@flipboxlabs/aws-audit-cdk 1.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Flipbox Labs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,36 @@
+# @flipboxlabs/aws-audit-cdk
+
+AWS Audit CDK - CDK constructs for AWS audit infrastructure.
+
+## Installation
+
+```bash
+npm install @flipboxlabs/aws-audit-cdk
+# or
+pnpm add @flipboxlabs/aws-audit-cdk
+```
+
+## Usage
+
+```typescript
+import { CloudWatchConstruct } from '@flipboxlabs/aws-audit-cdk/cloudwatch';
+import { DynamoDBConstruct } from '@flipboxlabs/aws-audit-cdk/dynamodb';
+import { EventBridgeConstruct } from '@flipboxlabs/aws-audit-cdk/eventbridge';
+import { RestApiConstruct } from '@flipboxlabs/aws-audit-cdk/rest-api';
+```
+
+## Constructs
+
+- **CloudWatchConstruct** - CloudWatch log subscription for audit capture
+- **DynamoDBConstruct** - DynamoDB table for audit storage
+- **EventBridgeConstruct** - EventBridge bus for audit events
+- **RestApiConstruct** - REST API for querying audits
+
+## Peer Dependencies
+
+- `aws-cdk-lib` >= 2.135.0
+- `constructs` >= 10.3.0
+
+## License
+
+MIT

package/dist/audit-config.d.ts

@@ -0,0 +1,59 @@
+/**
+ * Shared audit configuration for the CDK.
+ *
+ * Defines the valid apps and resource types used across all handlers and schemas.
+ * This config provides:
+ * - Type-safe app and resourceType values
+ * - Zod schemas for validation via `auditConfig.schemas`
+ *
+ * @example
+ * ```typescript
+ * import { auditConfig } from '../../audit-config.js';
+ *
+ * // Use in handlers
+ * const service = new AuditService(logger, auditConfig);
+ *
+ * // Use schemas for validation
+ * const PathSchema = z.object({
+ *   app: auditConfig.schemas.app,
+ *   object: auditConfig.schemas.resourceType,
+ * });
+ * ```
+ */
+export declare const auditConfig: {
+    service: string | undefined;
+} & {
+    readonly apps: readonly [];
+    readonly resourceTypes: readonly [];
+} & {
+    schemas: {
+        app: import("zod").ZodEnum<{
+            [x: string]: string;
+        }>;
+        resourceType: import("zod").ZodEnum<{
+            [x: string]: string;
+        }>;
+        resourceReference: import("zod").ZodObject<{
+            app: import("zod").ZodEnum<{
+                [x: string]: string;
+            }>;
+            type: import("zod").ZodEnum<{
+                [x: string]: string;
+            }>;
+            id: import("zod").ZodOptional<import("zod").ZodUnion<readonly [import("zod").ZodString, import("zod").ZodNumber]>>;
+        }, import("zod/v4/core").$strip>;
+    };
+    _types: {
+        App: never;
+        ResourceType: never;
+    };
+};
+/**
+ * Type alias for the App union type from the audit config.
+ */
+export type App = (typeof auditConfig)["_types"]["App"];
+/**
+ * Type alias for the ResourceType union type from the audit config.
+ */
+export type ResourceType = (typeof auditConfig)["_types"]["ResourceType"];
+//# sourceMappingURL=audit-config.d.ts.map

package/dist/audit-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-config.d.ts","sourceRoot":"","sources":["../src/audit-config.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;CAGtB,CAAC;AAEH;;GAEG;AACH,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC;AAExD;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC,cAAc,CAAC,CAAC"}

package/dist/audit-config.js

@@ -0,0 +1,27 @@
+import { defineAuditConfig } from "@flipboxlabs/aws-audit-sdk";
+/**
+ * Shared audit configuration for the CDK.
+ *
+ * Defines the valid apps and resource types used across all handlers and schemas.
+ * This config provides:
+ * - Type-safe app and resourceType values
+ * - Zod schemas for validation via `auditConfig.schemas`
+ *
+ * @example
+ * ```typescript
+ * import { auditConfig } from '../../audit-config.js';
+ *
+ * // Use in handlers
+ * const service = new AuditService(logger, auditConfig);
+ *
+ * // Use schemas for validation
+ * const PathSchema = z.object({
+ *   app: auditConfig.schemas.app,
+ *   object: auditConfig.schemas.resourceType,
+ * });
+ * ```
+ */
+export const auditConfig = defineAuditConfig({
+    apps: [],
+    resourceTypes: [],
+});

package/dist/cloudwatch/construct.d.ts

@@ -0,0 +1,20 @@
+import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+import type * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import type * as events from "aws-cdk-lib/aws-events";
+import { Construct } from "constructs";
+type Props = {
+    config: CDKConfig;
+    table: dynamodb.ITable;
+    eventBus: events.IEventBus;
+    subscriptionFilter?: {
+        /** Scope of the subscription filter policy. Defaults to "ALL". */
+        scope?: string;
+        /** Selection criteria for log groups. Defaults to excluding the subscription lambda's log group. */
+        selectionCriteria?: string;
+    };
+};
+export declare class CloudWatchConstruct extends Construct {
+    constructor(scope: Construct, id: string, props: Props);
+}
+export {};
+//# sourceMappingURL=construct.d.ts.map

package/dist/cloudwatch/construct.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"construct.d.ts","sourceRoot":"","sources":["../../src/cloudwatch/construct.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAE5D,OAAO,KAAK,KAAK,QAAQ,MAAM,0BAA0B,CAAC;AAC1D,OAAO,KAAK,KAAK,MAAM,MAAM,wBAAwB,CAAC;AAGtD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAGvC,KAAK,KAAK,GAAG;IACZ,MAAM,EAAE,SAAS,CAAC;IAClB,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC;IAE3B,kBAAkB,CAAC,EAAE;QACpB,kEAAkE;QAClE,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,oGAAoG;QACpG,iBAAiB,CAAC,EAAE,MAAM,CAAC;KAC3B,CAAC;CACF,CAAC;AAEF,qBAAa,mBAAoB,SAAQ,SAAS;gBACrC,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;CAoDtD"}

package/dist/cloudwatch/construct.js

@@ -0,0 +1,46 @@
+import * as url from "node:url";
+import { AUDIT_LOG_IDENTIFIER } from "@flipboxlabs/aws-audit-sdk";
+import { ServicePrincipal } from "aws-cdk-lib/aws-iam";
+import * as logs from "aws-cdk-lib/aws-logs";
+import { Construct } from "constructs";
+import { ESMNodeFunctionFactory } from "../lib/index.js";
+export class CloudWatchConstruct extends Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const ref = `${[props.config.env.toUpperCase(), "Account", "CloudWatch", "Subscription"].join("-")}`;
+        // Lambda Function
+        const lambda = ESMNodeFunctionFactory(props.config)(this, "subscription", {
+            functionName: ref,
+            entry: url.fileURLToPath(new URL("subscription.handler.ts", import.meta.url).toString()),
+            currentVersionOptions: {
+                retryAttempts: 2,
+            },
+        });
+        // Allow writes to DynamoDB
+        props.table.grantWriteData(lambda);
+        // Allow puts to EventBridge
+        props.eventBus.grantPutEventsTo(lambda);
+        // Permissions
+        lambda.addPermission("LogProcessorPermission", {
+            principal: new ServicePrincipal("logs.amazonaws.com"),
+            action: "lambda:InvokeFunction",
+            sourceArn: `arn:aws:logs:${props.config.aws.region}:${props.config.aws.account}:log-group:*`,
+            sourceAccount: props.config.aws.account,
+        });
+        // Create an Account-Level Subscription Filter Policy
+        const accountPolicy = new logs.CfnAccountPolicy(this, "AccountLevelLogSubscriptionPolicy", {
+            policyName: `${props.config.env.toUpperCase()}AccountLevelSubscriptionPolicy`,
+            policyType: "SUBSCRIPTION_FILTER_POLICY",
+            policyDocument: JSON.stringify({
+                DestinationArn: lambda.functionArn,
+                Distribution: "Random",
+                FilterPattern: `{ $.${AUDIT_LOG_IDENTIFIER}.operation = * }`,
+            }),
+            scope: props.subscriptionFilter?.scope ?? "ALL",
+            selectionCriteria: props.subscriptionFilter?.selectionCriteria ??
+                `LogGroupName NOT IN ["/aws/lambda/${lambda.functionName}"]`,
+        });
+        // Add explicit dependency on the Lambda function
+        accountPolicy.node.addDependency(lambda);
+    }
+}

