBQzVCLGtCQUFrQixDQUFDLFdBQVcsRUFBRSx1QkFBdUIsQ0FBQyxDQUFDO1lBQ3pELFdBQVcsQ0FBQyxXQUFXLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDckQsT0FBTyx3QkFBd0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUM1QyxDQUFDO1FBRUQsTUFBTSxJQUFJLEtBQUssQ0FDYixrRUFBa0UsQ0FDbkUsQ0FBQztJQUNKLENBQUMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogU2hhcmVkIGNvbm5lY3Rpb24gcHJvY2Vzc29yIGZvciB1bmlmaWVkIGNvbm5lY3RvciBpbnRlcmZhY2UuXG4gKlxuICogVGhpcyBtb2R1bGUgcHJvdmlkZXMgdGhlIGBwcm9jZXNzQ29ubmVjdGlvbnNgIGZ1bmN0aW9uIHRoYXQgaGFuZGxlc1xuICogYm90aCBzZWN1cml0eSBncm91cCBydWxlcyAoSUNvbm5lY3RhYmxlKSBhbmQgSUFNIGdyYW50cyAoSUdyYW50YWJsZSlcbiAqIGluIGEgdW5pZmllZCB3YXkuXG4gKlxuICogQGV4YW1wbGVcbiAqIC8vIEluIEVDUyBzZXJ2aWNlIHNldHVwXG4gKiBwcm9jZXNzQ29ubmVjdGlvbnMoXG4gKiAgIHNlcnZpY2VQcm9wcy5jb25uZWN0aW9ucyxcbiAqICAgc2VydmljZURhdGEudGFza1JvbGUsICAvLyBJR3JhbnRhYmxlIGZvciBJQU1cbiAqICAgc2VydmljZSAgICAgICAgICAgICAgIC8vIElDb25uZWN0YWJsZSBmb3Igc2VjdXJpdHkgZ3JvdXBzXG4gKiApO1xuICpcbiAqIEBleGFtcGxlXG4gKiAvLyBJbiBMYW1iZGEgc2V0dXBcbiAqIHByb2Nlc3NDb25uZWN0aW9ucyhcbiAqICAgcHJvcHMuY29ubmVjdGlvbnMsXG4gKiAgIHRoaXMubGFtYmRhRnVuY3Rpb24sICAvLyBJR3JhbnRhYmxlIChleGVjdXRpb24gcm9sZSlcbiAqICAgdGhpcy5sYW1iZGFGdW5jdGlvbiAgIC8vIElDb25uZWN0YWJsZSAoc2VjdXJpdHkgZ3JvdXApXG4gKiApO1xuICovXG5cbmltcG9ydCB7IHR5cGUgSUNvbm5lY3RhYmxlIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1lYzJcIjtcbmltcG9ydCB7IHR5cGUgSUdyYW50YWJsZSwgdHlwZSBHcmFudCB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCI7XG5pbXBvcnQge1xuICB0eXBlIENvbm5lY3Rpb25TcGVjLFxuICB0eXBlIENvbm5lY3Rpb25SZXN1bHQsXG4gIHR5cGUgQ29ubmVjdGlvbkFjY2VzcyxcbiAgdHlwZSBNZXNzYWdpbmdBY2Nlc3MsXG4gIHR5cGUgQW55Q29ubmVjdG9yLFxuICB0eXBlIElTdG9yYWdlQ29ubmVjdG9yLFxuICB0eXBlIElEeW5hbW9EQkNvbm5lY3RvcixcbiAgdHlwZSBJUXVldWVDb25uZWN0b3IsXG4gIENPTk5FQ1RJT05fVFlQRSxcbiAgaXNDb25uZWN0aW9uQ29uZmlnLFxuICBpc0Nvbm5lY3RvcixcbiAgaXNDb25uZWN0YWJsZSxcbiAgaXNDb25uZWN0aW9uQWNjZXNzLFxuICBpc01lc3NhZ2luZ0FjY2Vzc1xufSBmcm9tIFwiLi9pbnRlcmZhY2VzL2Nvbm5lY3Rvci5qc1wiO