@gradientedge/cdk-utils 8.112.0 → 8.114.0

package/dist/src/lib/construct/lambda-with-iam-access/main.d.ts

@@ -4,6 +4,7 @@ import { LambdaWithIamAccessEnvironment, LambdaWithIamAccessProps } from './type
 import * as iam from 'aws-cdk-lib/aws-iam';
 import * as lambda from 'aws-cdk-lib/aws-lambda';
 import * as secretsManager from 'aws-cdk-lib/aws-secretsmanager';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
 /**
  * @classdesc Provides a construct to create a lambda function with IAM access
  * @example
@@ -30,6 +31,8 @@ export declare class LambdaWithIamAccess extends CommonConstruct {
     lambdaIamUser: iam.User;
     lambdaUserAccessKey: iam.CfnAccessKey;
     lambdaUserAccessSecret: secretsManager.Secret;
+    lambdaVpc: ec2.IVpc;
+    lambdaSecurityGroup: ec2.ISecurityGroup;
     constructor(parent: Construct, id: string, props: LambdaWithIamAccessProps);
     /**
      * @summary Initialise and provision resources

package/dist/src/lib/construct/lambda-with-iam-access/main.js

@@ -55,6 +55,8 @@ class LambdaWithIamAccess extends common_1.CommonConstruct {
     lambdaIamUser;
     lambdaUserAccessKey;
     lambdaUserAccessSecret;
+    lambdaVpc;
+    lambdaSecurityGroup;
     constructor(parent, id, props) {
         super(parent, id, props);
         this.props = props;
@@ -112,7 +114,7 @@ class LambdaWithIamAccess extends common_1.CommonConstruct {
      * @summary Method to create lambda function
      */
     createLambdaFunction() {
-        this.lambdaFunction = this.lambdaManager.createLambdaFunction(`${this.id}-lambda`, this, this.props.lambda, this.lambdaRole, this.lambdaLayers, this.props.lambdaSource, this.props.lambdaHandler || 'index.handler', this.lambdaEnvironment);
+        this.lambdaFunction = this.lambdaManager.createLambdaFunction(`${this.id}-lambda`, this, this.props.lambda, this.lambdaRole, this.lambdaLayers, this.props.lambdaSource, this.props.lambdaHandler || 'index.handler', this.lambdaEnvironment, this.lambdaVpc, [this.lambdaSecurityGroup], undefined, undefined, this.lambdaVpc);
     }
     /**
      * @summary Method to create iam user for the lambda function

package/dist/src/lib/construct/site-with-ecs-backend/main.d.ts

@@ -12,7 +12,7 @@ import * as s3 from 'aws-cdk-lib/aws-s3';
 import * as efs from 'aws-cdk-lib/aws-efs';
 import { Construct } from 'constructs';
 import { CommonConstruct } from '../../common';
-import { SiteWithEcsBackendProps, SiteResponseHeadersPolicyProps } from './types';
+import { SiteWithEcsBackendProps, SiteResponseHeadersPolicyProps, SiteCachePolicyProps } from './types';
 /**
  * @classdesc Provides a construct to create and deploy a site hosted with an clustered ECS/ELB backend
  * @example
@@ -126,7 +126,8 @@ export declare class SiteWithEcsBackend extends CommonConstruct {
      * Method to create log bucket for site distribution
      */
     protected createSiteLogBucket(): void;
-    protected createSiteCacheConfigPolicy(): void;
+    protected createSiteCachePolicy(id: string, siteCachePolicy: SiteCachePolicyProps): cdk.aws_cloudfront.CachePolicy;
+    protected createSiteOriginCachePolicy(): void;
     protected createSiteOriginRequestPolicy(): void;
     protected createResponseHeaderPolicy(props: SiteResponseHeadersPolicyProps): cdk.aws_cloudfront.ResponseHeadersPolicy | undefined;
     protected createSiteOriginResponseHeadersPolicy(): void;

