@fjall/components-infrastructure 0.96.0 → 0.99.3

package/dist/lib/resources/aws/compute/ec2.js

@@ -1,27 +1,75 @@
 import { InstanceType, LaunchTemplate, SubnetType, MachineImage, LaunchTemplateHttpTokens, KeyPair, SecurityGroup, Peer, Port, Connections } from "aws-cdk-lib/aws-ec2";
 import { Construct } from "constructs";
 import { resolvePrivateSubnetType } from "../../../utils/vpcUtils.js";
-import { Duration, Stack } from "aws-cdk-lib";
-import { AutoScalingGroup, GroupMetrics, TerminationPolicy, UpdatePolicy, OnDemandAllocationStrategy, SpotAllocationStrategy } from "aws-cdk-lib/aws-autoscaling";
+import { safeEbs } from "./blockDeviceVolume.js";
+import { Duration, Stack, Tags } from "aws-cdk-lib";
+import { AutoScalingGroup, GroupMetrics, Monitoring, TerminationPolicy, UpdatePolicy, OnDemandAllocationStrategy, SpotAllocationStrategy } from "aws-cdk-lib/aws-autoscaling";
 import { AwsCustomResource } from "../utilities/awsCustomResource.js";
 import { PhysicalResourceId } from "aws-cdk-lib/custom-resources";
 import { Vpc } from "../networking/vpc.js";
+import { Ec2GracefulTerminationHandler } from "./ec2GracefulTerminationHandler.js";
+import { PersistentDataVolume } from "./persistentDataVolume.js";
+/**
+ * SOC2-uniform default root device when callers omit `blockDevices`.
+ * `/dev/xvda` is the AL2023 / EcsOptimizedImage root device name and matches
+ * every Linux AMI consumed by `Ec2Instance` today (ECS, Buildkite, ClickHouse).
+ * `encrypted: true` enforces EBS encryption at the wrapper layer rather than
+ * relying on the AWS account-level "encryption by default" setting — the
+ * propagation contract documented in
+ * `.claude/rules/generator-standards.md § "Wrapper Routing Discipline"`.
+ */
+const DEFAULT_ROOT_DEVICE_NAME = "/dev/xvda";
+const DEFAULT_ROOT_VOLUME_SIZE_GIB = 30;
+/**
+ * Resolve the caller's `updatePolicy` prop to a CDK `UpdatePolicy`. Default
+ * (`config` absent) → single-instance rolling roll on every
+ * `LaunchTemplateVersion` change. The `none` branch returns `undefined` so
+ * `addAutoScalingGroup` can conditionally spread the field — passing
+ * `updatePolicy: undefined` directly emits an empty `UpdatePolicy: {}` block
+ * on some CDK versions.
+ *
+ * Free function rather than a private method: `this` state is not read, and
+ * a free function is easier to reach from focused tests.
+ */
+function resolveUpdatePolicy(config) {
+    const resolved = config ?? { type: "rollingUpdate" };
+    switch (resolved.type) {
+        case "none":
+            return undefined;
+        case "replacingUpdate":
+            return UpdatePolicy.replacingUpdate();
+        case "rollingUpdate":
+            return UpdatePolicy.rollingUpdate({
+                minInstancesInService: 0,
+                maxBatchSize: 1,
+                pauseTime: resolved.pauseTime ?? Duration.minutes(5)
+            });
+        default:
+            return assertNever(resolved);
+    }
+}
+function assertNever(value) {
+    throw new Error(`Ec2Instance.updatePolicy: unrecognised config ${JSON.stringify(value)}`);
+}
 export class Ec2Instance extends Construct {
     launchTemplate;
     vpc;
     asgSecurityGroup;
     autoScalingGroup;
     keyPair;
+    persistentDataVolume;
     connections;
     constructor(scope, id, props) {
         super(scope, id);
+        validateEc2InstanceProps(props);
         this.addVpc(props);
         this.addKeyPair(props);
         this.addLaunchTemplate(props);
         this.addAutoScalingGroup(props);
+        this.applyInstanceTags(props);
         this.suspendAutoScaling(props);
-        // Initialise connections with the security group and optional defaultPort
-        // When defaultPort is set, other resources can use allowToDefaultPort(ec2Instance)
+        this.addPersistentDataVolume(props);
+        this.addGracefulTerminationHandler(props);
         this.connections = new Connections({
             securityGroups: [this.asgSecurityGroup],
             defaultPort: props.defaultPort ? Port.tcp(props.defaultPort) : undefined
@@ -43,52 +91,76 @@ export class Ec2Instance extends Construct {
             this.keyPair = undefined;
