@flipboxlabs/aws-audit-cdk 1.1.0

package/dist/lib/index.js

@@ -0,0 +1,52 @@
+/**
+ * AWS Audit CDK Library
+ *
+ * Provides constructs for deploying audit infrastructure. Import and compose
+ * the constructs in your own stack as needed.
+ *
+ * @example
+ * ```typescript
+ * import * as cdk from "aws-cdk-lib";
+ * import type { Construct } from "constructs";
+ * import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+ *
+ * // Import constructs from the bootstrap directory
+ * import CloudWatch from "@flipboxlabs/aws-audit-cdk/bootstrap/cloudwatch/construct";
+ * import DynamoDB from "@flipboxlabs/aws-audit-cdk/bootstrap/dynamodb/construct";
+ * import EventBridge from "@flipboxlabs/aws-audit-cdk/bootstrap/eventbridge/construct";
+ * import RestAPI from "@flipboxlabs/aws-audit-cdk/bootstrap/rest-api/construct";
+ *
+ * interface Props {
+ *   config: CDKConfig;
+ * }
+ *
+ * export class AuditStack extends cdk.NestedStack {
+ *   constructor(scope: Construct, id: string, props: Props) {
+ *     super(scope, id, { description: "Audit" });
+ *
+ *     // DynamoDB (storage)
+ *     const { table } = new DynamoDB(this, "DynamoDB", { config: props.config });
+ *
+ *     // EventBridge (events)
+ *     const { eventBus } = new EventBridge(this, "EventBridge", {
+ *       config: props.config,
+ *     });
+ *
+ *     // CloudWatch (logging subscription)
+ *     new CloudWatch(this, "CloudWatch", {
+ *       config: props.config,
+ *       table,
+ *       eventBus,
+ *     });
+ *
+ *     // REST API (optional)
+ *     new RestAPI(this, "RestAPI", {
+ *       config: props.config,
+ *       table,
+ *       eventBus,
+ *     });
+ *   }
+ * }
+ * ```
+ */
+export * from "./nodejs.function.js";

package/dist/lib/nodejs.function.d.ts

@@ -0,0 +1,6 @@
+import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+import * as cdk from "aws-cdk-lib";
+import * as nodejs from "aws-cdk-lib/aws-lambda-nodejs";
+import type { Construct } from "constructs";
+export declare const ESMNodeFunctionFactory: (config: CDKConfig) => (scope: Construct, id: string, props: nodejs.NodejsFunctionProps) => cdk.aws_lambda_nodejs.NodejsFunction;
+//# sourceMappingURL=nodejs.function.d.ts.map

package/dist/lib/nodejs.function.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nodejs.function.d.ts","sourceRoot":"","sources":["../../src/lib/nodejs.function.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,KAAK,GAAG,MAAM,aAAa,CAAC;AAGnC,OAAO,KAAK,MAAM,MAAM,+BAA+B,CAAC;AAExD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5C,eAAO,MAAM,sBAAsB,GACjC,QAAQ,SAAS,MACjB,OAAO,SAAS,EAAE,IAAI,MAAM,EAAE,OAAO,MAAM,CAAC,mBAAmB,yCAyD/D,CAAC"}

