@fjall/components-infrastructure 0.86.1 → 0.87.4

package/dist/lib/patterns/aws/cicdRole.d.ts

@@ -1,67 +0,0 @@
-import { Construct } from "constructs";
-import { type Role } from "aws-cdk-lib/aws-iam";
-import { type CICDProvider } from "../../resources/aws/cicd/cicdRole";
-export interface CICDRoleProps {
-    /**
-     * The CI/CD provider (github-actions, buildkite, gitlab-ci)
-     */
-    provider: CICDProvider;
-    /**
-     * For GitHub Actions: repository in format "org/repo"
-     * For Buildkite: organization slug
-     * For GitLab CI: project path in format "group/project"
-     */
-    repositoryOrOrg: string;
-    /**
-     * Optional custom role name
-     * Defaults to "FjallDeploy-{provider}-{appName}"
-     */
-    roleName?: string;
-    /**
-     * Optional ARN of existing OIDC provider (skips creation)
-     * Useful when OIDC provider already exists in the account
-     */
-    existingProviderArn?: string;
-}
-/**
- * High-level pattern for adding CI/CD OIDC authentication to an application.
- *
- * This creates an OIDC provider (if needed) and a deploy role that can be assumed
- * by your CI/CD system without long-lived credentials.
- *
- * @example
- * ```typescript
- * import { App, CICDRole } from "@fjall/components-infrastructure";
- *
- * const app = App.getApp("MyApp");
- *
- * // Add GitHub Actions OIDC authentication
- * const cicdRole = new CICDRole(app, "GitHubDeployRole", {
- *   provider: "github-actions",
- *   repositoryOrOrg: "myorg/myrepo"
- * });
- *
- * // Continue with normal application setup
- * app.addCompute(/* ... *\/);
- * ```
- *
- * @example
- * ```typescript
- * // Use existing OIDC provider (created via fjall cicd setup)
- * const cicdRole = new CICDRole(app, "GitHubDeployRole", {
- *   provider: "github-actions",
- *   repositoryOrOrg: "myorg/myrepo",
- *   existingProviderArn: "arn:aws:iam::123456789012:oidc-provider/token.actions.githubusercontent.com"
- * });
- * ```
- */
-export declare class CICDRole extends Construct {
-    readonly role: Role;
-    readonly provider: CICDProvider;
-    constructor(scope: Construct, id: string, props: CICDRoleProps);
-    /**
-     * Get the role ARN for use in CI/CD configuration
-     */
-    getRoleArn(): string;
-}
-export default CICDRole;

package/dist/lib/patterns/aws/cicdRole.js

@@ -1,68 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CICDRole = void 0;
-const constructs_1 = require("constructs");
-const app_1 = require("../../app");
-const cicdRole_1 = require("../../resources/aws/cicd/cicdRole");
-/**
- * High-level pattern for adding CI/CD OIDC authentication to an application.
- *
- * This creates an OIDC provider (if needed) and a deploy role that can be assumed
- * by your CI/CD system without long-lived credentials.
- *
- * @example
- * ```typescript
- * import { App, CICDRole } from "@fjall/components-infrastructure";
- *
- * const app = App.getApp("MyApp");
- *
- * // Add GitHub Actions OIDC authentication
- * const cicdRole = new CICDRole(app, "GitHubDeployRole", {
- *   provider: "github-actions",
- *   repositoryOrOrg: "myorg/myrepo"
- * });
- *
- * // Continue with normal application setup
- * app.addCompute(/* ... *\/);
- * ```
- *
- * @example
- * ```typescript
- * // Use existing OIDC provider (created via fjall cicd setup)
- * const cicdRole = new CICDRole(app, "GitHubDeployRole", {
- *   provider: "github-actions",
- *   repositoryOrOrg: "myorg/myrepo",
- *   existingProviderArn: "arn:aws:iam::123456789012:oidc-provider/token.actions.githubusercontent.com"
- * });
- * ```
- */
-class CICDRole extends constructs_1.Construct {
-    constructor(scope, id, props) {
-        super(scope, id);
-        // Get the App instance
-        const app = scope instanceof app_1.default ? scope : app_1.default.getInstance();
-        const networkStack = app.getDefaultNetworkStack();
-        this.provider = props.provider;
-        // Build the config for the factory
-        const config = {
-            provider: props.provider,
-            appName: app["name"],
-            repositoryOrOrg: props.repositoryOrOrg,
-            roleName: props.roleName,
-            existingProviderArn: props.existingProviderArn
-        };
-        // Create the CI/CD role using the factory
-        this.role = cicdRole_1.default.build(`${app["name"]}CICDRole`, config)(app, networkStack.getStack());
-        // Register the role with the network stack
-        networkStack.addConstruct(this.role);
-    }
-    /**
-     * Get the role ARN for use in CI/CD configuration
-     */
-    getRoleArn() {
-        return this.role.roleArn;
-    }
-}
-exports.CICDRole = CICDRole;
-exports.default = CICDRole;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2ljZFJvbGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvcGF0dGVybnMvYXdzL2NpY2RSb2xlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDJDQUF1QztBQUV2QyxtQ0FBNEI7QUFDNUIsZ0VBRzJDO0FBNEIzQzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQStCRztBQUNILE1BQWEsUUFBUyxTQUFRLHNCQUFTO0lBSXJDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBb0I7UUFDNUQsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQix1QkFBdUI7UUFDdkIsTUFBTSxHQUFHLEdBQUcsS0FBSyxZQUFZLGFBQUcsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxhQUFHLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDN0QsTUFBTSxZQUFZLEdBQUcsR0FBRyxDQUFDLHNCQUFzQixFQUFFLENBQUM7UUFFbEQsSUFBSSxDQUFDLFFBQVEsR0FBRyxLQUFLLENBQUMsUUFBUSxDQUFDO1FBRS9CLG1DQUFtQztRQUNuQyxNQUFNLE1BQU0sR0FBbUI7WUFDN0IsUUFBUSxFQUFFLEtBQUssQ0FBQyxRQUFRO1lBQ3hCLE9BQU8sRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDO1lBQ3BCLGVBQWUsRUFBRSxLQUFLLENBQUMsZUFBZTtZQUN0QyxRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDeEIsbUJBQW1CLEVBQUUsS0FBSyxDQUFDLG1CQUFtQjtTQUMvQyxDQUFDO1FBRUYsMENBQTBDO1FBQzFDLElBQUksQ0FBQyxJQUFJLEdBQUcsa0JBQWUsQ0FBQyxLQUFLLENBQUMsR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLFVBQVUsRUFBRSxNQUFNLENBQUMsQ0FDakUsR0FBRyxFQUNILFlBQVksQ0FBQyxRQUFRLEVBQUUsQ0FDeEIsQ0FBQztRQUVGLDJDQUEyQztRQUMzQyxZQUFZLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxVQUFVO1FBQ2YsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQztJQUMzQixDQUFDO0NBQ0Y7QUF0Q0QsNEJBc0NDO0FBRUQsa0JBQWUsUUFBUSxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCB7IHR5cGUgUm9sZSB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCI7XG5pbXBvcnQgQXBwIGZyb20gXCIuLi8uLi9hcHBcIjtcbmltcG9ydCBDSUNEUm9sZUZhY3RvcnksIHtcbiAgdHlwZSBDSUNEUHJvdmlkZXIsXG4gIHR5cGUgQ0lDRFJvbGVDb25maWdcbn0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3MvY2ljZC9jaWNkUm9sZVwiO1xuXG5leHBvcnQgaW50ZXJmYWNlIENJQ0RSb2xlUHJvcHMge1xuICAvKipcbiAgICogVGhlIENJL0NEIHByb3ZpZGVyIChnaXRodWItYWN0aW9ucywgYnVpbGRraXRlLCBnaXRsYWItY2kpXG4gICAqL1xuICBwcm92aWRlcjogQ0lDRFByb3ZpZGVyO1xuXG4gIC8qKlxuICAgKiBGb3IgR2l0SHViIEFjdGlvbnM6IHJlcG9zaXRvcnkgaW4gZm9ybWF0IFwib3JnL3JlcG9cIlxuICAgKiBGb3IgQnVpbGRraXRlOiBvcmdhbml6YXRpb24gc2x1Z1xuICAgKiBGb3IgR2l0TGFiIENJOiBwcm9qZWN0IHBhdGggaW4gZm9ybWF0IFwiZ3JvdXAvcHJvamVjdFwiXG4gICAqL1xuICByZXBvc2l0b3J5T3JPcmc6IHN0cmluZztcblxuICAvKipcbiAgICogT3B0aW9uYWwgY3VzdG9tIHJvbGUgbmFtZVxuICAgKiBEZWZhdWx0cyB0byBcIkZqYWxsRGVwbG95LXtwcm92aWRlcn0te2FwcE5hbWV9XCJcbiAgICovXG4gIHJvbGVOYW1lPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBPcHRpb25hbCBBUk4gb2YgZXhpc3RpbmcgT0lEQyBwcm92aWRlciAoc2tpcHMgY3JlYXRpb24pXG4gICAqIFVzZWZ1bCB3aGVuIE9JREMgcHJvdmlkZXIgYWxyZWFkeSBleGlzdHMgaW4gdGhlIGFjY291bnRcbiAgICovXG4gIGV4aXN0aW5nUHJvdmlkZXJBcm4/OiBzdHJpbmc7XG59XG5cbi8qKlxuICogSGlnaC1sZXZlbCBwYXR0ZXJuIGZvciBhZGRpbmcgQ0kvQ0QgT0lEQyBhdXRoZW50aWNhdGlvbiB0byBhbiBhcHBsaWNhdGlvbi5cbiAqXG4gKiBUaGlzIGNyZWF0ZXMgYW4gT0lEQyBwcm92aWRlciAoaWYgbmVlZGVkKSBhbmQgYSBkZXBsb3kgcm9sZSB0aGF0IGNhbiBiZSBhc3N1bWVkXG4gKiBieSB5b3VyIENJL0NEIHN5c3RlbSB3aXRob3V0IGxvbmctbGl2ZWQgY3JlZGVudGlhbHMuXG4gKlxuICogQGV4YW1wbGVcbiAqIGBgYHR5cGVzY3JpcHRcbiAqIGltcG9ydCB7IEFwcCwgQ0lDRFJvbGUgfSBmcm9tIFwiQGZqYWxsL2NvbXBvbmVudHMtaW5mcmFzdHJ1Y3R1cmVcIjtcbiAqXG4gKiBjb25zdCBhcHAgPSBBcHAuZ2V0QXBwKFwiTXlBcHBcIik7XG4gKlxuICogLy8gQWRkIEdpdEh1YiBBY3Rpb25zIE9JREMgYXV0aGVudGljYXRpb25cbiAqIGNvbnN0IGNpY2RSb2xlID0gbmV3IENJQ0RSb2xlKGFwcCwgXCJHaXRIdWJEZXBsb3lSb2xlXCIsIHtcbiAqICAgcHJvdmlkZXI6IFwiZ2l0aHViLWFjdGlvbnNcIixcbiAqICAgcmVwb3NpdG9yeU9yT3JnOiBcIm15b3JnL215cmVwb1wiXG4gKiB9KTtcbiAqXG4gKiAvLyBDb250aW51ZSB3aXRoIG5vcm1hbCBhcHBsaWNhdGlvbiBzZXR1cFxuICogYXBwLmFkZENvbXB1dGUoLyogLi4uICpcXC8pO1xuICogYGBgXG4gKlxuICogQGV4YW1wbGVcbiAqIGBgYHR5cGVzY3JpcHRcbiAqIC8vIFVzZSBleGlzdGluZyBPSURDIHByb3ZpZGVyIChjcmVhdGVkIHZpYSBmamFsbCBjaWNkIHNldHVwKVxuICogY29uc3QgY2ljZFJvbGUgPSBuZXcgQ0lDRFJvbGUoYXBwLCBcIkdpdEh1YkRlcGxveVJvbGVcIiwge1xuICogICBwcm92aWRlcjogXCJnaXRodWItYWN0aW9uc1wiLFxuICogICByZXBvc2l0b3J5T3JPcmc6IFwibXlvcmcvbXlyZXBvXCIsXG4gKiAgIGV4aXN0aW5nUHJvdmlkZXJBcm46IFwiYXJuOmF3czppYW06OjEyMzQ1Njc4OTAxMjpvaWRjLXByb3ZpZGVyL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tXCJcbiAqIH0pO1xuICogYGBgXG4gKi9cbmV4cG9ydCBjbGFzcyBDSUNEUm9sZSBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHB1YmxpYyByZWFkb25seSByb2xlOiBSb2xlO1xuICBwdWJsaWMgcmVhZG9ubHkgcHJvdmlkZXI6IENJQ0RQcm92aWRlcjtcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogQ0lDRFJvbGVQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICAvLyBHZXQgdGhlIEFwcCBpbnN0YW5jZVxuICAgIGNvbnN0IGFwcCA9IHNjb3BlIGluc3RhbmNlb2YgQXBwID8gc2NvcGUgOiBBcHAuZ2V0SW5zdGFuY2UoKTtcbiAgICBjb25zdCBuZXR3b3JrU3RhY2sgPSBhcHAuZ2V0RGVmYXVsdE5ldHdvcmtTdGFjaygpO1xuXG4gICAgdGhpcy5wcm92aWRlciA9IHByb3BzLnByb3ZpZGVyO1xuXG4gICAgLy8gQnVpbGQgdGhlIGNvbmZpZyBmb3IgdGhlIGZhY3RvcnlcbiAgICBjb25zdCBjb25maWc6IENJQ0RSb2xlQ29uZmlnID0ge1xuICAgICAgcHJvdmlkZXI6IHByb3BzLnByb3ZpZGVyLFxuICAgICAgYXBwTmFtZTogYXBwW1wibmFtZVwiXSxcbiAgICAgIHJlcG9zaXRvcnlPck9yZzogcHJvcHMucmVwb3NpdG9yeU9yT3JnLFxuICAgICAgcm9sZU5hbWU6IHByb3BzLnJvbGVOYW1lLFxuICAgICAgZXhpc3RpbmdQcm92aWRlckFybjogcHJvcHMuZXhpc3RpbmdQcm92aWRlckFyblxuICAgIH07XG5cbiAgICAvLyBDcmVhdGUgdGhlIENJL0NEIHJvbGUgdXNpbmcgdGhlIGZhY3RvcnlcbiAgICB0aGlzLnJvbGUgPSBDSUNEUm9sZUZhY3RvcnkuYnVpbGQoYCR7YXBwW1wibmFtZVwiXX1DSUNEUm9sZWAsIGNvbmZpZykoXG4gICAgICBhcHAsXG4gICAgICBuZXR3b3JrU3RhY2suZ2V0U3RhY2soKVxuICAgICk7XG5cbiAgICAvLyBSZWdpc3RlciB0aGUgcm9sZSB3aXRoIHRoZSBuZXR3b3JrIHN0YWNrXG4gICAgbmV0d29ya1N0YWNrLmFkZENvbnN0cnVjdCh0aGlzLnJvbGUpO1xuICB9XG5cbiAgLyoqXG4gICAqIEdldCB0aGUgcm9sZSBBUk4gZm9yIHVzZSBpbiBDSS9DRCBjb25maWd1cmF0aW9uXG4gICAqL1xuICBwdWJsaWMgZ2V0Um9sZUFybigpOiBzdHJpbmcge1xuICAgIHJldHVybiB0aGlzLnJvbGUucm9sZUFybjtcbiAgfVxufVxuXG5leHBvcnQgZGVmYXVsdCBDSUNEUm9sZTtcbiJdfQ==

package/dist/lib/resources/aws/cicd/cicdRole.d.ts

@@ -1,65 +0,0 @@
-import { Role, PolicyStatement } from "aws-cdk-lib/aws-iam";
-import { type Construct } from "constructs";
-/**
- * Supported CI/CD providers
- */
-export type CICDProvider = "github-actions" | "buildkite" | "gitlab-ci";
-/**
- * Configuration for creating a CI/CD deploy role
- */
-export interface CICDRoleConfig {
-    /**
-     * The CI/CD provider (github-actions, buildkite, gitlab-ci)
-     */
-    provider: CICDProvider;
-    /**
-     * The application name to scope the role's permissions to
-     */
-    appName: string;
-    /**
-     * For GitHub Actions: repository (org/repo)
-     * For Buildkite: organization slug
-     * For GitLab CI: project path (group/project)
-     */
-    repositoryOrOrg: string;
-    /**
-     * Optional role name. Defaults to "FjallDeploy-{provider}-{appName}"
-     */
-    roleName?: string;
-    /**
-     * Optional IAM path for the role. Defaults to "/"
-     */
-    rolePath?: string;
-    /**
-     * Optional custom permissions. If not provided, default deployment permissions will be used.