package/dist/src/lib/construct/site-with-ecs-backend/main.js

@@ -104,7 +104,7 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
         this.createEcsBuildArgs();
         this.createEcsContainerImage();
         this.createEcsService();
-        this.createSiteCacheConfigPolicy();
+        this.createSiteOriginCachePolicy();
         this.createSiteOriginRequestPolicy();
         this.createSiteOriginResponseHeadersPolicy();
         this.createSiteOrigin();
@@ -347,20 +347,23 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
     createSiteLogBucket() {
         this.siteLogBucket = this.s3Manager.createS3Bucket(`${this.id}-site-logs`, this, this.props.siteLogBucket);
     }
-    createSiteCacheConfigPolicy() {
-        if (!this.props.siteCachePolicy)
-            return;
-        this.siteCachePolicy = new cloudfront.CachePolicy(this, `${this.id}-site-cache-policy`, {
-            cachePolicyName: `${this.id}-site-cache-policy`,
+    createSiteCachePolicy(id, siteCachePolicy) {
+        return new cloudfront.CachePolicy(this, `${id}`, {
+            cachePolicyName: `${this.id}-${siteCachePolicy.cachePolicyName}`,
             comment: `Policy for ${this.id}-distribution - ${this.props.stage} stage`,
-            defaultTtl: cdk.Duration.seconds(this.props.siteCachePolicy.defaultTtlInSeconds),
-            minTtl: cdk.Duration.seconds(this.props.siteCachePolicy.minTtlInSeconds),
-            maxTtl: cdk.Duration.seconds(this.props.siteCachePolicy.maxTtlInSeconds),
-            enableAcceptEncodingGzip: this.props.siteCachePolicy.enableAcceptEncodingGzip,
-            queryStringBehavior: this.props.siteCachePolicy.queryStringBehavior,
-            headerBehavior: this.props.siteCachePolicy.headerBehavior,
-            cookieBehavior: this.props.siteCachePolicy.cookieBehavior,
+            defaultTtl: cdk.Duration.seconds(siteCachePolicy.defaultTtlInSeconds),
+            minTtl: cdk.Duration.seconds(siteCachePolicy.minTtlInSeconds),
+            maxTtl: cdk.Duration.seconds(siteCachePolicy.maxTtlInSeconds),
+            enableAcceptEncodingGzip: siteCachePolicy.enableAcceptEncodingGzip,
+            queryStringBehavior: siteCachePolicy.queryStringBehavior,
+            headerBehavior: siteCachePolicy.headerBehavior,
+            cookieBehavior: siteCachePolicy.cookieBehavior,
         });
+    }
+    createSiteOriginCachePolicy() {
+        if (!this.props.siteCachePolicy)
+            return;
+        this.siteCachePolicy = this.createSiteCachePolicy(`${this.id}-site-cache-policy`, this.props.siteCachePolicy);
         _.assign(this.props.siteDistribution.defaultBehavior, {
             cachePolicy: this.siteCachePolicy,
         });
@@ -387,6 +390,7 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
             comment: `Response Header Policy for ${props.type} for ${this.id}-distribution - ${this.props.stage} stage`,
             responseHeadersPolicyName: `${this.id}-${props.type}-response`,
             securityHeadersBehavior: {
+                ...props.securityHeadersBehavior,
                 strictTransportSecurity: {
                     ...props.securityHeadersBehavior?.strictTransportSecurity,
                     accessControlMaxAge: cdk.Duration.seconds(props.securityHeadersBehavior?.strictTransportSecurity?.accessControlMaxAgeInSeconds),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gradientedge/cdk-utils",
-  "version": "8.112.0",
+  "version": "8.114.0",
   "description": "Utilities for AWS CDK provisioning",
   "main": "dist/index.js",
   "engines": {
@@ -46,14 +46,14 @@
     }
   },
   "dependencies": {
-    "@aws-sdk/client-secrets-manager": "^3.385.0",
-    "@aws-sdk/credential-providers": "^3.385.0",
-    "@aws-sdk/types": "^3.378.0",
-    "@types/lodash": "^4.14.196",
-    "@types/node": "^20.4.8",
+    "@aws-sdk/client-secrets-manager": "^3.395.0",
+    "@aws-sdk/credential-providers": "^3.395.0",
+    "@aws-sdk/types": "^3.391.0",
+    "@types/lodash": "^4.14.197",
+    "@types/node": "^20.5.1",
     "@types/uuid": "^9.0.2",
     "app-root-path": "^3.1.0",
-    "aws-cdk-lib": "^2.90.0",
+    "aws-cdk-lib": "^2.92.0",
     "constructs": "^10.2.69",
     "lodash": "^4.17.21",
     "moment": "^2.29.4",
@@ -63,22 +63,22 @@
     "uuid": "^9.0.0"
   },
   "devDependencies": {
-    "@babel/core": "^7.22.9",
-    "@babel/eslint-parser": "^7.22.9",
+    "@babel/core": "^7.22.10",
+    "@babel/eslint-parser": "^7.22.10",
     "@babel/plugin-proposal-class-properties": "^7.18.6",
     "@types/jest": "^29.5.3",
-    "@typescript-eslint/eslint-plugin": "^6.2.1",
-    "@typescript-eslint/parser": "^6.2.1",
-    "aws-cdk": "^2.90.0",
+    "@typescript-eslint/eslint-plugin": "^6.4.0",
+    "@typescript-eslint/parser": "^6.4.0",
+    "aws-cdk": "^2.92.0",
     "better-docs": "^2.7.2",
     "codecov": "^3.8.3",
     "commitizen": "^4.3.0",
     "docdash": "^2.0.1",
     "dotenv": "^16.3.1",
-    "eslint": "^8.46.0",
+    "eslint": "^8.47.0",
     "eslint-config-prettier": "^9.0.0",
-    "eslint-plugin-import": "^2.28.0",
-    "eslint-plugin-jsdoc": "^46.4.6",
+    "eslint-plugin-import": "^2.28.1",
+    "eslint-plugin-jsdoc": "^46.5.0",
     "husky": "^8.0.3",
     "jest": "^29.6.2",
     "jest-extended": "^4.0.1",
@@ -88,10 +88,10 @@
     "jsdoc-mermaid": "^1.0.0",
     "jsdoc-plugin-typescript": "^2.2.1",
     "jsdoc-to-markdown": "^8.0.0",
-    "prettier": "^3.0.1",
+    "prettier": "^3.0.2",
     "prettier-plugin-organize-imports": "^3.2.3",
     "rimraf": "^5.0.1",
-    "semantic-release": "^21.0.7",
+    "semantic-release": "^21.0.9",
     "taffydb": "^2.7.3",
     "ts-jest": "^29.1.1",
     "ts-node": "^10.9.1",