package/dist/lib/nodejs.function.js

@@ -0,0 +1,48 @@
+import * as cdk from "aws-cdk-lib";
+import * as iam from "aws-cdk-lib/aws-iam";
+import * as lambda from "aws-cdk-lib/aws-lambda";
+import * as nodejs from "aws-cdk-lib/aws-lambda-nodejs";
+import * as logs from "aws-cdk-lib/aws-logs";
+export const ESMNodeFunctionFactory = (config) => (scope, id, props) => {
+    const nodejsFunction = new nodejs.NodejsFunction(scope, id, {
+        tracing: lambda.Tracing.ACTIVE,
+        timeout: props.timeout || cdk.Duration.seconds(10),
+        logRetention: props.logRetention || logs.RetentionDays.ONE_WEEK,
+        memorySize: props.memorySize || 512,
+        architecture: props.architecture || lambda.Architecture.ARM_64,
+        runtime: lambda.Runtime.NODEJS_20_X,
+        bundling: {
+            minify: true,
+            metafile: false,
+            externalModules: ["aws-sdk", "@aws-sdk/*"],
+            format: nodejs.OutputFormat.ESM,
+            platform: "node",
+            target: "esnext",
+            mainFields: ["module", "main"],
+            esbuildArgs: {
+                "--conditions": "module",
+                "--tree-shaking": "true",
+            },
+            banner: "import { createRequire } from 'module';const require = createRequire(import.meta.url);",
+        },
+        role: props.role ||
+            new iam.Role(scope, `${id}-FunctionRole`, {
+                assumedBy: new iam.ServicePrincipal("lambda.amazonaws.com"),
+                managedPolicies: [
+                    iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"),
+                ],
+            }),
+        ...props,
+        environment: {
+            ...props.environment,
+            ENVIRONMENT: config.env,
+            AWS_ACCOUNT: config.aws.account,
+            POWERTOOLS_LOG_LEVEL: "WARN",
+        },
+    });
+    if (config.service) {
+        nodejsFunction.addEnvironment("SERVICE", config.service);
+    }
+    nodejsFunction.addLayers(lambda.LayerVersion.fromLayerVersionArn(scope, `${id}InsightLayer`, `arn:aws:lambda:${cdk.Stack.of(scope).region}:580247275435:layer:LambdaInsightsExtension-Arm64:2`));
+    return nodejsFunction;
+};

package/dist/rest-api/construct.d.ts

@@ -0,0 +1,18 @@
+import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+import * as apigateway from "aws-cdk-lib/aws-apigateway";
+import type * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import type * as events from "aws-cdk-lib/aws-events";
+import { Construct } from "constructs";
+type Props = {
+    config: CDKConfig;
+    table: dynamodb.ITable;
+    eventBus: events.IEventBus;
+    /** Override REST API props. */
+    restApi?: Partial<apigateway.RestApiProps>;
+};
+export declare class RestApiConstruct extends Construct {
+    readonly restApi: apigateway.RestApi;
+    constructor(scope: Construct, id: string, props: Props);
+}
+export {};
+//# sourceMappingURL=construct.d.ts.map

package/dist/rest-api/construct.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"construct.d.ts","sourceRoot":"","sources":["../../src/rest-api/construct.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,KAAK,UAAU,MAAM,4BAA4B,CAAC;AACzD,OAAO,KAAK,KAAK,QAAQ,MAAM,0BAA0B,CAAC;AAC1D,OAAO,KAAK,KAAK,MAAM,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAGvC,KAAK,KAAK,GAAG;IACZ,MAAM,EAAE,SAAS,CAAC;IAClB,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC;IAC3B,+BAA+B;IAC/B,OAAO,CAAC,EAAE,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;CAC3C,CAAC;AAIF,qBAAa,gBAAiB,SAAQ,SAAS;IAC9C,SAAgB,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC;gBAEhC,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;CA6BtD"}

package/dist/rest-api/construct.js

@@ -0,0 +1,34 @@
+import * as apigateway from "aws-cdk-lib/aws-apigateway";
+import { Construct } from "constructs";
+import { RestApiResourcesConstruct as Resources } from "./resources/construct.js";
+const DEFAULT_STAGE_NAME_V1 = "v1";
+export class RestApiConstruct extends Construct {
+    restApi;
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.restApi = new apigateway.RestApi(this, "RESTApi", {
+            restApiName: [
+                props.config.env.toUpperCase(),
+                props.config.service,
+                "Audit",
+            ].join("-"),
+            disableExecuteApiEndpoint: false,
+            retainDeployments: true,
+            ...props.restApi,
+            deployOptions: {
+                stageName: DEFAULT_STAGE_NAME_V1,
+                loggingLevel: apigateway.MethodLoggingLevel.INFO,
+                metricsEnabled: true,
+                description: "Version 1",
+                dataTraceEnabled: true,
+                ...props.restApi?.deployOptions,
+            },
+        });
+        new Resources(this, "Resources", {
+            ...props,
+            restApi: {
+                resource: this.restApi.root,
+            },
+        });
+    }
+}

