npm - @fjall/components-infrastructure - Versions diffs - 0.89.5 → 0.89.6 - Mend

@fjall/components-infrastructure 0.89.5 → 0.89.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (378) hide show

package/LICENSE +50 -21
package/dist/index.d.ts +1 -1
package/dist/index.js +1 -18
package/dist/lib/app.d.ts +12 -12
package/dist/lib/app.js +61 -56
package/dist/lib/aspects/index.d.ts +1 -1
package/dist/lib/aspects/index.js +1 -6
package/dist/lib/aspects/resourceInventory.js +6 -13
package/dist/lib/config/audit.js +1 -5
package/dist/lib/config/aws/accessAnalyser.d.ts +11 -0
package/dist/lib/config/aws/accessAnalyser.js +17 -0
package/dist/lib/config/aws/accountAuditRole.js +11 -15
package/dist/lib/config/aws/accountMonitoringRole.js +25 -29
package/dist/lib/config/aws/alarmTopic.d.ts +8 -0
package/dist/lib/config/aws/alarmTopic.js +19 -0
package/dist/lib/config/aws/cloudTrail.js +4 -9
package/dist/lib/config/aws/configRecorder.d.ts +16 -0
package/dist/lib/config/aws/configRecorder.js +51 -0
package/dist/lib/config/aws/configRulePreset.d.ts +13 -0
package/dist/lib/config/aws/configRulePreset.js +62 -0
package/dist/lib/config/aws/disasterRecovery.d.ts +1 -1
package/dist/lib/config/aws/disasterRecovery.js +56 -73
package/dist/lib/config/aws/ebsDefaultEncryption.d.ts +8 -0
package/dist/lib/config/aws/ebsDefaultEncryption.js +41 -0
package/dist/lib/config/aws/ecrDefaultImage.js +25 -30
package/dist/lib/config/aws/eventBus.js +8 -11
package/dist/lib/config/aws/guardDutyDetector.d.ts +16 -0
package/dist/lib/config/aws/guardDutyDetector.js +26 -0
package/dist/lib/config/aws/identityCenter.d.ts +1 -1
package/dist/lib/config/aws/identityCenter.js +23 -25
package/dist/lib/config/aws/identityCenterGroupMembership.js +18 -22
package/dist/lib/config/aws/index.d.ts +19 -8
package/dist/lib/config/aws/index.js +19 -25
package/dist/lib/config/aws/inspectorEnablement.d.ts +9 -0
package/dist/lib/config/aws/inspectorEnablement.js +51 -0
package/dist/lib/config/aws/ipam.js +9 -13
package/dist/lib/config/aws/oidcConnector.js +8 -12
package/dist/lib/config/aws/platform.js +1 -5
package/dist/lib/config/aws/s3BlockPublicAccess.d.ts +9 -0
package/dist/lib/config/aws/s3BlockPublicAccess.js +55 -0
package/dist/lib/config/aws/scpPreset.d.ts +21 -0
package/dist/lib/config/aws/scpPreset.js +311 -0
package/dist/lib/config/aws/securityBaseline.d.ts +15 -0
package/dist/lib/config/aws/securityBaseline.js +27 -0
package/dist/lib/config/aws/securityHubHub.d.ts +15 -0
package/dist/lib/config/aws/securityHubHub.js +28 -0
package/dist/lib/config/aws/securityServicesAdmin.d.ts +20 -0
package/dist/lib/config/aws/securityServicesAdmin.js +115 -0
package/dist/lib/config/index.d.ts +2 -2
package/dist/lib/config/index.js +2 -21
package/dist/lib/index.d.ts +4 -4
package/dist/lib/index.js +5 -26
package/dist/lib/patterns/aws/account.d.ts +17 -1
package/dist/lib/patterns/aws/account.js +60 -33
package/dist/lib/patterns/aws/apexDomainPattern.d.ts +26 -0
package/dist/lib/patterns/aws/apexDomainPattern.js +91 -0
package/dist/lib/patterns/aws/auditRole.js +13 -16
package/dist/lib/patterns/aws/buildkite.d.ts +1 -1
package/dist/lib/patterns/aws/buildkite.js +70 -75
package/dist/lib/patterns/aws/cdn.d.ts +5 -5
package/dist/lib/patterns/aws/cdn.js +22 -28
package/dist/lib/patterns/aws/compute.d.ts +1 -1
package/dist/lib/patterns/aws/compute.js +31 -44
package/dist/lib/patterns/aws/computeEc2.d.ts +1 -1
package/dist/lib/patterns/aws/computeEc2.js +11 -14
package/dist/lib/patterns/aws/computeEcs.d.ts +18 -2
package/dist/lib/patterns/aws/computeEcs.js +41 -31
package/dist/lib/patterns/aws/computeLambda.d.ts +2 -2
package/dist/lib/patterns/aws/computeLambda.js +24 -31
package/dist/lib/patterns/aws/database.d.ts +16 -7
package/dist/lib/patterns/aws/database.js +81 -73
package/dist/lib/patterns/aws/delegatedDomainPattern.d.ts +17 -0
package/dist/lib/patterns/aws/delegatedDomainPattern.js +54 -0
package/dist/lib/patterns/aws/dnsRecordComposer.d.ts +25 -0
package/dist/lib/patterns/aws/dnsRecordComposer.js +225 -0
package/dist/lib/patterns/aws/domain.d.ts +32 -0
package/dist/lib/patterns/aws/domain.js +115 -0
package/dist/lib/patterns/aws/domainDelegation.d.ts +3 -3
package/dist/lib/patterns/aws/domainDelegation.js +28 -37
package/dist/lib/patterns/aws/domainFactory.d.ts +20 -5
package/dist/lib/patterns/aws/domainFactory.js +48 -10
package/dist/lib/patterns/aws/domainValidation.d.ts +11 -0
package/dist/lib/patterns/aws/domainValidation.js +145 -0
package/dist/lib/patterns/aws/externalRecordsPattern.d.ts +18 -0
package/dist/lib/patterns/aws/externalRecordsPattern.js +141 -0
package/dist/lib/patterns/aws/fivetranProxy.d.ts +1 -1
package/dist/lib/patterns/aws/fivetranProxy.js +6 -11
package/dist/lib/patterns/aws/index.d.ts +21 -19
package/dist/lib/patterns/aws/index.js +25 -36
package/dist/lib/patterns/aws/interfaces/cdn.js +1 -5
package/dist/lib/patterns/aws/interfaces/compute.js +4 -11
package/dist/lib/patterns/aws/interfaces/connector.js +1 -15
package/dist/lib/patterns/aws/interfaces/database.d.ts +1 -1
package/dist/lib/patterns/aws/interfaces/database.js +6 -15
package/dist/lib/patterns/aws/interfaces/domain.d.ts +80 -2
package/dist/lib/patterns/aws/interfaces/domain.js +1 -6
package/dist/lib/patterns/aws/interfaces/index.js +8 -41
package/dist/lib/patterns/aws/interfaces/messaging.js +4 -11
package/dist/lib/patterns/aws/interfaces/organisation.d.ts +1 -1
package/dist/lib/patterns/aws/interfaces/organisation.js +4 -11
package/dist/lib/patterns/aws/interfaces/pattern.js +2 -7
package/dist/lib/patterns/aws/interfaces/storage.js +1 -5
package/dist/lib/patterns/aws/managedIdentityCenter.js +7 -12
package/dist/lib/patterns/aws/messaging.d.ts +7 -7
package/dist/lib/patterns/aws/messaging.js +22 -33
package/dist/lib/patterns/aws/network.d.ts +2 -2
package/dist/lib/patterns/aws/network.js +9 -14
package/dist/lib/patterns/aws/organisation.d.ts +6 -2
package/dist/lib/patterns/aws/organisation.js +34 -35
package/dist/lib/patterns/aws/organisationFactory.d.ts +3 -3
package/dist/lib/patterns/aws/organisationFactory.js +7 -12
package/dist/lib/patterns/aws/pattern.js +6 -12
package/dist/lib/patterns/aws/payload.js +73 -63
package/dist/lib/patterns/aws/platform.d.ts +6 -3
package/dist/lib/patterns/aws/platform.js +15 -15
package/dist/lib/patterns/aws/storage.d.ts +6 -4
package/dist/lib/patterns/aws/storage.js +35 -40
package/dist/lib/patterns/aws/subdomainHostedZone.js +11 -16
package/dist/lib/patterns/aws/targets/fjallTargets.d.ts +37 -0
package/dist/lib/patterns/aws/targets/fjallTargets.js +66 -0
package/dist/lib/patterns/aws/targets/index.d.ts +2 -0
package/dist/lib/patterns/aws/targets/index.js +2 -0
package/dist/lib/patterns/aws/targets/targetResolution.d.ts +76 -0
package/dist/lib/patterns/aws/targets/targetResolution.js +119 -0
package/dist/lib/patterns/index.d.ts +1 -0
package/dist/lib/patterns/index.js +1 -0
package/dist/lib/resources/aws/analytics/clickhouse.d.ts +15 -0
package/dist/lib/resources/aws/analytics/clickhouse.js +292 -0
package/dist/lib/resources/aws/analytics/clickhouseConstants.d.ts +73 -0
package/dist/lib/resources/aws/analytics/clickhouseConstants.js +87 -0
package/dist/lib/resources/aws/analytics/clickhouseSecurityGroup.d.ts +13 -0
package/dist/lib/resources/aws/analytics/clickhouseSecurityGroup.js +28 -0
