@gradientedge/cdk-utils 8.113.0 → 8.115.0

package/dist/src/lib/construct/api-to-any-target/index.d.ts

@@ -0,0 +1,3 @@
+export * from './main';
+export * from './target';
+export * from './types';

package/dist/src/lib/construct/api-to-any-target/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./main"), exports);
+__exportStar(require("./target"), exports);
+__exportStar(require("./types"), exports);

package/dist/src/lib/construct/api-to-any-target/main.d.ts

@@ -0,0 +1,48 @@
+import { Resource } from 'aws-cdk-lib/aws-apigateway';
+import { ISecret } from 'aws-cdk-lib/aws-secretsmanager';
+import { Construct } from 'constructs';
+import { CommonConstruct } from '../../common';
+import { ApiToAnyTargetProps, ApiToAnyTargetRestApiResource, ApiToAnyTargetRestApiType } from './types';
+/**
+ * @classdesc Provides a construct to create and deploy a shallow API Gateway
+ * @example
+ * import { ApiToAnyTarget, ApiToAnyTargetProps } '@gradientedge/cdk-utils'
+ * import { Construct } from 'constructs'
+ *
+ * class CustomConstruct extends ApiToAnyTarget {
+ *   constructor(parent: Construct, id: string, props: ApiToAnyTargetProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+export declare class ApiToAnyTarget extends CommonConstruct {
+    props: ApiToAnyTargetProps;
+    id: string;
+    applicationSecrets: ISecret[];
+    apiToAnyTargetRestApi: ApiToAnyTargetRestApiType;
+    apiResource: string;
+    constructor(parent: Construct, id: string, props: ApiToAnyTargetProps);
+    protected initResources(): void;
+    /**
+     * @summary Method to resolve secrets from SecretsManager
+     * - To be implemented in the overriding method in the implementation class
+     */
+    protected resolveSecrets(): void;
+    /**
+     * @summary Method to resolve a hosted zone based on domain attributes
+     */
+    protected resolveHostedZone(): void;
+    /**
+     * @summary Method to resolve a certificate based on attributes
+     */
+    protected resolveCertificate(): void;
+    protected createApiToAnyTargetRestApiLogGroup(): void;
+    protected createApiToAnyTargetRestApi(): void;
+    protected createApiToAnyTargetResource(apiResourceProps: ApiToAnyTargetRestApiResource): Resource | undefined;
+    protected createApiDomain(): void;
+    protected createApiBasePathMapping(): void;
+    protected createApiRouteAssets(): void;
+}

