npm - @friggframework/devtools - Versions diffs - 2.0.0-next.4 → 2.0.0-next.41 - Mend

@friggframework/devtools 2.0.0-next.4 → 2.0.0-next.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (198) hide show

package/frigg-cli/.eslintrc.js +141 -0
package/frigg-cli/__tests__/jest.config.js +102 -0
package/frigg-cli/__tests__/unit/commands/build.test.js +483 -0
package/frigg-cli/__tests__/unit/commands/install.test.js +418 -0
package/frigg-cli/__tests__/unit/commands/ui.test.js +592 -0
package/frigg-cli/__tests__/utils/command-tester.js +170 -0
package/frigg-cli/__tests__/utils/mock-factory.js +270 -0
package/frigg-cli/__tests__/utils/test-fixtures.js +463 -0
package/frigg-cli/__tests__/utils/test-setup.js +286 -0
package/frigg-cli/build-command/index.js +54 -0
package/frigg-cli/deploy-command/index.js +175 -0
package/frigg-cli/generate-command/__tests__/generate-command.test.js +312 -0
package/frigg-cli/generate-command/azure-generator.js +43 -0
package/frigg-cli/generate-command/gcp-generator.js +47 -0
package/frigg-cli/generate-command/index.js +332 -0
package/frigg-cli/generate-command/terraform-generator.js +555 -0
package/frigg-cli/generate-iam-command.js +115 -0
package/frigg-cli/index.js +47 -1
package/frigg-cli/index.test.js +1 -4
package/frigg-cli/init-command/backend-first-handler.js +756 -0
package/frigg-cli/init-command/index.js +93 -0
package/frigg-cli/init-command/template-handler.js +143 -0
package/frigg-cli/install-command/index.js +1 -4
package/frigg-cli/package.json +51 -0
package/frigg-cli/start-command/index.js +30 -4
package/frigg-cli/start-command/start-command.test.js +155 -0
package/frigg-cli/test/init-command.test.js +180 -0
package/frigg-cli/test/npm-registry.test.js +319 -0
package/frigg-cli/ui-command/index.js +154 -0
package/frigg-cli/utils/app-resolver.js +319 -0
package/frigg-cli/utils/backend-path.js +16 -17
package/frigg-cli/utils/npm-registry.js +167 -0
package/frigg-cli/utils/process-manager.js +199 -0
package/frigg-cli/utils/repo-detection.js +405 -0
package/infrastructure/DEPLOYMENT-INSTRUCTIONS.md +268 -0
package/infrastructure/GENERATE-IAM-DOCS.md +278 -0
package/infrastructure/IAM-POLICY-TEMPLATES.md +176 -0
package/infrastructure/README.md +443 -0
package/infrastructure/WEBSOCKET-CONFIGURATION.md +105 -0
package/infrastructure/__tests__/fixtures/mock-aws-resources.js +391 -0
package/infrastructure/__tests__/helpers/test-utils.js +277 -0
package/infrastructure/aws-discovery.js +1176 -0
package/infrastructure/aws-discovery.test.js +1220 -0
package/infrastructure/build-time-discovery.js +206 -0
package/infrastructure/build-time-discovery.test.js +378 -0
package/infrastructure/create-frigg-infrastructure.js +3 -5
package/infrastructure/env-validator.js +77 -0
package/infrastructure/frigg-deployment-iam-stack.yaml +401 -0
package/infrastructure/iam-generator.js +836 -0
package/infrastructure/iam-generator.test.js +172 -0
package/infrastructure/iam-policy-basic.json +218 -0
package/infrastructure/iam-policy-full.json +288 -0
package/infrastructure/integration.test.js +383 -0
package/infrastructure/run-discovery.js +110 -0
package/infrastructure/serverless-template.js +1493 -138
package/infrastructure/serverless-template.test.js +1804 -0
package/management-ui/.eslintrc.js +22 -0
package/management-ui/README.md +203 -0
package/management-ui/components.json +21 -0
package/management-ui/docs/phase2-integration-guide.md +320 -0
package/management-ui/index.html +13 -0
package/management-ui/package-lock.json +16517 -0
package/management-ui/package.json +76 -0
package/management-ui/packages/devtools/frigg-cli/ui-command/index.js +302 -0
package/management-ui/postcss.config.js +6 -0
package/management-ui/server/api/backend.js +256 -0
package/management-ui/server/api/cli.js +315 -0
package/management-ui/server/api/codegen.js +663 -0
package/management-ui/server/api/connections.js +857 -0
package/management-ui/server/api/discovery.js +185 -0
package/management-ui/server/api/environment/index.js +1 -0
package/management-ui/server/api/environment/router.js +378 -0
package/management-ui/server/api/environment.js +328 -0