package/dist/lib/resources/aws/analytics/clickhouseTypes.d.ts +47 -0
package/dist/lib/resources/aws/analytics/clickhouseTypes.js +1 -0
package/dist/lib/resources/aws/analytics/clickhouseUserData.d.ts +5 -0
package/dist/lib/resources/aws/analytics/clickhouseUserData.js +248 -0
package/dist/lib/resources/aws/analytics/index.d.ts +2 -0
package/dist/lib/resources/aws/analytics/index.js +1 -0
package/dist/lib/resources/aws/audit/auditRole.js +10 -15
package/dist/lib/resources/aws/audit/index.d.ts +1 -1
package/dist/lib/resources/aws/audit/index.js +1 -6
package/dist/lib/resources/aws/backup/backupPlan.d.ts +1 -1
package/dist/lib/resources/aws/backup/backupPlan.js +14 -16
package/dist/lib/resources/aws/backup/backupVault.d.ts +1 -1
package/dist/lib/resources/aws/backup/backupVault.js +13 -15
package/dist/lib/resources/aws/backup/index.d.ts +2 -2
package/dist/lib/resources/aws/backup/index.js +2 -19
package/dist/lib/resources/aws/base/awsStack.js +17 -19
package/dist/lib/resources/aws/base/index.d.ts +1 -1
package/dist/lib/resources/aws/base/index.js +1 -18
package/dist/lib/resources/aws/cdn/cloudFront.js +40 -42
package/dist/lib/resources/aws/cdn/index.d.ts +1 -1
package/dist/lib/resources/aws/cdn/index.js +1 -18
package/dist/lib/resources/aws/compute/ec2.js +39 -39
package/dist/lib/resources/aws/compute/ecs.d.ts +18 -396
package/dist/lib/resources/aws/compute/ecs.js +105 -976
package/dist/lib/resources/aws/compute/ecsCapacityProviderAspect.d.ts +22 -0
package/dist/lib/resources/aws/compute/ecsCapacityProviderAspect.js +35 -0
package/dist/lib/resources/aws/compute/ecsConstants.d.ts +20 -0
package/dist/lib/resources/aws/compute/ecsConstants.js +49 -0
package/dist/lib/resources/aws/compute/ecsContext.d.ts +12 -0
package/dist/lib/resources/aws/compute/ecsContext.js +1 -0
package/dist/lib/resources/aws/compute/ecsImages.d.ts +4 -0
package/dist/lib/resources/aws/compute/ecsImages.js +35 -0
package/dist/lib/resources/aws/compute/ecsNetworking.d.ts +28 -0
package/dist/lib/resources/aws/compute/ecsNetworking.js +290 -0
package/dist/lib/resources/aws/compute/ecsRoles.d.ts +15 -0
package/dist/lib/resources/aws/compute/ecsRoles.js +110 -0
package/dist/lib/resources/aws/compute/ecsServiceFactory.d.ts +33 -0
package/dist/lib/resources/aws/compute/ecsServiceFactory.js +183 -0
package/dist/lib/resources/aws/compute/ecsTaskDefinition.d.ts +30 -0
package/dist/lib/resources/aws/compute/ecsTaskDefinition.js +168 -0
package/dist/lib/resources/aws/compute/ecsTypes.d.ts +337 -0
package/dist/lib/resources/aws/compute/ecsTypes.js +10 -0
package/dist/lib/resources/aws/compute/ecsValidation.d.ts +18 -0
package/dist/lib/resources/aws/compute/ecsValidation.js +72 -0
package/dist/lib/resources/aws/compute/index.d.ts +3 -3
package/dist/lib/resources/aws/compute/index.js +3 -20
package/dist/lib/resources/aws/compute/lambda.d.ts +10 -2
package/dist/lib/resources/aws/compute/lambda.js +81 -71
package/dist/lib/resources/aws/database/dynamodb.js +24 -27
package/dist/lib/resources/aws/database/index.d.ts +7 -7
package/dist/lib/resources/aws/database/index.js +14 -33
package/dist/lib/resources/aws/database/rdsAurora.d.ts +10 -2
package/dist/lib/resources/aws/database/rdsAurora.js +76 -61
package/dist/lib/resources/aws/database/rdsAuroraGlobal.d.ts +2 -2
package/dist/lib/resources/aws/database/rdsAuroraGlobal.js +24 -21
package/dist/lib/resources/aws/database/rdsDefaults.js +3 -7
package/dist/lib/resources/aws/database/rdsHelpers.d.ts +2 -2
package/dist/lib/resources/aws/database/rdsHelpers.js +21 -29
package/dist/lib/resources/aws/database/rdsInstance.d.ts +11 -3
package/dist/lib/resources/aws/database/rdsInstance.js +101 -83
package/dist/lib/resources/aws/database/rdsProxyOutput.js +5 -9
package/dist/lib/resources/aws/iam/delegationRole.d.ts +18 -0
package/dist/lib/resources/aws/iam/delegationRole.js +60 -0
package/dist/lib/resources/aws/iam/identityCenter/assignment.js +4 -9
package/dist/lib/resources/aws/iam/identityCenter/group.js +5 -9
package/dist/lib/resources/aws/iam/identityCenter/index.d.ts +3 -3
package/dist/lib/resources/aws/iam/identityCenter/index.js +3 -20
package/dist/lib/resources/aws/iam/identityCenter/permissionSet.d.ts +1 -1
package/dist/lib/resources/aws/iam/identityCenter/permissionSet.js +5 -9
package/dist/lib/resources/aws/iam/index.d.ts +5 -4
package/dist/lib/resources/aws/iam/index.js +5 -21
package/dist/lib/resources/aws/iam/instanceProfile.js +2 -7
package/dist/lib/resources/aws/iam/managedPolicy.js +2 -7
package/dist/lib/resources/aws/iam/policy.js +2 -7
package/dist/lib/resources/aws/iam/role.js +2 -7
package/dist/lib/resources/aws/index.d.ts +7 -7
package/dist/lib/resources/aws/index.js +7 -24
package/dist/lib/resources/aws/logging/cloudTrail.d.ts +1 -1
package/dist/lib/resources/aws/logging/cloudTrail.js +18 -22
package/dist/lib/resources/aws/logging/index.d.ts +2 -2
package/dist/lib/resources/aws/logging/index.js +2 -19
package/dist/lib/resources/aws/logging/logGroup.js +4 -10
package/dist/lib/resources/aws/messaging/eventbridge.js +11 -14
package/dist/lib/resources/aws/messaging/index.d.ts +4 -4
package/dist/lib/resources/aws/messaging/index.js +4 -21
package/dist/lib/resources/aws/messaging/sns.js +11 -14
package/dist/lib/resources/aws/messaging/sqs.js +32 -34
package/dist/lib/resources/aws/messaging/utils.d.ts +1 -1
package/dist/lib/resources/aws/messaging/utils.js +1 -6
package/dist/lib/resources/aws/monitoring/alarmDefaults.d.ts +36 -0
package/dist/lib/resources/aws/monitoring/alarmDefaults.js +34 -0
package/dist/lib/resources/aws/monitoring/ecsAlarms.d.ts +21 -0
package/dist/lib/resources/aws/monitoring/ecsAlarms.js +88 -0
package/dist/lib/resources/aws/monitoring/index.d.ts +4 -0
package/dist/lib/resources/aws/monitoring/index.js +4 -5
package/dist/lib/resources/aws/monitoring/lambdaAlarms.d.ts +18 -0
package/dist/lib/resources/aws/monitoring/lambdaAlarms.js +44 -0
package/dist/lib/resources/aws/monitoring/rdsAlarms.d.ts +20 -0
package/dist/lib/resources/aws/monitoring/rdsAlarms.js +52 -0
package/dist/lib/resources/aws/networking/crossAccountDelegationRecord.d.ts +17 -0
package/dist/lib/resources/aws/networking/crossAccountDelegationRecord.js +26 -0
package/dist/lib/resources/aws/networking/dnsRecord/aRecord.d.ts +12 -0
package/dist/lib/resources/aws/networking/dnsRecord/aRecord.js +21 -0
package/dist/lib/resources/aws/networking/dnsRecord/aaaaRecord.d.ts +12 -0
package/dist/lib/resources/aws/networking/dnsRecord/aaaaRecord.js +22 -0
package/dist/lib/resources/aws/networking/dnsRecord/aliasRecord.d.ts +12 -0
package/dist/lib/resources/aws/networking/dnsRecord/aliasRecord.js +23 -0
package/dist/lib/resources/aws/networking/dnsRecord/caaRecord.d.ts +17 -0
package/dist/lib/resources/aws/networking/dnsRecord/caaRecord.js +21 -0
package/dist/lib/resources/aws/networking/dnsRecord/cnameRecord.d.ts +12 -0
package/dist/lib/resources/aws/networking/dnsRecord/cnameRecord.js +22 -0
package/dist/lib/resources/aws/networking/dnsRecord/dnsRecordBase.d.ts +17 -0
package/dist/lib/resources/aws/networking/dnsRecord/dnsRecordBase.js +17 -0
package/dist/lib/resources/aws/networking/dnsRecord/index.d.ts +10 -0
package/dist/lib/resources/aws/networking/dnsRecord/index.js +10 -0
package/dist/lib/resources/aws/networking/dnsRecord/mxRecord.d.ts +16 -0
package/dist/lib/resources/aws/networking/dnsRecord/mxRecord.js +21 -0