package/src/lib/construct/lambda-with-iam-access/main.ts

@@ -4,6 +4,7 @@ import { LambdaWithIamAccessEnvironment, LambdaWithIamAccessProps } from './type
 import * as iam from 'aws-cdk-lib/aws-iam'
 import * as lambda from 'aws-cdk-lib/aws-lambda'
 import * as secretsManager from 'aws-cdk-lib/aws-secretsmanager'
+import * as ec2 from 'aws-cdk-lib/aws-ec2'
 
 /**
  * @classdesc Provides a construct to create a lambda function with IAM access
@@ -34,6 +35,8 @@ export class LambdaWithIamAccess extends CommonConstruct {
   lambdaIamUser: iam.User
   lambdaUserAccessKey: iam.CfnAccessKey
   lambdaUserAccessSecret: secretsManager.Secret
+  lambdaVpc: ec2.IVpc
+  lambdaSecurityGroup: ec2.ISecurityGroup
 
   constructor(parent: Construct, id: string, props: LambdaWithIamAccessProps) {
     super(parent, id, props)
@@ -109,7 +112,12 @@ export class LambdaWithIamAccess extends CommonConstruct {
       this.lambdaLayers,
       this.props.lambdaSource,
       this.props.lambdaHandler || 'index.handler',
-      this.lambdaEnvironment
+      this.lambdaEnvironment,
+      this.lambdaVpc,
+      [this.lambdaSecurityGroup],
+      undefined,
+      undefined,
+      this.lambdaVpc
     )
   }
 

package/src/lib/construct/site-with-ecs-backend/main.ts

@@ -14,7 +14,7 @@ import * as s3 from 'aws-cdk-lib/aws-s3'
 import * as efs from 'aws-cdk-lib/aws-efs'
 import { Construct } from 'constructs'
 import { CommonConstruct } from '../../common'
-import { SiteWithEcsBackendProps, SiteResponseHeadersPolicyProps } from './types'
+import { SiteWithEcsBackendProps, SiteResponseHeadersPolicyProps, SiteCachePolicyProps } from './types'
 