package/management-ui/server/api/integrations.js +876 -0
package/management-ui/server/api/logs.js +248 -0
package/management-ui/server/api/monitoring.js +282 -0
package/management-ui/server/api/open-ide.js +31 -0
package/management-ui/server/api/project.js +1029 -0
package/management-ui/server/api/users/sessions.js +371 -0
package/management-ui/server/api/users/simulation.js +254 -0
package/management-ui/server/api/users.js +362 -0
package/management-ui/server/api-contract.md +275 -0
package/management-ui/server/index.js +873 -0
package/management-ui/server/middleware/errorHandler.js +93 -0
package/management-ui/server/middleware/security.js +32 -0
package/management-ui/server/processManager.js +296 -0
package/management-ui/server/server.js +346 -0
package/management-ui/server/services/aws-monitor.js +413 -0
package/management-ui/server/services/npm-registry.js +347 -0
package/management-ui/server/services/template-engine.js +538 -0
package/management-ui/server/utils/cliIntegration.js +220 -0
package/management-ui/server/utils/environment/auditLogger.js +471 -0
package/management-ui/server/utils/environment/awsParameterStore.js +264 -0
package/management-ui/server/utils/environment/encryption.js +278 -0
package/management-ui/server/utils/environment/envFileManager.js +286 -0
package/management-ui/server/utils/import-commonjs.js +28 -0
package/management-ui/server/utils/response.js +83 -0
package/management-ui/server/websocket/handler.js +325 -0
package/management-ui/src/App.jsx +109 -0
package/management-ui/src/assets/FriggLogo.svg +1 -0
package/management-ui/src/components/AppRouter.jsx +65 -0
package/management-ui/src/components/Button.jsx +70 -0
package/management-ui/src/components/Card.jsx +97 -0
package/management-ui/src/components/EnvironmentCompare.jsx +400 -0
package/management-ui/src/components/EnvironmentEditor.jsx +372 -0
package/management-ui/src/components/EnvironmentImportExport.jsx +469 -0
package/management-ui/src/components/EnvironmentSchema.jsx +491 -0
package/management-ui/src/components/EnvironmentSecurity.jsx +463 -0
package/management-ui/src/components/ErrorBoundary.jsx +73 -0
package/management-ui/src/components/IntegrationCard.jsx +481 -0
package/management-ui/src/components/IntegrationCardEnhanced.jsx +770 -0
package/management-ui/src/components/IntegrationExplorer.jsx +379 -0
package/management-ui/src/components/IntegrationStatus.jsx +336 -0
package/management-ui/src/components/Layout.jsx +716 -0
package/management-ui/src/components/LoadingSpinner.jsx +113 -0
package/management-ui/src/components/RepositoryPicker.jsx +248 -0
package/management-ui/src/components/SessionMonitor.jsx +350 -0
package/management-ui/src/components/StatusBadge.jsx +208 -0
package/management-ui/src/components/UserContextSwitcher.jsx +212 -0
package/management-ui/src/components/UserSimulation.jsx +327 -0
package/management-ui/src/components/Welcome.jsx +434 -0
package/management-ui/src/components/codegen/APIEndpointGenerator.jsx +637 -0
package/management-ui/src/components/codegen/APIModuleSelector.jsx +227 -0
package/management-ui/src/components/codegen/CodeGenerationWizard.jsx +247 -0
package/management-ui/src/components/codegen/CodePreviewEditor.jsx +316 -0
package/management-ui/src/components/codegen/DynamicModuleForm.jsx +271 -0
package/management-ui/src/components/codegen/FormBuilder.jsx +737 -0
package/management-ui/src/components/codegen/IntegrationGenerator.jsx +855 -0
package/management-ui/src/components/codegen/ProjectScaffoldWizard.jsx +797 -0
package/management-ui/src/components/codegen/SchemaBuilder.jsx +303 -0
package/management-ui/src/components/codegen/TemplateSelector.jsx +586 -0
package/management-ui/src/components/codegen/index.js +10 -0
package/management-ui/src/components/connections/ConnectionConfigForm.jsx +362 -0
package/management-ui/src/components/connections/ConnectionHealthMonitor.jsx +182 -0
package/management-ui/src/components/connections/ConnectionTester.jsx +200 -0
package/management-ui/src/components/connections/EntityRelationshipMapper.jsx +292 -0