1xuXG4vKiogRGVmYXVsdCBhY2Nlc3MgbGV2ZWxzIGZvciBlYWNoIGNvbm5lY3RvciB0eXBlLiAqL1xuY29uc3QgREVGQVVMVF9BQ0NFU1MgPSB7XG4gIHN0b3JhZ2U6IFwicmVhZFdyaXRlXCIsXG4gIGR5bmFtb2RiOiBcInJlYWRXcml0ZVwiLFxuICBxdWV1ZTogXCJmdWxsXCJcbn0gYXMgY29uc3Q7XG5cbi8qKiBHcmFudCBzdG9yYWdlIGFjY2VzcyBiYXNlZCBvbiBhY2Nlc3MgbGV2ZWwuICovXG5mdW5jdGlvbiBwcm9jZXNzU3RvcmFnZUNvbm5lY3Rpb24oXG4gIGNvbm5lY3RvcjogSVN0b3JhZ2VDb25uZWN0b3IsXG4gIGdyYW50ZWU6IElHcmFudGFibGUsXG4gIGFjY2VzczogQ29ubmVjdGlvbkFjY2Vzc1xuKTogR3JhbnQge1xuICBzd2l0Y2ggKGFjY2Vzcykge1xuICAgIGNhc2UgXCJyZWFkXCI6XG4gICAgICByZXR1cm4gY29ubmVjdG9yLmdyYW50UmVhZChncmFudGVlKTtcbiAgICBjYXNlIFwid3JpdGVcIjpcbiAgICAgIHJldHVybiBjb25uZWN0b3IuZ3JhbnRXcml0ZShncmFudGVlKTtcbiAgICBjYXNlIFwicmVhZFdyaXRlXCI6XG4gICAgICByZXR1cm4gY29ubmVjdG9yLmdyYW50UmVhZFdyaXRlKGdyYW50ZWUpO1xuICB9XG59XG5cbi8qKiBHcmFudCBEeW5hbW9EQiBhY2Nlc3MgYmFzZWQgb24gYWNjZXNzIGxldmVsLiAqL1xuZnVuY3Rpb24gcHJvY2Vzc0R5bmFtb0RCQ29ubmVjdGlvbihcbiAgY29ubmVjdG9yOiBJRHluYW1vREJDb25uZWN0b3IsXG4gIGdyYW50ZWU6IElHcmFudGFibGUsXG4gIGFjY2VzczogQ29ubmVjdGlvbkFjY2Vzc1xuKTogR3JhbnQge1xuICBzd2l0Y2ggKGFjY2Vzcykge1xuICAgIGNhc2UgXCJyZWFkXCI6XG4gICAgICByZXR1cm4gY29ubmVjdG9yLmdyYW50UmVhZERhdGEoZ3JhbnRlZSk7XG4gICAgY2FzZSBcIndyaXRlXCI6XG4gICAgICByZXR1cm4gY29ubmVjdG9yLmdyYW50V3JpdGVEYXRhKGdyYW50ZWUpO1xuICAgIGNhc2UgXCJyZWFkV3JpdGVcIjpcbiAgICAgIHJldHVybiBjb25uZWN0b3IuZ3JhbnRSZWFkV3JpdGVEYXRhKGdyYW50ZWUpO1xuICB9XG59XG5cbi8qKiBHcmFudCBxdWV1ZSBhY2Nlc3MgYmFzZWQgb24gYWNjZXNzIGxldmVsLiAqL1xuZnVuY3Rpb24gcHJvY2Vzc1F1ZXVlQ29ubmVjdGlvbihcbiAgY29ubmVjdG9yOiBJUXVldWVDb25uZWN0b3IsXG4gIGdyYW50ZWU6IElHcmFudGFibGUsXG4gIGFjY2VzczogTWVzc2FnaW5nQWNjZXNzXG4pOiBHcmFudCB7XG4gIHN3aXRjaCAoYWNjZXNzKSB7XG4gICAgY2FzZSBcInNlbmRcIjpcbiAgICAgIHJldHVybiBjb25uZWN0b3IuZ3JhbnRTZW5kTWVzc2FnZXMoZ3JhbnRlZSk7XG4gICAgY2FzZSBcImNvbnN1bWVcIjpcbiAgICAgIHJldHVybiBjb25uZWN0b3IuZ3JhbnRDb25zdW1lTWVzc2FnZXMoZ3JhbnRlZSk7XG4gICAgY2FzZSBcImZ1bGxcIjpcbiAgICAgIHJldHVybiBjb25uZWN0b3IuZ3JhbnRGdWxsKGdyYW50ZWUpO1xuICB9XG59XG5cbi8qKiBCdWlsZCBhbiBJQU