@gradientedge/cdk-utils 10.6.0 → 10.8.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gradientedge/cdk-utils",
-  "version": "10.6.0",
+  "version": "10.8.0",
   "description": "Utilities for AWS CDK provisioning",
   "type": "module",
   "main": "dist/index.js",
@@ -14,7 +14,7 @@
     "node": ">=22 <=24",
     "pnpm": "=10"
   },
-  "packageManager": "pnpm@10.32.1",
+  "packageManager": "pnpm@10.33.0",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/gradientedge/cdk-utils.git"
@@ -55,20 +55,22 @@
     "prepare": "husky"
   },
   "dependencies": {
-    "@aws-sdk/client-secrets-manager": "^3.1010.0",
-    "@aws-sdk/credential-providers": "^3.1010.0",
+    "@aws-sdk/client-secrets-manager": "^3.1021.0",
+    "@aws-sdk/credential-providers": "^3.1021.0",
     "@aws-sdk/types": "^3.973.6",
-    "@pulumi/aws": "^7.23.0",
-    "@pulumi/azure-native": "^3.15.0",
-    "@pulumi/cloudflare": "^6.13.0",
+    "@pulumi/archive": "^0.3.7",
+    "@pulumi/aws": "^7.24.0",
+    "@pulumi/azure-native": "^3.16.0",
+    "@pulumi/cloudflare": "^6.13.1",
     "@pulumi/command": "^1.2.1",
-    "@pulumi/pulumi": "^3.226.0",
+    "@pulumi/pulumi": "^3.228.0",
     "@pulumi/std": "^2.3.2",
     "@types/lodash": "^4.17.24",
     "@types/node": "^25.5.0",
     "app-root-path": "^3.1.0",
-    "aws-cdk-lib": "^2.243.0",
-    "constructs": "^10.5.1",
+    "aws-cdk-lib": "^2.246.0",
+    "constructs": "^10.6.0",
+    "json5": "^2.2.3",
     "lodash": "^4.17.23",
     "moment": "^2.30.1",
     "nconf": "^0.13.0",
@@ -81,20 +83,23 @@
     "@babel/eslint-parser": "^7.28.6",
     "@eslint/config-array": "^0.23.3",
     "@eslint/object-schema": "^3.0.3",
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/github": "^12.0.6",
+    "@semantic-release/npm": "^13.1.5",
     "@types/node": "^25.5.0",
-    "@typescript-eslint/eslint-plugin": "^8.57.1",
-    "@typescript-eslint/parser": "^8.57.1",
-    "@vitest/coverage-v8": "^4.1.0",
-    "aws-cdk": "^2.1111.0",
+    "@typescript-eslint/eslint-plugin": "^8.58.0",
+    "@typescript-eslint/parser": "^8.58.0",
+    "@vitest/coverage-v8": "^4.1.2",
+    "aws-cdk": "^2.1115.1",
     "better-docs": "^2.7.3",
     "commitizen": "^4.3.1",
     "docdash": "^2.0.2",
     "dotenv": "^17.3.1",
     "esbuild": "^0.27.4",
-    "eslint": "^10.0.3",
+    "eslint": "^10.1.0",
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-jsdoc": "^62.8.0",
+    "eslint-plugin-jsdoc": "^62.8.1",
     "husky": "^9.1.7",
     "jsdoc": "^4.0.5",
     "jsdoc-babel": "^0.5.0",
@@ -104,16 +109,14 @@
     "prettier": "^3.8.1",
     "prettier-plugin-organize-imports": "^4.3.0",
     "rimraf": "^6.1.3",
-    "rollup": "^4.59.0",
+    "rollup": "^4.60.1",
     "semantic-release": "^25.0.3",
-    "@semantic-release/changelog": "^6.0.3",
-    "@semantic-release/github": "^12.0.6",
-    "@semantic-release/npm": "^13.1.5",
     "taffydb": "^2.7.3",
+    "ts-md5": "^2.0.1",
     "ts-node": "^10.9.2",
-    "typescript": "5.9.3",
-    "vitest": "^4.1.0",
-    "yaml": "^2.8.2"
+    "typescript": "6.0.2",
+    "vitest": "^4.1.2",
+    "yaml": "^2.8.3"
   },
   "optionalDependencies": {
     "prop-types": "^15.8.1",

package/src/lib/azure/common/constants.ts

@@ -8,3 +8,86 @@ export enum AzureRemoteBackend {
  * List of Azure resources that excludes tags
  */
 export const RESOURCES_TO_EXCLUDE_TAGS = new Set(['ApiManagementNamedValue', 'Application', 'ServicePrincipal'])
+
+/**
+ * @see https://learn.microsoft.com/en-us/azure/reliability/regions-list?tabs=all
+ */