package/dist/src/lib/construct/api-to-any-target/main.js

@@ -0,0 +1,159 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiToAnyTarget = void 0;
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_apigateway_1 = require("aws-cdk-lib/aws-apigateway");
+const common_1 = require("../../common");
+const target_1 = require("./target");
+/**
+ * @classdesc Provides a construct to create and deploy a shallow API Gateway
+ * @example
+ * import { ApiToAnyTarget, ApiToAnyTargetProps } '@gradientedge/cdk-utils'
+ * import { Construct } from 'constructs'
+ *
+ * class CustomConstruct extends ApiToAnyTarget {
+ *   constructor(parent: Construct, id: string, props: ApiToAnyTargetProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+class ApiToAnyTarget extends common_1.CommonConstruct {
+    props;
+    id;
+    /* application related resources */
+    applicationSecrets;
+    /* rest restApi related resources */
+    apiToAnyTargetRestApi;
+    apiResource;
+    constructor(parent, id, props) {
+        super(parent, id, props);
+        this.props = props;
+        this.id = id;
+        this.apiToAnyTargetRestApi = new target_1.ApiToAnyTargetRestApi();
+    }
+    initResources() {
+        /* application related resources */
+        this.resolveSecrets();
+        /* core resources */
+        this.resolveHostedZone();
+        this.resolveCertificate();
+        /* restApi related resources */
+        this.createApiToAnyTargetRestApiLogGroup();
+        this.createApiToAnyTargetRestApi();
+        this.createApiDomain();
+        this.createApiBasePathMapping();
+        this.createApiRouteAssets();
+    }
+    /**
+     * @summary Method to resolve secrets from SecretsManager
+     * - To be implemented in the overriding method in the implementation class
+     */
+    resolveSecrets() {
+        this.applicationSecrets = [];
+    }
+    /**
+     * @summary Method to resolve a hosted zone based on domain attributes
+     */
+    resolveHostedZone() {
+        this.apiToAnyTargetRestApi.hostedZone = this.route53Manager.withHostedZoneFromFullyQualifiedDomainName(`${this.id}-hosted-zone`, this, this.props.useExistingHostedZone);
+    }
+    /**
+     * @summary Method to resolve a certificate based on attributes
+     */
+    resolveCertificate() {
+        if (this.props.api.useExisting)
+            return;
+        if (this.props.api.certificate.useExistingCertificate &&
+            this.props.api.certificate.certificateSsmName &&
+            this.props.api.certificate.certificateRegion) {
+            this.props.api.certificate.certificateArn = this.ssmManager.readStringParameterFromRegion(`${this.id}-certificate-param`, this, this.props.api.certificate.certificateSsmName, this.props.api.certificate.certificateRegion);
+        }
+        this.apiToAnyTargetRestApi.certificate = this.acmManager.resolveCertificate(`${this.id}-certificate`, this, this.props.api.certificate);
+    }
+    createApiToAnyTargetRestApiLogGroup() {
+        this.apiToAnyTargetRestApi.accessLogGroup = this.logManager.createLogGroup(`${this.id}-rest-api-access-log`, this, {
+            logGroupName: `/custom/api/${this.id}-rest-api-access`,
+            removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
+        });
+    }
+    createApiToAnyTargetRestApi() {
+        if (this.props.api.useExisting && this.props.api.importedRestApiRef) {
+            this.apiToAnyTargetRestApi.api = aws_apigateway_1.RestApi.fromRestApiId(this, `${this.id}-rest-api`, aws_cdk_lib_1.Fn.importValue(this.props.api.importedRestApiRef));
+            return;
+        }
+        this.apiToAnyTargetRestApi.api = new aws_apigateway_1.RestApi(this, `${this.id}-rest-api`, {
+            ...{
+                cloudWatchRole: this.props.api.restApi?.cloudWatchRole ?? true,
+                defaultCorsPreflightOptions: {
+                    allowHeaders: aws_apigateway_1.Cors.DEFAULT_HEADERS,
+                    allowMethods: aws_apigateway_1.Cors.ALL_METHODS,
+                    allowOrigins: aws_apigateway_1.Cors.ALL_ORIGINS,
+                },
+                defaultIntegration: this.apiToAnyTargetRestApi.integration,
+                defaultMethodOptions: {
+                    methodResponses: [this.apiToAnyTargetRestApi.methodResponse, this.apiToAnyTargetRestApi.methodErrorResponse],
+                },
+                deploy: this.props.api.restApi?.deploy ?? true,
+                deployOptions: {
+                    accessLogDestination: new aws_apigateway_1.LogGroupLogDestination(this.apiToAnyTargetRestApi.accessLogGroup),
+                    accessLogFormat: aws_apigateway_1.AccessLogFormat.jsonWithStandardFields(),
+                    dataTraceEnabled: this.props.api.restApi?.deployOptions?.dataTraceEnabled,
+                    description: `${this.id} - ${this.props.stage} stage`,
+                    loggingLevel: aws_apigateway_1.MethodLoggingLevel.INFO,
+                    metricsEnabled: true,
+                    stageName: this.props.stage,
+                    tracingEnabled: this.props.api.restApi?.deployOptions?.tracingEnabled,
+                },
+                endpointConfiguration: {
+                    types: [this.isProductionStage() ? aws_apigateway_1.EndpointType.EDGE : aws_apigateway_1.EndpointType.REGIONAL],
+                },
+                restApiName: `${this.id}-rest-api-${this.props.stage}`,
+            },
+            ...this.props.api.restApi,
+        });
+        this.addCfnOutput(`${this.id}-restApiId`, this.apiToAnyTargetRestApi.api.restApiId);
+        this.addCfnOutput(`${this.id}-restApiRootResourceId`, this.apiToAnyTargetRestApi.api.root.resourceId);
+    }
+    createApiToAnyTargetResource(apiResourceProps) {
+        if (!this.props.api.withResource)
+            return;
+        let rootResource;
+        if (this.props.api.withResource && this.props.api.importedRestApiRootResourceRef) {
+            rootResource = aws_apigateway_1.Resource.fromResourceAttributes(this, `${this.id}-root-resource-for-${apiResourceProps.path}`, {
+                path: '/',
+                resourceId: aws_cdk_lib_1.Fn.importValue(this.props.api.importedRestApiRootResourceRef),
+                restApi: this.apiToAnyTargetRestApi.api,
+            });
+        }
+        else {
+            rootResource = this.apiToAnyTargetRestApi.api.root;
+        }
+        return this.apiManager.createApiResource(`${this.id}-resource-${apiResourceProps.path}}`, this, apiResourceProps.parent ?? rootResource, apiResourceProps.path, apiResourceProps.integration, apiResourceProps.addProxy, apiResourceProps.authorizer, apiResourceProps.allowedOrigins, apiResourceProps.allowedMethods, apiResourceProps.allowedHeaders, apiResourceProps.methodRequestParameters, apiResourceProps.proxyIntegration);
+    }
+    createApiDomain() {
+        if (this.props.api.useExisting)
+            return;
+        this.apiToAnyTargetRestApi.domain = this.apiManager.createApiDomain(`${this.id}-api-domain`, this, this.isProductionStage() || this.props.skipStageForARecords
+            ? `${this.props.apiSubDomain}.${this.fullyQualifiedDomainName}`
+            : `${this.props.apiSubDomain}-${this.props.stage}.${this.fullyQualifiedDomainName}`, this.apiToAnyTargetRestApi.certificate);
+    }
+    createApiBasePathMapping() {
+        if (this.props.api.useExisting)
+            return;
+        new aws_apigateway_1.BasePathMapping(this, `${this.id}-base-bath-mapping`, {
+            basePath: '',
+            domainName: this.apiToAnyTargetRestApi.domain,
+            restApi: this.apiToAnyTargetRestApi.api,
+            stage: this.apiToAnyTargetRestApi.api.deploymentStage,
+        });
+    }
+    createApiRouteAssets() {
+        if (this.props.api.useExisting)
+            return;
+        this.route53Manager.createApiGatewayARecord(`${this.id}-custom-domain-a-record`, this, this.props.apiSubDomain, this.apiToAnyTargetRestApi.domain, this.apiToAnyTargetRestApi.hostedZone, this.props.skipStageForARecords);
+    }
+}
+exports.ApiToAnyTarget = ApiToAnyTarget;