package/dist/lib/resources/aws/networking/dnsRecord/nsRecord.d.ts +12 -0
package/dist/lib/resources/aws/networking/dnsRecord/nsRecord.js +21 -0
package/dist/lib/resources/aws/networking/dnsRecord/srvRecord.d.ts +18 -0
package/dist/lib/resources/aws/networking/dnsRecord/srvRecord.js +21 -0
package/dist/lib/resources/aws/networking/dnsRecord/txtRecord.d.ts +12 -0
package/dist/lib/resources/aws/networking/dnsRecord/txtRecord.js +21 -0
package/dist/lib/resources/aws/networking/domain.d.ts +1 -1
package/dist/lib/resources/aws/networking/domain.js +32 -34
package/dist/lib/resources/aws/networking/domainCertificate.d.ts +8 -3
package/dist/lib/resources/aws/networking/domainCertificate.js +22 -16
package/dist/lib/resources/aws/networking/hostedZone.d.ts +23 -19
package/dist/lib/resources/aws/networking/hostedZone.js +70 -134
package/dist/lib/resources/aws/networking/index.d.ts +8 -7
package/dist/lib/resources/aws/networking/index.js +8 -24
package/dist/lib/resources/aws/networking/ipam.js +2 -7
package/dist/lib/resources/aws/networking/ipamPool.d.ts +1 -1
package/dist/lib/resources/aws/networking/ipamPool.js +45 -55
package/dist/lib/resources/aws/networking/securityGroup.js +2 -7
package/dist/lib/resources/aws/networking/vpc.d.ts +1 -1
package/dist/lib/resources/aws/networking/vpc.js +17 -21
package/dist/lib/resources/aws/organisation/costAllocationTagActivator.d.ts +1 -1
package/dist/lib/resources/aws/organisation/costAllocationTagActivator.js +11 -15
package/dist/lib/resources/aws/organisation/index.d.ts +5 -5
package/dist/lib/resources/aws/organisation/index.js +4 -12
package/dist/lib/resources/aws/organisation/organisation.js +5 -7
package/dist/lib/resources/aws/organisation/organisationAccount.js +7 -10
package/dist/lib/resources/aws/organisation/organisationPolicy.js +5 -9
package/dist/lib/resources/aws/organisation/organisationalUnit.js +1 -3
package/dist/lib/resources/aws/secrets/alias.js +2 -7
package/dist/lib/resources/aws/secrets/index.d.ts +4 -4
package/dist/lib/resources/aws/secrets/index.js +4 -21
package/dist/lib/resources/aws/secrets/kms.js +15 -18
package/dist/lib/resources/aws/secrets/parameter.d.ts +3 -3
package/dist/lib/resources/aws/secrets/parameter.js +19 -22
package/dist/lib/resources/aws/secrets/secret.d.ts +2 -2
package/dist/lib/resources/aws/secrets/secret.js +12 -14
package/dist/lib/resources/aws/storage/ecr.d.ts +2 -2
package/dist/lib/resources/aws/storage/ecr.js +7 -13
package/dist/lib/resources/aws/storage/index.d.ts +2 -2
package/dist/lib/resources/aws/storage/index.js +2 -19
package/dist/lib/resources/aws/storage/s3.d.ts +1 -1
package/dist/lib/resources/aws/storage/s3.js +24 -12
package/dist/lib/resources/aws/utilities/awsCustomResource.js +3 -7
package/dist/lib/resources/aws/utilities/codeBuild.js +7 -12
package/dist/lib/resources/aws/utilities/customResource.js +14 -17
package/dist/lib/resources/aws/utilities/customResourceProvider.js +2 -7
package/dist/lib/resources/aws/utilities/index.d.ts +5 -5
package/dist/lib/resources/aws/utilities/index.js +5 -22
package/dist/lib/resources/aws/utilities/resourceShare.js +2 -7
package/dist/lib/resources/index.d.ts +1 -1
package/dist/lib/resources/index.js +1 -18
package/dist/lib/types.js +1 -3
package/dist/lib/utils/accountsUtils.d.ts +5 -0
package/dist/lib/utils/accountsUtils.js +18 -0
package/dist/lib/utils/addSuffixToEmail.js +1 -5
package/dist/lib/utils/backupTierMapping.js +2 -6
package/dist/lib/utils/capitaliseString.js +1 -10
package/dist/lib/utils/connections.js +9 -13
package/dist/lib/utils/connector.js +10 -23
package/dist/lib/utils/constructMap.d.ts +33 -0
package/dist/lib/utils/constructMap.js +154 -0
package/dist/lib/utils/databaseTypes.js +4 -10
package/dist/lib/utils/dnsRecords.d.ts +1 -1
package/dist/lib/utils/dnsRecords.js +23 -27
package/dist/lib/utils/domainTypes.d.ts +0 -1
package/dist/lib/utils/domainTypes.js +2 -10
package/dist/lib/utils/env.js +14 -26
package/dist/lib/utils/getAccountId.js +3 -7
package/dist/lib/utils/getAsync.js +7 -10
package/dist/lib/utils/getConfig.d.ts +0 -2
package/dist/lib/utils/getConfig.js +29 -47
package/dist/lib/utils/getStackOutput.js +4 -8
package/dist/lib/utils/index.d.ts +12 -12
package/dist/lib/utils/index.js +12 -29
package/dist/lib/utils/manifestWriter.d.ts +14 -3
package/dist/lib/utils/manifestWriter.js +60 -43
package/dist/lib/utils/orgConfigParser.d.ts +14 -0
package/dist/lib/utils/orgConfigParser.js +49 -0
package/dist/lib/utils/removalPolicy.js +5 -9
package/dist/lib/utils/resourceNaming.js +11 -16
package/dist/lib/utils/standardTagsAspect.js +9 -16
package/dist/lib/utils/stripAndCamelCase.js +1 -5
package/dist/lib/utils/validationLogger.js +12 -18
package/dist/lib/utils/vpcUtils.js +5 -10
package/package.json +25 -8
package/dist/lib/config/aws/accountId.d.ts +0 -6
package/dist/lib/config/aws/accountId.js +0 -32
package/dist/lib/config/aws/backupGlobalSettings.d.ts +0 -29
package/dist/lib/config/aws/backupGlobalSettings.js +0 -49
package/dist/lib/config/aws/costAllocationTags.d.ts +0 -12
package/dist/lib/config/aws/costAllocationTags.js +0 -47
package/dist/lib/config/aws/ipamDelegateAdmin.d.ts +0 -8
package/dist/lib/config/aws/ipamDelegateAdmin.js +0 -57
package/dist/lib/config/aws/ipamPoolId.d.ts +0 -16
package/dist/lib/config/aws/ipamPoolId.js +0 -42
package/dist/lib/config/aws/organisation.d.ts +0 -30
package/dist/lib/config/aws/organisation.js +0 -92
package/dist/lib/config/aws/organisationId.d.ts +0 -7
package/dist/lib/config/aws/organisationId.js +0 -45
package/dist/lib/config/aws/organisationsAccess.d.ts +0 -10
package/dist/lib/config/aws/organisationsAccess.js +0 -49
package/dist/lib/config/aws/ramSharing.d.ts +0 -4
package/dist/lib/config/aws/ramSharing.js +0 -34
package/dist/lib/config/monitoring.d.ts +0 -18
package/dist/lib/config/monitoring.js +0 -22
package/dist/lib/patterns/aws/connections.d.ts +0 -46
package/dist/lib/patterns/aws/connections.js +0 -159
package/dist/lib/patterns/aws/hostedZone.d.ts +0 -28
package/dist/lib/patterns/aws/hostedZone.js +0 -150
package/dist/lib/patterns/aws/managedAccount.d.ts +0 -9
package/dist/lib/patterns/aws/managedAccount.js +0 -55
package/dist/lib/patterns/aws/managedOrganisation.d.ts +0 -36
package/dist/lib/patterns/aws/managedOrganisation.js +0 -97
package/dist/lib/patterns/aws/managedPlatform.d.ts +0 -12
package/dist/lib/patterns/aws/managedPlatform.js +0 -29
package/dist/lib/resources/aws/database/database.d.ts +0 -14
package/dist/lib/resources/aws/database/database.js +0 -28
package/dist/lib/resources/aws/database/databaseInstance.d.ts +0 -15
package/dist/lib/resources/aws/database/databaseInstance.js +0 -30
package/dist/lib/resources/aws/database/migrationLambda.d.ts +0 -80
package/dist/lib/resources/aws/database/migrationLambda.js +0 -119
package/dist/lib/resources/aws/iam/identityCenter/attachManagedPolicy.d.ts +0 -13
package/dist/lib/resources/aws/iam/identityCenter/attachManagedPolicy.js +0 -51
package/dist/lib/resources/aws/iam/securityGroup.d.ts +0 -5
package/dist/lib/resources/aws/iam/securityGroup.js +0 -14
package/dist/lib/resources/aws/monitoring/monitoringRole.d.ts +0 -29
package/dist/lib/resources/aws/monitoring/monitoringRole.js +0 -120
package/dist/lib/utils/capitalizeString.d.ts +0 -12
package/dist/lib/utils/capitalizeString.js +0 -30

