npm - @fjall/components-infrastructure - Versions diffs - 2.8.0 → 2.9.0 - Mend

@fjall/components-infrastructure 2.8.0 → 2.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/lib/config/aws/disasterRecovery.d.ts +2 -1
package/dist/lib/config/aws/disasterRecovery.js +24 -12
package/dist/lib/resources/aws/backup/backupPlan.d.ts +2 -3
package/dist/lib/resources/aws/backup/backupPlan.js +1 -1
package/package.json +4 -4

package/dist/lib/config/aws/disasterRecovery.d.ts CHANGED Viewed

@@ -12,7 +12,8 @@ export interface DisasterRecoveryProps {
     customBackupPlans?: CustomBackupPlanConfig[];
 }
 export declare class DisasterRecovery extends Construct {
-    readonly backupVault: BackupVault;
+    readonly backupVault?: BackupVault;
+    private readonly vaultRef;
     readonly backupPlans: {
         standard: BackupPlan;
         resilient: BackupPlan;

package/dist/lib/config/aws/disasterRecovery.js CHANGED Viewed

@@ -29,7 +29,10 @@ const VAULT_LOCK = {
     GRACE_PERIOD: Duration.days(3)
 };
 export class DisasterRecovery extends Construct {
+    // Set in create-mode only; in adopt-mode the existing vault is referenced, not created.
     backupVault;
+    // Vault the plans write to: created vault (create-mode) or imported handle (adopt-mode).
+    vaultRef;
     backupPlans;
     customBackupPlans;
     constructor(scope, id, props) {
@@ -38,6 +41,9 @@ export class DisasterRecovery extends Construct {
         const providerAccounts = config.providerAccounts;
         const account = providerAccounts.find((pa) => pa.id === props.accountId);
         const isComplianceAccount = account?.environment === "compliance";
+        // Set by the deploy orchestration after probing DescribeBackupVault: adopt the
+        // retained fixed-name vault by reference rather than re-CREATE it (which collides).
+        const adoptExistingVault = this.node.tryGetContext("fjallAdoptBackupVault") === "true";
         const disasterRecoveryRegion = config.disasterRecoveryRegion;
         // Look up compliance account for cross-account replication
         // Skip if the compliance account (prevent self-replication)
@@ -56,14 +62,20 @@ export class DisasterRecovery extends Construct {
                 changeableFor: VAULT_LOCK.GRACE_PERIOD
             }
             : undefined;
-        // Create primary backup vault
-        this.backupVault = new BackupVault(this, "BackupVault", {
-            vaultName: BACKUP_VAULT_NAME,
-            removalPolicy: RemovalPolicy.RETAIN,
-            lockConfiguration: lockConfiguration
-        });
-        // Configure cross-account access policies
-        if (isComplianceAccount) {
+        if (adoptExistingVault) {
+            this.vaultRef = Vault.fromBackupVaultName(this, "BackupVault", BACKUP_VAULT_NAME);
+        }
+        else {
+            this.backupVault = new BackupVault(this, "BackupVault", {
+                vaultName: BACKUP_VAULT_NAME,
+                removalPolicy: RemovalPolicy.RETAIN,
+                lockConfiguration: lockConfiguration
+            });
+            this.vaultRef = this.backupVault.vault;
+        }
+        // Cross-account access policy — create-mode only. addToAccessPolicy is unavailable
+        // on an imported vault, and a live (locked) vault retains the grant written at creation.
+        if (this.backupVault && isComplianceAccount) {
             const allAccounts = providerAccounts;
             const productionAccounts = allAccounts.filter((acc) => acc.environment === "production");
             if (productionAccounts.length > 0) {
@@ -87,19 +99,19 @@ export class DisasterRecovery extends Construct {
                 planName: "standard",
                 rules: this.createStandardBackupRules("standard"),
                 tagValue: "default",
-                backupVault: this.backupVault
+                backupVault: this.vaultRef
             }),
             resilient: new BackupPlan(this, "ResilientBackupPlan", {
                 planName: "resilient",
                 rules: this.createResilientBackupRules("resilient", replicationVaultArn),
                 tagValue: "resilient",
-                backupVault: this.backupVault
+                backupVault: this.vaultRef
             }),
             enterprise: new BackupPlan(this, "EnterpriseBackupPlan", {
                 planName: "enterprise",
                 rules: this.createEnterpriseBackupRules("enterprise", replicationVaultArn, disasterRecoveryVaultArn),
                 tagValue: "enterprise",
-                backupVault: this.backupVault
+                backupVault: this.vaultRef
             })
         };
         // Create custom backup plans if provided
@@ -109,7 +121,7 @@ export class DisasterRecovery extends Construct {
                     planName: config.planName,
                     rules: config.rules,
                     tagValue: config.tagValue,
-                    backupVault: this.backupVault
+                    backupVault: this.vaultRef
                 });
             });
         }

package/dist/lib/resources/aws/backup/backupPlan.d.ts CHANGED Viewed

@@ -1,11 +1,10 @@
 import { Construct } from "constructs";
 import { CfnOutput } from "aws-cdk-lib";
-import { BackupPlan as Plan, BackupSelection, type BackupPlanRule } from "aws-cdk-lib/aws-backup";
-import { type BackupVault } from "./backupVault.js";
+import { BackupPlan as Plan, BackupSelection, type BackupPlanRule, type IBackupVault } from "aws-cdk-lib/aws-backup";
 export interface BackupPlanProps {
     planName: string;
     rules: BackupPlanRule[];
-    backupVault: BackupVault;
+    backupVault: IBackupVault;
     tagValue: string;
     tagKey?: string;
 }

package/dist/lib/resources/aws/backup/backupPlan.js CHANGED Viewed

@@ -12,7 +12,7 @@ export class BackupPlan extends Construct {
         const tagKey = props.tagKey || BACKUP_TIER_TAG_KEY;
         this.plan = new Plan(this, `${props.planName}Plan`, {
             backupPlanName: props.planName,
-            backupVault: props.backupVault.vault,
+            backupVault: props.backupVault,
             backupPlanRules: props.rules
         });
         this.selection = new BackupSelection(this, `${props.planName}Selection`, {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@fjall/components-infrastructure",
-  "version": "2.8.0",
+  "version": "2.9.0",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",
   "bin": {
@@ -63,8 +63,8 @@
   },
   "dependencies": {
     "@aws-sdk/client-organizations": "^3.1038.0",
-    "@fjall/generator": "^2.8.0",
-    "@fjall/util": "^2.8.0",
+    "@fjall/generator": "^2.9.0",
+    "@fjall/util": "^2.9.0",
     "constructs": "^10.0.0",
     "uuid": "^14.0.0"
   },
@@ -79,5 +79,5 @@
   "engines": {
     "node": ">=18.0.0"
   },
-  "gitHead": "6f82ea5b7fa9a4b23532708c5646a68e940c0b75"
+  "gitHead": "72c4668ef5ead59c0b981eca8037620875bcd1ba"
 }