@gradientedge/cdk-utils-aws 1.0.0

package/dist/src/services/virtual-private-cloud/ipv6.js

@@ -0,0 +1,38 @@
+import { Fn } from 'aws-cdk-lib';
+import { CfnEgressOnlyInternetGateway, CfnVPCCidrBlock, RouterType, Vpc, } from 'aws-cdk-lib/aws-ec2';
+import _ from 'lodash';
+export class Ipv6Vpc extends Vpc {
+    egressOnlyInternetGatewayId;
+    constructor(scope, id, props) {
+        super(scope, id, props);
+        const cfnVpcCidrBlock = new CfnVPCCidrBlock(this, `${id}-ipv6-cidr`, {
+            amazonProvidedIpv6CidrBlock: true,
+            vpcId: this.vpcId,
+        });
+        const subnetIpv6CidrBlocks = Fn.cidr(Fn.select(0, this.vpcIpv6CidrBlocks), 256, '64');
+        _.forEach([...this.publicSubnets, ...this.privateSubnets, ...this.isolatedSubnets], (subnet, index) => {
+            subnet.node.addDependency(cfnVpcCidrBlock);
+            const cfnSubnet = subnet.node.defaultChild;
+            cfnSubnet.cidrBlock = undefined;
+            cfnSubnet.mapPublicIpOnLaunch = false;
+            cfnSubnet.ipv6CidrBlock = Fn.select(index, subnetIpv6CidrBlocks);
+            cfnSubnet.assignIpv6AddressOnCreation = true;
+            cfnSubnet.ipv6Native = true;
+        });
+        const addDefaultIpv6Routes = (subnets, gatewayId, routerType) => subnets.forEach(subnet => subnet.addRoute(`${id}-default-route`, {
+            destinationIpv6CidrBlock: '::/0',
+            enablesInternetConnectivity: true,
+            routerId: gatewayId,
+            routerType: routerType,
+        }));
+        if (this.internetGatewayId) {
+            addDefaultIpv6Routes(this.publicSubnets, this.internetGatewayId, RouterType.GATEWAY);
+        }
+        if (_.isEmpty(this.privateSubnets)) {
+            return;
+        }
+        const egressIgw = new CfnEgressOnlyInternetGateway(this, `${id}-eigw`, { vpcId: this.vpcId });
+        this.egressOnlyInternetGatewayId = egressIgw.ref;
+        addDefaultIpv6Routes(this.privateSubnets, egressIgw.ref, RouterType.EGRESS_ONLY_INTERNET_GATEWAY);
+    }
+}

package/dist/src/services/virtual-private-cloud/main.d.ts

@@ -0,0 +1,43 @@
+import { Vpc } from 'aws-cdk-lib/aws-ec2';
+import { CommonConstruct } from '../../common/index.js';
+import { VpcProps } from './types.js';
+/**
+ * @classdesc Provides operations on AWS VPC.
+ * - A new instance of this class is injected into {@link CommonConstruct} constructor.
+ * - If a custom construct extends {@link CommonConstruct}, an instance is available within the context.
+ * @example
+ * import { CommonConstruct } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends CommonConstruct {
+ *   constructor(parent: cdk.Construct, id: string, props: common.CommonStackProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.vpcManager.createVpc('MyVPC', this)
+ *   }
+ * }
+ * @see [CDK VPC Module]{@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.@aws-cdk_aws-Vpc.html}
+ */
+export declare class VpcManager {
+    /**
+     * @summary Method to create a new vpc
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props
+     */
+    createVpc(id: string, scope: CommonConstruct, props: VpcProps): Vpc;
+    /**
+     * @summary Method to create a common vpc
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props
+     * @param vpcIdentifier optional identifier for VPC
+     */
+    createCommonVpc(id: string, scope: CommonConstruct, props: VpcProps, vpcIdentifier?: string): Vpc;
+    /**
+     * @summary Method to retrieve a common vpc
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param vpcIdentifier optional identifier for VPC
+     */
+    retrieveCommonVpc(id: string, scope: CommonConstruct, vpcIdentifier?: string): import("aws-cdk-lib/aws-ec2").IVpc;
+}