package/dist/lib/patterns/aws/dnsRecordComposer.js ADDED Viewed

@@ -0,0 +1,225 @@
+import { CaaTag } from "aws-cdk-lib/aws-route53";
+import { ARecord, AaaaRecord, AliasRecord, CnameRecord, MxRecord, TxtRecord, NsRecord, SrvRecord, CaaRecord } from "../../resources/aws/networking/dnsRecord/index.js";
+import { toPascalCase, getSafeZoneName } from "../../utils/capitaliseString.js";
+import { ALIAS_CDK_PREFIX } from "../../utils/domainTypes.js";
+import { DNS_APEX } from "@fjall/util";
+/**
+ * Legacy composer consumed by `DomainFactory` (deleted in Phase 2). Accepts
+ * the `DnsRecordInput` shape from the BIND-primary era where ALIAS sentinels
+ * live in `value`. Typed targets are not supported here; use
+ * `composeTypedDnsRecords` instead.
+ */
+export function composeDnsRecords(scope, zone, zoneName, records) {
+    const safeZone = toPascalCase(getSafeZoneName(zoneName));
+    records.forEach((record, index) => {
+        // Skip alias sentinels — they are resolved via the typed path in Phase 1+.
+        if (record.value.startsWith(ALIAS_CDK_PREFIX)) {
+            return;
+        }
+        const safeName = toPascalCase(record.name === DNS_APEX ? "Apex" : record.name);
+        const constructId = `${safeZone}${safeName}${record.type}Record${index}`;
+        const common = {
+            zone,
+            zoneName,
+            recordName: record.name,
+            ttl: record.ttl
+        };
+        switch (record.type) {
+            case "A":
+                new ARecord(scope, constructId, {
+                    ...common,
+                    values: [record.value]
+                });
+                break;
+            case "AAAA":
+                new AaaaRecord(scope, constructId, {
+                    ...common,
+                    values: [record.value]
+                });
+                break;
+            case "CNAME":
+                new CnameRecord(scope, constructId, {
+                    ...common,
+                    domainName: record.value
+                });
+                break;
+            case "MX":
+                new MxRecord(scope, constructId, {
+                    ...common,
+                    values: [
+                        {
+                            hostName: record.value,
+                            priority: record.priority ?? 10
+                        }
+                    ]
+                });
+                break;
+            case "TXT":
+                new TxtRecord(scope, constructId, {
+                    ...common,
+                    values: [record.value]
+                });
+                break;
+            case "NS":
+                new NsRecord(scope, constructId, {
+                    ...common,
+                    values: [record.value]
+                });
+                break;
+            case "SRV":
+                new SrvRecord(scope, constructId, {
+                    ...common,
+                    values: [
+                        {
+                            hostName: record.value,
+                            priority: record.priority ?? 10,
+                            weight: record.weight ?? 0,
+                            port: record.port ?? 443
+                        }
+                    ]
+                });
+                break;
+            case "CAA":
+                new CaaRecord(scope, constructId, {
+                    ...common,
+                    values: [
+                        {
+                            flag: 0,
+                            tag: record.value.includes("issuewild")
+                                ? CaaTag.ISSUEWILD
+                                : record.value.includes("iodef")
+                                    ? CaaTag.IODEF
+                                    : CaaTag.ISSUE,
+                            value: record.value
+                        }
+                    ]
+                });
+                break;
+        }
+    });
+}
+/**
+ * Typed composer consumed by the new `Domain` construct. Accepts the
+ * discriminated `DnsRecord` union (`StandardRecord | AliasRecord`).
+ *
+ * `AliasRecord` entries MUST carry a `target` produced by `fjallApp()`,
+ * `fjallCdn()`, `fjallBucket()`, or `aliasTo()` — those helpers return
+ * `FjallTarget & IAliasRecordTarget` so `target.bind()` is guaranteed. A
+ * runtime guard catches user-crafted `{ kind, ... }` literals that lack
+ * `bind()`.
+ *
+ * Construct-id formula (`${safeZone}${safeName}${type}Record${index}`) is
+ * byte-identical to the legacy composer — this is an eject-contract
+ * invariant (Phase 3 depends on stable IDs).
+ */
+export function composeTypedDnsRecords(scope, zone, zoneName, records) {
+    const safeZone = toPascalCase(getSafeZoneName(zoneName));
+    records.forEach((record, index) => {
+        const safeName = toPascalCase(record.name === DNS_APEX ? "Apex" : record.name);
+        const constructId = `${safeZone}${safeName}${record.type}Record${index}`;
+        const common = {
+            zone,
+            zoneName,
+            recordName: record.name
+        };
+        if ("target" in record) {
+            const target = record.target;
+            if (target === null ||
+                typeof target !== "object" ||
+                typeof target.bind !== "function") {
+                throw new Error("AliasRecord target must be constructed via fjallApp()/fjallCdn()/fjallBucket()/aliasTo() — " +
+                    "plain FjallTarget objects lack the bind() method required by CDK's IAliasRecordTarget contract.");
+            }
+            new AliasRecord(scope, constructId, {
+                ...common,
+                target: target
+            });
+            return;
+        }
+        const ttl = record.ttl;
+        const values = Array.isArray(record.value) ? record.value : [record.value];
+        switch (record.type) {
+            case "A":
+                new ARecord(scope, constructId, { ...common, ttl, values });
+                break;
+            case "AAAA":
+                new AaaaRecord(scope, constructId, { ...common, ttl, values });
+                break;
+            case "CNAME":
+                new CnameRecord(scope, constructId, {
+                    ...common,
+                    ttl,
+                    domainName: values[0] ?? ""
+                });
+                break;
+            case "MX":
+                new MxRecord(scope, constructId, {
+                    ...common,
+                    ttl,
+                    values: values.map((raw) => parseMxValue(raw))
+                });
+                break;
+            case "TXT":
+                new TxtRecord(scope, constructId, { ...common, ttl, values });
+                break;
+            case "NS":
+                new NsRecord(scope, constructId, { ...common, ttl, values });
+                break;
+            case "SRV":
+                new SrvRecord(scope, constructId, {
+                    ...common,
+                    ttl,
+                    values: values.map((raw) => parseSrvValue(raw))
+                });
+                break;
+            case "CAA":
+                new CaaRecord(scope, constructId, {
+                    ...common,
+                    ttl,
+                    values: values.map((raw) => ({
+                        flag: 0,
+                        tag: raw.includes("issuewild")
+                            ? CaaTag.ISSUEWILD
+                            : raw.includes("iodef")
+                                ? CaaTag.IODEF
+                                : CaaTag.ISSUE,
+                        value: raw
+                    }))
+                });
+                break;
+            default: {
+                const _exhaustive = record;
+                throw new Error(`Unsupported DnsRecord type: ${String(_exhaustive.type)}`);
+            }
+        }
+    });
+}
+// Parse "10 mail.example.com" → { priority: 10, hostName: "mail.example.com" }.
+function parseMxValue(raw) {
+    const parts = raw.trim().split(/\s+/);
+    if (parts.length < 2) {
+        return { hostName: raw.trim(), priority: 10 };
+    }
+    const priorityPart = parts[0] ?? "10";
+    const hostPart = parts.slice(1).join(" ");
+    const parsed = Number.parseInt(priorityPart, 10);
+    return {
+        priority: Number.isFinite(parsed) ? parsed : 10,
+        hostName: hostPart
+    };
+}
+// Parse "10 0 443 target.example.com" → SRV value. Missing fields fall back
+// to sensible Route53-compatible defaults.
+function parseSrvValue(raw) {
+    const parts = raw.trim().split(/\s+/);
+    const priority = Number.parseInt(parts[0] ?? "10", 10);
+    const weight = Number.parseInt(parts[1] ?? "0", 10);
+    const port = Number.parseInt(parts[2] ?? "443", 10);
+    const hostName = parts.slice(3).join(" ") || (parts[0] ?? "");
+    return {
+        priority: Number.isFinite(priority) ? priority : 10,
+        weight: Number.isFinite(weight) ? weight : 0,
+        port: Number.isFinite(port) ? port : 443,
+        hostName
+    };
+}

package/dist/lib/patterns/aws/domain.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import { Construct } from "constructs";
+import type { IHostedZone } from "aws-cdk-lib/aws-route53";
+import type { ICertificate } from "aws-cdk-lib/aws-certificatemanager";
+import { getDomainExportNames } from "@fjall/util";
+import type { DomainProps, ManualRecord } from "./interfaces/domain.js";
+/**
+ * User-facing Route53-oriented domain construct. Dispatches on
+ * `props.registrar` to one of three per-registrar patterns:
+ *
+ *   - `route53` → `composeApexDomain` (apex HZ + delegations)
+ *   - `external-delegated` → `composeDelegatedDomain` (sub-HZ only)
+ *   - `external-records` → `composeExternalRecords` (no HZ, manual records)
+ *
+ * Applies gold-plating tags (`fjall:description`, three
+ * `fjall:costAllocation:*` tags) and user-supplied tags at the construct
+ * scope. Exposes the composed artefacts as public readonly properties for
+ * callers that need to wire resources (e.g., granting cert references).
+ *
+ * Pure composition — holds no state beyond the props/results. Validation is
+ * performed synchronously in the constructor; CDK surfaces any thrown Error
+ * against the `new Domain(...)` call site.
+ */
+export declare class Domain extends Construct {
+    #private;
+    readonly registrar: DomainProps["registrar"];
+    readonly hostedZone: IHostedZone | undefined;
+    readonly certificates: Map<string, ICertificate>;
+    readonly nameServers: string[] | undefined;
+    readonly manualRecords: ManualRecord[];
+    readonly exportNames: ReturnType<typeof getDomainExportNames>;
+    constructor(scope: Construct, id: string, props: DomainProps);
+}

package/dist/lib/patterns/aws/domain.js ADDED Viewed

@@ -0,0 +1,115 @@
+import { CfnOutput, Tags } from "aws-cdk-lib";
+import { Construct } from "constructs";
+import { getDomainExportNames } from "@fjall/util";
+import { toPascalCase, getSafeZoneName } from "../../utils/capitaliseString.js";
+import { validateDomainProps } from "./domainValidation.js";
+import { composeApexDomain } from "./apexDomainPattern.js";
+import { composeDelegatedDomain } from "./delegatedDomainPattern.js";
+import { composeExternalRecords } from "./externalRecordsPattern.js";
+/**
+ * User-facing Route53-oriented domain construct. Dispatches on
+ * `props.registrar` to one of three per-registrar patterns:
+ *
+ *   - `route53` → `composeApexDomain` (apex HZ + delegations)
+ *   - `external-delegated` → `composeDelegatedDomain` (sub-HZ only)
+ *   - `external-records` → `composeExternalRecords` (no HZ, manual records)
+ *
+ * Applies gold-plating tags (`fjall:description`, three
+ * `fjall:costAllocation:*` tags) and user-supplied tags at the construct
+ * scope. Exposes the composed artefacts as public readonly properties for
+ * callers that need to wire resources (e.g., granting cert references).
+ *
+ * Pure composition — holds no state beyond the props/results. Validation is
+ * performed synchronously in the constructor; CDK surfaces any thrown Error
+ * against the `new Domain(...)` call site.
+ */
+export class Domain extends Construct {
+    registrar;
+    hostedZone;
+    certificates;
+    nameServers;
+    manualRecords;
+    exportNames;
+    constructor(scope, id, props) {
+        super(scope, id);
+        validateDomainProps(this, props);
+        this.registrar = props.registrar;
+        this.exportNames = getDomainExportNames(resolveEffectiveZoneName(props));
+        switch (props.registrar) {
+            case "route53": {
+                const result = composeApexDomain(this, props);
+                this.hostedZone = result.hostedZone;
+                this.certificates = result.certificates;
+                this.nameServers = result.nameServers;
+                this.manualRecords = result.manualRecords;
+                break;
+            }
+            case "external-delegated": {
+                const result = composeDelegatedDomain(this, props);
+                this.hostedZone = result.hostedZone;
+                this.certificates = result.certificates;
+                this.nameServers = result.nameServers;
+                this.manualRecords = result.manualRecords;
+                break;
+            }
+            case "external-records": {
+                const result = composeExternalRecords(this, props);
+                this.hostedZone = undefined;
+                this.certificates = result.certificates;
+                this.nameServers = undefined;
+                this.manualRecords = result.manualRecords;
+                break;
+            }
+            default: {
+                const _exhaustive = props;
+                throw new Error(`Unsupported Domain registrar: ${String(_exhaustive.registrar)}`);
+            }
+        }
+        this.#applyGoldPlatingTags(props);
+        this.#applyUserTags(props);
+        this.#emitCrossPhaseOutputs(props);
+    }
+    #applyGoldPlatingTags(props) {
+        const effectiveZone = resolveEffectiveZoneName(props);
+        const description = props.description ?? `Fjall-managed domain for ${effectiveZone}`;
+        Tags.of(this).add("fjall:description", description);
+        Tags.of(this).add("fjall:costAllocation:environment", props.costAllocationEnvironment ?? "management");
+        Tags.of(this).add("fjall:costAllocation:service", "domain");
+        Tags.of(this).add("fjall:costAllocation:domain", props.zoneName);
+    }
+    #applyUserTags(props) {
+        if (!props.tags) {
+            return;
+        }
+        for (const [key, value] of Object.entries(props.tags)) {
+            Tags.of(this).add(key, value);
+        }
+    }
+    /**
+     * Re-publish the domain's effective zone name under a predictable export
+     * key so downstream consumers (Phase 2, Phase 3 eject) can resolve the
+     * managed zone without knowing the registrar discriminant. The `Zone` and
+     * `HostedZoneId` outputs on the inner `HostedZone` construct cover the
+     * Route53-backed paths; this output covers external-records mode where no
+     * hosted zone exists.
+     */
+    #emitCrossPhaseOutputs(props) {
+        if (props.registrar !== "external-records") {
+            return;
+        }
+        const safeZone = toPascalCase(getSafeZoneName(props.zoneName));
+        new CfnOutput(this, `${safeZone}ExternalZoneName`, {
+            key: `${safeZone}ExternalZoneName`,
+            value: props.zoneName,
+            description: "External-records zone name (no Fjall-managed HZ)"
+        });
+    }
+}
+function resolveEffectiveZoneName(props) {
+    if (props.registrar === "external-delegated") {
+        const delegated = props;
+        return `${delegated.delegatedSubdomain}.${delegated.zoneName}`;
+    }
+    const narrowed = props;
+    return narrowed.zoneName;
+}

package/dist/lib/patterns/aws/domainDelegation.d.ts CHANGED Viewed

@@ -1,8 +1,8 @@
 import { Construct } from "constructs";
-import * as route53 from "aws-cdk-lib/aws-route53";
-import type { DomainDelegatedProps } from "./interfaces/domain";
+import type { IHostedZone } from "aws-cdk-lib/aws-route53";
+import type { DomainDelegatedProps } from "./interfaces/domain.js";
 export declare class DomainDelegation extends Construct {
     readonly hostedZoneId: string;
-    readonly hostedZone: route53.HostedZone;
+    readonly hostedZone: IHostedZone;
     constructor(scope: Construct, id: string, props: DomainDelegatedProps);
 }

