@fjall/components-infrastructure 0.88.3 → 0.88.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/app.d.ts +33 -10
- package/dist/lib/app.js +79 -36
- package/dist/lib/aspects/index.d.ts +1 -0
- package/dist/lib/aspects/index.js +6 -0
- package/dist/lib/config/aws/accountAuditRole.d.ts +20 -0
- package/dist/lib/config/aws/accountAuditRole.js +38 -0
- package/dist/lib/config/aws/accountMonitoringRole.d.ts +22 -0
- package/dist/lib/config/aws/accountMonitoringRole.js +133 -0
- package/dist/lib/config/aws/cloudTrail.d.ts +0 -3
- package/dist/lib/config/aws/cloudTrail.js +2 -2
- package/dist/lib/config/aws/disasterRecovery.js +26 -14
- package/dist/lib/config/aws/ecrDefaultImage.js +4 -3
- package/dist/lib/config/aws/index.d.ts +4 -0
- package/dist/lib/config/aws/index.js +5 -1
- package/dist/lib/config/aws/oidcConnector.d.ts +8 -0
- package/dist/lib/config/aws/oidcConnector.js +46 -0
- package/dist/lib/config/aws/platform.d.ts +2 -0
- package/dist/lib/config/aws/platform.js +6 -0
- package/dist/lib/config/index.d.ts +2 -0
- package/dist/lib/config/index.js +21 -0
- package/dist/lib/patterns/aws/account.js +22 -10
- package/dist/lib/patterns/aws/cdn.d.ts +19 -40
- package/dist/lib/patterns/aws/cdn.js +21 -17
- package/dist/lib/patterns/aws/compute.d.ts +6 -7
- package/dist/lib/patterns/aws/compute.js +7 -9
- package/dist/lib/patterns/aws/database.d.ts +7 -87
- package/dist/lib/patterns/aws/database.js +15 -38
- package/dist/lib/patterns/aws/index.d.ts +1 -1
- package/dist/lib/patterns/aws/index.js +2 -2
- package/dist/lib/patterns/aws/interfaces/cdn.d.ts +26 -0
- package/dist/lib/patterns/aws/interfaces/cdn.js +14 -0
- package/dist/lib/patterns/aws/interfaces/connector.d.ts +4 -181
- package/dist/lib/patterns/aws/interfaces/connector.js +16 -113
- package/dist/lib/patterns/aws/interfaces/index.d.ts +1 -0
- package/dist/lib/patterns/aws/interfaces/index.js +5 -2
- package/dist/lib/patterns/aws/interfaces/pattern.d.ts +6 -6
- package/dist/lib/patterns/aws/interfaces/pattern.js +1 -1
- package/dist/lib/patterns/aws/network.js +6 -9
- package/dist/lib/patterns/aws/organisation.d.ts +4 -2
- package/dist/lib/patterns/aws/organisation.js +21 -8
- package/dist/lib/patterns/aws/payload.js +11 -12
- package/dist/lib/patterns/aws/storage.d.ts +3 -2
- package/dist/lib/patterns/aws/storage.js +1 -1
- package/dist/lib/resources/aws/audit/auditRole.js +4 -4
- package/dist/lib/resources/aws/audit/index.d.ts +1 -0
- package/dist/lib/resources/aws/audit/index.js +6 -0
- package/dist/lib/resources/aws/backup/backupPlan.js +3 -2
- package/dist/lib/resources/aws/backup/backupVault.js +5 -3
- package/dist/lib/resources/aws/base/awsStack.d.ts +4 -2
- package/dist/lib/resources/aws/base/awsStack.js +8 -2
- package/dist/lib/resources/aws/cdn/cloudFront.d.ts +14 -0
- package/dist/lib/resources/aws/cdn/cloudFront.js +52 -18
- package/dist/lib/resources/aws/compute/ec2.js +18 -22
- package/dist/lib/resources/aws/compute/ecs.d.ts +9 -8
- package/dist/lib/resources/aws/compute/ecs.js +53 -41
- package/dist/lib/resources/aws/compute/index.d.ts +1 -0
- package/dist/lib/resources/aws/compute/index.js +2 -1
- package/dist/lib/resources/aws/compute/lambda.d.ts +0 -2
- package/dist/lib/resources/aws/compute/lambda.js +12 -27
- package/dist/lib/resources/aws/database/dynamodb.js +3 -13
- package/dist/lib/resources/aws/database/index.d.ts +8 -2
- package/dist/lib/resources/aws/database/index.js +19 -3
- package/dist/lib/resources/aws/database/rdsAurora.d.ts +2 -3
- package/dist/lib/resources/aws/database/rdsAurora.js +32 -68
- package/dist/lib/resources/aws/database/rdsAuroraGlobal.d.ts +6 -6
- package/dist/lib/resources/aws/database/rdsAuroraGlobal.js +25 -29
- package/dist/lib/resources/aws/database/rdsDefaults.d.ts +11 -0
- package/dist/lib/resources/aws/database/rdsDefaults.js +15 -0
- package/dist/lib/resources/aws/database/rdsHelpers.d.ts +39 -0
- package/dist/lib/resources/aws/database/rdsHelpers.js +75 -0
- package/dist/lib/resources/aws/database/rdsInstance.d.ts +7 -8
- package/dist/lib/resources/aws/database/rdsInstance.js +40 -84
- package/dist/lib/resources/aws/database/rdsProxyOutput.d.ts +7 -0
- package/dist/lib/resources/aws/database/rdsProxyOutput.js +18 -0
- package/dist/lib/resources/aws/iam/index.d.ts +0 -1
- package/dist/lib/resources/aws/iam/index.js +1 -2
- package/dist/lib/resources/aws/index.d.ts +0 -1
- package/dist/lib/resources/aws/index.js +1 -2
- package/dist/lib/resources/aws/logging/cloudTrail.js +13 -3
- package/dist/lib/resources/aws/logging/index.d.ts +2 -0
- package/dist/lib/resources/aws/logging/index.js +19 -0
- package/dist/lib/resources/aws/messaging/index.d.ts +3 -2
- package/dist/lib/resources/aws/messaging/index.js +4 -3
- package/dist/lib/resources/aws/messaging/sqs.js +14 -11
- package/dist/lib/resources/aws/messaging/utils.d.ts +1 -2
- package/dist/lib/resources/aws/messaging/utils.js +3 -4
- package/dist/lib/resources/aws/monitoring/index.d.ts +0 -1
- package/dist/lib/resources/aws/monitoring/index.js +4 -17
- package/dist/lib/resources/aws/networking/hostedZone.d.ts +28 -0
- package/dist/lib/resources/aws/networking/hostedZone.js +153 -0
- package/dist/lib/resources/aws/networking/index.d.ts +2 -0
- package/dist/lib/resources/aws/networking/index.js +3 -1
- package/dist/lib/resources/aws/networking/ipamPool.js +57 -31
- package/dist/lib/resources/aws/networking/securityGroup.d.ts +5 -0
- package/dist/lib/resources/aws/networking/securityGroup.js +14 -0
- package/dist/lib/resources/aws/networking/vpc.js +9 -4
- package/dist/lib/resources/aws/organisation/costAllocationTagActivator.d.ts +17 -0
- package/dist/lib/resources/aws/organisation/costAllocationTagActivator.js +66 -0
- package/dist/lib/resources/aws/organisation/index.d.ts +1 -0
- package/dist/lib/resources/aws/organisation/index.js +4 -2
- package/dist/lib/resources/aws/secrets/index.d.ts +0 -1
- package/dist/lib/resources/aws/secrets/index.js +1 -2
- package/dist/lib/resources/aws/storage/ecr.d.ts +0 -1
- package/dist/lib/resources/aws/storage/ecr.js +5 -5
- package/dist/lib/resources/aws/storage/s3.d.ts +3 -3
- package/dist/lib/resources/aws/storage/s3.js +1 -1
- package/dist/lib/resources/aws/utilities/index.d.ts +5 -0
- package/dist/lib/resources/aws/utilities/index.js +22 -0
- package/dist/lib/utils/backupTierMapping.d.ts +11 -0
- package/dist/lib/utils/backupTierMapping.js +17 -0
- package/dist/lib/utils/capitaliseString.d.ts +6 -0
- package/dist/lib/utils/capitaliseString.js +10 -1
- package/dist/lib/utils/connections.d.ts +46 -0
- package/dist/lib/utils/connections.js +159 -0
- package/dist/lib/utils/connector.d.ts +183 -0
- package/dist/lib/utils/connector.js +117 -0
- package/dist/lib/utils/databaseTypes.d.ts +85 -0
- package/dist/lib/utils/databaseTypes.js +34 -0
- package/dist/lib/utils/env.d.ts +42 -0
- package/dist/lib/utils/env.js +128 -0
- package/dist/lib/utils/getConfig.d.ts +0 -5
- package/dist/lib/utils/getConfig.js +1 -4
- package/dist/lib/utils/index.d.ts +6 -0
- package/dist/lib/utils/index.js +7 -1
- package/dist/lib/utils/removalPolicy.d.ts +2 -0
- package/dist/lib/utils/removalPolicy.js +16 -0
- package/dist/lib/utils/standardTagsAspect.d.ts +4 -0
- package/dist/lib/utils/standardTagsAspect.js +8 -8
- package/dist/lib/utils/vpcUtils.d.ts +14 -0
- package/dist/lib/utils/vpcUtils.js +28 -0
- package/package.json +6 -6
|
@@ -21,12 +21,11 @@ exports.EcrFactory = EcrFactory;
|
|
|
21
21
|
class Ecr extends aws_ecr_1.Repository {
|
|
22
22
|
constructor(scope, id, props) {
|
|
23
23
|
super(scope, id, Ecr.getRepositoryProps(props));
|
|
24
|
-
this
|
|
25
|
-
this.outputs.push(new aws_cdk_lib_1.CfnOutput(this, `${id}RepositoryName`, {
|
|
24
|
+