package/management-ui/src/components/connections/OAuthFlow.jsx +204 -0
package/management-ui/src/components/connections/index.js +5 -0
package/management-ui/src/components/index.js +21 -0
package/management-ui/src/components/monitoring/APIGatewayMetrics.jsx +222 -0
package/management-ui/src/components/monitoring/LambdaMetrics.jsx +169 -0
package/management-ui/src/components/monitoring/MetricsChart.jsx +197 -0
package/management-ui/src/components/monitoring/MonitoringDashboard.jsx +393 -0
package/management-ui/src/components/monitoring/SQSMetrics.jsx +246 -0
package/management-ui/src/components/monitoring/index.js +6 -0
package/management-ui/src/components/monitoring/monitoring.css +218 -0
package/management-ui/src/components/theme-provider.jsx +52 -0
package/management-ui/src/components/theme-toggle.jsx +39 -0
package/management-ui/src/components/ui/badge.tsx +36 -0
package/management-ui/src/components/ui/button.test.jsx +56 -0
package/management-ui/src/components/ui/button.tsx +57 -0
package/management-ui/src/components/ui/card.tsx +76 -0
package/management-ui/src/components/ui/dropdown-menu.tsx +199 -0
package/management-ui/src/components/ui/select.tsx +157 -0
package/management-ui/src/components/ui/skeleton.jsx +15 -0
package/management-ui/src/hooks/useFrigg.jsx +601 -0
package/management-ui/src/hooks/useSocket.jsx +58 -0
package/management-ui/src/index.css +193 -0
package/management-ui/src/lib/utils.ts +6 -0
package/management-ui/src/main.jsx +10 -0
package/management-ui/src/pages/CodeGeneration.jsx +14 -0
package/management-ui/src/pages/Connections.jsx +252 -0
package/management-ui/src/pages/ConnectionsEnhanced.jsx +633 -0
package/management-ui/src/pages/Dashboard.jsx +311 -0
package/management-ui/src/pages/Environment.jsx +314 -0
package/management-ui/src/pages/IntegrationConfigure.jsx +669 -0
package/management-ui/src/pages/IntegrationDiscovery.jsx +567 -0
package/management-ui/src/pages/IntegrationTest.jsx +742 -0
package/management-ui/src/pages/Integrations.jsx +253 -0
package/management-ui/src/pages/Monitoring.jsx +17 -0
package/management-ui/src/pages/Simulation.jsx +155 -0
package/management-ui/src/pages/Users.jsx +492 -0
package/management-ui/src/services/api.js +41 -0
package/management-ui/src/services/apiModuleService.js +193 -0
package/management-ui/src/services/websocket-handlers.js +120 -0
package/management-ui/src/test/api/project.test.js +273 -0
package/management-ui/src/test/components/Welcome.test.jsx +378 -0
package/management-ui/src/test/mocks/server.js +178 -0
package/management-ui/src/test/setup.js +61 -0
package/management-ui/src/test/utils/test-utils.jsx +134 -0
package/management-ui/src/utils/repository.js +98 -0
package/management-ui/src/utils/repository.test.js +118 -0
package/management-ui/src/workflows/phase2-integration-workflows.js +884 -0
package/management-ui/tailwind.config.js +63 -0
package/management-ui/tsconfig.json +37 -0
package/management-ui/tsconfig.node.json +10 -0
package/management-ui/vite.config.js +26 -0
package/management-ui/vitest.config.js +38 -0
package/package.json +20 -9
package/infrastructure/app-handler-helpers.js +0 -57
package/infrastructure/backend-utils.js +0 -90
package/infrastructure/routers/auth.js +0 -26
package/infrastructure/routers/integration-defined-routers.js +0 -37
package/infrastructure/routers/middleware/loadUser.js +0 -15
package/infrastructure/routers/middleware/requireLoggedInUser.js +0 -12
package/infrastructure/routers/user.js +0 -41
package/infrastructure/routers/websocket.js +0 -55
package/infrastructure/workers/integration-defined-workers.js +0 -24

package/infrastructure/iam-generator.test.js ADDED Viewed

@@ -0,0 +1,172 @@
+const { generateIAMCloudFormation, getFeatureSummary } = require('./iam-generator');
+describe('IAM Generator', () => {
+    describe('getFeatureSummary', () => {
+        it('should detect all features when enabled', () => {
+            const appDefinition = {
+                name: 'test-app',
+                integrations: ['Integration1', 'Integration2'],
+                vpc: { enable: true },
+                encryption: { fieldLevelEncryptionMethod: 'kms' },
