npm - @fjall/components-infrastructure - Versions diffs - 0.95.0 → 0.99.1 - Mend

@fjall/components-infrastructure 0.95.0 → 0.99.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (234) hide show

package/dist/lib/resources/aws/storage/bucketDeployment.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { BucketDeployment as CdkBucketDeployment, type BucketDeploymentProps } from "aws-cdk-lib/aws-s3-deployment";
+import { type Construct } from "constructs";
+/**
+ * Routing-point wrapper for `aws-cdk-lib/aws-s3-deployment.BucketDeployment`.
+ *
+ * Currently a thin pass-through — no defaults are applied today. The wrapper
+ * exists so that future SOC2 / compliance defaults (tags, retention, encryption
+ * on the underlying Lambda + Custom Resource) reach every consumer in one edit.
+ * Per `.claude/rules/generator-standards.md § Wrapper Routing Discipline` and
+ * `patterns/infrastructure-wrapper-routing-pattern.md § A3` ("a wrapper that
+ * is a thin pass-through today is still the routing point"), `lib/{config,
+ * patterns}/` MUST instantiate this class rather than the raw CDK construct.
+ */
+export declare class BucketDeployment extends CdkBucketDeployment {
+    constructor(scope: Construct, id: string, props: BucketDeploymentProps);
+}

package/dist/lib/resources/aws/storage/bucketDeployment.js ADDED Viewed

@@ -0,0 +1,17 @@
+import { BucketDeployment as CdkBucketDeployment } from "aws-cdk-lib/aws-s3-deployment";
+/**
+ * Routing-point wrapper for `aws-cdk-lib/aws-s3-deployment.BucketDeployment`.
+ *
+ * Currently a thin pass-through — no defaults are applied today. The wrapper
+ * exists so that future SOC2 / compliance defaults (tags, retention, encryption
+ * on the underlying Lambda + Custom Resource) reach every consumer in one edit.
+ * Per `.claude/rules/generator-standards.md § Wrapper Routing Discipline` and
+ * `patterns/infrastructure-wrapper-routing-pattern.md § A3` ("a wrapper that
+ * is a thin pass-through today is still the routing point"), `lib/{config,
+ * patterns}/` MUST instantiate this class rather than the raw CDK construct.
+ */
+export class BucketDeployment extends CdkBucketDeployment {
+    constructor(scope, id, props) {
+        super(scope, id, props);
+    }
+}

package/dist/lib/resources/aws/storage/ecr.js CHANGED Viewed

@@ -24,14 +24,14 @@ export class Ecr extends Repository {
         });
     }
     static getRepositoryProps(props) {
-        // todo: lifeCycleRules
-        // todo: Encryption & EncryptionKey (default is AWS managed KMS key)
+        // Gotcha: DESTROY + emptyOnDelete:true silently wipes every pushed image
+        // on stack teardown — next deploy pulls "not found" for any referenced tag.
         return {
             ...(props?.repositoryName && { repositoryName: props.repositoryName }),
             imageScanOnPush: true,
-            imageTagMutability: TagMutability.MUTABLE,
-            emptyOnDelete: true,
-            removalPolicy: RemovalPolicy.DESTROY
+            imageTagMutability: TagMutability.IMMUTABLE,
+            emptyOnDelete: false,
+            removalPolicy: RemovalPolicy.RETAIN
         };
     }
     static build(id, props) {

package/dist/lib/resources/aws/storage/index.d.ts CHANGED Viewed

@@ -1,2 +1,3 @@
 export * from "./s3.js";
 export * from "./ecr.js";
+export * from "./bucketDeployment.js";

package/dist/lib/resources/aws/storage/index.js CHANGED Viewed

@@ -1,2 +1,3 @@
 export * from "./s3.js";
 export * from "./ecr.js";
+export * from "./bucketDeployment.js";

