@fy-stack/cli 0.0.131

package/README.md

@@ -0,0 +1,7 @@
+# cli
+
+This library was generated with [Nx](https://nx.dev).
+
+## Building
+
+Run `nx build cli` to build the library.

package/dist/assets/get-cdk-json.d.ts

@@ -0,0 +1,72 @@
+type GetCdkJsonParams = {
+    command: string;
+    include?: string[];
+    exclude?: string[];
+};
+export declare function getCdkJson(params: GetCdkJsonParams): {
+    app: string;
+    watch: {
+        include: string[];
+        exclude: string[];
+    };
+    context: {
+        "@aws-cdk/aws-lambda:recognizeLayerVersion": boolean;
+        "@aws-cdk/core:checkSecretUsage": boolean;
+        "@aws-cdk/core:target-partitions": string[];
+        "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": boolean;
+        "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": boolean;
+        "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": boolean;
+        "@aws-cdk/aws-iam:minimizePolicies": boolean;
+        "@aws-cdk/core:validateSnapshotRemovalPolicy": boolean;
+        "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": boolean;
+        "@aws-cdk/aws-s3:createDefaultLoggingPolicy": boolean;
+        "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": boolean;
+        "@aws-cdk/aws-apigateway:disableCloudWatchRole": boolean;
+        "@aws-cdk/core:enablePartitionLiterals": boolean;
+        "@aws-cdk/aws-events:eventsTargetQueueSameAccount": boolean;
+        "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": boolean;
+        "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": boolean;
+        "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": boolean;
+        "@aws-cdk/aws-route53-patters:useCertificate": boolean;
+        "@aws-cdk/customresources:installLatestAwsSdkDefault": boolean;
+        "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": boolean;
+        "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": boolean;
+        "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": boolean;
+        "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": boolean;
+        "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": boolean;
+        "@aws-cdk/aws-redshift:columnId": boolean;
+        "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": boolean;
+        "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": boolean;
+        "@aws-cdk/aws-apigateway:requestValidatorUniqueId": boolean;
+        "@aws-cdk/aws-kms:aliasNameRef": boolean;
+        "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": boolean;
+        "@aws-cdk/core:includePrefixInUniqueNameGeneration": boolean;
+        "@aws-cdk/aws-efs:denyAnonymousAccess": boolean;
+        "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": boolean;
+        "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": boolean;
+        "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": boolean;
+        "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": boolean;
+        "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": boolean;
+        "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": boolean;
+        "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": boolean;
+        "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": boolean;
+        "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": boolean;
+        "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": boolean;
+        "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": boolean;
+        "@aws-cdk/aws-eks:nodegroupNameAttribute": boolean;
+        "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": boolean;
+        "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": boolean;
+        "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": boolean;
+        "@aws-cdk/aws-s3:keepNotificationInImportedBucket": boolean;
+        "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": boolean;
+        "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": boolean;
+        "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": boolean;
+        "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": boolean;
+        "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": boolean;
+        "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": boolean;
+        "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": boolean;
+        "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": boolean;
+    };
+};
+export {};
+//# sourceMappingURL=get-cdk-json.d.ts.map

package/dist/assets/get-cdk-json.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-cdk-json.d.ts","sourceRoot":"","sources":["../../src/assets/get-cdk-json.ts"],"names":[],"mappings":"AAAA,KAAK,gBAAgB,GAAG;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB,CAAA;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA4ElD"}

package/dist/assets/get-cdk-json.js

@@ -0,0 +1,79 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCdkJson = getCdkJson;
+function getCdkJson(params) {
+    return {
+        "app": params.command,
+        "watch": {
+            "include": params.include ?? ["**"],
+            "exclude": params.exclude ?? [
+                "README.md",
+                "cdk*.json",
+                "package*.json",
+                "yarn.lock",
+                "node_modules",
+            ]
+        },
+        "context": {
+            "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+            "@aws-cdk/core:checkSecretUsage": true,
+            "@aws-cdk/core:target-partitions": [
+                "aws",
+                "aws-cn"
+            ],
+            "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+            "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+            "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+            "@aws-cdk/aws-iam:minimizePolicies": true,
+            "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+            "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+            "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+            "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+            "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+            "@aws-cdk/core:enablePartitionLiterals": true,
+            "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+            "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+            "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+            "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+            "@aws-cdk/aws-route53-patters:useCertificate": true,
+            "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+            "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+            "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+            "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+            "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+            "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+            "@aws-cdk/aws-redshift:columnId": true,
+            "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+            "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+            "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+            "@aws-cdk/aws-kms:aliasNameRef": true,
+            "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+            "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+            "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+            "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+            "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+            "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
+            "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
+            "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
+            "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
+            "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
+            "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true,
+            "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true,
+            "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
+            "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
+            "@aws-cdk/aws-eks:nodegroupNameAttribute": true,
+            "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
+            "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
+            "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
+            "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false,
+            "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true,
+            "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": true,
+            "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true,
+            "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true,
+            "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true,
+            "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true,
+            "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true,
+            "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true
+        }
+    };
+}

