@fjall/components-infrastructure 0.95.0 → 0.99.1

package/dist/lib/patterns/aws/messaging.js

@@ -1,21 +1,37 @@
-import { SQSQueue } from "../../resources/aws/messaging/sqs.js";
+import { EventBus as CdkEventBus } from "aws-cdk-lib/aws-events";
+import { SQSQueue, SQS_LIMITS } from "../../resources/aws/messaging/sqs.js";
 import { SNSTopic } from "../../resources/aws/messaging/sns.js";
 import { EventBridgeBus } from "../../resources/aws/messaging/eventbridge.js";
+import { Subscription } from "../../resources/aws/messaging/subscription.js";
 import { FjallLogger } from "../../utils/validationLogger.js";
 /**
  * Validates SQS props and logs warnings for misconfigured options.
  */
 function validateSQSProps(props) {
-    // Validate visibility timeout range (0-43200 seconds = 12 hours)
     if (props.visibilityTimeout !== undefined &&
-        (props.visibilityTimeout < 0 || props.visibilityTimeout > 43200)) {
-        throw new Error("visibilityTimeout must be between 0 and 43200 seconds (12 hours)");
+        (props.visibilityTimeout < SQS_LIMITS.VISIBILITY_TIMEOUT.MIN_SECONDS ||
+            props.visibilityTimeout > SQS_LIMITS.VISIBILITY_TIMEOUT.MAX_SECONDS)) {
+        throw new Error(`visibilityTimeout must be between ${SQS_LIMITS.VISIBILITY_TIMEOUT.MIN_SECONDS} and ${SQS_LIMITS.VISIBILITY_TIMEOUT.MAX_SECONDS} seconds (12 hours)`);
     }
-    // Validate message retention period (60-1209600 seconds = 1 minute to 14 days)
     if (props.messageRetentionPeriod !== undefined &&
-        (props.messageRetentionPeriod < 60 ||
-            props.messageRetentionPeriod > 1209600)) {
-        throw new Error("messageRetentionPeriod must be between 60 and 1209600 seconds (1 minute to 14 days)");
+        (props.messageRetentionPeriod < SQS_LIMITS.MESSAGE_RETENTION.MIN_SECONDS ||
+            props.messageRetentionPeriod > SQS_LIMITS.MESSAGE_RETENTION.MAX_SECONDS)) {
+        throw new Error(`messageRetentionPeriod must be between ${SQS_LIMITS.MESSAGE_RETENTION.MIN_SECONDS} and ${SQS_LIMITS.MESSAGE_RETENTION.MAX_SECONDS} seconds (1 minute to 14 days)`);
+    }
+    if (props.deliveryDelay !== undefined &&
+        (props.deliveryDelay < SQS_LIMITS.DELAY.MIN_SECONDS ||
+            props.deliveryDelay > SQS_LIMITS.DELAY.MAX_SECONDS)) {
+        throw new Error(`deliveryDelay must be between ${SQS_LIMITS.DELAY.MIN_SECONDS} and ${SQS_LIMITS.DELAY.MAX_SECONDS} seconds (15 minutes)`);
+    }
+    if (props.receiveMessageWaitTime !== undefined &&
+        (props.receiveMessageWaitTime < SQS_LIMITS.RECEIVE_WAIT_TIME.MIN_SECONDS ||
+            props.receiveMessageWaitTime > SQS_LIMITS.RECEIVE_WAIT_TIME.MAX_SECONDS)) {
+        throw new Error(`receiveMessageWaitTime must be between ${SQS_LIMITS.RECEIVE_WAIT_TIME.MIN_SECONDS} and ${SQS_LIMITS.RECEIVE_WAIT_TIME.MAX_SECONDS} seconds (long-poll cap)`);
+    }
+    if (props.maxMessageSize !== undefined &&
+        (props.maxMessageSize < SQS_LIMITS.MESSAGE_SIZE.MIN_BYTES ||
+            props.maxMessageSize > SQS_LIMITS.MESSAGE_SIZE.MAX_BYTES)) {
+        throw new Error(`maxMessageSize must be between ${SQS_LIMITS.MESSAGE_SIZE.MIN_BYTES} and ${SQS_LIMITS.MESSAGE_SIZE.MAX_BYTES} bytes (256 KB)`);
     }
     // Warn about FIFO-specific options on standard queues
     if (props.queueType !== "fifo") {
@@ -58,6 +74,7 @@ export class QueueMessaging extends SQSQueue {
     /** The connector type for unified connection processing. */
     connectorType = "queue";
     constructor(scope, id, props) {
+        validateSQSProps(props);
         const queueProps = {
             queueType: props.queueType,
             visibilityTimeout: props.visibilityTimeout,
@@ -120,14 +137,8 @@ export class TopicMessaging extends SNSTopic {
     /** Type discriminator for runtime type narrowing. */
     messagingType = "topic";
     constructor(scope, id, props) {
-        const topicProps = {
-            topicName: props.topicName,
-            displayName: props.displayName,
-            fifo: props.fifo,
-            contentBasedDeduplication: props.contentBasedDeduplication,
-            removalPolicy: props.removalPolicy
-        };
-        super(scope, id, topicProps);
+        validateTopicProps(props);
+        super(scope, id, props);
     }
     /**
      * Grant publish permissions to the grantee.
@@ -151,12 +162,33 @@ export class TopicMessaging extends SNSTopic {
 export class EventBusMessaging extends EventBridgeBus {
     /** Type discriminator for runtime type narrowing. */
     messagingType = "eventBus";
+    /**
+     * Application name threaded into Subscription default descriptions when the
+     * caller does not supply one. Captured at construction so `subscribe(...)`
+     * has the same naming context as `App.addSchedule(...)`.
+     */
+    #appName;
+    /**
+     * Brand distinguishing app buses from the AWS-managed account+region default
+     * bus. Used by `subscribe(...)` to refuse `aws.*` source patterns on app
+     * buses (silent-no-op trap — AWS service events only fire on the default
+     * bus). Set by `fromAwsServiceBus(...)`; defaults to `false` for buses
+     * created via the regular constructor path or `fromEventBusArn(...)`.
+     */