 /**
  * @classdesc Provides a construct to create and deploy a site hosted with an clustered ECS/ELB backend
@@ -92,7 +92,7 @@ export class SiteWithEcsBackend extends CommonConstruct {
     this.createEcsBuildArgs()
     this.createEcsContainerImage()
     this.createEcsService()
-    this.createSiteCacheConfigPolicy()
+    this.createSiteOriginCachePolicy()
     this.createSiteOriginRequestPolicy()
     this.createSiteOriginResponseHeadersPolicy()
     this.createSiteOrigin()
@@ -410,20 +410,23 @@ export class SiteWithEcsBackend extends CommonConstruct {
     this.siteLogBucket = this.s3Manager.createS3Bucket(`${this.id}-site-logs`, this, this.props.siteLogBucket)
   }
 
-  protected createSiteCacheConfigPolicy() {
-    if (!this.props.siteCachePolicy) return
-    this.siteCachePolicy = new cloudfront.CachePolicy(this, `${this.id}-site-cache-policy`, {
-      cachePolicyName: `${this.id}-site-cache-policy`,
+  protected createSiteCachePolicy(id: string, siteCachePolicy: SiteCachePolicyProps) {
+    return new cloudfront.CachePolicy(this, `${id}`, {
+      cachePolicyName: `${this.id}-${siteCachePolicy.cachePolicyName}`,
       comment: `Policy for ${this.id}-distribution - ${this.props.stage} stage`,
-      defaultTtl: cdk.Duration.seconds(this.props.siteCachePolicy.defaultTtlInSeconds),
-      minTtl: cdk.Duration.seconds(this.props.siteCachePolicy.minTtlInSeconds),
-      maxTtl: cdk.Duration.seconds(this.props.siteCachePolicy.maxTtlInSeconds),
-      enableAcceptEncodingGzip: this.props.siteCachePolicy.enableAcceptEncodingGzip,
-      queryStringBehavior: this.props.siteCachePolicy.queryStringBehavior,
-      headerBehavior: this.props.siteCachePolicy.headerBehavior,
-      cookieBehavior: this.props.siteCachePolicy.cookieBehavior,
+      defaultTtl: cdk.Duration.seconds(siteCachePolicy.defaultTtlInSeconds),
+      minTtl: cdk.Duration.seconds(siteCachePolicy.minTtlInSeconds),
+      maxTtl: cdk.Duration.seconds(siteCachePolicy.maxTtlInSeconds),
+      enableAcceptEncodingGzip: siteCachePolicy.enableAcceptEncodingGzip,
+      queryStringBehavior: siteCachePolicy.queryStringBehavior,
+      headerBehavior: siteCachePolicy.headerBehavior,
+      cookieBehavior: siteCachePolicy.cookieBehavior,
     })
+  }
 
+  protected createSiteOriginCachePolicy() {
+    if (!this.props.siteCachePolicy) return
+    this.siteCachePolicy = this.createSiteCachePolicy(`${this.id}-site-cache-policy`, this.props.siteCachePolicy)
     _.assign(this.props.siteDistribution.defaultBehavior, {
       cachePolicy: this.siteCachePolicy,
     })
@@ -451,6 +454,7 @@ export class SiteWithEcsBackend extends CommonConstruct {
       comment: `Response Header Policy for ${props.type} for ${this.id}-distribution - ${this.props.stage} stage`,
       responseHeadersPolicyName: `${this.id}-${props.type}-response`,
       securityHeadersBehavior: {
+        ...props.securityHeadersBehavior,
         strictTransportSecurity: {
           ...props.securityHeadersBehavior?.strictTransportSecurity,
           accessControlMaxAge: cdk.Duration.seconds(