package/dist/lib/resources/aws/storage/s3.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import { CfnOutput, Duration, RemovalPolicy } from "aws-cdk-lib";
 import { BlockPublicAccess, Bucket } from "aws-cdk-lib/aws-s3";
+import { RegionInfo } from "aws-cdk-lib/region-info";
 import { toPascalCase } from "../../../utils/capitaliseString.js";
 function shouldAutoVersion(tier) {
     return tier === "resilient" || tier === "enterprise";
@@ -36,18 +37,24 @@ export class S3Bucket extends Bucket {
         });
         this.backupVaultTier = backupVaultTier;
         if (websiteHosting) {
-            const safeBucket = toPascalCase((props.bucketName ?? id).replace(/[^A-Za-z0-9]/g, ""));
+            const safeBucket = toPascalCase((props.bucketName ?? id).replace(/[^A-Za-z0-9-]/g, ""));
             new CfnOutput(this, `${safeBucket}WebsiteEndpoint`, {
                 key: `${safeBucket}WebsiteEndpoint`,
                 exportName: `${safeBucket}WebsiteEndpoint`,
                 value: this.bucketWebsiteDomainName,
                 description: `S3 website endpoint for ${id} (consumed by Domain alias targets)`
             });
+            const region = this.stack.region;
+            const websiteHostedZoneId = RegionInfo.get(region).s3StaticWebsiteHostedZoneId;
+            if (websiteHostedZoneId === undefined) {
+                throw new Error(`S3 website hosted zone id is not known for region "${region}". ` +
+                    `Update aws-cdk-lib/region-info or provide the bucket's hosted zone id explicitly.`);
+            }
             new CfnOutput(this, `${safeBucket}WebsiteHostedZoneId`, {
                 key: `${safeBucket}WebsiteHostedZoneId`,
                 exportName: `${safeBucket}WebsiteHostedZoneId`,
-                value: this.stack.region,
-                description: `AWS region for ${id}; consumer maps to S3 website Route53 zone ID`
+                value: websiteHostedZoneId,
+                description: `Route 53 hosted zone id for the S3 website endpoint of ${id}`
             });
         }
     }

package/dist/lib/resources/aws/utilities/customResource.js CHANGED Viewed

@@ -3,6 +3,7 @@ import { Provider } from "aws-cdk-lib/custom-resources";
 import { Code } from "aws-cdk-lib/aws-lambda";
 import { Construct } from "constructs";
 import { SingletonFunction, LambdaFunction } from "../compute/lambda.js";
+import { DEFAULT_CUSTOM_RESOURCE_TIMEOUT_SECONDS } from "../compute/ecsConstants.js";
 export class CustomResource extends Construct {
     response;
     resource;
@@ -15,12 +16,20 @@ export class CustomResource extends Construct {
         if (props.codePath && props.inlineCode) {
             throw new Error("CustomResource requires exactly one of codePath or inlineCode, not both");
         }
-        const isInlineCode = !!props.inlineCode;
-        const code = isInlineCode
-            ? Code.fromInline(props.inlineCode)
-            : Code.fromAsset(props.codePath, props.assetOptions);
+        const isInlineCode = props.inlineCode !== undefined;
+        let code;
+        if (props.inlineCode !== undefined) {
+            code = Code.fromInline(props.inlineCode);
+        }
+        else if (props.codePath !== undefined) {
+            code = Code.fromAsset(props.codePath, props.assetOptions);
+        }
+        else {
+            // Unreachable — earlier validation rejects this case
+            throw new Error("CustomResource requires codePath or inlineCode");
+        }
         const handler = props.handler ?? (isInlineCode ? "index.handler" : `${id}.handler`);
-        const timeout = props.timeout?.toSeconds() ?? 300;
+        const timeout = props.timeout?.toSeconds() ?? DEFAULT_CUSTOM_RESOURCE_TIMEOUT_SECONDS;
         // Use LambdaFunction for inline code (unique per use), SingletonFunction for assets (shared)
         const lambdaFunction = isInlineCode
             ? new LambdaFunction(this, `${id}Lambda`, {
@@ -28,16 +37,16 @@ export class CustomResource extends Construct {
                 handler,
                 runtime: props.runtime,
                 timeout,
-                lambdaDescription: props.lambdaDescription || `${id} lambda`,
-                roleDescription: props.roleDescription || `${id} custom resource lambda`,
+                lambdaDescription: props.lambdaDescription ?? `${id} lambda`,
+                roleDescription: props.roleDescription ?? `${id} custom resource lambda`,
                 inlinePolicy: props.inlinePolicy
             })
             : new SingletonFunction(this, `${id}Lambda`, {
                 code,
                 handler,
                 runtime: props.runtime,
-                lambdaDescription: props.lambdaDescription || `${id} lambda`,
-                roleDescription: props.roleDescription || `${id} custom resource lambda`,
+                lambdaDescription: props.lambdaDescription ?? `${id} lambda`,
+                roleDescription: props.roleDescription ?? `${id} custom resource lambda`,
                 inlinePolicy: props.inlinePolicy
             });
         const provider = new Provider(this, `${id}Provider`, {

