@flipboxlabs/aws-audit-cdk 1.1.0

package/dist/rest-api/resources/construct.d.ts

@@ -0,0 +1,18 @@
+import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+import type * as apigateway from "aws-cdk-lib/aws-apigateway";
+import type * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import type * as events from "aws-cdk-lib/aws-events";
+import { Construct } from "constructs";
+interface Props {
+    config: CDKConfig;
+    table: dynamodb.ITable;
+    eventBus: events.IEventBus;
+    restApi: {
+        resource: apigateway.IResource;
+    };
+}
+export declare class RestApiResourcesConstruct extends Construct {
+    constructor(scope: Construct, id: string, props: Props);
+}
+export {};
+//# sourceMappingURL=construct.d.ts.map

package/dist/rest-api/resources/construct.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"construct.d.ts","sourceRoot":"","sources":["../../../src/rest-api/resources/construct.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,KAAK,KAAK,UAAU,MAAM,4BAA4B,CAAC;AAC9D,OAAO,KAAK,KAAK,QAAQ,MAAM,0BAA0B,CAAC;AAC1D,OAAO,KAAK,KAAK,MAAM,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAIvC,UAAU,KAAK;IACd,MAAM,EAAE,SAAS,CAAC;IAClB,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC;IAC3B,OAAO,EAAE;QACR,QAAQ,EAAE,UAAU,CAAC,SAAS,CAAC;KAE/B,CAAC;CACF;AAED,qBAAa,yBAA0B,SAAQ,SAAS;gBAC3C,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;CAOtD"}

package/dist/rest-api/resources/construct.js

@@ -0,0 +1,10 @@
+import { Construct } from "constructs";
+import App from "./app/construct.js";
+import Trace from "./trace/construct.js";
+export class RestApiResourcesConstruct extends Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        new Trace(this, "Trace", props);
+        new App(this, "App", props);
+    }
+}

package/dist/rest-api/resources/trace/constants.d.ts

@@ -0,0 +1,4 @@
+export declare const API_RESOURCE: {
+    RESOURCE: string;
+};
+//# sourceMappingURL=constants.d.ts.map

package/dist/rest-api/resources/trace/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../src/rest-api/resources/trace/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,YAAY;;CAExB,CAAC"}

package/dist/rest-api/resources/trace/constants.js

@@ -0,0 +1,3 @@
+export const API_RESOURCE = {
+    RESOURCE: "trace",
+};

package/dist/rest-api/resources/trace/construct.d.ts

@@ -0,0 +1,16 @@
+import type { CDKConfig } from "@flipboxlabs/aws-audit-cdk";
+import * as apigateway from "aws-cdk-lib/aws-apigateway";
+import type * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import { Construct } from "constructs";
+type Props = {
+    config: CDKConfig;
+    table: dynamodb.ITable;
+    restApi: {
+        resource: apigateway.IResource;
+    };
+};
+export default class extends Construct {
+    constructor(scope: Construct, id: string, props: Props);
+}
+export {};
+//# sourceMappingURL=construct.d.ts.map

package/dist/rest-api/resources/trace/construct.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"construct.d.ts","sourceRoot":"","sources":["../../../../src/rest-api/resources/trace/construct.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,KAAK,UAAU,MAAM,4BAA4B,CAAC;AACzD,OAAO,KAAK,KAAK,QAAQ,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAIvC,KAAK,KAAK,GAAG;IACZ,MAAM,EAAE,SAAS,CAAC;IAClB,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;IACvB,OAAO,EAAE;QACR,QAAQ,EAAE,UAAU,CAAC,SAAS,CAAC;KAC/B,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,OAAO,MAAO,SAAQ,SAAS;gBACzB,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;CAwCtD"}