+                ssm: { enable: true },
+                websockets: { enable: true }
+            };
+            const summary = getFeatureSummary(appDefinition);
+            expect(summary.appName).toBe('test-app');
+            expect(summary.integrationCount).toBe(2);
+            expect(summary.features.core).toBe(true);
+            expect(summary.features.vpc).toBe(true);
+            expect(summary.features.kms).toBe(true);
+            expect(summary.features.ssm).toBe(true);
+            expect(summary.features.websockets).toBe(true);
+        });
+        it('should detect minimal features when disabled', () => {
+            const appDefinition = {
+                integrations: []
+            };
+            const summary = getFeatureSummary(appDefinition);
+            expect(summary.appName).toBe('Unnamed Frigg App');
+            expect(summary.integrationCount).toBe(0);
+            expect(summary.features.core).toBe(true);
+            expect(summary.features.vpc).toBe(false);
+            expect(summary.features.kms).toBe(false);
+            expect(summary.features.ssm).toBe(false);
+            expect(summary.features.websockets).toBe(false);
+        });
+    });
+    describe('generateIAMCloudFormation', () => {
+        it('should generate valid CloudFormation YAML', () => {
+            const appDefinition = {
+                name: 'test-app',
+                integrations: [],
+                vpc: { enable: false },
+                encryption: { fieldLevelEncryptionMethod: 'aes' },
+                ssm: { enable: false },
+                websockets: { enable: false }
+            };
+            const yaml = generateIAMCloudFormation(appDefinition);
+            expect(yaml).toContain('AWSTemplateFormatVersion');
+            expect(yaml).toContain('FriggDeploymentUser');
+            expect(yaml).toContain('FriggCoreDeploymentPolicy');
+            expect(yaml).toContain('FriggDiscoveryPolicy');
+        });
+        it('should include VPC policy when VPC is enabled', () => {
+            const appDefinition = {
+                name: 'test-app',
+                integrations: [],
+                vpc: { enable: true }
+            };
+            const yaml = generateIAMCloudFormation(appDefinition);
+            expect(yaml).toContain('FriggVPCPolicy');
+            expect(yaml).toContain('CreateVPCPermissions');
+            expect(yaml).toContain('EnableVPCSupport');
+            expect(yaml).toContain('ec2:ReplaceRoute');
+        });
+        it('should include KMS policy when encryption is enabled', () => {
+            const appDefinition = {
+                name: 'test-app',
+                integrations: [],
+                encryption: { fieldLevelEncryptionMethod: 'kms' }
+            };
+            const yaml = generateIAMCloudFormation(appDefinition);
+            expect(yaml).toContain('FriggKMSPolicy');
+            expect(yaml).toContain('CreateKMSPermissions');
+            expect(yaml).toContain('EnableKMSSupport');
+            expect(yaml).toContain('FriggKMSKeyAlias');
+            expect(yaml).toContain('kms:CreateAlias');
+        });
+        it('should include SSM policy when SSM is enabled', () => {
+            const appDefinition = {
+                name: 'test-app',
+                integrations: [],
+                ssm: { enable: true }
+            };
+            const yaml = generateIAMCloudFormation(appDefinition);
+            expect(yaml).toContain('FriggSSMPolicy');
+            expect(yaml).toContain('CreateSSMPermissions');
+            expect(yaml).toContain('EnableSSMSupport');
+        });
+        it('should set correct default parameter values based on features', () => {
+            const appDefinition = {
+                name: 'test-app',
+                integrations: [],
+                vpc: { enable: true },
+                encryption: { fieldLevelEncryptionMethod: 'aes' },
+                ssm: { enable: true }
+            };
+            const yaml = generateIAMCloudFormation(appDefinition);