package/dist/lib/synth_dump.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/lib/synth_dump.js ADDED Viewed

@@ -0,0 +1,42 @@
+import { App, Stack } from "aws-cdk-lib";
+import { Template } from "aws-cdk-lib/assertions";
+import { Vpc } from "aws-cdk-lib/aws-ec2";
+import { Repository } from "aws-cdk-lib/aws-ecr";
+import { mkdtempSync, mkdirSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { EcsCompute } from "./patterns/aws/computeEcs.js";
+import { RelationalDatabase } from "./patterns/aws/database.js";
+const root = mkdtempSync(join(tmpdir(), "ds-"));
+mkdirSync(join(root, "20260512000000_init"));
+const app = new App();
+const stack = new Stack(app, "S", { env: { account: "123456789012", region: "us-east-1" } });
+const vpc = new Vpc(stack, "Vpc");
+const db = new RelationalDatabase(stack, "Db", {
+    type: "Instance", vpc, databaseName: "appdata",
+    migrations: { tool: "prisma", dir: root }
+});
+new EcsCompute(stack, "Cluster", {
+    type: "ecs",
+    ecrRepository: new Repository(stack, "Ecr"),
+    services: [{
+            name: "web", capacityProvider: "FARGATE",
+            containers: [{ name: "app", image: "nginx:latest", port: 3000 }],
+            connections: [db],
+            migrations: {
+                mode: "lifecycle-hook", command: ["node", "migrate.mjs"], entryPoint: ["/usr/bin/tini", "--"],
+                separateTaskDef: { cpu: 512, memoryLimitMiB: 1024 }
+            }
+        }]
+});
+const t = Template.fromStack(stack);
+const ing = t.findResources("AWS::EC2::SecurityGroupIngress");
+for (const [name, res] of Object.entries(ing)) {
+    console.log("INGRESS:", name);
+    console.log("  props:", JSON.stringify(res.Properties));
+}
+const eg = t.findResources("AWS::EC2::SecurityGroupEgress");
+for (const [name, res] of Object.entries(eg)) {
+    console.log("EGRESS:", name);
+    console.log("  props:", JSON.stringify(res.Properties));
+}

package/dist/lib/utils/bastionFactory.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { type IVpc } from "aws-cdk-lib/aws-ec2";
+import { Ec2Instance } from "../resources/aws/compute/ec2.js";
+import { type AwsStack } from "../resources/index.js";
+export interface BastionConfig {
+    instanceType?: string;
+}
+export interface BastionResult {
+    bastion: Ec2Instance;
+}
+export declare function createBastion(networkStack: AwsStack, appName: string, stackPrefix: string, vpc: IVpc, config: BastionConfig | true): BastionResult;