+export const AzureLocation = {
+  // Americas
+  BrazilSouth: 'brazilsouth',
+  BrazilSoutheast: 'brazilsoutheast',
+  CanadaCentral: 'canadacentral',
+  CanadaEast: 'canadaeast',
+  CentralUS: 'centralus',
+  EastUS: 'eastus',
+  EastUS2: 'eastus2',
+  MexicoCentral: 'mexicocentral',
+  NorthCentralUS: 'northcentralus',
+  SouthCentralUS: 'southcentralus',
+  USGovArizona: 'usgovarizona',
+  USGovTexas: 'usgovtexas',
+  USGovVirginia: 'usgovvirginia',
+  WestCentralUS: 'westcentralus',
+  WestUS: 'westus',
+  WestUS2: 'westus2',
+  WestUS3: 'westus3',
+
+  // Europe
+  AustriaCentral: 'austriacentral',
+  BelgiumCentral: 'belgiumcentral',
+  DenmarkEast: 'denmarkeast',
+  FinlandCentral: 'finlandcentral',
+  FranceCentral: 'francecentral',
+  FranceSouth: 'francesouth',
+  GermanyNorth: 'germanynorth',
+  GermanyWestCentral: 'germanywestcentral',
+  GreeceHydra: 'greecehydra',
+  ItalyNorth: 'italynorth',
+  NorthEurope: 'northeurope',
+  NorwayEast: 'norwayeast',
+  NorwayWest: 'norwaywest',
+  PolandCentral: 'polandcentral',
+  SpainCentral: 'spaincentral',
+  SwedenCentral: 'swedencentral',
+  SwedenSouth: 'swedensouth',
+  SwitzerlandNorth: 'switzerlandnorth',
+  SwitzerlandWest: 'switzerlandwest',
+  UKSouth: 'uksouth',
+  UKWest: 'ukwest',
+  WestEurope: 'westeurope',
+
+  // Middle East & Africa
+  IsraelCentral: 'israelcentral',
+  QatarCentral: 'qatarcentral',
+  SouthAfricaNorth: 'southafricanorth',
+  SouthAfricaWest: 'southafricawest',
+  UAECentral: 'uaecentral',
+  UAENorth: 'uaenorth',
+
+  // Asia Pacific
+  AustraliaCentral: 'australiacentral',
+  AustraliaCentral2: 'australiacentral2',
+  AustraliaEast: 'australiaeast',
+  AustraliaSoutheast: 'australiasoutheast',
+  CentralIndia: 'centralindia',
+  ChinaEast: 'chinaeast',
+  ChinaEast2: 'chinaeast2',
+  ChinaNorth: 'chinanorth',
+  ChinaNorth2: 'chinanorth2',
+  ChinaNorth3: 'chinanorth3',
+  EastAsia: 'eastasia',
+  JapanEast: 'japaneast',
+  JapanWest: 'japanwest',
+  KoreaCentral: 'koreacentral',
+  KoreaSouth: 'koreasouth',
+  MalaysiaSouth: 'malaysiasouth',
+  MalaysiaWest: 'malaysiawest',
+  NewZealandNorth: 'newzealandnorth',
+  SoutheastAsia: 'southeastasia',
+  SouthIndia: 'southindia',
+  TaiwanNorth: 'taiwannorth',
+  TaiwanNorthwest: 'taiwannorthwest',
+  WestIndia: 'westindia',
+} as const
+
+export type AzureLocation = (typeof AzureLocation)[keyof typeof AzureLocation]

package/src/lib/azure/common/construct.ts

@@ -1,20 +1,26 @@
-import { ComponentResource, ComponentResourceOptions } from '@pulumi/pulumi'
+import { getWorkspaceOutput, GetWorkspaceResult, Workspace } from '@pulumi/azure-native/operationalinsights/index.js'
+import { ResourceGroup } from '@pulumi/azure-native/resources/index.js'
+import * as pulumi from '@pulumi/pulumi'
+import { ComponentResource, ComponentResourceOptions, Output } from '@pulumi/pulumi'
 import { isDevStage, isPrdStage, isTestStage, isUatStage } from '../../common/index.js'
+import { AzureAuthorisationManager } from '../services/authorisation/main.js'
 import {
   AzureApiManagementManager,
   AzureAppConfigurationManager,
-  AzureAppServiceManager,
   AzureApplicationInsightsManager,
+  AzureAppServiceManager,
   AzureCosmosDbManager,
   AzureDnsManager,
   AzureEventgridManager,
   AzureFunctionManager,
   AzureKeyVaultManager,
-  AzureOperationalInsightsManager,
   AzureMonitorManager,
+  AzureOperationalInsightsManager,
+  AzurePortalManager,
   AzureRedisManager,
   AzureResourceGroupManager,
-  AzureServicebusManager,
+  AzureSecurityCentermanager,