new aws_cdk_lib_1.CfnOutput(this, `${id}RepositoryName`, {
|
|
26
25
|
key: `${id}RepositoryName`,
|
|
27
26
|
value: this.repositoryName,
|
|
28
27
|
exportName: `${id}RepositoryName`
|
|
29
|
-
})
|
|
28
|
+
});
|
|
30
29
|
}
|
|
31
30
|
static getRepositoryProps(props) {
|
|
32
31
|
// todo: lifeCycleRules
|
|
@@ -35,7 +34,8 @@ class Ecr extends aws_ecr_1.Repository {
|
|
|
35
34
|
...(props?.repositoryName && { repositoryName: props.repositoryName }),
|
|
36
35
|
imageScanOnPush: true,
|
|
37
36
|
imageTagMutability: aws_ecr_1.TagMutability.MUTABLE,
|
|
38
|
-
|
|
37
|
+
emptyOnDelete: true,
|
|
38
|
+
removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY
|
|
39
39
|
};
|
|
40
40
|
}
|
|
41
41
|
static build(id, props) {
|
|
@@ -43,4 +43,4 @@ class Ecr extends aws_ecr_1.Repository {
|
|
|
43
43
|
}
|
|
44
44
|
}
|
|
45
45
|
exports.Ecr = Ecr;
|
|
46
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
46
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZWNyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vbGliL3Jlc291cmNlcy9hd3Mvc3RvcmFnZS9lY3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQ0EsaURBSTZCO0FBQzdCLDZDQUF1RDtBQVV2RCxNQUFhLFVBQVU7SUFDckIsTUFBTSxDQUFDLEtBQUssQ0FBQyxFQUFVLEVBQUUsS0FBZ0I7UUFDdkMsT0FBTyxDQUFDLEdBQVEsRUFBRSxLQUFnQixFQUFFLEVBQUU7WUFDcEMsTUFBTSxRQUFRLEdBQUcsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUM3QixNQUFNLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLFFBQVEsQ0FBQyxDQUFDO1lBRXpDLG9FQUFvRTtZQUNwRSxNQUFNLFdBQVcsR0FBZ0I7Z0JBQy9CLGNBQWMsRUFBRSxHQUFHLENBQUMsY0FBYzthQUNuQyxDQUFDO1lBQ0YsR0FBRyxDQUFDLG9CQUFvQixFQUFFLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRS9DLE9BQU8sR0FBRyxDQUFDO1FBQ2IsQ0FBQyxDQUFDO0lBQ0osQ0FBQztDQUNGO0FBZkQsZ0NBZUM7QUFFRCxNQUFhLEdBQUksU0FBUSxvQkFBVTtJQUNqQyxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQWdCO1FBQ3hELEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO1FBRWhELElBQUksdUJBQVMsQ0FBQyxJQUFJLEVBQUUsR0FBRyxFQUFFLGdCQUFnQixFQUFFO1lBQ3pDLEdBQUcsRUFBRSxHQUFHLEVBQUUsZ0JBQWdCO1lBQzFCLEtBQUssRUFBRSxJQUFJLENBQUMsY0FBYztZQUMxQixVQUFVLEVBQUUsR0FBRyxFQUFFLGdCQUFnQjtTQUNsQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsTUFBTSxDQUFDLGtCQUFrQixDQUFDLEtBQWdCO1FBQ3hDLHVCQUF1QjtRQUN2QixvRUFBb0U7UUFDcEUsT0FBTztZQUNMLEdBQUcsQ0FBQyxLQUFLLEVBQUUsY0FBYyxJQUFJLEVBQUUsY0FBYyxFQUFFLEtBQUssQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUN0RSxlQUFlLEVBQUUsSUFBSTtZQUNyQixrQkFBa0IsRUFBRSx1QkFBYSxDQUFDLE9BQU87WUFDekMsYUFBYSxFQUFFLElBQUk7WUFDbkIsYUFBYSxFQUFFLDJCQUFhLENBQUMsT0FBTztTQUNyQyxDQUFDO0lBQ0osQ0FBQztJQUVELE1BQU0sQ0FBQyxLQUFLLENBQUMsRUFBVSxFQUFFLEtBQWdCO1FBQ3ZDLE9BQU8sQ0FBQyxLQUFtQixFQUFFLEVBQUUsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxLQUFLLENBQUMsUUFBUSxFQUFFLEVBQUUsRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ3ZFLENBQUM7Q0FDRjtBQTFCRCxrQkEwQkMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyB0eXBlIENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQge1xuICBSZXBvc2l0b3J5LFxuICB0eXBlIFJlcG9zaXRvcnlQcm9wcyxcbiAgVGFnTXV0YWJpbGl0eVxufSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWVjclwiO1xuaW1wb3J0IHsgQ2ZuT3V0cHV0LCBSZW1vdmFsUG9saWN5IH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5cbmltcG9ydCB0eXBlIEFwcCBmcm9tIFwiLi4vLi4vLi4vYXBwXCI7XG5pbXBvcnQgeyB0eXBlIFN0YWNrQnVpbGRlciB9IGZyb20gXCIuLi9iYXNlL2F3c1N0YWNrXCI7XG5pbXBvcnQgeyB0eXBlIE1hbmlmZXN0RWNyIH0gZnJvbSBcIi4uLy4uLy4uL3V0aWxzL21hbmlmZXN0V3JpdGVyLmpzXCI7XG5cbmludGVyZmFjZSBFY3JQcm9wcyB7XG4gIHJlcG9zaXRvcnlOYW1lPzogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgRWNyRmFjdG9yeSB7XG4gIHN0YXRpYyBidWlsZChpZDogc3RyaW5nLCBwcm9wcz86IEVjclByb3BzKSB7XG4gICAgcmV0dXJuIChhcHA6IEFwcCwgc2NvcGU6IENvbnN0cnVjdCkgPT4ge1xuICAgICAgY29uc3QgZWNyUHJvcHMgPSBwcm9wcyA/PyB7fTtcbiAgICAgIGNvbnN0IGVjciA9IG5ldyBFY3Ioc2NvcGUsIGlkLCBlY3JQcm9wcyk7XG5cbiAgICAgIC8vIFJlZ2lzdGVyIEVDUiByZXBvc2l0b3J5IHdpdGggbWFuaWZlc3QgY29sbGVjdG9yIGZvciBDTEkgZGlzY292ZXJ5XG4gICAgICBjb25zdCBtYW5pZmVzdEVjcjogTWFuaWZlc3RFY3IgPSB7XG4gICAgICAgIHJlcG9zaXRvcnlOYW1lOiBlY3IucmVwb3NpdG9yeU5hbWVcbiAgICAgIH07XG4gICAgICBhcHAuZ2V0TWFuaWZlc3RDb2xsZWN0b3IoKS5zZXRFY3IobWFuaWZlc3RFY3IpO1xuXG4gICAgICByZXR1cm4gZWNyO1xuICAgIH07XG4gIH1cbn1cblxuZXhwb3J0IGNsYXNzIEVjciBleHRlbmRzIFJlcG9zaXRvcnkge1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wcz86IEVjclByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkLCBFY3IuZ2V0UmVwb3NpdG9yeVByb3BzKHByb3BzKSk7XG5cbiAgICBuZXcgQ2ZuT3V0cHV0KHRoaXMsIGAke2lkfVJlcG9zaXRvcnlOYW1lYCwge1xuICAgICAga2V5OiBgJHtpZH1SZXBvc2l0b3J5TmFtZWAsXG4gICAgICB2YWx1ZTogdGhpcy5yZXBvc2l0b3J5TmFtZSxcbiAgICAgIGV4cG9ydE5hbWU6IGAke2lkfVJlcG9zaXRvcnlOYW1lYFxuICAgIH0pO1xuICB9XG5cbiAgc3RhdGljIGdldFJlcG9zaXRvcnlQcm9wcyhwcm9wcz86IEVjclByb3BzKTogUmVwb3NpdG9yeVByb3BzIHtcbiAgICAvLyB0b2RvOiBsaWZlQ3ljbGVSdWxlc1xuICAgIC8vIHRvZG86IEVuY3J5cHRpb24gJiBFbmNyeXB0aW9uS2V5IChkZWZhdWx0IGlzIEFXUyBtYW5hZ2VkIEtNUyBrZXkpXG4gICAgcmV0dXJuIHtcbiAgICAgIC4uLihwcm9wcz8ucmVwb3NpdG9yeU5hbWUgJiYgeyByZXBvc2l0b3J5TmFtZTogcHJvcHMucmVwb3NpdG9yeU5hbWUgfSksXG4gICAgICBpbWFnZVNjYW5PblB1c2g6IHRydWUsXG4gICAgICBpbWFnZVRhZ011dGFiaWxpdHk6IFRhZ011dGFiaWxpdHkuTVVUQUJMRSxcbiAgICAgIGVtcHR5T25EZWxldGU6IHRydWUsXG4gICAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1lcbiAgICB9O1xuICB9XG5cbiAgc3RhdGljIGJ1aWxkKGlkOiBzdHJpbmcsIHByb3BzPzogRWNyUHJvcHMpOiAoc2NvcGU6IFN0YWNrQnVpbGRlcikgPT4gRWNyIHtcbiAgICByZXR1cm4gKHNjb3BlOiBTdGFja0J1aWxkZXIpID0+IG5ldyBFY3Ioc2NvcGUuZ2V0U3RhY2soKSwgaWQsIHByb3BzKTtcbiAgfVxufVxuIl19
|
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
import { Bucket, type BucketProps } from "aws-cdk-lib/aws-s3";
|
|
2
2
|
import { type Construct } from "constructs";
|
|
3
|
-
|
|
3
|
+
import { type BackupTier } from "../../../utils/backupTierMapping";
|
|
4
4
|
export interface WebsiteHostingConfig {
|
|
5
5
|
readonly indexDocument: string;
|
|
6
6
|
readonly errorDocument?: string;
|
|
7
7
|
}
|
|
8
8
|
export interface S3BucketProps extends BucketProps {
|
|
9
|
-
backupVaultTier?:
|
|
9
|
+
backupVaultTier?: BackupTier;
|
|
10
10
|
publicReadAccess?: boolean;
|
|
11
11
|
websiteHosting?: WebsiteHostingConfig;
|
|
12
12
|
}
|
|
13
13
|
export declare class S3Bucket extends Bucket {
|
|
14
|
-
readonly backupVaultTier?:
|
|
14
|
+
readonly backupVaultTier?: BackupTier;
|
|
15
15
|
constructor(scope: Construct, id: string, props?: S3BucketProps);
|
|
16
16
|
}
|
|
@@ -39,4 +39,4 @@ class S3Bucket extends aws_s3_1.Bucket {
|
|
|
39
39
|
}
|
|
40
40
|
}
|
|
41
41
|
exports.S3Bucket = S3Bucket;
|
|
42
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
42
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiczMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi9saWIvcmVzb3VyY2VzL2F3cy9zdG9yYWdlL3MzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDZDQUFzRDtBQUN0RCwrQ0FJNEI7QUFlNUIsU0FBUyxpQkFBaUIsQ0FBQyxJQUFpQjtJQUMxQyxPQUFPLElBQUksS0FBSyxXQUFXLElBQUksSUFBSSxLQUFLLFlBQVksQ0FBQztBQUN2RCxDQUFDO0FBRUQsTUFBYSxRQUFTLFNBQVEsZUFBTTtJQUdsQyxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLFFBQXVCLEVBQUU7UUFDakUsTUFBTSxFQUFFLGNBQWMsRUFBRSxlQUFlLEVBQUUsR0FBRyxRQUFRLEVBQUUsR0FBRyxLQUFLLENBQUM7UUFDL0QsTUFBTSxRQUFRLEdBQ1osS0FBSyxDQUFDLGdCQUFnQixLQUFLLElBQUksSUFBSSxjQUFjLEtBQUssU0FBUyxDQUFDO1FBQ2xFLE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxhQUFhLEtBQUssMkJBQWEsQ0FBQyxNQUFNLENBQUM7UUFDaEUsTUFBTSxTQUFTLEdBQUcsS0FBSyxDQUFDLFNBQVMsSUFBSSxpQkFBaUIsQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUV4RSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRTtZQUNmLEdBQUcsUUFBUTtZQUNYLFVBQVUsRUFBRSxJQUFJO1lBQ2hCLGlCQUFpQixFQUFFLENBQUMsVUFBVTtZQUM5QixhQUFhLEVBQUUsS0FBSyxDQUFDLGFBQWEsSUFBSSwyQkFBYSxDQUFDLE9BQU87WUFFM0QsZ0JBQWdCLEVBQUUsUUFBUTtZQUMxQixHQUFHLENBQUMsUUFBUSxJQUFJO2dCQUNkLGlCQUFpQixFQUFFLElBQUksMEJBQWlCLENBQUM7b0JBQ3ZDLGVBQWUsRUFBRSxLQUFLO29CQUN0QixpQkFBaUIsRUFBRSxLQUFLO29CQUN4QixnQkFBZ0IsRUFBRSxLQUFLO29CQUN2QixxQkFBcUIsRUFBRSxLQUFLO2lCQUM3QixDQUFDO2FBQ0gsQ0FBQztZQUVGLEdBQUcsQ0FBQyxjQUFjLElBQUk7Z0JBQ3BCLG9CQUFvQixFQUFFLGNBQWMsQ0FBQyxhQUFhO2dCQUNsRCxvQkFBb0IsRUFBRSxjQUFjLENBQUMsYUFBYSxJQUFJLFlBQVk7YUFDbkUsQ0FBQztZQUVGLFNBQVM7WUFDVCxjQUFjLEVBQ1osU0FBUyxJQUFJLENBQUMsS0FBSyxDQUFDLGNBQWM7Z0JBQ2hDLENBQUMsQ0FBQyxDQUFDLEVBQUUsMkJBQTJCLEVBQUUsc0JBQVEsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxDQUFDO2dCQUNyRSxDQUFDLENBQUMsS0FBSyxDQUFDLGNBQWM7U0FDM0IsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLGVBQWUsR0FBRyxlQUFlLENBQUM7SUFDekMsQ0FBQztDQUNGO0FBeENELDRCQXdDQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IER1cmF0aW9uLCBSZW1vdmFsUG9saWN5IH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQge1xuICBCbG9ja1B1YmxpY0FjY2VzcyxcbiAgQnVja2V0LFxuICB0eXBlIEJ1Y2tldFByb3BzXG59IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczNcIjtcbmltcG9ydCB7IHR5cGUgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCB7IHR5cGUgQmFja3VwVGllciB9IGZyb20gXCIuLi8uLi8uLi91dGlscy9iYWNrdXBUaWVyTWFwcGluZ1wiO1xuXG5leHBvcnQgaW50ZXJmYWNlIFdlYnNpdGVIb3N0aW5nQ29uZmlnIHtcbiAgcmVhZG9ubHkgaW5kZXhEb2N1bWVudDogc3RyaW5nO1xuICByZWFkb25seSBlcnJvckRvY3VtZW50Pzogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFMzQnVja2V0UHJvcHMgZXh0ZW5kcyBCdWNrZXRQcm9wcyB7XG4gIGJhY2t1cFZhdWx0VGllcj86IEJhY2t1cFRpZXI7XG4gIHB1YmxpY1JlYWRBY2Nlc3M/OiBib29sZWFuO1xuICB3ZWJzaXRlSG9zdGluZz86IFdlYnNpdGVIb3N0aW5nQ29uZmlnO1xufVxuXG5mdW5jdGlvbiBzaG91bGRBdXRvVmVyc2lvbih0aWVyPzogQmFja3VwVGllcik6IGJvb2xlYW4ge1xuICByZXR1cm4gdGllciA9PT0gXCJyZXNpbGllbnRcIiB8fCB0aWVyID09PSBcImVudGVycHJpc2VcIjtcbn1cblxuZXhwb3J0IGNsYXNzIFMzQnVja2V0IGV4dGVuZHMgQnVja2V0IHtcbiAgcHVibGljIHJlYWRvbmx5IGJhY2t1cFZhdWx0VGllcj86IEJhY2t1cFRpZXI7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IFMzQnVja2V0UHJvcHMgPSB7fSkge1xuICAgIGNvbnN0IHsgd2Vic2l0ZUhvc3RpbmcsIGJhY2t1cFZhdWx0VGllciwgLi4uY2RrUHJvcHMgfSA9IHByb3BzO1xuICAgIGNvbnN0IGlzUHVibGljID1cbiAgICAgIHByb3BzLnB1YmxpY1JlYWRBY2Nlc3MgPT09IHRydWUgfHwgd2Vic2l0ZUhvc3RpbmcgIT09IHVuZGVmaW5lZDtcbiAgICBjb25zdCBpc1JldGFpbmVkID0gcHJvcHMucmVtb3ZhbFBvbGljeSA9PT0gUmVtb3ZhbFBvbGljeS5SRVRBSU47XG4gICAgY29uc3QgdmVyc2lvbmVkID0gcHJvcHMudmVyc2lvbmVkID8/IHNob3VsZEF1dG9WZXJzaW9uKGJhY2t1cFZhdWx0VGllcik7XG5cbiAgICBzdXBlcihzY29wZSwgaWQsIHtcbiAgICAgIC4uLmNka1Byb3BzLFxuICAgICAgZW5mb3JjZVNTTDogdHJ1ZSxcbiAgICAgIGF1dG9EZWxldGVPYmplY3RzOiAhaXNSZXRhaW5lZCxcbiAgICAgIHJlbW92YWxQb2xpY3k6IHByb3BzLnJlbW92YWxQb2xpY3kgPz8gUmVtb3ZhbFBvbGljeS5ERVNUUk9ZLFxuXG4gICAgICBwdWJsaWNSZWFkQWNjZXNzOiBpc1B1YmxpYyxcbiAgICAgIC4uLihpc1B1YmxpYyAmJiB7XG4gICAgICAgIGJsb2NrUHVibGljQWNjZXNzOiBuZXcgQmxvY2tQdWJsaWNBY2Nlc3Moe1xuICAgICAgICAgIGJsb2NrUHVibGljQWNsczogZmFsc2UsXG4gICAgICAgICAgYmxvY2tQdWJsaWNQb2xpY3k6IGZhbHNlLFxuICAgICAgICAgIGlnbm9yZVB1YmxpY0FjbHM6IGZhbHNlLFxuICAgICAgICAgIHJlc3RyaWN0UHVibGljQnVja2V0czogZmFsc2VcbiAgICAgICAgfSlcbiAgICAgIH0pLFxuXG4gICAgICAuLi4od2Vic2l0ZUhvc3RpbmcgJiYge1xuICAgICAgICB3ZWJzaXRlSW5kZXhEb2N1bWVudDogd2Vic2l0ZUhvc3RpbmcuaW5kZXhEb2N1bWVudCxcbiAgICAgICAgd2Vic2l0ZUVycm9yRG9jdW1lbnQ6IHdlYnNpdGVIb3N0aW5nLmVycm9yRG9jdW1lbnQgPz8gXCJlcnJvci5odG1sXCJcbiAgICAgIH0pLFxuXG4gICAgICB2ZXJzaW9uZWQsXG4gICAgICBsaWZlY3ljbGVSdWxlczpcbiAgICAgICAgdmVyc2lvbmVkICYmICFwcm9wcy5saWZlY3ljbGVSdWxlc1xuICAgICAgICAgID8gW3sgbm9uY3VycmVudFZlcnNpb25FeHBpcmF0aW9uOiBEdXJhdGlvbi5kYXlzKDMwKSwgZW5hYmxlZDogdHJ1ZSB9XVxuICAgICAgICAgIDogcHJvcHMubGlmZWN5Y2xlUnVsZXNcbiAgICB9KTtcblxuICAgIHRoaXMuYmFja3VwVmF1bHRUaWVyID0gYmFja3VwVmF1bHRUaWVyO1xuICB9XG59XG4iXX0=
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./awsCustomResource"), exports);
|
|
18
|
+
__exportStar(require("./codeBuild"), exports);
|
|
19
|
+
__exportStar(require("./customResource"), exports);
|
|
20
|
+
__exportStar(require("./customResourceProvider"), exports);
|
|
21
|
+
__exportStar(require("./resourceShare"), exports);
|
|
22
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi9saWIvcmVzb3VyY2VzL2F3cy91dGlsaXRpZXMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLHNEQUFvQztBQUNwQyw4Q0FBNEI7QUFDNUIsbURBQWlDO0FBQ2pDLDJEQUF5QztBQUN6QyxrREFBZ0MiLCJzb3VyY2VzQ29udGVudCI6WyJleHBvcnQgKiBmcm9tIFwiLi9hd3NDdXN0b21SZXNvdXJjZVwiO1xuZXhwb3J0ICogZnJvbSBcIi4vY29kZUJ1aWxkXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9jdXN0b21SZXNvdXJjZVwiO1xuZXhwb3J0ICogZnJvbSBcIi4vY3VzdG9tUmVzb3VyY2VQcm92aWRlclwiO1xuZXhwb3J0ICogZnJvbSBcIi4vcmVzb3VyY2VTaGFyZVwiO1xuIl19
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/** Tag key used by AWS Backup plan selection rules */
|
|
2
|
+
export declare const BACKUP_TIER_TAG_KEY = "fjall:disasterRecovery:tier";
|
|
3
|
+
/** Valid backup tier names */
|
|
4
|
+
export type BackupTier = "standard" | "resilient" | "enterprise";
|
|
5
|
+
/**
|
|
6
|
+
* Shared mapping from application backup tier names to AWS Backup plan tag values.
|
|
7
|
+
*
|
|
8
|
+
* Used by both App.applyBackupTag() (app-level tag) and StandardTagsAspect
|
|
9
|
+
* (per-resource override tag) to ensure consistent tier → tag translation.
|
|
10
|
+
*/
|
|
11
|
+
export declare const BACKUP_TIER_TAG_MAP: Readonly<Record<BackupTier, string>>;
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.BACKUP_TIER_TAG_MAP = exports.BACKUP_TIER_TAG_KEY = void 0;
|
|
4
|
+
/** Tag key used by AWS Backup plan selection rules */
|
|
5
|
+
exports.BACKUP_TIER_TAG_KEY = "fjall:disasterRecovery:tier";
|
|
6
|
+
/**
|
|
7
|
+
* Shared mapping from application backup tier names to AWS Backup plan tag values.
|
|
8
|
+
*
|
|
9
|
+
* Used by both App.applyBackupTag() (app-level tag) and StandardTagsAspect
|
|
10
|
+
* (per-resource override tag) to ensure consistent tier → tag translation.
|
|
11
|
+
*/
|
|
12
|
+
exports.BACKUP_TIER_TAG_MAP = Object.freeze({
|
|
13
|
+
standard: "default",
|
|
14
|
+
resilient: "resilient",
|
|
15
|
+
enterprise: "enterprise"
|
|
16
|
+
});
|
|
17
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmFja3VwVGllck1hcHBpbmcuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9saWIvdXRpbHMvYmFja3VwVGllck1hcHBpbmcudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsc0RBQXNEO0FBQ3pDLFFBQUEsbUJBQW1CLEdBQUcsNkJBQTZCLENBQUM7QUFLakU7Ozs7O0dBS0c7QUFDVSxRQUFBLG1CQUFtQixHQUM5QixNQUFNLENBQUMsTUFBTSxDQUFDO0lBQ1osUUFBUSxFQUFFLFNBQVM7SUFDbkIsU0FBUyxFQUFFLFdBQVc7SUFDdEIsVUFBVSxFQUFFLFlBQVk7Q0FDekIsQ0FBQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqIFRhZyBrZXkgdXNlZCBieSBBV1MgQmFja3VwIHBsYW4gc2VsZWN0aW9uIHJ1bGVzICovXG5leHBvcnQgY29uc3QgQkFDS1VQX1RJRVJfVEFHX0tFWSA9IFwiZmphbGw6ZGlzYXN0ZXJSZWNvdmVyeTp0aWVyXCI7XG5cbi8qKiBWYWxpZCBiYWNrdXAgdGllciBuYW1lcyAqL1xuZXhwb3J0IHR5cGUgQmFja3VwVGllciA9IFwic3RhbmRhcmRcIiB8IFwicmVzaWxpZW50XCIgfCBcImVudGVycHJpc2VcIjtcblxuLyoqXG4gKiBTaGFyZWQgbWFwcGluZyBmcm9tIGFwcGxpY2F0aW9uIGJhY2t1cCB0aWVyIG5hbWVzIHRvIEFXUyBCYWNrdXAgcGxhbiB0YWcgdmFsdWVzLlxuICpcbiAqIFVzZWQgYnkgYm90aCBBcHAuYXBwbHlCYWNrdXBUYWcoKSAoYXBwLWxldmVsIHRhZykgYW5kIFN0YW5kYXJkVGFnc0FzcGVjdFxuICogKHBlci1yZXNvdXJjZSBvdmVycmlkZSB0YWcpIHRvIGVuc3VyZSBjb25zaXN0ZW50IHRpZXIg4oaSIHRhZyB0cmFuc2xhdGlvbi5cbiAqL1xuZXhwb3J0IGNvbnN0IEJBQ0tVUF9USUVSX1RBR19NQVA6IFJlYWRvbmx5PFJlY29yZDxCYWNrdXBUaWVyLCBzdHJpbmc+PiA9XG4gIE9iamVjdC5mcmVlemUoe1xuICAgIHN0YW5kYXJkOiBcImRlZmF1bHRcIixcbiAgICByZXNpbGllbnQ6IFwicmVzaWxpZW50XCIsXG4gICAgZW50ZXJwcmlzZTogXCJlbnRlcnByaXNlXCJcbiAgfSk7XG4iXX0=
|
|
@@ -10,3 +10,9 @@ export declare function toPascalCase(name: string): string;
|
|
|
10
10
|
* e.g., "MyApp" -> "my-app", "AWSLambda" -> "aws-lambda", "myApp" -> "my-app"
|
|
11
11
|
*/
|
|
12
12
|
export declare function toKebab(str: string): string;
|
|
13
|
+
/**
|
|
14
|
+
* Convert a name to a valid RDS database name (snake_case).
|
|
15
|
+
* RDS API allows letters, numbers, and underscores for PostgreSQL/MySQL DatabaseName.
|
|
16
|
+
* Hyphens are rejected, so convert them to underscores.