package/dist/lib/utils/bastionFactory.js ADDED Viewed

@@ -0,0 +1,29 @@
+import { CfnOutput } from "aws-cdk-lib";
+import { Ec2Instance } from "../resources/aws/compute/ec2.js";
+import { toPascalCase } from "./capitaliseString.js";
+export function createBastion(networkStack, appName, stackPrefix, vpc, config) {
+    const instanceType = typeof config === "object" && config.instanceType
+        ? config.instanceType
+        : "t4g.micro";
+    const bastionId = `${stackPrefix}Bastion`;
+    const scope = networkStack.getStack();
+    const bastion = new Ec2Instance(scope, bastionId, {
+        serviceName: `${stackPrefix}Bastion`,
+        instanceType,
+        vpc,
+        enableSSH: false,
+        minCapacity: 1,
+        maxCapacity: 1
+    });
+    networkStack.addConstruct(bastion);
+    const outputPrefix = toPascalCase(appName);
+    new CfnOutput(scope, `${outputPrefix}BastionInstanceId`, {
+        value: bastion.getAutoScalingGroup().autoScalingGroupName,
+        description: "Bastion ASG name for SSM tunnel discovery"
+    });
+    new CfnOutput(scope, `${outputPrefix}BastionSecurityGroupId`, {
+        value: bastion.asgSecurityGroup.securityGroupId,
+        description: "Bastion security group ID"
+    });
+    return { bastion };
+}

package/dist/lib/utils/capitaliseString.d.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export { capitalise as capitaliseString, toPascalCase, toKebab, toValidDatabaseName, getSafeZoneName } from "@fjall/util";
1	+ export { capitalise as capitaliseString, toPascalCase, toKebab, toValidDatabaseName, toScreamingSnake, getSafeZoneName } from "@fjall/util";

package/dist/lib/utils/capitaliseString.js CHANGED Viewed

	@@ -1 +1 @@
1	- export { capitalise as capitaliseString, toPascalCase, toKebab, toValidDatabaseName, getSafeZoneName } from "@fjall/util";
1	+ export { capitalise as capitaliseString, toPascalCase, toKebab, toValidDatabaseName, toScreamingSnake, getSafeZoneName } from "@fjall/util";

package/dist/lib/utils/cdkContext.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { Node } from "constructs";
+export declare const CDK_CONTEXT_KEYS: {
+    readonly ORG_ID: "orgId";
+    readonly ROOT_ID: "rootId";
+    readonly MANAGEMENT_ACCOUNT_ID: "managementAccountId";
+};
+export declare const DEFAULT_ORG_ID: "default";
+export declare function resolveOrgId(node: Node, fallback: string): string;
+export declare function resolveOrgId(node: Node): string | undefined;
+export declare function buildSsmPrefix(orgId: string, appName: string): string;

package/dist/lib/utils/cdkContext.js ADDED Viewed

@@ -0,0 +1,13 @@
+export const CDK_CONTEXT_KEYS = {
+    ORG_ID: "orgId",
+    ROOT_ID: "rootId",
+    MANAGEMENT_ACCOUNT_ID: "managementAccountId"
+};
+export const DEFAULT_ORG_ID = "default";
+export function resolveOrgId(node, fallback) {
+    const raw = node.tryGetContext(CDK_CONTEXT_KEYS.ORG_ID);
+    return typeof raw === "string" && raw !== "" ? raw : fallback;
+}
+export function buildSsmPrefix(orgId, appName) {
+    return `/fjall/${orgId}/${appName}`;
+}

package/dist/lib/utils/connections.d.ts CHANGED Viewed

@@ -23,7 +23,7 @@
  */
 import { type IConnectable } from "aws-cdk-lib/aws-ec2";
 import { type IGrantable } from "aws-cdk-lib/aws-iam";
-import { type ConnectionSpec, type ConnectionResult } from "./connector.js";
+import { type ConnectionSpec, type ConnectionResult, type IRemoteConnector } from "./connector.js";
 /**
  * Process connections from compute resources to data resources.
  *
@@ -44,3 +44,9 @@ import { type ConnectionSpec, type ConnectionResult } from "./connector.js";
  * );
  */
 export declare function processConnections(connections: ConnectionSpec[], grantee: IGrantable, connectable?: IConnectable): ConnectionResult[];
+/**
+ * Build an env-vars connection result for a remote connector.
+ * Used by the cross-app VPC peering path — env vars are surfaced from SSM
+ * lookups upstream and merged into the consuming compute's container env.
+ */
+export declare function buildEnvVarsResult(connector: IRemoteConnector, envVars: Record<string, string>): ConnectionResult;

