@fjall/components-infrastructure 0.89.4 → 0.89.6

package/dist/lib/config/aws/identityCenter.js

@@ -1,13 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.IdentityCenter = void 0;
-const customResources = require("aws-cdk-lib/custom-resources");
-const aws_iam_1 = require("aws-cdk-lib/aws-iam");
-const aws_cdk_lib_1 = require("aws-cdk-lib");
-const awsCustomResource_1 = require("../../resources/aws/utilities/awsCustomResource");
-const stripAndCamelCase_1 = require("../../utils/stripAndCamelCase");
-const identityCenter_1 = require("../../resources/aws/iam/identityCenter");
-const iam_1 = require("../../resources/aws/iam");
+import * as customResources from "aws-cdk-lib/custom-resources";
+import { PolicyDocument, PolicyStatement, ServicePrincipal } from "aws-cdk-lib/aws-iam";
+import { CfnOutput, NestedStack } from "aws-cdk-lib";
+import { AwsCustomResource } from "../../resources/aws/utilities/awsCustomResource.js";
+import { stripAndCamelCase } from "../../utils/stripAndCamelCase.js";
+import { Group, PermissionSet, Assignment } from "../../resources/aws/iam/identityCenter/index.js";
+import { ManagedPolicy, Role } from "../../resources/aws/iam/index.js";
 const defaultPermissionSets = {
     AdministratorAccess: {
         Policy: "arn:aws:iam::aws:policy/AdministratorAccess",
@@ -22,7 +19,10 @@ const defaultPermissionSets = {
         Description: "Permission set for associated Billing policy"
     }
 };
-class IdentityCenter extends aws_cdk_lib_1.NestedStack {
+export class IdentityCenter extends NestedStack {
+    identityStoreId;
+    identityCenterArn;
+    listInstancesRole;
     constructor(scope, id, props) {
         super(scope, id, props);
         this.createListInstancesRole();
@@ -30,16 +30,16 @@ class IdentityCenter extends aws_cdk_lib_1.NestedStack {
         this.createPermissionSets(props);
     }
     createListInstancesRole() {
-        this.listInstancesRole = new iam_1.Role(this, "IdentityCenterCustomResourceRole", {
-            assumedBy: new aws_iam_1.ServicePrincipal("lambda.amazonaws.com"),
+        this.listInstancesRole = new Role(this, "IdentityCenterCustomResourceRole", {
+            assumedBy: new ServicePrincipal("lambda.amazonaws.com"),
             description: "Role for Identity Centre ListInstances custom resource",
             managedPolicies: [
-                iam_1.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole")
+                ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole")
             ],
             inlinePolicies: {
-                IdentityCenterListInstancesPolicy: new aws_iam_1.PolicyDocument({
+                IdentityCenterListInstancesPolicy: new PolicyDocument({
                     statements: [
-                        new aws_iam_1.PolicyStatement({
+                        new PolicyStatement({
                             actions: ["sso:ListInstances"],
                             resources: ["*"]
                         })
@@ -49,7 +49,7 @@ class IdentityCenter extends aws_cdk_lib_1.NestedStack {
         });
     }
     listIdentityCenterInstance() {
-        const customResource = new awsCustomResource_1.AwsCustomResource(this, "ListIdentityCenterInstanceResource", {
+        const customResource = new AwsCustomResource(this, "ListIdentityCenterInstanceResource", {
             onCreate: {
                 service: "sso-admin",
                 action: "ListInstancesCommand",
@@ -63,12 +63,12 @@ class IdentityCenter extends aws_cdk_lib_1.NestedStack {
         });
         this.identityCenterArn = customResource.getResponseField("Instances.0.InstanceArn");
         this.identityStoreId = customResource.getResponseField("Instances.0.IdentityStoreId");
-        new aws_cdk_lib_1.CfnOutput(this, "IdentityCenterArnOutput", {
+        new CfnOutput(this, "IdentityCenterArnOutput", {
             key: "identityCenterArn",
             value: this.identityCenterArn,
             exportName: "identityCenterArn"
         });
-        new aws_cdk_lib_1.CfnOutput(this, "IdentityStoreIdOutput", {
+        new CfnOutput(this, "IdentityStoreIdOutput", {
             key: "identityStoreID",
             value: this.identityStoreId,
             exportName: "identityStoreId"
@@ -76,12 +76,12 @@ class IdentityCenter extends aws_cdk_lib_1.NestedStack {
     }
     createPermissionSets(props) {
         for (const [name, config] of Object.entries(defaultPermissionSets)) {
-            const group = new identityCenter_1.Group(this, `${name}Group`, {
+            const group = new Group(this, `${name}Group`, {
                 displayName: name,
                 identityStoreId: this.identityStoreId,
                 description: `Group for associated ${name} permission set`
             });
-            const permissionSet = new identityCenter_1.PermissionSet(this, `PermissionSet${name}`, {
+            const permissionSet = new PermissionSet(this, `PermissionSet${name}`, {
                 name: name,
                 instanceArn: this.identityCenterArn,
                 description: config.Description,
@@ -89,13 +89,13 @@ class IdentityCenter extends aws_cdk_lib_1.NestedStack {
                 tags: props.tags
             });
             permissionSet.node.addDependency(group);
-            new aws_cdk_lib_1.CfnOutput(this, `${name}GroupId`, {
+            new CfnOutput(this, `${name}GroupId`, {
                 key: `${name}GroupId`,
                 value: group.getGroupId(),
                 exportName: `${name}GroupId`
             });
             for (const [accountName, accountId] of Object.entries(props.accounts)) {
-                const assignment = new identityCenter_1.Assignment(this, `${(0, stripAndCamelCase_1.stripAndCamelCase)(accountName)}${name}Assignment`, {
+                const assignment = new Assignment(this, `${stripAndCamelCase(accountName)}${name}Assignment`, {
