npm - @fjall/components-infrastructure - Versions diffs - 0.96.0 → 0.99.3 - Mend

@fjall/components-infrastructure 0.96.0 → 0.99.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (209) hide show

package/dist/lib/patterns/aws/database.d.ts CHANGED Viewed

@@ -3,11 +3,13 @@ import type { ITopic } from "aws-cdk-lib/aws-sns";
 import type { RdsAlarmThresholds } from "../../resources/aws/monitoring/index.js";
 import type App from "../../app.js";
 import { type DynamoDBKeySchema, type DynamoDBGlobalSecondaryIndex } from "../../resources/aws/database/dynamodb.js";
+import { ClickHouseDatabase, type ClickHouseDatabaseProps } from "./clickhouseDatabase.js";
 import { type Connections, type IConnectable, type IVpc } from "aws-cdk-lib/aws-ec2";
 import { type ITable } from "aws-cdk-lib/aws-dynamodb";
 import { type Secret } from "../../resources/aws/secrets/index.js";
-import { type IGrantable, type Grant } from "aws-cdk-lib/aws-iam";
-import { type IRelationalDatabase, type IDynamoDBDatabase, type RelationalDatabaseType } from "./interfaces/database.js";
+import { PolicyStatement, type IGrantable, type Grant } from "aws-cdk-lib/aws-iam";
+import { type IRelationalDatabaseBase, type IRelationalInstanceDatabase, type IRelationalClusterDatabase, type IDynamoDBDatabase, type RelationalDatabaseType, type SnapshotTarget, type MigrationsConfig } from "./interfaces/database.js";
+import { type MigrationContributions } from "./interfaces/migrationContributor.js";
 import { type IDynamoDBConnector, type ISecurityGroupConnector } from "./interfaces/connector.js";
 import { type IInstanceEngine, type IClusterEngine } from "aws-cdk-lib/aws-rds";
 import { Duration } from "aws-cdk-lib";
@@ -44,6 +46,14 @@ type BaseDatabaseProps = {
     alarms?: RdsAlarmThresholds | false;
     /** Application ID for alarm tagging. */
     applicationId?: string;
+    /**
+     * Schema-version gate. When set, every container of every service whose
+     * `connections:` includes this database receives `EXPECTED_SCHEMA_VERSION`
+     * baked into its env at synth, unless the service sets `schemaGate: false`.
+     * `tool: "prisma"` uses the built-in directory-name resolver;
+     * `tool: "custom"` accepts a user-supplied `versionResolver`.
+     */
+    migrations?: MigrationsConfig;
 };
 export interface AuroraDatabaseProps extends BaseDatabaseProps {
     type: "Aurora";
@@ -150,7 +160,7 @@ export type IRelationalDatabaseProps = AuroraDatabaseProps | InstanceDatabasePro
 /**
  * All database props union.
  */
-export type IDatabaseProps = AuroraDatabaseProps | InstanceDatabaseProps | GlobalAuroraDatabaseProps | DynamoDBDatabaseProps;
+export type IDatabaseProps = AuroraDatabaseProps | InstanceDatabaseProps | GlobalAuroraDatabaseProps | DynamoDBDatabaseProps | ClickHouseDatabaseProps;
 /**
  * Factory for creating type-safe database resources.
  *
@@ -172,10 +182,11 @@ export type IDatabaseProps = AuroraDatabaseProps | InstanceDatabaseProps | Globa
  * cache.grantReadWriteData(lambda); // Available
  */
 export declare class DatabaseFactory {
-    static build(id: string, props: AuroraDatabaseProps): (app: App, scope: Construct) => RelationalDatabase;
-    static build(id: string, props: InstanceDatabaseProps): (app: App, scope: Construct) => RelationalDatabase;
-    static build(id: string, props: GlobalAuroraDatabaseProps): (app: App, scope: Construct) => RelationalDatabase;
+    static build(id: string, props: AuroraDatabaseProps): (app: App, scope: Construct) => RelationalDatabase & IRelationalClusterDatabase;
+    static build(id: string, props: InstanceDatabaseProps): (app: App, scope: Construct) => RelationalDatabase & IRelationalInstanceDatabase;
+    static build(id: string, props: GlobalAuroraDatabaseProps): (app: App, scope: Construct) => RelationalDatabase & IRelationalClusterDatabase;
     static build(id: string, props: DynamoDBDatabaseProps): (app: App, scope: Construct) => DynamoDBDatabase;
+    static build(id: string, props: ClickHouseDatabaseProps): (app: App, scope: Construct) => ClickHouseDatabase;
 }
 /**
  * DynamoDB database wrapper implementing IDynamoDBDatabase interface.
@@ -203,6 +214,15 @@ export declare class DynamoDBDatabase extends Construct implements IDynamoDBData