|
|
17
|
+
*/
|
|
18
|
+
export declare function toValidDatabaseName(name: string): string;
|
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.capitaliseString = capitaliseString;
|
|
4
4
|
exports.toPascalCase = toPascalCase;
|
|
5
5
|
exports.toKebab = toKebab;
|
|
6
|
+
exports.toValidDatabaseName = toValidDatabaseName;
|
|
6
7
|
function capitaliseString(string) {
|
|
7
8
|
return String(string).charAt(0).toUpperCase() + String(string).slice(1);
|
|
8
9
|
}
|
|
@@ -27,4 +28,12 @@ function toKebab(str) {
|
|
|
27
28
|
.replace(/[\s_]+/g, "-")
|
|
28
29
|
.toLowerCase();
|
|
29
30
|
}
|
|
30
|
-
|
|
31
|
+
/**
|
|
32
|
+
* Convert a name to a valid RDS database name (snake_case).
|
|
33
|
+
* RDS API allows letters, numbers, and underscores for PostgreSQL/MySQL DatabaseName.
|
|
34
|
+
* Hyphens are rejected, so convert them to underscores.
|
|
35
|
+
*/
|
|
36
|
+
function toValidDatabaseName(name) {
|
|
37
|
+
return toKebab(name).replace(/-/g, "_");
|
|
38
|
+
}
|
|
39
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2FwaXRhbGlzZVN0cmluZy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL2xpYi91dGlscy9jYXBpdGFsaXNlU3RyaW5nLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsNENBRUM7QUFNRCxvQ0FJQztBQU9ELDBCQU1DO0FBT0Qsa0RBRUM7QUFsQ0QsU0FBZ0IsZ0JBQWdCLENBQUMsTUFBYztJQUM3QyxPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsV0FBVyxFQUFFLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztBQUMxRSxDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsU0FBZ0IsWUFBWSxDQUFDLElBQVk7SUFDdkMsT0FBTyxJQUFJO1NBQ1IsT0FBTyxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztTQUM5QyxPQUFPLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQztBQUMzQyxDQUFDO0FBRUQ7Ozs7R0FJRztBQUNILFNBQWdCLE9BQU8sQ0FBQyxHQUFXO0lBQ2pDLE9BQU8sR0FBRztTQUNQLE9BQU8sQ0FBQyx1QkFBdUIsRUFBRSxPQUFPLENBQUM7U0FDekMsT0FBTyxDQUFDLG1CQUFtQixFQUFFLE9BQU8sQ0FBQztTQUNyQyxPQUFPLENBQUMsU0FBUyxFQUFFLEdBQUcsQ0FBQztTQUN2QixXQUFXLEVBQUUsQ0FBQztBQUNuQixDQUFDO0FBRUQ7Ozs7R0FJRztBQUNILFNBQWdCLG1CQUFtQixDQUFDLElBQVk7SUFDOUMsT0FBTyxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsQ0FBQztBQUMxQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0IGZ1bmN0aW9uIGNhcGl0YWxpc2VTdHJpbmcoc3RyaW5nOiBzdHJpbmcpOiBzdHJpbmcge1xuICByZXR1cm4gU3RyaW5nKHN0cmluZykuY2hhckF0KDApLnRvVXBwZXJDYXNlKCkgKyBTdHJpbmcoc3RyaW5nKS5zbGljZSgxKTtcbn1cblxuLyoqXG4gKiBDb252ZXJ0IGEga2ViYWItY2FzZSBvciBzbmFrZV9jYXNlIG5hbWUgdG8gUGFzY2FsQ2FzZS5cbiAqIGUuZy4sIFwibXktYXBwXCIgLT4gXCJNeUFwcFwiLCBcIm15X2FwcFwiIC0+IFwiTXlBcHBcIlxuICovXG5leHBvcnQgZnVuY3Rpb24gdG9QYXNjYWxDYXNlKG5hbWU6IHN0cmluZyk6IHN0cmluZyB7XG4gIHJldHVybiBuYW1lXG4gICAgLnJlcGxhY2UoL1stX10oLikvZywgKF8sIGMpID0+IGMudG9VcHBlckNhc2UoKSlcbiAgICAucmVwbGFjZSgvXi4vLCAoYykgPT4gYy50b1VwcGVyQ2FzZSgpKTtcbn1cblxuLyoqXG4gKiBDb252ZXJ0IGFueSBjYXNlIChQYXNjYWxDYXNlLCBjYW1lbENhc2UsIGtlYmFiLWNhc2UsIHNuYWtlX2Nhc2UpIHRvIGtlYmFiLWNhc2UuXG4gKiBUaHJlZS1wYXNzIHJlZ2V4OiBzcGxpdCBhY3Jvbnltcywgc3BsaXQgY2FtZWwgYm91bmRhcmllcywgcmVwbGFjZSBzZXBhcmF0b3JzLlxuICogZS5nLiwgXCJNeUFwcFwiIC0+IFwibXktYXBwXCIsIFwiQVdTTGFtYmRhXCIgLT4gXCJhd3MtbGFtYmRhXCIsIFwibXlBcHBcIiAtPiBcIm15LWFwcFwiXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiB0b0tlYmFiKHN0cjogc3RyaW5nKTogc3RyaW5nIHtcbiAgcmV0dXJuIHN0clxuICAgIC5yZXBsYWNlKC8oW0EtWl0rKShbQS1aXVthLXpdKS9nLCBcIiQxLSQyXCIpXG4gICAgLnJlcGxhY2UoLyhbYS16XFxkXSkoW0EtWl0pL2csIFwiJDEtJDJcIilcbiAgICAucmVwbGFjZSgvW1xcc19dKy9nLCBcIi1cIilcbiAgICAudG9Mb3dlckNhc2UoKTtcbn1cblxuLyoqXG4gKiBDb252ZXJ0IGEgbmFtZSB0byBhIHZhbGlkIFJEUyBkYXRhYmFzZSBuYW1lIChzbmFrZV9jYXNlKS5cbiAqIFJEUyBBUEkgYWxsb3dzIGxldHRlcnMsIG51bWJlcnMsIGFuZCB1bmRlcnNjb3JlcyBmb3IgUG9zdGdyZVNRTC9NeVNRTCBEYXRhYmFzZU5hbWUuXG4gKiBIeXBoZW5zIGFyZSByZWplY3RlZCwgc28gY29udmVydCB0aGVtIHRvIHVuZGVyc2NvcmVzLlxuICovXG5leHBvcnQgZnVuY3Rpb24gdG9WYWxpZERhdGFiYXNlTmFtZShuYW1lOiBzdHJpbmcpOiBzdHJpbmcge1xuICByZXR1cm4gdG9LZWJhYihuYW1lKS5yZXBsYWNlKC8tL2csIFwiX1wiKTtcbn1cbiJdfQ==
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shared connection processor for unified connector interface.
|
|
3
|
+
*
|
|
4
|
+
* This module provides the `processConnections` function that handles
|
|
5
|
+
* both security group rules (IConnectable) and IAM grants (IGrantable)
|
|
6
|
+
* in a unified way.
|
|
7
|
+
*
|
|
8
|
+
* @example
|
|
9
|
+
* // In ECS service setup
|
|
10
|
+
* processConnections(
|
|
11
|
+
* serviceProps.connections,
|
|
12
|
+
* serviceData.taskRole, // IGrantable for IAM
|
|
13
|
+
* service // IConnectable for security groups
|
|
14
|
+
* );
|
|
15
|
+
*
|
|
16
|
+
* @example
|
|
17
|
+
* // In Lambda setup
|
|
18
|
+
* processConnections(
|
|
19
|
+
* props.connections,
|
|
20
|
+
* this.lambdaFunction, // IGrantable (execution role)
|
|
21
|
+
* this.lambdaFunction // IConnectable (security group)
|
|
22
|
+
* );
|
|
23
|
+
*/
|
|
24
|
+
import { type IConnectable } from "aws-cdk-lib/aws-ec2";
|
|
25
|
+
import { type IGrantable } from "aws-cdk-lib/aws-iam";
|
|
26
|
+
import { type ConnectionSpec, type ConnectionResult } from "./connector.js";
|
|
27
|
+
/**
|
|
28
|
+
* Process connections from compute resources to data resources.
|
|
29
|
+
*
|
|
30
|
+
* Handles the unified connector interface, dispatching to:
|
|
31
|
+
* - Security group rules for IConnectable and ISecurityGroupConnector resources
|
|
32
|
+
* - IAM grants for IStorageConnector, IDynamoDBConnector, and IQueueConnector resources
|
|
33
|
+
*
|
|
34
|
+
* @param connections - Array of connection specifications
|
|
35
|
+
* @param grantee - The IAM grantee (task role, execution role, etc.)
|
|
36
|
+
* @param connectable - Optional IConnectable for security group rules
|
|
37
|
+
* @returns Array of connection results
|
|
38
|
+
*
|
|
39
|
+
* @example
|
|
40
|
+
* processConnections(
|
|
41
|
+
* [database, { resource: bucket, access: "read" }, queue],
|
|
42
|
+
* taskRole,
|
|
43
|
+
* service
|
|
44
|
+
* );
|
|
45
|
+
*/
|
|
46
|
+
export declare function processConnections(connections: ConnectionSpec[], grantee: IGrantable, connectable?: IConnectable): ConnectionResult[];
|
|
@@ -0,0 +1,159 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Shared connection processor for unified connector interface.
|
|
4
|
+
*
|
|
5
|
+
* This module provides the `processConnections` function that handles
|
|
6
|
+
* both security group rules (IConnectable) and IAM grants (IGrantable)
|
|
7
|
+
* in a unified way.
|
|
8
|
+
*
|
|
9
|
+
* @example
|
|
10
|
+
* // In ECS service setup
|
|
11
|
+
* processConnections(
|
|
12
|
+
* serviceProps.connections,
|
|
13
|
+
* serviceData.taskRole, // IGrantable for IAM
|
|
14
|
+
* service // IConnectable for security groups
|
|
15
|
+
* );
|
|
16
|
+
*
|
|
17
|
+
* @example
|
|
18
|
+
* // In Lambda setup
|
|
19
|
+
* processConnections(
|
|
20
|
+
* props.connections,
|
|
21
|
+
* this.lambdaFunction, // IGrantable (execution role)
|
|
22
|
+
* this.lambdaFunction // IConnectable (security group)
|
|
23
|
+
* );
|
|
24
|
+
*/
|
|
25
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
+
exports.processConnections = processConnections;
|
|
27
|
+
const connector_js_1 = require("./connector.js");
|
|
28
|
+
/** Default access levels for each connector type. */
|
|
29
|
+
const DEFAULT_ACCESS = {
|
|
30
|
+
storage: "readWrite",
|
|
31
|
+
dynamodb: "readWrite",
|
|
32
|
+
queue: "full"
|
|
33
|
+
};
|
|
34
|
+
/** Grant storage access based on access level. */
|
|
35
|
+
function processStorageConnection(connector, grantee, access) {
|
|
36
|
+
switch (access) {
|
|
37
|
+
case "read":
|
|
38
|
+
return connector.grantRead(grantee);
|
|
39
|
+
case "write":
|
|
40
|
+
return connector.grantWrite(grantee);
|
|
41
|
+
case "readWrite":
|
|
42
|
+
return connector.grantReadWrite(grantee);
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
/** Grant DynamoDB access based on access level. */
|
|
46
|
+
function processDynamoDBConnection(connector, grantee, access) {
|
|
47
|
+
switch (access) {
|
|
48
|
+
case "read":
|
|
49
|
+
return connector.grantReadData(grantee);
|
|
50
|
+
case "write":
|
|
51
|
+
return connector.grantWriteData(grantee);
|
|
52
|
+
case "readWrite":
|
|
53
|
+
return connector.grantReadWriteData(grantee);
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
/** Grant queue access based on access level. */
|
|
57
|
+
function processQueueConnection(connector, grantee, access) {
|
|
58
|
+
switch (access) {
|
|
59
|
+
case "send":
|
|
60
|
+
return connector.grantSendMessages(grantee);
|
|
61
|
+
case "consume":
|
|
62
|
+
return connector.grantConsumeMessages(grantee);
|
|
63
|
+
case "full":
|
|
64
|
+
return connector.grantFull(grantee);
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
/** Build an IAM connection result. */
|
|
68
|
+
function buildIamResult(connector, grant) {
|
|
69
|
+
return { resource: connector, grant, connectionType: connector_js_1.CONNECTION_TYPE.IAM };
|
|
70
|
+
}
|
|
71
|
+
/** Build a security group connection result. */
|
|
72
|
+
function buildSecurityGroupResult(resource) {
|
|
73
|
+
return { resource, connectionType: connector_js_1.CONNECTION_TYPE.SECURITY_GROUP };
|
|
74
|
+
}
|
|
75
|
+
/** Validate and narrow access type for storage/dynamodb connectors. */
|
|
76
|
+
function validateConnectionAccess(access, connectorType, defaultAccess) {
|
|
77
|
+
if (access === undefined)
|
|
78
|
+
return defaultAccess;
|
|
79
|
+
if ((0, connector_js_1.isConnectionAccess)(access))
|
|
80
|
+
return access;
|
|
81
|
+
throw new Error(`Invalid access "${access}" for ${connectorType} connector. ` +
|
|
82
|
+
`Valid values: read, write, readWrite`);
|
|
83
|
+
}
|
|
84
|
+
/** Validate and narrow access type for queue connectors. */
|
|
85
|
+
function validateMessagingAccess(access, defaultAccess) {
|
|
86
|
+
if (access === undefined)
|
|
87
|
+
return defaultAccess;
|
|
88
|
+
if ((0, connector_js_1.isMessagingAccess)(access))
|
|
89
|
+
return access;
|
|
90
|
+
throw new Error(`Invalid access "${access}" for queue connector. ` +
|
|
91
|
+
`Valid values: send, consume, full`);
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Require IConnectable for security group operations.