                     instanceArn: this.identityCenterArn,
                     permissionSetArn: permissionSet.getPermissionSetArn(),
                     principalType: "GROUP",
@@ -108,5 +108,3 @@ class IdentityCenter extends aws_cdk_lib_1.NestedStack {
         }
     }
 }
-exports.IdentityCenter = IdentityCenter;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaWRlbnRpdHlDZW50ZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9pZGVudGl0eUNlbnRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxnRUFBZ0U7QUFFaEUsaURBSTZCO0FBQzdCLDZDQUE0RTtBQUM1RSx1RkFBb0Y7QUFFcEYscUVBQWtFO0FBQ2xFLDJFQUlnRDtBQUNoRCxpREFBOEQ7QUFZOUQsTUFBTSxxQkFBcUIsR0FBd0M7SUFDakUsbUJBQW1CLEVBQUU7UUFDbkIsTUFBTSxFQUFFLDZDQUE2QztRQUNyRCxXQUFXLEVBQUUsMERBQTBEO0tBQ3hFO0lBQ0QsY0FBYyxFQUFFO1FBQ2QsTUFBTSxFQUFFLHdDQUF3QztRQUNoRCxXQUFXLEVBQUUscURBQXFEO0tBQ25FO0lBQ0QsT0FBTyxFQUFFO1FBQ1AsTUFBTSxFQUFFLGtEQUFrRDtRQUMxRCxXQUFXLEVBQUUsOENBQThDO0tBQzVEO0NBQ0YsQ0FBQztBQUVGLE1BQWEsY0FBZSxTQUFRLHlCQUFXO0lBSzdDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBMEI7UUFDbEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFFeEIsSUFBSSxDQUFDLHVCQUF1QixFQUFFLENBQUM7UUFDL0IsSUFBSSxDQUFDLDBCQUEwQixFQUFFLENBQUM7UUFDbEMsSUFBSSxDQUFDLG9CQUFvQixDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ25DLENBQUM7SUFFTyx1QkFBdUI7UUFDN0IsSUFBSSxDQUFDLGlCQUFpQixHQUFHLElBQUksVUFBSSxDQUMvQixJQUFJLEVBQ0osa0NBQWtDLEVBQ2xDO1lBQ0UsU0FBUyxFQUFFLElBQUksMEJBQWdCLENBQUMsc0JBQXNCLENBQUM7WUFDdkQsV0FBVyxFQUFFLHdEQUF3RDtZQUNyRSxlQUFlLEVBQUU7Z0JBQ2YsbUJBQWEsQ0FBQyx3QkFBd0IsQ0FDcEMsMENBQTBDLENBQzNDO2FBQ0Y7WUFDRCxjQUFjLEVBQUU7Z0JBQ2QsaUNBQWlDLEVBQUUsSUFBSSx3QkFBYyxDQUFDO29CQUNwRCxVQUFVLEVBQUU7d0JBQ1YsSUFBSSx5QkFBZSxDQUFDOzRCQUNsQixPQUFPLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQzs0QkFDOUIsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO3lCQUNqQixDQUFDO3FCQUNIO2lCQUNGLENBQUM7YUFDSDtTQUNGLENBQ0YsQ0FBQztJQUNKLENBQUM7SUFFTywwQkFBMEI7UUFDaEMsTUFBTSxjQUFjLEdBQUcsSUFBSSxxQ0FBaUIsQ0FDMUMsSUFBSSxFQUNKLG9DQUFvQyxFQUNwQztZQUNFLFFBQVEsRUFBRTtnQkFDUixPQUFPLEVBQUUsV0FBVztnQkFDcEIsTUFBTSxFQUFFLHNCQUFzQjtnQkFDOUIsVUFBVSxFQUFFO29CQUNWLFVBQVUsRUFBRSxDQUFDO2lCQUNkO2dCQUNELGtCQUFrQixFQUFFLGVBQWUsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQ3ZELDRCQUE0QixDQUM3QjthQUNGO1lBQ0QsSUFBSSxFQUFFLElBQUksQ0FBQyxpQkFBaUI7WUFDNUIsWUFBWSxFQUFFLDJCQUEyQjtTQUMxQyxDQUNGLENBQUM7UUFFRixJQUFJLENBQUMsaUJBQWlCLEdBQUcsY0FBYyxDQUFDLGdCQUFnQixDQUN0RCx5QkFBeUIsQ0FDMUIsQ0FBQztRQUNGLElBQUksQ0FBQyxlQUFlLEdBQUcsY0FBYyxDQUFDLGdCQUFnQixDQUNwRCw2QkFBNkIsQ0FDOUIsQ0FBQztRQUNGLElBQUksdUJBQVMsQ0FBQyxJQUFJLEVBQUUseUJBQXlCLEVBQUU7WUFDN0MsR0FBRyxFQUFFLG1CQUFtQjtZQUN4QixLQUFLLEVBQUUsSUFBSSxDQUFDLGlCQUFpQjtZQUM3QixVQUFVLEVBQUUsbUJBQW1CO1NBQ2hDLENBQUMsQ0FBQztRQUNILElBQUksdUJBQVMsQ0FBQyxJQUFJLEVBQUUsdUJBQXVCLEVBQUU7WUFDM0MsR0FBRyxFQUFFLGlCQUFpQjtZQUN0QixLQUFLLEVBQUUsSUFBSSxDQUFDLGVBQWU7WUFDM0IsVUFBVSxFQUFFLGlCQUFpQjtTQUM5QixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRU8sb0JBQW9CLENBQUMsS0FBMEI7UUFDckQsS0FBSyxNQUFNLENBQUMsSUFBSSxFQUFFLE1BQU0sQ0FBQyxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMscUJBQXFCLENBQUMsRUFBRSxDQUFDO1lBQ25FLE1BQU0sS0FBSyxHQUFHLElBQUksc0JBQUssQ0FBQyxJQUFJLEVBQUUsR0FBRyxJQUFJLE9BQU8sRUFBRTtnQkFDNUMsV0FBVyxFQUFFLElBQUk7Z0JBQ2pCLGVBQWUsRUFBRSxJQUFJLENBQUMsZUFBZTtnQkFDckMsV0FBVyxFQUFFLHdCQUF3QixJQUFJLGlCQUFpQjthQUMzRCxDQUFDLENBQUM7WUFFSCxNQUFNLGFBQWEsR0FBRyxJQUFJLDhCQUFhLENBQUMsSUFBSSxFQUFFLGdCQUFnQixJQUFJLEVBQUUsRUFBRTtnQkFDcEUsSUFBSSxFQUFFLElBQUk7Z0JBQ1YsV0FBVyxFQUFFLElBQUksQ0FBQyxpQkFBaUI7Z0JBQ25DLFdBQVcsRUFBRSxNQUFNLENBQUMsV0FBVztnQkFDL0IsZUFBZSxFQUFFLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQztnQkFDaEMsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO2FBQ2pCLENBQUMsQ0FBQztZQUNILGFBQWEsQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBRXhDLElBQUksdUJBQVMsQ0FBQyxJQUFJLEVBQUUsR0FBRyxJQUFJLFNBQVMsRUFBRTtnQkFDcEMsR0FBRyxFQUFFLEdBQUcsSUFBSSxTQUFTO2dCQUNyQixLQUFLLEVBQUUsS0FBSyxDQUFDLFVBQVUsRUFBRTtnQkFDekIsVUFBVSxFQUFFLEdBQUcsSUFBSSxTQUFTO2FBQzdCLENBQUMsQ0FBQztZQUVILEtBQUssTUFBTSxDQUFDLFdBQVcsRUFBRSxTQUFTLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO2dCQUN0RSxNQUFNLFVBQVUsR0FBRyxJQUFJLDJCQUFVLENBQy9CLElBQUksRUFDSixHQUFHLElBQUEscUNBQWlCLEVBQUMsV0FBVyxDQUFDLEdBQUcsSUFBSSxZQUFZLEVBQ3BEO29CQUNFLFdBQVcsRUFBRSxJQUFJLENBQUMsaUJBQWlCO29CQUNuQyxnQkFBZ0IsRUFBRSxhQUFhLENBQUMsbUJBQW1CLEVBQUU7b0JBQ3JELGFBQWEsRUFBRSxPQUFPO29CQUN0QixXQUFXLEVBQUUsS0FBSyxDQUFDLFVBQVUsRUFBRTtvQkFDL0IsVUFBVSxFQUFFLGFBQWE7b0JBQ3pCLFFBQVEsRUFBRSxTQUFTO2lCQUNwQixDQUNGLENBQUM7Z0JBQ0YsVUFBVSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLENBQUM7WUFDL0MsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0NBQ0Y7QUFySEQsd0NBcUhDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY3VzdG9tUmVzb3VyY2VzIGZyb20gXCJhd3MtY2RrLWxpYi9jdXN0b20tcmVzb3VyY2VzXCI7XG5pbXBvcnQgeyB0eXBlIENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQge1xuICBQb2xpY3lEb2N1bWVudCxcbiAgUG9saWN5U3RhdGVtZW50LFxuICBTZXJ2aWNlUHJpbmNpcGFsXG59IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCI7XG5pbXBvcnQgeyBDZm5PdXRwdXQsIE5lc3RlZFN0YWNrLCB0eXBlIE5lc3RlZFN0YWNrUHJvcHMgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7IEF3c0N1c3RvbVJlc291cmNlIH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3MvdXRpbGl0aWVzL2F3c0N1c3RvbVJlc291cmNlXCI7XG5pbXBvcnQgeyB0eXBlIEtleVZhbHVlIH0gZnJvbSBcIi4uLy4uL3R5cGVzXCI7XG5pbXBvcnQgeyBzdHJpcEFuZENhbWVsQ2FzZSB9IGZyb20gXCIuLi8uLi91dGlscy9zdHJpcEFuZENhbWVsQ2FzZVwiO1xuaW1wb3J0IHtcbiAgR3JvdXAsXG4gIFBlcm1pc3Npb25TZXQsXG4gIEFzc2lnbm1lbnRcbn0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3MvaWFtL2lkZW50aXR5Q2VudGVyXCI7XG5pbXBvcnQgeyBNYW5hZ2VkUG9saWN5LCBSb2xlIH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3MvaWFtXCI7XG5cbmludGVyZmFjZSBJZGVudGl0eUNlbnRlclByb3BzIGV4dGVuZHMgTmVzdGVkU3RhY2tQcm9wcyB7XG4gIGFjY291bnRzOiBLZXlWYWx1ZTtcbiAgdGFncz86IEtleVZhbHVlW107XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgUGVybWlzc2lvblNldENvbmZpZyB7XG4gIFBvbGljeTogc3RyaW5nO1xuICBEZXNjcmlwdGlvbj86IHN0cmluZztcbn1cblxuY29uc3QgZGVmYXVsdFBlcm1pc3Npb25TZXRzOiBSZWNvcmQ8c3RyaW5nLCBQZXJtaXNzaW9uU2V0Q29uZmlnPiA9IHtcbiAgQWRtaW5pc3RyYXRvckFjY2Vzczoge1xuICAgIFBvbGljeTogXCJhcm46YXdzOmlhbTo6YXdzOnBvbGljeS9BZG1pbmlzdHJhdG9yQWNjZXNzXCIsXG4gICAgRGVzY3JpcHRpb246IFwiUGVybWlzc2lvbiBzZXQgZm9yIGFzc29jaWF0ZWQgQWRtaW5pc3RyYXRvckFjY2VzcyBwb2xpY3lcIlxuICB9LFxuICBSZWFkT25seUFjY2Vzczoge1xuICAgIFBvbGljeTogXCJhcm46YXdzOmlhbTo6YXdzOnBvbGljeS9SZWFkT25seUFjY2Vzc1wiLFxuICAgIERlc2NyaXB0aW9uOiBcIlBlcm1pc3Npb24gc2V0IGZvciBhc3NvY2lhdGVkIFJlYWRPbmx5QWNjZXNzIHBvbGljeVwiXG4gIH0sXG4gIEJpbGxpbmc6IHtcbiAgICBQb2xpY3k6IFwiYXJuOmF3czppYW06OmF3czpwb2xpY3kvQVdTQmlsbGluZ1JlYWRPbmx5QWNjZXNzXCIsXG4gICAgRGVzY3JpcHRpb246IFwiUGVybWlzc2lvbiBzZXQgZm9yIGFzc29jaWF0ZWQgQmlsbGluZyBwb2xpY3lcIlxuICB9XG59O1xuXG5leHBvcnQgY2xhc3MgSWRlbnRpdHlDZW50ZXIgZXh0ZW5kcyBOZXN0ZWRTdGFjayB7XG4gIHB1YmxpYyBpZGVudGl0eVN0b3JlSWQhOiBzdHJpbmc7XG4gIHB1YmxpYyBpZGVudGl0eUNlbnRlckFybiE6IHN0cmluZztcbiAgcHJpdmF0ZSBsaXN0SW5zdGFuY2VzUm9sZSE6IFJvbGU7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IElkZW50aXR5Q2VudGVyUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHByb3BzKTtcblxuICAgIHRoaXMuY3JlYXRlTGlzdEluc3RhbmNlc1JvbGUoKTtcbiAgICB0aGlzLmxpc3RJZGVudGl0eUNlbnRlckluc3RhbmNlKCk7XG4gICAgdGhpcy5jcmVhdGVQZXJtaXNzaW9uU2V0cyhwcm9wcyk7XG4gIH1cblxuICBwcml2YXRlIGNyZWF0ZUxpc3RJbnN0YW5jZXNSb2xlKCkge1xuICAgIHRoaXMubGlzdEluc3RhbmNlc1JvbGUgPSBuZXcgUm9sZShcbiAgICAgIHRoaXMsXG4gICAgICBcIklkZW50aXR5Q2VudGVyQ3VzdG9tUmVzb3VyY2VSb2xlXCIsXG4gICAgICB7XG4gICAgICAgIGFzc3VtZWRCeTogbmV3IFNlcnZpY2VQcmluY2lwYWwoXCJsYW1iZGEuYW1hem9uYXdzLmNvbVwiKSxcbiAgICAgICAgZGVzY3JpcHRpb246IFwiUm9sZSBmb3IgSWRlbnRpdHkgQ2VudHJlIExpc3RJbnN0YW5jZXMgY3VzdG9tIHJlc291cmNlXCIsXG4gICAgICAgIG1hbmFnZWRQb2xpY2llczogW1xuICAgICAgICAgIE1hbmFnZWRQb2xpY3kuZnJvbUF3c01hbmFnZWRQb2xpY3lOYW1lKFxuICAgICAgICAgICAgXCJzZXJ2aWNlLXJvbGUvQVdTTGFtYmRhQmFzaWNFeGVjdXRpb25Sb2xlXCJcbiAgICAgICAgICApXG4gICAgICAgIF0sXG4gICAgICAgIGlubGluZVBvbGljaWVzOiB7XG4gICAgICAgICAgSWRlbnRpdHlDZW50ZXJMaXN0SW5zdGFuY2VzUG9saWN5OiBuZXcgUG9saWN5RG9jdW1lbnQoe1xuICAgICAgICAgICAgc3RhdGVtZW50czogW1xuICAgICAgICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICAgICAgICBhY3Rpb25zOiBbXCJzc286TGlzdEluc3RhbmNlc1wiXSxcbiAgICAgICAgICAgICAgICByZXNvdXJjZXM6IFtcIipcIl1cbiAgICAgICAgICAgICAgfSlcbiAgICAgICAgICAgIF1cbiAgICAgICAgICB9KVxuICAgICAgICB9XG4gICAgICB9XG4gICAgKTtcbiAgfVxuXG4gIHByaXZhdGUgbGlzdElkZW50aXR5Q2VudGVySW5zdGFuY2UoKSB7XG4gICAgY29uc3QgY3VzdG9tUmVzb3VyY2UgPSBuZXcgQXdzQ3VzdG9tUmVzb3VyY2UoXG4gICAgICB0aGlzLFxuICAgICAgXCJMaXN0SWRlbnRpdHlDZW50ZXJJbnN0YW5jZVJlc291cmNlXCIsXG4gICAgICB7XG4gICAgICAgIG9uQ3JlYXRlOiB7XG4gICAgICAgICAgc2VydmljZTogXCJzc28tYWRtaW5cIixcbiAgICAgICAgICBhY3Rpb246IFwiTGlzdEluc3RhbmNlc0NvbW1hbmRcIixcbiAgICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgICBNYXhSZXN1bHRzOiAxXG4gICAgICAgICAgfSxcbiAgICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IGN1c3RvbVJlc291cmNlcy5QaHlzaWNhbFJlc291cmNlSWQub2YoXG4gICAgICAgICAgICBcImxpc3RJZGVudGl0eUNlbnRlckluc3RhbmNlXCJcbiAgICAgICAgICApXG4gICAgICAgIH0sXG4gICAgICAgIHJvbGU6IHRoaXMubGlzdEluc3RhbmNlc1JvbGUsXG4gICAgICAgIHJlc291cmNlVHlwZTogXCJDdXN0b206OklhbUlkZW50aXR5Q2VudGVyXCJcbiAgICAgIH1cbiAgICApO1xuXG4gICAgdGhpcy5pZGVudGl0eUNlbnRlckFybiA9IGN1c3RvbVJlc291cmNlLmdldFJlc3BvbnNlRmllbGQoXG4gICAgICBcIkluc3RhbmNlcy4wLkluc3RhbmNlQXJuXCJcbiAgICApO1xuICAgIHRoaXMuaWRlbnRpdHlTdG9yZUlkID0gY3VzdG9tUmVzb3VyY2UuZ2V0UmVzcG9uc2VGaWVsZChcbiAgICAgIFwiSW5zdGFuY2VzLjAuSWRlbnRpdHlTdG9yZUlkXCJcbiAgICApO1xuICAgIG5ldyBDZm5PdXRwdXQodGhpcywgXCJJZGVudGl0eUNlbnRlckFybk91dHB1dFwiLCB7XG4gICAgICBrZXk6IFwiaWRlbnRpdHlDZW50ZXJBcm5cIixcbiAgICAgIHZhbHVlOiB0aGlzLmlkZW50aXR5Q2VudGVyQXJuLFxuICAgICAgZXhwb3J0TmFtZTogXCJpZGVudGl0eUNlbnRlckFyblwiXG4gICAgfSk7XG4gICAgbmV3IENmbk91dHB1dCh0aGlzLCBcIklkZW50aXR5U3RvcmVJZE91dHB1dFwiLCB7XG4gICAgICBrZXk6IFwiaWRlbnRpdHlTdG9yZUlEXCIsXG4gICAgICB2YWx1ZTogdGhpcy5pZGVudGl0eVN0b3JlSWQsXG4gICAgICBleHBvcnROYW1lOiBcImlkZW50aXR5U3RvcmVJZFwiXG4gICAgfSk7XG4gIH1cblxuICBwcml2YXRlIGNyZWF0ZVBlcm1pc3Npb25TZXRzKHByb3BzOiBJZGVudGl0eUNlbnRlclByb3BzKSB7XG4gICAgZm9yIChjb25zdCBbbmFtZSwgY29uZmlnXSBvZiBPYmplY3QuZW50cmllcyhkZWZhdWx0UGVybWlzc2lvblNldHMpKSB7XG4gICAgICBjb25zdCBncm91cCA9IG5ldyBHcm91cCh0aGlzLCBgJHtuYW1lfUdyb3VwYCwge1xuICAgICAgICBkaXNwbGF5TmFtZTogbmFtZSxcbiAgICAgICAgaWRlbnRpdHlTdG9yZUlkOiB0aGlzLmlkZW50aXR5U3RvcmVJZCxcbiAgICAgICAgZGVzY3JpcHRpb246IGBHcm91cCBmb3IgYXNzb2NpYXRlZCAke25hbWV9IHBlcm1pc3Npb24gc2V0YFxuICAgICAgfSk7XG5cbiAgICAgIGNvbnN0IHBlcm1pc3Npb25TZXQgPSBuZXcgUGVybWlzc2lvblNldCh0aGlzLCBgUGVybWlzc2lvblNldCR7bmFtZX1gLCB7XG4gICAgICAgIG5hbWU6IG5hbWUsXG4gICAgICAgIGluc3RhbmNlQXJuOiB0aGlzLmlkZW50aXR5Q2VudGVyQXJuLFxuICAgICAgICBkZXNjcmlwdGlvbjogY29uZmlnLkRlc2NyaXB0aW9uLFxuICAgICAgICBtYW5hZ2VkUG9saWNpZXM6IFtjb25maWcuUG9saWN5XSxcbiAgICAgICAgdGFnczogcHJvcHMudGFnc1xuICAgICAgfSk7XG4gICAgICBwZXJtaXNzaW9uU2V0Lm5vZGUuYWRkRGVwZW5kZW5jeShncm91cCk7XG5cbiAgICAgIG5ldyBDZm5PdXRwdXQodGhpcywgYCR7bmFtZX1Hcm91cElkYCwge1xuICAgICAgICBrZXk6IGAke25hbWV9R3JvdXBJZGAsXG4gICAgICAgIHZhbHVlOiBncm91cC5nZXRHcm91cElkKCksXG4gICAgICAgIGV4cG9ydE5hbWU6IGAke25hbWV9R3JvdXBJZGBcbiAgICAgIH0pO1xuXG4gICAgICBmb3IgKGNvbnN0IFthY2NvdW50TmFtZSwgYWNjb3VudElkXSBvZiBPYmplY3QuZW50cmllcyhwcm9wcy5hY2NvdW50cykpIHtcbiAgICAgICAgY29uc3QgYXNzaWdubWVudCA9IG5ldyBBc3NpZ25tZW50KFxuICAgICAgICAgIHRoaXMsXG4gICAgICAgICAgYCR7c3RyaXBBbmRDYW1lbENhc2UoYWNjb3VudE5hbWUpfSR7bmFtZX1Bc3NpZ25tZW50YCxcbiAgICAgICAgICB7XG4gICAgICAgICAgICBpbnN0YW5jZUFybjogdGhpcy5pZGVudGl0eUNlbnRlckFybixcbiAgICAgICAgICAgIHBlcm1pc3Npb25TZXRBcm46IHBlcm1pc3Npb25TZXQuZ2V0UGVybWlzc2lvblNldEFybigpLFxuICAgICAgICAgICAgcHJpbmNpcGFsVHlwZTogXCJHUk9VUFwiLFxuICAgICAgICAgICAgcHJpbmNpcGFsSWQ6IGdyb3VwLmdldEdyb3VwSWQoKSxcbiAgICAgICAgICAgIHRhcmdldFR5cGU6IFwiQVdTX0FDQ09VTlRcIixcbiAgICAgICAgICAgIHRhcmdldElkOiBhY2NvdW50SWRcbiAgICAgICAgICB9XG4gICAgICAgICk7XG4gICAgICAgIGFzc2lnbm1lbnQubm9kZS5hZGREZXBlbmRlbmN5KHBlcm1pc3Npb25TZXQpO1xuICAgICAgfVxuICAgIH1cbiAgfVxufVxuIl19