package/dist/src/lib/construct/api-to-any-target/target.d.ts

@@ -0,0 +1,23 @@
+import { IRestApi, IAuthorizer, BasePathMapping, DomainName, Integration, Method, MethodResponse, Resource } from 'aws-cdk-lib/aws-apigateway';
+import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager';
+import { LogGroup } from 'aws-cdk-lib/aws-logs';
+import { IHostedZone } from 'aws-cdk-lib/aws-route53';
+import { ApiToAnyTargetRestApiType } from './types';
+export declare class ApiToAnyTargetRestApi implements ApiToAnyTargetRestApiType {
+    accessLogGroup: LogGroup;
+    api: IRestApi;
+    authoriser?: IAuthorizer;
+    basePathMappings: BasePathMapping[];
+    certificate: ICertificate;
+    domain: DomainName;
+    hostedZone: IHostedZone;
+    integration: Integration;
+    method: {
+        [httpMethod: string]: Method;
+    };
+    methodErrorResponse: MethodResponse;
+    methodResponse: MethodResponse;
+    resource: {
+        [path: string]: Resource;
+    };
+}

package/dist/src/lib/construct/api-to-any-target/target.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiToAnyTargetRestApi = void 0;
+class ApiToAnyTargetRestApi {
+    accessLogGroup;
+    api;
+    authoriser;
+    basePathMappings;
+    certificate;
+    domain;
+    hostedZone;
+    integration;
+    method;
+    methodErrorResponse;
+    methodResponse;
+    resource;
+}
+exports.ApiToAnyTargetRestApi = ApiToAnyTargetRestApi;

package/dist/src/lib/construct/api-to-any-target/types.d.ts

@@ -0,0 +1,57 @@
+import { BasePathMapping, DomainName, IAuthorizer, IResource, IRestApi, Integration, Method, MethodResponse, Resource, RestApiProps } from 'aws-cdk-lib/aws-apigateway';
+import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager';
+import { LogGroup } from 'aws-cdk-lib/aws-logs';
+import { IHostedZone } from 'aws-cdk-lib/aws-route53';
+import { CommonStackProps } from '../../common';
+import { AcmProps } from '../../services';
+export interface ApiToAnyTargetRestApiType {
+    accessLogGroup: LogGroup;
+    api: IRestApi;
+    authoriser?: IAuthorizer;
+    basePathMappings: BasePathMapping[];
+    certificate: ICertificate;
+    domain: DomainName;
+    hostedZone: IHostedZone;
+    integration: Integration;
+    method: {
+        [httpMethod: string]: Method;
+    };
+    methodErrorResponse: MethodResponse;
+    methodResponse: MethodResponse;
+    resource: {
+        [path: string]: Resource;
+    };
+}
+export interface ApiToAnyTargetRestApiResource {
+    addProxy: boolean;
+    authorizer?: IAuthorizer;
+    allowedOrigins?: string[];
+    allowedMethods?: string[];
+    allowedHeaders?: string[];
+    integration: Integration;
+    methodRequestParameters?: {
+        [param: string]: boolean;
+    };
+    path: string;
+    parent?: IResource;
+    proxyIntegration?: Integration;
+}
+export interface ApiToAnyTargetRestApiProps {
+    certificate: AcmProps;
+    importedRestApiRef?: string;
+    importedRestApiRootResourceRef?: string;
+    methodErrorResponse: MethodResponse;
+    methodResponse: MethodResponse;
+    restApi: RestApiProps;
+    useExisting: boolean;
+    withResource?: boolean;
+}
+export interface ApiToAnyTargetProps extends CommonStackProps {
+    api: ApiToAnyTargetRestApiProps;
+    apiRootPaths?: string[];
+    apiSubDomain: string;
+    logLevel: string;
+    nodeEnv: string;
+    timezone: string;
+    useExistingHostedZone: boolean;
+}

package/dist/src/lib/construct/api-to-any-target/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/src/lib/construct/index.d.ts

@@ -1,3 +1,4 @@
+export * from './api-to-any-target';
 export * from './api-to-eventbridge-target';
 export * from './api-to-eventbridge-target-with-sns';
 export * from './api-to-lambda-target';

package/dist/src/lib/construct/index.js

@@ -14,6 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./api-to-any-target"), exports);
 __exportStar(require("./api-to-eventbridge-target"), exports);
 __exportStar(require("./api-to-eventbridge-target-with-sns"), exports);
 __exportStar(require("./api-to-lambda-target"), exports);

