@friggframework/devtools 2.0.0--canary.398.a314355.0 → 2.0.0--canary.397.4957a89.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. package/frigg-cli/build-command/index.js +2 -4
  2. package/frigg-cli/deploy-command/index.js +2 -5
  3. package/frigg-cli/index.js +1 -11
  4. package/infrastructure/create-frigg-infrastructure.js +2 -10
  5. package/infrastructure/serverless-template.js +27 -599
  6. package/package.json +5 -9
  7. package/test/index.js +2 -4
  8. package/test/mock-integration.js +4 -14
  9. package/frigg-cli/generate-iam-command.js +0 -115
  10. package/infrastructure/AWS-DISCOVERY-TROUBLESHOOTING.md +0 -245
  11. package/infrastructure/AWS-IAM-CREDENTIAL-NEEDS.md +0 -561
  12. package/infrastructure/DEPLOYMENT-INSTRUCTIONS.md +0 -268
  13. package/infrastructure/GENERATE-IAM-DOCS.md +0 -253
  14. package/infrastructure/IAM-POLICY-TEMPLATES.md +0 -172
  15. package/infrastructure/README-TESTING.md +0 -332
  16. package/infrastructure/WEBSOCKET-CONFIGURATION.md +0 -105
  17. package/infrastructure/__tests__/fixtures/mock-aws-resources.js +0 -391
  18. package/infrastructure/__tests__/helpers/test-utils.js +0 -277
  19. package/infrastructure/aws-discovery.js +0 -460
  20. package/infrastructure/aws-discovery.test.js +0 -373
  21. package/infrastructure/build-time-discovery.js +0 -206
  22. package/infrastructure/build-time-discovery.test.js +0 -375
  23. package/infrastructure/frigg-deployment-iam-stack.yaml +0 -365
  24. package/infrastructure/iam-generator.js +0 -696
  25. package/infrastructure/iam-generator.test.js +0 -169
  26. package/infrastructure/iam-policy-basic.json +0 -196
  27. package/infrastructure/iam-policy-full.json +0 -266
  28. package/infrastructure/integration.test.js +0 -383
  29. package/infrastructure/run-discovery.js +0 -110
  30. package/infrastructure/serverless-template.test.js +0 -498
  31. package/test/auther-definition-tester.js +0 -125
package/infrastructure/frigg-deployment-iam-stack.yaml DELETED
@@ -1,365 +0,0 @@
1
- AWSTemplateFormatVersion: '2010-09-09'
2
- Description: 'IAM roles and policies for Frigg application deployment pipeline'
3
-
4
- Parameters:
5
- DeploymentUserName:
6
- Type: String
7
- Default: 'frigg-deployment-user'
8
- Description: 'Name for the IAM user that will deploy Frigg applications'
9
-
10
- EnableVPCSupport:
11
- Type: String
12
- Default: 'true'
13
- AllowedValues: ['true', 'false']
14
- Description: 'Enable VPC-related permissions for Frigg applications'
15
-
16
- EnableKMSSupport:
17
- Type: String
18
- Default: 'true'
19
- AllowedValues: ['true', 'false']
20
- Description: 'Enable KMS encryption permissions for Frigg applications'
21
-
22
- EnableSSMSupport:
23
- Type: String
24
- Default: 'true'
25
- AllowedValues: ['true', 'false']
26
- Description: 'Enable SSM Parameter Store permissions for Frigg applications'
27
-
28
- Conditions:
29
- CreateVPCPermissions: !Equals [!Ref EnableVPCSupport, 'true']
30
- CreateKMSPermissions: !Equals [!Ref EnableKMSSupport, 'true']
31
- CreateSSMPermissions: !Equals [!Ref EnableSSMSupport, 'true']
32
-
33
- Resources:
34
- # IAM User for deployment
35
- FriggDeploymentUser:
36
- Type: AWS::IAM::User
37
- Properties:
38
- UserName: !Ref DeploymentUserName
39
- ManagedPolicyArns:
40
- - !Ref FriggDiscoveryPolicy
41
- - !Ref FriggCoreDeploymentPolicy
42
- - !If [CreateVPCPermissions, !Ref FriggVPCPolicy, !Ref 'AWS::NoValue']