     grantReadWriteData(grantee: IGrantable): Grant;
     grantFullAccess(grantee: IGrantable): Grant;
     grantStreamRead(grantee: IGrantable): Grant;
+    /**
+     * Migration contributions for a task connecting to this DynamoDB table via
+     * `service.connections:`. DynamoDB has no network primitive (no SG, no port),
+     * so contributions are limited to env (table name + region) and an IAM policy
+     * granting CRUD on the table. Callers that only need read access should
+     * shadow the policy in their own `migrations:` block or rely on the
+     * author-explicit-wins precedence at the merge boundary.
+     */
+    getMigrationContributions(): MigrationContributions;
 }
 /**
  * Relational database wrapper implementing IRelationalDatabase interface.
@@ -215,7 +235,7 @@ export declare class DynamoDBDatabase extends Construct implements IDynamoDBData
  * }));
  * db.grantConnect(lambda);
  */
-export declare class RelationalDatabase extends Construct implements IRelationalDatabase, ISecurityGroupConnector {
+export declare class RelationalDatabase extends Construct implements IRelationalDatabaseBase, ISecurityGroupConnector {
     readonly id: string;
     readonly scope: Construct;
     readonly vpc: IVpc;
@@ -223,6 +243,7 @@ export declare class RelationalDatabase extends Construct implements IRelational
     readonly connectorType: "relational";
     connections: Connections;
     private readonly _databaseName;
+    private readonly migrationsConfig;
     private database;
     constructor(scope: Construct, id: string, props: IRelationalDatabaseProps);
     private resolveAlertsTopic;
@@ -234,12 +255,33 @@ export declare class RelationalDatabase extends Construct implements IRelational
     getCredentials(): Secret;
     getHostEndpoint(): string;
     getHostPort(): string;
+    getConnectionString(): string;
     getDatabaseName(): string;
+    getInstanceIdentifier(): string | undefined;
+    getClusterIdentifier(): string | undefined;
+    getSnapshotTarget(): SnapshotTarget;
+    getMigrationSnapshotPolicy(): PolicyStatement;
+    getMigrationsConfig(): MigrationsConfig | undefined;
+    getExpectedSchemaVersion(): string | undefined;
+    /**
+     * Migration contributions for a task connecting to this database via
+     * `service.connections:`. Returns env (host/port/name + snapshot identifiers
+     * when `migrations:` is declared), Secrets-Manager imports for credentials,
+     * the snapshot IAM policy when `migrations:` is declared, and egress to the
+     * database's primary security group on its port. Emits a synth warning when
+     * the primary SG is not yet bound (egress contribution is omitted in that
+     * case; callers may still wire egress manually in `separateTaskDef`).
+     */
+    getMigrationContributions(): MigrationContributions;
     /**
      * Grant connect permissions to a grantee by adding it to the database security group.
      * @param grantee The connectable principal to grant connect permissions to
      */
     grantConnect(grantee: IConnectable): void;
 }
+export { ClickHouseDatabase, type ClickHouseDatabaseProps };
+export { ClickHouseDefaultProfiles, ClickHouseSchemaAdminSchema, ManagedPasswordNameSchema, ProfileSpecSchema, type ClickHouseSchemaAdmin, type ManagedPasswordName, type ProfileSpec } from "../../resources/aws/database/clickhouseSchemas.js";
+export { renderUsersXml } from "../../resources/aws/database/clickhouseXmlRenderer.js";
+export type { RenderUsersXmlOptions } from "../../resources/aws/database/clickhouseXmlRenderer.js";
 export type { DynamoDBKeySchema, DynamoDBGlobalSecondaryIndex, DynamoDBTableProps } from "../../resources/aws/database/dynamodb.js";
-export { type IRelationalDatabase, type IDynamoDBDatabase, type AnyDatabase, type DatabaseType, type RelationalDatabaseType, isRelationalDatabase, isDynamoDBDatabase, isAuroraDatabase, isInstanceDatabase, isGlobalAuroraDatabase } from "./interfaces/database.js";
+export { type IRelationalDatabase, type IDynamoDBDatabase, type IClickHouseDatabase, type AnyDatabase, type DatabaseType, type RelationalDatabaseType, isRelationalDatabase, isDynamoDBDatabase, isClickHouseDatabase, isAuroraDatabase, isInstanceDatabase, isGlobalAuroraDatabase } from "./interfaces/database.js";