0gY29ubmVjdGlvbiByZXN1bHQuICovXG5mdW5jdGlvbiBidWlsZElhbVJlc3VsdChcbiAgY29ubmVjdG9yOiBBbnlDb25uZWN0b3IsXG4gIGdyYW50OiBHcmFudFxuKTogQ29ubmVjdGlvblJlc3VsdCB7XG4gIHJldHVybiB7IHJlc291cmNlOiBjb25uZWN0b3IsIGdyYW50LCBjb25uZWN0aW9uVHlwZTogQ09OTkVDVElPTl9UWVBFLklBTSB9O1xufVxuXG4vKiogQnVpbGQgYSBzZWN1cml0eSBncm91cCBjb25uZWN0aW9uIHJlc3VsdC4gKi9cbmZ1bmN0aW9uIGJ1aWxkU2VjdXJpdHlHcm91cFJlc3VsdChcbiAgcmVzb3VyY2U6IEFueUNvbm5lY3RvciB8IElDb25uZWN0YWJsZVxuKTogQ29ubmVjdGlvblJlc3VsdCB7XG4gIHJldHVybiB7IHJlc291cmNlLCBjb25uZWN0aW9uVHlwZTogQ09OTkVDVElPTl9UWVBFLlNFQ1VSSVRZX0dST1VQIH07XG59XG5cbi8qKiBWYWxpZGF0ZSBhbmQgbmFycm93IGFjY2VzcyB0eXBlIGZvciBzdG9yYWdlL2R5bmFtb2RiIGNvbm5lY3RvcnMuICovXG5mdW5jdGlvbiB2YWxpZGF0ZUNvbm5lY3Rpb25BY2Nlc3MoXG4gIGFjY2VzczogQ29ubmVjdGlvbkFjY2VzcyB8IE1lc3NhZ2luZ0FjY2VzcyB8IHVuZGVmaW5lZCxcbiAgY29ubmVjdG9yVHlwZTogc3RyaW5nLFxuICBkZWZhdWx0QWNjZXNzOiBDb25uZWN0aW9uQWNjZXNzXG4pOiBDb25uZWN0aW9uQWNjZXNzIHtcbiAgaWYgKGFjY2VzcyA9PT0gdW5kZWZpbmVkKSByZXR1cm4gZGVmYXVsdEFjY2VzcztcbiAgaWYgKGlzQ29ubmVjdGlvbkFjY2VzcyhhY2Nlc3MpKSByZXR1cm4gYWNjZXNzO1xuICB0aHJvdyBuZXcgRXJyb3IoXG4gICAgYEludmFsaWQgYWNjZXNzIFwiJHthY2Nlc3N9XCIgZm9yICR7Y29ubmVjdG9yVHlwZX0gY29ubmVjdG9yLiBgICtcbiAgICAgIGBWYWxpZCB2YWx1ZXM6IHJlYWQsIHdyaXRlLCByZWFkV3JpdGVgXG4gICk7XG59XG5cbi8qKiBWYWxpZGF0ZSBhbmQgbmFycm93IGFjY2VzcyB0eXBlIGZvciBxdWV1ZSBjb25uZWN0b3JzLiAqL1xuZnVuY3Rpb24gdmFsaWRhdGVNZXNzYWdpbmdBY2Nlc3MoXG4gIGFjY2VzczogQ29ubmVjdGlvbkFjY2VzcyB8IE1lc3NhZ2luZ0FjY2VzcyB8IHVuZGVmaW5lZCxcbiAgZGVmYXVsdEFjY2VzczogTWVzc2FnaW5nQWNjZXNzXG4pOiBNZXNzYWdpbmdBY2Nlc3Mge1xuICBpZiAoYWNjZXNzID09PSB1bmRlZmluZWQpIHJldHVybiBkZWZhdWx0QWNjZXNzO1xuICBpZiAoaXNNZXNzYWdpbmdBY2Nlc3MoYWNjZXNzKSkgcmV0dXJuIGFjY2VzcztcbiAgdGhyb3cgbmV3IEVycm9yKFxuICAgIGBJbnZhbGlkIGFjY2VzcyBcIiR7YWNjZXNzfVwiIGZvciBxdWV1ZSBjb25uZWN0b3IuIGAgK1xuICAgICAgYFZhbGlkIHZhbHVlczogc2VuZCwgY29uc3VtZSwgZnVsbGBcbiAgKTtcbn1cblxuLyoqXG4gKiBSZXF1aXJlIElDb25uZWN0YWJsZSBmb3Igc2VjdXJpdHkgZ3JvdXAgb3BlcmF0aW9ucy5cbiAqIFRocm93cyBhIGRlc2NyaXB0aXZlIGVycm9yIGlmIG5vdCBwcm92aWRlZC5cbiAqL1xuZnVuY3Rpb24gcmVxdWlyZUNvbm5lY3RhYmxlKFxuICBjb25uZWN0YWJsZTogSUNvbm5lY3RhYmxlIHwgdW5kZWZpbmVkLFxuICBjb250ZXh0OiBzdHJpbmdcbik6IGFzc2VydHMgY29ubmVjdGFibGUgaXMgSUNvbm5lY3RhYmxlIHtcbiAgaWYgKCFjb25uZWN0YWJsZSkge1xuICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgIGAke2NvbnRleHR9IHJlcXVpcmVzIGFuIElDb25uZWN0YWJsZSB0byBiZSBwcm92aWRlZC4gYCArXG4gICAgICAgIFwiRW5zdXJlIHRoZSBjb21wdXRlIHJlc291cmNlIChFQ1MsIEVDMiwgTGFtYmRhIHdpdGggVlBDKSBpbXBsZW1lbnRzIElDb25uZWN0YWJsZS5cIlxuICAgICk7XG4gIH1cbn1cblxuLyoqXG4gKiBQcm9jZXNzIGNvbm5lY3Rpb25zIGZyb20gY29tcHV0ZSByZXNvdXJjZXMgdG8gZGF0YSByZXNvdXJjZXMuXG4gKlxuICogSGFuZGxlcyB0aGUgdW5pZmllZCBjb25uZWN0b3IgaW50ZXJmYWNlLCBkaXNwYXRjaGluZyB0bzpcbiAqIC0gU2VjdXJpdHkgZ3JvdXAgcnVsZXMgZm9yIElDb25uZWN0YWJsZSBhbmQgSVNlY3VyaXR5R3JvdXBDb25uZWN0b3IgcmVzb3VyY2VzXG4gKiAtIElBTSBncmFudHMgZm9yIElTdG9yYWdlQ29ubmVjdG9yLCBJRHluYW1vREJDb25uZWN0b3IsIGFuZCBJUXVldWVDb25uZWN0b3IgcmVzb3VyY2VzXG4gKlxuICogQHBhcmFtIGNvbm5lY3Rpb25zIC0gQXJyYXkgb2YgY29ubmVjdGlvbiBzcGVjaWZpY2F0aW9uc1xuICogQHBhcmFtIGdyYW50ZWUgLSBUaGUgSUFNIGdyYW50ZWUgKHRhc2sgcm9sZSwgZXhlY3V0aW9uIHJvbGUsIGV0Yy4pXG4gKiBAcGFyYW0gY29ubmVjdGFibGUgLSBPcHRpb25hbCBJQ29ubmVjdGFibGUgZm9yIHNlY3VyaXR5IGdyb3VwIHJ1bGVzXG4gKiBAcmV0dXJucyBBcnJheSBvZiBjb25uZWN0aW9uIHJlc3VsdHNcbiAqXG4gKiBAZXhhbXBsZVxuICogcHJvY2Vzc0Nvbm5lY3Rpb25zKFxuICogICBbZGF0YWJhc2UsIHsgcmVzb3VyY2U6IGJ1Y2tldCwgYWNjZXNzOiBcInJlYWRcIiB9LCBxdWV1ZV0sXG4gKiAgIHRhc2tSb2xlLFxuICogICBzZXJ2aWNlXG4gKiApO1xuICovXG5leHBvcnQgZnVuY3Rpb24gcHJvY2Vzc0Nvbm5lY3Rpb25zKFxuICBjb25uZWN0aW9uczogQ29ubmVjdGlvblNwZWNbXSxcbiAgZ3JhbnRlZTogSUdyYW50YWJsZSxcbiAgY29ubmVjdGFibGU/OiBJQ29ubmVjdGFibGVcbik6IENvbm5lY3Rpb25SZXN1bHRbXSB7XG4gIHJldHVybiBjb25uZWN0aW9ucy5tYXAoKHNwZWMpID0+IHtcbiAgICBjb25zdCB7IHJlc291cmNlLCBhY2Nlc3MgfSA9IGlzQ29ubmVjdGlvbkNvbmZpZyhzcGVjKVxuICAgICAgPyB7IHJlc291cmNlOiBzcGVjLnJlc291cmNlLCBhY2Nlc3M6IHNwZWMuYWNjZXNzIH1cbiAgICAgIDogeyByZXNvdXJjZTogc3BlYywgYWNjZXNzOiB1bmRlZmluZWQgfTtcblxuICAgIC8vIEhhbmRsZSB1bmlmaWVkIGNvbm5lY3RvciBpbnRlcmZhY2UgKGlzQ29ubmVjdG9yIG5vdyByZXR1cm5zIEFueUNvbm5lY3RvcilcbiAgICBpZiAoaXNDb25uZWN0b3IocmVzb3VyY2UpKSB7XG4gICAgICBzd2l0Y2ggKHJlc291cmNlLmNvbm5lY3RvclR5cGUpIHtcbiAgICAgICAgY2FzZSBcInN0b3JhZ2VcIjoge1xuICAgICAgICAgIGNvbnN0IHZhbGlkQWNjZXNzID0gdmFsaWRhdGVDb25uZWN0aW9uQWNjZXNzKFxuICAgICAgICAgICAgYWNjZXNzLFxuICAgICAgICAgICAgXCJzdG9yYWdlXCIsXG4gICAgICAgICAgICBERUZBVUxUX0FDQ0VTUy5zdG9yYWdlXG4gICAgICAgICAgKTtcbiAgICAgICAgICByZXR1cm4gYnVpbGRJYW1SZXN1bHQoXG4gICAgICAgICAgICByZXNvdXJjZSxcbiAgICAgICAgICAgIHByb2Nlc3NTdG9yYWdlQ29ubmVjdGlvbihyZXNvdXJjZSwgZ3JhbnRlZSwgdmFsaWRBY2Nlc3MpXG4gICAgICAgICAgKTtcbiAgICAgICAgfVxuXG4gICAgICAgIGNhc2UgXCJkeW5hbW9kYlwiOiB7XG4gICAgICAgICAgY29uc3QgdmFsaWRBY2Nlc3MgPSB2YWxpZGF0ZUNvbm5lY3Rpb25BY2Nlc3MoXG4gICAgICAgICAgICBhY2Nlc3MsXG4gICAgICAgICAgICBcImR5bmFtb2RiXCIsXG4gICAgICAgICAgICBERUZBVUxUX0FDQ0VTUy5keW5hbW9kYlxuICAgICAgICAgICk7XG4gICAgICAgICAgcmV0dXJuIGJ1aWxkSWFtUmVzdWx0KFxuICAgICAgICAgICAgcmVzb3VyY2UsXG4gICAgICAgICAgICBwcm9jZXNzRHluYW1vREJDb25uZWN0aW9uKHJlc291cmNlLCBncmFudGVlLCB2YWxpZEFjY2VzcylcbiAgICAgICAgICApO1xuICAgICAgICB9XG5cbiAgICAgICAgY2FzZSBcInF1ZXVlXCI6IHtcbiAgICAgICAgICBjb25zdCB2YWxpZEFjY2VzcyA9IHZhbGlkYXRlTWVzc2FnaW5nQWNjZXNzKFxuICAgICAgICAgICAgYWNjZXNzLFxuICAgICAgICAgICAgREVGQVVMVF9BQ0NFU1MucXVldWVcbiAgICAgICAgICApO1xuICAgICAgICAgIHJldHVybiBidWlsZElhbVJlc3VsdChcbiAgICAgICAgICAgIHJlc291cmNlLFxuICAgICAgICAgICAgcHJvY2Vzc1F1ZXVlQ29ubmVjdGlvbihyZXNvdXJjZSwgZ3JhbnRlZSwgdmFsaWRBY2Nlc3MpXG4gICAgICAgICAgKTtcbiAgICAgICAgfVxuXG4gICAgICAgIGNhc2UgXCJzZWN1cml0eUdyb3VwXCI6XG4gICAgICAgIGNhc2UgXCJyZWxhdGlvbmFsXCI6IHtcbiAgICAgICAgICByZXF1aXJlQ29ubmVjdGFibGUoXG4gICAgICAgICAgICBjb25uZWN0YWJsZSxcbiAgICAgICAgICAgIGAke3Jlc291cmNlLmNvbm5lY3RvclR5cGV9IGNvbm5lY3RvcmBcbiAgICAgICAgICApO1xuICAgICAgICAgIGNvbm5lY3RhYmxlLmNvbm5lY3Rpb25zLmFsbG93VG9EZWZhdWx0UG9ydChyZXNvdXJjZSk7XG4gICAgICAgICAgcmV0dXJuIGJ1aWxkU2VjdXJpdHlHcm91cFJlc3VsdChyZXNvdXJjZSk7XG4gICAgICAgIH1cbiAgICAgIH1cbiAgICB9XG5cbiAgICAvLyBMZWdhY3kgSUNvbm5lY3RhYmxlIHBhdGhcbiAgICBpZiAoaXNDb25uZWN0YWJsZShyZXNvdXJjZSkpIHtcbiAgICAgIHJlcXVpcmVDb25uZWN0YWJsZShjb25uZWN0YWJsZSwgXCJJQ29ubmVjdGFibGUgcmVzb3VyY2VcIik7XG4gICAgICBjb25uZWN0YWJsZS5jb25uZWN0aW9ucy5hbGxvd1RvRGVmYXVsdFBvcnQocmVzb3VyY2UpO1xuICAgICAgcmV0dXJuIGJ1aWxkU2VjdXJpdHlHcm91cFJlc3VsdChyZXNvdXJjZSk7XG4gICAgfVxuXG4gICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgXCJDb25uZWN0aW9uIHJlc291cmNlIG11c3QgYmUgZWl0aGVyIGFuIElDb25uZWN0b3Igb3IgSUNvbm5lY3RhYmxlXCJcbiAgICApO1xuICB9KTtcbn1cbiJdfQ==

package/dist/lib/patterns/aws/database.d.ts

@@ -1,7 +1,12 @@
 import { Construct } from "constructs";
 import type App from "../../app";
-import { type Secret } from "../../resources/aws/secrets";
+import { type DynamoDBKeySchema, type DynamoDBGlobalSecondaryIndex } from "../../resources/aws/database/dynamodb";
 import { type Connections, type IConnectable, type IVpc, type SubnetSelection } from "aws-cdk-lib/aws-ec2";
+import { type ITable } from "aws-cdk-lib/aws-dynamodb";
+import { type Secret } from "../../resources/aws/secrets";
+import { type IGrantable, type Grant } from "aws-cdk-lib/aws-iam";
+import { type IRelationalDatabase, type IDynamoDBDatabase, type RelationalDatabaseType } from "./interfaces/database.js";
+import { type IDynamoDBConnector, type ISecurityGroupConnector } from "./interfaces/connector.js";
 import { type IInstanceEngine, type IClusterEngine } from "aws-cdk-lib/aws-rds";
 import { Duration } from "aws-cdk-lib";
 import { type IKey } from "aws-cdk-lib/aws-kms";
@@ -132,6 +137,21 @@ export interface AuroraDatabaseProps extends BaseDatabaseProps {
     snapshotIdentifier?: string;
     /** Username from the snapshot (required when restoring from snapshot to reset password) */
     snapshotUsername?: string;
+    /** Allow access from VPC CIDR (avoids cross-stack cyclic dependencies with Lambda) */
+    allowVpcAccess?: boolean;
+    /**
+     * Make database publicly accessible from the internet.