package/dist/lib/config/aws/identityCenterGroupMembership.js

@@ -1,21 +1,18 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.IdentityCenterGroupMembership = void 0;
-const aws_cdk_lib_1 = require("aws-cdk-lib");
-const customResources = require("aws-cdk-lib/custom-resources");
-const awsCustomResource_1 = require("../../resources/aws/utilities/awsCustomResource");
+import { Fn, NestedStack } from "aws-cdk-lib";
+import * as customResources from "aws-cdk-lib/custom-resources";
+import { AwsCustomResource } from "../../resources/aws/utilities/awsCustomResource.js";
 const IDENTITY_STORE_SERVICE = "identityStore";
 const IDENTITY_CENTER_USERS_RESOURCE_TYPE = "Custom::IdentityCenterUsers";
 // TODO: This requires a deletion and recreation to update
-class IdentityCenterGroupMembership extends aws_cdk_lib_1.NestedStack {
+export class IdentityCenterGroupMembership extends NestedStack {
     constructor(scope, id, props) {
         super(scope, id);
-        const identityStoreId = aws_cdk_lib_1.Fn.importValue("identityStoreId");
-        const groupId = aws_cdk_lib_1.Fn.importValue(`${props.groupName}GroupId`);
+        const identityStoreId = Fn.importValue("identityStoreId");
+        const groupId = Fn.importValue(`${props.groupName}GroupId`);
         for (const member of props.groupMembers) {
-            const memberGroup = member
-                .split("@")[0]
+            const memberSuffix = (member.split("@")[0] ?? member)
                 .split(/[^a-zA-Z0-9]/)
+                .filter((part) => part.length > 0)
                 .map((part) => part.charAt(0).toUpperCase() + part.slice(1))
                 .join("") +
                 props.groupName.charAt(0).toUpperCase() +
@@ -32,14 +29,14 @@ class IdentityCenterGroupMembership extends aws_cdk_lib_1.NestedStack {
                         }
                     ]
                 },
-                physicalResourceId: customResources.PhysicalResourceId.of(`listUsers${memberGroup}`)
+                physicalResourceId: customResources.PhysicalResourceId.of(`listUsers${memberSuffix}`)
             };
-            const listUser = new awsCustomResource_1.AwsCustomResource(this, `ListUsersResource${memberGroup}`, {
+            const listUser = new AwsCustomResource(this, `ListUsersResource${memberSuffix}`, {
                 onCreate: listUsersCall,
                 onUpdate: listUsersCall
             });
             const userId = listUser.getResponseField("Users.0.UserId");
-            const groupMembershipId = new awsCustomResource_1.AwsCustomResource(this, `CreateGroupMembershipResource${memberGroup}`, {
+            const groupMembershipId = new AwsCustomResource(this, `CreateGroupMembershipResource${memberSuffix}`, {
                 onCreate: {
                     service: IDENTITY_STORE_SERVICE,
                     action: "createGroupMembership",
@@ -50,11 +47,11 @@ class IdentityCenterGroupMembership extends aws_cdk_lib_1.NestedStack {
                             UserId: userId
                         }
                     },
-                    physicalResourceId: customResources.PhysicalResourceId.of(`createGroupMembership${memberGroup}`)
+                    physicalResourceId: customResources.PhysicalResourceId.of(`createGroupMembership${memberSuffix}`)
                 },
                 resourceType: IDENTITY_CENTER_USERS_RESOURCE_TYPE
             });
-            const refreshMembership = new awsCustomResource_1.AwsCustomResource(this, `RefreshMembershipResource${memberGroup}`, {
+            const refreshMembership = new AwsCustomResource(this, `RefreshMembershipResource${memberSuffix}`, {
                 onUpdate: {
                     service: IDENTITY_STORE_SERVICE,
                     action: "deleteGroupMembership",
@@ -62,11 +59,11 @@ class IdentityCenterGroupMembership extends aws_cdk_lib_1.NestedStack {
                         IdentityStoreId: identityStoreId,
                         MembershipId: groupMembershipId.getResponseField("MembershipId")
                     },
-                    physicalResourceId: customResources.PhysicalResourceId.of(`refreshGroupMembership${memberGroup}`)
+                    physicalResourceId: customResources.PhysicalResourceId.of(`refreshGroupMembership${memberSuffix}`)
                 },
                 resourceType: IDENTITY_CENTER_USERS_RESOURCE_TYPE
             });
-            const recreateMembership = new awsCustomResource_1.AwsCustomResource(this, `RecreateGroupMembershipResource${memberGroup}`, {
+            const recreateMembership = new AwsCustomResource(this, `RecreateGroupMembershipResource${memberSuffix}`, {
                 onUpdate: {
                     service: IDENTITY_STORE_SERVICE,
                     action: "createGroupMembership",
@@ -77,12 +74,12 @@ class IdentityCenterGroupMembership extends aws_cdk_lib_1.NestedStack {
                             UserId: userId
                         }
                     },
-                    physicalResourceId: customResources.PhysicalResourceId.of(`recreateGroupMembership${memberGroup}`)
+                    physicalResourceId: customResources.PhysicalResourceId.of(`recreateGroupMembership${memberSuffix}`)
                 },
                 resourceType: IDENTITY_CENTER_USERS_RESOURCE_TYPE
             });
             refreshMembership.node.addDependency(recreateMembership);
-            new awsCustomResource_1.AwsCustomResource(this, `DeleteGroupMembershipResource${memberGroup}`, {
+            const deleteMembership = new AwsCustomResource(this, `DeleteGroupMembershipResource${memberSuffix}`, {
                 onDelete: {
                     service: IDENTITY_STORE_SERVICE,
                     action: "deleteGroupMembership",
@@ -93,8 +90,7 @@ class IdentityCenterGroupMembership extends aws_cdk_lib_1.NestedStack {
                 },
                 resourceType: IDENTITY_CENTER_USERS_RESOURCE_TYPE
             });
+            deleteMembership.node.addDependency(groupMembershipId);
         }
     }
 }
-exports.IdentityCenterGroupMembership = IdentityCenterGroupMembership;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaWRlbnRpdHlDZW50ZXJHcm91cE1lbWJlcnNoaXAuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9pZGVudGl0eUNlbnRlckdyb3VwTWVtYmVyc2hpcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBK0Q7QUFDL0QsZ0VBQWdFO0FBQ2hFLHVGQUFvRjtBQVFwRixNQUFNLHNCQUFzQixHQUFHLGVBQWUsQ0FBQztBQUMvQyxNQUFNLG1DQUFtQyxHQUFHLDZCQUE2QixDQUFDO0FBRTFFLDBEQUEwRDtBQUMxRCxNQUFhLDZCQUE4QixTQUFRLHlCQUFXO0lBQzVELFlBQ0UsS0FBZ0IsRUFDaEIsRUFBVSxFQUNWLEtBQXlDO1FBRXpDLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsTUFBTSxlQUFlLEdBQUcsZ0JBQUUsQ0FBQyxXQUFXLENBQUMsaUJBQWlCLENBQUMsQ0FBQztRQUMxRCxNQUFNLE9BQU8sR0FBRyxnQkFBRSxDQUFDLFdBQVcsQ0FBQyxHQUFHLEtBQUssQ0FBQyxTQUFTLFNBQVMsQ0FBQyxDQUFDO1FBRTVELEtBQUssTUFBTSxNQUFNLElBQUksS0FBSyxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ3hDLE1BQU0sV0FBVyxHQUNmLE1BQU07aUJBQ0gsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQztpQkFDYixLQUFLLENBQUMsY0FBYyxDQUFDO2lCQUNyQixHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsV0FBVyxFQUFFLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztpQkFDM0QsSUFBSSxDQUFDLEVBQUUsQ0FBQztnQkFDWCxLQUFLLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxXQUFXLEVBQUU7Z0JBQ3ZDLEtBQUssQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBRTNCLE1BQU0sYUFBYSxHQUFHO2dCQUNwQixPQUFPLEVBQUUsc0JBQXNCO2dCQUMvQixNQUFNLEVBQUUsV0FBVztnQkFDbkIsVUFBVSxFQUFFO29CQUNWLGVBQWUsRUFBRSxlQUFlO29CQUNoQyxPQUFPLEVBQUU7d0JBQ1A7NEJBQ0UsYUFBYSxFQUFFLFVBQVU7NEJBQ3pCLGNBQWMsRUFBRSxNQUFNO3lCQUN2QjtxQkFDRjtpQkFDRjtnQkFDRCxrQkFBa0IsRUFBRSxlQUFlLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUN2RCxZQUFZLFdBQVcsRUFBRSxDQUMxQjthQUNGLENBQUM7WUFFRixNQUFNLFFBQVEsR0FBRyxJQUFJLHFDQUFpQixDQUNwQyxJQUFJLEVBQ0osb0JBQW9CLFdBQVcsRUFBRSxFQUNqQztnQkFDRSxRQUFRLEVBQUUsYUFBYTtnQkFDdkIsUUFBUSxFQUFFLGFBQWE7YUFDeEIsQ0FDRixDQUFDO1lBRUYsTUFBTSxNQUFNLEdBQUcsUUFBUSxDQUFDLGdCQUFnQixDQUFDLGdCQUFnQixDQUFDLENBQUM7WUFFM0QsTUFBTSxpQkFBaUIsR0FBRyxJQUFJLHFDQUFpQixDQUM3QyxJQUFJLEVBQ0osZ0NBQWdDLFdBQVcsRUFBRSxFQUM3QztnQkFDRSxRQUFRLEVBQUU7b0JBQ1IsT0FBTyxFQUFFLHNCQUFzQjtvQkFDL0IsTUFBTSxFQUFFLHVCQUF1QjtvQkFDL0IsVUFBVSxFQUFFO3dCQUNWLE9BQU8sRUFBRSxPQUFPO3dCQUNoQixlQUFlLEVBQUUsZUFBZTt3QkFDaEMsUUFBUSxFQUFFOzRCQUNSLE1BQU0sRUFBRSxNQUFNO3lCQUNmO3FCQUNGO29CQUNELGtCQUFrQixFQUFFLGVBQWUsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQ3ZELHdCQUF3QixXQUFXLEVBQUUsQ0FDdEM7aUJBQ0Y7Z0JBQ0QsWUFBWSxFQUFFLG1DQUFtQzthQUNsRCxDQUNGLENBQUM7WUFFRixNQUFNLGlCQUFpQixHQUFHLElBQUkscUNBQWlCLENBQzdDLElBQUksRUFDSiw0QkFBNEIsV0FBVyxFQUFFLEVBQ3pDO2dCQUNFLFFBQVEsRUFBRTtvQkFDUixPQUFPLEVBQUUsc0JBQXNCO29CQUMvQixNQUFNLEVBQUUsdUJBQXVCO29CQUMvQixVQUFVLEVBQUU7d0JBQ1YsZUFBZSxFQUFFLGVBQWU7d0JBQ2hDLFlBQVksRUFBRSxpQkFBaUIsQ0FBQyxnQkFBZ0IsQ0FBQyxjQUFjLENBQUM7cUJBQ2pFO29CQUNELGtCQUFrQixFQUFFLGVBQWUsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQ3ZELHlCQUF5QixXQUFXLEVBQUUsQ0FDdkM7aUJBQ0Y7Z0JBQ0QsWUFBWSxFQUFFLG1DQUFtQzthQUNsRCxDQUNGLENBQUM7WUFFRixNQUFNLGtCQUFrQixHQUFHLElBQUkscUNBQWlCLENBQzlDLElBQUksRUFDSixrQ0FBa0MsV0FBVyxFQUFFLEVBQy9DO2dCQUNFLFFBQVEsRUFBRTtvQkFDUixPQUFPLEVBQUUsc0JBQXNCO29CQUMvQixNQUFNLEVBQUUsdUJBQXVCO29CQUMvQixVQUFVLEVBQUU7d0JBQ1YsT0FBTyxFQUFFLE9BQU87d0JBQ2hCLGVBQWUsRUFBRSxlQUFlO3dCQUNoQyxRQUFRLEVBQUU7NEJBQ1IsTUFBTSxFQUFFLE1BQU07eUJBQ2Y7cUJBQ0Y7b0JBQ0Qsa0JBQWtCLEVBQUUsZUFBZSxDQUFDLGtCQUFrQixDQUFDLEVBQUUsQ0FDdkQsMEJBQTBCLFdBQVcsRUFBRSxDQUN4QztpQkFDRjtnQkFDRCxZQUFZLEVBQUUsbUNBQW1DO2FBQ2xELENBQ0YsQ0FBQztZQUVGLGlCQUFpQixDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsa0JBQWtCLENBQUMsQ0FBQztZQUV6RCxJQUFJLHFDQUFpQixDQUNuQixJQUFJLEVBQ0osZ0NBQWdDLFdBQVcsRUFBRSxFQUM3QztnQkFDRSxRQUFRLEVBQUU7b0JBQ1IsT0FBTyxFQUFFLHNCQUFzQjtvQkFDL0IsTUFBTSxFQUFFLHVCQUF1QjtvQkFDL0IsVUFBVSxFQUFFO3dCQUNWLGVBQWUsRUFBRSxlQUFlO3dCQUNoQyxZQUFZLEVBQUUsaUJBQWlCLENBQUMsZ0JBQWdCLENBQUMsY0FBYyxDQUFDO3FCQUNqRTtpQkFDRjtnQkFDRCxZQUFZLEVBQUUsbUNBQW1DO2FBQ2xELENBQ0YsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0NBQ0Y7QUFuSUQsc0VBbUlDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgRm4sIE5lc3RlZFN0YWNrLCB0eXBlIFN0YWNrUHJvcHMgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCAqIGFzIGN1c3RvbVJlc291cmNlcyBmcm9tIFwiYXdzLWNkay1saWIvY3VzdG9tLXJlc291cmNlc1wiO1xuaW1wb3J0IHsgQXdzQ3VzdG9tUmVzb3VyY2UgfSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzL2F3cy91dGlsaXRpZXMvYXdzQ3VzdG9tUmVzb3VyY2VcIjtcbmltcG9ydCB7IHR5cGUgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcblxuaW50ZXJmYWNlIElkZW50aXR5Q2VudGVyR3JvdXBNZW1iZXJzaGlwUHJvcHMgZXh0ZW5kcyBTdGFja1Byb3BzIHtcbiAgZ3JvdXBOYW1lOiBzdHJpbmc7XG4gIGdyb3VwTWVtYmVyczogc3RyaW5nW107XG59XG5cbmNvbnN0IElERU5USVRZX1NUT1JFX1NFUlZJQ0UgPSBcImlkZW50aXR5U3RvcmVcIjtcbmNvbnN0IElERU5USVRZX0NFTlRFUl9VU0VSU19SRVNPVVJDRV9UWVBFID0gXCJDdXN0b206OklkZW50aXR5Q2VudGVyVXNlcnNcIjtcblxuLy8gVE9ETzogVGhpcyByZXF1aXJlcyBhIGRlbGV0aW9uIGFuZCByZWNyZWF0aW9uIHRvIHVwZGF0ZVxuZXhwb3J0IGNsYXNzIElkZW50aXR5Q2VudGVyR3JvdXBNZW1iZXJzaGlwIGV4dGVuZHMgTmVzdGVkU3RhY2sge1xuICBjb25zdHJ1Y3RvcihcbiAgICBzY29wZTogQ29uc3RydWN0LFxuICAgIGlkOiBzdHJpbmcsXG4gICAgcHJvcHM6IElkZW50aXR5Q2VudGVyR3JvdXBNZW1iZXJzaGlwUHJvcHNcbiAgKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IGlkZW50aXR5U3RvcmVJZCA9IEZuLmltcG9ydFZhbHVlKFwiaWRlbnRpdHlTdG9yZUlkXCIpO1xuICAgIGNvbnN0IGdyb3VwSWQgPSBGbi5pbXBvcnRWYWx1ZShgJHtwcm9wcy5ncm91cE5hbWV9R3JvdXBJZGApO1xuXG4gICAgZm9yIChjb25zdCBtZW1iZXIgb2YgcHJvcHMuZ3JvdXBNZW1iZXJzKSB7XG4gICAgICBjb25zdCBtZW1iZXJHcm91cCA9XG4gICAgICAgIG1lbWJlclxuICAgICAgICAgIC5zcGxpdChcIkBcIilbMF1cbiAgICAgICAgICAuc3BsaXQoL1teYS16QS1aMC05XS8pXG4gICAgICAgICAgLm1hcCgocGFydCkgPT4gcGFydC5jaGFyQXQoMCkudG9VcHBlckNhc2UoKSArIHBhcnQuc2xpY2UoMSkpXG4gICAgICAgICAgLmpvaW4oXCJcIikgK1xuICAgICAgICBwcm9wcy5ncm91cE5hbWUuY2hhckF0KDApLnRvVXBwZXJDYXNlKCkgK1xuICAgICAgICBwcm9wcy5ncm91cE5hbWUuc2xpY2UoMSk7XG5cbiAgICAgIGNvbnN0IGxpc3RVc2Vyc0NhbGwgPSB7XG4gICAgICAgIHNlcnZpY2U6IElERU5USVRZX1NUT1JFX1NFUlZJQ0UsXG4gICAgICAgIGFjdGlvbjogXCJsaXN0VXNlcnNcIixcbiAgICAgICAgcGFyYW1ldGVyczoge1xuICAgICAgICAgIElkZW50aXR5U3RvcmVJZDogaWRlbnRpdHlTdG9yZUlkLFxuICAgICAgICAgIEZpbHRlcnM6IFtcbiAgICAgICAgICAgIHtcbiAgICAgICAgICAgICAgQXR0cmlidXRlUGF0aDogXCJVc2VyTmFtZVwiLFxuICAgICAgICAgICAgICBBdHRyaWJ1dGVWYWx1ZTogbWVtYmVyXG4gICAgICAgICAgICB9XG4gICAgICAgICAgXVxuICAgICAgICB9LFxuICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IGN1c3RvbVJlc291cmNlcy5QaHlzaWNhbFJlc291cmNlSWQub2YoXG4gICAgICAgICAgYGxpc3RVc2VycyR7bWVtYmVyR3JvdXB9YFxuICAgICAgICApXG4gICAgICB9O1xuXG4gICAgICBjb25zdCBsaXN0VXNlciA9IG5ldyBBd3NDdXN0b21SZXNvdXJjZShcbiAgICAgICAgdGhpcyxcbiAgICAgICAgYExpc3RVc2Vyc1Jlc291cmNlJHttZW1iZXJHcm91cH1gLFxuICAgICAgICB7XG4gICAgICAgICAgb25DcmVhdGU6IGxpc3RVc2Vyc0NhbGwsXG4gICAgICAgICAgb25VcGRhdGU6IGxpc3RVc2Vyc0NhbGxcbiAgICAgICAgfVxuICAgICAgKTtcblxuICAgICAgY29uc3QgdXNlcklkID0gbGlzdFVzZXIuZ2V0UmVzcG9uc2VGaWVsZChcIlVzZXJzLjAuVXNlcklkXCIpO1xuXG4gICAgICBjb25zdCBncm91cE1lbWJlcnNoaXBJZCA9IG5ldyBBd3NDdXN0b21SZXNvdXJjZShcbiAgICAgICAgdGhpcyxcbiAgICAgICAgYENyZWF0ZUdyb3VwTWVtYmVyc2hpcFJlc291cmNlJHttZW1iZXJHcm91cH1gLFxuICAgICAgICB7XG4gICAgICAgICAgb25DcmVhdGU6IHtcbiAgICAgICAgICAgIHNlcnZpY2U6IElERU5USVRZX1NUT1JFX1NFUlZJQ0UsXG4gICAgICAgICAgICBhY3Rpb246IFwiY3JlYXRlR3JvdXBNZW1iZXJzaGlwXCIsXG4gICAgICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgICAgIEdyb3VwSWQ6IGdyb3VwSWQsXG4gICAgICAgICAgICAgIElkZW50aXR5U3RvcmVJZDogaWRlbnRpdHlTdG9yZUlkLFxuICAgICAgICAgICAgICBNZW1iZXJJZDoge1xuICAgICAgICAgICAgICAgIFVzZXJJZDogdXNlcklkXG4gICAgICAgICAgICAgIH1cbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IGN1c3RvbVJlc291cmNlcy5QaHlzaWNhbFJlc291cmNlSWQub2YoXG4gICAgICAgICAgICAgIGBjcmVhdGVHcm91cE1lbWJlcnNoaXAke21lbWJlckdyb3VwfWBcbiAgICAgICAgICAgIClcbiAgICAgICAgICB9LFxuICAgICAgICAgIHJlc291cmNlVHlwZTogSURFTlRJVFlfQ0VOVEVSX1VTRVJTX1JFU09VUkNFX1RZUEVcbiAgICAgICAgfVxuICAgICAgKTtcblxuICAgICAgY29uc3QgcmVmcmVzaE1lbWJlcnNoaXAgPSBuZXcgQXdzQ3VzdG9tUmVzb3VyY2UoXG4gICAgICAgIHRoaXMsXG4gICAgICAgIGBSZWZyZXNoTWVtYmVyc2hpcFJlc291cmNlJHttZW1iZXJHcm91cH1gLFxuICAgICAgICB7XG4gICAgICAgICAgb25VcGRhdGU6IHtcbiAgICAgICAgICAgIHNlcnZpY2U6IElERU5USVRZX1NUT1JFX1NFUlZJQ0UsXG4gICAgICAgICAgICBhY3Rpb246IFwiZGVsZXRlR3JvdXBNZW1iZXJzaGlwXCIsXG4gICAgICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgICAgIElkZW50aXR5U3RvcmVJZDogaWRlbnRpdHlTdG9yZUlkLFxuICAgICAgICAgICAgICBNZW1iZXJzaGlwSWQ6IGdyb3VwTWVtYmVyc2hpcElkLmdldFJlc3BvbnNlRmllbGQoXCJNZW1iZXJzaGlwSWRcIilcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IGN1c3RvbVJlc291cmNlcy5QaHlzaWNhbFJlc291cmNlSWQub2YoXG4gICAgICAgICAgICAgIGByZWZyZXNoR3JvdXBNZW1iZXJzaGlwJHttZW1iZXJHcm91cH1gXG4gICAgICAgICAgICApXG4gICAgICAgICAgfSxcbiAgICAgICAgICByZXNvdXJjZVR5cGU6IElERU5USVRZX0NFTlRFUl9VU0VSU19SRVNPVVJDRV9UWVBFXG4gICAgICAgIH1cbiAgICAgICk7XG5cbiAgICAgIGNvbnN0IHJlY3JlYXRlTWVtYmVyc2hpcCA9IG5ldyBBd3NDdXN0b21SZXNvdXJjZShcbiAgICAgICAgdGhpcyxcbiAgICAgICAgYFJlY3JlYXRlR3JvdXBNZW1iZXJzaGlwUmVzb3VyY2Uke21lbWJlckdyb3VwfWAsXG4gICAgICAgIHtcbiAgICAgICAgICBvblVwZGF0ZToge1xuICAgICAgICAgICAgc2VydmljZTogSURFTlRJVFlfU1RPUkVfU0VSVklDRSxcbiAgICAgICAgICAgIGFjdGlvbjogXCJjcmVhdGVHcm91cE1lbWJlcnNoaXBcIixcbiAgICAgICAgICAgIHBhcmFtZXRlcnM6IHtcbiAgICAgICAgICAgICAgR3JvdXBJZDogZ3JvdXBJZCxcbiAgICAgICAgICAgICAgSWRlbnRpdHlTdG9yZUlkOiBpZGVudGl0eVN0b3JlSWQsXG4gICAgICAgICAgICAgIE1lbWJlcklkOiB7XG4gICAgICAgICAgICAgICAgVXNlcklkOiB1c2VySWRcbiAgICAgICAgICAgICAgfVxuICAgICAgICAgICAgfSxcbiAgICAgICAgICAgIHBoeXNpY2FsUmVzb3VyY2VJZDogY3VzdG9tUmVzb3VyY2VzLlBoeXNpY2FsUmVzb3VyY2VJZC5vZihcbiAgICAgICAgICAgICAgYHJlY3JlYXRlR3JvdXBNZW1iZXJzaGlwJHttZW1iZXJHcm91cH1gXG4gICAgICAgICAgICApXG4gICAgICAgICAgfSxcbiAgICAgICAgICByZXNvdXJjZVR5cGU6IElERU5USVRZX0NFTlRFUl9VU0VSU19SRVNPVVJDRV9UWVBFXG4gICAgICAgIH1cbiAgICAgICk7XG5cbiAgICAgIHJlZnJlc2hNZW1iZXJzaGlwLm5vZGUuYWRkRGVwZW5kZW5jeShyZWNyZWF0ZU1lbWJlcnNoaXApO1xuXG4gICAgICBuZXcgQXdzQ3VzdG9tUmVzb3VyY2UoXG4gICAgICAgIHRoaXMsXG4gICAgICAgIGBEZWxldGVHcm91cE1lbWJlcnNoaXBSZXNvdXJjZSR7bWVtYmVyR3JvdXB9YCxcbiAgICAgICAge1xuICAgICAgICAgIG9uRGVsZXRlOiB7XG4gICAgICAgICAgICBzZXJ2aWNlOiBJREVOVElUWV9TVE9SRV9TRVJWSUNFLFxuICAgICAgICAgICAgYWN0aW9uOiBcImRlbGV0ZUdyb3VwTWVtYmVyc2hpcFwiLFxuICAgICAgICAgICAgcGFyYW1ldGVyczoge1xuICAgICAgICAgICAgICBJZGVudGl0eVN0b3JlSWQ6IGlkZW50aXR5U3RvcmVJZCxcbiAgICAgICAgICAgICAgTWVtYmVyc2hpcElkOiBncm91cE1lbWJlcnNoaXBJZC5nZXRSZXNwb25zZUZpZWxkKFwiTWVtYmVyc2hpcElkXCIpXG4gICAgICAgICAgICB9XG4gICAgICAgICAgfSxcbiAgICAgICAgICByZXNvdXJjZVR5cGU6IElERU5USVRZX0NFTlRFUl9VU0VSU19SRVNPVVJDRV9UWVBFXG4gICAgICAgIH1cbiAgICAgICk7XG4gICAgfVxuICB9XG59XG4iXX0=