package/dist/lib/patterns/aws/database.js CHANGED Viewed

@@ -1,11 +1,16 @@
 import { Construct } from "constructs";
-import { CfnOutput, Fn, Stack } from "aws-cdk-lib";
-import { Topic } from "aws-cdk-lib/aws-sns";
+import { Annotations, ArnFormat, CfnOutput, Stack } from "aws-cdk-lib";
 import { RdsAurora, RdsInstance } from "../../resources/aws/database/index.js";
 import { RdsAuroraGlobal } from "../../resources/aws/database/rdsAuroraGlobal.js";
 import { DynamoDBTable } from "../../resources/aws/database/dynamodb.js";
+import { ClickHouseDatabase } from "./clickhouseDatabase.js";
 import { FjallLogger, warnIfPropertiesIgnored } from "../../utils/validationLogger.js";
 import { toPascalCase } from "../../utils/capitaliseString.js";
+import { resolveAlertsTopic as resolveAlertsTopicShared } from "../../utils/resolveAlertsTopic.js";
+import { Port } from "aws-cdk-lib/aws-ec2";
+import { Effect, PolicyStatement } from "aws-cdk-lib/aws-iam";
+import { MIGRATION_SNAPSHOT_NAME_PREFIX } from "./interfaces/database.js";
+import { pickLatestPrismaMigration } from "../../utils/migrationVersionResolvers.js";
 import { DatabaseClusterEngine, DatabaseInstanceEngine, AuroraPostgresEngineVersion, AuroraMysqlEngineVersion, PostgresEngineVersion, MysqlEngineVersion } from "aws-cdk-lib/aws-rds";
 import { Duration } from "aws-cdk-lib";
 export { isAwsManagedKey, isCMKRequested, AWS_MANAGED, USE_CMK } from "../../utils/databaseTypes.js";
@@ -63,6 +68,7 @@ export function getInstanceEngine(engine) {
 export function getEngineConfig(engine) {
     const config = DATABASE_ENGINE_CONFIG[engine];
     return {
+        family: engine,
         defaultUsername: config.defaultUsername,
         sslParameters: config.sslParameters,
         rotationAppName: config.rotationAppName
@@ -104,7 +110,9 @@ function validateDynamoDBProps(props) {
  * TypeScript's compile-time checks may not apply.
  */
 function validateRelationalDatabaseProps(props) {
-    // GlobalAurora requires primaryRegion
+    if (!props.vpc) {
+        throw new Error("VPC is required for relational database");
+    }
     if (props.type === "GlobalAurora" && !props.primaryRegion) {
         throw new Error("GlobalAurora database requires 'primaryRegion'. " +
             "Specify the AWS region where the primary cluster will be created.");
@@ -124,7 +132,7 @@ function validateDatabaseProps(props) {
     if (props.type === "DynamoDB") {
         validateDynamoDBProps(props);
     }
-    else {
+    else if (props.type !== "ClickHouse") {
         validateRelationalDatabaseProps(props);
     }
 }
@@ -151,14 +159,22 @@ function validateDatabaseProps(props) {
 export class DatabaseFactory {
     static build(id, props) {
         return (app, scope) => {
-            validateDatabaseProps(props);
             if (props.type === "DynamoDB") {
+                validateDatabaseProps(props);
                 return new DynamoDBDatabase(scope, id, props);
             }
+            if (props.type === "ClickHouse") {
+                const clickhouseProps = {
+                    ...props,
+                    vpc: props.vpc ?? app.getVpc()
+                };
+                return new ClickHouseDatabase(scope, id, clickhouseProps);
+            }
             const databaseProps = {
-                ...{ vpc: app.getVpc() },
-                ...props
+                ...props,
+                vpc: props.vpc ?? app.getVpc()
             };
+            validateDatabaseProps(databaseProps);
             return new RelationalDatabase(scope, id, databaseProps);
         };
     }
@@ -181,6 +197,7 @@ export class DynamoDBDatabase extends Construct {