package/dist/src/lib/construct/site-with-ecs-backend/main.d.ts

@@ -12,7 +12,7 @@ import * as s3 from 'aws-cdk-lib/aws-s3';
 import * as efs from 'aws-cdk-lib/aws-efs';
 import { Construct } from 'constructs';
 import { CommonConstruct } from '../../common';
-import { SiteWithEcsBackendProps, SiteResponseHeadersPolicyProps } from './types';
+import { SiteWithEcsBackendProps, SiteResponseHeadersPolicyProps, SiteCachePolicyProps } from './types';
 /**
  * @classdesc Provides a construct to create and deploy a site hosted with an clustered ECS/ELB backend
  * @example
@@ -126,7 +126,8 @@ export declare class SiteWithEcsBackend extends CommonConstruct {
      * Method to create log bucket for site distribution
      */
     protected createSiteLogBucket(): void;
-    protected createSiteCacheConfigPolicy(): void;
+    protected createSiteCachePolicy(id: string, siteCachePolicy: SiteCachePolicyProps): cdk.aws_cloudfront.CachePolicy;
+    protected createSiteOriginCachePolicy(): void;
     protected createSiteOriginRequestPolicy(): void;
     protected createResponseHeaderPolicy(props: SiteResponseHeadersPolicyProps): cdk.aws_cloudfront.ResponseHeadersPolicy | undefined;
     protected createSiteOriginResponseHeadersPolicy(): void;

package/dist/src/lib/construct/site-with-ecs-backend/main.js

@@ -104,7 +104,7 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
         this.createEcsBuildArgs();
         this.createEcsContainerImage();
         this.createEcsService();
-        this.createSiteCacheConfigPolicy();
+        this.createSiteOriginCachePolicy();
         this.createSiteOriginRequestPolicy();
         this.createSiteOriginResponseHeadersPolicy();
         this.createSiteOrigin();
@@ -347,20 +347,23 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
     createSiteLogBucket() {
         this.siteLogBucket = this.s3Manager.createS3Bucket(`${this.id}-site-logs`, this, this.props.siteLogBucket);
     }
-    createSiteCacheConfigPolicy() {
-        if (!this.props.siteCachePolicy)
-            return;
-        this.siteCachePolicy = new cloudfront.CachePolicy(this, `${this.id}-site-cache-policy`, {
-            cachePolicyName: `${this.id}-site-cache-policy`,
+    createSiteCachePolicy(id, siteCachePolicy) {
+        return new cloudfront.CachePolicy(this, `${id}`, {
+            cachePolicyName: `${this.id}-${siteCachePolicy.cachePolicyName}`,
             comment: `Policy for ${this.id}-distribution - ${this.props.stage} stage`,
-            defaultTtl: cdk.Duration.seconds(this.props.siteCachePolicy.defaultTtlInSeconds),
-            minTtl: cdk.Duration.seconds(this.props.siteCachePolicy.minTtlInSeconds),
-            maxTtl: cdk.Duration.seconds(this.props.siteCachePolicy.maxTtlInSeconds),
-            enableAcceptEncodingGzip: this.props.siteCachePolicy.enableAcceptEncodingGzip,
-            queryStringBehavior: this.props.siteCachePolicy.queryStringBehavior,
-            headerBehavior: this.props.siteCachePolicy.headerBehavior,
-            cookieBehavior: this.props.siteCachePolicy.cookieBehavior,
+            defaultTtl: cdk.Duration.seconds(siteCachePolicy.defaultTtlInSeconds),
+            minTtl: cdk.Duration.seconds(siteCachePolicy.minTtlInSeconds),
+            maxTtl: cdk.Duration.seconds(siteCachePolicy.maxTtlInSeconds),
+            enableAcceptEncodingGzip: siteCachePolicy.enableAcceptEncodingGzip,
+            queryStringBehavior: siteCachePolicy.queryStringBehavior,
+            headerBehavior: siteCachePolicy.headerBehavior,
+            cookieBehavior: siteCachePolicy.cookieBehavior,
         });
+    }
+    createSiteOriginCachePolicy() {
+        if (!this.props.siteCachePolicy)
+            return;
+        this.siteCachePolicy = this.createSiteCachePolicy(`${this.id}-site-cache-policy`, this.props.siteCachePolicy);
         _.assign(this.props.siteDistribution.defaultBehavior, {
             cachePolicy: this.siteCachePolicy,
         });
@@ -387,6 +390,7 @@ class SiteWithEcsBackend extends common_1.CommonConstruct {
             comment: `Response Header Policy for ${props.type} for ${this.id}-distribution - ${this.props.stage} stage`,
             responseHeadersPolicyName: `${this.id}-${props.type}-response`,
             securityHeadersBehavior: {
+                ...props.securityHeadersBehavior,
                 strictTransportSecurity: {
                     ...props.securityHeadersBehavior?.strictTransportSecurity,
                     accessControlMaxAge: cdk.Duration.seconds(props.securityHeadersBehavior?.strictTransportSecurity?.accessControlMaxAgeInSeconds),

package/dist/src/lib/services/aws/api-gateway/main.d.ts

@@ -52,7 +52,9 @@ export declare class ApiManager {
      * @param methodRequestParameters
      * @param proxyIntegration
      */
-    createApiResource(id: string, scope: CommonConstruct, parent: apig.IResource, path: string, integration: apig.Integration, addProxy: boolean, authorizer?: apig.IAuthorizer, allowedOrigins?: string[], allowedMethods?: string[], allowedHeaders?: string[], methodRequestParameters?: any, proxyIntegration?: apig.Integration): apig.Resource;
+    createApiResource(id: string, scope: CommonConstruct, parent: apig.IResource, path: string, integration: apig.Integration, addProxy: boolean, authorizer?: apig.IAuthorizer, allowedOrigins?: string[], allowedMethods?: string[], allowedHeaders?: string[], methodRequestParameters?: {
+        [param: string]: boolean;
+    }, proxyIntegration?: apig.Integration): apig.Resource;
     /**
      * @summary Method to create an api deployment
      * @param id