-     */
-    customPermissions?: PolicyStatement[];
-    /**
-     * Whether to use existing OIDC provider or create a new one
-     * If true, will look for existing provider by URL
-     */
-    useExistingProvider?: boolean;
-    /**
-     * Optional ARN of existing OIDC provider (skips creation)
-     */
-    existingProviderArn?: string;
-}
-/**
- * Factory to build a CI/CD deploy IAM role with OIDC authentication.
- * Creates both the OIDC provider (if needed) and the deploy role with appropriate permissions.
- */
-export declare class CICDRoleFactory {
-    /**
-     * Build a CI/CD deploy role with OIDC authentication
-     */
-    static build(id: string, config: CICDRoleConfig): (app: Construct, scope: Construct) => Role;
-    /**
-     * Build trust policy conditions based on CI/CD provider
-     */
-    private static buildTrustConditions;
-    /**
-     * Add default deployment permissions to the role
-     */
-    private static addDefaultDeployPermissions;
-}
-export default CICDRoleFactory;

package/dist/lib/resources/aws/cicd/cicdRole.js

@@ -1,191 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CICDRoleFactory = void 0;
-const aws_cdk_lib_1 = require("aws-cdk-lib");
-const aws_iam_1 = require("aws-cdk-lib/aws-iam");
-/**
- * OIDC provider configurations for different CI/CD systems
- */
-const OIDC_CONFIGS = {
-    "github-actions": {
-        url: "https://token.actions.githubusercontent.com",
-        clientIds: ["sts.amazonaws.com"],
-        thumbprints: [
-            "6938fd4d98bab03faadb97b34396831e3780aea1",
-            "1c58a3a8518e8759bf075b76b750d4f2df264fcd"
-        ]
-    },
-    buildkite: {
-        url: "https://agent.buildkite.com",
-        clientIds: ["sts.amazonaws.com"],
-        thumbprints: ["9e99a48a9960b14926bb7f3b02e22da2b0ab7280"]
-    },
-    "gitlab-ci": {
-        url: "https://gitlab.com",
-        clientIds: ["https://gitlab.com"],
-        thumbprints: ["b3dd7606d2b5a8b4a13771dbecc9ee1cecafa38a"]
-    }
-};
-/**
- * Factory to build a CI/CD deploy IAM role with OIDC authentication.
- * Creates both the OIDC provider (if needed) and the deploy role with appropriate permissions.
- */
-class CICDRoleFactory {
-    /**
-     * Build a CI/CD deploy role with OIDC authentication
-     */
-    static build(id, config) {
-        return (_app, scope) => {
-            const providerConfig = OIDC_CONFIGS[config.provider];
-            const roleName = config.roleName || `FjallDeploy-${config.provider}-${config.appName}`;
-            // Create or reference OIDC provider
-            let oidcProvider;
-            if (config.existingProviderArn) {
-                // Use existing provider by ARN
-                oidcProvider = aws_iam_1.OpenIdConnectProvider.fromOpenIdConnectProviderArn(scope, `${id}OidcProvider`, config.existingProviderArn);
-            }
-            else {
-                // Create new OIDC provider
-                oidcProvider = new aws_iam_1.OpenIdConnectProvider(scope, `${id}OidcProvider`, {
-                    url: providerConfig.url,
-                    clientIds: providerConfig.clientIds,
-                    thumbprints: providerConfig.thumbprints
-                });
-            }
-            // Build trust policy conditions based on provider
-            const conditions = this.buildTrustConditions(config.provider, config.repositoryOrOrg, oidcProvider.openIdConnectProviderIssuer);
-            // Create the role with OIDC web identity principal
-            const role = new aws_iam_1.Role(scope, id, {
-                roleName: roleName,
-                path: config.rolePath || "/",
-                assumedBy: new aws_iam_1.WebIdentityPrincipal(oidcProvider.openIdConnectProviderArn, conditions),
-                description: `CI/CD deploy role for ${config.provider} - ${config.appName}`
-            });
-            // Add permissions
-            if (config.customPermissions) {
-                config.customPermissions.forEach((statement) => {
-                    role.addToPolicy(statement);
-                });
-            }
-            else {
-                this.addDefaultDeployPermissions(role);
-            }
-            // Export the role ARN
-            new aws_cdk_lib_1.CfnOutput(scope, `${id}Arn`, {
-                value: role.roleArn,
-                description: `ARN of the CI/CD deploy role for ${config.appName}`,
-                exportName: `${config.appName}-CICDRoleArn`
-            });
-            // Export the OIDC provider ARN
-            new aws_cdk_lib_1.CfnOutput(scope, `${id}ProviderArn`, {
-                value: oidcProvider.openIdConnectProviderArn,
-                description: `ARN of the OIDC provider for ${config.provider}`,
-                exportName: `${config.appName}-CICDProviderArn`
-            });
-            return role;
-        };
-    }
-    /**
-     * Build trust policy conditions based on CI/CD provider