     table;
     constructor(scope, id, props) {
         super(scope, id);
+        validateDynamoDBProps(props);
         this.id = id;
         const tableProps = {
             partitionKey: props.partitionKey,
@@ -224,7 +241,57 @@ export class DynamoDBDatabase extends Construct {
     grantStreamRead(grantee) {
         return this.table.grantStreamRead(grantee);
     }
+    /**
+     * Migration contributions for a task connecting to this DynamoDB table via
+     * `service.connections:`. DynamoDB has no network primitive (no SG, no port),
+     * so contributions are limited to env (table name + region) and an IAM policy
+     * granting CRUD on the table. Callers that only need read access should
+     * shadow the policy in their own `migrations:` block or rely on the
+     * author-explicit-wins precedence at the merge boundary.
+     */
+    getMigrationContributions() {
+        const environment = {
+            AWS_REGION: Stack.of(this).region,
+            DYNAMODB_TABLE_NAME: this.getTableName()
+        };
+        const taskRolePolicies = [
+            new PolicyStatement({
+                effect: Effect.ALLOW,
+                actions: [
+                    "dynamodb:GetItem",
+                    "dynamodb:PutItem",
+                    "dynamodb:UpdateItem",
+                    "dynamodb:DeleteItem",
+                    "dynamodb:Query",
+                    "dynamodb:Scan",
+                    "dynamodb:BatchGetItem",
+                    "dynamodb:BatchWriteItem",
+                    "dynamodb:DescribeTable"
+                ],
+                resources: [this.getTableArn(), `${this.getTableArn()}/index/*`]
+            })
+        ];
+        return { environment, taskRolePolicies };
+    }
 }
+/**
+ * Action-triple ↔ snapshot-kind lookup. Single source of truth for which RDS
+ * actions and ARN resource segment apply to instance vs cluster snapshots.
+ * Future variants (RDS Proxy, Aurora Serverless v2 with a new snapshot API)
+ * add a row here; no consumer needs updating.
+ */
+const SNAPSHOT_ACTION_TABLE = {
+    instance: {
+        createAction: "rds:CreateDBSnapshot",
+        describeAction: "rds:DescribeDBSnapshots",
+        resourceArnSegment: "snapshot"
+    },
+    cluster: {
+        createAction: "rds:CreateDBClusterSnapshot",
+        describeAction: "rds:DescribeDBClusterSnapshots",
+        resourceArnSegment: "cluster-snapshot"
+    }
+};
 /**
  * Relational database wrapper implementing IRelationalDatabase interface.
  * Supports Aurora, RDS Instance, and GlobalAurora database types.
@@ -244,31 +311,24 @@ export class RelationalDatabase extends Construct {
     connectorType = "relational";
     connections;
     _databaseName;
+    migrationsConfig;
     database;
     constructor(scope, id, props) {
         super(scope, id);
+        validateRelationalDatabaseProps(props);
         this.id = id;
         this.scope = scope;
         this.databaseType = props.type;
-        if (!props.vpc) {
-            throw new Error("VPC is required for relational database");
-        }
         this.vpc = props.vpc;
         this._databaseName = props.databaseName;
+        this.migrationsConfig = props.migrations;
         this.addDatabase(props);
     }
     resolveAlertsTopic(alertsTopic) {
-        if (alertsTopic === undefined)
-            return undefined;
-        if (typeof alertsTopic === "string") {
-            const arn = alertsTopic.startsWith("import:")
-                ? Fn.importValue(alertsTopic.slice("import:".length))
-                : alertsTopic;
-            return Topic.fromTopicArn(this, "AlertsTopic", arn);
