@gradientedge/cdk-utils 5.12.0 → 6.0.0

package/src/lib/construct/index.ts

@@ -1,4 +1,5 @@
 export * from './api-to-eventbridge-target'
+export * from './api-to-eventbridge-target-with-sns'
 export * from './graphql-api-lambda'
 export * from './graphql-api-lambda-with-cache'
 export * from './site-with-ecs-backend'

package/src/lib/construct/site-with-ecs-backend/main.ts

@@ -11,7 +11,6 @@ import * as logs from 'aws-cdk-lib/aws-logs'
 import * as route53 from 'aws-cdk-lib/aws-route53'
 import * as s3 from 'aws-cdk-lib/aws-s3'
 import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager'
-import * as wafv2 from 'aws-cdk-lib/aws-wafv2'
 import { Construct } from 'constructs'
 import { CommonConstruct } from '../../common'
 import { SiteWithEcsBackendProps } from '../../types'
@@ -66,7 +65,6 @@ export class SiteWithEcsBackend extends CommonConstruct {
   siteDomainNames: string[]
   siteCloudfrontFunction: cloudfront.Function
   siteFunctionAssociations: cloudfront.FunctionAssociation[]
-  siteWebAcl: wafv2.CfnWebACL
 
   constructor(parent: Construct, id: string, props: SiteWithEcsBackendProps) {
     super(parent, id, props)
@@ -97,7 +95,6 @@ export class SiteWithEcsBackend extends CommonConstruct {
     this.createSiteOrigin()
     this.createSiteCloudfrontFunction()
     this.resolveSiteFunctionAssociations()
-    this.createSiteWebAcl()
     this.createDistribution()
     this.createNetworkMappings()
     this.invalidateDistributionCache()
@@ -342,16 +339,6 @@ export class SiteWithEcsBackend extends CommonConstruct {
     }
   }
 
-  /**
-   * @summary Method to create WAF
-   * @protected
-   */
-  protected createSiteWebAcl() {
-    if (!this.props.siteWebAcl) throw 'SiteWebAcl props undefined'
-
-    this.siteWebAcl = this.wafManager.createWebAcl(`${this.id}-waf`, this, this.props.siteWebAcl)
-  }
-
   /**
    * Method to create Site distribution
    * @protected
@@ -365,8 +352,7 @@ export class SiteWithEcsBackend extends CommonConstruct {
       this.siteDomainNames,
       this.siteLogBucket,
       this.siteCertificate,
-      this.siteFunctionAssociations,
-      this.siteWebAcl.attrId
+      this.siteFunctionAssociations
     )
   }
 

package/src/lib/construct/static-site/main.ts

@@ -3,7 +3,6 @@ import * as cloudfront from 'aws-cdk-lib/aws-cloudfront'
 import * as origins from 'aws-cdk-lib/aws-cloudfront-origins'
 import * as route53 from 'aws-cdk-lib/aws-route53'
 import * as s3 from 'aws-cdk-lib/aws-s3'
-import * as wafv2 from 'aws-cdk-lib/aws-wafv2'
 import { Construct } from 'constructs'
 import { CommonConstruct } from '../../common'
 import { StaticSiteProps } from '../../types'
@@ -44,7 +43,6 @@ export class StaticSite extends CommonConstruct {
   siteOriginAccessIdentity: cloudfront.OriginAccessIdentity
   siteCloudfrontFunction: cloudfront.Function
   siteFunctionAssociations: cloudfront.FunctionAssociation[]
-  siteWebAcl: wafv2.CfnWebACL
 
   constructor(parent: Construct, id: string, props: StaticSiteProps) {
     super(parent, id, props)
@@ -65,7 +63,6 @@ export class StaticSite extends CommonConstruct {
     this.createSiteOrigin()
     this.createSiteCloudfrontFunction()
     this.resolveSiteFunctionAssociations()
-    this.createSiteWebAcl()
     this.createSiteDistribution()
     this.createSiteRouteAssets()
     this.deploySite()
@@ -156,16 +153,6 @@ export class StaticSite extends CommonConstruct {
     }
   }
 