package/dist/rest-api/resources/trace/construct.js

@@ -0,0 +1,38 @@
+import * as url from "node:url";
+import * as apigateway from "aws-cdk-lib/aws-apigateway";
+import { Construct } from "constructs";
+import { ESMNodeFunctionFactory } from "../../../lib/index.js";
+import { API_RESOURCE } from "./constants.js";
+export default class extends Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const ref = [
+            props.config.env.toUpperCase(),
+            "REST-API",
+            props.config.service,
+            "Trace",
+        ].join("-");
+        // Lambda
+        const lambda = ESMNodeFunctionFactory(props.config)(this, "NodeFunction", {
+            functionName: ref,
+            entry: url.fileURLToPath(new URL("handler.ts", import.meta.url).toString()),
+            currentVersionOptions: {
+                retryAttempts: 1,
+            },
+        });
+        // Logger / Metrics / Tracing
+        lambda.addEnvironment("POWERTOOLS_SERVICE_NAME", "Trace");
+        // DynamoDB
+        props.table.grantReadWriteData(lambda);
+        // Integration
+        const integration = new apigateway.LambdaIntegration(lambda);
+        const RESOURCE = props.restApi.resource
+            .addResource(API_RESOURCE.RESOURCE)
+            .addResource(`{${API_RESOURCE.RESOURCE}}`);
+        // /trace/{trace}
+        RESOURCE.addMethod("GET", integration, {
+            apiKeyRequired: true,
+            operationName: "Retrieve items by trace identifier",
+        });
+    }
+}

package/dist/rest-api/resources/trace/handler.d.ts

@@ -0,0 +1,3 @@
+import type { Context } from "aws-lambda";
+export declare const handler: (event: unknown, context: Context) => Promise<unknown>;
+//# sourceMappingURL=handler.d.ts.map

package/dist/rest-api/resources/trace/handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../../src/rest-api/resources/trace/handler.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAgD1C,eAAO,MAAM,OAAO,GACnB,OAAO,OAAO,EACd,SAAS,OAAO,KACd,OAAO,CAAC,OAAO,CAAgC,CAAC"}

package/dist/rest-api/resources/trace/handler.js

@@ -0,0 +1,36 @@
+import { Router } from "@aws-lambda-powertools/event-handler/http";
+import { Logger } from "@aws-lambda-powertools/logger";
+import { AuditService } from "@flipboxlabs/aws-audit-sdk";
+import { auditConfig } from "../../../audit-config.js";
+import { API_RESOURCE } from "./constants.js";
+import { PathSchema, QuerySchema, ResponseSchema } from "./schema.js";
+const logger = new Logger({
+    logRecordOrder: ["level", "message"],
+});
+const app = new Router();
+const audits = new AuditService(logger, auditConfig);
+app.get(`/${API_RESOURCE.RESOURCE}/:${API_RESOURCE.RESOURCE}`, async (reqCtx) => {
+    const { [API_RESOURCE.RESOURCE]: traceId } = reqCtx.valid.req.path;
+    const query = reqCtx.valid.req.query;
+    const pagination = query["pagination[pageSize]"] || query["pagination[nextToken]"]
+        ? {
+            pageSize: query["pagination[pageSize]"],
+            nextToken: query["pagination[nextToken]"],
+        }
+        : undefined;
+    return audits.listTraceItems({
+        trace: traceId,
+        app: query["filter[app]"],
+    }, pagination);
+}, {
+    validation: {
+        req: {
+            path: PathSchema,
+            query: QuerySchema,
+        },
+        res: {
+            body: ResponseSchema,
+        },
+    },
+});
+export const handler = async (event, context) => app.resolve(event, context);