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gradientedge/cdk-utils",
-  "version": "8.113.0",
+  "version": "8.115.0",
   "description": "Utilities for AWS CDK provisioning",
   "main": "dist/index.js",
   "engines": {
@@ -46,14 +46,14 @@
     }
   },
   "dependencies": {
-    "@aws-sdk/client-secrets-manager": "^3.385.0",
-    "@aws-sdk/credential-providers": "^3.385.0",
-    "@aws-sdk/types": "^3.378.0",
-    "@types/lodash": "^4.14.196",
-    "@types/node": "^20.4.8",
+    "@aws-sdk/client-secrets-manager": "^3.395.0",
+    "@aws-sdk/credential-providers": "^3.395.0",
+    "@aws-sdk/types": "^3.391.0",
+    "@types/lodash": "^4.14.197",
+    "@types/node": "^20.5.1",
     "@types/uuid": "^9.0.2",
     "app-root-path": "^3.1.0",
-    "aws-cdk-lib": "^2.90.0",
+    "aws-cdk-lib": "^2.92.0",
     "constructs": "^10.2.69",
     "lodash": "^4.17.21",
     "moment": "^2.29.4",
@@ -63,22 +63,22 @@
     "uuid": "^9.0.0"
   },
   "devDependencies": {
-    "@babel/core": "^7.22.9",
-    "@babel/eslint-parser": "^7.22.9",
+    "@babel/core": "^7.22.10",
+    "@babel/eslint-parser": "^7.22.10",
     "@babel/plugin-proposal-class-properties": "^7.18.6",
     "@types/jest": "^29.5.3",
-    "@typescript-eslint/eslint-plugin": "^6.2.1",
-    "@typescript-eslint/parser": "^6.2.1",
-    "aws-cdk": "^2.90.0",
+    "@typescript-eslint/eslint-plugin": "^6.4.0",
+    "@typescript-eslint/parser": "^6.4.0",
+    "aws-cdk": "^2.92.0",
     "better-docs": "^2.7.2",
     "codecov": "^3.8.3",
     "commitizen": "^4.3.0",
     "docdash": "^2.0.1",
     "dotenv": "^16.3.1",
-    "eslint": "^8.46.0",
+    "eslint": "^8.47.0",
     "eslint-config-prettier": "^9.0.0",
-    "eslint-plugin-import": "^2.28.0",
-    "eslint-plugin-jsdoc": "^46.4.6",
+    "eslint-plugin-import": "^2.28.1",
+    "eslint-plugin-jsdoc": "^46.5.0",
     "husky": "^8.0.3",
     "jest": "^29.6.2",
     "jest-extended": "^4.0.1",
@@ -88,10 +88,10 @@
     "jsdoc-mermaid": "^1.0.0",
     "jsdoc-plugin-typescript": "^2.2.1",
     "jsdoc-to-markdown": "^8.0.0",
-    "prettier": "^3.0.1",
+    "prettier": "^3.0.2",
     "prettier-plugin-organize-imports": "^3.2.3",
     "rimraf": "^5.0.1",
-    "semantic-release": "^21.0.7",
+    "semantic-release": "^21.0.9",
     "taffydb": "^2.7.3",
     "ts-jest": "^29.1.1",
     "ts-node": "^10.9.1",

package/src/lib/construct/api-to-any-target/index.ts

@@ -0,0 +1,3 @@
+export * from './main'
+export * from './target'
+export * from './types'

package/src/lib/construct/api-to-any-target/main.ts

@@ -0,0 +1,225 @@
+import { Fn, RemovalPolicy } from 'aws-cdk-lib'
+import {
+  AccessLogFormat,
+  BasePathMapping,
+  Cors,
+  EndpointType,
+  LogGroupLogDestination,
+  MethodLoggingLevel,
+  Resource,
+  RestApi,
+} from 'aws-cdk-lib/aws-apigateway'
+import { ISecret } from 'aws-cdk-lib/aws-secretsmanager'
+import { Construct } from 'constructs'
+import { CommonConstruct } from '../../common'
+import { ApiToAnyTargetProps, ApiToAnyTargetRestApiResource, ApiToAnyTargetRestApiType } from './types'
+import { ApiToAnyTargetRestApi } from './target'
+
+/**
+ * @classdesc Provides a construct to create and deploy a shallow API Gateway
+ * @example
+ * import { ApiToAnyTarget, ApiToAnyTargetProps } '@gradientedge/cdk-utils'
+ * import { Construct } from 'constructs'
+ *
+ * class CustomConstruct extends ApiToAnyTarget {
+ *   constructor(parent: Construct, id: string, props: ApiToAnyTargetProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+export class ApiToAnyTarget extends CommonConstruct {
+  props: ApiToAnyTargetProps
+  id: string
+
+  /* application related resources */
+  applicationSecrets: ISecret[]
+
+  /* rest restApi related resources */
+  apiToAnyTargetRestApi: ApiToAnyTargetRestApiType
+  apiResource: string
+
+  constructor(parent: Construct, id: string, props: ApiToAnyTargetProps) {
+    super(parent, id, props)
+    this.props = props
+    this.id = id
+
+    this.apiToAnyTargetRestApi = new ApiToAnyTargetRestApi()
+  }
+
+  protected initResources() {
+    /* application related resources */
+    this.resolveSecrets()
+
+    /* core resources */
+    this.resolveHostedZone()
+    this.resolveCertificate()
+
+    /* restApi related resources */
+    this.createApiToAnyTargetRestApiLogGroup()
+    this.createApiToAnyTargetRestApi()
+    this.createApiDomain()
+    this.createApiBasePathMapping()
+    this.createApiRouteAssets()
+  }
+
+  /**
+   * @summary Method to resolve secrets from SecretsManager
+   * - To be implemented in the overriding method in the implementation class
+   */
+  protected resolveSecrets() {
+    this.applicationSecrets = []
+  }
+
+  /**
+   * @summary Method to resolve a hosted zone based on domain attributes
+   */
+  protected resolveHostedZone() {
+    this.apiToAnyTargetRestApi.hostedZone = this.route53Manager.withHostedZoneFromFullyQualifiedDomainName(
+      `${this.id}-hosted-zone`,
+      this,
+      this.props.useExistingHostedZone
+    )
+  }
+
+  /**
+   * @summary Method to resolve a certificate based on attributes
+   */
+  protected resolveCertificate() {
+    if (this.props.api.useExisting) return
+    if (
+      this.props.api.certificate.useExistingCertificate &&
+      this.props.api.certificate.certificateSsmName &&
+      this.props.api.certificate.certificateRegion
+    ) {
+      this.props.api.certificate.certificateArn = this.ssmManager.readStringParameterFromRegion(
+        `${this.id}-certificate-param`,
+        this,
+        this.props.api.certificate.certificateSsmName,
+        this.props.api.certificate.certificateRegion
+      )
+    }
+
+    this.apiToAnyTargetRestApi.certificate = this.acmManager.resolveCertificate(
+      `${this.id}-certificate`,
+      this,
+      this.props.api.certificate
+    )
+  }
+
+  protected createApiToAnyTargetRestApiLogGroup() {
+    this.apiToAnyTargetRestApi.accessLogGroup = this.logManager.createLogGroup(`${this.id}-rest-api-access-log`, this, {
+      logGroupName: `/custom/api/${this.id}-rest-api-access`,
+      removalPolicy: RemovalPolicy.DESTROY,
+    })
+  }
+
+  protected createApiToAnyTargetRestApi() {
+    if (this.props.api.useExisting && this.props.api.importedRestApiRef) {
+      this.apiToAnyTargetRestApi.api = RestApi.fromRestApiId(
+        this,
+        `${this.id}-rest-api`,
+        Fn.importValue(this.props.api.importedRestApiRef)
+      )
+      return
+    }
+
+    this.apiToAnyTargetRestApi.api = new RestApi(this, `${this.id}-rest-api`, {
+      ...{
+        cloudWatchRole: this.props.api.restApi?.cloudWatchRole ?? true,
+        defaultCorsPreflightOptions: {
+          allowHeaders: Cors.DEFAULT_HEADERS,
+          allowMethods: Cors.ALL_METHODS,
+          allowOrigins: Cors.ALL_ORIGINS,
+        },
+        defaultIntegration: this.apiToAnyTargetRestApi.integration,
+        defaultMethodOptions: {
+          methodResponses: [this.apiToAnyTargetRestApi.methodResponse, this.apiToAnyTargetRestApi.methodErrorResponse],
+        },
+        deploy: this.props.api.restApi?.deploy ?? true,
+        deployOptions: {
+          accessLogDestination: new LogGroupLogDestination(this.apiToAnyTargetRestApi.accessLogGroup),
+          accessLogFormat: AccessLogFormat.jsonWithStandardFields(),
+          dataTraceEnabled: this.props.api.restApi?.deployOptions?.dataTraceEnabled,
+          description: `${this.id} - ${this.props.stage} stage`,
+          loggingLevel: MethodLoggingLevel.INFO,
+          metricsEnabled: true,
+          stageName: this.props.stage,
+          tracingEnabled: this.props.api.restApi?.deployOptions?.tracingEnabled,
+        },
+        endpointConfiguration: {
+          types: [this.isProductionStage() ? EndpointType.EDGE : EndpointType.REGIONAL],
+        },
+        restApiName: `${this.id}-rest-api-${this.props.stage}`,
+      },
+      ...this.props.api.restApi,
+    })
+    this.addCfnOutput(`${this.id}-restApiId`, this.apiToAnyTargetRestApi.api.restApiId)
+    this.addCfnOutput(`${this.id}-restApiRootResourceId`, this.apiToAnyTargetRestApi.api.root.resourceId)
+  }
+
+  protected createApiToAnyTargetResource(apiResourceProps: ApiToAnyTargetRestApiResource) {
+    if (!this.props.api.withResource) return
+    let rootResource
+    if (this.props.api.withResource && this.props.api.importedRestApiRootResourceRef) {
+      rootResource = Resource.fromResourceAttributes(this, `${this.id}-root-resource-for-${apiResourceProps.path}`, {
+        path: '/',
+        resourceId: Fn.importValue(this.props.api.importedRestApiRootResourceRef),
+        restApi: this.apiToAnyTargetRestApi.api,
+      })
+    } else {
+      rootResource = this.apiToAnyTargetRestApi.api.root
+    }
+
+    return this.apiManager.createApiResource(
+      `${this.id}-resource-${apiResourceProps.path}}`,
+      this,
+      apiResourceProps.parent ?? rootResource,
+      apiResourceProps.path,
+      apiResourceProps.integration,
+      apiResourceProps.addProxy,
+      apiResourceProps.authorizer,
+      apiResourceProps.allowedOrigins,
+      apiResourceProps.allowedMethods,
+      apiResourceProps.allowedHeaders,
+      apiResourceProps.methodRequestParameters,
+      apiResourceProps.proxyIntegration
+    )
+  }
+
+  protected createApiDomain() {
+    if (this.props.api.useExisting) return
+    this.apiToAnyTargetRestApi.domain = this.apiManager.createApiDomain(
+      `${this.id}-api-domain`,
+      this,
+      this.isProductionStage() || this.props.skipStageForARecords
+        ? `${this.props.apiSubDomain}.${this.fullyQualifiedDomainName}`
+        : `${this.props.apiSubDomain}-${this.props.stage}.${this.fullyQualifiedDomainName}`,
+      this.apiToAnyTargetRestApi.certificate
+    )
+  }
+
+  protected createApiBasePathMapping() {
+    if (this.props.api.useExisting) return
+    new BasePathMapping(this, `${this.id}-base-bath-mapping`, {
+      basePath: '',
+      domainName: this.apiToAnyTargetRestApi.domain,
+      restApi: this.apiToAnyTargetRestApi.api,
+      stage: this.apiToAnyTargetRestApi.api.deploymentStage,
+    })
+  }
+
+  protected createApiRouteAssets() {
+    if (this.props.api.useExisting) return
+    this.route53Manager.createApiGatewayARecord(
+      `${this.id}-custom-domain-a-record`,
+      this,
+      this.props.apiSubDomain,
+      this.apiToAnyTargetRestApi.domain,
+      this.apiToAnyTargetRestApi.hostedZone,
+      this.props.skipStageForARecords
+    )
+  }
+}