+    #isAwsServiceBus;
     constructor(scope, id, props) {
         const eventBusProps = {
             eventBusName: props.eventBusName,
-            removalPolicy: props.removalPolicy
+            appName: props.appName,
+            description: props.description,
+            removalPolicy: props.removalPolicy,
+            importedBus: props.importedBus
         };
         super(scope, id, eventBusProps);
+        if (props.appName !== undefined) {
+            this.#appName = props.appName;
+        }
+        this.#isAwsServiceBus = props.awsServiceBus === true;
     }
     /**
      * Grant put events permissions to the grantee.
@@ -165,6 +197,70 @@ export class EventBusMessaging extends EventBridgeBus {
     grantPutEventsTo(grantee) {
         return this.getEventBus().grantPutEventsTo(grantee);
     }
+    /**
+     * Add a pub/sub subscription scoped to this bus. Threads the bus's
+     * `IEventBus` and the captured `appName` into the Subscription so the
+     * synthesised rule attaches to this bus (not the default AWS bus) and the
+     * default description picks up the bus's app context.
+     *
+     * Refuses `aws.*` source patterns when the wrapper is an app bus rather
+     * than the AWS-managed default bus. AWS service events fire only on the
+     * account+region default bus; subscribing them on a custom app bus
+     * synthesises and deploys cleanly but never invokes the target. Use
+     * `EventBusMessaging.fromAwsServiceBus(...)` to import the default bus
+     * for AWS service event traffic.
+     */
+    subscribe(id, props) {
+        if (!this.#isAwsServiceBus) {
+            const sources = props.pattern.source ?? [];
+            const awsSources = sources.filter((s) => typeof s === "string" && s.startsWith("aws."));
+            if (awsSources.length > 0) {
+                throw new Error(`Subscription '${id}' uses AWS service source(s) [${awsSources.join(", ")}] on a custom app event bus. AWS service events fire only on the account+region default bus; subscribing them on a custom bus deploys cleanly but never invokes the target. Use EventBusMessaging.fromAwsServiceBus(scope, id, region, account) instead of app.getEventBus().`);
+            }
+        }
+        return new Subscription(this, id, {
+            ...props,
+            eventBus: this.getEventBus(),
+            appName: props.appName ?? this.#appName
+        });
+    }
+    /**
+     * Wrap a bus imported from another account/region by ARN per D19. The
+     * returned handle supports `subscribe(...)` identically to created buses;
+     * rules are owned by the importing stack and attach to the imported bus's
+     * ARN. The base wrapper short-circuits resource creation when `importedBus`
+     * is set, so no `AWS::Events::EventBus` is synthesised and bus-level
+     * mutations (description, removalPolicy, CfnOutputs) are skipped.
+     */
+    static fromEventBusArn(scope, id, arn) {
+        const importedBus = CdkEventBus.fromEventBusArn(scope, `${id}Bus`, arn);
+        return new EventBusMessaging(scope, id, {
+            type: "eventBus",
+            importedBus
+        });
+    }
+    /**
+     * Wrap the AWS-managed account+region `default` event bus. This is the
+     * bus that receives `aws.*` service events emitted via CloudTrail
+     * (`aws.ecr` `CreateRepository`, `aws.ec2` state-change, etc.); custom
+     * Fjall app buses do not receive this traffic. The returned wrapper has
+     * the AWS-service brand set, so `subscribe(...)` accepts `aws.*` source
+     * patterns; subscribing app-source patterns is still allowed but
+     * unusual (the canonical app-source path is `app.getEventBus()`).
+     *
+     * @param region AWS region holding the default bus (typically the stack
+     * region — the default bus is per-account-per-region).
+     * @param account AWS account id holding the default bus.
+     */
+    static fromAwsServiceBus(scope, id, region, account) {
+        const arn = `arn:aws:events:${region}:${account}:event-bus/default`;
+        const importedBus = CdkEventBus.fromEventBusArn(scope, `${id}Bus`, arn);
+        return new EventBusMessaging(scope, id, {
+            type: "eventBus",
+            importedBus,
+            awsServiceBus: true
+        });
+    }
 }
 /**
  * Factory for creating messaging resources.
@@ -209,10 +305,8 @@ export class MessagingFactory {
         return (_app, scope) => {
             switch (props.type) {
                 case "queue":
-                    validateSQSProps(props);
                     return new QueueMessaging(scope, id, props);
                 case "topic":
-                    validateTopicProps(props);
                     return new TopicMessaging(scope, id, props);
                 case "eventBus":
                     return new EventBusMessaging(scope, id, props);
@@ -224,5 +318,6 @@ export class MessagingFactory {
         };
     }
 }
-// Re-export type guards
+// Canonical D18(b) re-export — pinned by subscription.test.ts integrity suite.
+export { EventField, RuleTargetInput } from "aws-cdk-lib/aws-events";
 export { isQueueMessaging, isTopicMessaging, isEventBusMessaging } from "./interfaces/messaging.js";