         }
         else {
-            // TODO: Break out into a separate construct for use with better prop handling
             this.keyPair = new KeyPair(this, "KeyPair", {
                 keyPairName: `${props.serviceName}KeyPair`
             });
         }
     }
     addLaunchTemplate(props) {
-        this.asgSecurityGroup = new SecurityGroup(this, `AsgSecurityGroup`, {
-            vpc: this.vpc,
-            description: `Security group for the ${props.serviceName} auto scaling group`
-        });
+        if (props.securityGroup !== undefined) {
+            this.asgSecurityGroup = props.securityGroup;
+        }
+        else {
+            this.asgSecurityGroup = new SecurityGroup(this, `AsgSecurityGroup`, {
+                vpc: this.vpc,
+                description: `Security group for the ${props.serviceName} auto scaling group`
+            });
+        }
         if (props.enableSSH) {
             this.asgSecurityGroup.addIngressRule(Peer.anyIpv4(), Port.tcp(22), "Allow SSH");
         }
         this.launchTemplate = new LaunchTemplate(this, "LaunchTemplate", {
             launchTemplateName: `${props.serviceName}LaunchTemplate`,
-            instanceType: new InstanceType(`${props.instanceType}`),
-            machineImage: props.machineImage || MachineImage.latestAmazonLinux2023(),
+            instanceType: new InstanceType(props.instanceType),
+            machineImage: props.machineImage ?? MachineImage.latestAmazonLinux2023(),
             userData: props.userData,
             role: props.role,
-            blockDevices: props?.blockDevices,
+            blockDevices: props.blockDevices ?? [
+                {
+                    deviceName: DEFAULT_ROOT_DEVICE_NAME,
+                    volume: safeEbs(DEFAULT_ROOT_VOLUME_SIZE_GIB)
+                }
+            ],
             securityGroup: this.asgSecurityGroup,
-            detailedMonitoring: true,
+            detailedMonitoring: props.instanceMonitoring === undefined
+                ? true
+                : props.instanceMonitoring === Monitoring.DETAILED,
             requireImdsv2: true,
             httpPutResponseHopLimit: 2,
             httpTokens: LaunchTemplateHttpTokens.REQUIRED,
             instanceMetadataTags: true,
             keyPair: this.keyPair,
-            associatePublicIpAddress: !!this.keyPair
+            associatePublicIpAddress: props.associatePublicIpAddress ?? !!this.keyPair
         });
     }
     addAutoScalingGroup(props) {
-        // TODO: Handle terminating EC2 instances when updating, currently hangs.
+        const vpcSubnets = props.vpcSubnets ?? {
+            subnetType: props.enableSSH
+                ? SubnetType.PUBLIC
+                : resolvePrivateSubnetType(this.vpc)
+        };
+        const resolvedUpdatePolicy = resolveUpdatePolicy(props.updatePolicy);
         const baseAsgProps = {
             vpc: this.vpc,
-            vpcSubnets: {
-                subnetType: props.enableSSH
-                    ? SubnetType.PUBLIC
-                    : resolvePrivateSubnetType(this.vpc)
-            },
+            vpcSubnets,
             minCapacity: props.minCapacity,
             maxCapacity: props.maxCapacity,
+            ...(props.desiredCapacity !== undefined && {
+                desiredCapacity: props.desiredCapacity
+            }),
+            ...(props.capacityRebalance !== undefined && {
+                capacityRebalance: props.capacityRebalance
+            }),
             cooldown: Duration.seconds(60),
             groupMetrics: [GroupMetrics.all()],
-            updatePolicy: UpdatePolicy.replacingUpdate(),
-            newInstancesProtectedFromScaleIn: true,
+            ...(resolvedUpdatePolicy !== undefined && {
+                updatePolicy: resolvedUpdatePolicy
+            }),
+            // ECS task drain on terminate is handled by the EC2_INSTANCE_TERMINATING
+            // lifecycle hook + Ec2GracefulTerminationHandler (300s heartbeat), not by
+            // managed termination protection. Leaving instances scale-in-protected
+            // wedges CFN rollback because ASG cannot terminate the instance.