package/dist/rest-api/index.d.ts

@@ -0,0 +1,3 @@
+export { RestApiConstruct } from "./construct.js";
+export { RestApiResourcesConstruct } from "./resources/construct.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/rest-api/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/rest-api/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,yBAAyB,EAAE,MAAM,0BAA0B,CAAC"}

package/dist/rest-api/index.js

@@ -0,0 +1,2 @@
+export { RestApiConstruct } from "./construct.js";
+export { RestApiResourcesConstruct } from "./resources/construct.js";

package/dist/rest-api/resources/app/constants.d.ts

@@ -0,0 +1,5 @@
+export declare const API_RESOURCE: {
+    RESOURCE: string;
+    RESOURCE_WILDCARD: string;
+};
+//# sourceMappingURL=constants.d.ts.map

package/dist/rest-api/resources/app/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../src/rest-api/resources/app/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,YAAY;;;CAGxB,CAAC"}

package/dist/rest-api/resources/app/constants.js

@@ -0,0 +1,4 @@
+export const API_RESOURCE = {
+    RESOURCE: "apps",
+    RESOURCE_WILDCARD: "app",
+};

package/dist/rest-api/resources/app/construct.d.ts

@@ -0,0 +1,18 @@
+import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+import type * as apigateway from "aws-cdk-lib/aws-apigateway";
+import type * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import type * as events from "aws-cdk-lib/aws-events";
+import { Construct } from "constructs";
+type Props = {
+    config: CDKConfig;
+    table: dynamodb.ITable;
+    eventBus: events.IEventBus;
+    restApi: {
+        resource: apigateway.IResource;
+    };
+};
+export default class extends Construct {
+    constructor(scope: Construct, id: string, props: Props);
+}
+export {};
+//# sourceMappingURL=construct.d.ts.map

package/dist/rest-api/resources/app/construct.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"construct.d.ts","sourceRoot":"","sources":["../../../../src/rest-api/resources/app/construct.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,KAAK,KAAK,UAAU,MAAM,4BAA4B,CAAC;AAC9D,OAAO,KAAK,KAAK,QAAQ,MAAM,0BAA0B,CAAC;AAC1D,OAAO,KAAK,KAAK,MAAM,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAIvC,KAAK,KAAK,GAAG;IACZ,MAAM,EAAE,SAAS,CAAC;IAClB,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC;IAC3B,OAAO,EAAE;QACR,QAAQ,EAAE,UAAU,CAAC,SAAS,CAAC;KAC/B,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,OAAO,MAAO,SAAQ,SAAS;gBACzB,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;CActD"}

package/dist/rest-api/resources/app/construct.js

@@ -0,0 +1,18 @@
+import { Construct } from "constructs";
+import { API_RESOURCE } from "./constants.js";
+import Objects from "./resources/objects/construct.js";
+export default class extends Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        new Objects(this, "Objects", {
+            config: props.config,
+            table: props.table,
+            eventBus: props.eventBus,
+            restApi: {
+                resource: props.restApi.resource
+                    .addResource(API_RESOURCE.RESOURCE)
+                    .addResource(`{${API_RESOURCE.RESOURCE_WILDCARD}}`),
+            },
+        });
+    }
+}

package/dist/rest-api/resources/app/resources/objects/constants.d.ts

@@ -0,0 +1,7 @@
+export declare const API_RESOURCE: {
+    RESOURCE: string;
+    RESOURCE_WILDCARD: string;
+    RESOURCE_WILDCARD_ITEM: string;
+    RESOURCE_WILDCARD_ITEM_AUDIT: string;
+};
+//# sourceMappingURL=constants.d.ts.map

package/dist/rest-api/resources/app/resources/objects/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../../../src/rest-api/resources/app/resources/objects/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,YAAY;;;;;CAKxB,CAAC"}