package/dist/lib/patterns/aws/network.js

@@ -1,5 +1,5 @@
 import { Construct } from "constructs";
-import { Vpc } from "../../resources/aws/networking/vpc.js";
+import { DEFAULT_MAX_AZS, Vpc } from "../../resources/aws/networking/vpc.js";
 import { FjallLogger } from "../../utils/validationLogger.js";
 function validateNetworkProps(props) {
     if (props.maxAzs !== undefined && (props.maxAzs < 1 || props.maxAzs > 3)) {
@@ -8,7 +8,7 @@ function validateNetworkProps(props) {
     if (typeof props.natGateways === "object" &&
         props.natGateways !== null &&
         props.natGateways.count !== undefined) {
-        const maxAzs = props.maxAzs ?? 3;
+        const maxAzs = props.maxAzs ?? DEFAULT_MAX_AZS;
         if (props.natGateways.count > maxAzs) {
             FjallLogger.warn(`'natGateways.count' (${props.natGateways.count}) exceeds maxAzs (${maxAzs}).`);
         }
@@ -20,7 +20,6 @@ function validateNetworkProps(props) {
 export class NetworkFactory {
     static build(id, props) {
         return (app, scope) => {
-            validateNetworkProps(props);
             return new Network(scope, id, props, app);
         };
     }
@@ -29,15 +28,25 @@ export class Network extends Construct {
     vpc;
     constructor(scope, id, props, app) {
         super(scope, id);
+        validateNetworkProps(props);
         this.vpc = this.createVpc(id, props, app);
     }
     createVpc(id, props, app) {
         const rawAccountId = app.node.tryGetContext("accountId");
-        const accountId = (typeof rawAccountId === "string" ? rawAccountId : undefined) ||
-            process.env.CDK_DEFAULT_ACCOUNT;
-        const region = process.env.CDK_DEFAULT_REGION;
+        const guardedCtxAccountId = typeof rawAccountId === "string" && rawAccountId !== ""
+            ? rawAccountId
+            : undefined;
+        const envAccountId = process.env.CDK_DEFAULT_ACCOUNT;
+        const accountId = guardedCtxAccountId ??
+            (envAccountId !== undefined && envAccountId !== ""
+                ? envAccountId
+                : undefined);
+        const envRegion = process.env.CDK_DEFAULT_REGION;
+        const region = envRegion !== undefined && envRegion !== "" ? envRegion : undefined;
         const rawIpamPoolId = app.node.tryGetContext("ipamPoolId");
-        const ipv4IpamPoolId = typeof rawIpamPoolId === "string" ? rawIpamPoolId : undefined;
+        const ipv4IpamPoolId = typeof rawIpamPoolId === "string" && rawIpamPoolId !== ""
+            ? rawIpamPoolId
+            : undefined;
         const vpcProps = {
             vpcName: props.vpcName,
             accountId,