|
|
95
|
+
* Throws a descriptive error if not provided.
|
|
96
|
+
*/
|
|
97
|
+
function requireConnectable(connectable, context) {
|
|
98
|
+
if (!connectable) {
|
|
99
|
+
throw new Error(`${context} requires an IConnectable to be provided. ` +
|
|
100
|
+
"Ensure the compute resource (ECS, EC2, Lambda with VPC) implements IConnectable.");
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
/**
|
|
104
|
+
* Process connections from compute resources to data resources.
|
|
105
|
+
*
|
|
106
|
+
* Handles the unified connector interface, dispatching to:
|
|
107
|
+
* - Security group rules for IConnectable and ISecurityGroupConnector resources
|
|
108
|
+
* - IAM grants for IStorageConnector, IDynamoDBConnector, and IQueueConnector resources
|
|
109
|
+
*
|
|
110
|
+
* @param connections - Array of connection specifications
|
|
111
|
+
* @param grantee - The IAM grantee (task role, execution role, etc.)
|
|
112
|
+
* @param connectable - Optional IConnectable for security group rules
|
|
113
|
+
* @returns Array of connection results
|
|
114
|
+
*
|
|
115
|
+
* @example
|
|
116
|
+
* processConnections(
|
|
117
|
+
* [database, { resource: bucket, access: "read" }, queue],
|
|
118
|
+
* taskRole,
|
|
119
|
+
* service
|
|
120
|
+
* );
|
|
121
|
+
*/
|
|
122
|
+
function processConnections(connections, grantee, connectable) {
|
|
123
|
+
return connections.map((spec) => {
|
|
124
|
+
const { resource, access } = (0, connector_js_1.isConnectionConfig)(spec)
|
|
125
|
+
? { resource: spec.resource, access: spec.access }
|
|
126
|
+
: { resource: spec, access: undefined };
|
|
127
|
+
// Handle unified connector interface (isConnector now returns AnyConnector)
|
|
128
|
+
if ((0, connector_js_1.isConnector)(resource)) {
|
|
129
|
+
switch (resource.connectorType) {
|
|
130
|
+
case "storage": {
|
|
131
|
+
const validAccess = validateConnectionAccess(access, "storage", DEFAULT_ACCESS.storage);
|
|
132
|
+
return buildIamResult(resource, processStorageConnection(resource, grantee, validAccess));
|
|
133
|
+
}
|
|
134
|
+
case "dynamodb": {
|
|
135
|
+
const validAccess = validateConnectionAccess(access, "dynamodb", DEFAULT_ACCESS.dynamodb);
|
|
136
|
+
return buildIamResult(resource, processDynamoDBConnection(resource, grantee, validAccess));
|
|
137
|
+
}
|
|
138
|
+
case "queue": {
|
|
139
|
+
const validAccess = validateMessagingAccess(access, DEFAULT_ACCESS.queue);
|
|
140
|
+
return buildIamResult(resource, processQueueConnection(resource, grantee, validAccess));
|
|
141
|
+
}
|
|
142
|
+
case "securityGroup":
|
|
143
|
+
case "relational": {
|
|
144
|
+
requireConnectable(connectable, `${resource.connectorType} connector`);
|
|
145
|
+
connectable.connections.allowToDefaultPort(resource);
|
|
146
|
+
return buildSecurityGroupResult(resource);
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
// Legacy IConnectable path
|
|
151
|
+
if ((0, connector_js_1.isConnectable)(resource)) {
|
|
152
|
+
requireConnectable(connectable, "IConnectable resource");
|
|
153
|
+
connectable.connections.allowToDefaultPort(resource);
|
|
154
|
+
return buildSecurityGroupResult(resource);
|
|
155
|
+
}
|
|
156
|
+
throw new Error("Connection resource must be either an IConnector or IConnectable");
|
|
157
|
+
});
|
|
158
|
+
}
|
|
159
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29ubmVjdGlvbnMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9saWIvdXRpbHMvY29ubmVjdGlvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBc0JHOztBQXlKSCxnREF1RUM7QUE1TkQsaURBZXdCO0FBRXhCLHFEQUFxRDtBQUNyRCxNQUFNLGNBQWMsR0FBRztJQUNyQixPQUFPLEVBQUUsV0FBVztJQUNwQixRQUFRLEVBQUUsV0FBVztJQUNyQixLQUFLLEVBQUUsTUFBTTtDQUNMLENBQUM7QUFFWCxrREFBa0Q7QUFDbEQsU0FBUyx3QkFBd0IsQ0FDL0IsU0FBNEIsRUFDNUIsT0FBbUIsRUFDbkIsTUFBd0I7SUFFeEIsUUFBUSxNQUFNLEVBQUUsQ0FBQztRQUNmLEtBQUssTUFBTTtZQUNULE9BQU8sU0FBUyxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0QyxLQUFLLE9BQU87WUFDVixPQUFPLFNBQVMsQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdkMsS0FBSyxXQUFXO1lBQ2QsT0FBTyxTQUFTLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQzdDLENBQUM7QUFDSCxDQUFDO0FBRUQsbURBQW1EO0FBQ25ELFNBQVMseUJBQXlCLENBQ2hDLFNBQTZCLEVBQzdCLE9BQW1CLEVBQ25CLE1BQXdCO0lBRXhCLFFBQVEsTUFBTSxFQUFFLENBQUM7UUFDZixLQUFLLE1BQU07WUFDVCxPQUFPLFNBQVMsQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDMUMsS0FBSyxPQUFPO1lBQ1YsT0FBTyxTQUFTLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzNDLEtBQUssV0FBVztZQUNkLE9BQU8sU0FBUyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQ2pELENBQUM7QUFDSCxDQUFDO0FBRUQsZ0RBQWdEO0FBQ2hELFNBQVMsc0JBQXNCLENBQzdCLFNBQTBCLEVBQzFCLE9BQW1CLEVBQ25CLE1BQXVCO0lBRXZCLFFBQVEsTUFBTSxFQUFFLENBQUM7UUFDZixLQUFLLE1BQU07WUFDVCxPQUFPLFNBQVMsQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUM5QyxLQUFLLFNBQVM7WUFDWixPQUFPLFNBQVMsQ0FBQyxvQkFBb0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNqRCxLQUFLLE1BQU07WUFDVCxPQUFPLFNBQVMsQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDeEMsQ0FBQztBQUNILENBQUM7QUFFRCxzQ0FBc0M7QUFDdEMsU0FBUyxjQUFjLENBQ3JCLFNBQXVCLEVBQ3ZCLEtBQVk7SUFFWixPQUFPLEVBQUUsUUFBUSxFQUFFLFNBQVMsRUFBRSxLQUFLLEVBQUUsY0FBYyxFQUFFLDhCQUFlLENBQUMsR0FBRyxFQUFFLENBQUM7QUFDN0UsQ0FBQztBQUVELGdEQUFnRDtBQUNoRCxTQUFTLHdCQUF3QixDQUMvQixRQUFxQztJQUVyQyxPQUFPLEVBQUUsUUFBUSxFQUFFLGNBQWMsRUFBRSw4QkFBZSxDQUFDLGNBQWMsRUFBRSxDQUFDO0FBQ3RFLENBQUM7QUFFRCx1RUFBdUU7QUFDdkUsU0FBUyx3QkFBd0IsQ0FDL0IsTUFBc0QsRUFDdEQsYUFBcUIsRUFDckIsYUFBK0I7SUFFL0IsSUFBSSxNQUFNLEtBQUssU0FBUztRQUFFLE9BQU8sYUFBYSxDQUFDO0lBQy9DLElBQUksSUFBQSxpQ0FBa0IsRUFBQyxNQUFNLENBQUM7UUFBRSxPQUFPLE1BQU0sQ0FBQztJQUM5QyxNQUFNLElBQUksS0FBSyxDQUNiLG1CQUFtQixNQUFNLFNBQVMsYUFBYSxjQUFjO1FBQzNELHNDQUFzQyxDQUN6QyxDQUFDO0FBQ0osQ0FBQztBQUVELDREQUE0RDtBQUM1RCxTQUFTLHVCQUF1QixDQUM5QixNQUFzRCxFQUN0RCxhQUE4QjtJQUU5QixJQUFJLE1BQU0sS0FBSyxTQUFTO1FBQUUsT0FBTyxhQUFhLENBQUM7SUFDL0MsSUFBSSxJQUFBLGdDQUFpQixFQUFDLE1BQU0sQ0FBQztRQUFFLE9BQU8sTUFBTSxDQUFDO0lBQzdDLE1BQU0sSUFBSSxLQUFLLENBQ2IsbUJBQW1CLE1BQU0seUJBQXlCO1FBQ2hELG1DQUFtQyxDQUN0QyxDQUFDO0FBQ0osQ0FBQztBQUVEOzs7R0FHRztBQUNILFNBQVMsa0JBQWtCLENBQ3pCLFdBQXFDLEVBQ3JDLE9BQWU7SUFFZixJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLEtBQUssQ0FDYixHQUFHLE9BQU8sNENBQTRDO1lBQ3BELGtGQUFrRixDQUNyRixDQUFDO0lBQ0osQ0FBQztBQUNILENBQUM7QUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBa0JHO0FBQ0gsU0FBZ0Isa0JBQWtCLENBQ2hDLFdBQTZCLEVBQzdCLE9BQW1CLEVBQ25CLFdBQTBCO0lBRTFCLE9BQU8sV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFO1FBQzlCLE1BQU0sRUFBRSxRQUFRLEVBQUUsTUFBTSxFQUFFLEdBQUcsSUFBQSxpQ0FBa0IsRUFBQyxJQUFJLENBQUM7WUFDbkQsQ0FBQyxDQUFDLEVBQUUsUUFBUSxFQUFFLElBQUksQ0FBQyxRQUFRLEVBQUUsTUFBTSxFQUFFLElBQUksQ0FBQyxNQUFNLEVBQUU7WUFDbEQsQ0FBQyxDQUFDLEVBQUUsUUFBUSxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLENBQUM7UUFFMUMsNEVBQTRFO1FBQzVFLElBQUksSUFBQSwwQkFBVyxFQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7WUFDMUIsUUFBUSxRQUFRLENBQUMsYUFBYSxFQUFFLENBQUM7Z0JBQy9CLEtBQUssU0FBUyxDQUFDLENBQUMsQ0FBQztvQkFDZixNQUFNLFdBQVcsR0FBRyx3QkFBd0IsQ0FDMUMsTUFBTSxFQUNOLFNBQVMsRUFDVCxjQUFjLENBQUMsT0FBTyxDQUN2QixDQUFDO29CQUNGLE9BQU8sY0FBYyxDQUNuQixRQUFRLEVBQ1Isd0JBQXdCLENBQUMsUUFBUSxFQUFFLE9BQU8sRUFBRSxXQUFXLENBQUMsQ0FDekQsQ0FBQztnQkFDSixDQUFDO2dCQUVELEtBQUssVUFBVSxDQUFDLENBQUMsQ0FBQztvQkFDaEIsTUFBTSxXQUFXLEdBQUcsd0JBQXdCLENBQzFDLE1BQU0sRUFDTixVQUFVLEVBQ1YsY0FBYyxDQUFDLFFBQVEsQ0FDeEIsQ0FBQztvQkFDRixPQUFPLGNBQWMsQ0FDbkIsUUFBUSxFQUNSLHlCQUF5QixDQUFDLFFBQVEsRUFBRSxPQUFPLEVBQUUsV0FBVyxDQUFDLENBQzFELENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxLQUFLLE9BQU8sQ0FBQyxDQUFDLENBQUM7b0JBQ2IsTUFBTSxXQUFXLEdBQUcsdUJBQXVCLENBQ3pDLE1BQU0sRUFDTixjQUFjLENBQUMsS0FBSyxDQUNyQixDQUFDO29CQUNGLE9BQU8sY0FBYyxDQUNuQixRQUFRLEVBQ1Isc0JBQXNCLENBQUMsUUFBUSxFQUFFLE9BQU8sRUFBRSxXQUFXLENBQUMsQ0FDdkQsQ0FBQztnQkFDSixDQUFDO2dCQUVELEtBQUssZUFBZSxDQUFDO2dCQUNyQixLQUFLLFlBQVksQ0FBQyxDQUFDLENBQUM7b0JBQ2xCLGtCQUFrQixDQUNoQixXQUFXLEVBQ1gsR0FBRyxRQUFRLENBQUMsYUFBYSxZQUFZLENBQ3RDLENBQUM7b0JBQ0YsV0FBVyxDQUFDLFdBQVcsQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztvQkFDckQsT0FBTyx3QkFBd0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztnQkFDNUMsQ0FBQztZQUNILENBQUM7UUFDSCxDQUFDO1FBRUQsMkJBQTJCO1FBQzNCLElBQUksSUFBQSw0QkFBYSxFQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7WUFDNUIsa0JBQWtCLENBQUMsV0FBVyxFQUFFLHVCQUF1QixDQUFDLENBQUM7WUFDekQsV0FBVyxDQUFDLFdBQVcsQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUNyRCxPQUFPLHdCQUF3QixDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzVDLENBQUM7UUFFRCxNQUFNLElBQUksS0FBSyxDQUNiLGtFQUFrRSxDQUNuRSxDQUFDO0lBQ0osQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBTaGFyZWQgY29ubmVjdGlvbiBwcm9jZXNzb3IgZm9yIHVuaWZpZWQgY29ubmVjdG9yIGludGVyZmFjZS5cbiAqXG4gKiBUaGlzIG1vZHVsZSBwcm92aWRlcyB0aGUgYHByb2Nlc3NDb25uZWN0aW9uc2AgZnVuY3Rpb24gdGhhdCBoYW5kbGVzXG4gKiBib3RoIHNlY3VyaXR5IGdyb3VwIHJ1bGVzIChJQ29ubmVjdGFibGUpIGFuZCBJQU0gZ3JhbnRzIChJR3JhbnRhYmxlKVxuICogaW4gYSB1bmlmaWVkIHdheS5cbiAqXG4gKiBAZXhhbXBsZVxuICogLy8gSW4gRUNTIHNlcnZpY2Ugc2V0dXBcbiAqIHByb2Nlc3NDb25uZWN0aW9ucyhcbiAqICAgc2VydmljZVByb3BzLmNvbm5lY3Rpb25zLFxuICogICBzZXJ2aWNlRGF0YS50YXNrUm9sZSwgIC8vIElHcmFudGFibGUgZm9yIElBTVxuICogICBzZXJ2aWNlICAgICAgICAgICAgICAgLy8gSUNvbm5lY3RhYmxlIGZvciBzZWN1cml0eSBncm91cHNcbiAqICk7XG4gKlxuICogQGV4YW1wbGVcbiAqIC8vIEluIExhbWJkYSBzZXR1cFxuICogcHJvY2Vzc0Nvbm5lY3Rpb25zKFxuICogICBwcm9wcy5jb25uZWN0aW9ucyxcbiAqICAgdGhpcy5sYW1iZGFGdW5jdGlvbiwgIC8vIElHcmFudGFibGUgKGV4ZWN1dGlvbiByb2xlKVxuICogICB0aGlzLmxhbWJkYUZ1bmN0aW9uICAgLy8gSUNvbm5lY3RhYmxlIChzZWN1cml0eSBncm91cClcbiAqICk7XG4gKi9cblxuaW1wb3J0IHsgdHlwZSBJQ29ubmVjdGFibGUgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWVjMlwiO1xuaW1wb3J0IHsgdHlwZSBJR3JhbnRhYmxlLCB0eXBlIEdyYW50IH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIjtcbmltcG9ydCB7XG4gIHR5cGUgQ29ubmVjdGlvblNwZWMsXG4gIHR5cGUgQ29ubmVjdGlvblJlc3VsdCxcbiAgdHlwZSBDb25uZWN0aW9uQWNjZXNzLFxuICB0eXBlIE1lc3NhZ2luZ0FjY2VzcyxcbiAgdHlwZSBBbnlDb25uZWN0b3IsXG4gIHR5cGUgSVN0b3JhZ2VDb25uZWN0b3IsXG4gIHR5cGUgSUR5bmFtb0RCQ29ubmVjdG9yLFxuICB0eXBlIElRdWV1ZUNvbm5lY3RvcixcbiAgQ09OTkVDVElPTl9UWVBFLFxuICBpc0Nvbm5lY3Rpb25Db25maWcsXG4gIGlzQ29ubmVjdG9yLFxuICBpc0Nvbm5lY3RhYmxlLFxuICBpc0Nvbm5lY3Rpb25BY2Nlc3MsXG4gIGlzTWVzc2FnaW5nQWNjZXNzXG59IGZyb20gXCIuL2Nvbm5lY3Rvci5qc1wiO1xuXG4vKiogRGVmYXVsdCBhY2Nlc3MgbGV2ZWxzIGZvciBlYWNoIGNvbm5lY3RvciB0eXBlLiAqL1xuY29uc3QgREVGQVVMVF9BQ0NFU1MgPSB7XG4gIHN0b3JhZ2U6IFwicmVhZFdyaXRlXCIsXG4gIGR5bmFtb2RiOiBcInJlYWRXcml0ZVwiLFxuICBxdWV1ZTogXCJmdWxsXCJcbn0gYXMgY29uc3Q7XG5cbi8qKiBHcmFudCBzdG9yYWdlIGFjY2VzcyBiYXNlZCBvbiBhY2Nlc3MgbGV2ZWwuICovXG5mdW5jdGlvbiBwcm9jZXNzU3RvcmFnZUNvbm5lY3Rpb24oXG4gIGNvbm5lY3RvcjogSVN0b3JhZ2VDb25uZWN0b3IsXG4gIGdyYW50ZWU6IElHcmFudGFibGUsXG4gIGFjY2VzczogQ29ubmVjdGlvbkFjY2Vzc1xuKTogR3JhbnQge1xuICBzd2l0Y2ggKGFjY2Vzcykge1xuICAgIGNhc2UgXCJyZWFkXCI6XG4gICAgICByZXR1cm4gY29ubmVjdG9yLmdyYW50UmVhZChncmFudGVlKTtcbiAgICBjYXNlIFwid3JpdGVcIjpcbiAgICAgIHJldHVybiBjb25uZWN0b3IuZ3JhbnRXcml0ZShncmFudGVlKTtcbiAgICBjYXNlIFwicmVhZFdyaXRlXCI6XG4gICAgICByZXR1cm4gY29ubmVjdG9yLmdyYW50UmVhZFdyaXRlKGdyYW50ZWUpO1xuICB9XG59XG5cbi8qKiBHcmFudCBEeW5hbW9EQiBhY2Nlc3MgYmFzZWQgb24gYWNjZXNzIGxldmVsLiAqL1xuZnVuY3Rpb24gcHJvY2Vzc0R5bmFtb0RCQ29ubmVjdGlvbihcbiAgY29ubmVjdG9yOiBJRHluYW1vREJDb25uZWN0b3IsXG4gIGdyYW50ZWU6IElHcmFudGFibGUsXG4gIGFjY2VzczogQ29ubmVjdGlvbkFjY2Vzc1xuKTogR3JhbnQge1xuICBzd2l0Y2ggKGFjY2Vzcykge1xuICAgIGNhc2UgXCJyZWFkXCI6XG4gICAgICByZXR1cm4gY29ubmVjdG9yLmdyYW50UmVhZERhdGEoZ3JhbnRlZSk7XG4gICAgY2FzZSBcIndyaXRlXCI6XG4gICAgICByZXR1cm4gY29ubmVjdG9yLmdyYW50V3JpdGVEYXRhKGdyYW50ZWUpO1xuICAgIGNhc2UgXCJyZWFkV3JpdGVcIjpcbiAgICAgIHJldHVybiBjb25uZWN0b3IuZ3JhbnRSZWFkV3JpdGVEYXRhKGdyYW50ZWUpO1xuICB9XG59XG5cbi8qKiBHcmFudCBxdWV1ZSBhY2Nlc3MgYmFzZWQgb24gYWNjZXNzIGxldmVsLiAqL1xuZnVuY3Rpb24gcHJvY2Vzc1F1ZXVlQ29ubmVjdGlvbihcbiAgY29ubmVjdG9yOiBJUXVldWVDb25uZWN0b3IsXG4gIGdyYW50ZWU6IElHcmFudGFibGUsXG4gIGFjY2VzczogTWVzc2FnaW5nQWNjZXNzXG4pOiBHcmFudCB7XG4gIHN3aXRjaCAoYWNjZXNzKSB7XG4gICAgY2FzZSBcInNlbmRcIjpcbiAgICAgIHJldHVybiBjb25uZWN0b3IuZ3JhbnRTZW5kTWVzc2FnZXMoZ3JhbnRlZSk7XG4gICAgY2FzZSBcImNvbnN1bWVcIjpcbiAgICAgIHJldHVybiBjb25uZWN0b3IuZ3JhbnRDb25zdW1lTWVzc2FnZXMoZ3JhbnRlZSk7XG4gICAgY2FzZSBcImZ1bGxcIjpcbiAgICAgIHJldHVybiBjb25uZWN0b3IuZ3JhbnRGdWxsKGdyYW50ZWUpO1xuICB9XG59XG5cbi8qKiBCdWlsZCBhbiBJQU0gY29ubmVjdGlvbiByZXN1bHQuICovXG5mdW5jdGlvbiBidWlsZElhbVJlc3VsdChcbiAgY29ubmVjdG9yOiBBbnlDb25uZWN0b3IsXG4gIGdyYW50OiBHcmFudFxuKTogQ29ubmVjdGlvblJlc3VsdCB7XG4gIHJldHVybiB7IHJlc291cmNlOiBjb25uZWN0b3IsIGdyYW50LCBjb25uZWN0aW9uVHlwZTogQ09OTkVDVElPTl9UWVBFLklBTSB9O1xufVxuXG4vKiogQnVpbGQgYSBzZWN1cml0eSBncm91cCBjb25uZWN0aW9uIHJlc3VsdC4gKi9cbmZ1bmN0aW9uIGJ1aWxkU2VjdXJpdHlHcm91cFJlc3VsdChcbiAgcmVzb3VyY2U6IEFueUNvbm5lY3RvciB8IElDb25uZWN0YWJsZVxuKTogQ29ubmVjdGlvblJlc3VsdCB7XG4gIHJldHVybiB7IHJlc291cmNlLCBjb25uZWN0aW9uVHlwZTogQ09OTkVDVElPTl9UWVBFLlNFQ1VSSVRZX0dST1VQIH07XG59XG5cbi8qKiBWYWxpZGF0ZSBhbmQgbmFycm93IGFjY2VzcyB0eXBlIGZvciBzdG9yYWdlL2R5bmFtb2RiIGNvbm5lY3RvcnMuICovXG5mdW5jdGlvbiB2YWxpZGF0ZUNvbm5lY3Rpb25BY2Nlc3MoXG4gIGFjY2VzczogQ29ubmVjdGlvbkFjY2VzcyB8IE1lc3NhZ2luZ0FjY2VzcyB8IHVuZGVmaW5lZCxcbiAgY29ubmVjdG9yVHlwZTogc3RyaW5nLFxuICBkZWZhdWx0QWNjZXNzOiBDb25uZWN0aW9uQWNjZXNzXG4pOiBDb25uZWN0aW9uQWNjZXNzIHtcbiAgaWYgKGFjY2VzcyA9PT0gdW5kZWZpbmVkKSByZXR1cm4gZGVmYXVsdEFjY2VzcztcbiAgaWYgKGlzQ29ubmVjdGlvbkFjY2VzcyhhY2Nlc3MpKSByZXR1cm4gYWNjZXNzO1xuICB0aHJvdyBuZXcgRXJyb3IoXG4gICAgYEludmFsaWQgYWNjZXNzIFwiJHthY2Nlc3N9XCIgZm9yICR7Y29ubmVjdG9yVHlwZX0gY29ubmVjdG9yLiBgICtcbiAgICAgIGBWYWxpZCB2YWx1ZXM6IHJlYWQsIHdyaXRlLCByZWFkV3JpdGVgXG4gICk7XG59XG5cbi8qKiBWYWxpZGF0ZSBhbmQgbmFycm93IGFjY2VzcyB0eXBlIGZvciBxdWV1ZSBjb25uZWN0b3JzLiAqL1xuZnVuY3Rpb24gdmFsaWRhdGVNZXNzYWdpbmdBY2Nlc3MoXG4gIGFjY2VzczogQ29ubmVjdGlvbkFjY2VzcyB8IE1lc3NhZ2luZ0FjY2VzcyB8IHVuZGVmaW5lZCxcbiAgZGVmYXVsdEFjY2VzczogTWVzc2FnaW5nQWNjZXNzXG4pOiBNZXNzYWdpbmdBY2Nlc3Mge1xuICBpZiAoYWNjZXNzID09PSB1bmRlZmluZWQpIHJldHVybiBkZWZhdWx0QWNjZXNzO1xuICBpZiAoaXNNZXNzYWdpbmdBY2Nlc3MoYWNjZXNzKSkgcmV0dXJuIGFjY2VzcztcbiAgdGhyb3cgbmV3IEVycm9yKFxuICAgIGBJbnZhbGlkIGFjY2VzcyBcIiR7YWNjZXNzfVwiIGZvciBxdWV1ZSBjb25uZWN0b3IuIGAgK1xuICAgICAgYFZhbGlkIHZhbHVlczogc2VuZCwgY29uc3VtZSwgZnVsbGBcbiAgKTtcbn1cblxuLyoqXG4gKiBSZXF1aXJlIElDb25uZWN0YWJsZSBmb3Igc2VjdXJpdHkgZ3JvdXAgb3BlcmF0aW9ucy5cbiAqIFRocm93cyBhIGRlc2NyaXB0aXZlIGVycm9yIGlmIG5vdCBwcm92aWRlZC5cbiAqL1xuZnVuY3Rpb24gcmVxdWlyZUNvbm5lY3RhYmxlKFxuICBjb25uZWN0YWJsZTogSUNvbm5lY3RhYmxlIHwgdW5kZWZpbmVkLFxuICBjb250ZXh0OiBzdHJpbmdcbik6IGFzc2VydHMgY29ubmVjdGFibGUgaXMgSUNvbm5lY3RhYmxlIHtcbiAgaWYgKCFjb25uZWN0YWJsZSkge1xuICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgIGAke2NvbnRleHR9IHJlcXVpcmVzIGFuIElDb25uZWN0YWJsZSB0byBiZSBwcm92aWRlZC4gYCArXG4gICAgICAgIFwiRW5zdXJlIHRoZSBjb21wdXRlIHJlc291cmNlIChFQ1MsIEVDMiwgTGFtYmRhIHdpdGggVlBDKSBpbXBsZW1lbnRzIElDb25uZWN0YWJsZS5cIlxuICAgICk7XG4gIH1cbn1cblxuLyoqXG4gKiBQcm9jZXNzIGNvbm5lY3Rpb25zIGZyb20gY29tcHV0ZSByZXNvdXJjZXMgdG8gZGF0YSByZXNvdXJjZXMuXG4gKlxuICogSGFuZGxlcyB0aGUgdW5pZmllZCBjb25uZWN0b3IgaW50ZXJmYWNlLCBkaXNwYXRjaGluZyB0bzpcbiAqIC0gU2VjdXJpdHkgZ3JvdXAgcnVsZXMgZm9yIElDb25uZWN0YWJsZSBhbmQgSVNlY3VyaXR5R3JvdXBDb25uZWN0b3IgcmVzb3VyY2VzXG4gKiAtIElBTSBncmFudHMgZm9yIElTdG9yYWdlQ29ubmVjdG9yLCBJRHluYW1vREJDb25uZWN0b3IsIGFuZCBJUXVldWVDb25uZWN0b3IgcmVzb3VyY2VzXG4gKlxuICogQHBhcmFtIGNvbm5lY3Rpb25zIC0gQXJyYXkgb2YgY29ubmVjdGlvbiBzcGVjaWZpY2F0aW9uc1xuICogQHBhcmFtIGdyYW50ZWUgLSBUaGUgSUFNIGdyYW50ZWUgKHRhc2sgcm9sZSwgZXhlY3V0aW9uIHJvbGUsIGV0Yy4pXG4gKiBAcGFyYW0gY29ubmVjdGFibGUgLSBPcHRpb25hbCBJQ29ubmVjdGFibGUgZm9yIHNlY3VyaXR5IGdyb3VwIHJ1bGVzXG4gKiBAcmV0dXJucyBBcnJheSBvZiBjb25uZWN0aW9uIHJlc3VsdHNcbiAqXG4gKiBAZXhhbXBsZVxuICogcHJvY2Vzc0Nvbm5lY3Rpb25zKFxuICogICBbZGF0YWJhc2UsIHsgcmVzb3VyY2U6IGJ1Y2tldCwgYWNjZXNzOiBcInJlYWRcIiB9LCBxdWV1ZV0sXG4gKiAgIHRhc2tSb2xlLFxuICogICBzZXJ2aWNlXG4gKiApO1xuICovXG5leHBvcnQgZnVuY3Rpb24gcHJvY2Vzc0Nvbm5lY3Rpb25zKFxuICBjb25uZWN0aW9uczogQ29ubmVjdGlvblNwZWNbXSxcbiAgZ3JhbnRlZTogSUdyYW50YWJsZSxcbiAgY29ubmVjdGFibGU/OiBJQ29ubmVjdGFibGVcbik6IENvbm5lY3Rpb25SZXN1bHRbXSB7XG4gIHJldHVybiBjb25uZWN0aW9ucy5tYXAoKHNwZWMpID0+IHtcbiAgICBjb25zdCB7IHJlc291cmNlLCBhY2Nlc3MgfSA9IGlzQ29ubmVjdGlvbkNvbmZpZyhzcGVjKVxuICAgICAgPyB7IHJlc291cmNlOiBzcGVjLnJlc291cmNlLCBhY2Nlc3M6IHNwZWMuYWNjZXNzIH1cbiAgICAgIDogeyByZXNvdXJjZTogc3BlYywgYWNjZXNzOiB1bmRlZmluZWQgfTtcblxuICAgIC8vIEhhbmRsZSB1bmlmaWVkIGNvbm5lY3RvciBpbnRlcmZhY2UgKGlzQ29ubmVjdG9yIG5vdyByZXR1cm5zIEFueUNvbm5lY3RvcilcbiAgICBpZiAoaXNDb25uZWN0b3IocmVzb3VyY2UpKSB7XG4gICAgICBzd2l0Y2ggKHJlc291cmNlLmNvbm5lY3RvclR5cGUpIHtcbiAgICAgICAgY2FzZSBcInN0b3JhZ2VcIjoge1xuICAgICAgICAgIGNvbnN0IHZhbGlkQWNjZXNzID0gdmFsaWRhdGVDb25uZWN0aW9uQWNjZXNzKFxuICAgICAgICAgICAgYWNjZXNzLFxuICAgICAgICAgICAgXCJzdG9yYWdlXCIsXG4gICAgICAgICAgICBERUZBVUxUX0FDQ0VTUy5zdG9yYWdlXG4gICAgICAgICAgKTtcbiAgICAgICAgICByZXR1cm4gYnVpbGRJYW1SZXN1bHQoXG4gICAgICAgICAgICByZXNvdXJjZSxcbiAgICAgICAgICAgIHByb2Nlc3NTdG9yYWdlQ29ubmVjdGlvbihyZXNvdXJjZSwgZ3JhbnRlZSwgdmFsaWRBY2Nlc3MpXG4gICAgICAgICAgKTtcbiAgICAgICAgfVxuXG4gICAgICAgIGNhc2UgXCJkeW5hbW9kYlwiOiB7XG4gICAgICAgICAgY29uc3QgdmFsaWRBY2Nlc3MgPSB2YWxpZGF0ZUNvbm5lY3Rpb25BY2Nlc3MoXG4gICAgICAgICAgICBhY2Nlc3MsXG4gICAgICAgICAgICBcImR5bmFtb2RiXCIsXG4gICAgICAgICAgICBERUZBVUxUX0FDQ0VTUy5keW5hbW9kYlxuICAgICAgICAgICk7XG4gICAgICAgICAgcmV0dXJuIGJ1aWxkSWFtUmVzdWx0KFxuICAgICAgICAgICAgcmVzb3VyY2UsXG4gICAgICAgICAgICBwcm9jZXNzRHluYW1vREJDb25uZWN0aW9uKHJlc291cmNlLCBncmFudGVlLCB2YWxpZEFjY2VzcylcbiAgICAgICAgICApO1xuICAgICAgICB9XG5cbiAgICAgICAgY2FzZSBcInF1ZXVlXCI6IHtcbiAgICAgICAgICBjb25zdCB2YWxpZEFjY2VzcyA9IHZhbGlkYXRlTWVzc2FnaW5nQWNjZXNzKFxuICAgICAgICAgICAgYWNjZXNzLFxuICAgICAgICAgICAgREVGQVVMVF9BQ0NFU1MucXVldWVcbiAgICAgICAgICApO1xuICAgICAgICAgIHJldHVybiBidWlsZElhbVJlc3VsdChcbiAgICAgICAgICAgIHJlc291cmNlLFxuICAgICAgICAgICAgcHJvY2Vzc1F1ZXVlQ29ubmVjdGlvbihyZXNvdXJjZSwgZ3JhbnRlZSwgdmFsaWRBY2Nlc3MpXG4gICAgICAgICAgKTtcbiAgICAgICAgfVxuXG4gICAgICAgIGNhc2UgXCJzZWN1cml0eUdyb3VwXCI6XG4gICAgICAgIGNhc2UgXCJyZWxhdGlvbmFsXCI6IHtcbiAgICAgICAgICByZXF1aXJlQ29ubmVjdGFibGUoXG4gICAgICAgICAgICBjb25uZWN0YWJsZSxcbiAgICAgICAgICAgIGAke3Jlc291cmNlLmNvbm5lY3RvclR5cGV9IGNvbm5lY3RvcmBcbiAgICAgICAgICApO1xuICAgICAgICAgIGNvbm5lY3RhYmxlLmNvbm5lY3Rpb25zLmFsbG93VG9EZWZhdWx0UG9ydChyZXNvdXJjZSk7XG4gICAgICAgICAgcmV0dXJuIGJ1aWxkU2VjdXJpdHlHcm91cFJlc3VsdChyZXNvdXJjZSk7XG4gICAgICAgIH1cbiAgICAgIH1cbiAgICB9XG5cbiAgICAvLyBMZWdhY3kgSUNvbm5lY3RhYmxlIHBhdGhcbiAgICBpZiAoaXNDb25uZWN0YWJsZShyZXNvdXJjZSkpIHtcbiAgICAgIHJlcXVpcmVDb25uZWN0YWJsZShjb25uZWN0YWJsZSwgXCJJQ29ubmVjdGFibGUgcmVzb3VyY2VcIik7XG4gICAgICBjb25uZWN0YWJsZS5jb25uZWN0aW9ucy5hbGxvd1RvRGVmYXVsdFBvcnQocmVzb3VyY2UpO1xuICAgICAgcmV0dXJuIGJ1aWxkU2VjdXJpdHlHcm91cFJlc3VsdChyZXNvdXJjZSk7XG4gICAgfVxuXG4gICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgXCJDb25uZWN0aW9uIHJlc291cmNlIG11c3QgYmUgZWl0aGVyIGFuIElDb25uZWN0b3Igb3IgSUNvbm5lY3RhYmxlXCJcbiAgICApO1xuICB9KTtcbn1cbiJdfQ==
|
|
@@ -0,0 +1,183 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Unified connector interface for bidirectional connections.