package/dist/src/services/virtual-private-cloud/main.js

@@ -0,0 +1,87 @@
+import { Tags } from 'aws-cdk-lib';
+import { SubnetType, Vpc } from 'aws-cdk-lib/aws-ec2';
+import _ from 'lodash';
+import { createCfnOutput } from '../../utils/index.js';
+import { Ipv6Vpc } from './ipv6.js';
+/**
+ */
+const CommonVpcIdentifier = 'CommonVpc';
+/**
+ * @classdesc Provides operations on AWS VPC.
+ * - A new instance of this class is injected into {@link CommonConstruct} constructor.
+ * - If a custom construct extends {@link CommonConstruct}, an instance is available within the context.
+ * @example
+ * import { CommonConstruct } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends CommonConstruct {
+ *   constructor(parent: cdk.Construct, id: string, props: common.CommonStackProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.vpcManager.createVpc('MyVPC', this)
+ *   }
+ * }
+ * @see [CDK VPC Module]{@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.@aws-cdk_aws-Vpc.html}
+ */
+export class VpcManager {
+    /**
+     * @summary Method to create a new vpc
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props
+     */
+    createVpc(id, scope, props) {
+        if (!props)
+            throw `Vpc props undefined for ${id}`;
+        if (!props.vpcName)
+            throw `Vpc vpcName undefined for ${id}`;
+        const vpcName = scope.resourceNameFormatter.format(props.vpcName, scope.props.resourceNameOptions?.vpc);
+        let vpc;
+        if (props.isIPV6) {
+            vpc = new Ipv6Vpc(scope, `${id}`, {
+                ...props,
+                subnetConfiguration: [
+                    { name: `${vpcName}-public`, subnetType: SubnetType.PUBLIC },
+                    { name: `${vpcName}-private`, subnetType: SubnetType.PRIVATE_WITH_EGRESS },
+                ],
+                vpcName,
+            });
+        }
+        else {
+            vpc = new Vpc(scope, `${id}`, {
+                ...props,
+                vpcName,
+            });
+        }
+        createCfnOutput(`${id}Id`, scope, vpc.vpcId);
+        createCfnOutput(`${id}PublicSubnetIds`, scope, _.map(vpc.publicSubnets, subnet => subnet.subnetId).toString());
+        createCfnOutput(`${id}PrivateSubnetIds`, scope, _.map(vpc.privateSubnets, subnet => subnet.subnetId).toString());
+        createCfnOutput(`${id}PublicSubnetRouteTableIds`, scope, _.map(vpc.publicSubnets, subnet => subnet.routeTable.routeTableId).toString());
+        createCfnOutput(`${id}PrivateSubnetRouteTableIds`, scope, _.map(vpc.privateSubnets, subnet => subnet.routeTable.routeTableId).toString());
+        createCfnOutput(`${id}AvailabilityZones`, scope, vpc.availabilityZones.toString());
+        createCfnOutput(`${id}DefaultSecurityGroup`, scope, vpc.vpcDefaultSecurityGroup.toString());
+        return vpc;
+    }
+    /**
+     * @summary Method to create a common vpc
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props
+     * @param vpcIdentifier optional identifier for VPC
+     */
+    createCommonVpc(id, scope, props, vpcIdentifier) {
+        const vpc = this.createVpc(id, scope, props);
+        Tags.of(vpc).add('Name', scope.resourceNameFormatter.format(vpcIdentifier ?? CommonVpcIdentifier, scope.props.resourceNameOptions?.vpc));
+        return vpc;
+    }
+    /**
+     * @summary Method to retrieve a common vpc
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param vpcIdentifier optional identifier for VPC
+     */
+    retrieveCommonVpc(id, scope, vpcIdentifier) {
+        return Vpc.fromLookup(scope, `${id}`, {
+            vpcName: scope.resourceNameFormatter.format(vpcIdentifier ?? CommonVpcIdentifier, scope.props.resourceNameOptions?.vpc),
+        });
+    }
+}

package/dist/src/services/virtual-private-cloud/types.d.ts

@@ -0,0 +1,4 @@
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+export interface VpcProps extends ec2.VpcProps {
+    isIPV6?: boolean;
+}

package/dist/src/services/virtual-private-cloud/types.js

@@ -0,0 +1 @@
+export {};

package/dist/src/services/web-application-firewall/index.d.ts

@@ -0,0 +1,2 @@
+export * from './main.js';
+export * from './types.js';

package/dist/src/services/web-application-firewall/index.js

@@ -0,0 +1,2 @@
+export * from './main.js';
+export * from './types.js';

