@friggframework/devtools 2.0.0--canary.428.edce2a7.0 → 2.0.0--canary.428.a3d2e56.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1155,12 +1155,15 @@ const composeServerlessDefinition = async (AppDefinition) => {
|
|
|
1155
1155
|
};
|
|
1156
1156
|
|
|
1157
1157
|
// Associate Lambda subnets with NAT Gateway route table
|
|
1158
|
+
// Note: This will only work if the subnets aren't already associated with another route table
|
|
1159
|
+
// If deployment fails, manually associate the subnets with the correct route table in AWS Console
|
|
1158
1160
|
definition.resources.Resources.FriggSubnet1RouteAssociation = {
|
|
1159
1161
|
Type: 'AWS::EC2::SubnetRouteTableAssociation',
|
|
1160
1162
|
Properties: {
|
|
1161
1163
|
SubnetId: vpcConfig.subnetIds[0],
|
|
1162
1164
|
RouteTableId: { Ref: 'FriggLambdaRouteTable' },
|
|
1163
1165
|
},
|
|
1166
|
+
DependsOn: 'FriggLambdaRouteTable',
|
|
1164
1167
|
};
|
|
1165
1168
|
|
|
1166
1169
|
definition.resources.Resources.FriggSubnet2RouteAssociation = {
|
|
@@ -1169,6 +1172,7 @@ const composeServerlessDefinition = async (AppDefinition) => {
|
|
|
1169
1172
|
SubnetId: vpcConfig.subnetIds[1],
|
|
1170
1173
|
RouteTableId: { Ref: 'FriggLambdaRouteTable' },
|
|
1171
1174
|
},
|
|
1175
|
+
DependsOn: 'FriggLambdaRouteTable',
|
|
1172
1176
|
};
|
|
1173
1177
|
|
|
1174
1178
|
// Add VPC endpoints for AWS service optimization (optional but recommended)
|
|
@@ -1194,6 +1198,65 @@ const composeServerlessDefinition = async (AppDefinition) => {
|
|
|
1194
1198
|
RouteTableIds: [{ Ref: 'FriggLambdaRouteTable' }],
|
|
1195
1199
|
},
|
|
1196
1200
|
};
|
|
1201
|
+
|
|
1202
|
+
// Add KMS VPC endpoint if using KMS encryption
|
|
1203
|
+
if (AppDefinition.encryption?.fieldLevelEncryptionMethod === 'kms') {
|
|
1204
|
+
// Create security group for VPC endpoints if it doesn't exist
|
|
1205
|
+
if (!definition.resources.Resources.VPCEndpointSecurityGroup) {
|
|
1206
|
+
definition.resources.Resources.VPCEndpointSecurityGroup = {
|
|
1207
|
+
Type: 'AWS::EC2::SecurityGroup',
|
|
1208
|
+
Properties: {
|
|
1209
|
+
GroupDescription: 'Security group for VPC endpoints',
|
|
1210
|
+
VpcId: discoveredResources.defaultVpcId,
|
|
1211
|
+
SecurityGroupIngress: [
|
|
1212
|
+
{
|
|
1213
|
+
IpProtocol: 'tcp',
|
|
1214
|
+
FromPort: 443,
|
|
1215
|
+
ToPort: 443,
|
|
1216
|
+
CidrIp: '172.31.0.0/16', // VPC CIDR
|
|
1217
|
+
},
|
|
1218
|
+
],
|
|
1219
|
+
Tags: [
|
|
1220
|
+
{
|
|
1221
|
+
Key: 'Name',
|
|
1222
|
+
Value: '${self:service}-${self:provider.stage}-vpc-endpoints-sg',
|
|
1223
|
+
},
|
|
1224
|
+
],
|
|
1225
|
+
},
|
|
1226
|
+
};
|
|
1227
|
+
}
|
|
1228
|
+
|
|
1229
|
+
definition.resources.Resources.VPCEndpointKMS = {
|
|
1230
|
+
Type: 'AWS::EC2::VPCEndpoint',