package/dist/lib/config/aws/index.d.ts

@@ -1,8 +1,19 @@
-export * from "./identityCenter";
-export * from "./ipam";
-export * from "./ecrDefaultImage";
-export * from "./eventBus";
-export * from "./oidcConnector";
-export * from "./platform";
-export * from "./accountMonitoringRole";
-export * from "./accountAuditRole";
+export * from "./identityCenter.js";
+export * from "./ipam.js";
+export * from "./ecrDefaultImage.js";
+export * from "./eventBus.js";
+export * from "./oidcConnector.js";
+export * from "./platform.js";
+export * from "./accountMonitoringRole.js";
+export * from "./accountAuditRole.js";
+export * from "./s3BlockPublicAccess.js";
+export * from "./ebsDefaultEncryption.js";
+export * from "./securityServicesAdmin.js";
+export * from "./configRulePreset.js";
+export * from "./guardDutyDetector.js";
+export * from "./accessAnalyser.js";
+export * from "./securityHubHub.js";
+export * from "./configRecorder.js";
+export * from "./inspectorEnablement.js";
+export * from "./scpPreset.js";
+export * from "./alarmTopic.js";

package/dist/lib/config/aws/index.js

@@ -1,25 +1,19 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./identityCenter"), exports);
-__exportStar(require("./ipam"), exports);
-__exportStar(require("./ecrDefaultImage"), exports);
-__exportStar(require("./eventBus"), exports);
-__exportStar(require("./oidcConnector"), exports);
-__exportStar(require("./platform"), exports);
-__exportStar(require("./accountMonitoringRole"), exports);
-__exportStar(require("./accountAuditRole"), exports);
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsbURBQWlDO0FBQ2pDLHlDQUF1QjtBQUN2QixvREFBa0M7QUFDbEMsNkNBQTJCO0FBQzNCLGtEQUFnQztBQUNoQyw2Q0FBMkI7QUFDM0IsMERBQXdDO0FBQ3hDLHFEQUFtQyIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCAqIGZyb20gXCIuL2lkZW50aXR5Q2VudGVyXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9pcGFtXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9lY3JEZWZhdWx0SW1hZ2VcIjtcbmV4cG9ydCAqIGZyb20gXCIuL2V2ZW50QnVzXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9vaWRjQ29ubmVjdG9yXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9wbGF0Zm9ybVwiO1xuZXhwb3J0ICogZnJvbSBcIi4vYWNjb3VudE1vbml0b3JpbmdSb2xlXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9hY2NvdW50QXVkaXRSb2xlXCI7XG4iXX0=
+export * from "./identityCenter.js";
+export * from "./ipam.js";
+export * from "./ecrDefaultImage.js";
+export * from "./eventBus.js";
+export * from "./oidcConnector.js";
+export * from "./platform.js";
+export * from "./accountMonitoringRole.js";
+export * from "./accountAuditRole.js";
+export * from "./s3BlockPublicAccess.js";
+export * from "./ebsDefaultEncryption.js";
+export * from "./securityServicesAdmin.js";
+export * from "./configRulePreset.js";
+export * from "./guardDutyDetector.js";
+export * from "./accessAnalyser.js";
+export * from "./securityHubHub.js";
+export * from "./configRecorder.js";
+export * from "./inspectorEnablement.js";
+export * from "./scpPreset.js";
+export * from "./alarmTopic.js";

package/dist/lib/config/aws/inspectorEnablement.d.ts

@@ -0,0 +1,9 @@
+import { Construct } from "constructs";
+/**
+ * Enables Inspector v2 for the account via Custom Resource.
+ * Scans EC2 instances, ECR images, Lambda functions, and Lambda code.
+ * Inspector lacks native CloudFormation support for enablement.
+ */
+export declare class InspectorEnablement extends Construct {
+    constructor(scope: Construct, id: string);
+}

package/dist/lib/config/aws/inspectorEnablement.js

@@ -0,0 +1,51 @@
+import { Duration } from "aws-cdk-lib";
+import { PolicyStatement, Effect } from "aws-cdk-lib/aws-iam";
+import { Runtime } from "aws-cdk-lib/aws-lambda";
+import { Construct } from "constructs";
+import { CustomResource } from "../../resources/aws/utilities/customResource.js";
+/**
+ * Enables Inspector v2 for the account via Custom Resource.
+ * Scans EC2 instances, ECR images, Lambda functions, and Lambda code.
+ * Inspector lacks native CloudFormation support for enablement.
+ */
+export class InspectorEnablement extends Construct {
+    constructor(scope, id) {
+        super(scope, id);
+        new CustomResource(this, "InspectorEnable", {
+            runtime: Runtime.NODEJS_22_X,
+            timeout: Duration.minutes(5),
+            lambdaDescription: "Enables/disables Inspector v2 for the account",
+            inlinePolicy: [
+                new PolicyStatement({
+                    effect: Effect.ALLOW,
+                    actions: [
+                        "inspector2:Enable",
+                        "inspector2:Disable",
+                        "inspector2:GetStatus"
+                    ],
+                    resources: ["*"]
+                })
+            ],
+            inlineCode: `
+const { Inspector2Client, EnableCommand, DisableCommand } = require('@aws-sdk/client-inspector2');
+
+exports.handler = async (event) => {
+  const physicalResourceId = event.PhysicalResourceId || event.LogicalResourceId || 'inspector-enablement';
+  const client = new Inspector2Client({});
+  const resourceTypes = ['EC2', 'ECR', 'LAMBDA', 'LAMBDA_CODE'];
+
+  if (event.RequestType === 'Delete') {
+    try {
+      await client.send(new DisableCommand({ resourceTypes }));
+    } catch (err) {
+      if (err.name !== 'ResourceNotFoundException') throw err;
+    }
+    return { PhysicalResourceId: physicalResourceId };
+  }
+
+  await client.send(new EnableCommand({ resourceTypes }));
+  return { PhysicalResourceId: physicalResourceId };
+};`
+        });
+    }
+}