package/dist/lib/patterns/aws/domainDelegation.js CHANGED Viewed

@@ -1,54 +1,45 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DomainDelegation = void 0;
-const constructs_1 = require("constructs");
-const aws_cdk_lib_1 = require("aws-cdk-lib");
-const route53 = require("aws-cdk-lib/aws-route53");
-const iam_1 = require("../../resources/aws/iam");
-const capitaliseString_1 = require("../../utils/capitaliseString");
-const domainCertificate_1 = require("../../resources/aws/networking/domainCertificate");
-const domainTypes_1 = require("../../utils/domainTypes");
-class DomainDelegation extends constructs_1.Construct {
+import { Construct } from "constructs";
+import { Fn } from "aws-cdk-lib";
+import { getDomainExportNames } from "@fjall/util";
+import { Role } from "../../resources/aws/iam/index.js";
+import { toPascalCase, getSafeZoneName } from "../../utils/capitaliseString.js";
+import { HostedZone } from "../../resources/aws/networking/hostedZone.js";
+import { CrossAccountDelegationRecord } from "../../resources/aws/networking/crossAccountDelegationRecord.js";
+import { DomainCertificate } from "../../resources/aws/networking/domainCertificate.js";
+import { composeDnsRecords } from "./dnsRecordComposer.js";
+export class DomainDelegation extends Construct {
+    hostedZoneId;
+    hostedZone;
     constructor(scope, id, props) {
         super(scope, id);
-        const parentFirstLabel = props.parentZoneName.split(".")[0] ?? "default";
-        const delegationRoleArn = aws_cdk_lib_1.Fn.importValue(`${parentFirstLabel}DelegateHostedZoneRoleArn`);
-        const hostedZoneDelegationRole = iam_1.Role.fromRoleArn(this, "HostedZoneDelegationRole", delegationRoleArn);
-        const safeZone = (0, capitaliseString_1.getSafeZoneName)(props.zoneName);
-        this.hostedZone = new route53.HostedZone(this, `${safeZone}HostedZone`, {
-            zoneName: props.zoneName
+        const delegationRoleArn = Fn.importValue(getDomainExportNames(props.parentZoneName).delegationRoleArn);
+        const hostedZoneDelegationRole = Role.fromRoleArn(this, "HostedZoneDelegationRole", delegationRoleArn);
+        const safeZone = getSafeZoneName(props.zoneName);
+        const zone = new HostedZone(this, `${safeZone}HostedZone`, {
+            zoneName: props.zoneName,
+            createDelegationRole: false
         });
-        this.hostedZoneId = this.hostedZone.hostedZoneId;
-        new route53.CrossAccountZoneDelegationRecord(this, `${safeZone}DelegationRecord`, {
+        this.hostedZone = zone.hostedZone;
+        this.hostedZoneId = zone.hostedZoneId;
+        new CrossAccountDelegationRecord(this, `${safeZone}DelegationRecord`, {
             delegationRole: hostedZoneDelegationRole,
-            delegatedZone: this.hostedZone,
+            delegatedZone: zone.hostedZone,
+            delegatedZoneName: props.zoneName,
             parentHostedZoneName: props.parentZoneName
         });
-        const safeKey = (0, capitaliseString_1.toPascalCase)(safeZone);
-        const exports = (0, domainTypes_1.getDomainExportNames)(props.zoneName);
-        new aws_cdk_lib_1.CfnOutput(this, `${safeKey}HostedZoneId`, {
-            key: `${safeKey}HostedZoneId`,
-            value: this.hostedZoneId,
-            exportName: exports.hostedZoneId
-        });
-        new aws_cdk_lib_1.CfnOutput(this, `${safeKey}Nameservers`, {
-            key: `${safeKey}Nameservers`,
-            value: aws_cdk_lib_1.Fn.join(",", this.hostedZone.hostedZoneNameServers ?? [])
-        });
+        const safeKey = toPascalCase(safeZone);
         if (props.certificates) {
             props.certificates.forEach((cert, index) => {
-                const safeCertName = (0, capitaliseString_1.toPascalCase)(cert.domainName.split(".").join(""));
-                new domainCertificate_1.DomainCertificate(this, `${safeKey}${safeCertName}Cert${index}`, {
+                const safeCertName = toPascalCase(cert.domainName.split(".").join(""));
+                new DomainCertificate(this, `${safeKey}${safeCertName}Cert${index}`, {
                     domainName: cert.domainName,
                     subjectAlternativeNames: cert.subjectAlternativeNames,
-                    hostedZone: this.hostedZone
+                    hostedZone: zone.hostedZone
                 });
             });
         }
         if (props.records) {
-            (0, domainTypes_1.addDnsRecords)(this, this.hostedZone, props.zoneName, props.records);
+            composeDnsRecords(this, zone.hostedZone, props.zoneName, props.records);
         }
     }
 }
-exports.DomainDelegation = DomainDelegation;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG9tYWluRGVsZWdhdGlvbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9wYXR0ZXJucy9hd3MvZG9tYWluRGVsZWdhdGlvbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwyQ0FBdUM7QUFDdkMsNkNBQTRDO0FBQzVDLG1EQUFtRDtBQUNuRCxpREFBK0M7QUFDL0MsbUVBQTZFO0FBQzdFLHdGQUFxRjtBQUVyRix5REFBOEU7QUFFOUUsTUFBYSxnQkFBaUIsU0FBUSxzQkFBUztJQUk3QyxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQTJCO1FBQ25FLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsTUFBTSxnQkFBZ0IsR0FBRyxLQUFLLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxTQUFTLENBQUM7UUFDekUsTUFBTSxpQkFBaUIsR0FBRyxnQkFBRSxDQUFDLFdBQVcsQ0FDdEMsR0FBRyxnQkFBZ0IsMkJBQTJCLENBQy9DLENBQUM7UUFFRixNQUFNLHdCQUF3QixHQUFHLFVBQUksQ0FBQyxXQUFXLENBQy9DLElBQUksRUFDSiwwQkFBMEIsRUFDMUIsaUJBQWlCLENBQ2xCLENBQUM7UUFFRixNQUFNLFFBQVEsR0FBRyxJQUFBLGtDQUFlLEVBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBRWpELElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLElBQUksRUFBRSxHQUFHLFFBQVEsWUFBWSxFQUFFO1lBQ3RFLFFBQVEsRUFBRSxLQUFLLENBQUMsUUFBUTtTQUN6QixDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDO1FBRWpELElBQUksT0FBTyxDQUFDLGdDQUFnQyxDQUMxQyxJQUFJLEVBQ0osR0FBRyxRQUFRLGtCQUFrQixFQUM3QjtZQUNFLGNBQWMsRUFBRSx3QkFBd0I7WUFDeEMsYUFBYSxFQUFFLElBQUksQ0FBQyxVQUFVO1lBQzlCLG9CQUFvQixFQUFFLEtBQUssQ0FBQyxjQUFjO1NBQzNDLENBQ0YsQ0FBQztRQUVGLE1BQU0sT0FBTyxHQUFHLElBQUEsK0JBQVksRUFBQyxRQUFRLENBQUMsQ0FBQztRQUN2QyxNQUFNLE9BQU8sR0FBRyxJQUFBLGtDQUFvQixFQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUVyRCxJQUFJLHVCQUFTLENBQUMsSUFBSSxFQUFFLEdBQUcsT0FBTyxjQUFjLEVBQUU7WUFDNUMsR0FBRyxFQUFFLEdBQUcsT0FBTyxjQUFjO1lBQzdCLEtBQUssRUFBRSxJQUFJLENBQUMsWUFBWTtZQUN4QixVQUFVLEVBQUUsT0FBTyxDQUFDLFlBQVk7U0FDakMsQ0FBQyxDQUFDO1FBRUgsSUFBSSx1QkFBUyxDQUFDLElBQUksRUFBRSxHQUFHLE9BQU8sYUFBYSxFQUFFO1lBQzNDLEdBQUcsRUFBRSxHQUFHLE9BQU8sYUFBYTtZQUM1QixLQUFLLEVBQUUsZ0JBQUUsQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMscUJBQXFCLElBQUksRUFBRSxDQUFDO1NBQ2pFLENBQUMsQ0FBQztRQUVILElBQUksS0FBSyxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ3ZCLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLENBQUMsSUFBSSxFQUFFLEtBQUssRUFBRSxFQUFFO2dCQUN6QyxNQUFNLFlBQVksR0FBRyxJQUFBLCtCQUFZLEVBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUM7Z0JBQ3ZFLElBQUkscUNBQWlCLENBQUMsSUFBSSxFQUFFLEdBQUcsT0FBTyxHQUFHLFlBQVksT0FBTyxLQUFLLEVBQUUsRUFBRTtvQkFDbkUsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO29CQUMzQix1QkFBdUIsRUFBRSxJQUFJLENBQUMsdUJBQXVCO29CQUNyRCxVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7aUJBQzVCLENBQUMsQ0FBQztZQUNMLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELElBQUksS0FBSyxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2xCLElBQUEsMkJBQWEsRUFBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUMsUUFBUSxFQUFFLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0RSxDQUFDO0lBQ0gsQ0FBQztDQUNGO0FBakVELDRDQWlFQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBDZm5PdXRwdXQsIEZuIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgKiBhcyByb3V0ZTUzIGZyb20gXCJhd3MtY2RrLWxpYi9hd3Mtcm91dGU1M1wiO1xuaW1wb3J0IHsgUm9sZSB9IGZyb20gXCIuLi8uLi9yZXNvdXJjZXMvYXdzL2lhbVwiO1xuaW1wb3J0IHsgdG9QYXNjYWxDYXNlLCBnZXRTYWZlWm9uZU5hbWUgfSBmcm9tIFwiLi4vLi4vdXRpbHMvY2FwaXRhbGlzZVN0cmluZ1wiO1xuaW1wb3J0IHsgRG9tYWluQ2VydGlmaWNhdGUgfSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzL2F3cy9uZXR3b3JraW5nL2RvbWFpbkNlcnRpZmljYXRlXCI7XG5pbXBvcnQgdHlwZSB7IERvbWFpbkRlbGVnYXRlZFByb3BzIH0gZnJvbSBcIi4vaW50ZXJmYWNlcy9kb21haW5cIjtcbmltcG9ydCB7IGdldERvbWFpbkV4cG9ydE5hbWVzLCBhZGREbnNSZWNvcmRzIH0gZnJvbSBcIi4uLy4uL3V0aWxzL2RvbWFpblR5cGVzXCI7XG5cbmV4cG9ydCBjbGFzcyBEb21haW5EZWxlZ2F0aW9uIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgcHVibGljIHJlYWRvbmx5IGhvc3RlZFpvbmVJZDogc3RyaW5nO1xuICBwdWJsaWMgcmVhZG9ubHkgaG9zdGVkWm9uZTogcm91dGU1My5Ib3N0ZWRab25lO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBEb21haW5EZWxlZ2F0ZWRQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCBwYXJlbnRGaXJzdExhYmVsID0gcHJvcHMucGFyZW50Wm9uZU5hbWUuc3BsaXQoXCIuXCIpWzBdID8/IFwiZGVmYXVsdFwiO1xuICAgIGNvbnN0IGRlbGVnYXRpb25Sb2xlQXJuID0gRm4uaW1wb3J0VmFsdWUoXG4gICAgICBgJHtwYXJlbnRGaXJzdExhYmVsfURlbGVnYXRlSG9zdGVkWm9uZVJvbGVBcm5gXG4gICAgKTtcblxuICAgIGNvbnN0IGhvc3RlZFpvbmVEZWxlZ2F0aW9uUm9sZSA9IFJvbGUuZnJvbVJvbGVBcm4oXG4gICAgICB0aGlzLFxuICAgICAgXCJIb3N0ZWRab25lRGVsZWdhdGlvblJvbGVcIixcbiAgICAgIGRlbGVnYXRpb25Sb2xlQXJuXG4gICAgKTtcblxuICAgIGNvbnN0IHNhZmVab25lID0gZ2V0U2FmZVpvbmVOYW1lKHByb3BzLnpvbmVOYW1lKTtcblxuICAgIHRoaXMuaG9zdGVkWm9uZSA9IG5ldyByb3V0ZTUzLkhvc3RlZFpvbmUodGhpcywgYCR7c2FmZVpvbmV9SG9zdGVkWm9uZWAsIHtcbiAgICAgIHpvbmVOYW1lOiBwcm9wcy56b25lTmFtZVxuICAgIH0pO1xuXG4gICAgdGhpcy5ob3N0ZWRab25lSWQgPSB0aGlzLmhvc3RlZFpvbmUuaG9zdGVkWm9uZUlkO1xuXG4gICAgbmV3IHJvdXRlNTMuQ3Jvc3NBY2NvdW50Wm9uZURlbGVnYXRpb25SZWNvcmQoXG4gICAgICB0aGlzLFxuICAgICAgYCR7c2FmZVpvbmV9RGVsZWdhdGlvblJlY29yZGAsXG4gICAgICB7XG4gICAgICAgIGRlbGVnYXRpb25Sb2xlOiBob3N0ZWRab25lRGVsZWdhdGlvblJvbGUsXG4gICAgICAgIGRlbGVnYXRlZFpvbmU6IHRoaXMuaG9zdGVkWm9uZSxcbiAgICAgICAgcGFyZW50SG9zdGVkWm9uZU5hbWU6IHByb3BzLnBhcmVudFpvbmVOYW1lXG4gICAgICB9XG4gICAgKTtcblxuICAgIGNvbnN0IHNhZmVLZXkgPSB0b1Bhc2NhbENhc2Uoc2FmZVpvbmUpO1xuICAgIGNvbnN0IGV4cG9ydHMgPSBnZXREb21haW5FeHBvcnROYW1lcyhwcm9wcy56b25lTmFtZSk7XG5cbiAgICBuZXcgQ2ZuT3V0cHV0KHRoaXMsIGAke3NhZmVLZXl9SG9zdGVkWm9uZUlkYCwge1xuICAgICAga2V5OiBgJHtzYWZlS2V5fUhvc3RlZFpvbmVJZGAsXG4gICAgICB2YWx1ZTogdGhpcy5ob3N0ZWRab25lSWQsXG4gICAgICBleHBvcnROYW1lOiBleHBvcnRzLmhvc3RlZFpvbmVJZFxuICAgIH0pO1xuXG4gICAgbmV3IENmbk91dHB1dCh0aGlzLCBgJHtzYWZlS2V5fU5hbWVzZXJ2ZXJzYCwge1xuICAgICAga2V5OiBgJHtzYWZlS2V5fU5hbWVzZXJ2ZXJzYCxcbiAgICAgIHZhbHVlOiBGbi5qb2luKFwiLFwiLCB0aGlzLmhvc3RlZFpvbmUuaG9zdGVkWm9uZU5hbWVTZXJ2ZXJzID8/IFtdKVxuICAgIH0pO1xuXG4gICAgaWYgKHByb3BzLmNlcnRpZmljYXRlcykge1xuICAgICAgcHJvcHMuY2VydGlmaWNhdGVzLmZvckVhY2goKGNlcnQsIGluZGV4KSA9PiB7XG4gICAgICAgIGNvbnN0IHNhZmVDZXJ0TmFtZSA9IHRvUGFzY2FsQ2FzZShjZXJ0LmRvbWFpbk5hbWUuc3BsaXQoXCIuXCIpLmpvaW4oXCJcIikpO1xuICAgICAgICBuZXcgRG9tYWluQ2VydGlmaWNhdGUodGhpcywgYCR7c2FmZUtleX0ke3NhZmVDZXJ0TmFtZX1DZXJ0JHtpbmRleH1gLCB7XG4gICAgICAgICAgZG9tYWluTmFtZTogY2VydC5kb21haW5OYW1lLFxuICAgICAgICAgIHN1YmplY3RBbHRlcm5hdGl2ZU5hbWVzOiBjZXJ0LnN1YmplY3RBbHRlcm5hdGl2ZU5hbWVzLFxuICAgICAgICAgIGhvc3RlZFpvbmU6IHRoaXMuaG9zdGVkWm9uZVxuICAgICAgICB9KTtcbiAgICAgIH0pO1xuICAgIH1cblxuICAgIGlmIChwcm9wcy5yZWNvcmRzKSB7XG4gICAgICBhZGREbnNSZWNvcmRzKHRoaXMsIHRoaXMuaG9zdGVkWm9uZSwgcHJvcHMuem9uZU5hbWUsIHByb3BzLnJlY29yZHMpO1xuICAgIH1cbiAgfVxufVxuIl19