package/dist/lib/patterns/aws/organisation.d.ts

@@ -1,4 +1,5 @@
 import { type Environment, Stack, type StackProps } from "aws-cdk-lib";
+import { type CustomPermissionSets } from "../../config/aws/identityCenter.js";
 import { ScpPreset } from "../../config/aws/scpPreset.js";
 import type { ScpPresetProps } from "../../config/aws/scpPreset.js";
 import { OrganisationResource } from "../../resources/aws/organisation/index.js";
@@ -32,11 +33,14 @@ export declare class Organisation extends Stack {
     private accountRefs;
     private accountMap;
     private accountsConfig;
+    private identityCenter?;
     constructor(id: string, props: OrganisationProps);
     private createAccountReferences;
     private setupOrganisationFeatures;
     private setupCostAllocationTagActivator;
     private setupIdentityCenter;
+    declarePermissionSets(customs: CustomPermissionSets): void;
+    assignGroupMembers(members: Record<string, string[]>): void;
     getOrganisation(): OrganisationResource;
     getAccounts(): Record<string, string>;
     enableScps(props: ScpPresetProps): ScpPreset;

package/dist/lib/patterns/aws/organisation.js

@@ -4,6 +4,7 @@ import { IdentityCenter } from "../../config/aws/identityCenter.js";
 import { ScpPreset } from "../../config/aws/scpPreset.js";
 import { OrganisationResource, OrganisationAccount, CostAllocationTagActivator } from "../../resources/aws/organisation/index.js";
 import { stripAndCamelCase } from "../../utils/stripAndCamelCase.js";
+import { CDK_CONTEXT_KEYS } from "../../utils/cdkContext.js";
 import { getConfig } from "../../utils/getConfig.js";
 import { extractAccountNames } from "../../utils/accountsUtils.js";
 /**
@@ -22,6 +23,7 @@ export class Organisation extends Stack {
     accountRefs = [];
     accountMap;
     accountsConfig;
+    identityCenter;
     constructor(id, props) {
         const config = getConfig();
         const env = props.env ?? {
@@ -40,9 +42,10 @@ export class Organisation extends Stack {
             this.accountMap[key.toLowerCase()] = value;
         }
         this.accountsConfig = props.accounts;
-        const orgId = this.node.tryGetContext("orgId");
-        const rootId = this.node.tryGetContext("rootId");
-        const managementAccountId = this.node.tryGetContext("managementAccountId") ?? this.account;
+        const orgId = this.node.tryGetContext(CDK_CONTEXT_KEYS.ORG_ID);
+        const rootId = this.node.tryGetContext(CDK_CONTEXT_KEYS.ROOT_ID);
+        const managementAccountId = this.node.tryGetContext(CDK_CONTEXT_KEYS.MANAGEMENT_ACCOUNT_ID) ??
+            this.account;
         if (!orgId || !rootId) {
             throw new Error("orgId and rootId must be provided via CDK context. Run deployment through the Fjall CLI.");
         }
@@ -75,7 +78,11 @@ export class Organisation extends Stack {
         this.setupCostAllocationTagActivator();
     }
     setupCostAllocationTagActivator() {
-        new CostAllocationTagActivator(this, "CostAllocationTagActivator");
+        const activator = new CostAllocationTagActivator(this, "CostAllocationTagActivator");
+        App.getInstance().addSchedule("CostAllocationTagActivatorSchedule", {
+            schedule: "rate(24 hours)",
+            target: activator
+        });
     }
     setupIdentityCenter(identityCenter, managementAccountId) {
         if (identityCenter) {
@@ -87,11 +94,23 @@ export class Organisation extends Stack {
                     ssoAccounts[name] = id;
                 }
             }
-            new IdentityCenter(this, "IdentityCenter", {
+            this.identityCenter = new IdentityCenter(this, "IdentityCenter", {
                 accounts: ssoAccounts
             });
         }
     }
+    declarePermissionSets(customs) {
+        if (this.identityCenter === undefined) {
+            throw new Error("Identity Center is not enabled. Pass identityCenter: true to OrganisationFactory.");
+        }
+        this.identityCenter.declarePermissionSets(customs);
+    }
+    assignGroupMembers(members) {
+        if (this.identityCenter === undefined) {
+            throw new Error("Identity Center is not enabled. Pass identityCenter: true to OrganisationFactory.");
+        }
+        this.identityCenter.assignGroupMembers(members);
+    }
     getOrganisation() {
         return this.org;
     }