package/dist/rest-api/resources/trace/schema.d.ts

@@ -0,0 +1,65 @@
+import { z } from "zod";
+export declare const PathSchema: z.ZodObject<{
+    [x: string]: z.ZodString;
+}, z.core.$strip>;
+export declare const QuerySchema: z.ZodObject<{
+    "pagination[pageSize]": z.ZodOptional<z.ZodCoercedNumber<unknown>>;
+    "pagination[nextToken]": z.ZodOptional<z.ZodString>;
+    "filter[app]": z.ZodOptional<z.ZodEnum<{
+        [x: string]: string;
+    }>>;
+}, z.core.$strip>;
+export declare const ResponseSchema: z.ZodObject<{
+    items: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        tenantId: z.ZodOptional<z.ZodString>;
+        status: z.ZodEnum<{
+            success: "success";
+            warn: "warn";
+            fail: "fail";
+            skip: "skip";
+        }>;
+        tier: z.ZodDefault<z.ZodNumber>;
+        target: z.ZodObject<{
+            app: z.ZodString;
+            id: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
+            type: z.ZodString;
+        }, z.core.$strip>;
+        source: z.ZodOptional<z.ZodObject<{
+            app: z.ZodString;
+            id: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>;
+            type: z.ZodString;
+        }, z.core.$strip>>;
+        context: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<string | number | boolean | {
+            [key: string]: string | number | boolean | /*elided*/ any;
+        }, unknown, z.core.$ZodTypeInternals<string | number | boolean | {
+            [key: string]: string | number | boolean | /*elided*/ any;
+        }, unknown>>>>;
+        operation: z.ZodString;
+        message: z.ZodOptional<z.ZodString>;
+        rerunable: z.ZodOptional<z.ZodBoolean>;
+        trace: z.ZodOptional<z.ZodString>;
+        event: z.ZodOptional<z.ZodObject<{
+            source: z.ZodOptional<z.ZodString>;
+            "detail-type": z.ZodOptional<z.ZodString>;
+            detail: z.ZodPipe<z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodRecord<z.ZodString, z.ZodAny>]>>, z.ZodTransform<string | undefined, string | Record<string, any> | undefined>>;
+        }, z.core.$strip>>;
+        error: z.ZodOptional<z.ZodUnion<readonly [z.ZodPipe<z.ZodString, z.ZodTransform<any, string>>, z.ZodPipe<z.ZodCustom<Error, Error>, z.ZodTransform<any, Error>>, z.ZodRecord<z.ZodAny, z.ZodAny>]>>;
+        attempts: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            number: z.ZodNumber;
+            status: z.ZodEnum<{
+                success: "success";
+                warn: "warn";
+                fail: "fail";
+                skip: "skip";
+            }>;
+            error: z.ZodOptional<z.ZodUnion<readonly [z.ZodPipe<z.ZodString, z.ZodTransform<any, string>>, z.ZodPipe<z.ZodCustom<Error, Error>, z.ZodTransform<any, Error>>, z.ZodRecord<z.ZodAny, z.ZodAny>]>>;
+            at: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodISODateTime, z.ZodCustom<Date, Date>]>, z.ZodTransform<string, string | Date>>>;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>>;
+    pagination: z.ZodOptional<z.ZodObject<{
+        pageSize: z.ZodOptional<z.ZodNullable<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>>>;
+        nextToken: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+//# sourceMappingURL=schema.d.ts.map

package/dist/rest-api/resources/trace/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../src/rest-api/resources/trace/schema.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,eAAO,MAAM,UAAU;;iBAErB,CAAC;AAGH,eAAO,MAAM,WAAW;;;;;;iBAItB,CAAC;AAEH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAAiD,CAAC"}

package/dist/rest-api/resources/trace/schema.js

@@ -0,0 +1,14 @@
+import { AuditPayloadSchema, PaginationCollectionSchema, } from "@flipboxlabs/aws-audit-sdk";
+import { z } from "zod";
+import { auditConfig } from "../../../audit-config.js";
+import { API_RESOURCE } from "./constants.js";
+export const PathSchema = z.object({
+    [API_RESOURCE.RESOURCE]: z.string(),
+});
+// Query params use flat keys matching API Gateway's bracket notation
+export const QuerySchema = z.object({
+    "pagination[pageSize]": z.coerce.number().optional(),
+    "pagination[nextToken]": z.string().optional(),
+    "filter[app]": auditConfig.schemas.app.optional(),
+});
+export const ResponseSchema = PaginationCollectionSchema(AuditPayloadSchema);