package/dist/rest-api/resources/app/resources/objects/constants.js

@@ -0,0 +1,6 @@
+export const API_RESOURCE = {
+    RESOURCE: "objects",
+    RESOURCE_WILDCARD: "object",
+    RESOURCE_WILDCARD_ITEM: "item",
+    RESOURCE_WILDCARD_ITEM_AUDIT: "audit",
+};

package/dist/rest-api/resources/app/resources/objects/construct.d.ts

@@ -0,0 +1,18 @@
+import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+import * as apigateway from "aws-cdk-lib/aws-apigateway";
+import type * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import type * as events from "aws-cdk-lib/aws-events";
+import { Construct } from "constructs";
+type Props = {
+    config: CDKConfig;
+    table: dynamodb.ITable;
+    eventBus: events.IEventBus;
+    restApi: {
+        resource: apigateway.IResource;
+    };
+};
+export default class extends Construct {
+    constructor(scope: Construct, id: string, props: Props);
+}
+export {};
+//# sourceMappingURL=construct.d.ts.map

package/dist/rest-api/resources/app/resources/objects/construct.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"construct.d.ts","sourceRoot":"","sources":["../../../../../../src/rest-api/resources/app/resources/objects/construct.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,KAAK,UAAU,MAAM,4BAA4B,CAAC;AACzD,OAAO,KAAK,KAAK,QAAQ,MAAM,0BAA0B,CAAC;AAC1D,OAAO,KAAK,KAAK,MAAM,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAKvC,KAAK,KAAK,GAAG;IACZ,MAAM,EAAE,SAAS,CAAC;IAClB,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC;IAC3B,OAAO,EAAE;QACR,QAAQ,EAAE,UAAU,CAAC,SAAS,CAAC;KAC/B,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,OAAO,MAAO,SAAQ,SAAS;gBACzB,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;CAuDtD"}

package/dist/rest-api/resources/app/resources/objects/construct.js

@@ -0,0 +1,48 @@
+import * as url from "node:url";
+import * as apigateway from "aws-cdk-lib/aws-apigateway";
+import { Construct } from "constructs";
+import { ESMNodeFunctionFactory } from "../../../../../lib/index.js";
+import { API_RESOURCE } from "./constants.js";
+import ReRun from "./resources/rerun/construct.js";
+export default class extends Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const ref = [
+            props.config.env.toUpperCase(),
+            "REST-API",
+            props.config.service,
+            "Resources",
+        ].join("-");
+        // Lambda
+        const lambda = ESMNodeFunctionFactory(props.config)(this, "NodeFunction", {
+            functionName: ref,
+            entry: url.fileURLToPath(new URL("handler.ts", import.meta.url).toString()),
+            currentVersionOptions: {
+                retryAttempts: 1,
+            },
+        });
+        // Logger / Metrics / Tracing
+        lambda.addEnvironment("POWERTOOLS_SERVICE_NAME", "Resource");
+        // Audit
+        props.table.grantReadWriteData(lambda);
+        // Integration
+        const integration = new apigateway.LambdaIntegration(lambda);
+        const RESOURCE = props.restApi.resource
+            .addResource(API_RESOURCE.RESOURCE)
+            .addResource(`{${API_RESOURCE.RESOURCE_WILDCARD}}`);
+        const ITEM_RESOURCE = RESOURCE.addResource(`{${API_RESOURCE.RESOURCE_WILDCARD_ITEM}}`);
+        // /apps/{app}/objects/{object}/{item}
+        ITEM_RESOURCE.addMethod("GET", integration, {
+            apiKeyRequired: true,
+            operationName: "List audit items for resource",
+        });
+        new ReRun(this, "ReRun", {
+            config: props.config,
+            table: props.table,
+            eventBus: props.eventBus,
+            restApi: {
+                resource: ITEM_RESOURCE.addResource(`{${API_RESOURCE.RESOURCE_WILDCARD_ITEM_AUDIT}}`),
+            },
+        });
+    }
+}