package/dist/lib/patterns/aws/domainFactory.d.ts CHANGED Viewed

@@ -1,8 +1,23 @@
-import { type Construct } from "constructs";
-import { Domain } from "../../resources/aws/networking/domain";
-import { DomainDelegation } from "./domainDelegation";
-import type { DomainApexProps, DomainDelegatedProps } from "./interfaces/domain";
+import { Construct } from "constructs";
+import type { IHostedZone } from "aws-cdk-lib/aws-route53";
+import { DomainDelegation } from "./domainDelegation.js";
+import type { DomainApexProps, DomainDelegatedProps } from "./interfaces/domain.js";
+/**
+ * @internal
+ * Apex domain composition — combines HostedZone, per-type DNS records, and
+ * certificates. Defined inline here rather than in its own file because Phase 1
+ * replaces this class wholesale with the user-facing `Domain` construct. Extracting
+ * now would be over-investment in a doomed abstraction.
+ *
+ * Exported only so pattern-layer tests can assert `instanceof ApexDomain`.
+ */
+export declare class ApexDomain extends Construct {
+    readonly hostedZone: IHostedZone;
+    readonly hostedZoneId: string;
+    constructor(scope: Construct, id: string, props: DomainApexProps);
+    private addCertificates;
+}
 export declare class DomainFactory {
-    static build(id: string, props: DomainApexProps): (scope: Construct) => Domain;
+    static build(id: string, props: DomainApexProps): (scope: Construct) => ApexDomain;
     static build(id: string, props: DomainDelegatedProps): (scope: Construct) => DomainDelegation;
 }