+     * WARNING: This is a security risk and should only be used for development
+     * or when building Payload apps locally that need database access.
+     * When enabled, the database is placed in public subnets.
+     */
+    publiclyAccessible?: boolean;
+    /**
+     * IP address to allow access from when publiclyAccessible is true.
+     * If not specified, access is restricted to VPC only even when public.
+     * Format: CIDR notation (e.g., "203.0.113.0/32" for single IP)
+     */
+    allowedIpCidr?: string;
 }
 export interface GlobalAuroraDatabaseProps extends BaseDatabaseProps {
     type: "GlobalAurora";
@@ -178,19 +198,106 @@ export interface InstanceDatabaseProps extends BaseDatabaseProps {
     /** Username from the snapshot (required when restoring from snapshot to reset password) */
     snapshotUsername?: string;
 }
-export type IDatabaseProps = AuroraDatabaseProps | InstanceDatabaseProps | GlobalAuroraDatabaseProps;
+/**
+ * DynamoDB table configuration properties.
+ */
+export interface DynamoDBDatabaseProps {
+    type: "DynamoDB";
+    partitionKey: DynamoDBKeySchema;
+    sortKey?: DynamoDBKeySchema;
+    billingMode?: "PAY_PER_REQUEST" | "PROVISIONED";
+    readCapacity?: number;
+    writeCapacity?: number;
+    globalSecondaryIndexes?: DynamoDBGlobalSecondaryIndex[];
+    timeToLiveAttribute?: string;
+    stream?: "NEW_IMAGE" | "OLD_IMAGE" | "NEW_AND_OLD_IMAGES" | "KEYS_ONLY";
+    pointInTimeRecovery?: boolean;
+    encryption?: "AWS_OWNED" | "AWS_MANAGED" | "CUSTOMER_MANAGED";
+    removalPolicy?: "DESTROY" | "RETAIN" | "SNAPSHOT";
+}
+/**
+ * Relational database props union (Aurora, Instance, GlobalAurora).
+ */
+export type IRelationalDatabaseProps = AuroraDatabaseProps | InstanceDatabaseProps | GlobalAuroraDatabaseProps;
+/**
+ * All database props union.
+ */
+export type IDatabaseProps = AuroraDatabaseProps | InstanceDatabaseProps | GlobalAuroraDatabaseProps | DynamoDBDatabaseProps;
+/**
+ * Factory for creating type-safe database resources.