+            // Check parameter defaults match the enabled features
+            expect(yaml).toContain("Default: 'true'"); // VPC enabled
+            expect(yaml).toContain("Default: 'false'"); // KMS disabled
+            expect(yaml).toContain('alias/frigg-deployment');
+        });
+        it('should include all core permissions', () => {
+            const appDefinition = {
+                name: 'test-app',
+                integrations: []
+            };
+            const yaml = generateIAMCloudFormation(appDefinition);
+            // Check for core permissions
+            expect(yaml).toContain('cloudformation:CreateStack');
+            expect(yaml).toContain('cloudformation:ListStackResources');
+            expect(yaml).toContain('lambda:CreateFunction');
+            expect(yaml).toContain('iam:CreateRole');
+            expect(yaml).toContain('s3:CreateBucket');
+            expect(yaml).toContain('sqs:CreateQueue');
+            expect(yaml).toContain('sns:CreateTopic');
+            expect(yaml).toContain('logs:CreateLogGroup');
+            expect(yaml).toContain('apigateway:POST');
+            expect(yaml).toContain('lambda:ListVersionsByFunction');
+            expect(yaml).toContain('iam:ListPolicyVersions');
+        });
+        it('should include internal-error-queue pattern in SQS resources', () => {
+            const appDefinition = {
+                name: 'test-app',
+                integrations: []
+            };
+            const yaml = generateIAMCloudFormation(appDefinition);
+            expect(yaml).toContain('internal-error-queue-*');
+        });
+        it('should generate outputs section', () => {
+            const appDefinition = {
+                name: 'test-app',
+                integrations: []
+            };
+            const yaml = generateIAMCloudFormation(appDefinition);
+            expect(yaml).toContain('Outputs:');
+            expect(yaml).toContain('DeploymentUserArn:');
+            expect(yaml).toContain('AccessKeyId:');
+            expect(yaml).toContain('SecretAccessKeyCommand:');
+            expect(yaml).toContain('CredentialsSecretArn:');
+        });
+    });
+});

package/infrastructure/iam-policy-basic.json ADDED Viewed

@@ -0,0 +1,218 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "AWSDiscoveryPermissions",
+      "Effect": "Allow",
+      "Action": [
+        "sts:GetCallerIdentity",
+        "ec2:DescribeVpcs",
+        "ec2:DescribeSubnets",
+        "ec2:DescribeSecurityGroups",
+        "ec2:DescribeRouteTables",
+        "kms:ListKeys",
+        "kms:DescribeKey"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "CloudFormationFriggStacks",
+      "Effect": "Allow",
+      "Action": [
+        "cloudformation:CreateStack",
+        "cloudformation:UpdateStack",
+        "cloudformation:DeleteStack",
+        "cloudformation:DescribeStacks",
+        "cloudformation:DescribeStackEvents",
+        "cloudformation:DescribeStackResources",
+        "cloudformation:DescribeStackResource",
+        "cloudformation:ListStackResources",
+        "cloudformation:GetTemplate",
+        "cloudformation:ValidateTemplate",
+        "cloudformation:DescribeChangeSet",
+        "cloudformation:CreateChangeSet",
+        "cloudformation:DeleteChangeSet",
+        "cloudformation:ExecuteChangeSet"
+      ],
+      "Resource": [
+        "arn:aws:cloudformation:*:*:stack/*frigg*/*"
+      ]
+    },
+    {
+      "Sid": "S3DeploymentBucket",
+      "Effect": "Allow",
+      "Action": [
+        "s3:CreateBucket",
+        "s3:PutObject",
+        "s3:GetObject",
+        "s3:DeleteObject",
+        "s3:PutBucketPolicy",
+        "s3:PutBucketVersioning",
+        "s3:PutBucketPublicAccessBlock",
+        "s3:GetBucketLocation",
+        "s3:ListBucket",
+        "s3:PutBucketTagging",
+        "s3:GetBucketTagging"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*serverless*",
+        "arn:aws:s3:::*serverless*/*"
+      ]
+    },
+    {
+      "Sid": "LambdaFriggFunctions",
+      "Effect": "Allow",
+      "Action": [
+        "lambda:CreateFunction",