|
|
1231
|
+
Properties: {
|
|
1232
|
+
VpcId: discoveredResources.defaultVpcId,
|
|
1233
|
+
ServiceName: 'com.amazonaws.${self:provider.region}.kms',
|
|
1234
|
+
VpcEndpointType: 'Interface',
|
|
1235
|
+
SubnetIds: vpcConfig.subnetIds,
|
|
1236
|
+
SecurityGroupIds: [
|
|
1237
|
+
{ Ref: 'VPCEndpointSecurityGroup' },
|
|
1238
|
+
],
|
|
1239
|
+
PrivateDnsEnabled: true,
|
|
1240
|
+
},
|
|
1241
|
+
};
|
|
1242
|
+
|
|
1243
|
+
// Also add Secrets Manager endpoint if using Secrets Manager
|
|
1244
|
+
if (AppDefinition.secretsManager?.enable === true) {
|
|
1245
|
+
definition.resources.Resources.VPCEndpointSecretsManager = {
|
|
1246
|
+
Type: 'AWS::EC2::VPCEndpoint',
|
|
1247
|
+
Properties: {
|
|
1248
|
+
VpcId: discoveredResources.defaultVpcId,
|
|
1249
|
+
ServiceName: 'com.amazonaws.${self:provider.region}.secretsmanager',
|
|
1250
|
+
VpcEndpointType: 'Interface',
|
|
1251
|
+
SubnetIds: vpcConfig.subnetIds,
|
|
1252
|
+
SecurityGroupIds: [
|
|
1253
|
+
{ Ref: 'VPCEndpointSecurityGroup' },
|
|
1254
|
+
],
|
|
1255
|
+
PrivateDnsEnabled: true,
|
|
1256
|
+
},
|
|
1257
|
+
};
|
|
1258
|
+
}
|
|
1259
|
+
}
|
|
1197
1260
|
}
|
|
1198
1261
|
}
|
|
1199
1262
|
}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@friggframework/devtools",
|
|
3
3
|
"prettier": "@friggframework/prettier-config",
|
|
4
|
-
"version": "2.0.0--canary.428.
|
|
4
|
+
"version": "2.0.0--canary.428.a3d2e56.0",
|
|
5
5
|
"dependencies": {
|
|
6
6
|
"@aws-sdk/client-ec2": "^3.835.0",
|
|
7
7
|
"@aws-sdk/client-kms": "^3.835.0",
|
|
@@ -9,8 +9,8 @@
|
|
|
9
9
|
"@babel/eslint-parser": "^7.18.9",
|
|
10
10
|
"@babel/parser": "^7.25.3",
|
|
11
11
|
"@babel/traverse": "^7.25.3",
|
|
12
|
-
"@friggframework/schemas": "2.0.0--canary.428.
|
|
13
|
-
"@friggframework/test": "2.0.0--canary.428.
|
|
12
|
+
"@friggframework/schemas": "2.0.0--canary.428.a3d2e56.0",
|
|
13
|
+
"@friggframework/test": "2.0.0--canary.428.a3d2e56.0",
|
|
14
14
|
"@hapi/boom": "^10.0.1",
|
|
15
15
|
"@inquirer/prompts": "^5.3.8",
|
|
16
16
|
"axios": "^1.7.2",
|
|
@@ -32,8 +32,8 @@
|
|
|
32
32
|
"serverless-http": "^2.7.0"
|
|
33
33
|
},
|
|
34
34
|
"devDependencies": {
|
|
35
|
-
"@friggframework/eslint-config": "2.0.0--canary.428.
|
|
36
|
-
"@friggframework/prettier-config": "2.0.0--canary.428.
|
|
35
|
+
"@friggframework/eslint-config": "2.0.0--canary.428.a3d2e56.0",
|
|
36
|
+
"@friggframework/prettier-config": "2.0.0--canary.428.a3d2e56.0",
|
|
37
37
|
"jest": "^30.1.3",
|
|
38
38
|
"prettier": "^2.7.1",
|
|
39
39
|
"serverless": "3.39.0",
|
|
@@ -66,5 +66,5 @@
|
|
|
66
66
|
"publishConfig": {
|
|
67
67
|
"access": "public"
|
|
68
68
|
},
|
|
69
|
-
"gitHead": "
|
|
69
|
+
"gitHead": "a3d2e56038d2324c64df71c6ed49ff8e3d57873e"
|
|
70
70
|
}
|