package/dist/lib/patterns/aws/storage.d.ts

@@ -1,9 +1,8 @@
 import { Construct } from "constructs";
 import { type IBucket, type EventType, type IBucketNotificationDestination, type NotificationKeyFilter } from "aws-cdk-lib/aws-s3";
-import { BucketDeployment } from "aws-cdk-lib/aws-s3-deployment";
 import { type IGrantable, type Grant } from "aws-cdk-lib/aws-iam";
 import type App from "../../app.js";
-import { type WebsiteHostingConfig } from "../../resources/aws/storage/index.js";
+import { BucketDeployment, type WebsiteHostingConfig } from "../../resources/aws/storage/index.js";
 import { type BackupTier } from "../../utils/backupTierMapping.js";
 import { type IStorage } from "./interfaces/storage.js";
 import { type IStorageConnector } from "./interfaces/connector.js";

package/dist/lib/patterns/aws/storage.js

@@ -1,9 +1,9 @@
 import { Construct } from "constructs";
 import { BucketEncryption, HttpMethods } from "aws-cdk-lib/aws-s3";
-import { BucketDeployment, Source, CacheControl } from "aws-cdk-lib/aws-s3-deployment";
+import { Source, CacheControl } from "aws-cdk-lib/aws-s3-deployment";
 import { Key } from "aws-cdk-lib/aws-kms";
 import { CfnOutput, Duration, RemovalPolicy, Stack } from "aws-cdk-lib";
-import { S3Bucket } from "../../resources/aws/storage/index.js";
+import { BucketDeployment, S3Bucket } from "../../resources/aws/storage/index.js";
 import { FjallLogger } from "../../utils/validationLogger.js";
 export { isStorage } from "./interfaces/storage.js";
 function toBucketEncryption(encryption) {
@@ -50,6 +50,7 @@ export class Storage extends Construct {
     bucketDeployment;
     constructor(scope, id, props) {
         super(scope, id);
+        validateStorageProps(props);
         const encryptionKey = props.kmsKeyArn
             ? Key.fromKeyArn(this, `${id}KmsKey`, props.kmsKeyArn)
             : undefined;

package/dist/lib/patterns/aws/vpcPeer.d.ts

@@ -0,0 +1,34 @@
+import { type Construct } from "constructs";
+import type App from "../../app.js";
+import { VpcPeeringConnection } from "../../resources/aws/networking/vpcPeeringConnection.js";
+export interface IVpcPeerProps {
+    /** Name of the remote Fjall app to peer with. */
+    peerAppName: string;
+    /** AWS account ID of the remote app. */
+    peerAccountId: string;
+    /** Region of the remote app's VPC. Defaults to the local region. */
+    peerRegion?: string;
+    /** Remote VPC ID. Resolved from SSM (`{prefix}/vpc-id`) if omitted. */
+    peerVpcId?: string;
+    /** Remote VPC CIDR. Resolved from SSM (`{prefix}/vpc-cidr`) if omitted. */
+    peerVpcCidr?: string;
+    /** Accepter role ARN. Resolved from SSM (`{prefix}/peering-role-arn`) if omitted. */
+    peerRoleArn?: string;
+    /**
+     * Accepter route-table IDs. Resolved from the SSM `StringListParameter`
+     * (`{prefix}/route-table-ids`) via `valueForTypedListParameter` if omitted.
+     */
+    peerRouteTableIds?: string[];
+    /** Name of the local VPC to peer from. Defaults to the app's default VPC. */
+    localVpcName?: string;
+    /** Enable DNS resolution across the peering. Defaults to true. */
+    enableDnsResolution?: boolean;
+    /** Cost-allocation override — forwarded to the underlying construct. */
+    costAllocationEnvironment?: string;
+    /** Cost-allocation override — forwarded to the underlying construct. */
+    costAllocationDomain?: string;
+}
+export type VpcPeer = VpcPeeringConnection;
+export declare class VpcPeerFactory {
+    static build(id: string, props: IVpcPeerProps): (app: App, scope: Construct) => VpcPeer;
+}