package/src/lib/construct/api-to-any-target/target.ts

@@ -0,0 +1,29 @@
+import {
+  IRestApi,
+  IAuthorizer,
+  BasePathMapping,
+  DomainName,
+  Integration,
+  Method,
+  MethodResponse,
+  Resource,
+} from 'aws-cdk-lib/aws-apigateway'
+import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager'
+import { LogGroup } from 'aws-cdk-lib/aws-logs'
+import { IHostedZone } from 'aws-cdk-lib/aws-route53'
+import { ApiToAnyTargetRestApiType } from './types'
+
+export class ApiToAnyTargetRestApi implements ApiToAnyTargetRestApiType {
+  accessLogGroup: LogGroup
+  api: IRestApi
+  authoriser?: IAuthorizer
+  basePathMappings: BasePathMapping[]
+  certificate: ICertificate
+  domain: DomainName
+  hostedZone: IHostedZone
+  integration: Integration
+  method: { [httpMethod: string]: Method }
+  methodErrorResponse: MethodResponse
+  methodResponse: MethodResponse
+  resource: { [path: string]: Resource }
+}

package/src/lib/construct/api-to-any-target/types.ts

@@ -0,0 +1,66 @@
+import {
+  BasePathMapping,
+  DomainName,
+  IAuthorizer,
+  IResource,
+  IRestApi,
+  Integration,
+  Method,
+  MethodResponse,
+  Resource,
+  RestApiProps,
+} from 'aws-cdk-lib/aws-apigateway'
+import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager'
+import { LogGroup } from 'aws-cdk-lib/aws-logs'
+import { IHostedZone } from 'aws-cdk-lib/aws-route53'
+import { CommonStackProps } from '../../common'
+import { AcmProps } from '../../services'
+
+export interface ApiToAnyTargetRestApiType {
+  accessLogGroup: LogGroup
+  api: IRestApi
+  authoriser?: IAuthorizer
+  basePathMappings: BasePathMapping[]
+  certificate: ICertificate
+  domain: DomainName
+  hostedZone: IHostedZone
+  integration: Integration
+  method: { [httpMethod: string]: Method }
+  methodErrorResponse: MethodResponse
+  methodResponse: MethodResponse
+  resource: { [path: string]: Resource }
+}
+
+export interface ApiToAnyTargetRestApiResource {
+  addProxy: boolean
+  authorizer?: IAuthorizer
+  allowedOrigins?: string[]
+  allowedMethods?: string[]
+  allowedHeaders?: string[]
+  integration: Integration
+  methodRequestParameters?: { [param: string]: boolean }
+  path: string
+  parent?: IResource
+  proxyIntegration?: Integration
+}
+
+export interface ApiToAnyTargetRestApiProps {
+  certificate: AcmProps
+  importedRestApiRef?: string
+  importedRestApiRootResourceRef?: string
+  methodErrorResponse: MethodResponse
+  methodResponse: MethodResponse
+  restApi: RestApiProps
+  useExisting: boolean
+  withResource?: boolean
+}
+
+export interface ApiToAnyTargetProps extends CommonStackProps {
+  api: ApiToAnyTargetRestApiProps
+  apiRootPaths?: string[]
+  apiSubDomain: string
+  logLevel: string
+  nodeEnv: string
+  timezone: string
+  useExistingHostedZone: boolean
+}