package/dist/assets/get-infra.js.d.ts

@@ -0,0 +1,9 @@
+type GetInfraFileParams = {
+    app: string;
+};
+export declare function getInfra(params: GetInfraFileParams): {
+    infraFile: string;
+    cdkJsonFile: string;
+};
+export {};
+//# sourceMappingURL=get-infra.js.d.ts.map

package/dist/assets/get-infra.js.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-infra.js.d.ts","sourceRoot":"","sources":["../../src/assets/get-infra.js.ts"],"names":[],"mappings":"AAEA,KAAK,kBAAkB,GAAG;IACxB,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,wBAAgB,QAAQ,CAAC,MAAM,EAAE,kBAAkB;;;EAoClD"}

package/dist/assets/get-infra.js.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getInfra = getInfra;
+const get_cdk_json_1 = require("./get-cdk-json");
+function getInfra(params) {
+    const infraFile = `#!/usr/bin/env node
+const cdk = require("aws-cdk-lib");
+const { FullStackConstruct, AppType } = require("@fy-stack/fullstack-construct");
+
+const env = {
+  account: process.env.CDK_DEFAULT_ACCOUNT,
+  region: process.env.CDK_DEFAULT_REGION,
+};
+
+class AppStack extends cdk.Stack {
+  constructor(scope, id, props) {
+    super(scope, id, props);
+
+    const app = new FullStackConstruct(this, "App", {
+      storage: { retainOnDelete: false, },
+      apps: {},
+    });
+
+    cdk.Tags.of(this).add("App", "${params.app}");
+  }
+}
+
+const app = new cdk.App();
+new AppStack(
+  app,
+  "app",
+  { env, stackName: "<generate-stack-name>" }
+);`;
+    const cdkJsonFile = JSON.stringify((0, get_cdk_json_1.getCdkJson)({
+        command: 'node infra.js',
+    }), null, 2);
+    return { infraFile, cdkJsonFile };
+}

package/dist/commands/assets/get-cdk-json.d.ts

@@ -0,0 +1,72 @@
+type GetCdkJsonParams = {
+    command: string;
+    include?: string[];
+    exclude?: string[];
+};
+export declare function getCdkJson(params: GetCdkJsonParams): {
+    app: string;
+    watch: {
+        include: string[];
+        exclude: string[];
+    };
+    context: {
+        "@aws-cdk/aws-lambda:recognizeLayerVersion": boolean;
+        "@aws-cdk/core:checkSecretUsage": boolean;
+        "@aws-cdk/core:target-partitions": string[];
+        "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": boolean;
+        "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": boolean;
+        "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": boolean;
+        "@aws-cdk/aws-iam:minimizePolicies": boolean;
+        "@aws-cdk/core:validateSnapshotRemovalPolicy": boolean;
+        "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": boolean;
+        "@aws-cdk/aws-s3:createDefaultLoggingPolicy": boolean;
+        "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": boolean;
+        "@aws-cdk/aws-apigateway:disableCloudWatchRole": boolean;
+        "@aws-cdk/core:enablePartitionLiterals": boolean;
+        "@aws-cdk/aws-events:eventsTargetQueueSameAccount": boolean;
+        "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": boolean;
+        "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": boolean;
+        "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": boolean;
+        "@aws-cdk/aws-route53-patters:useCertificate": boolean;
+        "@aws-cdk/customresources:installLatestAwsSdkDefault": boolean;
+        "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": boolean;
+        "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": boolean;
+        "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": boolean;
+        "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": boolean;
+        "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": boolean;
+        "@aws-cdk/aws-redshift:columnId": boolean;
+        "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": boolean;
+        "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": boolean;
+        "@aws-cdk/aws-apigateway:requestValidatorUniqueId": boolean;
+        "@aws-cdk/aws-kms:aliasNameRef": boolean;
+        "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": boolean;
+        "@aws-cdk/core:includePrefixInUniqueNameGeneration": boolean;
+        "@aws-cdk/aws-efs:denyAnonymousAccess": boolean;
+        "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": boolean;
+        "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": boolean;
+        "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": boolean;
+        "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": boolean;
+        "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": boolean;
+        "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": boolean;
+        "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": boolean;
+        "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": boolean;
+        "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": boolean;
+        "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": boolean;
+        "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": boolean;
+        "@aws-cdk/aws-eks:nodegroupNameAttribute": boolean;
+        "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": boolean;
+        "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": boolean;
+        "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": boolean;
+        "@aws-cdk/aws-s3:keepNotificationInImportedBucket": boolean;
+        "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": boolean;
+        "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": boolean;
+        "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": boolean;
+        "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": boolean;
+        "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": boolean;
+        "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": boolean;
+        "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": boolean;
+        "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": boolean;
+    };
+};
+export {};
+//# sourceMappingURL=get-cdk-json.d.ts.map