+            newInstancesProtectedFromScaleIn: false,
             terminationPolicies: [
                 TerminationPolicy.OLDEST_LAUNCH_CONFIGURATION,
                 TerminationPolicy.CLOSEST_TO_NEXT_INSTANCE_HOUR
@@ -98,7 +170,7 @@ export class Ec2Instance extends Construct {
         // Support spot instances via mixed instances policy
         if (props.spotCapacityPercentage !== undefined &&
             props.spotCapacityPercentage > 0) {
-            const spotPercentage = Math.min(100, Math.max(0, props.spotCapacityPercentage));
+            const spotPercentage = Math.min(100, props.spotCapacityPercentage);
             const onDemandPercentage = 100 - spotPercentage;
             this.autoScalingGroup = new AutoScalingGroup(this, "AutoScalingGroup", {
                 ...baseAsgProps,
@@ -119,6 +191,24 @@ export class Ec2Instance extends Construct {
                 launchTemplate: this.launchTemplate
             });
         }
+        if (props.warmPool !== undefined) {
+            this.autoScalingGroup.addWarmPool(props.warmPool);
+        }
+    }
+    /**
+     * Apply `props.tags` to the underlying ASG with
+     * `applyToLaunchedInstances: true` so the CFN ASG `Tags` array carries
+     * `{ Key, Value, PropagateAtLaunch: true }` for each entry. Enables
+     * tag-based SSM `SendCommand` targeting on the launched EC2 instances.
+     */
+    applyInstanceTags(props) {
+        if (props.tags === undefined)
+            return;
+        for (const [key, value] of Object.entries(props.tags)) {
+            Tags.of(this.autoScalingGroup).add(key, value, {
+                applyToLaunchedInstances: true
+            });
+        }
     }
     /**
      * Get the Auto Scaling Group.
@@ -126,6 +216,34 @@ export class Ec2Instance extends Construct {
     getAutoScalingGroup() {
         return this.autoScalingGroup;
     }
+    /**
+     * Wire an ASG `EC2_INSTANCE_TERMINATING` hook + Lambda so instances
+     * terminate cleanly during stack updates and stack deletes. Drain ownership
+     * lives at the EC2 layer; ECS-specific drain plugs in via `ecsClusterArn`
+     * so a single hook handles bare-EC2 (bastion, Fivetran) and ECS-wired
+     * ASGs (ClickHouse) without duplicate plumbing in the ECS layer.
+     */
+    addGracefulTerminationHandler(props) {
+        const dataVolumeOwnerLogicalId = this.persistentDataVolume?.ownerLogicalId;
+        new Ec2GracefulTerminationHandler(this, `${props.serviceName}GracefulTermination`, {
+            autoScalingGroup: this.autoScalingGroup,
+            ...(props.ecsClusterArn !== undefined &&
+                props.ecsClusterArn !== "" && {
+                ecsClusterArn: props.ecsClusterArn
+            }),
+            ...(dataVolumeOwnerLogicalId !== undefined && {
+                dataVolumeOwnerLogicalId
+            })
+        });
+    }
+    addPersistentDataVolume(props) {
+        if (props.persistentDataVolume === undefined)
+            return;
+        this.persistentDataVolume = new PersistentDataVolume(this, `${props.serviceName}PersistentDataVolume`, {
+            autoScalingGroup: this.autoScalingGroup,
+            ...props.persistentDataVolume
+        });
+    }
     suspendAutoScaling(_props) {
         const suspendCall = {
             service: "AutoScaling",
@@ -143,9 +261,31 @@ export class Ec2Instance extends Construct {
         });
     }
 }
+function validateEc2InstanceProps(props) {
+    if (props.persistentDataVolume !== undefined) {
+        const azs = props.vpcSubnets?.availabilityZones;
+        if (azs === undefined || azs.length !== 1) {
+            throw new Error(`Ec2Instance.persistentDataVolume requires vpcSubnets.availabilityZones to be exactly 1 entry; got ${azs?.length ?? 0}`);
+        }
+        if (azs[0] !== props.persistentDataVolume.availabilityZone) {
+            throw new Error(`Ec2Instance.persistentDataVolume.availabilityZone must match vpcSubnets.availabilityZones[0]; got '${props.persistentDataVolume.availabilityZone}' vs '${azs[0]}'`);
+        }
+    }
+    if (props.tags !== undefined) {
+        for (const [key, value] of Object.entries(props.tags)) {
+            if (key === "") {
+                throw new Error("Ec2Instance.tags: empty-string keys are not permitted");
+            }
+            if (value === "") {
+                throw new Error(`Ec2Instance.tags['${key}']: empty-string values are not permitted`);
+            }
+        }
+    }
+}
 export class Ec2InstanceStack extends Stack {
     constructor(scope, id, props) {
         super(scope, id, props);
+        validateEc2InstanceProps(props);
         new Ec2Instance(this, id, {
             ...props
         });

package/dist/lib/resources/aws/compute/ec2GracefulTerminationHandler.d.ts

@@ -0,0 +1,41 @@
+import { type AutoScalingGroup } from "aws-cdk-lib/aws-autoscaling";
+import { Construct } from "constructs";
+import { LambdaFunction } from "./lambda.js";
+import { SQSQueue } from "../messaging/sqs.js";
+/**
+ * Description prefix baked into the Lambda + execution-role descriptions.