-        }
-        return alertsTopic;
+        return resolveAlertsTopicShared(this, "AlertsTopic", alertsTopic);
     }
     addDatabase(props) {
+        validateRelationalDatabaseProps(props);
         switch (props.type) {
             case "Aurora":
                 this.addAurora(props);
@@ -286,8 +346,6 @@ export class RelationalDatabase extends Construct {
         }
     }
     addAurora(props) {
-        if (!props.vpc)
-            throw new Error("VPC is required for Aurora database");
         const resolvedDatabaseEngine = props.databaseEngine ?? "postgresql";
         const resolvedEngine = props.engine ?? getAuroraClusterEngine(resolvedDatabaseEngine);
         const engineConfig = getEngineConfig(resolvedDatabaseEngine);
@@ -324,8 +382,6 @@ export class RelationalDatabase extends Construct {
         this.addDatabaseOutputs(props);
     }
     addAuroraGlobal(props) {
-        if (!props.vpc)
-            throw new Error("VPC is required for Global Aurora database");
         if (!props.primaryRegion)
             throw new Error("primaryRegion is required for Global Aurora database");
         const resolvedDatabaseEngine = props.databaseEngine ?? "postgresql";
@@ -358,8 +414,6 @@ export class RelationalDatabase extends Construct {
         this.addDatabaseOutputs(props);
     }
     addRdsInstance(props) {
-        if (!props.vpc)
-            throw new Error("VPC is required for Instance database");
         const resolvedDatabaseEngine = props.databaseEngine ?? "postgresql";
         const resolvedEngine = props.engine ?? getInstanceEngine(resolvedDatabaseEngine);
         const engineConfig = getEngineConfig(resolvedDatabaseEngine);
@@ -431,9 +485,109 @@ export class RelationalDatabase extends Construct {
     getHostPort() {
         return this.database.getHostPort();
     }
+    getConnectionString() {
+        return this.database.getConnectionString();
+    }
     getDatabaseName() {
         return this._databaseName;
     }
+    getInstanceIdentifier() {
+        return "getInstanceIdentifier" in this.database
+            ? this.database.getInstanceIdentifier()
+            : undefined;
+    }
+    getClusterIdentifier() {
+        return "getClusterIdentifier" in this.database
+            ? this.database.getClusterIdentifier()
+            : undefined;
+    }
+    getSnapshotTarget() {
+        return this.database.getSnapshotTarget();
+    }
+    getMigrationSnapshotPolicy() {
+        const target = this.getSnapshotTarget();
+        const triple = SNAPSHOT_ACTION_TABLE[target.kind];
+        return new PolicyStatement({
+            effect: Effect.ALLOW,
+            actions: [
+                triple.createAction,
+                triple.describeAction,
+                "rds:AddTagsToResource"
+            ],
+            resources: [
+                target.arn,
+                Stack.of(this).formatArn({
+                    service: "rds",
+                    resource: triple.resourceArnSegment,
+                    resourceName: `${MIGRATION_SNAPSHOT_NAME_PREFIX}-*`,
+                    arnFormat: ArnFormat.COLON_RESOURCE_NAME
+                })
+            ]
+        });
+    }
+    getMigrationsConfig() {
+        return this.migrationsConfig;
+    }
+    getExpectedSchemaVersion() {
+        const config = this.migrationsConfig;
+        if (config === undefined)
+            return undefined;
+        const version = config.tool === "prisma"
+            ? pickLatestPrismaMigration(config.dir)
+            : config.versionResolver(config.dir);
+        // Empty / whitespace-only resolver output would silently bake an empty