-  /**
-   * @summary Method to create WAF
-   * @protected
-   */
-  protected createSiteWebAcl() {
-    if (!this.props.siteWebAcl) throw 'SiteWebAcl props undefined'
-
-    this.siteWebAcl = this.wafManager.createWebAcl(`${this.id}-waf`, this, this.props.siteWebAcl)
-  }
-
   /**
    * @summary Method to create a site cloudfront distribution
    * @protected
@@ -183,8 +170,7 @@ export class StaticSite extends CommonConstruct {
       this.siteOriginAccessIdentity,
       this.siteCertificate,
       this.props.siteAliases,
-      this.siteFunctionAssociations,
-      this.siteWebAcl.attrId
+      this.siteFunctionAssociations
     )
   }
 

package/src/lib/{construct/api-to-eventbridge-target/api-destination-event.ts → helper/api-to-eventbridge-target-event.ts}

@@ -1,17 +1,19 @@
 import * as events from 'aws-cdk-lib/aws-events'
 import * as logs from 'aws-cdk-lib/aws-logs'
-import * as types from '../../types/aws'
+import * as types from '../types/aws'
 
 /**
  * @stability stable
  * @category cdk-utils.api-to-eventbridge-target
  * @subcategory member
- * @classdesc Provides a construct to contain event resources for ApiToEventBridgeTarget
+ * @classdesc Provides a construct to contain event resources for ApiToEventBridgeTargetWithSns
  */
-export class ApiDestinationEvent implements types.ApiDestinationEventType {
+export class ApiToEventbridgeTargetEvent implements types.ApiToEventBridgeTargetEventType {
   eventBus: events.IEventBus
+  logGroup: logs.LogGroup
   logGroupFailure: logs.LogGroup
   logGroupSuccess: logs.LogGroup
+  rule: events.Rule
   ruleFailure: events.Rule
   ruleSuccess: events.Rule
 }

package/src/lib/{construct/api-to-eventbridge-target/api-destined-rest-api.ts → helper/api-to-eventbridge-target-rest-api.ts}

@@ -3,15 +3,15 @@ import * as acm from 'aws-cdk-lib/aws-certificatemanager'
 import * as iam from 'aws-cdk-lib/aws-iam'
 import * as route53 from 'aws-cdk-lib/aws-route53'
 import * as sns from 'aws-cdk-lib/aws-sns'
-import * as types from '../../types/aws'
+import * as types from '../types/aws'
 
 /**
  * @stability stable
  * @category cdk-utils.api-to-eventbridge-target
  * @subcategory member
- * @classdesc Provides a construct to contain api resources for ApiToEventBridgeTarget
+ * @classdesc Provides a construct to contain api resources for ApiToEventBridgeTargetWithSns
  */
-export class ApiDestinedRestApi implements types.ApiDestinedRestApiType {
+export class ApiToEventbridgeTargetRestApi implements types.ApiToEventBridgeTargetRestApiType {
   api: apig.RestApi
   certificate: acm.ICertificate
   domain: apig.DomainName
@@ -28,5 +28,5 @@ export class ApiDestinedRestApi implements types.ApiDestinedRestApiType {
   resource: apig.Resource
   responseModel: apig.Model
   topic: sns.Topic
-  topicRole: iam.Role
+  role: iam.Role
 }

package/src/lib/helper/index.ts

@@ -0,0 +1,2 @@
+export * from './api-to-eventbridge-target-event'
+export * from './api-to-eventbridge-target-rest-api'

package/src/lib/manager/aws/cloudfront-manager.ts

@@ -61,7 +61,6 @@ export class CloudFrontManager {
    * @param {cloudfront.OriginAccessIdentity?} oai
    * @param {acm.ICertificate?} certificate
    * @param {string[]?} aliases
-   * @param {string?} webAclId
    */
   public createCloudFrontDistribution(
     id: string,
@@ -71,8 +70,7 @@ export class CloudFrontManager {
     logBucket?: s3.IBucket,
     oai?: cloudfront.OriginAccessIdentity,
     certificate?: acm.ICertificate,
-    aliases?: string[],
-    webAclId?: string
+    aliases?: string[]
   ) {
     if (!siteBucket) throw `SiteBucket not defined`
     if (!certificate) throw `Certificate not defined`
@@ -105,7 +103,7 @@ export class CloudFrontManager {
         securityPolicy: cloudfront.SecurityPolicyProtocol.TLS_V1_1_2016,
         sslMethod: cloudfront.SSLMethod.SNI,
       }),
-      webACLId: webAclId,
+      webACLId: props.webACLId,
     })
 