|
|
3
|
+
*
|
|
4
|
+
* This module provides a unified `IConnector` interface that enables
|
|
5
|
+
* bidirectional connections between compute resources (ECS, Lambda, EC2)
|
|
6
|
+
* and data resources (S3, DynamoDB, SQS, RDS).
|
|
7
|
+
*
|
|
8
|
+
* The connector pattern unifies:
|
|
9
|
+
* - Security group rules (IConnectable) for RDS, ECS, etc.
|
|
10
|
+
* - IAM grants for S3, DynamoDB, SQS
|
|
11
|
+
*
|
|
12
|
+
* @example
|
|
13
|
+
* // Simple connections (default permissions)
|
|
14
|
+
* const api = app.addCompute(ComputeFactory.build("Api", {
|
|
15
|
+
* type: "ecs",
|
|
16
|
+
* services: [{
|
|
17
|
+
* name: "api",
|
|
18
|
+
* capacityProvider: "FARGATE",
|
|
19
|
+
* connections: [database, bucket, cache, queue]
|
|
20
|
+
* }]
|
|
21
|
+
* }));
|
|
22
|
+
*
|
|
23
|
+
* @example
|
|
24
|
+
* // Explicit access levels
|
|
25
|
+
* const worker = app.addCompute(ComputeFactory.build("Worker", {
|
|
26
|
+
* type: "ecs",
|
|
27
|
+
* services: [{
|
|
28
|
+
* name: "worker",
|
|
29
|
+
* capacityProvider: "FARGATE",
|
|
30
|
+
* connections: [
|
|
31
|
+
* database, // Security group (RDS)
|
|
32
|
+
* { resource: cache, access: "read" }, // Read-only DynamoDB
|
|
33
|
+
* { resource: bucket, access: "write" }, // Write-only S3
|
|
34
|
+
* { resource: queue, access: "consume" } // Consume-only SQS
|
|
35
|
+
* ]
|
|
36
|
+
* }]
|
|
37
|
+
* }));
|
|
38
|
+
*/
|
|
39
|
+
import { type IConnectable } from "aws-cdk-lib/aws-ec2";
|
|
40
|
+
import { type IGrantable, type Grant } from "aws-cdk-lib/aws-iam";
|
|
41
|
+
/**
|
|
42
|
+
* Connector type discriminator.
|
|
43
|
+
* - "storage": S3 buckets
|
|
44
|
+
* - "dynamodb": DynamoDB tables
|
|
45
|
+
* - "queue": SQS queues
|
|
46
|
+
* - "securityGroup": Resources with security groups (ECS, Lambda with VPC)
|
|
47
|
+
* - "relational": RDS databases (uses security groups)
|
|
48
|
+
*/
|
|
49
|
+
export type ConnectorType = "storage" | "dynamodb" | "queue" | "securityGroup" | "relational";
|
|
50
|
+
/**
|
|
51
|
+
* Access level for storage and DynamoDB connectors.
|
|
52
|
+
*/
|
|
53
|
+
export type ConnectionAccess = "read" | "write" | "readWrite";
|
|
54
|
+
/**
|
|
55
|
+
* Access level for messaging connectors (SQS).
|
|
56
|
+
*/
|
|
57
|
+
export type MessagingAccess = "send" | "consume" | "full";
|
|
58
|
+
/**
|
|
59
|
+
* Base connector interface.
|
|
60
|
+
* All connector types implement this interface.
|
|
61
|
+
*/
|
|
62
|
+
export interface IConnector {
|
|
63
|
+
/** The type of connector resource. Used for runtime type narrowing. */
|
|
64
|
+
readonly connectorType: ConnectorType;
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Storage connector interface (S3).
|
|
68
|
+
* Provides IAM grant methods for S3 bucket access.
|
|
69
|
+
*/
|
|
70
|
+
export interface IStorageConnector extends IConnector {
|
|
71
|
+
readonly connectorType: "storage";
|
|
72
|
+
/** Grant read permissions to the grantee. */
|
|
73
|
+
grantRead(grantee: IGrantable): Grant;
|
|
74
|
+
/** Grant write permissions to the grantee. */
|
|
75
|
+
grantWrite(grantee: IGrantable): Grant;
|
|
76
|
+
/** Grant read and write permissions to the grantee. */
|
|
77
|
+
grantReadWrite(grantee: IGrantable): Grant;
|
|
78
|
+
}
|
|
79
|
+
/**
|
|
80
|
+
* DynamoDB connector interface.
|
|
81
|
+
* Provides IAM grant methods for DynamoDB table access.
|
|
82
|
+
*/
|
|
83
|
+
export interface IDynamoDBConnector extends IConnector {
|
|
84
|
+
readonly connectorType: "dynamodb";
|
|
85
|
+
/** Grant read data permissions to the grantee. */
|
|
86
|
+
grantReadData(grantee: IGrantable): Grant;
|
|
87
|
+
/** Grant write data permissions to the grantee. */
|
|
88
|
+
grantWriteData(grantee: IGrantable): Grant;
|
|
89
|
+
/** Grant read and write data permissions to the grantee. */
|
|
90
|
+
grantReadWriteData(grantee: IGrantable): Grant;
|
|
91
|
+
}
|
|
92
|
+
/**
|
|
93
|
+
* Queue connector interface (SQS).
|
|
94
|
+
* Provides IAM grant methods for SQS queue access.
|
|
95
|
+
*/
|
|
96
|
+
export interface IQueueConnector extends IConnector {
|
|
97
|
+
readonly connectorType: "queue";
|
|
98
|
+
/** Grant send message permissions to the grantee. */
|
|
99
|
+
grantSendMessages(grantee: IGrantable): Grant;
|
|
100
|
+
/** Grant consume (receive and delete) message permissions to the grantee. */
|
|
101
|
+
grantConsumeMessages(grantee: IGrantable): Grant;
|
|
102
|
+
/** Grant full access (send and consume) to the grantee. */
|
|
103
|
+
grantFull(grantee: IGrantable): Grant;
|
|
104
|
+
}
|
|
105
|
+
/**
|
|
106
|
+
* Security group connector interface (RDS, ECS with VPC).
|
|
107
|
+
* Provides access to the security group connections for network-level access.
|
|
108
|
+
*
|
|
109
|
+
* Both "securityGroup" and "relational" types use this interface:
|
|
110
|
+
* - "relational": RDS databases (Aurora, Instance, GlobalAurora)
|
|
111
|
+
* - "securityGroup": Other resources requiring security group rules (ECS, EC2)
|
|
112
|
+
*/
|
|
113
|
+
export interface ISecurityGroupConnector extends IConnector {
|
|
114
|
+
readonly connectorType: "securityGroup" | "relational";
|
|
115
|
+
/** The security group connections for this resource. */
|
|
116
|
+
readonly connections: IConnectable["connections"];
|
|
117
|
+
}
|
|
118
|
+
/**
|
|
119
|
+
* Union type representing any connector interface.
|
|
120
|
+
*/
|
|
121
|
+
export type AnyConnector = IStorageConnector | IDynamoDBConnector | IQueueConnector | ISecurityGroupConnector;
|
|
122
|
+
/**
|
|
123
|
+
* Connection configuration with explicit access level.
|
|
124
|
+
* Use this to specify non-default access levels.
|
|
125
|
+
*/
|
|
126
|
+
export interface ConnectionConfig {
|
|
127
|
+
/** The resource to connect to. */
|
|
128
|
+
resource: AnyConnector | IConnectable;
|
|
129
|
+
/** The access level to grant. Defaults vary by resource type. */
|
|
130
|
+
access?: ConnectionAccess | MessagingAccess;
|
|
131
|
+
}
|
|
132
|
+
/**
|
|
133
|
+
* Connection specification.
|
|
134
|
+
* Can be:
|
|
135
|
+
* - IConnectable: Legacy security group resource
|
|
136
|
+
* - AnyConnector: Unified connector resource
|
|
137
|
+
* - ConnectionConfig: Explicit access configuration
|
|
138
|
+
*/
|
|
139
|
+
export type ConnectionSpec = IConnectable | AnyConnector | ConnectionConfig;
|
|
140
|
+
/** Connection result types. */
|
|
141
|
+
export declare const CONNECTION_TYPE: {
|
|
142
|
+
readonly SECURITY_GROUP: "securityGroup";
|
|
143
|
+
readonly IAM: "iam";
|
|
144
|
+
};
|
|
145
|
+
export type ConnectionType = (typeof CONNECTION_TYPE)[keyof typeof CONNECTION_TYPE];
|
|
146
|
+
/**
|
|
147
|
+
* Result of processing a connection.
|
|
148
|
+
* Contains the grant result for IAM-based connections.
|
|
149
|
+
*/
|
|
150
|
+
export interface ConnectionResult {
|
|
151
|
+
/** The resource that was connected. */
|
|
152
|
+
resource: AnyConnector | IConnectable;
|
|
153
|
+
/** The grant result if IAM permissions were granted. */
|
|
154
|
+
grant?: Grant;
|
|
155
|
+
/** The type of connection that was made. */
|
|
156
|
+
connectionType: ConnectionType;
|
|
157
|
+
}
|
|
158
|
+
/** Check if a value is a valid ConnectionAccess. */
|
|
159
|
+
export declare function isConnectionAccess(value: unknown): value is ConnectionAccess;
|
|
160
|
+
/** Check if a value is a valid MessagingAccess. */
|
|
161
|
+
export declare function isMessagingAccess(value: unknown): value is MessagingAccess;
|
|
162
|
+
/**
|
|
163
|
+
* Type guard to check if a resource is a connector.
|
|
164
|
+
* Returns AnyConnector for discriminated union narrowing in switch statements.
|
|
165
|
+
*/
|
|
166
|
+
export declare function isConnector(resource: unknown): resource is AnyConnector;
|
|
167
|
+
/**
|
|
168
|
+
* Type guard to check if a resource is a CDK IConnectable.
|
|
169
|
+
* Checks for the `connections` property that IConnectable resources have.
|
|
170
|
+
*/
|
|
171
|
+
export declare function isConnectable(resource: unknown): resource is IConnectable;
|
|
172
|
+
/**
|
|
173
|
+
* Type guard to check if a connection spec is a ConnectionConfig.
|
|
174
|
+
*/
|
|
175
|
+
export declare function isConnectionConfig(spec: ConnectionSpec): spec is ConnectionConfig;
|
|
176
|
+
/** Type guard for storage connectors (S3 buckets). */
|
|
177
|
+
export declare function isStorageConnector(connector: IConnector): connector is IStorageConnector;
|
|
178
|
+
/** Type guard for DynamoDB connectors. */
|
|
179
|
+
export declare function isDynamoDBConnector(connector: IConnector): connector is IDynamoDBConnector;
|
|
180
|
+
/** Type guard for queue connectors (SQS queues). */
|
|
181
|
+
export declare function isQueueConnector(connector: IConnector): connector is IQueueConnector;
|
|
182
|
+
/** Type guard for security group connectors (RDS, ECS). */
|
|
183
|
+
export declare function isSecurityGroupConnector(connector: IConnector): connector is ISecurityGroupConnector;
|