package/dist/src/services/web-application-firewall/main.d.ts

@@ -0,0 +1,35 @@
+import { CfnIPSet, CfnWebACL } from 'aws-cdk-lib/aws-wafv2';
+import { CommonConstruct } from '../../common/index.js';
+import { WafIPSetProps, WafWebACLProps } from './types.js';
+/**
+ * @classdesc Provides operations on AWS WAF.
+ * - A new instance of this class is injected into {@link CommonConstruct} constructor.
+ * - If a custom construct extends {@link CommonConstruct}, an instance is available within the context.
+ * @example
+ * import { CommonConstruct } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends CommonConstruct {
+ *   constructor(parent: cdk.Construct, id: string, props: common.CommonStackProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.wafManager.createWebAcl('MyWebAcl', this)
+ *   }
+ * }
+ * @see [CDK WAF Module]{@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf-readme.html}
+ */
+export declare class WafManager {
+    /**
+     * @summary Method to create an ip set
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props
+     */
+    createIpSet(id: string, scope: CommonConstruct, props: WafIPSetProps): CfnIPSet;
+    /**
+     * @summary Method to create a web acl
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props
+     */
+    createWebAcl(id: string, scope: CommonConstruct, props: WafWebACLProps): CfnWebACL;
+}

package/dist/src/services/web-application-firewall/main.js

@@ -0,0 +1,61 @@
+import { CfnIPSet, CfnWebACL } from 'aws-cdk-lib/aws-wafv2';
+import { createCfnOutput } from '../../utils/index.js';
+/**
+ * @classdesc Provides operations on AWS WAF.
+ * - A new instance of this class is injected into {@link CommonConstruct} constructor.
+ * - If a custom construct extends {@link CommonConstruct}, an instance is available within the context.
+ * @example
+ * import { CommonConstruct } from '@gradientedge/cdk-utils'
+ *
+ * class CustomConstruct extends CommonConstruct {
+ *   constructor(parent: cdk.Construct, id: string, props: common.CommonStackProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.wafManager.createWebAcl('MyWebAcl', this)
+ *   }
+ * }
+ * @see [CDK WAF Module]{@link https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf-readme.html}
+ */
+export class WafManager {
+    /**
+     * @summary Method to create an ip set
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props
+     */
+    createIpSet(id, scope, props) {
+        if (!props)
+            throw `WAF Ip Set props undefined for ${id}`;
+        if (!props.name)
+            throw `WAF Ip Set name undefined for ${id}`;
+        const ipSet = new CfnIPSet(scope, `${id}`, {
+            ...props,
+            description: `IP Set for ${id} - ${scope.props.stage} stage`,
+            name: scope.resourceNameFormatter.format(props.name, scope.props.resourceNameOptions?.waf),
+        });
+        createCfnOutput(`${id}-ipSetId`, scope, ipSet.attrId);
+        createCfnOutput(`${id}-ipSetArn`, scope, ipSet.attrArn);
+        return ipSet;
+    }
+    /**
+     * @summary Method to create a web acl
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param props
+     */
+    createWebAcl(id, scope, props) {
+        if (!props)
+            throw `WAF WebACL props undefined for ${id}`;
+        if (!props.name)
+            throw `WAF WebACL name undefined for ${id}`;
+        const webAcl = new CfnWebACL(scope, `${id}`, {
+            ...props,
+            description: `Web Acl for ${id} - ${scope.props.stage} stage`,
+            name: scope.resourceNameFormatter.format(props.name, scope.props.resourceNameOptions?.waf),
+            tags: [{ key: 'service', value: scope.props.name }],
+        });
+        createCfnOutput(`${id}-webAclId`, scope, webAcl.attrId);
+        createCfnOutput(`${id}-webAclArn`, scope, webAcl.attrArn);
+        return webAcl;
+    }
+}

package/dist/src/services/web-application-firewall/types.d.ts

@@ -0,0 +1,9 @@
+import { CfnIPSetProps, CfnWebACLProps } from 'aws-cdk-lib/aws-wafv2';
+/**
+ */
+export interface WafIPSetProps extends CfnIPSetProps {
+}
+/**
+ */
+export interface WafWebACLProps extends CfnWebACLProps {
+}

package/dist/src/services/web-application-firewall/types.js

@@ -0,0 +1 @@
+export {};

package/dist/src/types/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ */
+export interface TagProps {
+    key: string;
+    value: string;
+}

package/dist/src/types/index.js

@@ -0,0 +1 @@
+export {};