     utils.createCfnOutput(`${id}-distributionId`, scope, distribution.distributionId)
@@ -126,7 +124,6 @@ export class CloudFrontManager {
    * @param {acm.ICertificate?} certificate
    * @param {string[]?} aliases
    * @param {cloudfront.FunctionAssociation?} defaultFunctionAssociations
-   * @param {string?} webAclId
    */
   public createDistributionWithS3Origin(
     id: string,
@@ -138,8 +135,7 @@ export class CloudFrontManager {
     oai?: cloudfront.OriginAccessIdentity,
     certificate?: acm.ICertificate,
     aliases?: string[],
-    defaultFunctionAssociations?: cloudfront.FunctionAssociation[],
-    webAclId?: string
+    defaultFunctionAssociations?: cloudfront.FunctionAssociation[]
   ) {
     const distribution = new cloudfront.Distribution(scope, `${id}`, {
       certificate: certificate,
@@ -165,7 +161,7 @@ export class CloudFrontManager {
       logFilePrefix: props.logFilePrefix ?? `edge/`,
       minimumProtocolVersion: props.minimumProtocolVersion ?? cloudfront.SecurityPolicyProtocol.TLS_V1_2_2021,
       priceClass: props.priceClass ?? cloudfront.PriceClass.PRICE_CLASS_ALL,
-      webAclId: webAclId,
+      webAclId: props.webAclId,
     })
 
     utils.createCfnOutput(`${id}-distributionId`, scope, distribution.distributionId)
@@ -184,7 +180,6 @@ export class CloudFrontManager {
    * @param {s3.IBucket?} logBucket
    * @param {acm.ICertificate?} certificate
    * @param {cloudfront.FunctionAssociation?} defaultFunctionAssociations
-   * @param {string?} webAclId
    */
   public createDistributionWithHttpOrigin(
     id: string,
@@ -194,8 +189,7 @@ export class CloudFrontManager {
     domainNames: string[],
     logBucket?: s3.IBucket,
     certificate?: acm.ICertificate,
-    defaultFunctionAssociations?: cloudfront.FunctionAssociation[],
-    webAclId?: string
+    defaultFunctionAssociations?: cloudfront.FunctionAssociation[]
   ) {
     const distribution = new cloudfront.Distribution(scope, `${id}`, {
       certificate: certificate,
@@ -221,7 +215,7 @@ export class CloudFrontManager {
       logFilePrefix: props.logFilePrefix ?? `edge/`,
       minimumProtocolVersion: props.minimumProtocolVersion ?? cloudfront.SecurityPolicyProtocol.TLS_V1_2_2021,
       priceClass: props.priceClass ?? cloudfront.PriceClass.PRICE_CLASS_ALL,
-      webAclId: webAclId,
+      webAclId: props.webAclId,
     })
 
     utils.createCfnOutput(`${id}-distributionId`, scope, distribution.distributionId)