43
- - !If [CreateKMSPermissions, !Ref FriggKMSPolicy, !Ref 'AWS::NoValue']
44
- - !If [CreateSSMPermissions, !Ref FriggSSMPolicy, !Ref 'AWS::NoValue']
45
-
46
- # Access key for the deployment user
47
- FriggDeploymentAccessKey:
48
- Type: AWS::IAM::AccessKey
49
- Properties:
50
- UserName: !Ref FriggDeploymentUser
51
-
52
- # Discovery-time permissions (required for build process)
53
- FriggDiscoveryPolicy:
54
- Type: AWS::IAM::ManagedPolicy
55
- Properties:
56
- ManagedPolicyName: 'FriggDiscoveryPolicy'
57
- Description: 'Permissions for AWS resource discovery during Frigg build process'
58
- PolicyDocument:
59
- Version: '2012-10-17'
60
- Statement:
61
- - Sid: 'AWSDiscoveryPermissions'
62
- Effect: Allow
63
- Action:
64
- - 'sts:GetCallerIdentity'
65
- - 'ec2:DescribeVpcs'
66
- - 'ec2:DescribeSubnets'
67
- - 'ec2:DescribeSecurityGroups'
68
- - 'ec2:DescribeRouteTables'
69
- - 'kms:ListKeys'
70
- - 'kms:DescribeKey'
71
- Resource: '*'
72
-
73
- # Core deployment permissions
74
- FriggCoreDeploymentPolicy:
75
- Type: AWS::IAM::ManagedPolicy
76
- Properties:
77
- ManagedPolicyName: 'FriggCoreDeploymentPolicy'
78
- Description: 'Core permissions for deploying Frigg applications'
79
- PolicyDocument:
80
- Version: '2012-10-17'
81
- Statement:
82
- # CloudFormation permissions
83
- - Sid: 'CloudFormationFriggStacks'
84
- Effect: Allow
85
- Action:
86
- - 'cloudformation:CreateStack'
87
- - 'cloudformation:UpdateStack'
88
- - 'cloudformation:DeleteStack'
89
- - 'cloudformation:DescribeStacks'
90
- - 'cloudformation:DescribeStackEvents'
91
- - 'cloudformation:DescribeStackResources'
92
- - 'cloudformation:DescribeStackResource'
93
- - 'cloudformation:ListStackResources'
94
- - 'cloudformation:GetTemplate'
95
- - 'cloudformation:DescribeChangeSet'
96
- - 'cloudformation:CreateChangeSet'
97
- - 'cloudformation:DeleteChangeSet'
98
- - 'cloudformation:ExecuteChangeSet'
99
- Resource:
100
- - !Sub 'arn:aws:cloudformation:*:${AWS::AccountId}:stack/*frigg*/*'
101
-
102
- # ValidateTemplate needs to be allowed on all resources
103
- - Sid: 'CloudFormationValidateTemplate'
104
- Effect: Allow
105
- Action:
106
- - 'cloudformation:ValidateTemplate'
107
- Resource: '*'
108
-
109
- # S3 deployment bucket permissions
110
- - Sid: 'S3DeploymentBucket'
111
- Effect: Allow
112
- Action:
113
- - 's3:CreateBucket'
114
- - 's3:PutObject'
115
- - 's3:GetObject'
116
- - 's3:DeleteObject'
117
- - 's3:PutBucketPolicy'
118
- - 's3:PutBucketVersioning'
119
- - 's3:PutBucketPublicAccessBlock'
120
- - 's3:GetBucketLocation'
121
- - 's3:ListBucket'
122
- Resource:
123
- - 'arn:aws:s3:::*serverless*'
124
- - 'arn:aws:s3:::*serverless*/*'
125
-
126
- # Lambda function permissions
127
- - Sid: 'LambdaFriggFunctions'
128
- Effect: Allow
129
- Action:
130
- - 'lambda:CreateFunction'
131
- - 'lambda:UpdateFunctionCode'
132
- - 'lambda:UpdateFunctionConfiguration'
133
- - 'lambda:DeleteFunction'
134
- - 'lambda:GetFunction'
135
- - 'lambda:ListFunctions'
136
- - 'lambda:PublishVersion'
137
- - 'lambda:CreateAlias'
138
- - 'lambda:UpdateAlias'
139
- - 'lambda:DeleteAlias'
140
- - 'lambda:GetAlias'
141
- - 'lambda:AddPermission'
142
- - 'lambda:RemovePermission'
143
- - 'lambda:GetPolicy'
144
- - 'lambda:PutProvisionedConcurrencyConfig'
145
- - 'lambda:DeleteProvisionedConcurrencyConfig'
146
- - 'lambda:PutConcurrency'
147
- - 'lambda:DeleteConcurrency'
148
- - 'lambda:TagResource'