+        "lambda:UpdateFunctionCode",
+        "lambda:UpdateFunctionConfiguration",
+        "lambda:DeleteFunction",
+        "lambda:GetFunction",
+        "lambda:ListFunctions",
+        "lambda:PublishVersion",
+        "lambda:CreateAlias",
+        "lambda:UpdateAlias",
+        "lambda:DeleteAlias",
+        "lambda:GetAlias",
+        "lambda:AddPermission",
+        "lambda:RemovePermission",
+        "lambda:GetPolicy",
+        "lambda:PutProvisionedConcurrencyConfig",
+        "lambda:DeleteProvisionedConcurrencyConfig",
+        "lambda:PutConcurrency",
+        "lambda:DeleteConcurrency",
+        "lambda:TagResource",
+        "lambda:UntagResource",
+        "lambda:ListVersionsByFunction"
+      ],
+      "Resource": [
+        "arn:aws:lambda:*:*:function:*frigg*"
+      ]
+    },
+    {
+      "Sid": "FriggLambdaEventSourceMapping",
+      "Effect": "Allow",
+      "Action": [
+        "lambda:CreateEventSourceMapping",
+        "lambda:DeleteEventSourceMapping",
+        "lambda:GetEventSourceMapping",
+        "lambda:UpdateEventSourceMapping",
+        "lambda:ListEventSourceMappings"
+      ],
+      "Resource": [
+        "arn:aws:lambda:*:*:event-source-mapping:*"
+      ]
+    },
+    {
+      "Sid": "IAMRolesForFriggLambda",
+      "Effect": "Allow",
+      "Action": [
+        "iam:CreateRole",
+        "iam:DeleteRole",
+        "iam:GetRole",
+        "iam:PassRole",
+        "iam:PutRolePolicy",
+        "iam:DeleteRolePolicy",
+        "iam:GetRolePolicy",
+        "iam:AttachRolePolicy",
+        "iam:DetachRolePolicy",
+        "iam:TagRole",
+        "iam:UntagRole"
+      ],
+      "Resource": [
+        "arn:aws:iam::*:role/*frigg*",
+        "arn:aws:iam::*:role/*frigg*LambdaRole*"
+      ]
+    },
+    {
+      "Sid": "IAMPolicyVersionPermissions",
+      "Effect": "Allow",
+      "Action": [
+        "iam:ListPolicyVersions"
+      ],
+      "Resource": [
+        "arn:aws:iam::*:policy/*"
+      ]
+    },
+    {
+      "Sid": "FriggMessagingServices",
+      "Effect": "Allow",
+      "Action": [
+        "sqs:CreateQueue",
+        "sqs:DeleteQueue",
+        "sqs:GetQueueAttributes",
+        "sqs:SetQueueAttributes",
+        "sqs:GetQueueUrl",
+        "sqs:TagQueue",
+        "sqs:UntagQueue"
+      ],
+      "Resource": [
+        "arn:aws:sqs:*:*:*frigg*",
+        "arn:aws:sqs:*:*:internal-error-queue-*"
+      ]
+    },
+    {
+      "Sid": "FriggSNSTopics",
+      "Effect": "Allow",
+      "Action": [
+        "sns:CreateTopic",
+        "sns:DeleteTopic",
+        "sns:GetTopicAttributes",
+        "sns:SetTopicAttributes",
+        "sns:Subscribe",
+        "sns:Unsubscribe",
+        "sns:ListSubscriptionsByTopic",
+        "sns:TagResource",
+        "sns:UntagResource"
+      ],
+      "Resource": [
+        "arn:aws:sns:*:*:*frigg*"
+      ]
+    },
+    {
+      "Sid": "FriggMonitoringAndLogs",
+      "Effect": "Allow",
+      "Action": [
+        "cloudwatch:PutMetricAlarm",
+        "cloudwatch:DeleteAlarms",
+        "cloudwatch:DescribeAlarms",
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:DeleteLogGroup",
+        "logs:DescribeLogGroups",
+        "logs:DescribeLogStreams",
+        "logs:FilterLogEvents",
+        "logs:PutLogEvents",
+        "logs:PutRetentionPolicy"
+      ],
+      "Resource": [
+        "arn:aws:logs:*:*:log-group:/aws/lambda/*frigg*",
+        "arn:aws:logs:*:*:log-group:/aws/lambda/*frigg*:*",
+        "arn:aws:cloudwatch:*:*:alarm:*frigg*"
+      ]
+    },
+    {
+      "Sid": "FriggAPIGateway",
+      "Effect": "Allow",
+      "Action": [
+        "apigateway:POST",
+        "apigateway:PUT",
+        "apigateway:DELETE",
+        "apigateway:GET",
+        "apigateway:PATCH",
+        "apigateway:TagResource",
+        "apigateway:UntagResource"
+      ],
+      "Resource": [
+        "arn:aws:apigateway:*::/restapis",
+        "arn:aws:apigateway:*::/restapis/*",
+        "arn:aws:apigateway:*::/apis",
+        "arn:aws:apigateway:*::/apis/*",
+        "arn:aws:apigateway:*::/apis/*/stages",
+        "arn:aws:apigateway:*::/apis/*/stages/*",