package/dist/commands/assets/get-cdk-json.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-cdk-json.d.ts","sourceRoot":"","sources":["../../../src/commands/assets/get-cdk-json.ts"],"names":[],"mappings":"AAAA,KAAK,gBAAgB,GAAG;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB,CAAA;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6ElD"}

package/dist/commands/assets/get-cdk-json.js

@@ -0,0 +1,80 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCdkJson = getCdkJson;
+function getCdkJson(params) {
+    return {
+        "app": params.command,
+        "watch": {
+            "include": params.include ?? ["**"],
+            "exclude": params.exclude ?? [
+                "README.md",
+                "cdk*.json",
+                "jest.config.js",
+                "package*.json",
+                "yarn.lock",
+                "node_modules",
+            ]
+        },
+        "context": {
+            "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+            "@aws-cdk/core:checkSecretUsage": true,
+            "@aws-cdk/core:target-partitions": [
+                "aws",
+                "aws-cn"
+            ],
+            "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+            "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+            "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+            "@aws-cdk/aws-iam:minimizePolicies": true,
+            "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+            "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+            "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+            "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+            "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+            "@aws-cdk/core:enablePartitionLiterals": true,
+            "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+            "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+            "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+            "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+            "@aws-cdk/aws-route53-patters:useCertificate": true,
+            "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+            "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+            "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+            "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+            "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+            "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+            "@aws-cdk/aws-redshift:columnId": true,
+            "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+            "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+            "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+            "@aws-cdk/aws-kms:aliasNameRef": true,
+            "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+            "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+            "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+            "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+            "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+            "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
+            "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
+            "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
+            "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
+            "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
+            "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true,
+            "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true,
+            "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
+            "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
+            "@aws-cdk/aws-eks:nodegroupNameAttribute": true,
+            "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
+            "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
+            "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
+            "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false,
+            "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true,
+            "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": true,
+            "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true,
+            "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true,
+            "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true,
+            "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true,
+            "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true,
+            "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true
+        }
+    };
+}

package/dist/commands/assets/get-infra.js.d.ts

@@ -0,0 +1,10 @@
+type GetInfraFileParams = {
+    app: string;
+    domain?: string;
+};
+export declare function getInfra(params: GetInfraFileParams): {
+    infraFile: string;
+    cdkJsonFile: string;
+};
+export {};
+//# sourceMappingURL=get-infra.js.d.ts.map

package/dist/commands/assets/get-infra.js.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-infra.js.d.ts","sourceRoot":"","sources":["../../../src/commands/assets/get-infra.js.ts"],"names":[],"mappings":"AAEA,KAAK,kBAAkB,GAAG;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,wBAAgB,QAAQ,CAAC,MAAM,EAAE,kBAAkB;;;EAyClD"}