+  AzureServiceBusManager,
   AzureStorageManager,
 } from '../services/index.js'
 import { AzureResourceNameFormatter } from './resource-name-formatter.js'
@@ -41,7 +47,9 @@ export class CommonAzureConstruct extends ComponentResource {
   declare props: CommonAzureStackProps
   declare options?: ComponentResourceOptions
   id: string
+  resourceGroup: ResourceGroup
   fullyQualifiedDomainName: string
+  authorisationManager: AzureAuthorisationManager
   apiManagementManager: AzureApiManagementManager
   appConfigurationManager: AzureAppConfigurationManager
   appServiceManager: AzureAppServiceManager
@@ -52,19 +60,23 @@ export class CommonAzureConstruct extends ComponentResource {
   functionManager: AzureFunctionManager
   keyVaultManager: AzureKeyVaultManager
   operationalInsightsManager: AzureOperationalInsightsManager
+  portalManager: AzurePortalManager
   monitorManager: AzureMonitorManager
   redisManager: AzureRedisManager
   resourceGroupManager: AzureResourceGroupManager
   resourceNameFormatter: AzureResourceNameFormatter
-  servicebusManager: AzureServicebusManager
+  securityCentermanager: AzureSecurityCentermanager
+  serviceBusManager: AzureServiceBusManager
   storageManager: AzureStorageManager
+  commonLogAnalyticsWorkspace: Workspace | Output<GetWorkspaceResult>
 
   constructor(name: string, props: CommonAzureStackProps, options?: ComponentResourceOptions) {
-    super(`custom:azure:Construct:${name}`, name, props, options)
+    super(`azure:${name}`, name, props, options)
     this.props = props
     this.options = options
     this.id = name
 
+    this.authorisationManager = new AzureAuthorisationManager()
     this.apiManagementManager = new AzureApiManagementManager()
     this.appConfigurationManager = new AzureAppConfigurationManager()
     this.appServiceManager = new AzureAppServiceManager()
@@ -75,16 +87,47 @@ export class CommonAzureConstruct extends ComponentResource {
     this.functionManager = new AzureFunctionManager()
     this.keyVaultManager = new AzureKeyVaultManager()
     this.operationalInsightsManager = new AzureOperationalInsightsManager()
+    this.portalManager = new AzurePortalManager()
     this.monitorManager = new AzureMonitorManager()
     this.redisManager = new AzureRedisManager()
     this.resourceGroupManager = new AzureResourceGroupManager()
     this.resourceNameFormatter = new AzureResourceNameFormatter(props)
-    this.servicebusManager = new AzureServicebusManager()
+    this.securityCentermanager = new AzureSecurityCentermanager()
+    this.serviceBusManager = new AzureServiceBusManager()
     this.storageManager = new AzureStorageManager()
 
     this.determineFullyQualifiedDomain()
   }
 
+  protected resolveStack(stackName: string) {
+    if (!stackName) throw 'Stack name undefined'
+    return new pulumi.StackReference(stackName)
+  }
+
+  protected createResourceGroup() {
+    if (this.resourceGroup) return
+
+    this.resourceGroup = this.resourceGroupManager.createResourceGroup(`${this.id}`, this, {
+      resourceGroupName: this.props.stackName,
+      location: this.props.location,
+    })
+
+    this.registerOutputs({
+      resourceGroupId: this.resourceGroup.id,
+      resourceGroupName: this.resourceGroup.name,
+    })
+  }
+
+  protected resolveCommonLogAnalyticsWorkspace() {
+    if (!this.props.commonLogAnalyticsWorkspace || !this.props.commonLogAnalyticsWorkspace.workspaceName)
+      throw 'Props undefined for commonLogAnalyticsWorkspace'
+