package/dist/lib/config/aws/ipam.js

@@ -1,10 +1,7 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Ipam = void 0;
-const aws_cdk_lib_1 = require("aws-cdk-lib");
-const constructs_1 = require("constructs");
-const ipam_1 = require("../../resources/aws/networking/ipam");
-const getConfig_1 = require("../../utils/getConfig");
+import { CfnOutput } from "aws-cdk-lib";
+import { Construct } from "constructs";
+import { Ipam as IpamClass } from "../../resources/aws/networking/ipam.js";
+import { getConfig } from "../../utils/getConfig.js";
 function operatingRegions(regions) {
     const operationRegionArray = [];
     for (const region of regions) {
@@ -12,15 +9,16 @@ function operatingRegions(regions) {
     }
     return operationRegionArray;
 }
-class Ipam extends constructs_1.Construct {
+export class Ipam extends Construct {
+    privateDefaultScopeId;
     constructor(scope, id, props) {
         super(scope, id);
         // Get regions from config or use provided override
-        const config = (0, getConfig_1.getConfig)();
+        const config = getConfig();
         const regions = props?.regions || config.allRegions;
         // Fallback to at least the current region if no regions configured
         const operationalRegions = regions.length > 0 ? regions : [config.region];
-        const ipam = new ipam_1.Ipam(this, "ipam", {
+        const ipam = new IpamClass(this, "ipam", {
             operatingRegions: operatingRegions(operationalRegions),
             tags: [
                 {
@@ -30,12 +28,10 @@ class Ipam extends constructs_1.Construct {
             ]
         });
         this.privateDefaultScopeId = ipam.attrPrivateDefaultScopeId;
-        new aws_cdk_lib_1.CfnOutput(this, "privateDefaultScopeId", {
+        new CfnOutput(this, "privateDefaultScopeId", {
             key: "privateDefaultScopeId",
             value: ipam.attrPrivateDefaultScopeId,
             exportName: "IpamPrivateDefaultScopeId"
         });
     }
 }
-exports.Ipam = Ipam;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaXBhbS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9jb25maWcvYXdzL2lwYW0udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNkNBQXdDO0FBQ3hDLDJDQUF1QztBQUV2Qyw4REFBd0U7QUFDeEUscURBQWtEO0FBRWxELFNBQVMsZ0JBQWdCLENBQUMsT0FBaUI7SUFDekMsTUFBTSxvQkFBb0IsR0FBRyxFQUFFLENBQUM7SUFDaEMsS0FBSyxNQUFNLE1BQU0sSUFBSSxPQUFPLEVBQUUsQ0FBQztRQUM3QixvQkFBb0IsQ0FBQyxJQUFJLENBQUMsRUFBRSxVQUFVLEVBQUUsTUFBTSxFQUFFLENBQUMsQ0FBQztJQUNwRCxDQUFDO0lBQ0QsT0FBTyxvQkFBb0IsQ0FBQztBQUM5QixDQUFDO0FBTUQsTUFBYSxJQUFLLFNBQVEsc0JBQVM7SUFHakMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUFpQjtRQUN6RCxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWpCLG1EQUFtRDtRQUNuRCxNQUFNLE1BQU0sR0FBRyxJQUFBLHFCQUFTLEdBQUUsQ0FBQztRQUMzQixNQUFNLE9BQU8sR0FBRyxLQUFLLEVBQUUsT0FBTyxJQUFJLE1BQU0sQ0FBQyxVQUFVLENBQUM7UUFFcEQsbUVBQW1FO1FBQ25FLE1BQU0sa0JBQWtCLEdBQUcsT0FBTyxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFMUUsTUFBTSxJQUFJLEdBQUcsSUFBSSxXQUFTLENBQUMsSUFBSSxFQUFFLE1BQU0sRUFBRTtZQUN2QyxnQkFBZ0IsRUFBRSxnQkFBZ0IsQ0FBQyxrQkFBa0IsQ0FBQztZQUN0RCxJQUFJLEVBQUU7Z0JBQ0o7b0JBQ0UsR0FBRyxFQUFFLGtDQUFrQztvQkFDdkMsS0FBSyxFQUFFLFlBQVk7aUJBQ3BCO2FBQ0Y7U0FDRixDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMscUJBQXFCLEdBQUcsSUFBSSxDQUFDLHlCQUF5QixDQUFDO1FBRTVELElBQUksdUJBQVMsQ0FBQyxJQUFJLEVBQUUsdUJBQXVCLEVBQUU7WUFDM0MsR0FBRyxFQUFFLHVCQUF1QjtZQUM1QixLQUFLLEVBQUUsSUFBSSxDQUFDLHlCQUF5QjtZQUNyQyxVQUFVLEVBQUUsMkJBQTJCO1NBQ3hDLENBQUMsQ0FBQztJQUNMLENBQUM7Q0FDRjtBQTlCRCxvQkE4QkMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBDZm5PdXRwdXQgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5cbmltcG9ydCB7IElwYW0gYXMgSXBhbUNsYXNzIH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3MvbmV0d29ya2luZy9pcGFtXCI7XG5pbXBvcnQgeyBnZXRDb25maWcgfSBmcm9tIFwiLi4vLi4vdXRpbHMvZ2V0Q29uZmlnXCI7XG5cbmZ1bmN0aW9uIG9wZXJhdGluZ1JlZ2lvbnMocmVnaW9uczogc3RyaW5nW10pOiBBcnJheTx7IHJlZ2lvbk5hbWU6IHN0cmluZyB9PiB7XG4gIGNvbnN0IG9wZXJhdGlvblJlZ2lvbkFycmF5ID0gW107XG4gIGZvciAoY29uc3QgcmVnaW9uIG9mIHJlZ2lvbnMpIHtcbiAgICBvcGVyYXRpb25SZWdpb25BcnJheS5wdXNoKHsgcmVnaW9uTmFtZTogcmVnaW9uIH0pO1xuICB9XG4gIHJldHVybiBvcGVyYXRpb25SZWdpb25BcnJheTtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBJcGFtUHJvcHMge1xuICByZWdpb25zPzogc3RyaW5nW107XG59XG5cbmV4cG9ydCBjbGFzcyBJcGFtIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgcHVibGljIHJlYWRvbmx5IHByaXZhdGVEZWZhdWx0U2NvcGVJZDogc3RyaW5nO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzPzogSXBhbVByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIC8vIEdldCByZWdpb25zIGZyb20gY29uZmlnIG9yIHVzZSBwcm92aWRlZCBvdmVycmlkZVxuICAgIGNvbnN0IGNvbmZpZyA9IGdldENvbmZpZygpO1xuICAgIGNvbnN0IHJlZ2lvbnMgPSBwcm9wcz8ucmVnaW9ucyB8fCBjb25maWcuYWxsUmVnaW9ucztcblxuICAgIC8vIEZhbGxiYWNrIHRvIGF0IGxlYXN0IHRoZSBjdXJyZW50IHJlZ2lvbiBpZiBubyByZWdpb25zIGNvbmZpZ3VyZWRcbiAgICBjb25zdCBvcGVyYXRpb25hbFJlZ2lvbnMgPSByZWdpb25zLmxlbmd0aCA+IDAgPyByZWdpb25zIDogW2NvbmZpZy5yZWdpb25dO1xuXG4gICAgY29uc3QgaXBhbSA9IG5ldyBJcGFtQ2xhc3ModGhpcywgXCJpcGFtXCIsIHtcbiAgICAgIG9wZXJhdGluZ1JlZ2lvbnM6IG9wZXJhdGluZ1JlZ2lvbnMob3BlcmF0aW9uYWxSZWdpb25zKSxcbiAgICAgIHRhZ3M6IFtcbiAgICAgICAge1xuICAgICAgICAgIGtleTogXCJmamFsbDpjb3N0QWxsb2NhdGlvbjplbnZpcm9ubWVudFwiLFxuICAgICAgICAgIHZhbHVlOiBcIm1hbmFnZW1lbnRcIlxuICAgICAgICB9XG4gICAgICBdXG4gICAgfSk7XG4gICAgdGhpcy5wcml2YXRlRGVmYXVsdFNjb3BlSWQgPSBpcGFtLmF0dHJQcml2YXRlRGVmYXVsdFNjb3BlSWQ7XG5cbiAgICBuZXcgQ2ZuT3V0cHV0KHRoaXMsIFwicHJpdmF0ZURlZmF1bHRTY29wZUlkXCIsIHtcbiAgICAgIGtleTogXCJwcml2YXRlRGVmYXVsdFNjb3BlSWRcIixcbiAgICAgIHZhbHVlOiBpcGFtLmF0dHJQcml2YXRlRGVmYXVsdFNjb3BlSWQsXG4gICAgICBleHBvcnROYW1lOiBcIklwYW1Qcml2YXRlRGVmYXVsdFNjb3BlSWRcIlxuICAgIH0pO1xuICB9XG59XG4iXX0=