package/dist/commands/assets/get-infra.js.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getInfra = getInfra;
+const get_cdk_json_1 = require("./get-cdk-json");
+function getInfra(params) {
+    const infraFile = `#!/usr/bin/env node
+const cdk = require("aws-cdk-lib");
+const { FullStackConstruct, AppType } = require("@fy-stack/fullstack-construct");
+
+const env = {
+  account: process.env.CDK_DEFAULT_ACCOUNT,
+  region: process.env.CDK_DEFAULT_REGION
+};
+
+const environment = process.env.ENVIRONMENT
+if (!environment) throw new Error("ENVIRONMENT is required");
+
+class AppStack extends cdk.Stack {
+  constructor(scope, id, props) {
+    super(scope, id, props);
+    
+    ${params.domain ? `const domainName = ${params.domain}` : ''}
+
+    const app = new FullStackConstruct(this, "App", {
+      storage: { retainOnDelete: false },
+      apps: {}
+    });
+
+    cdk.Tags.of(this).add("App", "${params.app}");
+  }
+}
+
+const app = new cdk.App();
+new AppStack(
+  app,
+  "app",
+  { env, stackName: \`${params.app}-\${process.env.ENVIRONMENT}\` }
+);`;
+    const cdkJsonFile = JSON.stringify((0, get_cdk_json_1.getCdkJson)({
+        command: 'node infra.js',
+    }), null, 2);
+    return { infraFile, cdkJsonFile };
+}

package/dist/commands/assets/get-yaml-file.d.ts

@@ -0,0 +1,8 @@
+type GetYamlFileProps = {
+    app: string;
+    roleArn: string;
+    region: string;
+};
+export declare function getYAMLFile(props: GetYamlFileProps): string;
+export {};
+//# sourceMappingURL=get-yaml-file.d.ts.map

package/dist/commands/assets/get-yaml-file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-yaml-file.d.ts","sourceRoot":"","sources":["../../../src/commands/assets/get-yaml-file.ts"],"names":[],"mappings":"AAAA,KAAK,gBAAgB,GAAG;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,wBAAgB,WAAW,CAAC,KAAK,EAAE,gBAAgB,UA4ClD"}

package/dist/commands/assets/get-yaml-file.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getYAMLFile = getYAMLFile;
+function getYAMLFile(props) {
+    return `# Run on push to branch
+name: Build and Deploy
+
+on:
+  push:
+    branches:
+      - main
+      # add additional branch names if needed
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy:
+    environment: \${{ (github.ref_name == 'main' && 'production') }}
+    env:
+      STACK_NAME: \${{ format('${props.app}-{0}', (github.head_ref || github.ref_name)) }}
+      ENVIRONMENT: \${{ (github.ref_name == 'main' && 'production') || github.ref_name }}
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # setup aws credentials using aws role and region
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-skip-session-tagging: true
+          role-to-assume: ${props.roleArn}
+          aws-region: ${props.region}
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Deploy Apps
+        run: npx cdk deploy --require-approval never`;
+}

package/dist/commands/github-aws-construct.d.ts

@@ -0,0 +1,12 @@
+import { Construct } from 'constructs';
+type GithubAwsConstructProps = {
+    /**
+     * Github repo name e.t.c. GitHubOrg/GitHubRepo:ref:refs/heads/GitHubBranch
+     * */
+    repo: string;
+};
+export declare class GithubAwsConstruct extends Construct {
+    constructor(scope: Construct, id: string, props: GithubAwsConstructProps);
+}
+export {};
+//# sourceMappingURL=github-aws-construct.d.ts.map

package/dist/commands/github-aws-construct.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-aws-construct.d.ts","sourceRoot":"","sources":["../../src/commands/github-aws-construct.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAGvC,KAAK,uBAAuB,GAAG;IAC7B;;SAEK;IACL,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED,qBAAa,kBAAmB,SAAQ,SAAS;gBAEnC,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,uBAAuB;CA0BzE"}

package/dist/commands/github-aws-construct.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GithubAwsConstruct = void 0;
+const tslib_1 = require("tslib");
+const iam = tslib_1.__importStar(require("aws-cdk-lib/aws-iam"));
+const constructs_1 = require("constructs");
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+class GithubAwsConstruct extends constructs_1.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const provider = new iam.OpenIdConnectProvider(this, 'GithubProvider', {
+            url: 'https://token.actions.githubusercontent.com',
+            clientIds: ['sts.amazonaws.com']
+        });
+        const role = new iam.Role(this, 'GithubRole', {
+            assumedBy: new iam.FederatedPrincipal(provider.openIdConnectProviderArn, {
+                StringEquals: {
+                    "token.actions.githubusercontent.com:aud": "sts.amazonaws.com",
+                    "token.actions.githubusercontent.com:sub": `repo:${props.repo}`
+                }
+            }, "sts:AssumeRoleWithWebIdentity"),
+        });
+        new aws_cdk_lib_1.CfnOutput(this, 'RoleArn', {
+            key: 'roleArn',
+            value: role.roleArn
+        });
+    }
+}
+exports.GithubAwsConstruct = GithubAwsConstruct;