+    this.commonLogAnalyticsWorkspace = getWorkspaceOutput({
+      workspaceName: this.props.commonLogAnalyticsWorkspace.workspaceName,
+      resourceGroupName: this.props.commonLogAnalyticsWorkspace.resourceGroupName,
+    })
+  }
+
   /**
    * @summary Determine the fully qualified domain name based on domainName & subDomain
    */

package/src/lib/azure/common/stack.ts

@@ -23,6 +23,8 @@ import { CommonAzureStackProps } from './types.js'
  * ```
  */
 export class CommonAzureStack extends ComponentResource {
+  public static NODEJS_RUNTIME = '22'
+
   construct: CommonAzureConstruct
   props: CommonAzureStackProps
   config: Config
@@ -46,37 +48,13 @@ export class CommonAzureStack extends ComponentResource {
    * @returns The stack properties
    */
   protected determineConstructProps(props: CommonAzureStackProps) {
-    let projectProps: CommonAzureStackProps = props
-    if (!projectProps) {
-      const projectPropsPath = path.join(appRoot.path, 'pulumi.json')
-      if (!fs.existsSync(projectPropsPath)) throw `Context properties unavailable in path:${projectPropsPath}`
-
-      const projectPropsBuffer = fs.readFileSync(projectPropsPath)
-      projectProps = JSON.parse(projectPropsBuffer.toString('utf-8'))
-    }
-
     return {
-      domainName: projectProps.domainName,
-      extraContexts: projectProps.extraContexts,
-      location: projectProps.location,
-      name: projectProps.resourceGroupName ?? projectProps.name,
-      resourceGroupName: projectProps.resourceGroupName,
-      globalPrefix: projectProps.globalPrefix,
-      globalSuffix: projectProps.globalSuffix,
-      resourceNameOptions: projectProps.resourceNameOptions,
-      resourcePrefix: projectProps.resourcePrefix,
-      resourceSuffix: projectProps.resourceSuffix,
-      skipStageForARecords: projectProps.skipStageForARecords,
-      stage: projectProps.stage,
-      stageContextPath: projectProps.stageContextPath,
-      subDomain: projectProps.subDomain,
-      subscriptionId: projectProps.subscriptionId,
-      tenantId: projectProps.tenantId,
-      clientId: projectProps.clientId,
-      clientSecret: projectProps.clientSecret,
-      defaultTags: projectProps.defaultTags,
-      ...this.determineExtraContexts(props),
-      ...this.determineStageContexts(props),
+      ...props,
+      extraContexts: this.config.getObject('extraContexts'),
+      stage: this.config.require('stage'),
+      stageContextPath: this.config.require('stageContextPath'),
+      ...this.determineExtraContexts(),
+      ...this.determineStageContexts(),
     }
   }
 
@@ -85,14 +63,16 @@ export class CommonAzureStack extends ComponentResource {
    * - Sets the properties from the extra contexts
    * - Primary use is to have layered config in separate files to enable easier maintenance and readability
    */
-  protected determineExtraContexts(props: CommonAzureStackProps) {
-    if (!props.extraContexts) {
-      if (props.debug) console.debug(`No additional contexts provided. Using default context properties`)
+  protected determineExtraContexts() {
+    const extraContexts = this.config.getObject('extraContexts')
+    const debug = this.config.getBoolean('debug')
+    if (!extraContexts) {
+      if (debug) console.debug(`No additional contexts provided. Using default context properties`)
       return {}
     }
 
     let extraContextProps: Record<string, any> = {}
-    _.forEach(props.extraContexts, (context: string) => {
+    _.forEach(extraContexts, (context: string) => {