package/dist/cloudwatch/subscription.handler.d.ts

@@ -0,0 +1,6 @@
+import middy from "@middy/core";
+import type { CloudWatchLogsEvent } from "aws-lambda";
+export declare const handler: middy.MiddyfiedHandler<CloudWatchLogsEvent, void, Error, import("aws-lambda").Context, {
+    [key: string]: unknown;
+}>;
+//# sourceMappingURL=subscription.handler.d.ts.map

package/dist/cloudwatch/subscription.handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"subscription.handler.d.ts","sourceRoot":"","sources":["../../src/cloudwatch/subscription.handler.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,MAAM,aAAa,CAAC;AAChC,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAgDtD,eAAO,MAAM,OAAO;;EAEkC,CAAC"}

package/dist/cloudwatch/subscription.handler.js

@@ -0,0 +1,34 @@
+import { CLOUDWATCH_LOGS, extractDataFromEnvelope, } from "@aws-lambda-powertools/jmespath/envelopes";
+import { Logger } from "@aws-lambda-powertools/logger";
+import { injectLambdaContext } from "@aws-lambda-powertools/logger/middleware";
+import { AUDIT_LOG_IDENTIFIER, AuditService } from "@flipboxlabs/aws-audit-sdk";
+import middy from "@middy/core";
+import { auditConfig } from "../audit-config.js";
+const logger = new Logger({
+    logRecordOrder: ["level", "message"],
+});
+const service = new AuditService(logger, auditConfig);
+const recordHandler = async (event) => {
+    const records = extractDataFromEnvelope(event, CLOUDWATCH_LOGS);
+    await Promise.allSettled(records.map(async (record) => {
+        const message = JSON.parse(record.message);
+        const audit = message[AUDIT_LOG_IDENTIFIER];
+        if (!audit) {
+            logger.warn("No audit log identifier found in message", { message });
+            return;
+        }
+        try {
+            logger.info("Storing audit to DynamoDB", { audit });
+            return await service.upsertItem(audit).then((result) => {
+                logger.info("Stored audit to DynamoDB", { result });
+                return result;
+            });
+        }
+        catch (error) {
+            logger.error("An error was caught trying to save audit item", {
+                error,
+            });
+        }
+    }));
+};
+export const handler = middy(async (event) => recordHandler(event)).use(injectLambdaContext(logger, { logEvent: true }));

package/dist/constants.d.ts

@@ -0,0 +1,9 @@
+export type CDKConfig = {
+    env: string;
+    aws: {
+        account: string;
+        region: string;
+    };
+    service?: string;
+};
+//# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,SAAS,GAAG;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE;QACJ,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;KACf,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC"}

package/dist/constants.js

@@ -0,0 +1 @@
+export {};

package/dist/dynamodb/audit.d.ts

@@ -0,0 +1,10 @@
+import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+import * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import { Construct } from "constructs";
+export default class extends Construct {
+    readonly table: dynamodb.Table;
+    constructor(scope: Construct, id: string, props: {
+        config: CDKConfig;
+    });
+}
+//# sourceMappingURL=audit.d.ts.map

package/dist/dynamodb/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/dynamodb/audit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAG5D,OAAO,KAAK,QAAQ,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,MAAM,CAAC,OAAO,MAAO,SAAQ,SAAS;IACrC,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC;gBAG9B,KAAK,EAAE,SAAS,EAChB,EAAE,EAAE,MAAM,EACV,KAAK,EAAE;QACN,MAAM,EAAE,SAAS,CAAC;KAClB;CAkHF"}