+ * Tests grep CFN output for this needle to locate the function across
+ * stacks that may contain unrelated Lambdas — keep it here as the single
+ * source of truth so a rename does not silently break the test query.
+ */
+export declare const EC2_GRACEFUL_TERMINATION_HANDLER_DESCRIPTION = "EC2 graceful termination handler";
+export interface Ec2GracefulTerminationHandlerProps {
+    /** ASG to attach the EC2_INSTANCE_TERMINATING hook to. */
+    autoScalingGroup: AutoScalingGroup;
+    /**
+     * ECS cluster ARN — when set, the Lambda drains and deregisters the
+     * container instance before generic cleanup. Empty string is normalised
+     * to `undefined`; consumers should pass `undefined` for bare-EC2
+     * deployments (bastion, Fivetran).
+     */
+    ecsClusterArn?: string;
+    /**
+     * `fjall:OwnerLogicalId` of a paired `PersistentDataVolume`. When set, the
+     * Lambda detaches the tagged volume from the terminating instance before
+     * `CompleteLifecycleAction`. Empty string is normalised to `undefined`.
+     * Pass the `PersistentDataVolume.ownerLogicalId` so the TERMINATING and
+     * LAUNCHING handlers locate the same volume.
+     */
+    dataVolumeOwnerLogicalId?: string;
+}
+/**
+ * ASG `EC2_INSTANCE_TERMINATING` hook + Lambda that drains the instance
+ * cleanly. Drain ownership lives at the EC2 layer; ECS-specific drain plugs
+ * in via `ecsClusterArn` so a single hook handles both bare-EC2 (bastion,
+ * Fivetran) and ECS-wired ASGs (ClickHouse).
+ */
+export declare class Ec2GracefulTerminationHandler extends Construct {
+    readonly lambda: LambdaFunction;
+    readonly queue: SQSQueue;
+    constructor(scope: Construct, id: string, props: Ec2GracefulTerminationHandlerProps);
+}

package/dist/lib/resources/aws/compute/ec2GracefulTerminationHandler.js

@@ -0,0 +1,194 @@
+import { readFileSync } from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { Aws, Stack } from "aws-cdk-lib";
+import { Code, Runtime } from "aws-cdk-lib/aws-lambda";
+import { PolicyStatement, Effect } from "aws-cdk-lib/aws-iam";
+import { RetentionDays } from "aws-cdk-lib/aws-logs";
+import { LifecycleTransition, DefaultResult } from "aws-cdk-lib/aws-autoscaling";
+import { Construct } from "constructs";
+import { attachInlineAsgLifecycleHook } from "./asgInlineLifecycleHook.js";
+import { LambdaFunction } from "./lambda.js";
+import { PERSISTENT_DATA_VOLUME_TAG_LIFECYCLE, PERSISTENT_DATA_VOLUME_TAG_LIFECYCLE_VALUE, PERSISTENT_DATA_VOLUME_TAG_STACK_ID } from "./persistentDataVolume.js";
+import { SQSQueue } from "../messaging/sqs.js";
+import { Subscription } from "../messaging/subscription.js";
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const LAMBDA_SOURCE_FILE = "ec2GracefulTerminationLambda.source.cjs";
+/**
+ * Description prefix baked into the Lambda + execution-role descriptions.