package/dist/src/utils/index.d.ts

@@ -0,0 +1,45 @@
+import { AwsCredentialIdentityProvider } from '@aws-sdk/types';
+import { CfnOutput } from 'aws-cdk-lib';
+import { CommonConstruct } from '../common/index.js';
+/**
+ * @summary Helper method to add CloudFormation outputs from the construct
+ * @param id scoped id of the resource
+ * @param scope scope in which this resource is defined
+ * @param value the value of the exported output
+ * @param description optional description for the output
+ * @param overrideId Flag which indicates whether to override the default logical id of the output
+ * @returns The CloudFormation output
+ */
+export declare function createCfnOutput(id: string, scope: CommonConstruct, value?: string, description?: string, overrideId?: boolean): CfnOutput;
+/**
+ *
+ */
+export declare function determineCredentials(): AwsCredentialIdentityProvider;
+/**
+ * @param error
+ */
+export declare function redirectError(error: any): {
+    body: string;
+    headers: {
+        'Access-Control-Allow-Origin': string;
+    };
+    isBase64Encoded: boolean;
+    statusCode: number;
+} & {
+    body: string;
+    statusCode: number;
+};
+/**
+ * @param message
+ */
+export declare function redirectSuccess(message: any): {
+    body: string;
+    headers: {
+        'Access-Control-Allow-Origin': string;
+    };
+    isBase64Encoded: boolean;
+    statusCode: number;
+} & {
+    body: string;
+    statusCode: number;
+};

package/dist/src/utils/index.js

@@ -0,0 +1,61 @@
+import { fromEnv, fromIni } from '@aws-sdk/credential-providers';
+import { CfnOutput } from 'aws-cdk-lib';
+import _ from 'lodash';
+/**
+ * @summary Helper method to add CloudFormation outputs from the construct
+ * @param id scoped id of the resource
+ * @param scope scope in which this resource is defined
+ * @param value the value of the exported output
+ * @param description optional description for the output
+ * @param overrideId Flag which indicates whether to override the default logical id of the output
+ * @returns The CloudFormation output
+ */
+export function createCfnOutput(id, scope, value, description, overrideId = true) {
+    const camelName = _.camelCase(id);
+    const output = new CfnOutput(scope, id, {
+        description,
+        exportName: `${scope.props.stackName}-${camelName}`,
+        value: value ?? '',
+    });
+    if (overrideId) {
+        output.overrideLogicalId(camelName);
+    }
+    return output;
+}
+/**
+ *
+ */
+export function determineCredentials() {
+    if (process.env.AWS_PROFILE)
+        return fromIni();
+    return fromEnv();
+}
+/**
+ */
+const defaultResponseObject = {
+    body: '',
+    headers: {
+        'Access-Control-Allow-Origin': '*',
+    },
+    isBase64Encoded: false,
+    statusCode: 200,
+};
+/**
+ * @param error
+ */
+export function redirectError(error) {
+    console.error(error, error.message, error.stack);
+    return Object.assign({}, defaultResponseObject, {
+        body: JSON.stringify(Object.assign({}, { error: error.message, success: false })),
+        statusCode: 500,
+    });
+}
+/**
+ * @param message
+ */
+export function redirectSuccess(message) {
+    return Object.assign({}, defaultResponseObject, {
+        body: JSON.stringify(Object.assign({}, { error: message, success: true })),
+        statusCode: 200,
+    });
+}

package/package.json

@@ -0,0 +1,44 @@
+{
+  "name": "@gradientedge/cdk-utils-aws",
+  "version": "1.0.0",
+  "description": "AWS CDK utilities for @gradientedge/cdk-utils",
+  "type": "module",
+  "main": "dist/src/index.js",
+  "exports": {
+    ".": {
+      "import": "./dist/src/index.js",
+      "types": "./dist/src/index.d.ts"
+    }
+  },
+  "files": [
+    "dist/src/"
+  ],
+  "dependencies": {
+    "@aws-sdk/client-secrets-manager": "^3.1021.0",
+    "@aws-sdk/credential-providers": "^3.1021.0",
+    "@aws-sdk/types": "^3.973.6",
+    "@types/lodash": "^4.17.24",
+    "app-root-path": "^3.1.0",
+    "aws-cdk-lib": "^2.246.0",
+    "lodash": "^4.17.23",
+    "constructs": "^10.6.0",
+    "moment": "^2.30.1",
+    "uuid": "^13.0.0",
+    "@gradientedge/cdk-utils-common": "1.0.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/gradientedge/cdk-utils.git",
+    "directory": "packages/aws"
+  },
+  "scripts": {
+    "build": "tsc",
+    "build:production": "tsc -p tsconfig.prd.json",
+    "test": "vitest run --coverage",
+    "lint": "eslint src/**/*.ts --cache --max-warnings=0 --no-warn-ignored"
+  }
+}