package/dist/rest-api/resources/app/resources/objects/handler.d.ts

@@ -0,0 +1,3 @@
+import type { Context } from "aws-lambda";
+export declare const handler: (event: unknown, context: Context) => Promise<unknown>;
+//# sourceMappingURL=handler.d.ts.map

package/dist/rest-api/resources/app/resources/objects/handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../../../../src/rest-api/resources/app/resources/objects/handler.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AA4D1C,eAAO,MAAM,OAAO,GACnB,OAAO,OAAO,EACd,SAAS,OAAO,KACd,OAAO,CAAC,OAAO,CAAgC,CAAC"}

package/dist/rest-api/resources/app/resources/objects/handler.js

@@ -0,0 +1,40 @@
+import { Router } from "@aws-lambda-powertools/event-handler/http";
+import { Logger } from "@aws-lambda-powertools/logger";
+import { AuditService } from "@flipboxlabs/aws-audit-sdk";
+import { auditConfig, } from "../../../../../audit-config.js";
+import { API_RESOURCE as BASE_API_RESOURCE } from "../../constants.js";
+import { API_RESOURCE } from "./constants.js";
+import { PathSchema, QuerySchema, ResponseSchema } from "./schema.js";
+const logger = new Logger({
+    logRecordOrder: ["level", "message"],
+});
+const app = new Router();
+const audits = new AuditService(logger, auditConfig);
+app.get(`/${BASE_API_RESOURCE.RESOURCE}/:${BASE_API_RESOURCE.RESOURCE_WILDCARD}/${API_RESOURCE.RESOURCE}/:${API_RESOURCE.RESOURCE_WILDCARD}/:${API_RESOURCE.RESOURCE_WILDCARD_ITEM}`, async (reqCtx) => {
+    const { [BASE_API_RESOURCE.RESOURCE_WILDCARD]: appId, [API_RESOURCE.RESOURCE_WILDCARD]: objectType, [API_RESOURCE.RESOURCE_WILDCARD_ITEM]: itemId, } = reqCtx.valid.req.path;
+    const query = reqCtx.valid.req.query;
+    const pagination = query["pagination[pageSize]"] || query["pagination[nextToken]"]
+        ? {
+            pageSize: query["pagination[pageSize]"],
+            nextToken: query["pagination[nextToken]"],
+        }
+        : undefined;
+    return audits.listItems({
+        resource: {
+            type: objectType,
+            id: itemId,
+        },
+        app: appId,
+    }, pagination);
+}, {
+    validation: {
+        req: {
+            path: PathSchema,
+            query: QuerySchema,
+        },
+        res: {
+            body: ResponseSchema,
+        },
+    },
+});
+export const handler = async (event, context) => app.resolve(event, context);

package/dist/rest-api/resources/app/resources/objects/resources/rerun/constants.d.ts

@@ -0,0 +1,4 @@
+export declare const API_RESOURCE: {
+    RESOURCE: string;
+};
+//# sourceMappingURL=constants.d.ts.map

package/dist/rest-api/resources/app/resources/objects/resources/rerun/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../../../../../src/rest-api/resources/app/resources/objects/resources/rerun/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,YAAY;;CAExB,CAAC"}

package/dist/rest-api/resources/app/resources/objects/resources/rerun/constants.js

@@ -0,0 +1,3 @@
+export const API_RESOURCE = {
+    RESOURCE: "rerun",
+};

package/dist/rest-api/resources/app/resources/objects/resources/rerun/construct.d.ts

@@ -0,0 +1,18 @@
+import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+import * as apigateway from "aws-cdk-lib/aws-apigateway";
+import type * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import type * as events from "aws-cdk-lib/aws-events";
+import { Construct } from "constructs";
+type Props = {
+    config: CDKConfig;
+    table: dynamodb.ITable;
+    eventBus: events.IEventBus;
+    restApi: {
+        resource: apigateway.IResource;
+    };
+};
+export default class extends Construct {
+    constructor(scope: Construct, id: string, props: Props);
+}
+export {};
+//# sourceMappingURL=construct.d.ts.map