package/dist/lib/patterns/aws/domainFactory.js CHANGED Viewed

@@ -1,16 +1,56 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DomainFactory = void 0;
-const domain_1 = require("../../resources/aws/networking/domain");
-const domainDelegation_1 = require("./domainDelegation");
-class DomainFactory {
+import { Construct } from "constructs";
+import { HostedZone } from "../../resources/aws/networking/hostedZone.js";
+import { DomainCertificate } from "../../resources/aws/networking/domainCertificate.js";
+import { toPascalCase } from "../../utils/capitaliseString.js";
+import { DomainDelegation } from "./domainDelegation.js";
+import { composeDnsRecords } from "./dnsRecordComposer.js";
+/**
+ * @internal
+ * Apex domain composition — combines HostedZone, per-type DNS records, and
+ * certificates. Defined inline here rather than in its own file because Phase 1
+ * replaces this class wholesale with the user-facing `Domain` construct. Extracting
+ * now would be over-investment in a doomed abstraction.
+ *
+ * Exported only so pattern-layer tests can assert `instanceof ApexDomain`.
+ */
+export class ApexDomain extends Construct {
+    hostedZone;
+    hostedZoneId;
+    constructor(scope, id, props) {
+        super(scope, id);
+        const zone = new HostedZone(this, "Zone", {
+            zoneName: props.zoneName,
+            hostedZoneId: props.hostedZoneId
+        });
+        this.hostedZone = zone.hostedZone;
+        this.hostedZoneId = zone.hostedZoneId;
+        if (props.records) {
+            composeDnsRecords(this, zone.hostedZone, props.zoneName, props.records);
+        }
+        if (props.certificates) {
+            this.addCertificates(props.certificates, props.zoneName);
+        }
+    }
+    addCertificates(certificates, zoneName) {
+        const safeZone = toPascalCase(zoneName.split(".").join(""));
+        certificates.forEach((cert, index) => {
+            const safeCertName = toPascalCase(cert.domainName.split(".").join(""));
+            new DomainCertificate(this, `${safeZone}${safeCertName}Cert${index}`, {
+                domainName: cert.domainName,
+                subjectAlternativeNames: cert.subjectAlternativeNames,
+                hostedZone: this.hostedZone
+            });
+        });
+    }
+}
+export class DomainFactory {
     static build(id, props) {
         return (scope) => {
             switch (props.type) {
                 case "domain":
-                    return new domain_1.Domain(scope, id, props);
+                    return new ApexDomain(scope, id, props);
                 case "delegated":
-                    return new domainDelegation_1.DomainDelegation(scope, id, props);
+                    return new DomainDelegation(scope, id, props);
                 default: {
                     const _exhaustive = props;
                     throw new Error(`Unsupported domain type: ${String(_exhaustive.type)}`);
@@ -19,5 +59,3 @@ class DomainFactory {
         };
     }
 }
-exports.DomainFactory = DomainFactory;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG9tYWluRmFjdG9yeS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9wYXR0ZXJucy9hd3MvZG9tYWluRmFjdG9yeS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFDQSxrRUFBK0Q7QUFDL0QseURBQXNEO0FBT3RELE1BQWEsYUFBYTtJQVN4QixNQUFNLENBQUMsS0FBSyxDQUNWLEVBQVUsRUFDVixLQUFtQjtRQUVuQixPQUFPLENBQUMsS0FBZ0IsRUFBRSxFQUFFO1lBQzFCLFFBQVEsS0FBSyxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUNuQixLQUFLLFFBQVE7b0JBQ1gsT0FBTyxJQUFJLGVBQU0sQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO2dCQUN0QyxLQUFLLFdBQVc7b0JBQ2QsT0FBTyxJQUFJLG1DQUFnQixDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7Z0JBQ2hELE9BQU8sQ0FBQyxDQUFDLENBQUM7b0JBQ1IsTUFBTSxXQUFXLEdBQVUsS0FBSyxDQUFDO29CQUNqQyxNQUFNLElBQUksS0FBSyxDQUNiLDRCQUE0QixNQUFNLENBQUUsV0FBNEIsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUN6RSxDQUFDO2dCQUNKLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQyxDQUFDO0lBQ0osQ0FBQztDQUNGO0FBNUJELHNDQTRCQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IHR5cGUgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCB7IERvbWFpbiB9IGZyb20gXCIuLi8uLi9yZXNvdXJjZXMvYXdzL25ldHdvcmtpbmcvZG9tYWluXCI7XG5pbXBvcnQgeyBEb21haW5EZWxlZ2F0aW9uIH0gZnJvbSBcIi4vZG9tYWluRGVsZWdhdGlvblwiO1xuaW1wb3J0IHR5cGUge1xuICBEb21haW5BcGV4UHJvcHMsXG4gIERvbWFpbkRlbGVnYXRlZFByb3BzLFxuICBJRG9tYWluUHJvcHNcbn0gZnJvbSBcIi4vaW50ZXJmYWNlcy9kb21haW5cIjtcblxuZXhwb3J0IGNsYXNzIERvbWFpbkZhY3Rvcnkge1xuICBzdGF0aWMgYnVpbGQoXG4gICAgaWQ6IHN0cmluZyxcbiAgICBwcm9wczogRG9tYWluQXBleFByb3BzXG4gICk6IChzY29wZTogQ29uc3RydWN0KSA9PiBEb21haW47XG4gIHN0YXRpYyBidWlsZChcbiAgICBpZDogc3RyaW5nLFxuICAgIHByb3BzOiBEb21haW5EZWxlZ2F0ZWRQcm9wc1xuICApOiAoc2NvcGU6IENvbnN0cnVjdCkgPT4gRG9tYWluRGVsZWdhdGlvbjtcbiAgc3RhdGljIGJ1aWxkKFxuICAgIGlkOiBzdHJpbmcsXG4gICAgcHJvcHM6IElEb21haW5Qcm9wc1xuICApOiAoc2NvcGU6IENvbnN0cnVjdCkgPT4gRG9tYWluIHwgRG9tYWluRGVsZWdhdGlvbiB7XG4gICAgcmV0dXJuIChzY29wZTogQ29uc3RydWN0KSA9PiB7XG4gICAgICBzd2l0Y2ggKHByb3BzLnR5cGUpIHtcbiAgICAgICAgY2FzZSBcImRvbWFpblwiOlxuICAgICAgICAgIHJldHVybiBuZXcgRG9tYWluKHNjb3BlLCBpZCwgcHJvcHMpO1xuICAgICAgICBjYXNlIFwiZGVsZWdhdGVkXCI6XG4gICAgICAgICAgcmV0dXJuIG5ldyBEb21haW5EZWxlZ2F0aW9uKHNjb3BlLCBpZCwgcHJvcHMpO1xuICAgICAgICBkZWZhdWx0OiB7XG4gICAgICAgICAgY29uc3QgX2V4aGF1c3RpdmU6IG5ldmVyID0gcHJvcHM7XG4gICAgICAgICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgICAgICAgYFVuc3VwcG9ydGVkIGRvbWFpbiB0eXBlOiAke1N0cmluZygoX2V4aGF1c3RpdmUgYXMgSURvbWFpblByb3BzKS50eXBlKX1gXG4gICAgICAgICAgKTtcbiAgICAgICAgfVxuICAgICAgfVxuICAgIH07XG4gIH1cbn1cbiJdfQ==

package/dist/lib/patterns/aws/domainValidation.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import type { Construct } from "constructs";
+import type { DomainProps } from "./interfaces/domain.js";
+/**
+ * Synchronous synth-time validator for `DomainProps`. Throws on hard errors
+ * (CDK catches and surfaces the stack trace pointing at the `new Domain(...)`
+ * call site). Emits CDK warnings (non-fatal) for advisories such as alias
+ * records carrying a runtime TTL that Route53 silently ignores.
+ *
+ * Pure: no I/O, no CDK side effects other than `Annotations.of(scope).addWarning`.
+ */
+export declare function validateDomainProps(scope: Construct, props: DomainProps): void;