package/src/lib/construct/index.ts

@@ -1,3 +1,4 @@
+export * from './api-to-any-target'
 export * from './api-to-eventbridge-target'
 export * from './api-to-eventbridge-target-with-sns'
 export * from './api-to-lambda-target'

package/src/lib/construct/site-with-ecs-backend/main.ts

@@ -14,7 +14,7 @@ import * as s3 from 'aws-cdk-lib/aws-s3'
 import * as efs from 'aws-cdk-lib/aws-efs'
 import { Construct } from 'constructs'
 import { CommonConstruct } from '../../common'
-import { SiteWithEcsBackendProps, SiteResponseHeadersPolicyProps } from './types'
+import { SiteWithEcsBackendProps, SiteResponseHeadersPolicyProps, SiteCachePolicyProps } from './types'
 
 /**
  * @classdesc Provides a construct to create and deploy a site hosted with an clustered ECS/ELB backend
@@ -92,7 +92,7 @@ export class SiteWithEcsBackend extends CommonConstruct {
     this.createEcsBuildArgs()
     this.createEcsContainerImage()
     this.createEcsService()
-    this.createSiteCacheConfigPolicy()
+    this.createSiteOriginCachePolicy()
     this.createSiteOriginRequestPolicy()
     this.createSiteOriginResponseHeadersPolicy()
     this.createSiteOrigin()
@@ -410,20 +410,23 @@ export class SiteWithEcsBackend extends CommonConstruct {
     this.siteLogBucket = this.s3Manager.createS3Bucket(`${this.id}-site-logs`, this, this.props.siteLogBucket)
   }
 
-  protected createSiteCacheConfigPolicy() {
-    if (!this.props.siteCachePolicy) return
-    this.siteCachePolicy = new cloudfront.CachePolicy(this, `${this.id}-site-cache-policy`, {
-      cachePolicyName: `${this.id}-site-cache-policy`,
+  protected createSiteCachePolicy(id: string, siteCachePolicy: SiteCachePolicyProps) {
+    return new cloudfront.CachePolicy(this, `${id}`, {
+      cachePolicyName: `${this.id}-${siteCachePolicy.cachePolicyName}`,
       comment: `Policy for ${this.id}-distribution - ${this.props.stage} stage`,
-      defaultTtl: cdk.Duration.seconds(this.props.siteCachePolicy.defaultTtlInSeconds),
-      minTtl: cdk.Duration.seconds(this.props.siteCachePolicy.minTtlInSeconds),
-      maxTtl: cdk.Duration.seconds(this.props.siteCachePolicy.maxTtlInSeconds),
-      enableAcceptEncodingGzip: this.props.siteCachePolicy.enableAcceptEncodingGzip,
-      queryStringBehavior: this.props.siteCachePolicy.queryStringBehavior,
-      headerBehavior: this.props.siteCachePolicy.headerBehavior,
-      cookieBehavior: this.props.siteCachePolicy.cookieBehavior,
+      defaultTtl: cdk.Duration.seconds(siteCachePolicy.defaultTtlInSeconds),
+      minTtl: cdk.Duration.seconds(siteCachePolicy.minTtlInSeconds),
+      maxTtl: cdk.Duration.seconds(siteCachePolicy.maxTtlInSeconds),
+      enableAcceptEncodingGzip: siteCachePolicy.enableAcceptEncodingGzip,
+      queryStringBehavior: siteCachePolicy.queryStringBehavior,
+      headerBehavior: siteCachePolicy.headerBehavior,
+      cookieBehavior: siteCachePolicy.cookieBehavior,
     })
+  }
 
+  protected createSiteOriginCachePolicy() {
+    if (!this.props.siteCachePolicy) return
+    this.siteCachePolicy = this.createSiteCachePolicy(`${this.id}-site-cache-policy`, this.props.siteCachePolicy)
     _.assign(this.props.siteDistribution.defaultBehavior, {
       cachePolicy: this.siteCachePolicy,
     })
@@ -451,6 +454,7 @@ export class SiteWithEcsBackend extends CommonConstruct {
       comment: `Response Header Policy for ${props.type} for ${this.id}-distribution - ${this.props.stage} stage`,
       responseHeadersPolicyName: `${this.id}-${props.type}-response`,
       securityHeadersBehavior: {
+        ...props.securityHeadersBehavior,
         strictTransportSecurity: {
           ...props.securityHeadersBehavior?.strictTransportSecurity,
           accessControlMaxAge: cdk.Duration.seconds(

package/src/lib/services/aws/api-gateway/main.ts

@@ -135,7 +135,7 @@ export class ApiManager {
     allowedOrigins?: string[],
     allowedMethods?: string[],
     allowedHeaders?: string[],
-    methodRequestParameters?: any,
+    methodRequestParameters?: { [param: string]: boolean },
     proxyIntegration?: apig.Integration
   ) {
     const methods = allowedMethods ?? apig.Cors.ALL_METHODS