package/dist/lib/config/aws/oidcConnector.js

@@ -1,10 +1,8 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.OidcConnector = void 0;
-const aws_cdk_lib_1 = require("aws-cdk-lib");
-const iam = require("aws-cdk-lib/aws-iam");
-const constructs_1 = require("constructs");
-class OidcConnector extends constructs_1.Construct {
+import { CfnOutput, Duration } from "aws-cdk-lib";
+import * as iam from "aws-cdk-lib/aws-iam";
+import { Construct } from "constructs";
+export class OidcConnector extends Construct {
+    deployRoleArn;
     constructor(scope, id, props) {
         super(scope, id);
         const issuerDomain = "fjall.io";
@@ -16,7 +14,7 @@ class OidcConnector extends constructs_1.Construct {
         });
         const deployRole = new iam.Role(this, "DeployRole", {
             roleName: `FjallDeploy${props.fjallOrgId}`,
-            maxSessionDuration: aws_cdk_lib_1.Duration.hours(1),
+            maxSessionDuration: Duration.hours(1),
             assumedBy: new iam.FederatedPrincipal(provider.openIdConnectProviderArn, {
                 StringEquals: { [`${issuerDomain}:aud`]: "sts.amazonaws.com" },
                 StringLike: {
@@ -28,13 +26,13 @@ class OidcConnector extends constructs_1.Construct {
             ]
         });
         this.deployRoleArn = deployRole.roleArn;
-        new aws_cdk_lib_1.CfnOutput(this, "OidcDeployRoleArn", {
+        new CfnOutput(this, "OidcDeployRoleArn", {
             key: "OidcDeployRoleArn",
             value: deployRole.roleArn,
             exportName: "OidcDeployRoleArn",
             description: "ARN of the Fjall OIDC deploy role"
         });
-        new aws_cdk_lib_1.CfnOutput(this, "OidcProviderArn", {
+        new CfnOutput(this, "OidcProviderArn", {
             key: "OidcProviderArn",
             value: provider.openIdConnectProviderArn,
             exportName: "OidcProviderArn",
@@ -42,5 +40,3 @@ class OidcConnector extends constructs_1.Construct {
         });
     }
 }
-exports.OidcConnector = OidcConnector;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2lkY0Nvbm5lY3Rvci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9jb25maWcvYXdzL29pZGNDb25uZWN0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNkNBQWtEO0FBQ2xELDJDQUEyQztBQUMzQywyQ0FBdUM7QUFNdkMsTUFBYSxhQUFjLFNBQVEsc0JBQVM7SUFHMUMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUF5QjtRQUNqRSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWpCLE1BQU0sWUFBWSxHQUFHLFVBQVUsQ0FBQztRQUNoQyxNQUFNLFNBQVMsR0FBRyxXQUFXLFlBQVksRUFBRSxDQUFDO1FBRTVDLE1BQU0sUUFBUSxHQUFHLElBQUksR0FBRyxDQUFDLHFCQUFxQixDQUFDLElBQUksRUFBRSxjQUFjLEVBQUU7WUFDbkUsR0FBRyxFQUFFLFNBQVM7WUFDZCxTQUFTLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQztZQUNoQyxXQUFXLEVBQUUsQ0FBQywwQ0FBMEMsQ0FBQztTQUMxRCxDQUFDLENBQUM7UUFFSCxNQUFNLFVBQVUsR0FBRyxJQUFJLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLFlBQVksRUFBRTtZQUNsRCxRQUFRLEVBQUUsY0FBYyxLQUFLLENBQUMsVUFBVSxFQUFFO1lBQzFDLGtCQUFrQixFQUFFLHNCQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztZQUNyQyxTQUFTLEVBQUUsSUFBSSxHQUFHLENBQUMsa0JBQWtCLENBQ25DLFFBQVEsQ0FBQyx3QkFBd0IsRUFDakM7Z0JBQ0UsWUFBWSxFQUFFLEVBQUUsQ0FBQyxHQUFHLFlBQVksTUFBTSxDQUFDLEVBQUUsbUJBQW1CLEVBQUU7Z0JBQzlELFVBQVUsRUFBRTtvQkFDVixDQUFDLEdBQUcsWUFBWSxNQUFNLENBQUMsRUFBRSxPQUFPLEtBQUssQ0FBQyxVQUFVLElBQUk7aUJBQ3JEO2FBQ0YsRUFDRCwrQkFBK0IsQ0FDaEM7WUFDRCxlQUFlLEVBQUU7Z0JBQ2YsR0FBRyxDQUFDLGFBQWEsQ0FBQyx3QkFBd0IsQ0FBQyxxQkFBcUIsQ0FBQzthQUNsRTtTQUNGLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxhQUFhLEdBQUcsVUFBVSxDQUFDLE9BQU8sQ0FBQztRQUV4QyxJQUFJLHVCQUFTLENBQUMsSUFBSSxFQUFFLG1CQUFtQixFQUFFO1lBQ3ZDLEdBQUcsRUFBRSxtQkFBbUI7WUFDeEIsS0FBSyxFQUFFLFVBQVUsQ0FBQyxPQUFPO1lBQ3pCLFVBQVUsRUFBRSxtQkFBbUI7WUFDL0IsV0FBVyxFQUFFLG1DQUFtQztTQUNqRCxDQUFDLENBQUM7UUFFSCxJQUFJLHVCQUFTLENBQUMsSUFBSSxFQUFFLGlCQUFpQixFQUFFO1lBQ3JDLEdBQUcsRUFBRSxpQkFBaUI7WUFDdEIsS0FBSyxFQUFFLFFBQVEsQ0FBQyx3QkFBd0I7WUFDeEMsVUFBVSxFQUFFLGlCQUFpQjtZQUM3QixXQUFXLEVBQUUsZ0NBQWdDO1NBQzlDLENBQUMsQ0FBQztJQUNMLENBQUM7Q0FDRjtBQWpERCxzQ0FpREMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBDZm5PdXRwdXQsIER1cmF0aW9uIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgKiBhcyBpYW0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5cbmV4cG9ydCBpbnRlcmZhY2UgT2lkY0Nvbm5lY3RvclByb3BzIHtcbiAgZmphbGxPcmdJZDogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgT2lkY0Nvbm5lY3RvciBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHB1YmxpYyByZWFkb25seSBkZXBsb3lSb2xlQXJuOiBzdHJpbmc7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IE9pZGNDb25uZWN0b3JQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCBpc3N1ZXJEb21haW4gPSBcImZqYWxsLmlvXCI7XG4gICAgY29uc3QgaXNzdWVyVXJsID0gYGh0dHBzOi8vJHtpc3N1ZXJEb21haW59YDtcblxuICAgIGNvbnN0IHByb3ZpZGVyID0gbmV3IGlhbS5PcGVuSWRDb25uZWN0UHJvdmlkZXIodGhpcywgXCJPaWRjUHJvdmlkZXJcIiwge1xuICAgICAgdXJsOiBpc3N1ZXJVcmwsXG4gICAgICBjbGllbnRJZHM6IFtcInN0cy5hbWF6b25hd3MuY29tXCJdLFxuICAgICAgdGh1bWJwcmludHM6IFtcIjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDBcIl1cbiAgICB9KTtcblxuICAgIGNvbnN0IGRlcGxveVJvbGUgPSBuZXcgaWFtLlJvbGUodGhpcywgXCJEZXBsb3lSb2xlXCIsIHtcbiAgICAgIHJvbGVOYW1lOiBgRmphbGxEZXBsb3kke3Byb3BzLmZqYWxsT3JnSWR9YCxcbiAgICAgIG1heFNlc3Npb25EdXJhdGlvbjogRHVyYXRpb24uaG91cnMoMSksXG4gICAgICBhc3N1bWVkQnk6IG5ldyBpYW0uRmVkZXJhdGVkUHJpbmNpcGFsKFxuICAgICAgICBwcm92aWRlci5vcGVuSWRDb25uZWN0UHJvdmlkZXJBcm4sXG4gICAgICAgIHtcbiAgICAgICAgICBTdHJpbmdFcXVhbHM6IHsgW2Ake2lzc3VlckRvbWFpbn06YXVkYF06IFwic3RzLmFtYXpvbmF3cy5jb21cIiB9LFxuICAgICAgICAgIFN0cmluZ0xpa2U6IHtcbiAgICAgICAgICAgIFtgJHtpc3N1ZXJEb21haW59OnN1YmBdOiBgb3JnOiR7cHJvcHMuZmphbGxPcmdJZH06KmBcbiAgICAgICAgICB9XG4gICAgICAgIH0sXG4gICAgICAgIFwic3RzOkFzc3VtZVJvbGVXaXRoV2ViSWRlbnRpdHlcIlxuICAgICAgKSxcbiAgICAgIG1hbmFnZWRQb2xpY2llczogW1xuICAgICAgICBpYW0uTWFuYWdlZFBvbGljeS5mcm9tQXdzTWFuYWdlZFBvbGljeU5hbWUoXCJBZG1pbmlzdHJhdG9yQWNjZXNzXCIpXG4gICAgICBdXG4gICAgfSk7XG5cbiAgICB0aGlzLmRlcGxveVJvbGVBcm4gPSBkZXBsb3lSb2xlLnJvbGVBcm47XG5cbiAgICBuZXcgQ2ZuT3V0cHV0KHRoaXMsIFwiT2lkY0RlcGxveVJvbGVBcm5cIiwge1xuICAgICAga2V5OiBcIk9pZGNEZXBsb3lSb2xlQXJuXCIsXG4gICAgICB2YWx1ZTogZGVwbG95Um9sZS5yb2xlQXJuLFxuICAgICAgZXhwb3J0TmFtZTogXCJPaWRjRGVwbG95Um9sZUFyblwiLFxuICAgICAgZGVzY3JpcHRpb246IFwiQVJOIG9mIHRoZSBGamFsbCBPSURDIGRlcGxveSByb2xlXCJcbiAgICB9KTtcblxuICAgIG5ldyBDZm5PdXRwdXQodGhpcywgXCJPaWRjUHJvdmlkZXJBcm5cIiwge1xuICAgICAga2V5OiBcIk9pZGNQcm92aWRlckFyblwiLFxuICAgICAgdmFsdWU6IHByb3ZpZGVyLm9wZW5JZENvbm5lY3RQcm92aWRlckFybixcbiAgICAgIGV4cG9ydE5hbWU6IFwiT2lkY1Byb3ZpZGVyQXJuXCIsXG4gICAgICBkZXNjcmlwdGlvbjogXCJBUk4gb2YgdGhlIEZqYWxsIE9JREMgcHJvdmlkZXJcIlxuICAgIH0pO1xuICB9XG59XG4iXX0=

package/dist/lib/config/aws/platform.js

@@ -1,6 +1,2 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.FJALL_PLATFORM_ACCOUNT_ID = void 0;
 /** AWS account ID of the Fjall platform (where the webapp runs). */
-exports.FJALL_PLATFORM_ACCOUNT_ID = "985539798308";
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGxhdGZvcm0uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9wbGF0Zm9ybS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxvRUFBb0U7QUFDdkQsUUFBQSx5QkFBeUIsR0FBRyxjQUFjLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKiogQVdTIGFjY291bnQgSUQgb2YgdGhlIEZqYWxsIHBsYXRmb3JtICh3aGVyZSB0aGUgd2ViYXBwIHJ1bnMpLiAqL1xuZXhwb3J0IGNvbnN0IEZKQUxMX1BMQVRGT1JNX0FDQ09VTlRfSUQgPSBcIjk4NTUzOTc5ODMwOFwiO1xuIl19
+export const FJALL_PLATFORM_ACCOUNT_ID = "985539798308";

package/dist/lib/config/aws/s3BlockPublicAccess.d.ts

@@ -0,0 +1,9 @@
+import { Construct } from "constructs";
+/**
+ * Enables S3 Block Public Access at the account level via a Custom Resource.
+ * All four public access flags are set to true (block all public access).
+ * Stack deletion does NOT revert this setting — security features are preserved.
+ */
+export declare class S3BlockPublicAccess extends Construct {
+    constructor(scope: Construct, id: string);
+}

package/dist/lib/config/aws/s3BlockPublicAccess.js

@@ -0,0 +1,55 @@
+import { Duration } from "aws-cdk-lib";
+import { Effect, PolicyStatement } from "aws-cdk-lib/aws-iam";
+import { Runtime } from "aws-cdk-lib/aws-lambda";
+import { Stack } from "aws-cdk-lib";
+import { Construct } from "constructs";
+import { CustomResource } from "../../resources/aws/utilities/customResource.js";
+/**
+ * Enables S3 Block Public Access at the account level via a Custom Resource.
+ * All four public access flags are set to true (block all public access).
+ * Stack deletion does NOT revert this setting — security features are preserved.
+ */
+export class S3BlockPublicAccess extends Construct {
+    constructor(scope, id) {
+        super(scope, id);
+        new CustomResource(this, "S3BlockPublicAccess", {
+            runtime: Runtime.NODEJS_22_X,
+            timeout: Duration.minutes(5),
+            lambdaDescription: "Enables S3 Block Public Access at account level",
+            properties: {
+                AccountId: Stack.of(this).account
+            },
+            inlinePolicy: [
+                new PolicyStatement({
+                    effect: Effect.ALLOW,
+                    actions: [
+                        "s3:PutAccountPublicAccessBlock",
+                        "s3:GetAccountPublicAccessBlock"
+                    ],
+                    resources: ["*"]
+                })
+            ],
+            inlineCode: `
+const { S3ControlClient, PutPublicAccessBlockCommand } = require('@aws-sdk/client-s3-control');
+
+exports.handler = async (event) => {
+  const physicalResourceId = event.PhysicalResourceId || event.LogicalResourceId || 's3-block-public-access';
+  if (event.RequestType === 'Delete') {
+    return { PhysicalResourceId: physicalResourceId };
+  }
+  const accountId = event.ResourceProperties.AccountId;
+  const client = new S3ControlClient({});
+  await client.send(new PutPublicAccessBlockCommand({
+    AccountId: accountId,
+    PublicAccessBlockConfiguration: {
+      BlockPublicAcls: true,
+      IgnorePublicAcls: true,
+      BlockPublicPolicy: true,
+      RestrictPublicBuckets: true
+    }
+  }));
+  return { PhysicalResourceId: physicalResourceId };
+};`
+        });
+    }
+}

package/dist/lib/config/aws/scpPreset.d.ts

@@ -0,0 +1,21 @@
+import { Construct } from "constructs";
+export type ScpPresetLevel = "standard" | "hardened";
+export interface ScpPresetProps {
+    preset: ScpPresetLevel;
+    rootId: string;
+    allowedRegions: string[];
+    organisationalUnitIds?: Record<string, string>;
+}
+/**
+ * Creates a set of Service Control Policies (SCPs) based on a preset level.
+ *
+ * Standard preset: 3 root-level SCPs (FoundationGuardrails, SecurityProtection, EncryptionAndAccess).
+ * Hardened preset: 3 root + per-OU cost controls for development environments.
+ *
+ * All deny statements (except DenyRootUser) exempt automation roles to prevent deployment lockout.
+ */
+export declare class ScpPreset extends Construct {
+    constructor(scope: Construct, id: string, props: ScpPresetProps);
+    private createRootScps;
+    private createHardenedScps;
+}