package/dist/rest-api/resources/app/resources/objects/resources/rerun/construct.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"construct.d.ts","sourceRoot":"","sources":["../../../../../../../../src/rest-api/resources/app/resources/objects/resources/rerun/construct.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,KAAK,UAAU,MAAM,4BAA4B,CAAC;AACzD,OAAO,KAAK,KAAK,QAAQ,MAAM,0BAA0B,CAAC;AAC1D,OAAO,KAAK,KAAK,MAAM,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAIvC,KAAK,KAAK,GAAG;IACZ,MAAM,EAAE,SAAS,CAAC;IAClB,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC;IAC3B,OAAO,EAAE;QACR,QAAQ,EAAE,UAAU,CAAC,SAAS,CAAC;KAC/B,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,OAAO,MAAO,SAAQ,SAAS;gBACzB,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;CAyCtD"}

package/dist/rest-api/resources/app/resources/objects/resources/rerun/construct.js

@@ -0,0 +1,38 @@
+import * as url from "node:url";
+import * as apigateway from "aws-cdk-lib/aws-apigateway";
+import { Construct } from "constructs";
+import { ESMNodeFunctionFactory } from "../../../../../../../lib/index.js";
+import { API_RESOURCE } from "./constants.js";
+export default class extends Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const ref = [
+            props.config.env.toUpperCase(),
+            "REST-API",
+            props.config.service,
+            "Resource-Rerun",
+        ].join("-");
+        // Lambda
+        const lambda = ESMNodeFunctionFactory(props.config)(this, "NodeFunction", {
+            functionName: ref,
+            entry: url.fileURLToPath(new URL("handler.ts", import.meta.url).toString()),
+            currentVersionOptions: {
+                retryAttempts: 1,
+            },
+        });
+        // Logger / Metrics / Tracing
+        lambda.addEnvironment("POWERTOOLS_SERVICE_NAME", "ResourceRerun");
+        // Audit
+        props.table.grantReadWriteData(lambda);
+        // Put events
+        props.eventBus.grantPutEventsTo(lambda);
+        // Integration
+        const integration = new apigateway.LambdaIntegration(lambda);
+        const RESOURCE = props.restApi.resource.addResource(API_RESOURCE.RESOURCE);
+        // /apps/{app}/objects/{object}/{item}/{audit}/rerun
+        RESOURCE.addMethod("POST", integration, {
+            apiKeyRequired: true,
+            operationName: "Rerun the event",
+        });
+    }
+}

package/dist/rest-api/resources/app/resources/objects/resources/rerun/handler.d.ts

@@ -0,0 +1,3 @@
+import type { Context } from "aws-lambda";
+export declare const handler: (event: unknown, context: Context) => Promise<unknown>;
+//# sourceMappingURL=handler.d.ts.map

package/dist/rest-api/resources/app/resources/objects/resources/rerun/handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../../../../../../src/rest-api/resources/app/resources/objects/resources/rerun/handler.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAgE1C,eAAO,MAAM,OAAO,GACnB,OAAO,OAAO,EACd,SAAS,OAAO,KACd,OAAO,CAAC,OAAO,CAAgC,CAAC"}