package/dist/dynamodb/audit.js

@@ -0,0 +1,114 @@
+import { DynamoDB } from "@flipboxlabs/aws-audit-sdk";
+import * as cdk from "aws-cdk-lib";
+import * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import { Construct } from "constructs";
+export default class extends Construct {
+    table;
+    constructor(scope, id, props) {
+        super(scope, id);
+        /**
+         * DynamoDB Table
+         */
+        this.table = new dynamodb.Table(this, "AuditTable", {
+            tableName: DynamoDB.Table.Name(props.config),
+            removalPolicy: cdk.RemovalPolicy.RETAIN,
+            billingMode: dynamodb.BillingMode.PAY_PER_REQUEST,
+            partitionKey: {
+                name: DynamoDB.Keys.PARTITION_KEY,
+                type: dynamodb.AttributeType.STRING,
+            },
+            sortKey: {
+                name: DynamoDB.Keys.SORT_KEY,
+                type: dynamodb.AttributeType.STRING,
+            },
+            stream: dynamodb.StreamViewType.NEW_AND_OLD_IMAGES,
+            timeToLiveAttribute: DynamoDB.Attributes.TTL,
+        });
+        /**
+         * LSIs (we can't add LSIs later)
+         */
+        this.table.addLocalSecondaryIndex({
+            indexName: DynamoDB.Indexes.LSI1_N,
+            sortKey: {
+                name: DynamoDB.Keys.LSI1_N_SORT_KEY,
+                type: dynamodb.AttributeType.NUMBER,
+            },
+        });
+        this.table.addLocalSecondaryIndex({
+            indexName: DynamoDB.Indexes.LSI1_S,
+            sortKey: {
+                name: DynamoDB.Keys.LSI1_S_SORT_KEY,
+                type: dynamodb.AttributeType.STRING,
+            },
+        });
+        // List by Resource
+        this.table.addGlobalSecondaryIndex({
+            indexName: DynamoDB.Indexes.GSI1_SN,
+            partitionKey: {
+                name: DynamoDB.Keys.GSI1_SN_PARTITION_KEY,
+                type: dynamodb.AttributeType.STRING,
+            },
+            sortKey: {
+                name: DynamoDB.Keys.GSI1_SN_SORT_KEY,
+                type: dynamodb.AttributeType.NUMBER,
+            },
+            projectionType: dynamodb.ProjectionType.INCLUDE,
+            nonKeyAttributes: [
+                "operation",
+                "status",
+                "message",
+                "source",
+                "target",
+                "rerunable",
+                "createdAt",
+            ],
+        });
+        // List by Trace Id
+        this.table.addGlobalSecondaryIndex({
+            indexName: DynamoDB.Indexes.GSI1_SS,
+            partitionKey: {
+                name: DynamoDB.Keys.GSI1_SS_PARTITION_KEY,
+                type: dynamodb.AttributeType.STRING,
+            },
+            sortKey: {
+                name: DynamoDB.Keys.GSI1_SS_SORT_KEY,
+                type: dynamodb.AttributeType.STRING,
+            },
+            projectionType: dynamodb.ProjectionType.INCLUDE,
+            nonKeyAttributes: [
+                "operation",
+                "status",
+                "message",
+                "source",
+                "target",
+                "rerunable",
+                "createdAt",
+                DynamoDB.Keys.GSI1_SN_PARTITION_KEY,
+                DynamoDB.Keys.GSI1_SN_SORT_KEY,
+            ],
+        });
+        // this.table.addGlobalSecondaryIndex({
+        // 	indexName: Indexes.GSI2_SS,
+        // 	partitionKey: {
+        // 		name: Keys.GSI2_SS_PARTITION_KEY,
+        // 		type: dynamodb.AttributeType.STRING,
+        // 	},
+        // 	sortKey: {
+        // 		name: Keys.GSI2_SS_SORT_KEY,
+        // 		type: dynamodb.AttributeType.STRING,
+        // 	},
+        // 	projectionType: dynamodb.ProjectionType.INCLUDE,
+        // 	nonKeyAttributes: [
+        // 		"operation",
+        // 		"status",
+        // 		"message",
+        // 		"result",
+        // 		"error",
+        // 		"source",
+        // 		"target",
+        // 		"rerunable",
+        // 		"_createdAt",
+        // 	],
+        // });
+    }
+}

package/dist/dynamodb/construct.d.ts

@@ -0,0 +1,10 @@
+import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+import type * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import { Construct } from "constructs";
+export declare class DynamoDBConstruct extends Construct {
+    readonly table: dynamodb.ITable;
+    constructor(scope: Construct, id: string, props: {
+        config: CDKConfig;
+    });
+}
+//# sourceMappingURL=construct.d.ts.map