+ *
+ * @example
+ * // Aurora database - returns RelationalDatabase
+ * const aurora = app.addDatabase(DatabaseFactory.build("Main", {
+ *   type: "Aurora",
+ *   databaseName: "myapp"
+ * }));
+ * aurora.getHostEndpoint(); // Available
+ *
+ * @example
+ * // DynamoDB table - returns DynamoDBDatabase
+ * const cache = app.addDatabase(DatabaseFactory.build("Cache", {
+ *   type: "DynamoDB",
+ *   partitionKey: { name: "id", type: "S" }
+ * }));
+ * cache.getTableName(); // Available
+ * cache.grantReadWriteData(lambda); // Available
+ */
 export declare class DatabaseFactory {
-    static build<T extends IDatabaseProps>(id: string, props: T): (app: App, scope: Construct) => Database;
+    static build(id: string, props: AuroraDatabaseProps): (app: App, scope: Construct) => RelationalDatabase;
+    static build(id: string, props: InstanceDatabaseProps): (app: App, scope: Construct) => RelationalDatabase;
+    static build(id: string, props: GlobalAuroraDatabaseProps): (app: App, scope: Construct) => RelationalDatabase;
+    static build(id: string, props: DynamoDBDatabaseProps): (app: App, scope: Construct) => DynamoDBDatabase;
+}
+/**
+ * DynamoDB database wrapper implementing IDynamoDBDatabase interface.
+ * Provides type-safe access to DynamoDB table operations.
+ *
+ * @example
+ * const cache = app.addDatabase(DatabaseFactory.build("Cache", {
+ *   type: "DynamoDB",
+ *   partitionKey: { name: "id", type: "S" }
+ * }));
+ * cache.grantReadWriteData(lambda);
+ */
+export declare class DynamoDBDatabase extends Construct implements IDynamoDBDatabase, IDynamoDBConnector {
+    readonly databaseType: "DynamoDB";
+    readonly connectorType: "dynamodb";
+    readonly id: string;
+    private readonly table;
+    constructor(scope: Construct, id: string, props: DynamoDBDatabaseProps);
+    getTableName(): string;
+    getTableArn(): string;
+    getTable(): ITable;
+    getStreamArn(): string | undefined;
+    grantReadData(grantee: IGrantable): Grant;
+    grantWriteData(grantee: IGrantable): Grant;
+    grantReadWriteData(grantee: IGrantable): Grant;
+    grantFullAccess(grantee: IGrantable): Grant;
+    grantStreamRead(grantee: IGrantable): Grant;
 }
-export declare class Database extends Construct implements IConnectable {
-    id: string;
-    scope: Construct;
-    vpc: IVpc;
+/**
+ * Relational database wrapper implementing IRelationalDatabase interface.
+ * Supports Aurora, RDS Instance, and GlobalAurora database types.
+ *
+ * @example
+ * const db = app.addDatabase(DatabaseFactory.build("Main", {
+ *   type: "Aurora",
+ *   databaseName: "myapp"
+ * }));
+ * db.grantConnect(lambda);
+ */
+export declare class RelationalDatabase extends Construct implements IRelationalDatabase, ISecurityGroupConnector {
+    readonly id: string;
+    readonly scope: Construct;
+    readonly vpc: IVpc;
+    readonly databaseType: RelationalDatabaseType;
+    readonly connectorType: "relational";
     connections: Connections;
-    private databaseName;
+    private readonly _databaseName;
     private database;
-    constructor(scope: Construct, id: string, props: IDatabaseProps);
-    addDatabase(props: IDatabaseProps): void;
+    constructor(scope: Construct, id: string, props: IRelationalDatabaseProps);
+    addDatabase(props: IRelationalDatabaseProps): void;
     private addAurora;
     private addAuroraGlobal;
     private addRdsInstance;
@@ -199,5 +306,11 @@ export declare class Database extends Construct implements IConnectable {
     getHostEndpoint(): string;
     getHostPort(): string;
     getDatabaseName(): string;
+    /**
+     * Grant connect permissions to a grantee by adding it to the database security group.
+     * @param grantee The connectable principal to grant connect permissions to
+     */
+    grantConnect(grantee: IConnectable): void;
 }
-export {};
+export type { DynamoDBKeySchema, DynamoDBGlobalSecondaryIndex, DynamoDBTableProps } from "../../resources/aws/database/dynamodb";
+export { type IRelationalDatabase, type IDynamoDBDatabase, type AnyDatabase, type DatabaseType, type RelationalDatabaseType, isRelationalDatabase, isDynamoDBDatabase, isAuroraDatabase, isInstanceDatabase, isGlobalAuroraDatabase } from "./interfaces/database.js";