@gradientedge/cdk-utils 8.114.0 → 8.116.0

package/dist/src/lib/construct/api-to-any-target/index.d.ts

@@ -0,0 +1,3 @@
+export * from './main';
+export * from './target';
+export * from './types';

package/dist/src/lib/construct/api-to-any-target/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./main"), exports);
+__exportStar(require("./target"), exports);
+__exportStar(require("./types"), exports);

package/dist/src/lib/construct/api-to-any-target/main.d.ts

@@ -0,0 +1,48 @@
+import { Resource } from 'aws-cdk-lib/aws-apigateway';
+import { ISecret } from 'aws-cdk-lib/aws-secretsmanager';
+import { Construct } from 'constructs';
+import { CommonConstruct } from '../../common';
+import { ApiToAnyTargetProps, ApiToAnyTargetRestApiResource, ApiToAnyTargetRestApiType } from './types';
+/**
+ * @classdesc Provides a construct to create and deploy a shallow API Gateway
+ * @example
+ * import { ApiToAnyTarget, ApiToAnyTargetProps } '@gradientedge/cdk-utils'
+ * import { Construct } from 'constructs'
+ *
+ * class CustomConstruct extends ApiToAnyTarget {
+ *   constructor(parent: Construct, id: string, props: ApiToAnyTargetProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+export declare class ApiToAnyTarget extends CommonConstruct {
+    props: ApiToAnyTargetProps;
+    id: string;
+    applicationSecrets: ISecret[];
+    apiToAnyTargetRestApi: ApiToAnyTargetRestApiType;
+    apiResource: string;
+    constructor(parent: Construct, id: string, props: ApiToAnyTargetProps);
+    protected initResources(): void;
+    /**
+     * @summary Method to resolve secrets from SecretsManager
+     * - To be implemented in the overriding method in the implementation class
+     */
+    protected resolveSecrets(): void;
+    /**
+     * @summary Method to resolve a hosted zone based on domain attributes
+     */
+    protected resolveHostedZone(): void;
+    /**
+     * @summary Method to resolve a certificate based on attributes
+     */
+    protected resolveCertificate(): void;
+    protected createApiToAnyTargetRestApiLogGroup(): void;
+    protected createApiToAnyTargetRestApi(): void;
+    protected createApiToAnyTargetResource(apiResourceProps: ApiToAnyTargetRestApiResource): Resource | undefined;
+    protected createApiDomain(): void;
+    protected createApiBasePathMapping(): void;
+    protected createApiRouteAssets(): void;
+}