package/dist/commands/github-aws-stack.d.ts

@@ -0,0 +1,13 @@
+import { Construct } from 'constructs';
+import { Stack, StackProps } from 'aws-cdk-lib';
+type GithubAwsConstructProps = StackProps & {
+    /**
+     * Github repo name e.t.c. GitHubOrg/GitHubRepo:ref:refs/heads/GitHubBranch
+     * */
+    repo: string;
+};
+export declare class GithubAwsStack extends Stack {
+    constructor(scope: Construct, id: string, props: GithubAwsConstructProps);
+}
+export {};
+//# sourceMappingURL=github-aws-stack.d.ts.map

package/dist/commands/github-aws-stack.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-aws-stack.d.ts","sourceRoot":"","sources":["../../src/commands/github-aws-stack.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAa,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE3D,KAAK,uBAAuB,GAAG,UAAU,GAAG;IAC1C;;SAEK;IACL,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED,qBAAa,cAAe,SAAQ,KAAK;gBAE3B,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,uBAAuB;CA0BzE"}

package/dist/commands/github-aws-stack.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GithubAwsStack = void 0;
+const tslib_1 = require("tslib");
+const iam = tslib_1.__importStar(require("aws-cdk-lib/aws-iam"));
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+class GithubAwsStack extends aws_cdk_lib_1.Stack {
+    constructor(scope, id, props) {
+        super(scope, id, props);
+        const provider = new iam.OpenIdConnectProvider(this, 'GithubProvider', {
+            url: 'https://token.actions.githubusercontent.com',
+            clientIds: ['sts.amazonaws.com']
+        });
+        const role = new iam.Role(this, 'GithubRole', {
+            assumedBy: new iam.FederatedPrincipal(provider.openIdConnectProviderArn, {
+                StringEquals: {
+                    "token.actions.githubusercontent.com:aud": "sts.amazonaws.com",
+                    "token.actions.githubusercontent.com:sub": `repo:${props.repo}`
+                }
+            }, "sts:AssumeRoleWithWebIdentity"),
+        });
+        new aws_cdk_lib_1.CfnOutput(this, 'RoleArn', {
+            key: 'roleArn',
+            value: role.roleArn
+        });
+    }
+}
+exports.GithubAwsStack = GithubAwsStack;

package/dist/commands/init-app.d.ts

@@ -0,0 +1,3 @@
+import { InitAppProps } from './types';
+export declare function initApp(props: InitAppProps): Promise<void>;
+//# sourceMappingURL=init-app.d.ts.map

package/dist/commands/init-app.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init-app.d.ts","sourceRoot":"","sources":["../../src/commands/init-app.ts"],"names":[],"mappings":"AAuBA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAavC,wBAAsB,OAAO,CAAC,KAAK,EAAE,YAAY,iBA4JhD"}