package/dist/rest-api/resources/app/resources/objects/resources/rerun/handler.js

@@ -0,0 +1,44 @@
+import { BadRequestError, Router, } from "@aws-lambda-powertools/event-handler/http";
+import { Logger } from "@aws-lambda-powertools/logger";
+import { EventBridgeClient } from "@aws-sdk/client-eventbridge";
+import { AuditService, BatchHandler, EventBridge, } from "@flipboxlabs/aws-audit-sdk";
+import { auditConfig, } from "../../../../../../../audit-config.js";
+import { API_RESOURCE as BASE_API_RESOURCE } from "../../../../constants.js";
+import { API_RESOURCE as ITEM_API_RESOURCE } from "../../constants.js";
+import { API_RESOURCE } from "./constants.js";
+import { PathSchema } from "./schema.js";
+const logger = new Logger({
+    logRecordOrder: ["level", "message"],
+});
+const app = new Router();
+const audits = new AuditService(logger, auditConfig);
+const eventBus = new BatchHandler(logger, new EventBridgeClient({ logger: logger }));
+app.post(`/${BASE_API_RESOURCE.RESOURCE}/:${BASE_API_RESOURCE.RESOURCE_WILDCARD}/${ITEM_API_RESOURCE.RESOURCE}/:${ITEM_API_RESOURCE.RESOURCE_WILDCARD}/:${ITEM_API_RESOURCE.RESOURCE_WILDCARD_ITEM}/:${ITEM_API_RESOURCE.RESOURCE_WILDCARD_ITEM_AUDIT}/${API_RESOURCE.RESOURCE}`, async (reqCtx) => {
+    const { [BASE_API_RESOURCE.RESOURCE_WILDCARD]: appId, [ITEM_API_RESOURCE.RESOURCE_WILDCARD]: resourceType, [ITEM_API_RESOURCE.RESOURCE_WILDCARD_ITEM_AUDIT]: auditId, } = reqCtx.valid.req.path;
+    const item = await audits.getItem({
+        app: appId,
+        resourceType: resourceType,
+        id: auditId,
+    });
+    if (!item.rerunable || !item.event) {
+        throw new BadRequestError("Item is not rerunable");
+    }
+    await eventBus.putEvents([
+        {
+            Source: item.event.source,
+            EventBusName: EventBridge.Bus.Name(),
+            Detail: JSON.stringify(item.event.detail),
+            DetailType: item.event["detail-type"],
+        },
+    ]);
+    return new Response(undefined, {
+        status: 204,
+    });
+}, {
+    validation: {
+        req: {
+            path: PathSchema,
+        },
+    },
+});
+export const handler = async (event, context) => app.resolve(event, context);

package/dist/rest-api/resources/app/resources/objects/resources/rerun/schema.d.ts

@@ -0,0 +1,7 @@
+import { z } from "zod";
+export declare const PathSchema: z.ZodObject<{
+    [x: string]: z.ZodEnum<{
+        [x: string]: string;
+    }> | z.ZodString;
+}, z.core.$strip>;
+//# sourceMappingURL=schema.d.ts.map

package/dist/rest-api/resources/app/resources/objects/resources/rerun/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../../../../../src/rest-api/resources/app/resources/objects/resources/rerun/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAKxB,eAAO,MAAM,UAAU;;;;iBAKrB,CAAC"}

package/dist/rest-api/resources/app/resources/objects/resources/rerun/schema.js

@@ -0,0 +1,10 @@
+import { z } from "zod";
+import { auditConfig } from "../../../../../../../audit-config.js";
+import { API_RESOURCE as BASE_API_RESOURCE } from "../../../../constants.js";
+import { API_RESOURCE as ITEM_API_RESOURCE } from "../../constants.js";
+export const PathSchema = z.object({
+    [BASE_API_RESOURCE.RESOURCE_WILDCARD]: auditConfig.schemas.app,
+    [ITEM_API_RESOURCE.RESOURCE_WILDCARD]: auditConfig.schemas.resourceType,
+    [ITEM_API_RESOURCE.RESOURCE_WILDCARD_ITEM]: z.string(),
+    [ITEM_API_RESOURCE.RESOURCE_WILDCARD_ITEM_AUDIT]: z.string(),
+});