149
- - 'lambda:UntagResource'
150
- - 'lambda:ListVersionsByFunction'
151
- Resource:
152
- - !Sub 'arn:aws:lambda:*:${AWS::AccountId}:function:*frigg*'
153
-
154
- # IAM role permissions
155
- - Sid: 'IAMRolesForFriggLambda'
156
- Effect: Allow
157
- Action:
158
- - 'iam:CreateRole'
159
- - 'iam:DeleteRole'
160
- - 'iam:GetRole'
161
- - 'iam:PassRole'
162
- - 'iam:PutRolePolicy'
163
- - 'iam:DeleteRolePolicy'
164
- - 'iam:GetRolePolicy'
165
- - 'iam:AttachRolePolicy'
166
- - 'iam:DetachRolePolicy'
167
- - 'iam:TagRole'
168
- - 'iam:UntagRole'
169
- Resource:
170
- - !Sub 'arn:aws:iam::${AWS::AccountId}:role/*frigg*'
171
- - !Sub 'arn:aws:iam::${AWS::AccountId}:role/*frigg*LambdaRole*'
172
-
173
- # IAM policy permissions
174
- - Sid: 'IAMPolicyVersionPermissions'
175
- Effect: Allow
176
- Action:
177
- - 'iam:ListPolicyVersions'
178
- Resource:
179
- - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/*'
180
-
181
- # SQS permissions
182
- - Sid: 'FriggMessagingServices'
183
- Effect: Allow
184
- Action:
185
- - 'sqs:CreateQueue'
186
- - 'sqs:DeleteQueue'
187
- - 'sqs:GetQueueAttributes'
188
- - 'sqs:SetQueueAttributes'
189
- - 'sqs:GetQueueUrl'
190
- - 'sqs:TagQueue'
191
- - 'sqs:UntagQueue'
192
- Resource:
193
- - !Sub 'arn:aws:sqs:*:${AWS::AccountId}:*frigg*'
194
- - !Sub 'arn:aws:sqs:*:${AWS::AccountId}:internal-error-queue-*'
195
-
196
- # SNS permissions
197
- - Sid: 'FriggSNSTopics'
198
- Effect: Allow
199
- Action:
200
- - 'sns:CreateTopic'
201
- - 'sns:DeleteTopic'
202
- - 'sns:GetTopicAttributes'
203
- - 'sns:SetTopicAttributes'
204
- - 'sns:Subscribe'
205
- - 'sns:Unsubscribe'
206
- - 'sns:ListSubscriptionsByTopic'
207
- - 'sns:TagResource'
208
- - 'sns:UntagResource'
209
- Resource:
210
- - !Sub 'arn:aws:sns:*:${AWS::AccountId}:*frigg*'
211
-
212
- # CloudWatch and Logs permissions
213
- - Sid: 'FriggMonitoringAndLogs'
214
- Effect: Allow
215
- Action:
216
- - 'cloudwatch:PutMetricAlarm'
217
- - 'cloudwatch:DeleteAlarms'
218
- - 'cloudwatch:DescribeAlarms'
219
- - 'logs:CreateLogGroup'
220
- - 'logs:CreateLogStream'
221
- - 'logs:DeleteLogGroup'
222
- - 'logs:DescribeLogGroups'
223
- - 'logs:DescribeLogStreams'
224
- - 'logs:FilterLogEvents'
225
- - 'logs:PutLogEvents'
226
- - 'logs:PutRetentionPolicy'
227
- Resource:
228
- - !Sub 'arn:aws:logs:*:${AWS::AccountId}:log-group:/aws/lambda/*frigg*'
229
- - !Sub 'arn:aws:logs:*:${AWS::AccountId}:log-group:/aws/lambda/*frigg*:*'
230
- - !Sub 'arn:aws:cloudwatch:*:${AWS::AccountId}:alarm:*frigg*'
231
-
232
- # API Gateway permissions
233
- - Sid: 'FriggAPIGateway'
234
- Effect: Allow
235
- Action:
236
- - 'apigateway:POST'
237
- - 'apigateway:PUT'
238
- - 'apigateway:DELETE'
239
- - 'apigateway:GET'
240
- - 'apigateway:PATCH'
241
- Resource:
242
- - 'arn:aws:apigateway:*::/restapis'
243
- - 'arn:aws:apigateway:*::/restapis/*'
244
- - 'arn:aws:apigateway:*::/domainnames'
245
- - 'arn:aws:apigateway:*::/domainnames/*'
246
-
247
- # VPC-specific permissions
248
- FriggVPCPolicy:
249
- Type: AWS::IAM::ManagedPolicy
250
- Condition: CreateVPCPermissions
251
- Properties:
252
- ManagedPolicyName: 'FriggVPCPolicy'
253
- Description: 'VPC-related permissions for Frigg applications'
254
- PolicyDocument:
255
- Version: '2012-10-17'
256
- Statement:
257
- - Sid: 'FriggVPCEndpointManagement'
258
- Effect: Allow
259
- Action:
260
- - 'ec2:CreateVpcEndpoint'
261
- - 'ec2:DeleteVpcEndpoint'