package/dist/lib/utils/connections.js CHANGED Viewed

@@ -21,6 +21,7 @@
  *   this.lambdaFunction   // IConnectable (security group)
  * );
  */
+import { Port } from "aws-cdk-lib/aws-ec2";
 import { CONNECTION_TYPE, isConnectionConfig, isConnector, isConnectable, isConnectionAccess, isMessagingAccess } from "./connector.js";
 /** Default access levels for each connector type. */
 const DEFAULT_ACCESS = {
@@ -140,8 +141,16 @@ export function processConnections(connections, grantee, connectable) {
                 case "relational": {
                     requireConnectable(connectable, `${resource.connectorType} connector`);
                     connectable.connections.allowToDefaultPort(resource);
+                    if (resource.additionalTcpPorts !== undefined) {
+                        for (const port of resource.additionalTcpPorts) {
+                            connectable.connections.allowTo(resource, Port.tcp(port));
+                        }
+                    }
                     return buildSecurityGroupResult(resource);
                 }
+                case "remote": {
+                    return buildEnvVarsResult(resource, resource.environmentVariables);
+                }
             }
         }
         // Legacy IConnectable path
@@ -153,3 +162,15 @@ export function processConnections(connections, grantee, connectable) {
         throw new Error("Connection resource must be either an IConnector or IConnectable");
     });
 }
+/**
+ * Build an env-vars connection result for a remote connector.
+ * Used by the cross-app VPC peering path — env vars are surfaced from SSM
+ * lookups upstream and merged into the consuming compute's container env.
+ */
+export function buildEnvVarsResult(connector, envVars) {
+    return {
+        resource: connector,
+        connectionType: CONNECTION_TYPE.ENV_VARS,
+        environmentVariables: envVars
+    };
+}

package/dist/lib/utils/connector.d.ts CHANGED Viewed

@@ -45,8 +45,9 @@ import { type IGrantable, type Grant } from "aws-cdk-lib/aws-iam";
  * - "queue": SQS queues
  * - "securityGroup": Resources with security groups (ECS, Lambda with VPC)
  * - "relational": RDS databases (uses security groups)
+ * - "remote": Cross-app resource exposed via VPC peering, surfaced as env vars
  */
-export type ConnectorType = "storage" | "dynamodb" | "queue" | "securityGroup" | "relational";
+export type ConnectorType = "storage" | "dynamodb" | "queue" | "securityGroup" | "relational" | "remote";
 /**
  * Access level for storage and DynamoDB connectors.
  */
@@ -114,11 +115,33 @@ export interface ISecurityGroupConnector extends IConnector {
     readonly connectorType: "securityGroup" | "relational";
     /** The security group connections for this resource. */
     readonly connections: IConnectable["connections"];
+    /**
+     * Additional TCP ports to open beyond the default port carried by
+     * `connections`. Used by dual-port resources such as ClickHouse, where the
+     * primary port (HTTP, 8123) flows through `connections.allowDefaultPortFrom`
+     * and the native protocol port (9000) is appended here. Optional; existing
+     * single-port consumers (Aurora, Instance, GlobalAurora) leave this
+     * undefined and behave unchanged.
+     *
+     * Surfaced as `number[]` (not `aws-cdk-lib/aws-ec2.Port[]`) per the
+     * 2026-05-05 ClickHouse design D18(k); `Port.tcp(n)` is plumbing.
+     */
+    readonly additionalTcpPorts?: number[];
+}
+/**
+ * Remote connector interface.
+ * Represents a resource exposed by a peered app via VPC peering.
+ * Carries the env vars that should be injected into the consuming compute.
+ */
+export interface IRemoteConnector extends IConnector {
+    readonly connectorType: "remote";
+    /** Env vars to inject (e.g. `{PREFIX}_HOST`, `{PREFIX}_PORT`). */
+    readonly environmentVariables: Record<string, string>;
 }
 /**
  * Union type representing any connector interface.
  */
-export type AnyConnector = IStorageConnector | IDynamoDBConnector | IQueueConnector | ISecurityGroupConnector;
+export type AnyConnector = IStorageConnector | IDynamoDBConnector | IQueueConnector | ISecurityGroupConnector | IRemoteConnector;
 /**
  * Connection configuration with explicit access level.
  * Use this to specify non-default access levels.
@@ -141,6 +164,7 @@ export type ConnectionSpec = IConnectable | AnyConnector | ConnectionConfig;
 export declare const CONNECTION_TYPE: {
     readonly SECURITY_GROUP: "securityGroup";
     readonly IAM: "iam";
+    readonly ENV_VARS: "envVars";
 };
 export type ConnectionType = (typeof CONNECTION_TYPE)[keyof typeof CONNECTION_TYPE];
 /**
@@ -154,6 +178,8 @@ export interface ConnectionResult {
     grant?: Grant;
     /** The type of connection that was made. */
     connectionType: ConnectionType;
+    /** Env vars to inject when connectionType is "envVars". */
+    environmentVariables?: Record<string, string>;
 }
 /** Check if a value is a valid ConnectionAccess. */
 export declare function isConnectionAccess(value: unknown): value is ConnectionAccess;
@@ -181,3 +207,5 @@ export declare function isDynamoDBConnector(connector: IConnector): connector is
 export declare function isQueueConnector(connector: IConnector): connector is IQueueConnector;
 /** Type guard for security group connectors (RDS, ECS). */
 export declare function isSecurityGroupConnector(connector: IConnector): connector is ISecurityGroupConnector;
+/** Type guard for remote connectors (cross-app exposed resources). */
+export declare function isRemoteConnector(connector: IConnector): connector is IRemoteConnector;