package/dist/rest-api/utils.d.ts

@@ -0,0 +1,7 @@
+import type { APIGatewayProxyEventQueryStringParameters } from "aws-lambda";
+interface KeyValue {
+    [key: string]: unknown | undefined | string | string[] | KeyValue | KeyValue[];
+}
+export declare function extractNestedQueryStringParameters(params: APIGatewayProxyEventQueryStringParameters | null): KeyValue | null;
+export {};
+//# sourceMappingURL=utils.d.ts.map

package/dist/rest-api/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/rest-api/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,yCAAyC,EAAE,MAAM,YAAY,CAAC;AAG5E,UAAU,QAAQ;IACjB,CAAC,GAAG,EAAE,MAAM,GACT,OAAO,GACP,SAAS,GACT,MAAM,GACN,MAAM,EAAE,GACR,QAAQ,GACR,QAAQ,EAAE,CAAC;CACd;AAED,wBAAgB,kCAAkC,CACjD,MAAM,EAAE,yCAAyC,GAAG,IAAI,GACtD,QAAQ,GAAG,IAAI,CAMjB"}

package/dist/rest-api/utils.js

@@ -0,0 +1,7 @@
+import { parse } from "qs";
+export function extractNestedQueryStringParameters(params) {
+    if (!params) {
+        return null;
+    }
+    return parse(params);
+}

package/dist/test-config.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Test configuration for CDK tests.
+ * Provides sample apps and resource types for testing.
+ */
+export declare const testConfig: {
+    service: string | undefined;
+} & {
+    readonly apps: readonly ["App1", "TestApp"];
+    readonly resourceTypes: readonly ["Unknown", "User", "Order"];
+} & {
+    schemas: {
+        app: import("zod").ZodEnum<{
+            [x: string]: string;
+        }>;
+        resourceType: import("zod").ZodEnum<{
+            [x: string]: string;
+        }>;
+        resourceReference: import("zod").ZodObject<{
+            app: import("zod").ZodEnum<{
+                [x: string]: string;
+            }>;
+            type: import("zod").ZodEnum<{
+                [x: string]: string;
+            }>;
+            id: import("zod").ZodOptional<import("zod").ZodUnion<readonly [import("zod").ZodString, import("zod").ZodNumber]>>;
+        }, import("zod/v4/core").$strip>;
+    };
+    _types: {
+        App: "App1" | "TestApp";
+        ResourceType: "Unknown" | "User" | "Order";
+    };
+};
+/**
+ * Type alias for the App union type from the test config.
+ */
+export type App = (typeof testConfig)["_types"]["App"];
+/**
+ * Type alias for the ResourceType union type from the test config.
+ */
+export type ResourceType = (typeof testConfig)["_types"]["ResourceType"];
+/**
+ * Enum-like object for App values in tests.
+ */
+export declare const App: {
+    readonly App1: "App1";
+    readonly TestApp: "TestApp";
+};
+/**
+ * Enum-like object for ResourceType values in tests.
+ */
+export declare const ResourceType: {
+    readonly UNKNOWN: "Unknown";
+    readonly USER: "User";
+    readonly ORDER: "Order";
+};
+//# sourceMappingURL=test-config.d.ts.map

package/dist/test-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-config.d.ts","sourceRoot":"","sources":["../src/test-config.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;CAGrB,CAAC;AAEH;;GAEG;AACH,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC;AAEvD;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC,cAAc,CAAC,CAAC;AAEzE;;GAEG;AACH,eAAO,MAAM,GAAG;;;CAGN,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,YAAY;;;;CAIf,CAAC"}