package/dist/src/lib/construct/api-to-any-target/main.js

@@ -0,0 +1,159 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiToAnyTarget = void 0;
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_apigateway_1 = require("aws-cdk-lib/aws-apigateway");
+const common_1 = require("../../common");
+const target_1 = require("./target");
+/**
+ * @classdesc Provides a construct to create and deploy a shallow API Gateway
+ * @example
+ * import { ApiToAnyTarget, ApiToAnyTargetProps } '@gradientedge/cdk-utils'
+ * import { Construct } from 'constructs'
+ *
+ * class CustomConstruct extends ApiToAnyTarget {
+ *   constructor(parent: Construct, id: string, props: ApiToAnyTargetProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+class ApiToAnyTarget extends common_1.CommonConstruct {
+    props;
+    id;
+    /* application related resources */
+    applicationSecrets;
+    /* rest restApi related resources */
+    apiToAnyTargetRestApi;
+    apiResource;
+    constructor(parent, id, props) {
+        super(parent, id, props);
+        this.props = props;
+        this.id = id;
+        this.apiToAnyTargetRestApi = new target_1.ApiToAnyTargetRestApi();
+    }
+    initResources() {
+        /* application related resources */
+        this.resolveSecrets();
+        /* core resources */
+        this.resolveHostedZone();
+        this.resolveCertificate();
+        /* restApi related resources */
+        this.createApiToAnyTargetRestApiLogGroup();
+        this.createApiToAnyTargetRestApi();
+        this.createApiDomain();
+        this.createApiBasePathMapping();
+        this.createApiRouteAssets();
+    }
+    /**
+     * @summary Method to resolve secrets from SecretsManager
+     * - To be implemented in the overriding method in the implementation class
+     */
+    resolveSecrets() {
+        this.applicationSecrets = [];
+    }
+    /**
+     * @summary Method to resolve a hosted zone based on domain attributes
+     */
+    resolveHostedZone() {
+        this.apiToAnyTargetRestApi.hostedZone = this.route53Manager.withHostedZoneFromFullyQualifiedDomainName(`${this.id}-hosted-zone`, this, this.props.useExistingHostedZone);
+    }
+    /**
+     * @summary Method to resolve a certificate based on attributes
+     */
+    resolveCertificate() {
+        if (this.props.api.useExisting)
+            return;
+        if (this.props.api.certificate.useExistingCertificate &&
+            this.props.api.certificate.certificateSsmName &&
+            this.props.api.certificate.certificateRegion) {
+            this.props.api.certificate.certificateArn = this.ssmManager.readStringParameterFromRegion(`${this.id}-certificate-param`, this, this.props.api.certificate.certificateSsmName, this.props.api.certificate.certificateRegion);
+        }
+        this.apiToAnyTargetRestApi.certificate = this.acmManager.resolveCertificate(`${this.id}-certificate`, this, this.props.api.certificate);
+    }
+    createApiToAnyTargetRestApiLogGroup() {
+        this.apiToAnyTargetRestApi.accessLogGroup = this.logManager.createLogGroup(`${this.id}-rest-api-access-log`, this, {
+            logGroupName: `/custom/api/${this.id}-rest-api-access`,
+            removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
+        });
+    }
+    createApiToAnyTargetRestApi() {
+        if (this.props.api.useExisting && this.props.api.importedRestApiRef) {
+            this.apiToAnyTargetRestApi.api = aws_apigateway_1.RestApi.fromRestApiId(this, `${this.id}-rest-api`, aws_cdk_lib_1.Fn.importValue(this.props.api.importedRestApiRef));
+            return;
+        }
+        this.apiToAnyTargetRestApi.api = new aws_apigateway_1.RestApi(this, `${this.id}-rest-api`, {
+            ...{
+                cloudWatchRole: this.props.api.restApi?.cloudWatchRole ?? true,
+                defaultCorsPreflightOptions: {
+                    allowHeaders: aws_apigateway_1.Cors.DEFAULT_HEADERS,
+                    allowMethods: aws_apigateway_1.Cors.ALL_METHODS,
+                    allowOrigins: aws_apigateway_1.Cors.ALL_ORIGINS,
+                },
+                defaultIntegration: this.apiToAnyTargetRestApi.integration,
+                defaultMethodOptions: {
+                    methodResponses: [this.apiToAnyTargetRestApi.methodResponse, this.apiToAnyTargetRestApi.methodErrorResponse],
+                },
+                deploy: this.props.api.restApi?.deploy ?? true,
+                deployOptions: {
+                    accessLogDestination: new aws_apigateway_1.LogGroupLogDestination(this.apiToAnyTargetRestApi.accessLogGroup),
+                    accessLogFormat: aws_apigateway_1.AccessLogFormat.jsonWithStandardFields(),
+                    dataTraceEnabled: this.props.api.restApi?.deployOptions?.dataTraceEnabled,
+                    description: `${this.id} - ${this.props.stage} stage`,
+                    loggingLevel: aws_apigateway_1.MethodLoggingLevel.INFO,
+                    metricsEnabled: true,
+                    stageName: this.props.stage,
+                    tracingEnabled: this.props.api.restApi?.deployOptions?.tracingEnabled,
+                },
+                endpointConfiguration: {
+                    types: [this.isProductionStage() ? aws_apigateway_1.EndpointType.EDGE : aws_apigateway_1.EndpointType.REGIONAL],
+                },
+                restApiName: `${this.id}-rest-api-${this.props.stage}`,
+            },
+            ...this.props.api.restApi,
+        });
+        this.addCfnOutput(`${this.id}-restApiId`, this.apiToAnyTargetRestApi.api.restApiId);
+        this.addCfnOutput(`${this.id}-restApiRootResourceId`, this.apiToAnyTargetRestApi.api.root.resourceId);
+    }
+    createApiToAnyTargetResource(apiResourceProps) {
+        if (!this.props.api.withResource)
+            return;
+        let rootResource;
+        if (this.props.api.withResource && this.props.api.importedRestApiRootResourceRef) {
+            rootResource = aws_apigateway_1.Resource.fromResourceAttributes(this, `${this.id}-root-resource-for-${apiResourceProps.path}`, {
+                path: '/',
+                resourceId: aws_cdk_lib_1.Fn.importValue(this.props.api.importedRestApiRootResourceRef),
+                restApi: this.apiToAnyTargetRestApi.api,
+            });
+        }
+        else {
+            rootResource = this.apiToAnyTargetRestApi.api.root;
+        }
+        return this.apiManager.createApiResource(`${this.id}-resource-${apiResourceProps.path}}`, this, apiResourceProps.parent ?? rootResource, apiResourceProps.path, apiResourceProps.integration, apiResourceProps.addProxy, apiResourceProps.authorizer, apiResourceProps.allowedOrigins, apiResourceProps.allowedMethods, apiResourceProps.allowedHeaders, apiResourceProps.methodRequestParameters, apiResourceProps.proxyIntegration);
+    }
+    createApiDomain() {
+        if (this.props.api.useExisting)
+            return;
+        this.apiToAnyTargetRestApi.domain = this.apiManager.createApiDomain(`${this.id}-api-domain`, this, this.isProductionStage() || this.props.skipStageForARecords
+            ? `${this.props.apiSubDomain}.${this.fullyQualifiedDomainName}`
+            : `${this.props.apiSubDomain}-${this.props.stage}.${this.fullyQualifiedDomainName}`, this.apiToAnyTargetRestApi.certificate);
+    }
+    createApiBasePathMapping() {
+        if (this.props.api.useExisting)
+            return;
+        new aws_apigateway_1.BasePathMapping(this, `${this.id}-base-bath-mapping`, {
+            basePath: '',
+            domainName: this.apiToAnyTargetRestApi.domain,
+            restApi: this.apiToAnyTargetRestApi.api,
+            stage: this.apiToAnyTargetRestApi.api.deploymentStage,
+        });
+    }
+    createApiRouteAssets() {
+        if (this.props.api.useExisting)
+            return;
+        this.route53Manager.createApiGatewayARecord(`${this.id}-custom-domain-a-record`, this, this.props.apiSubDomain, this.apiToAnyTargetRestApi.domain, this.apiToAnyTargetRestApi.hostedZone, this.props.skipStageForARecords);
+    }
+}
+exports.ApiToAnyTarget = ApiToAnyTarget;