package/dist/commands/init-app.js

@@ -0,0 +1,150 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initApp = initApp;
+const tslib_1 = require("tslib");
+const fs = tslib_1.__importStar(require("node:fs"));
+const path = tslib_1.__importStar(require("node:path"));
+const client_iam_1 = require("@aws-sdk/client-iam");
+const client_sts_1 = require("@aws-sdk/client-sts");
+const get_infra_js_1 = require("./assets/get-infra.js");
+const get_yaml_file_1 = require("./assets/get-yaml-file");
+const iamClient = new client_iam_1.IAMClient();
+async function attachManagedPolicies(roleName, attachedPolices) {
+    for (const policy of attachedPolices ?? []) {
+        await iamClient.send(new client_iam_1.AttachRolePolicyCommand({
+            PolicyArn: policy.PolicyArn,
+            RoleName: roleName
+        }));
+    }
+}
+async function initApp(props) {
+    const stsClient = new client_sts_1.STSClient();
+    const user = await stsClient.send(new client_sts_1.GetCallerIdentityCommand());
+    const username = user.Arn?.split("/").pop();
+    if (!username)
+        throw new Error("username not found");
+    const isRoot = username.endsWith(":root");
+    const workingDir = process.cwd();
+    if (props.githubRepo) {
+        const githubFolderPath = path.join(workingDir, '.github/workflows/');
+        if (!fs.existsSync(githubFolderPath))
+            fs.mkdirSync(githubFolderPath, { recursive: true });
+        const deployYamlPath = path.join(githubFolderPath, "fy-stack.deploy.yml");
+        if (fs.existsSync(deployYamlPath))
+            throw new Error("fy-stack.deploy.yml already exists");
+        const existingRes = await iamClient.send(new client_iam_1.ListOpenIDConnectProvidersCommand());
+        let idProviderArn;
+        const providerUrl = 'token.actions.githubusercontent.com';
+        for (const i in existingRes.OpenIDConnectProviderList ?? []) {
+            const provider = await iamClient.send(new client_iam_1.GetOpenIDConnectProviderCommand({
+                OpenIDConnectProviderArn: existingRes.OpenIDConnectProviderList?.[i].Arn
+            }));
+            if (provider.Url === providerUrl) {
+                idProviderArn = existingRes.OpenIDConnectProviderList?.[i].Arn;
+                break;
+            }
+        }
+        if (!idProviderArn) {
+            const idProviderRes = await iamClient.send(new client_iam_1.CreateOpenIDConnectProviderCommand({
+                Url: providerUrl,
+                ClientIDList: ['sts.amazonaws.com']
+            }));
+            if (!idProviderRes.OpenIDConnectProviderArn)
+                throw new Error('unable to Github open id provider');
+            idProviderArn = idProviderRes.OpenIDConnectProviderArn;
+        }
+        const roleRes = await iamClient.send(new client_iam_1.CreateRoleCommand({
+            RoleName: `${props.app}GithubRole`,
+            AssumeRolePolicyDocument: JSON.stringify({
+                Version: "2012-10-17",
+                Statement: [{
+                        Effect: "Allow",
+                        Principal: { Federated: idProviderArn },
+                        Action: "sts:AssumeRoleWithWebIdentity",
+                        Condition: {
+                            StringEquals: { "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" },
+                            StringLike: { "token.actions.githubusercontent.com:sub": `repo:${props.githubRepo}:*` }
+                        }
+                    }]
+            }),
+        }));
+        if (!roleRes.Role?.Arn || !roleRes.Role.RoleName)
+            throw new Error('unable to Github role');
+        const roleName = roleRes.Role.RoleName;
+        if (isRoot) {
+            await iamClient.send(new client_iam_1.AttachRolePolicyCommand({
+                PolicyArn: 'arn:aws:iam::aws:policy/AdministratorAccess',
+                RoleName: roleRes.Role.RoleName
+            }));
+        }
+        else {
+            // attach managed polices
+            const attachedPolices = await iamClient.send(new client_iam_1.ListAttachedUserPoliciesCommand({
+                UserName: username
+            }));
+            await attachManagedPolicies(roleName, attachedPolices.AttachedPolicies);
+            // attach inline polices
+            const inlinePolices = await iamClient.send(new client_iam_1.ListUserPoliciesCommand({
+                UserName: username
+            }));
+            for (const policyName of inlinePolices.PolicyNames ?? []) {
+                const policyDocument = await iamClient.send(new client_iam_1.GetUserPolicyCommand({ UserName: username, PolicyName: policyName }));
+                await iamClient.send(new client_iam_1.PutRolePolicyCommand({
+                    PolicyName: policyName,
+                    PolicyDocument: policyDocument.PolicyDocument,
+                    RoleName: roleRes.Role.RoleName
+                }));
+            }
+            const groups = await iamClient.send(new client_iam_1.ListGroupsForUserCommand({
+                UserName: username
+            }));
+            for (const group of groups.Groups ?? []) {
+                // attach managed polices
+                const attachedPolices = await iamClient.send(new client_iam_1.ListAttachedGroupPoliciesCommand({
+                    GroupName: group.GroupName
+                }));
+                await attachManagedPolicies(roleName, attachedPolices.AttachedPolicies);
+                // attach inline polices
+                const inlinePolices = await iamClient.send(new client_iam_1.ListGroupPoliciesCommand({
+                    GroupName: group.GroupName
+                }));
+                for (const policyName of inlinePolices.PolicyNames ?? []) {
+                    const policyDocument = await iamClient.send(new client_iam_1.GetUserPolicyCommand({ UserName: username, PolicyName: policyName }));
+                    await iamClient.send(new client_iam_1.PutRolePolicyCommand({
+                        PolicyName: policyName,
+                        PolicyDocument: policyDocument.PolicyDocument,
+                        RoleName: roleRes.Role.RoleName
+                    }));
+                }
+            }
+        }
+        const yamlFile = (0, get_yaml_file_1.getYAMLFile)({ ...props, roleArn: roleRes.Role.Arn, region: await stsClient.config.region() });
+        fs.writeFileSync(deployYamlPath, yamlFile);
+    }
+    const { infraFile, cdkJsonFile } = (0, get_infra_js_1.getInfra)({
+        app: props.app,
+        domain: props.domainName
+            ? `process.env.ENVIRONMENT === "production" ? "${props.domainName}" : \`\${process.env.ENVIRONMENT}.${props.domainName}\``
+            : undefined
+    });
+    const packageJsonPath = path.join(workingDir, 'package.json');
+    const infraPath = path.join(workingDir, 'infra.js');
+    const cdkPath = path.join(workingDir, 'cdk.json');
+    if (!fs.existsSync(packageJsonPath))
+        throw new Error('unable to find package.json file');
+    if (fs.existsSync(infraPath))
+        throw new Error('infra.js file already exists');
+    const packageJsonFile = JSON.parse(fs.readFileSync(path.join(workingDir, 'package.json'), "utf8"));
+    packageJsonFile["devDependencies"] = {
+        ...packageJsonFile["devDependencies"],
+        "aws-cdk": "^2.174.1",
+        "aws-cdk-lib": "^2.174.1",
+        "constructs": "^10.4.2",
+        "@fy-stack/fullstack-construct": "^0.0.131"
+    };
+    if (!fs.existsSync(cdkPath))
+        fs.writeFileSync(cdkPath, cdkJsonFile);
+    fs.writeFileSync(packageJsonPath, JSON.stringify(packageJsonFile, null, 2));
+    fs.writeFileSync(infraPath, infraFile);
+    console.log("App initialized, run npm install to complete");
+}