package/dist/dynamodb/construct.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"construct.d.ts","sourceRoot":"","sources":["../../src/dynamodb/construct.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,KAAK,KAAK,QAAQ,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAIvC,qBAAa,iBAAkB,SAAQ,SAAS;IAC/C,SAAgB,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;gBAGtC,KAAK,EAAE,SAAS,EAChB,EAAE,EAAE,MAAM,EACV,KAAK,EAAE;QACN,MAAM,EAAE,SAAS,CAAC;KAClB;CAQF"}

package/dist/dynamodb/construct.js

@@ -0,0 +1,10 @@
+import { Construct } from "constructs";
+import AuditTable from "./audit.js";
+export class DynamoDBConstruct extends Construct {
+    table;
+    constructor(scope, id, props) {
+        super(scope, id);
+        const { table } = new AuditTable(this, "AuditTable", props);
+        this.table = table;
+    }
+}

package/dist/eventbridge/construct.d.ts

@@ -0,0 +1,10 @@
+import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+import * as events from "aws-cdk-lib/aws-events";
+import { Construct } from "constructs";
+export declare class EventBridgeConstruct extends Construct {
+    readonly eventBus: events.IEventBus;
+    constructor(scope: Construct, id: string, props: {
+        config: CDKConfig;
+    });
+}
+//# sourceMappingURL=construct.d.ts.map

package/dist/eventbridge/construct.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"construct.d.ts","sourceRoot":"","sources":["../../src/eventbridge/construct.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAE5D,OAAO,KAAK,MAAM,MAAM,wBAAwB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,qBAAa,oBAAqB,SAAQ,SAAS;IAClD,SAAgB,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC;gBAG1C,KAAK,EAAE,SAAS,EAChB,EAAE,EAAE,MAAM,EACV,KAAK,EAAE;QACN,MAAM,EAAE,SAAS,CAAC;KAClB;CASF"}

package/dist/eventbridge/construct.js

@@ -0,0 +1,13 @@
+import { EventBridge } from "@flipboxlabs/aws-audit-sdk";
+import * as events from "aws-cdk-lib/aws-events";
+import { Construct } from "constructs";
+export class EventBridgeConstruct extends Construct {
+    eventBus;
+    constructor(scope, id, props) {
+        super(scope, id);
+        // Our audit event bus
+        this.eventBus = new events.EventBus(this, "EventBus", {
+            eventBusName: EventBridge.Bus.Name(props.config),
+        });
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,53 @@
+/**
+ * AWS Audit CDK Library
+ *
+ * Provides constructs for deploying audit infrastructure. Import and compose
+ * the constructs in your own stack as needed.
+ *
+ * @example
+ * ```typescript
+ * import * as cdk from "aws-cdk-lib";
+ * import type { Construct } from "constructs";
+ * import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+ *
+ * // Import constructs from the bootstrap directory
+ * import { CloudWatchConstruct as CloudWatch } from "@flipboxlabs/aws-audit-cdk/cloudwatch";
+ * import { DynamoDBConstruct as DynamoDB } from "@flipboxlabs/aws-audit-cdk/dynamodb";
+ * import { EventBridgeConstruct as EventBridge } from "@flipboxlabs/aws-audit-cdk/eventbridge";
+ * import { RestApiConstruct as RestAPI } from "@flipboxlabs/aws-audit-cdk/rest-api";
+ *
+ * interface Props {
+ *   config: CDKConfig;
+ * }
+ *
+ * export class AuditStack extends cdk.NestedStack {
+ *   constructor(scope: Construct, id: string, props: Props) {
+ *     super(scope, id, { description: "Audit" });
+ *
+ *     // DynamoDB (storage)
+ *     const { table } = new DynamoDB(this, "DynamoDB", { config: props.config });
+ *
+ *     // EventBridge (events)
+ *     const { eventBus } = new EventBridge(this, "EventBridge", {
+ *       config: props.config,
+ *     });
+ *
+ *     // CloudWatch (logging subscription)
+ *     new CloudWatch(this, "CloudWatch", {
+ *       config: props.config,
+ *       table,
+ *       eventBus,
+ *     });
+ *
+ *     // REST API (optional)
+ *     new RestAPI(this, "RestAPI", {
+ *       config: props.config,
+ *       table,
+ *       eventBus,
+ *     });
+ *   }
+ * }
+ * ```
+ */
+export * from "./constants.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AAEH,cAAc,gBAAgB,CAAC"}