       const extraContextPath = path.join(appRoot.path, context)
 
       /* scenario where extra context is configured but absent in file system */
@@ -100,7 +80,7 @@ export class CommonAzureStack extends ComponentResource {
 
       /* read the extra properties */
       const extraContextPropsBuffer = fs.readFileSync(extraContextPath)
-      if (props.debug) console.debug(`Adding additional contexts provided in ${extraContextPath}`)
+      if (debug) console.debug(`Adding additional contexts provided in ${extraContextPath}`)
 
       /* parse as JSON properties */
       extraContextProps = {
@@ -116,23 +96,26 @@ export class CommonAzureStack extends ComponentResource {
    * - Sets the properties from the extra stage contexts
    * - Primary use is to have layered config for each environment which is injected into the context
    */
-  protected determineStageContexts(props: CommonAzureStackProps) {
-    const stageContextFilePath = path.join(appRoot.path, props.stageContextPath ?? 'env', `${props.stage}.json`)
-
-    if (isDevStage(props.stage)) {
-      if (props.debug) console.debug(`Development stage. Using default stage context properties`)
+  protected determineStageContexts() {
+    const debug = this.config.getBoolean('debug')
+    const stage = this.config.require('stage')
+    const stageContextPath = this.config.get('stageContextPath')
+    const stageContextFilePath = path.join(appRoot.path, stageContextPath ?? 'env', `${stage}.json`)
+
+    if (isDevStage(stage)) {
+      if (debug) console.debug(`Development stage. Using default stage context properties`)
     }
 
     /* alert default context usage when extra stage config is missing */
     if (!fs.existsSync(stageContextFilePath)) {
-      if (props.debug) console.debug(`Stage specific context properties unavailable in path:${stageContextFilePath}`)
-      if (props.debug) console.debug(`Using default stage context properties for ${props.stage} stage`)
+      if (debug) console.debug(`Stage specific context properties unavailable in path:${stageContextFilePath}`)
+      if (debug) console.debug(`Using default stage context properties for ${stage} stage`)
       return {}
     }
 
     /* read the extra properties */
     const stageContextPropsBuffer = fs.readFileSync(stageContextFilePath)
-    if (props.debug) console.debug(`Adding additional stage contexts provided in ${stageContextFilePath}`)
+    if (debug) console.debug(`Adding additional stage contexts provided in ${stageContextFilePath}`)
 
     /* parse as JSON properties */
     return JSON.parse(stageContextPropsBuffer.toString('utf-8'))

package/src/lib/azure/common/types.ts

@@ -1,11 +1,19 @@
+import { GetComponentOutputArgs } from '@pulumi/azure-native/applicationinsights/index.js'
+import { GetWorkspaceOutputArgs } from '@pulumi/azure-native/operationalinsights/index.js'
 import { BaseProps } from '../../common/index.js'
-import { AzureRemoteBackend } from './constants.js'
+import { AzureLocation, AzureRemoteBackend } from './constants.js'
+
+export interface AzureLocationConfig {
+  id: string
+  name: string
+}
 
 /**
  * @interface CommonAzureStackProps
  * @description Common properties for Azure stack configuration using Pulumi
  */
 export interface CommonAzureStackProps extends BaseProps {
+  stackName?: string
   resourceGroupName?: string
   remoteBackend?: AzureRemoteBackendProps
   globalPrefix?: string
@@ -13,8 +21,12 @@ export interface CommonAzureStackProps extends BaseProps {
   resourcePrefix?: string
   resourceSuffix?: string