-     */
-    static buildTrustConditions(provider, repositoryOrOrg, issuer) {
-        const conditions = {
-            StringEquals: {
-                [`${issuer}:aud`]: OIDC_CONFIGS[provider].clientIds[0]
-            }
-        };
-        // Add provider-specific subject claim conditions
-        switch (provider) {
-            case "github-actions":
-                conditions.StringLike = {
-                    [`${issuer}:sub`]: `repo:${repositoryOrOrg}:*`
-                };
-                break;
-            case "buildkite":
-                conditions.StringLike = {
-                    [`${issuer}:sub`]: `organization:${repositoryOrOrg}:*`
-                };
-                break;
-            case "gitlab-ci":
-                conditions.StringLike = {
-                    [`${issuer}:sub`]: `project_path:${repositoryOrOrg}:*`
-                };
-                break;
-        }
-        return conditions;
-    }
-    /**
-     * Add default deployment permissions to the role
-     */
-    static addDefaultDeployPermissions(role) {
-        // CloudFormation permissions for CDK deployments
-        role.addToPolicy(new aws_iam_1.PolicyStatement({
-            effect: aws_iam_1.Effect.ALLOW,
-            actions: ["cloudformation:*"],
-            resources: ["*"]
-        }));
-        // S3 permissions for CDK assets
-        role.addToPolicy(new aws_iam_1.PolicyStatement({
-            effect: aws_iam_1.Effect.ALLOW,
-            actions: ["s3:*"],
-            resources: ["*"]
-        }));
-        // ECR permissions for container images
-        role.addToPolicy(new aws_iam_1.PolicyStatement({
-            effect: aws_iam_1.Effect.ALLOW,
-            actions: ["ecr:*"],
-            resources: ["*"]
-        }));
-        // ECS permissions for service deployments
-        role.addToPolicy(new aws_iam_1.PolicyStatement({
-            effect: aws_iam_1.Effect.ALLOW,
-            actions: ["ecs:*"],
-            resources: ["*"]
-        }));
-        // CloudWatch Logs permissions
-        role.addToPolicy(new aws_iam_1.PolicyStatement({
-            effect: aws_iam_1.Effect.ALLOW,
-            actions: ["logs:*"],
-            resources: ["*"]
-        }));
-        // IAM permissions for role management
-        role.addToPolicy(new aws_iam_1.PolicyStatement({
-            effect: aws_iam_1.Effect.ALLOW,
-            actions: [
-                "iam:PassRole",
-                "iam:GetRole",
-                "iam:CreateRole",
-                "iam:DeleteRole",
-                "iam:AttachRolePolicy",
-                "iam:DetachRolePolicy",
-                "iam:PutRolePolicy",
-                "iam:DeleteRolePolicy"
-            ],
-            resources: ["*"]
-        }));
-        // SSM and Secrets Manager for runtime configuration
-        role.addToPolicy(new aws_iam_1.PolicyStatement({
-            effect: aws_iam_1.Effect.ALLOW,
-            actions: [
-                "ssm:GetParameter",
-                "ssm:GetParameters",
-                "secretsmanager:GetSecretValue"
-            ],
-            resources: ["*"]
-        }));
-        // EC2 permissions for VPC/networking queries
-        role.addToPolicy(new aws_iam_1.PolicyStatement({
-            effect: aws_iam_1.Effect.ALLOW,
-            actions: [
-                "ec2:DescribeAvailabilityZones",
-                "ec2:DescribeVpcs",
-                "ec2:DescribeSubnets",
-                "ec2:DescribeSecurityGroups"
-            ],
-            resources: ["*"]
-        }));
-    }
-}
-exports.CICDRoleFactory = CICDRoleFactory;
-exports.default = CICDRoleFactory;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2ljZFJvbGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi9saWIvcmVzb3VyY2VzL2F3cy9jaWNkL2NpY2RSb2xlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDZDQUF3QztBQUN4QyxpREFNNkI7QUFpRTdCOztHQUVHO0FBQ0gsTUFBTSxZQUFZLEdBQTZDO0lBQzdELGdCQUFnQixFQUFFO1FBQ2hCLEdBQUcsRUFBRSw2Q0FBNkM7UUFDbEQsU0FBUyxFQUFFLENBQUMsbUJBQW1CLENBQUM7UUFDaEMsV0FBVyxFQUFFO1lBQ1gsMENBQTBDO1lBQzFDLDBDQUEwQztTQUMzQztLQUNGO0lBQ0QsU0FBUyxFQUFFO1FBQ1QsR0FBRyxFQUFFLDZCQUE2QjtRQUNsQyxTQUFTLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQztRQUNoQyxXQUFXLEVBQUUsQ0FBQywwQ0FBMEMsQ0FBQztLQUMxRDtJQUNELFdBQVcsRUFBRTtRQUNYLEdBQUcsRUFBRSxvQkFBb0I7UUFDekIsU0FBUyxFQUFFLENBQUMsb0JBQW9CLENBQUM7UUFDakMsV0FBVyxFQUFFLENBQUMsMENBQTBDLENBQUM7S0FDMUQ7Q0FDRixDQUFDO0FBRUY7OztHQUdHO0FBQ0gsTUFBYSxlQUFlO0lBQzFCOztPQUVHO0lBQ0ksTUFBTSxDQUFDLEtBQUssQ0FDakIsRUFBVSxFQUNWLE1BQXNCO1FBRXRCLE9BQU8sQ0FBQyxJQUFlLEVBQUUsS0FBZ0IsRUFBRSxFQUFFO1lBQzNDLE1BQU0sY0FBYyxHQUFHLFlBQVksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDckQsTUFBTSxRQUFRLEdBQ1osTUFBTSxDQUFDLFFBQVEsSUFBSSxlQUFlLE1BQU0sQ0FBQyxRQUFRLElBQUksTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBRXhFLG9DQUFvQztZQUNwQyxJQUFJLFlBQW1DLENBQUM7WUFFeEMsSUFBSSxNQUFNLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztnQkFDL0IsK0JBQStCO2dCQUMvQixZQUFZLEdBQUcsK0JBQXFCLENBQUMsNEJBQTRCLENBQy9ELEtBQUssRUFDTCxHQUFHLEVBQUUsY0FBYyxFQUNuQixNQUFNLENBQUMsbUJBQW1CLENBQzNCLENBQUM7WUFDSixDQUFDO2lCQUFNLENBQUM7Z0JBQ04sMkJBQTJCO2dCQUMzQixZQUFZLEdBQUcsSUFBSSwrQkFBcUIsQ0FBQyxLQUFLLEVBQUUsR0FBRyxFQUFFLGNBQWMsRUFBRTtvQkFDbkUsR0FBRyxFQUFFLGNBQWMsQ0FBQyxHQUFHO29CQUN2QixTQUFTLEVBQUUsY0FBYyxDQUFDLFNBQVM7b0JBQ25DLFdBQVcsRUFBRSxjQUFjLENBQUMsV0FBVztpQkFDeEMsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztZQUVELGtEQUFrRDtZQUNsRCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsb0JBQW9CLENBQzFDLE1BQU0sQ0FBQyxRQUFRLEVBQ2YsTUFBTSxDQUFDLGVBQWUsRUFDdEIsWUFBWSxDQUFDLDJCQUEyQixDQUN6QyxDQUFDO1lBRUYsbURBQW1EO1lBQ25ELE1BQU0sSUFBSSxHQUFHLElBQUksY0FBSSxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUU7Z0JBQy9CLFFBQVEsRUFBRSxRQUFRO2dCQUNsQixJQUFJLEVBQUUsTUFBTSxDQUFDLFFBQVEsSUFBSSxHQUFHO2dCQUM1QixTQUFTLEVBQUUsSUFBSSw4QkFBb0IsQ0FDakMsWUFBWSxDQUFDLHdCQUF3QixFQUNyQyxVQUFVLENBQ1g7Z0JBQ0QsV0FBVyxFQUFFLHlCQUF5QixNQUFNLENBQUMsUUFBUSxNQUFNLE1BQU0sQ0FBQyxPQUFPLEVBQUU7YUFDNUUsQ0FBQyxDQUFDO1lBRUgsa0JBQWtCO1lBQ2xCLElBQUksTUFBTSxDQUFDLGlCQUFpQixFQUFFLENBQUM7Z0JBQzdCLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsQ0FBQyxTQUFTLEVBQUUsRUFBRTtvQkFDN0MsSUFBSSxDQUFDLFdBQVcsQ0FBQyxTQUFTLENBQUMsQ0FBQztnQkFDOUIsQ0FBQyxDQUFDLENBQUM7WUFDTCxDQUFDO2lCQUFNLENBQUM7Z0JBQ04sSUFBSSxDQUFDLDJCQUEyQixDQUFDLElBQUksQ0FBQyxDQUFDO1lBQ3pDLENBQUM7WUFFRCxzQkFBc0I7WUFDdEIsSUFBSSx1QkFBUyxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsS0FBSyxFQUFFO2dCQUMvQixLQUFLLEVBQUUsSUFBSSxDQUFDLE9BQU87Z0JBQ25CLFdBQVcsRUFBRSxvQ0FBb0MsTUFBTSxDQUFDLE9BQU8sRUFBRTtnQkFDakUsVUFBVSxFQUFFLEdBQUcsTUFBTSxDQUFDLE9BQU8sY0FBYzthQUM1QyxDQUFDLENBQUM7WUFFSCwrQkFBK0I7WUFDL0IsSUFBSSx1QkFBUyxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsYUFBYSxFQUFFO2dCQUN2QyxLQUFLLEVBQUUsWUFBWSxDQUFDLHdCQUF3QjtnQkFDNUMsV0FBVyxFQUFFLGdDQUFnQyxNQUFNLENBQUMsUUFBUSxFQUFFO2dCQUM5RCxVQUFVLEVBQUUsR0FBRyxNQUFNLENBQUMsT0FBTyxrQkFBa0I7YUFDaEQsQ0FBQyxDQUFDO1lBRUgsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSyxNQUFNLENBQUMsb0JBQW9CLENBQ2pDLFFBQXNCLEVBQ3RCLGVBQXVCLEVBQ3ZCLE1BQWM7UUFFZCxNQUFNLFVBQVUsR0FBNEI7WUFDMUMsWUFBWSxFQUFFO2dCQUNaLENBQUMsR0FBRyxNQUFNLE1BQU0sQ0FBQyxFQUFFLFlBQVksQ0FBQyxRQUFRLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDO2FBQ3ZEO1NBQ0YsQ0FBQztRQUVGLGlEQUFpRDtRQUNqRCxRQUFRLFFBQVEsRUFBRSxDQUFDO1lBQ2pCLEtBQUssZ0JBQWdCO2dCQUNuQixVQUFVLENBQUMsVUFBVSxHQUFHO29CQUN0QixDQUFDLEdBQUcsTUFBTSxNQUFNLENBQUMsRUFBRSxRQUFRLGVBQWUsSUFBSTtpQkFDL0MsQ0FBQztnQkFDRixNQUFNO1lBRVIsS0FBSyxXQUFXO2dCQUNkLFVBQVUsQ0FBQyxVQUFVLEdBQUc7b0JBQ3RCLENBQUMsR0FBRyxNQUFNLE1BQU0sQ0FBQyxFQUFFLGdCQUFnQixlQUFlLElBQUk7aUJBQ3ZELENBQUM7Z0JBQ0YsTUFBTTtZQUVSLEtBQUssV0FBVztnQkFDZCxVQUFVLENBQUMsVUFBVSxHQUFHO29CQUN0QixDQUFDLEdBQUcsTUFBTSxNQUFNLENBQUMsRUFBRSxnQkFBZ0IsZUFBZSxJQUFJO2lCQUN2RCxDQUFDO2dCQUNGLE1BQU07UUFDVixDQUFDO1FBRUQsT0FBTyxVQUFVLENBQUM7SUFDcEIsQ0FBQztJQUVEOztPQUVHO0lBQ0ssTUFBTSxDQUFDLDJCQUEyQixDQUFDLElBQVU7UUFDbkQsaURBQWlEO1FBQ2pELElBQUksQ0FBQyxXQUFXLENBQ2QsSUFBSSx5QkFBZSxDQUFDO1lBQ2xCLE1BQU0sRUFBRSxnQkFBTSxDQUFDLEtBQUs7WUFDcEIsT0FBTyxFQUFFLENBQUMsa0JBQWtCLENBQUM7WUFDN0IsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO1NBQ2pCLENBQUMsQ0FDSCxDQUFDO1FBRUYsZ0NBQWdDO1FBQ2hDLElBQUksQ0FBQyxXQUFXLENBQ2QsSUFBSSx5QkFBZSxDQUFDO1lBQ2xCLE1BQU0sRUFBRSxnQkFBTSxDQUFDLEtBQUs7WUFDcEIsT0FBTyxFQUFFLENBQUMsTUFBTSxDQUFDO1lBQ2pCLFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQztTQUNqQixDQUFDLENBQ0gsQ0FBQztRQUVGLHVDQUF1QztRQUN2QyxJQUFJLENBQUMsV0FBVyxDQUNkLElBQUkseUJBQWUsQ0FBQztZQUNsQixNQUFNLEVBQUUsZ0JBQU0sQ0FBQyxLQUFLO1lBQ3BCLE9BQU8sRUFBRSxDQUFDLE9BQU8sQ0FBQztZQUNsQixTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7U0FDakIsQ0FBQyxDQUNILENBQUM7UUFFRiwwQ0FBMEM7UUFDMUMsSUFBSSxDQUFDLFdBQVcsQ0FDZCxJQUFJLHlCQUFlLENBQUM7WUFDbEIsTUFBTSxFQUFFLGdCQUFNLENBQUMsS0FBSztZQUNwQixPQUFPLEVBQUUsQ0FBQyxPQUFPLENBQUM7WUFDbEIsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO1NBQ2pCLENBQUMsQ0FDSCxDQUFDO1FBRUYsOEJBQThCO1FBQzlCLElBQUksQ0FBQyxXQUFXLENBQ2QsSUFBSSx5QkFBZSxDQUFDO1lBQ2xCLE1BQU0sRUFBRSxnQkFBTSxDQUFDLEtBQUs7WUFDcEIsT0FBTyxFQUFFLENBQUMsUUFBUSxDQUFDO1lBQ25CLFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQztTQUNqQixDQUFDLENBQ0gsQ0FBQztRQUVGLHNDQUFzQztRQUN0QyxJQUFJLENBQUMsV0FBVyxDQUNkLElBQUkseUJBQWUsQ0FBQztZQUNsQixNQUFNLEVBQUUsZ0JBQU0sQ0FBQyxLQUFLO1lBQ3BCLE9BQU8sRUFBRTtnQkFDUCxjQUFjO2dCQUNkLGFBQWE7Z0JBQ2IsZ0JBQWdCO2dCQUNoQixnQkFBZ0I7Z0JBQ2hCLHNCQUFzQjtnQkFDdEIsc0JBQXNCO2dCQUN0QixtQkFBbUI7Z0JBQ25CLHNCQUFzQjthQUN2QjtZQUNELFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQztTQUNqQixDQUFDLENBQ0gsQ0FBQztRQUVGLG9EQUFvRDtRQUNwRCxJQUFJLENBQUMsV0FBVyxDQUNkLElBQUkseUJBQWUsQ0FBQztZQUNsQixNQUFNLEVBQUUsZ0JBQU0sQ0FBQyxLQUFLO1lBQ3BCLE9BQU8sRUFBRTtnQkFDUCxrQkFBa0I7Z0JBQ2xCLG1CQUFtQjtnQkFDbkIsK0JBQStCO2FBQ2hDO1lBQ0QsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO1NBQ2pCLENBQUMsQ0FDSCxDQUFDO1FBRUYsNkNBQTZDO1FBQzdDLElBQUksQ0FBQyxXQUFXLENBQ2QsSUFBSSx5QkFBZSxDQUFDO1lBQ2xCLE1BQU0sRUFBRSxnQkFBTSxDQUFDLEtBQUs7WUFDcEIsT0FBTyxFQUFFO2dCQUNQLCtCQUErQjtnQkFDL0Isa0JBQWtCO2dCQUNsQixxQkFBcUI7Z0JBQ3JCLDRCQUE0QjthQUM3QjtZQUNELFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQztTQUNqQixDQUFDLENBQ0gsQ0FBQztJQUNKLENBQUM7Q0FDRjtBQWpORCwwQ0FpTkM7QUFFRCxrQkFBZSxlQUFlLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBDZm5PdXRwdXQgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7XG4gIFJvbGUsXG4gIFdlYklkZW50aXR5UHJpbmNpcGFsLFxuICBPcGVuSWRDb25uZWN0UHJvdmlkZXIsXG4gIFBvbGljeVN0YXRlbWVudCxcbiAgRWZmZWN0XG59IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCI7XG5pbXBvcnQgeyB0eXBlIENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5cbi8qKlxuICogU3VwcG9ydGVkIENJL0NEIHByb3ZpZGVyc1xuICovXG5leHBvcnQgdHlwZSBDSUNEUHJvdmlkZXIgPSBcImdpdGh1Yi1hY3Rpb25zXCIgfCBcImJ1aWxka2l0ZVwiIHwgXCJnaXRsYWItY2lcIjtcblxuLyoqXG4gKiBPSURDIHByb3ZpZGVyIGNvbmZpZ3VyYXRpb25cbiAqL1xuaW50ZXJmYWNlIE9JRENQcm92aWRlckNvbmZpZyB7XG4gIHVybDogc3RyaW5nO1xuICBjbGllbnRJZHM6IHN0cmluZ1tdO1xuICB0aHVtYnByaW50czogc3RyaW5nW107XG59XG5cbi8qKlxuICogQ29uZmlndXJhdGlvbiBmb3IgY3JlYXRpbmcgYSBDSS9DRCBkZXBsb3kgcm9sZVxuICovXG5leHBvcnQgaW50ZXJmYWNlIENJQ0RSb2xlQ29uZmlnIHtcbiAgLyoqXG4gICAqIFRoZSBDSS9DRCBwcm92aWRlciAoZ2l0aHViLWFjdGlvbnMsIGJ1aWxka2l0ZSwgZ2l0bGFiLWNpKVxuICAgKi9cbiAgcHJvdmlkZXI6IENJQ0RQcm92aWRlcjtcblxuICAvKipcbiAgICogVGhlIGFwcGxpY2F0aW9uIG5hbWUgdG8gc2NvcGUgdGhlIHJvbGUncyBwZXJtaXNzaW9ucyB0b1xuICAgKi9cbiAgYXBwTmFtZTogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBGb3IgR2l0SHViIEFjdGlvbnM6IHJlcG9zaXRvcnkgKG9yZy9yZXBvKVxuICAgKiBGb3IgQnVpbGRraXRlOiBvcmdhbml6YXRpb24gc2x1Z1xuICAgKiBGb3IgR2l0TGFiIENJOiBwcm9qZWN0IHBhdGggKGdyb3VwL3Byb2plY3QpXG4gICAqL1xuICByZXBvc2l0b3J5T3JPcmc6IHN0cmluZztcblxuICAvKipcbiAgICogT3B0aW9uYWwgcm9sZSBuYW1lLiBEZWZhdWx0cyB0byBcIkZqYWxsRGVwbG95LXtwcm92aWRlcn0te2FwcE5hbWV9XCJcbiAgICovXG4gIHJvbGVOYW1lPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBPcHRpb25hbCBJQU0gcGF0aCBmb3IgdGhlIHJvbGUuIERlZmF1bHRzIHRvIFwiL1wiXG4gICAqL1xuICByb2xlUGF0aD86IHN0cmluZztcblxuICAvKipcbiAgICogT3B0aW9uYWwgY3VzdG9tIHBlcm1pc3Npb25zLiBJZiBub3QgcHJvdmlkZWQsIGRlZmF1bHQgZGVwbG95bWVudCBwZXJtaXNzaW9ucyB3aWxsIGJlIHVzZWQuXG4gICAqL1xuICBjdXN0b21QZXJtaXNzaW9ucz86IFBvbGljeVN0YXRlbWVudFtdO1xuXG4gIC8qKlxuICAgKiBXaGV0aGVyIHRvIHVzZSBleGlzdGluZyBPSURDIHByb3ZpZGVyIG9yIGNyZWF0ZSBhIG5ldyBvbmVcbiAgICogSWYgdHJ1ZSwgd2lsbCBsb29rIGZvciBleGlzdGluZyBwcm92aWRlciBieSBVUkxcbiAgICovXG4gIHVzZUV4aXN0aW5nUHJvdmlkZXI/OiBib29sZWFuO1xuXG4gIC8qKlxuICAgKiBPcHRpb25hbCBBUk4gb2YgZXhpc3RpbmcgT0lEQyBwcm92aWRlciAoc2tpcHMgY3JlYXRpb24pXG4gICAqL1xuICBleGlzdGluZ1Byb3ZpZGVyQXJuPzogc3RyaW5nO1xufVxuXG4vKipcbiAqIE9JREMgcHJvdmlkZXIgY29uZmlndXJhdGlvbnMgZm9yIGRpZmZlcmVudCBDSS9DRCBzeXN0ZW1zXG4gKi9cbmNvbnN0IE9JRENfQ09ORklHUzogUmVjb3JkPENJQ0RQcm92aWRlciwgT0lEQ1Byb3ZpZGVyQ29uZmlnPiA9IHtcbiAgXCJnaXRodWItYWN0aW9uc1wiOiB7XG4gICAgdXJsOiBcImh0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb21cIixcbiAgICBjbGllbnRJZHM6IFtcInN0cy5hbWF6b25hd3MuY29tXCJdLFxuICAgIHRodW1icHJpbnRzOiBbXG4gICAgICBcIjY5MzhmZDRkOThiYWIwM2ZhYWRiOTdiMzQzOTY4MzFlMzc4MGFlYTFcIixcbiAgICAgIFwiMWM1OGEzYTg1MThlODc1OWJmMDc1Yjc2Yjc1MGQ0ZjJkZjI2NGZjZFwiXG4gICAgXVxuICB9LFxuICBidWlsZGtpdGU6IHtcbiAgICB1cmw6IFwiaHR0cHM6Ly9hZ2VudC5idWlsZGtpdGUuY29tXCIsXG4gICAgY2xpZW50SWRzOiBbXCJzdHMuYW1hem9uYXdzLmNvbVwiXSxcbiAgICB0aHVtYnByaW50czogW1wiOWU5OWE0OGE5OTYwYjE0OTI2YmI3ZjNiMDJlMjJkYTJiMGFiNzI4MFwiXVxuICB9LFxuICBcImdpdGxhYi1jaVwiOiB7XG4gICAgdXJsOiBcImh0dHBzOi8vZ2l0bGFiLmNvbVwiLFxuICAgIGNsaWVudElkczogW1wiaHR0cHM6Ly9naXRsYWIuY29tXCJdLFxuICAgIHRodW1icHJpbnRzOiBbXCJiM2RkNzYwNmQyYjVhOGI0YTEzNzcxZGJlY2M5ZWUxY2VjYWZhMzhhXCJdXG4gIH1cbn07XG5cbi8qKlxuICogRmFjdG9yeSB0byBidWlsZCBhIENJL0NEIGRlcGxveSBJQU0gcm9sZSB3aXRoIE9JREMgYXV0aGVudGljYXRpb24uXG4gKiBDcmVhdGVzIGJvdGggdGhlIE9JREMgcHJvdmlkZXIgKGlmIG5lZWRlZCkgYW5kIHRoZSBkZXBsb3kgcm9sZSB3aXRoIGFwcHJvcHJpYXRlIHBlcm1pc3Npb25zLlxuICovXG5leHBvcnQgY2xhc3MgQ0lDRFJvbGVGYWN0b3J5IHtcbiAgLyoqXG4gICAqIEJ1aWxkIGEgQ0kvQ0QgZGVwbG95IHJvbGUgd2l0aCBPSURDIGF1dGhlbnRpY2F0aW9uXG4gICAqL1xuICBwdWJsaWMgc3RhdGljIGJ1aWxkKFxuICAgIGlkOiBzdHJpbmcsXG4gICAgY29uZmlnOiBDSUNEUm9sZUNvbmZpZ1xuICApOiAoYXBwOiBDb25zdHJ1Y3QsIHNjb3BlOiBDb25zdHJ1Y3QpID0+IFJvbGUge1xuICAgIHJldHVybiAoX2FwcDogQ29uc3RydWN0LCBzY29wZTogQ29uc3RydWN0KSA9PiB7XG4gICAgICBjb25zdCBwcm92aWRlckNvbmZpZyA9IE9JRENfQ09ORklHU1tjb25maWcucHJvdmlkZXJdO1xuICAgICAgY29uc3Qgcm9sZU5hbWUgPVxuICAgICAgICBjb25maWcucm9sZU5hbWUgfHwgYEZqYWxsRGVwbG95LSR7Y29uZmlnLnByb3ZpZGVyfS0ke2NvbmZpZy5hcHBOYW1lfWA7XG5cbiAgICAgIC8vIENyZWF0ZSBvciByZWZlcmVuY2UgT0lEQyBwcm92aWRlclxuICAgICAgbGV0IG9pZGNQcm92aWRlcjogT3BlbklkQ29ubmVjdFByb3ZpZGVyO1xuXG4gICAgICBpZiAoY29uZmlnLmV4aXN0aW5nUHJvdmlkZXJBcm4pIHtcbiAgICAgICAgLy8gVXNlIGV4aXN0aW5nIHByb3ZpZGVyIGJ5IEFSTlxuICAgICAgICBvaWRjUHJvdmlkZXIgPSBPcGVuSWRDb25uZWN0UHJvdmlkZXIuZnJvbU9wZW5JZENvbm5lY3RQcm92aWRlckFybihcbiAgICAgICAgICBzY29wZSxcbiAgICAgICAgICBgJHtpZH1PaWRjUHJvdmlkZXJgLFxuICAgICAgICAgIGNvbmZpZy5leGlzdGluZ1Byb3ZpZGVyQXJuXG4gICAgICAgICk7XG4gICAgICB9IGVsc2Uge1xuICAgICAgICAvLyBDcmVhdGUgbmV3IE9JREMgcHJvdmlkZXJcbiAgICAgICAgb2lkY1Byb3ZpZGVyID0gbmV3IE9wZW5JZENvbm5lY3RQcm92aWRlcihzY29wZSwgYCR7aWR9T2lkY1Byb3ZpZGVyYCwge1xuICAgICAgICAgIHVybDogcHJvdmlkZXJDb25maWcudXJsLFxuICAgICAgICAgIGNsaWVudElkczogcHJvdmlkZXJDb25maWcuY2xpZW50SWRzLFxuICAgICAgICAgIHRodW1icHJpbnRzOiBwcm92aWRlckNvbmZpZy50aHVtYnByaW50c1xuICAgICAgICB9KTtcbiAgICAgIH1cblxuICAgICAgLy8gQnVpbGQgdHJ1c3QgcG9saWN5IGNvbmRpdGlvbnMgYmFzZWQgb24gcHJvdmlkZXJcbiAgICAgIGNvbnN0IGNvbmRpdGlvbnMgPSB0aGlzLmJ1aWxkVHJ1c3RDb25kaXRpb25zKFxuICAgICAgICBjb25maWcucHJvdmlkZXIsXG4gICAgICAgIGNvbmZpZy5yZXBvc2l0b3J5T3JPcmcsXG4gICAgICAgIG9pZGNQcm92aWRlci5vcGVuSWRDb25uZWN0UHJvdmlkZXJJc3N1ZXJcbiAgICAgICk7XG5cbiAgICAgIC8vIENyZWF0ZSB0aGUgcm9sZSB3aXRoIE9JREMgd2ViIGlkZW50aXR5IHByaW5jaXBhbFxuICAgICAgY29uc3Qgcm9sZSA9IG5ldyBSb2xlKHNjb3BlLCBpZCwge1xuICAgICAgICByb2xlTmFtZTogcm9sZU5hbWUsXG4gICAgICAgIHBhdGg6IGNvbmZpZy5yb2xlUGF0aCB8fCBcIi9cIixcbiAgICAgICAgYXNzdW1lZEJ5OiBuZXcgV2ViSWRlbnRpdHlQcmluY2lwYWwoXG4gICAgICAgICAgb2lkY1Byb3ZpZGVyLm9wZW5JZENvbm5lY3RQcm92aWRlckFybixcbiAgICAgICAgICBjb25kaXRpb25zXG4gICAgICAgICksXG4gICAgICAgIGRlc2NyaXB0aW9uOiBgQ0kvQ0QgZGVwbG95IHJvbGUgZm9yICR7Y29uZmlnLnByb3ZpZGVyfSAtICR7Y29uZmlnLmFwcE5hbWV9YFxuICAgICAgfSk7XG5cbiAgICAgIC8vIEFkZCBwZXJtaXNzaW9uc1xuICAgICAgaWYgKGNvbmZpZy5jdXN0b21QZXJtaXNzaW9ucykge1xuICAgICAgICBjb25maWcuY3VzdG9tUGVybWlzc2lvbnMuZm9yRWFjaCgoc3RhdGVtZW50KSA9PiB7XG4gICAgICAgICAgcm9sZS5hZGRUb1BvbGljeShzdGF0ZW1lbnQpO1xuICAgICAgICB9KTtcbiAgICAgIH0gZWxzZSB7XG4gICAgICAgIHRoaXMuYWRkRGVmYXVsdERlcGxveVBlcm1pc3Npb25zKHJvbGUpO1xuICAgICAgfVxuXG4gICAgICAvLyBFeHBvcnQgdGhlIHJvbGUgQVJOXG4gICAgICBuZXcgQ2ZuT3V0cHV0KHNjb3BlLCBgJHtpZH1Bcm5gLCB7XG4gICAgICAgIHZhbHVlOiByb2xlLnJvbGVBcm4sXG4gICAgICAgIGRlc2NyaXB0aW9uOiBgQVJOIG9mIHRoZSBDSS9DRCBkZXBsb3kgcm9sZSBmb3IgJHtjb25maWcuYXBwTmFtZX1gLFxuICAgICAgICBleHBvcnROYW1lOiBgJHtjb25maWcuYXBwTmFtZX0tQ0lDRFJvbGVBcm5gXG4gICAgICB9KTtcblxuICAgICAgLy8gRXhwb3J0IHRoZSBPSURDIHByb3ZpZGVyIEFSTlxuICAgICAgbmV3IENmbk91dHB1dChzY29wZSwgYCR7aWR9UHJvdmlkZXJBcm5gLCB7XG4gICAgICAgIHZhbHVlOiBvaWRjUHJvdmlkZXIub3BlbklkQ29ubmVjdFByb3ZpZGVyQXJuLFxuICAgICAgICBkZXNjcmlwdGlvbjogYEFSTiBvZiB0aGUgT0lEQyBwcm92aWRlciBmb3IgJHtjb25maWcucHJvdmlkZXJ9YCxcbiAgICAgICAgZXhwb3J0TmFtZTogYCR7Y29uZmlnLmFwcE5hbWV9LUNJQ0RQcm92aWRlckFybmBcbiAgICAgIH0pO1xuXG4gICAgICByZXR1cm4gcm9sZTtcbiAgICB9O1xuICB9XG5cbiAgLyoqXG4gICAqIEJ1aWxkIHRydXN0IHBvbGljeSBjb25kaXRpb25zIGJhc2VkIG9uIENJL0NEIHByb3ZpZGVyXG4gICAqL1xuICBwcml2YXRlIHN0YXRpYyBidWlsZFRydXN0Q29uZGl0aW9ucyhcbiAgICBwcm92aWRlcjogQ0lDRFByb3ZpZGVyLFxuICAgIHJlcG9zaXRvcnlPck9yZzogc3RyaW5nLFxuICAgIGlzc3Vlcjogc3RyaW5nXG4gICk6IFJlY29yZDxzdHJpbmcsIHVua25vd24+IHtcbiAgICBjb25zdCBjb25kaXRpb25zOiBSZWNvcmQ8c3RyaW5nLCB1bmtub3duPiA9IHtcbiAgICAgIFN0cmluZ0VxdWFsczoge1xuICAgICAgICBbYCR7aXNzdWVyfTphdWRgXTogT0lEQ19DT05GSUdTW3Byb3ZpZGVyXS5jbGllbnRJZHNbMF1cbiAgICAgIH1cbiAgICB9O1xuXG4gICAgLy8gQWRkIHByb3ZpZGVyLXNwZWNpZmljIHN1YmplY3QgY2xhaW0gY29uZGl0aW9uc1xuICAgIHN3aXRjaCAocHJvdmlkZXIpIHtcbiAgICAgIGNhc2UgXCJnaXRodWItYWN0aW9uc1wiOlxuICAgICAgICBjb25kaXRpb25zLlN0cmluZ0xpa2UgPSB7XG4gICAgICAgICAgW2Ake2lzc3Vlcn06c3ViYF06IGByZXBvOiR7cmVwb3NpdG9yeU9yT3JnfToqYFxuICAgICAgICB9O1xuICAgICAgICBicmVhaztcblxuICAgICAgY2FzZSBcImJ1aWxka2l0ZVwiOlxuICAgICAgICBjb25kaXRpb25zLlN0cmluZ0xpa2UgPSB7XG4gICAgICAgICAgW2Ake2lzc3Vlcn06c3ViYF06IGBvcmdhbml6YXRpb246JHtyZXBvc2l0b3J5T3JPcmd9OipgXG4gICAgICAgIH07XG4gICAgICAgIGJyZWFrO1xuXG4gICAgICBjYXNlIFwiZ2l0bGFiLWNpXCI6XG4gICAgICAgIGNvbmRpdGlvbnMuU3RyaW5nTGlrZSA9IHtcbiAgICAgICAgICBbYCR7aXNzdWVyfTpzdWJgXTogYHByb2plY3RfcGF0aDoke3JlcG9zaXRvcnlPck9yZ306KmBcbiAgICAgICAgfTtcbiAgICAgICAgYnJlYWs7XG4gICAgfVxuXG4gICAgcmV0dXJuIGNvbmRpdGlvbnM7XG4gIH1cblxuICAvKipcbiAgICogQWRkIGRlZmF1bHQgZGVwbG95bWVudCBwZXJtaXNzaW9ucyB0byB0aGUgcm9sZVxuICAgKi9cbiAgcHJpdmF0ZSBzdGF0aWMgYWRkRGVmYXVsdERlcGxveVBlcm1pc3Npb25zKHJvbGU6IFJvbGUpOiB2b2lkIHtcbiAgICAvLyBDbG91ZEZvcm1hdGlvbiBwZXJtaXNzaW9ucyBmb3IgQ0RLIGRlcGxveW1lbnRzXG4gICAgcm9sZS5hZGRUb1BvbGljeShcbiAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICBlZmZlY3Q6IEVmZmVjdC5BTExPVyxcbiAgICAgICAgYWN0aW9uczogW1wiY2xvdWRmb3JtYXRpb246KlwiXSxcbiAgICAgICAgcmVzb3VyY2VzOiBbXCIqXCJdXG4gICAgICB9KVxuICAgICk7XG5cbiAgICAvLyBTMyBwZXJtaXNzaW9ucyBmb3IgQ0RLIGFzc2V0c1xuICAgIHJvbGUuYWRkVG9Qb2xpY3koXG4gICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgZWZmZWN0OiBFZmZlY3QuQUxMT1csXG4gICAgICAgIGFjdGlvbnM6IFtcInMzOipcIl0sXG4gICAgICAgIHJlc291cmNlczogW1wiKlwiXVxuICAgICAgfSlcbiAgICApO1xuXG4gICAgLy8gRUNSIHBlcm1pc3Npb25zIGZvciBjb250YWluZXIgaW1hZ2VzXG4gICAgcm9sZS5hZGRUb1BvbGljeShcbiAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICBlZmZlY3Q6IEVmZmVjdC5BTExPVyxcbiAgICAgICAgYWN0aW9uczogW1wiZWNyOipcIl0sXG4gICAgICAgIHJlc291cmNlczogW1wiKlwiXVxuICAgICAgfSlcbiAgICApO1xuXG4gICAgLy8gRUNTIHBlcm1pc3Npb25zIGZvciBzZXJ2aWNlIGRlcGxveW1lbnRzXG4gICAgcm9sZS5hZGRUb1BvbGljeShcbiAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICBlZmZlY3Q6IEVmZmVjdC5BTExPVyxcbiAgICAgICAgYWN0aW9uczogW1wiZWNzOipcIl0sXG4gICAgICAgIHJlc291cmNlczogW1wiKlwiXVxuICAgICAgfSlcbiAgICApO1xuXG4gICAgLy8gQ2xvdWRXYXRjaCBMb2dzIHBlcm1pc3Npb25zXG4gICAgcm9sZS5hZGRUb1BvbGljeShcbiAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICBlZmZlY3Q6IEVmZmVjdC5BTExPVyxcbiAgICAgICAgYWN0aW9uczogW1wibG9nczoqXCJdLFxuICAgICAgICByZXNvdXJjZXM6IFtcIipcIl1cbiAgICAgIH0pXG4gICAgKTtcblxuICAgIC8vIElBTSBwZXJtaXNzaW9ucyBmb3Igcm9sZSBtYW5hZ2VtZW50XG4gICAgcm9sZS5hZGRUb1BvbGljeShcbiAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICBlZmZlY3Q6IEVmZmVjdC5BTExPVyxcbiAgICAgICAgYWN0aW9uczogW1xuICAgICAgICAgIFwiaWFtOlBhc3NSb2xlXCIsXG4gICAgICAgICAgXCJpYW06R2V0Um9sZVwiLFxuICAgICAgICAgIFwiaWFtOkNyZWF0ZVJvbGVcIixcbiAgICAgICAgICBcImlhbTpEZWxldGVSb2xlXCIsXG4gICAgICAgICAgXCJpYW06QXR0YWNoUm9sZVBvbGljeVwiLFxuICAgICAgICAgIFwiaWFtOkRldGFjaFJvbGVQb2xpY3lcIixcbiAgICAgICAgICBcImlhbTpQdXRSb2xlUG9saWN5XCIsXG4gICAgICAgICAgXCJpYW06RGVsZXRlUm9sZVBvbGljeVwiXG4gICAgICAgIF0sXG4gICAgICAgIHJlc291cmNlczogW1wiKlwiXVxuICAgICAgfSlcbiAgICApO1xuXG4gICAgLy8gU1NNIGFuZCBTZWNyZXRzIE1hbmFnZXIgZm9yIHJ1bnRpbWUgY29uZmlndXJhdGlvblxuICAgIHJvbGUuYWRkVG9Qb2xpY3koXG4gICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgZWZmZWN0OiBFZmZlY3QuQUxMT1csXG4gICAgICAgIGFjdGlvbnM6IFtcbiAgICAgICAgICBcInNzbTpHZXRQYXJhbWV0ZXJcIixcbiAgICAgICAgICBcInNzbTpHZXRQYXJhbWV0ZXJzXCIsXG4gICAgICAgICAgXCJzZWNyZXRzbWFuYWdlcjpHZXRTZWNyZXRWYWx1ZVwiXG4gICAgICAgIF0sXG4gICAgICAgIHJlc291cmNlczogW1wiKlwiXVxuICAgICAgfSlcbiAgICApO1xuXG4gICAgLy8gRUMyIHBlcm1pc3Npb25zIGZvciBWUEMvbmV0d29ya2luZyBxdWVyaWVzXG4gICAgcm9sZS5hZGRUb1BvbGljeShcbiAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICBlZmZlY3Q6IEVmZmVjdC5BTExPVyxcbiAgICAgICAgYWN0aW9uczogW1xuICAgICAgICAgIFwiZWMyOkRlc2NyaWJlQXZhaWxhYmlsaXR5Wm9uZXNcIixcbiAgICAgICAgICBcImVjMjpEZXNjcmliZVZwY3NcIixcbiAgICAgICAgICBcImVjMjpEZXNjcmliZVN1Ym5ldHNcIixcbiAgICAgICAgICBcImVjMjpEZXNjcmliZVNlY3VyaXR5R3JvdXBzXCJcbiAgICAgICAgXSxcbiAgICAgICAgcmVzb3VyY2VzOiBbXCIqXCJdXG4gICAgICB9KVxuICAgICk7XG4gIH1cbn1cblxuZXhwb3J0IGRlZmF1bHQgQ0lDRFJvbGVGYWN0b3J5O1xuIl19

package/dist/lib/resources/aws/compute/ecsFreeTier.d.ts

@@ -1,75 +0,0 @@
-import { ContainerImage, type RepositoryImage } from "aws-cdk-lib/aws-ecs";
-import { Connections, type IConnectable, type IVpc } from "aws-cdk-lib/aws-ec2";
-import { Construct } from "constructs";
-import { type StackBuilder } from "../base/awsStack";
-import { type SecretValue } from "aws-cdk-lib";
-import { type IManagedPolicy, PolicyDocument, Role } from "aws-cdk-lib/aws-iam";
-import { Repository } from "aws-cdk-lib/aws-ecr";
-import { type KeyValue } from "../../../types";
-export declare enum ScalingType {
-    CPU = "ECSServiceAverageCPUUtilization",
-    MEMORY = "ECSServiceAverageMemoryUtilization"
-}
-export interface ContainerSecret {
-    [key: string]: SecretValue;
-}
-type Ec2ClusterProps = {
-    ecrRepository: Repository | RepositoryImage | string;
-    clusterName: string;
-    containerEntryPoint?: string[];
-    containerCommand?: string[];
-    containerEnvironment?: KeyValue;
-    containerSecrets?: ContainerSecret;
-    containerPort?: number;
-    cpu?: number;
-    parentDomain?: string;
-    desiredCount?: number;
-    healthCheckPath?: string;
-    listenerPort?: number;
-    memoryLimitMiB?: number;
-    publicLoadBalancer?: boolean;
-    scalingType?: ScalingType;
-    serviceName: string;
-    taskRoleInlinePolicies?: {
-        [name: string]: PolicyDocument;
-    };
-    taskRoleManagedPolicies?: IManagedPolicy[];
-    vpc?: IVpc;
-};
-export default class Ec2Cluster extends Construct implements IConnectable {
-    connections: Connections;
-    private cluster;
-    private autoScalingGroup;
-    private asgSecurityGroup;
-    private asgCapacityProvider;
-    private loadBalancer;
-    private loadBalancerSecurityGroup;
-    private loadBalancerListener;
-    private executionRole;
-    private taskDefinition;
-    private containerDefinition;
-    private ec2Service;
-    private scalingPolicy;
-    private hostedZone;
-    private certificate;
-    private aRecord;
-    private secrets;
-    constructor(scope: Construct, id: string, props: Ec2ClusterProps);
-    addCluster(props: Ec2ClusterProps): void;
-    addAutoScalingGroup(props: Ec2ClusterProps): void;
-    addSecrets(props: Ec2ClusterProps): void;
-    addExecutionRole(props: Ec2ClusterProps): void;
-    addTaskDefinition(props: Ec2ClusterProps): void;
-    addContainerDefinition(props: Ec2ClusterProps): void;
-    addEc2Service(props: Ec2ClusterProps): void;
-    addScalingPolicy(props: Ec2ClusterProps): void;
-    addLoadBalancer(props: Ec2ClusterProps): void;
-    removeAutoScalingGroup(): void;
-    addLoadBalancerListener(props: Ec2ClusterProps): void;
-    addHostedZone(props: Ec2ClusterProps): void;
-    registerLoadBalancerTargets(props: Ec2ClusterProps): void;
-    getImage(props: Ec2ClusterProps): ContainerImage;
-    getTaskRole(): Role | undefined;
-    static build(id: string, props: Ec2ClusterProps): (sb: StackBuilder) => Construct;
-}
-export {};