+        "arn:aws:apigateway:*::/domainnames",
+        "arn:aws:apigateway:*::/domainnames/*"
+      ]
+    }
+  ]
+}

package/infrastructure/iam-policy-full.json ADDED Viewed

@@ -0,0 +1,288 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "AWSDiscoveryPermissions",
+      "Effect": "Allow",
+      "Action": [
+        "sts:GetCallerIdentity",
+        "ec2:DescribeVpcs",
+        "ec2:DescribeSubnets",
+        "ec2:DescribeSecurityGroups",
+        "ec2:DescribeRouteTables",
+        "kms:ListKeys",
+        "kms:DescribeKey"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "CloudFormationFriggStacks",
+      "Effect": "Allow",
+      "Action": [
+        "cloudformation:CreateStack",
+        "cloudformation:UpdateStack",
+        "cloudformation:DeleteStack",
+        "cloudformation:DescribeStacks",
+        "cloudformation:DescribeStackEvents",
+        "cloudformation:DescribeStackResources",
+        "cloudformation:DescribeStackResource",
+        "cloudformation:ListStackResources",
+        "cloudformation:GetTemplate",
+        "cloudformation:ValidateTemplate",
+        "cloudformation:DescribeChangeSet",
+        "cloudformation:CreateChangeSet",
+        "cloudformation:DeleteChangeSet",
+        "cloudformation:ExecuteChangeSet"
+      ],
+      "Resource": [
+        "arn:aws:cloudformation:*:*:stack/*frigg*/*"
+      ]
+    },
+    {
+      "Sid": "S3DeploymentBucket",
+      "Effect": "Allow",
+      "Action": [
+        "s3:CreateBucket",
+        "s3:PutObject",
+        "s3:GetObject",
+        "s3:DeleteObject",
+        "s3:PutBucketPolicy",
+        "s3:PutBucketVersioning",
+        "s3:PutBucketPublicAccessBlock",
+        "s3:GetBucketLocation",
+        "s3:ListBucket",
+        "s3:PutBucketTagging",
+        "s3:GetBucketTagging"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*serverless*",
+        "arn:aws:s3:::*serverless*/*"
+      ]
+    },
+    {
+      "Sid": "LambdaFriggFunctions",
+      "Effect": "Allow",
+      "Action": [
+        "lambda:CreateFunction",
+        "lambda:UpdateFunctionCode",
+        "lambda:UpdateFunctionConfiguration",
+        "lambda:DeleteFunction",
+        "lambda:GetFunction",
+        "lambda:ListFunctions",
+        "lambda:PublishVersion",
+        "lambda:CreateAlias",
+        "lambda:UpdateAlias",
+        "lambda:DeleteAlias",
+        "lambda:GetAlias",
+        "lambda:AddPermission",
+        "lambda:RemovePermission",
+        "lambda:GetPolicy",
+        "lambda:PutProvisionedConcurrencyConfig",
+        "lambda:DeleteProvisionedConcurrencyConfig",
+        "lambda:PutConcurrency",
+        "lambda:DeleteConcurrency",
+        "lambda:TagResource",
+        "lambda:UntagResource",
+        "lambda:ListVersionsByFunction"
+      ],
+      "Resource": [
+        "arn:aws:lambda:*:*:function:*frigg*"
+      ]
+    },
+    {
+      "Sid": "FriggLambdaEventSourceMapping",
+      "Effect": "Allow",
+      "Action": [
+        "lambda:CreateEventSourceMapping",
+        "lambda:DeleteEventSourceMapping",
+        "lambda:GetEventSourceMapping",
+        "lambda:UpdateEventSourceMapping",
+        "lambda:ListEventSourceMappings"
+      ],
+      "Resource": [
+        "arn:aws:lambda:*:*:event-source-mapping:*"
+      ]
+    },
+    {
+      "Sid": "IAMRolesForFriggLambda",
+      "Effect": "Allow",
+      "Action": [
+        "iam:CreateRole",
+        "iam:DeleteRole",
+        "iam:GetRole",
+        "iam:PassRole",
+        "iam:PutRolePolicy",
+        "iam:DeleteRolePolicy",
+        "iam:GetRolePolicy",
+        "iam:AttachRolePolicy",
+        "iam:DetachRolePolicy",
+        "iam:TagRole",
+        "iam:UntagRole"
+      ],
+      "Resource": [
+        "arn:aws:iam::*:role/*frigg*",
+        "arn:aws:iam::*:role/*frigg*LambdaRole*"
+      ]
+    },
+    {
+      "Sid": "IAMPolicyVersionPermissions",
+      "Effect": "Allow",
+      "Action": [
+        "iam:ListPolicyVersions"
+      ],
+      "Resource": [
+        "arn:aws:iam::*:policy/*"
+      ]
+    },
+    {
+      "Sid": "FriggMessagingServices",