+ * Tests grep CFN output for this needle to locate the function across
+ * stacks that may contain unrelated Lambdas — keep it here as the single
+ * source of truth so a rename does not silently break the test query.
+ */
+export const EC2_GRACEFUL_TERMINATION_HANDLER_DESCRIPTION = "EC2 graceful termination handler";
+const LAMBDA_TIMEOUT_SECONDS = 300;
+// Heartbeat must comfortably exceed the Lambda's drain (240s) + detach (60s)
+// budget so the hook does not time out mid-cleanup when PDV is wired.
+const HOOK_HEARTBEAT_SECONDS = 600;
+const QUEUE_VISIBILITY_TIMEOUT_SECONDS = 360;
+/**
+ * ASG `EC2_INSTANCE_TERMINATING` hook + Lambda that drains the instance
+ * cleanly. Drain ownership lives at the EC2 layer; ECS-specific drain plugs
+ * in via `ecsClusterArn` so a single hook handles both bare-EC2 (bastion,
+ * Fivetran) and ECS-wired ASGs (ClickHouse).
+ */
+export class Ec2GracefulTerminationHandler extends Construct {
+    lambda;
+    queue;
+    constructor(scope, id, props) {
+        super(scope, id);
+        const sourcePath = path.resolve(__dirname, LAMBDA_SOURCE_FILE);
+        const source = readFileSync(sourcePath, "utf-8");
+        const ecsClusterArn = resolveOptionalString(props.ecsClusterArn);
+        const dataVolumeOwnerLogicalId = resolveOptionalString(props.dataVolumeOwnerLogicalId);
+        this.queue = new SQSQueue(this, `${id}Queue`, {
+            visibilityTimeout: QUEUE_VISIBILITY_TIMEOUT_SECONDS,
+            deadLetterQueue: { enabled: true, maxReceiveCount: 5 }
+        });
+        const ecsPolicies = ecsClusterArn !== undefined
+            ? [
+                new PolicyStatement({
+                    effect: Effect.ALLOW,
+                    actions: ["ecs:ListContainerInstances"],
+                    resources: [ecsClusterArn]
+                }),
+                new PolicyStatement({
+                    effect: Effect.ALLOW,
+                    actions: [
+                        "ecs:DescribeContainerInstances",
+                        "ecs:UpdateContainerInstancesState",
+                        "ecs:DeregisterContainerInstance"
+                    ],
+                    resources: ["*"],
+                    conditions: {
+                        ArnEquals: { "ecs:cluster": ecsClusterArn }
+                    }
+                })
+            ]
+            : [];
+        const ec2Policies = new PolicyStatement({
+            effect: Effect.ALLOW,
+            actions: [
+                "ec2:DescribeAddresses",
+                "ec2:DisassociateAddress",
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:DetachNetworkInterface"
+            ],
+            resources: ["*"]
+        });
+        const elbReadPolicy = new PolicyStatement({
+            effect: Effect.ALLOW,
+            actions: [
+                "elasticloadbalancing:DescribeTargetGroups",
+                "elasticloadbalancing:DescribeTargetHealth"
+            ],
+            resources: ["*"]
+        });
+        const elbDeregisterPolicy = new PolicyStatement({
+            effect: Effect.ALLOW,
+            actions: ["elasticloadbalancing:DeregisterTargets"],
+            resources: ["*"],
+            conditions: {
+                StringEquals: {
+                    "aws:ResourceTag/aws:cloudformation:stack-id": Aws.STACK_ID
+                }
+            }
+        });
+        const stack = Stack.of(this);
+        // Account/region-scoped wildcard rather than the specific ASG ARN —
+        // see PersistentDataVolume for the full deadlock writeup. Same gotcha:
+        // a specific ARN creates a CFN Ref to the ASG, the Lambda's IAM Policy
+        // waits for ASG CREATE_COMPLETE, the ASG can't complete without this
+        // Lambda's CompleteLifecycleAction call on its first terminating instance.