   resourceNameOptions?: { [key: string]: AzureResourceNameFormatterProps }
-  location?: string
+  location: AzureLocation
+  locationConfig?: Record<AzureLocation, AzureLocationConfig>
+  locales?: string[]
   defaultTags?: { [key: string]: string }
+  commonLogAnalyticsWorkspace?: GetWorkspaceOutputArgs
+  commonApplicationInsights?: GetComponentOutputArgs
 
   // Azure Provider properties for Pulumi
   subscriptionId?: string

package/src/lib/azure/construct/event-handler/index.ts

@@ -0,0 +1,2 @@
+export * from './main.js'
+export * from './types.js'

package/src/lib/azure/construct/event-handler/main.ts

@@ -0,0 +1,183 @@
+import { Provider } from '@pulumi/azure-native'
+import { getTopicOutput, GetTopicResult, Topic } from '@pulumi/azure-native/eventgrid/index.js'
+import { Resource } from '@pulumi/azure-native/resources/index.js'
+import { Output } from '@pulumi/pulumi'
+import { AzureFunctionApp } from '../function-app/index.js'
+import { AzureEventHandlerProps, EventHandlerEventGridSubscription, EventHandlerServiceBus } from './types.js'
+
+export class AzureEventHandler extends AzureFunctionApp {
+  props: AzureEventHandlerProps
+  eventGridEventSubscription: EventHandlerEventGridSubscription
+  eventGridTopic: Topic | Output<GetTopicResult>
+  serviceBus: EventHandlerServiceBus
+
+  constructor(id: string, props: AzureEventHandlerProps) {
+    super(id, props)
+    this.props = props
+    this.id = id
+  }
+
+  public initResources() {
+    this.createResourceGroup()
+    this.resolveCommonLogAnalyticsWorkspace()
+    this.resolveApplicationInsights()
+    this.createEventGridSubscriptionDlqStorageAccount()
+    this.createEventGridSubscriptionDlqStorageContainer()
+    this.createServiceBusNamespace()
+    this.createServiceBusQueue()
+    this.createEventGrid()
+    this.createEventGridEventSubscription()
+    this.createServiceBusDiagnosticLog()
+    this.enableMalwareScanningOnDataStorageAccount()
+    super.initResources()
+  }
+
+  protected createEventGridSubscriptionDlqStorageAccount() {
+    this.eventGridEventSubscription.dlqStorageAccount = this.storageManager.createStorageAccount(
+      `${this.id}-eventgrid-subscription-dlq-storage-account`,
+      this,
+      {
+        ...this.props.eventGridSubscription.dlqStorageAccount,
+        resourceGroupName: this.resourceGroup.name,
+        location: this.resourceGroup.location,
+      }
+    )
+  }
+
+  protected createEventGridSubscriptionDlqStorageContainer() {
+    this.eventGridEventSubscription.dlqStorageContainer = this.storageManager.createStorageContainer(
+      `${this.id}-eventgrid-subscription-dlq-container`,
+      this,
+      {
+        ...this.props.eventGridSubscription.dlqStorageContainer,
+        accountName: this.eventGridEventSubscription.dlqStorageAccount.name,
+        containerName: 'eventgrid-subscription-dlq-container',
+        resourceGroupName: this.resourceGroup.name,
+      }
+    )
+  }
+
+  protected createServiceBusNamespace() {
+    this.serviceBus.namespace = this.serviceBusManager.createServiceBusNamespace(
+      this.id,
+      this,
+      {
+        ...this.props.serviceBus.namespace,
+        namespaceName: this.props.serviceBus.namespace.namespaceName ?? this.id,
+        resourceGroupName: this.resourceGroup.name,
+      },
+      { ignoreChanges: ['location'] }
+    )
+
+    this.registerOutputs({
+      serviceBusNamespaceId: this.serviceBus.namespace.id,
+    })
+  }
+
+  protected createServiceBusQueue() {