262
- - 'ec2:DescribeVpcEndpoints'
263
- - 'ec2:ModifyVpcEndpoint'
264
- - 'ec2:CreateNatGateway'
265
- - 'ec2:DeleteNatGateway'
266
- - 'ec2:DescribeNatGateways'
267
- - 'ec2:AllocateAddress'
268
- - 'ec2:ReleaseAddress'
269
- - 'ec2:DescribeAddresses'
270
- - 'ec2:CreateRouteTable'
271
- - 'ec2:DeleteRouteTable'
272
- - 'ec2:DescribeRouteTables'
273
- - 'ec2:CreateRoute'
274
- - 'ec2:DeleteRoute'
275
- - 'ec2:AssociateRouteTable'
276
- - 'ec2:DisassociateRouteTable'
277
- - 'ec2:CreateSecurityGroup'
278
- - 'ec2:DeleteSecurityGroup'
279
- - 'ec2:AuthorizeSecurityGroupEgress'
280
- - 'ec2:AuthorizeSecurityGroupIngress'
281
- - 'ec2:RevokeSecurityGroupEgress'
282
- - 'ec2:RevokeSecurityGroupIngress'
283
- - 'ec2:CreateTags'
284
- - 'ec2:DeleteTags'
285
- - 'ec2:DescribeTags'
286
- Resource: '*'
287
-
288
- # KMS permissions
289
- FriggKMSPolicy:
290
- Type: AWS::IAM::ManagedPolicy
291
- Condition: CreateKMSPermissions
292
- Properties:
293
- ManagedPolicyName: 'FriggKMSPolicy'
294
- Description: 'KMS encryption permissions for Frigg applications'
295
- PolicyDocument:
296
- Version: '2012-10-17'
297
- Statement:
298
- - Sid: 'FriggKMSEncryptionRuntime'
299
- Effect: Allow
300
- Action:
301
- - 'kms:GenerateDataKey'
302
- - 'kms:Decrypt'
303
- Resource:
304
- - !Sub 'arn:aws:kms:*:${AWS::AccountId}:key/*'
305
- Condition:
306
- StringEquals:
307
- 'kms:ViaService':
308
- - 'lambda.*.amazonaws.com'
309
- - 's3.*.amazonaws.com'
310
-
311
- # SSM Parameter Store permissions
312
- FriggSSMPolicy:
313
- Type: AWS::IAM::ManagedPolicy
314
- Condition: CreateSSMPermissions
315
- Properties:
316
- ManagedPolicyName: 'FriggSSMPolicy'
317
- Description: 'SSM Parameter Store permissions for Frigg applications'
318
- PolicyDocument:
319
- Version: '2012-10-17'
320
- Statement:
321
- - Sid: 'FriggSSMParameterAccess'
322
- Effect: Allow
323
- Action:
324
- - 'ssm:GetParameter'
325
- - 'ssm:GetParameters'
326
- - 'ssm:GetParametersByPath'
327
- Resource:
328
- - !Sub 'arn:aws:ssm:*:${AWS::AccountId}:parameter/*frigg*'
329
- - !Sub 'arn:aws:ssm:*:${AWS::AccountId}:parameter/*frigg*/*'
330
-
331
- # Store access key in Secrets Manager
332
- FriggDeploymentCredentials:
333
- Type: AWS::SecretsManager::Secret
334
- Properties:
335
- Name: 'frigg-deployment-credentials'
336
- Description: 'Access credentials for Frigg deployment user'
337
- SecretString: !Sub |
338
- {
339
- "AccessKeyId": "${FriggDeploymentAccessKey}",
340
- "SecretAccessKey": "${FriggDeploymentAccessKey.SecretAccessKey}"
341
- }
342
-
343
- Outputs:
344
- DeploymentUserArn:
345
- Description: 'ARN of the Frigg deployment user'
346
- Value: !GetAtt FriggDeploymentUser.Arn
347
- Export:
348
- Name: !Sub '${AWS::StackName}-UserArn'
349
-
350
- AccessKeyId:
351
- Description: 'Access Key ID for the deployment user'
352
- Value: !Ref FriggDeploymentAccessKey
353
- Export:
354
- Name: !Sub '${AWS::StackName}-AccessKeyId'
355
-
356
- SecretAccessKeyCommand:
357
- Description: 'Command to retrieve the secret access key'
358
- Value: !Sub |
359
- aws secretsmanager get-secret-value --secret-id frigg-deployment-credentials --query SecretString --output text | jq -r .SecretAccessKey
360
-
361
- CredentialsSecretArn:
362
- Description: 'ARN of the secret containing deployment credentials'
363
- Value: !Ref FriggDeploymentCredentials
364
- Export:
365
- Name: !Sub '${AWS::StackName}-CredentialsSecretArn'