package/dist/lib/utils/connector.js CHANGED Viewed

@@ -39,7 +39,8 @@
 /** Connection result types. */
 export const CONNECTION_TYPE = {
     SECURITY_GROUP: "securityGroup",
-    IAM: "iam"
+    IAM: "iam",
+    ENV_VARS: "envVars"
 };
 const VALID_CONNECTION_ACCESS = [
     "read",
@@ -102,3 +103,7 @@ export function isSecurityGroupConnector(connector) {
     return (connector.connectorType === "securityGroup" ||
         connector.connectorType === "relational");
 }
+/** Type guard for remote connectors (cross-app exposed resources). */
+export function isRemoteConnector(connector) {
+    return connector.connectorType === "remote";
+}

package/dist/lib/utils/costAllocationTags.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { IConstruct } from "constructs";
+export declare const COST_ALLOCATION_TAGS: {
+    readonly ENVIRONMENT: "fjall:costAllocation:environment";
+    readonly SERVICE: "fjall:costAllocation:service";
+    readonly DOMAIN: "fjall:costAllocation:domain";
+    readonly OWNER: "fjall:costAllocation:owner";
+};
+export declare const DEFAULT_COST_ALLOCATION_ENVIRONMENT: "management";
+export interface CostAllocationTagsArgs {
+    readonly service: string;
+    readonly domain: string;
+    readonly environment?: string;
+    readonly owner?: string;
+}
+export declare function applyCostAllocationTags(scope: IConstruct, args: CostAllocationTagsArgs): void;

package/dist/lib/utils/costAllocationTags.js ADDED Viewed

@@ -0,0 +1,16 @@
+import { Tags } from "aws-cdk-lib";
+export const COST_ALLOCATION_TAGS = {
+    ENVIRONMENT: "fjall:costAllocation:environment",
+    SERVICE: "fjall:costAllocation:service",
+    DOMAIN: "fjall:costAllocation:domain",
+    OWNER: "fjall:costAllocation:owner"
+};
+export const DEFAULT_COST_ALLOCATION_ENVIRONMENT = "management";
+export function applyCostAllocationTags(scope, args) {
+    Tags.of(scope).add(COST_ALLOCATION_TAGS.ENVIRONMENT, args.environment ?? DEFAULT_COST_ALLOCATION_ENVIRONMENT);
+    Tags.of(scope).add(COST_ALLOCATION_TAGS.SERVICE, args.service);
+    Tags.of(scope).add(COST_ALLOCATION_TAGS.DOMAIN, args.domain);
+    if (args.owner !== undefined) {
+        Tags.of(scope).add(COST_ALLOCATION_TAGS.OWNER, args.owner);
+    }
+}