+        const asgArnWildcard = `arn:${stack.partition}:autoscaling:${stack.region}:${stack.account}:autoScalingGroup:*:autoScalingGroupName/*`;
+        const asgPolicy = new PolicyStatement({
+            effect: Effect.ALLOW,
+            actions: ["autoscaling:CompleteLifecycleAction"],
+            resources: [asgArnWildcard]
+        });
+        const volumeArnPattern = `arn:${stack.partition}:ec2:${stack.region}:${stack.account}:volume/*`;
+        const instanceArnPattern = `arn:${stack.partition}:ec2:${stack.region}:${stack.account}:instance/*`;
+        const dataVolumePolicies = dataVolumeOwnerLogicalId !== undefined
+            ? [
+                new PolicyStatement({
+                    effect: Effect.ALLOW,
+                    actions: ["ec2:DescribeVolumes"],
+                    resources: ["*"]
+                }),
+                new PolicyStatement({
+                    effect: Effect.ALLOW,
+                    actions: ["ec2:DetachVolume"],
+                    resources: [volumeArnPattern],
+                    conditions: {
+                        StringEquals: {
+                            [`aws:ResourceTag/${PERSISTENT_DATA_VOLUME_TAG_LIFECYCLE}`]: PERSISTENT_DATA_VOLUME_TAG_LIFECYCLE_VALUE,
+                            [`aws:ResourceTag/${PERSISTENT_DATA_VOLUME_TAG_STACK_ID}`]: Aws.STACK_ID
+                        }
+                    }
+                }),
+                new PolicyStatement({
+                    effect: Effect.ALLOW,
+                    actions: ["ec2:DetachVolume"],
+                    resources: [instanceArnPattern]
+                })
+            ]
+            : [];
+        this.lambda = new LambdaFunction(this, `${id}Fn`, {
+            runtime: Runtime.NODEJS_22_X,
+            handler: "index.handler",
+            code: Code.fromInline(source),
+            lambdaDescription: `${id} ${EC2_GRACEFUL_TERMINATION_HANDLER_DESCRIPTION}`,
+            roleDescription: `Execution role for ${id} ${EC2_GRACEFUL_TERMINATION_HANDLER_DESCRIPTION}`,
+            timeout: LAMBDA_TIMEOUT_SECONDS,
+            memorySize: 256,
+            logGroupRetention: RetentionDays.ONE_MONTH,
+            environment: {
+                ...(ecsClusterArn !== undefined && { ECS_CLUSTER_ARN: ecsClusterArn }),
+                ...(dataVolumeOwnerLogicalId !== undefined && {
+                    DATA_VOLUME_OWNER_LOGICAL_ID: dataVolumeOwnerLogicalId,
+                    DATA_VOLUME_STACK_ID: Aws.STACK_ID
+                })
+            },
+            inlinePolicy: [
+                ...ecsPolicies,
+                ec2Policies,
+                elbReadPolicy,
+                elbDeregisterPolicy,
+                asgPolicy,
+                ...dataVolumePolicies
+            ]
+        });
+        this.lambda.addSqsEventSource(this.queue.getQueue());
+        // Hook name embeds Aws.STACK_NAME (pseudo-parameter Ref, NOT a resource
+        // Ref — no CFN dep) so LifecycleHookName alone discriminates across
+        // stacks in the EB pattern. Sibling LAUNCHING hook uses "-launching".
+        const terminatingHookName = `${Aws.STACK_NAME}-${id}-terminating`;
+        attachInlineAsgLifecycleHook(this, `${id}TerminatingHook`, {
+            autoScalingGroup: props.autoScalingGroup,
+            hookName: terminatingHookName,
+            lifecycleTransition: LifecycleTransition.INSTANCE_TERMINATING,
+            defaultResult: DefaultResult.CONTINUE,
+            heartbeatTimeoutSeconds: HOOK_HEARTBEAT_SECONDS
+        });
+        // No AutoScalingGroupName in the pattern — that would create a CFN Ref to
+        // the ASG and block the EB rule on ASG CREATE_COMPLETE (deadlock — see
+        // wildcard ARN comment above and the PersistentDataVolume sibling).
+        new Subscription(this, `${id}TerminatingSub`, {
+            pattern: {
+                source: ["aws.autoscaling"],
+                detailType: ["EC2 Instance-terminate Lifecycle Action"],
+                detail: {
+                    LifecycleHookName: [terminatingHookName]
+                }
+            },
+            target: this.queue
+        });
+    }
+}
+function resolveOptionalString(value) {
+    if (value === undefined)
+        return undefined;
+    if (value === "")
+        return undefined;
+    return value;
+}