+      "Effect": "Allow",
+      "Action": [
+        "sqs:CreateQueue",
+        "sqs:DeleteQueue",
+        "sqs:GetQueueAttributes",
+        "sqs:SetQueueAttributes",
+        "sqs:GetQueueUrl",
+        "sqs:TagQueue",
+        "sqs:UntagQueue"
+      ],
+      "Resource": [
+        "arn:aws:sqs:*:*:*frigg*",
+        "arn:aws:sqs:*:*:internal-error-queue-*"
+      ]
+    },
+    {
+      "Sid": "FriggSNSTopics",
+      "Effect": "Allow",
+      "Action": [
+        "sns:CreateTopic",
+        "sns:DeleteTopic",
+        "sns:GetTopicAttributes",
+        "sns:SetTopicAttributes",
+        "sns:Subscribe",
+        "sns:Unsubscribe",
+        "sns:ListSubscriptionsByTopic",
+        "sns:TagResource",
+        "sns:UntagResource"
+      ],
+      "Resource": [
+        "arn:aws:sns:*:*:*frigg*"
+      ]
+    },
+    {
+      "Sid": "FriggMonitoringAndLogs",
+      "Effect": "Allow",
+      "Action": [
+        "cloudwatch:PutMetricAlarm",
+        "cloudwatch:DeleteAlarms",
+        "cloudwatch:DescribeAlarms",
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:DeleteLogGroup",
+        "logs:DescribeLogGroups",
+        "logs:DescribeLogStreams",
+        "logs:FilterLogEvents",
+        "logs:PutLogEvents",
+        "logs:PutRetentionPolicy"
+      ],
+      "Resource": [
+        "arn:aws:logs:*:*:log-group:/aws/lambda/*frigg*",
+        "arn:aws:logs:*:*:log-group:/aws/lambda/*frigg*:*",
+        "arn:aws:cloudwatch:*:*:alarm:*frigg*"
+      ]
+    },
+    {
+      "Sid": "FriggAPIGateway",
+      "Effect": "Allow",
+      "Action": [
+        "apigateway:POST",
+        "apigateway:PUT",
+        "apigateway:DELETE",
+        "apigateway:GET",
+        "apigateway:PATCH",
+        "apigateway:TagResource",
+        "apigateway:UntagResource"
+      ],
+      "Resource": [
+        "arn:aws:apigateway:*::/restapis",
+        "arn:aws:apigateway:*::/restapis/*",
+        "arn:aws:apigateway:*::/apis",
+        "arn:aws:apigateway:*::/apis/*",
+        "arn:aws:apigateway:*::/apis/*/stages",
+        "arn:aws:apigateway:*::/apis/*/stages/*",
+        "arn:aws:apigateway:*::/domainnames",
+        "arn:aws:apigateway:*::/domainnames/*"
+      ]
+    },
+    {
+      "Sid": "FriggVPCDeploymentPermissions",
+      "Effect": "Allow",
+      "Action": [
+        "ec2:CreateVpcEndpoint",
+        "ec2:DeleteVpcEndpoint",
+        "ec2:DescribeVpcEndpoints",
+        "ec2:ModifyVpcEndpoint",
+        "ec2:CreateNatGateway",
+        "ec2:DeleteNatGateway",
+        "ec2:DescribeNatGateways",
+        "ec2:AllocateAddress",
+        "ec2:ReleaseAddress",
+        "ec2:DescribeAddresses",
+        "ec2:CreateRouteTable",
+        "ec2:DeleteRouteTable",
+        "ec2:DescribeRouteTables",
+        "ec2:CreateRoute",
+        "ec2:DeleteRoute",
+        "ec2:AssociateRouteTable",
+        "ec2:DisassociateRouteTable",
+        "ec2:CreateSecurityGroup",
+        "ec2:DeleteSecurityGroup",
+        "ec2:AuthorizeSecurityGroupEgress",
+        "ec2:AuthorizeSecurityGroupIngress",
+        "ec2:RevokeSecurityGroupEgress",
+        "ec2:RevokeSecurityGroupIngress",
+        "ec2:CreateTags",
+        "ec2:DeleteTags",
+        "ec2:DescribeTags"
+      ],
+      "Resource": "*",
+      "Condition": {
+        "StringLike": {
+          "aws:RequestTag/Name": "*frigg*"
+        }
+      }
+    },
+    {
+      "Sid": "FriggKMSEncryptionPermissions",
+      "Effect": "Allow",
+      "Action": [
+        "kms:GenerateDataKey",
+        "kms:Decrypt"
+      ],
+      "Resource": [
+        "arn:aws:kms:*:*:key/*"
+      ],
+      "Condition": {
+        "StringEquals": {
+          "kms:ViaService": [
+            "lambda.*.amazonaws.com",
+            "s3.*.amazonaws.com"
+          ]
+        }
+      }
+    },
+    {
+      "Sid": "FriggSSMParameterAccess",
+      "Effect": "Allow",
+      "Action": [
+        "ssm:GetParameter",
+        "ssm:GetParameters",
+        "ssm:GetParametersByPath"
+      ],
+      "Resource": [
+        "arn:aws:ssm:*:*:parameter/*frigg*",
+        "arn:aws:ssm:*:*:parameter/*frigg*/*"
+      ]
+    }
+  ]
+}