+    this.serviceBus.queue = this.serviceBusManager.createServiceBusQueue(this.id, this, {
+      ...this.props.serviceBus.queue,
+      queueName: this.props.serviceBus.queue.queueName ?? this.id,
+      namespaceName: this.serviceBus.namespace.name,
+    })
+
+    this.registerOutputs({
+      serviceBusQueueId: this.serviceBus.queue.id,
+      serviceBusQueueName: this.serviceBus.queue.name,
+    })
+  }
+
+  protected createEventGrid() {
+    if (!this.props.eventGridTopic.useExistingTopic) {
+      this.eventGridTopic = this.eventgridManager.createEventgridTopic(
+        this.id,
+        this,
+        {
+          ...this.props.eventGridTopic,
+          topicName: this.props.eventGridTopic.topicName ?? this.id,
+          location: this.resourceGroup.location,
+          resourceGroupName: this.resourceGroup.name,
+        },
+        { protect: true, ignoreChanges: ['location'] }
+      )
+      return
+    }
+
+    const existingSubscriptionId = this.props.eventGridTopic.existingSubscriptionId
+    const existingTopicName = this.props.eventGridTopic.existingTopicName
+    const existingResourceGroupName = this.props.eventGridTopic.existingResourceGroupName
+
+    let provider: Provider | undefined
+    if (existingSubscriptionId) {
+      provider = new Provider(`${this.id}-${existingSubscriptionId}`, {
+        subscriptionId: existingSubscriptionId,
+      })
+    }
+    if (existingResourceGroupName && existingTopicName) {
+      this.eventGridTopic = getTopicOutput(
+        {
+          topicName: existingTopicName,
+          resourceGroupName: existingResourceGroupName,
+        },
+        { provider }
+      )
+    }
+  }
+
+  protected createEventGridEventSubscription() {
+    this.eventGridEventSubscription.eventSubscription = this.eventgridManager.createEventgridSubscription(
+      this.id,
+      this,
+      {
+        ...this.props.eventGridEventSubscription,
+        eventSubscriptionName: this.props.eventGridEventSubscription.eventSubscriptionName ?? this.id,
+        scope: this.eventGridTopic.id,
+        destination: {
+          endpointType: 'ServiceBusQueue',
+          resourceId: this.serviceBus.queue.id,
+        },
+        deadLetterDestination: {
+          blobContainerName: this.eventGridEventSubscription.dlqStorageContainer.name,
+          endpointType: 'StorageBlob',
+          resourceId: this.eventGridEventSubscription.dlqStorageAccount.id,
+        },
+      },
+      { dependsOn: [this.eventGridTopic as unknown as Resource] }
+    )
+  }
+
+  protected createServiceBusDiagnosticLog() {
+    this.monitorManager.createMonitorDiagnosticSettings(this.id, this, {
+      name: `${this.props.stackName}-servicebus`,
+      resourceUri: this.serviceBus.namespace.id,
+      workspaceId: this.commonLogAnalyticsWorkspace.id,
+      logAnalyticsDestinationType: 'Dedicated',
+      logs: [
+        {
+          categoryGroup: 'allLogs',
+          enabled: true,
+        },
+      ],
+      metrics: [
+        {
+          category: 'AllMetrics',
+          enabled: true,
+        },
+      ],
+    })
+  }
+
+  protected enableMalwareScanningOnDataStorageAccount() {
+    if (!this.props.defender) return
+
+    this.securityCentermanager.createDefenderForStorage(`${this.id}-data-storage-defender`, this, {
+      ...this.props.defender,
+      resourceId: this.dataStorageAccount.id,
+      properties: {
+        malwareScanning: {
+          scanResultsEventGridTopicResourceId: this.eventGridTopic.id,
+        },
+      },
+    })
+  }
+}