+        // EXPECTED_SCHEMA_VERSION into containers; the runner's `!== ""` guard
+        // then skips the gate. Fail loud at synth instead.
+        if (version.trim() === "") {
+            throw new Error(`Database '${this._databaseName}': migrations.versionResolver returned an empty string for dir '${config.dir}' — refusing to inject an empty EXPECTED_SCHEMA_VERSION.`);
+        }
+        return version;
+    }
+    /**
+     * Migration contributions for a task connecting to this database via
+     * `service.connections:`. Returns env (host/port/name + snapshot identifiers
+     * when `migrations:` is declared), Secrets-Manager imports for credentials,
+     * the snapshot IAM policy when `migrations:` is declared, and egress to the
+     * database's primary security group on its port. Emits a synth warning when
+     * the primary SG is not yet bound (egress contribution is omitted in that
+     * case; callers may still wire egress manually in `separateTaskDef`).
+     */
+    getMigrationContributions() {
+        const environment = {
+            AWS_REGION: Stack.of(this).region,
+            DATABASE_HOST: this.getHostEndpoint(),
+            DATABASE_PORT: this.getHostPort(),
+            DATABASE_NAME: this.getDatabaseName()
+        };
+        if (this.migrationsConfig !== undefined) {
+            const target = this.getSnapshotTarget();
+            environment.SNAPSHOT_TARGET_KIND = target.kind;
+            environment.SNAPSHOT_TARGET_ARN = target.arn;
+        }
+        const credentials = this.getCredentials();
+        const secretsImport = {
+            DATABASE_USER: credentials.getImport("username"),
+            DATABASE_PASSWORD: credentials.getImport("password")
+        };
+        const taskRolePolicies = [];
+        if (this.migrationsConfig !== undefined) {
+            taskRolePolicies.push(this.getMigrationSnapshotPolicy());
+        }
+        const primarySg = this.connections.securityGroups[0];
+        const egress = [];
+        if (primarySg !== undefined) {
+            egress.push({
+                peer: primarySg,
+                port: Port.tcp(parseInt(this.getHostPort(), 10)),
+                description: `Migration runner to ${this._databaseName} for schema apply`
+            });
+        }
+        else {
+            Annotations.of(this).addWarning(`Database '${this._databaseName}': no primary security group exposed; ` +
+                "migration runner egress not auto-wired. Provide egress manually in separateTaskDef if needed.");
+        }
+        return { environment, secretsImport, taskRolePolicies, egress };
+    }
     /**
      * Grant connect permissions to a grantee by adding it to the database security group.
      * @param grantee The connectable principal to grant connect permissions to
@@ -442,5 +596,7 @@ export class RelationalDatabase extends Construct {
         this.connections.allowDefaultPortFrom(grantee);
     }
 }
-// Re-export interface types
-export { isRelationalDatabase, isDynamoDBDatabase, isAuroraDatabase, isInstanceDatabase, isGlobalAuroraDatabase } from "./interfaces/database.js";
+export { ClickHouseDatabase };
+export { ClickHouseDefaultProfiles, ClickHouseSchemaAdminSchema, ManagedPasswordNameSchema, ProfileSpecSchema } from "../../resources/aws/database/clickhouseSchemas.js";
+export { renderUsersXml } from "../../resources/aws/database/clickhouseXmlRenderer.js";
+export { isRelationalDatabase, isDynamoDBDatabase, isClickHouseDatabase, isAuroraDatabase, isInstanceDatabase, isGlobalAuroraDatabase } from "./interfaces/database.js";