package/dist/commands/types.d.ts

@@ -0,0 +1,6 @@
+export type InitAppProps = {
+    app: string;
+    githubRepo?: string;
+    domainName?: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/commands/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/commands/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,CAAA;IACX,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB,CAAA"}

package/dist/commands/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,31 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const prompts_1 = require("@inquirer/prompts");
+const commander_1 = require("commander");
+const init_app_1 = require("./commands/init-app");
+commander_1.program
+    .name('fy-stack') // The command users will type
+    .version('1.0.0')
+    .description('My awesome CLI app')
+    .action(() => {
+    console.log('Hello from my CLI app!');
+});
+commander_1.program
+    .command("init")
+    .description("Initialize application infrastructure")
+    .requiredOption("-a --app <string>", "Application name")
+    .action(async (params) => {
+    let githubRepo;
+    const setupGitHub = await (0, prompts_1.confirm)({ message: "Setup github deployment", default: true });
+    if (setupGitHub) {
+        githubRepo = await (0, prompts_1.input)({
+            message: "Enter repository full name (e.g. Org/repository)",
+            required: true,
+            validate: (v) => v.length > 0,
+        });
+    }
+    const domainName = await (0, prompts_1.input)({ message: "Enter domain name (leave blank if none)", required: false });
+    return (0, init_app_1.initApp)({ ...params, githubRepo, domainName });
+});
+commander_1.program.parse();

package/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "@fy-stack/cli",
+  "version": "0.0.131",
+  "dependencies": {
+    "@aws-sdk/client-iam": "^3.731.1",
+    "@aws-sdk/client-sts": "^3.731.1",
+    "@inquirer/prompts": "^7.2.3",
+    "commander": "^13.0.0",
+    "tslib": "^2.3.0"
+  },
+  "type": "commonjs",
+  "main": "./dist/index.js",
+  "typings": "./dist/index.d.ts",
+  "files": [
+    "dist",
+    "!**/*.tsbuildinfo"
+  ],
+  "nx": {
+    "name": "cli"
+  },
+  "bin": {
+    "fy-stack": "./dist/index.js"
+  }
+}