package/dist/lib/utils/databaseTypes.d.ts CHANGED Viewed

@@ -2,7 +2,21 @@ import { type Duration } from "aws-cdk-lib";
 import { type IKey } from "aws-cdk-lib/aws-kms";
 import { type SubnetSelection } from "aws-cdk-lib/aws-ec2";
 export type DatabaseEngine = "postgresql" | "mysql";
+/**
+ * Discriminated snapshot target. Instance variants return
+ * `{ kind: "instance", arn }`; cluster variants return
+ * `{ kind: "cluster", arn }`. Consumers branch on `kind` to choose between
+ * `rds:CreateDBSnapshot` and `rds:CreateDBClusterSnapshot`.
+ */
+export type SnapshotTarget = {
+    kind: "instance";
+    arn: string;
+} | {
+    kind: "cluster";
+    arn: string;
+};
 export interface EngineConfig {
+    family: DatabaseEngine;
     defaultUsername: string;
     sslParameters: Record<string, string>;
     rotationAppName: string;

package/dist/lib/utils/getConfig.d.ts CHANGED Viewed

@@ -1,9 +1,11 @@
+import { type ProviderAccount } from "@fjall/util/config";
 export interface Config {
     region: string;
     environment: string;
     accountId?: string;
     accountName?: string;
     accountIds?: Record<string, string>;
+    providerAccounts: ProviderAccount[];
     primaryRegion?: string;
     secondaryRegions: string[];
     allRegions: string[];

package/dist/lib/utils/getConfig.js CHANGED Viewed

@@ -6,6 +6,7 @@ export function getConfig(accountName) {
     const config = {
         region: process.env.AWS_REGION || "us-east-1",
         environment: "unknown",
+        providerAccounts: [],
         secondaryRegions: [],
         allRegions: []
     };
@@ -18,6 +19,7 @@ export function getConfig(accountName) {
     }
     const orgConfig = parseOrgConfig(typeof orgConfigRaw === "string" ? orgConfigRaw : undefined);
     const providerAccounts = orgConfig.providerAccounts;
+    config.providerAccounts = providerAccounts;
     config.primaryRegion = orgConfig.primaryRegion;
     config.secondaryRegions = orgConfig.secondaryRegions;
     config.disasterRecoveryRegion = orgConfig.disasterRecoveryRegion;

package/dist/lib/utils/index.d.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 export * from "./backupTierMapping.js";
 export * from "./capitaliseString.js";
+export * from "./cdkContext.js";
 export * from "./connections.js";
+export * from "./connector.js";
 export * from "./databaseTypes.js";
 export * from "./getConfig.js";
 export * from "./removalPolicy.js";
@@ -8,5 +10,7 @@ export * from "./resourceNaming.js";
 export * from "./standardTagsAspect.js";
 export * from "./validationLogger.js";
 export * from "./env.js";
+export * from "./vpcPeerInterface.js";
 export * from "./vpcUtils.js";
 export * from "./domainTypes.js";
+export * from "./migrationVersionResolvers.js";

package/dist/lib/utils/index.js CHANGED Viewed

@@ -1,6 +1,8 @@
 export * from "./backupTierMapping.js";
 export * from "./capitaliseString.js";
+export * from "./cdkContext.js";
 export * from "./connections.js";
+export * from "./connector.js";
 export * from "./databaseTypes.js";
 export * from "./getConfig.js";
 export * from "./removalPolicy.js";
@@ -8,5 +10,7 @@ export * from "./resourceNaming.js";
 export * from "./standardTagsAspect.js";
 export * from "./validationLogger.js";
 export * from "./env.js";
+export * from "./vpcPeerInterface.js";
 export * from "./vpcUtils.js";
 export * from "./domainTypes.js";
+export * from "./migrationVersionResolvers.js";