package/src/lib/manager/aws/sqs-manager.ts

@@ -37,10 +37,14 @@ export class SqsManager {
 
     const queue = new sqs.Queue(scope, id, {
       queueName: props.queueName,
-      visibilityTimeout: cdk.Duration.seconds(props.visibilityTimeoutInSecs),
-      receiveMessageWaitTime: cdk.Duration.seconds(props.receiveMessageWaitTimeInSecs),
+      visibilityTimeout: props.visibilityTimeoutInSecs
+        ? cdk.Duration.seconds(props.visibilityTimeoutInSecs)
+        : undefined,
+      receiveMessageWaitTime: props.receiveMessageWaitTimeInSecs
+        ? cdk.Duration.seconds(props.receiveMessageWaitTimeInSecs)
+        : undefined,
       contentBasedDeduplication: props.contentBasedDeduplication,
-      dataKeyReuse: cdk.Duration.seconds(props.dataKeyReuseInSecs),
+      dataKeyReuse: props.dataKeyReuseInSecs ? cdk.Duration.seconds(props.dataKeyReuseInSecs) : undefined,
       deadLetterQueue: !deadLetterQueue
         ? undefined
         : {
@@ -48,7 +52,7 @@ export class SqsManager {
             maxReceiveCount: props.maxReceiveCount,
           },
       deduplicationScope: props.deduplicationScope,
-      deliveryDelay: cdk.Duration.seconds(props.deliveryDelayInSecs),
+      deliveryDelay: props.deliveryDelayInSecs ? cdk.Duration.seconds(props.deliveryDelayInSecs) : undefined,
       encryption: props.encryption,
       encryptionMasterKey: props.encryptionMasterKey,
       fifo: props.fifo,
@@ -72,10 +76,9 @@ export class SqsManager {
    * @param {types.LambdaProps} props the lambda properties
    */
   public createRedriveQueueForLambda(id: string, scope: common.CommonConstruct, props: types.LambdaProps) {
-    if (!props.dlq || !props.redriveq) throw `Redrive queue props for Lambda undefined`
+    if (!props.redriveq) throw `Redrive queue props for Lambda undefined`
 
     return this.createQueue(`${id}`, scope, {
-      ...props.dlq,
       ...props.redriveq,
       ...{
         queueName: `${props.functionName}-redriveq-${scope.props.stage}`,

package/src/lib/types/aws/index.ts

@@ -75,7 +75,6 @@ export interface SiteWithEcsBackendProps extends CommonStackProps {
   siteSubDomain: string
   siteTask: ecsPatterns.ApplicationLoadBalancedFargateServiceProps
   siteVpc: ec2.VpcProps
-  siteWebAcl?: WafWebACLProps
   useExistingHostedZone: boolean
   nodeEnv: string
   logLevel: string
@@ -99,7 +98,6 @@ export interface StaticSiteProps extends CommonStackProps {
   siteRecordName?: string
   siteSubDomain?: string
   siteAliases?: string[]
-  siteWebAcl?: WafWebACLProps
   useExistingHostedZone: boolean
   nodeEnv: string
   logLevel: string
@@ -244,10 +242,12 @@ export interface GraphQlApiLambdaWithCacheProps extends GraphQlApiLambdaProps {
  * @category cdk-utils.api-to-eventbridge-target
  * @subcategory Types
  */
-export interface ApiDestinationEventType {
+export interface ApiToEventBridgeTargetEventType {
   eventBus: events.IEventBus
+  logGroup: logs.LogGroup
   logGroupFailure: logs.LogGroup
   logGroupSuccess: logs.LogGroup
+  rule: events.Rule
   ruleFailure: events.Rule
   ruleSuccess: events.Rule
 }
@@ -256,7 +256,7 @@ export interface ApiDestinationEventType {
  * @category cdk-utils.api-to-eventbridge-target
  * @subcategory Types
  */
-export interface ApiDestinedRestApiType {
+export interface ApiToEventBridgeTargetRestApiType {
   api: apig.IRestApi
   authoriser?: apig.IAuthorizer
   certificate: acm.ICertificate
@@ -273,8 +273,9 @@ export interface ApiDestinedRestApiType {
   methodResponse: apig.MethodResponse
   resource: apig.Resource
   responseModel: apig.Model
-  topic: sns.ITopic
-  topicRole: iam.Role
+  topic?: sns.ITopic
+  role?: iam.Role
+  policy?: iam.PolicyDocument
 }
 
 /**
@@ -331,8 +332,10 @@ interface ApiToEventBridgeTargetLambdaProps {
  */
 interface ApiToEventBridgeTargetEventProps {
   eventBusName?: string
+  logGroup?: LogProps
   logGroupSuccess?: LogProps
   logGroupFailure?: LogProps
+  rule: EventRuleProps
   ruleSuccess: EventRuleProps
   ruleFailure: EventRuleProps
 }
@@ -346,7 +349,7 @@ export interface ApiToEventBridgeTargetProps extends CommonStackProps {
   apiSubDomain: string
   api: ApiToEventBridgeTargetRestApiProps
   event: ApiToEventBridgeTargetEventProps
-  lambda: ApiToEventBridgeTargetLambdaProps
+  lambda?: ApiToEventBridgeTargetLambdaProps
   logLevel: string
   nodeEnv: string
   timezone: string