package/dist/test-config.js

@@ -0,0 +1,24 @@
+import { defineAuditConfig } from "@flipboxlabs/aws-audit-sdk";
+/**
+ * Test configuration for CDK tests.
+ * Provides sample apps and resource types for testing.
+ */
+export const testConfig = defineAuditConfig({
+    apps: ["App1", "TestApp"],
+    resourceTypes: ["Unknown", "User", "Order"],
+});
+/**
+ * Enum-like object for App values in tests.
+ */
+export const App = {
+    App1: "App1",
+    TestApp: "TestApp",
+};
+/**
+ * Enum-like object for ResourceType values in tests.
+ */
+export const ResourceType = {
+    UNKNOWN: "Unknown",
+    USER: "User",
+    ORDER: "Order",
+};

package/package.json

@@ -0,0 +1,102 @@
+{
+  "name": "@flipboxlabs/aws-audit-cdk",
+  "version": "1.1.0",
+  "description": "AWS Audit CDK - CDK constructs for AWS audit infrastructure",
+  "type": "module",
+  "main": "./dist/index.js",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./lib": {
+      "types": "./dist/lib/index.d.ts",
+      "import": "./dist/lib/index.js"
+    },
+    "./cloudwatch": {
+      "types": "./dist/cloudwatch/construct.d.ts",
+      "import": "./dist/cloudwatch/construct.js"
+    },
+    "./dynamodb": {
+      "types": "./dist/dynamodb/construct.d.ts",
+      "import": "./dist/dynamodb/construct.js"
+    },
+    "./eventbridge": {
+      "types": "./dist/eventbridge/construct.d.ts",
+      "import": "./dist/eventbridge/construct.js"
+    },
+    "./rest-api": {
+      "types": "./dist/rest-api/index.d.ts",
+      "import": "./dist/rest-api/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "dependencies": {
+    "@aws-lambda-powertools/event-handler": "^2.32.0",
+    "@aws-lambda-powertools/jmespath": "^2.32.0",
+    "@aws-lambda-powertools/logger": "^2.32.0",
+    "@aws-sdk/client-eventbridge": "^3.750.0",
+    "@middy/core": "^6.4.5",
+    "qs": "^6.14.0",
+    "zod": "^4.0.0",
+    "@flipboxlabs/aws-audit-sdk": "^1.0.0"
+  },
+  "devDependencies": {
+    "@tsconfig/node22": "^22.0.1",
+    "@types/aws-lambda": "^8.10.156",
+    "@types/node": "^22.15.0",
+    "@types/qs": "^6.9.18",
+    "@vitest/coverage-v8": "^2.1.1",
+    "aws-cdk-lib": "2.135.0",
+    "constructs": "^10.3.0",
+    "esbuild": "^0.23.1",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.3",
+    "vitest": "^2.1.1"
+  },
+  "engines": {
+    "node": ">=24"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/flipboxlabs/aws-audit.git",
+    "directory": "cdk"
+  },
+  "bugs": {
+    "url": "https://github.com/flipboxlabs/aws-audit/issues"
+  },
+  "homepage": "https://github.com/flipboxlabs/aws-audit#readme",
+  "license": "MIT",
+  "keywords": [
+    "aws",
+    "audit",
+    "cdk",
+    "infrastructure",
+    "cloudwatch",
+    "dynamodb",
+    "eventbridge",
+    "serverless"
+  ],
+  "peerDependencies": {
+    "aws-cdk-lib": "^2.135.0",
+    "constructs": "^10.3.0"
+  },
+  "scripts": {
+    "build": "tsc -p ./tsconfig.build.json",
+    "check-types": "tsc --noEmit -p ./tsconfig.json",
+    "lint": "npx biome lint",
+    "lint:fix": "npx biome lint --fix",
+    "format": "npx biome format",
+    "format:fix": "npx biome format --fix",
+    "pre-commit": "pnpm run check-types && pnpm run format && pnpm run lint",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "cdk:synth": "cdk synth --app 'npx tsx bin/app.ts'",
+    "cdk:deploy": "cdk deploy --app 'npx tsx bin/app.ts' --require-approval never"
+  },
+  "types": "./dist/index.d.ts"
+}