package/dist/lib/patterns/aws/domain.js CHANGED Viewed

@@ -6,7 +6,7 @@ import { validateDomainProps } from "./domainValidation.js";
 import { composeApexDomain } from "./apexDomainPattern.js";
 import { composeDelegatedDomain } from "./delegatedDomainPattern.js";
 import { composeExternalRecords } from "./externalRecordsPattern.js";
-import { DEFAULT_COST_ALLOCATION_ENVIRONMENT } from "../../utils/costAllocationTags.js";
+import { applyCostAllocationTags } from "../../utils/costAllocationTags.js";
 /**
  * User-facing Route53-oriented domain construct. Dispatches on
  * `props.registrar` to one of three per-registrar patterns:
@@ -74,9 +74,11 @@ export class Domain extends Construct {
         const effectiveZone = resolveEffectiveZoneName(props);
         const description = props.description ?? `Fjall-managed domain for ${effectiveZone}`;
         Tags.of(this).add("fjall:description", description);
-        Tags.of(this).add("fjall:costAllocation:environment", props.costAllocationEnvironment ?? DEFAULT_COST_ALLOCATION_ENVIRONMENT);
-        Tags.of(this).add("fjall:costAllocation:service", "domain");
-        Tags.of(this).add("fjall:costAllocation:domain", props.zoneName);
+        applyCostAllocationTags(this, {
+            service: "domain",
+            domain: props.zoneName,
+            environment: props.costAllocationEnvironment
+        });
     }
     #applyUserTags(props) {
         if (!props.tags) {

package/dist/lib/patterns/aws/index.d.ts CHANGED Viewed

@@ -12,6 +12,7 @@ export * from "./domainDelegation.js";
 export { Domain } from "./domain.js";
 export * from "./targets/index.js";
 export { getDomainExportNames, type DnsRecordInput, type DelegationInput, type CertificateInput, type DomainApexProps, type DomainDelegatedProps, type IDomainProps, type ManagedDomainExports, type FjallTarget, type StandardRecord, type DnsRecord, type Certificate, type SubdomainDelegation, type DomainCommonProps, type Route53ApexProps, type ExternalDelegatedProps, type ExternalRecordsProps, type DomainProps, type ManualRecord } from "./interfaces/domain.js";
+export { MIGRATION_SNAPSHOT_NAME_PREFIX, EXPECTED_SCHEMA_VERSION_ENV, EXPECTED_SCHEMA_VERSION_TOOL_ENV } from "./interfaces/database.js";
 export * from "./compute.js";
 export * from "./storage.js";
 export * from "./auditRole.js";

package/dist/lib/patterns/aws/index.js CHANGED Viewed

@@ -18,6 +18,7 @@ export * from "./targets/index.js";
 // `AliasRecord` DNS-record construct re-exported via `resources/aws/networking`
 // and the `AliasRecord` TypeScript type declared in `interfaces/domain.ts`.
 export { getDomainExportNames } from "./interfaces/domain.js";
+export { MIGRATION_SNAPSHOT_NAME_PREFIX, EXPECTED_SCHEMA_VERSION_ENV, EXPECTED_SCHEMA_VERSION_TOOL_ENV } from "./interfaces/database.js";
 // Patterns
 export * from "./compute.js";
 export * from "./storage.js";

package/dist/lib/patterns/aws/interfaces/compute.d.ts CHANGED Viewed

@@ -12,7 +12,7 @@
  * lambda.getFunctionUrl(); // ✓ Available on ILambdaCompute
  * lambda.getLoadBalancer(); // ✗ Compile error - not on ILambdaCompute
  */
-import { type ICluster, type IBaseService } from "aws-cdk-lib/aws-ecs";
+import { type ICluster, type IBaseService, type ITaskDefinition } from "aws-cdk-lib/aws-ecs";
 import { type IApplicationLoadBalancer } from "aws-cdk-lib/aws-elasticloadbalancingv2";
 import { type IFunction } from "aws-cdk-lib/aws-lambda";
 import { type IAutoScalingGroup } from "aws-cdk-lib/aws-autoscaling";
@@ -52,6 +52,12 @@ export interface IEcsCompute extends ICompute, IConnectable {
     getService(name: string): IBaseService | undefined;
     /** Get all services in the cluster. */
     getAllServices(): IBaseService[];
+    /**
+     * Get the task definition for a specific service. Used by Schedule /
+     * Subscription targets to construct the EcsTask adapter for EventBridge
+     * invocation. Returns undefined for unknown service names.
+     */
+    getTaskDefinition(serviceName: string): ITaskDefinition | undefined;
     /** Get the security group for the cluster. */
     getSecurityGroup(): ISecurityGroup;
     /**