package/dist/lib/patterns/aws/vpcPeer.js

@@ -0,0 +1,38 @@
+import { Stack } from "aws-cdk-lib";
+import { StringListParameter, StringParameter } from "aws-cdk-lib/aws-ssm";
+import { buildSsmPrefix, DEFAULT_ORG_ID, resolveOrgId } from "../../utils/cdkContext.js";
+import { VpcPeeringConnection } from "../../resources/aws/networking/vpcPeeringConnection.js";
+export class VpcPeerFactory {
+    static build(id, props) {
+        return (app, scope) => {
+            const localVpc = app.getVpc(props.localVpcName);
+            const orgId = resolveOrgId(app.node, DEFAULT_ORG_ID);
+            const ssmPrefix = buildSsmPrefix(orgId, props.peerAppName);
+            const peerVpcId = props.peerVpcId ??
+                StringParameter.valueForStringParameter(scope, `${ssmPrefix}/vpc-id`);
+            const peerVpcCidr = props.peerVpcCidr ??
+                StringParameter.valueForStringParameter(scope, `${ssmPrefix}/vpc-cidr`);
+            const peerRoleArn = props.peerRoleArn ??
+                StringParameter.valueForStringParameter(scope, `${ssmPrefix}/peering-role-arn`);
+            const peerRouteTableIds = props.peerRouteTableIds ??
+                StringListParameter.valueForTypedListParameter(scope, `${ssmPrefix}/route-table-ids`);
+            const resolvedPeerOrgId = orgId !== DEFAULT_ORG_ID ? orgId : undefined;
+            const peerRegion = props.peerRegion ?? Stack.of(scope).region;
+            return new VpcPeeringConnection(scope, id, {
+                localVpc,
+                localVpcCidr: localVpc.vpcCidrBlock,
+                peerVpcId,
+                peerVpcCidr,
+                peerAccountId: props.peerAccountId,
+                peerRegion,
+                peerRoleArn,
+                peerRouteTableIds,
+                enableDnsResolution: props.enableDnsResolution,
+                peerAppName: props.peerAppName,
+                peerOrgId: resolvedPeerOrgId,
+                costAllocationEnvironment: props.costAllocationEnvironment,
+                costAllocationDomain: props.costAllocationDomain
+            });
+        };
+    }
+}

package/dist/lib/patterns/aws/vpcPeerAccepter.d.ts

@@ -0,0 +1,29 @@
+import { type Construct } from "constructs";
+import type App from "../../app.js";
+import { VpcPeeringAccepterRole } from "../../resources/aws/networking/vpcPeeringAccepterRole.js";
+import { type IRelationalDatabase } from "./interfaces/database.js";
+import { type IEcsCompute } from "./interfaces/compute.js";
+export type ExposedResource = {
+    resource: IRelationalDatabase;
+    name: string;
+    allowedFromCidrs: string[];
+    access?: "read" | "write" | "readWrite";
+} | {
+    resource: IEcsCompute;
+    serviceName: string;
+    name: string;
+    allowedFromCidrs: string[];
+    port?: number;
+};
+export interface IVpcPeerAccepterProps {
+    requesterAccountIds: string[];
+    localVpcName?: string;
+    publishToSsm?: boolean;
+    exposedResources?: ExposedResource[];
+    costAllocationEnvironment?: string;
+    costAllocationDomain?: string;
+}
+export type VpcPeerAccepter = VpcPeeringAccepterRole;
+export declare class VpcPeerAccepterFactory {
+    static build(id: string, props: IVpcPeerAccepterProps): (app: App, scope: Construct) => VpcPeerAccepter;
+}