package/dist/index.js

@@ -0,0 +1,52 @@
+/**
+ * AWS Audit CDK Library
+ *
+ * Provides constructs for deploying audit infrastructure. Import and compose
+ * the constructs in your own stack as needed.
+ *
+ * @example
+ * ```typescript
+ * import * as cdk from "aws-cdk-lib";
+ * import type { Construct } from "constructs";
+ * import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+ *
+ * // Import constructs from the bootstrap directory
+ * import { CloudWatchConstruct as CloudWatch } from "@flipboxlabs/aws-audit-cdk/cloudwatch";
+ * import { DynamoDBConstruct as DynamoDB } from "@flipboxlabs/aws-audit-cdk/dynamodb";
+ * import { EventBridgeConstruct as EventBridge } from "@flipboxlabs/aws-audit-cdk/eventbridge";
+ * import { RestApiConstruct as RestAPI } from "@flipboxlabs/aws-audit-cdk/rest-api";
+ *
+ * interface Props {
+ *   config: CDKConfig;
+ * }
+ *
+ * export class AuditStack extends cdk.NestedStack {
+ *   constructor(scope: Construct, id: string, props: Props) {
+ *     super(scope, id, { description: "Audit" });
+ *
+ *     // DynamoDB (storage)
+ *     const { table } = new DynamoDB(this, "DynamoDB", { config: props.config });
+ *
+ *     // EventBridge (events)
+ *     const { eventBus } = new EventBridge(this, "EventBridge", {
+ *       config: props.config,
+ *     });
+ *
+ *     // CloudWatch (logging subscription)
+ *     new CloudWatch(this, "CloudWatch", {
+ *       config: props.config,
+ *       table,
+ *       eventBus,
+ *     });
+ *
+ *     // REST API (optional)
+ *     new RestAPI(this, "RestAPI", {
+ *       config: props.config,
+ *       table,
+ *       eventBus,
+ *     });
+ *   }
+ * }
+ * ```
+ */
+export * from "./constants.js";

package/dist/lib/index.d.ts

@@ -0,0 +1,53 @@
+/**
+ * AWS Audit CDK Library
+ *
+ * Provides constructs for deploying audit infrastructure. Import and compose
+ * the constructs in your own stack as needed.
+ *
+ * @example
+ * ```typescript
+ * import * as cdk from "aws-cdk-lib";
+ * import type { Construct } from "constructs";
+ * import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+ *
+ * // Import constructs from the bootstrap directory
+ * import CloudWatch from "@flipboxlabs/aws-audit-cdk/bootstrap/cloudwatch/construct";
+ * import DynamoDB from "@flipboxlabs/aws-audit-cdk/bootstrap/dynamodb/construct";
+ * import EventBridge from "@flipboxlabs/aws-audit-cdk/bootstrap/eventbridge/construct";
+ * import RestAPI from "@flipboxlabs/aws-audit-cdk/bootstrap/rest-api/construct";
+ *
+ * interface Props {
+ *   config: CDKConfig;
+ * }
+ *
+ * export class AuditStack extends cdk.NestedStack {
+ *   constructor(scope: Construct, id: string, props: Props) {
+ *     super(scope, id, { description: "Audit" });
+ *
+ *     // DynamoDB (storage)
+ *     const { table } = new DynamoDB(this, "DynamoDB", { config: props.config });
+ *
+ *     // EventBridge (events)
+ *     const { eventBus } = new EventBridge(this, "EventBridge", {
+ *       config: props.config,
+ *     });
+ *
+ *     // CloudWatch (logging subscription)
+ *     new CloudWatch(this, "CloudWatch", {
+ *       config: props.config,
+ *       table,
+ *       eventBus,
+ *     });
+ *
+ *     // REST API (optional)
+ *     new RestAPI(this, "RestAPI", {
+ *       config: props.config,
+ *       table,
+ *       eventBus,
+ *     });
+ *   }
+ * }
+ * ```
+ */
+export * from "./nodejs.function.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/lib/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AAEH,cAAc,sBAAsB,CAAC"}