package/dist/rest-api/resources/app/resources/objects/schema.d.ts

@@ -0,0 +1,64 @@
+import { z } from "zod";
+export declare const PathSchema: z.ZodObject<{
+    [x: string]: z.ZodEnum<{
+        [x: string]: string;
+    }> | z.ZodString;
+}, z.core.$strip>;
+export declare const QuerySchema: z.ZodObject<{
+    "pagination[pageSize]": z.ZodOptional<z.ZodCoercedNumber<unknown>>;
+    "pagination[nextToken]": z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export declare const ResponseSchema: z.ZodObject<{
+    items: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        tenantId: z.ZodOptional<z.ZodString>;
+        status: z.ZodEnum<{
+            success: "success";
+            warn: "warn";
+            fail: "fail";
+            skip: "skip";
+        }>;
+        tier: z.ZodDefault<z.ZodNumber>;
+        target: z.ZodObject<{
+            app: z.ZodString;
+            id: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
+            type: z.ZodString;
+        }, z.core.$strip>;
+        source: z.ZodOptional<z.ZodObject<{
+            app: z.ZodString;
+            id: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
+            type: z.ZodString;
+        }, z.core.$strip>>;
+        context: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<string | number | boolean | {
+            [key: string]: string | number | boolean | /*elided*/ any;
+        }, unknown, z.core.$ZodTypeInternals<string | number | boolean | {
+            [key: string]: string | number | boolean | /*elided*/ any;
+        }, unknown>>>>;
+        operation: z.ZodString;
+        message: z.ZodOptional<z.ZodString>;
+        rerunable: z.ZodOptional<z.ZodBoolean>;
+        trace: z.ZodOptional<z.ZodString>;
+        event: z.ZodOptional<z.ZodObject<{
+            source: z.ZodOptional<z.ZodString>;
+            "detail-type": z.ZodOptional<z.ZodString>;
+            detail: z.ZodPipe<z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>>, z.ZodTransform<string | undefined, string | Record<string, any> | undefined>>;
+        }, z.core.$strip>>;
+        error: z.ZodOptional<z.ZodUnion<readonly [z.ZodPipe<z.ZodString, z.ZodTransform<any, string>>, z.ZodPipe<z.ZodCustom<Error, Error>, z.ZodTransform<any, Error>>, z.ZodRecord<z.ZodAny, z.ZodAny>]>>;
+        attempts: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            number: z.ZodNumber;
+            status: z.ZodEnum<{
+                success: "success";
+                warn: "warn";
+                fail: "fail";
+                skip: "skip";
+            }>;
+            error: z.ZodOptional<z.ZodUnion<readonly [z.ZodPipe<z.ZodString, z.ZodTransform<any, string>>, z.ZodPipe<z.ZodCustom<Error, Error>, z.ZodTransform<any, Error>>, z.ZodRecord<z.ZodAny, z.ZodAny>]>>;
+            at: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodISODateTime, z.ZodCustom<Date, Date>]>, z.ZodTransform<string, string | Date>>>;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>>;
+    pagination: z.ZodOptional<z.ZodObject<{
+        pageSize: z.ZodOptional<z.ZodNullable<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>>;
+        nextToken: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+//# sourceMappingURL=schema.d.ts.map

package/dist/rest-api/resources/app/resources/objects/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../../../src/rest-api/resources/app/resources/objects/schema.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAKxB,eAAO,MAAM,UAAU;;;;iBAIrB,CAAC;AAGH,eAAO,MAAM,WAAW;;;iBAGtB,CAAC;AAEH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAAiD,CAAC"}

package/dist/rest-api/resources/app/resources/objects/schema.js

@@ -0,0 +1,16 @@
+import { AuditPayloadSchema, PaginationCollectionSchema, } from "@flipboxlabs/aws-audit-sdk";
+import { z } from "zod";
+import { auditConfig } from "../../../../../audit-config.js";
+import { API_RESOURCE as BASE_API_RESOURCE } from "../../constants.js";
+import { API_RESOURCE } from "./constants.js";
+export const PathSchema = z.object({
+    [BASE_API_RESOURCE.RESOURCE_WILDCARD]: auditConfig.schemas.app,
+    [API_RESOURCE.RESOURCE_WILDCARD]: auditConfig.schemas.resourceType,
+    [API_RESOURCE.RESOURCE_WILDCARD_ITEM]: z.string(),
+});
+// Query params use flat keys matching API Gateway's bracket notation
+export const QuerySchema = z.object({
+    "pagination[pageSize]": z.coerce.number().optional(),
+    "pagination[nextToken]": z.string().optional(),
+});
+export const ResponseSchema = PaginationCollectionSchema(AuditPayloadSchema);