package/dist/src/lib/construct/api-to-any-target/target.d.ts

@@ -0,0 +1,23 @@
+import { IRestApi, IAuthorizer, BasePathMapping, DomainName, Integration, Method, MethodResponse, Resource } from 'aws-cdk-lib/aws-apigateway';
+import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager';
+import { LogGroup } from 'aws-cdk-lib/aws-logs';
+import { IHostedZone } from 'aws-cdk-lib/aws-route53';
+import { ApiToAnyTargetRestApiType } from './types';
+export declare class ApiToAnyTargetRestApi implements ApiToAnyTargetRestApiType {
+    accessLogGroup: LogGroup;
+    api: IRestApi;
+    authoriser?: IAuthorizer;
+    basePathMappings: BasePathMapping[];
+    certificate: ICertificate;
+    domain: DomainName;
+    hostedZone: IHostedZone;
+    integration: Integration;
+    method: {
+        [httpMethod: string]: Method;
+    };
+    methodErrorResponse: MethodResponse;
+    methodResponse: MethodResponse;
+    resource: {
+        [path: string]: Resource;
+    };
+}

package/dist/src/lib/construct/api-to-any-target/target.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiToAnyTargetRestApi = void 0;
+class ApiToAnyTargetRestApi {
+    accessLogGroup;
+    api;
+    authoriser;
+    basePathMappings;
+    certificate;
+    domain;
+    hostedZone;
+    integration;
+    method;
+    methodErrorResponse;
+    methodResponse;
+    resource;
+}
+exports.ApiToAnyTargetRestApi = ApiToAnyTargetRestApi;

package/dist/src/lib/construct/api-to-any-target/types.d.ts

@@ -0,0 +1,57 @@
+import { BasePathMapping, DomainName, IAuthorizer, IResource, IRestApi, Integration, Method, MethodResponse, Resource, RestApiProps } from 'aws-cdk-lib/aws-apigateway';
+import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager';
+import { LogGroup } from 'aws-cdk-lib/aws-logs';
+import { IHostedZone } from 'aws-cdk-lib/aws-route53';
+import { CommonStackProps } from '../../common';
+import { AcmProps } from '../../services';
+export interface ApiToAnyTargetRestApiType {
+    accessLogGroup: LogGroup;
+    api: IRestApi;
+    authoriser?: IAuthorizer;
+    basePathMappings: BasePathMapping[];
+    certificate: ICertificate;
+    domain: DomainName;
+    hostedZone: IHostedZone;
+    integration: Integration;
+    method: {
+        [httpMethod: string]: Method;
+    };
+    methodErrorResponse: MethodResponse;
+    methodResponse: MethodResponse;
+    resource: {
+        [path: string]: Resource;
+    };
+}
+export interface ApiToAnyTargetRestApiResource {
+    addProxy: boolean;
+    authorizer?: IAuthorizer;
+    allowedOrigins?: string[];
+    allowedMethods?: string[];
+    allowedHeaders?: string[];
+    integration: Integration;
+    methodRequestParameters?: {
+        [param: string]: boolean;
+    };
+    path: string;
+    parent?: IResource;
+    proxyIntegration?: Integration;
+}
+export interface ApiToAnyTargetRestApiProps {
+    certificate: AcmProps;
+    importedRestApiRef?: string;
+    importedRestApiRootResourceRef?: string;
+    methodErrorResponse: MethodResponse;
+    methodResponse: MethodResponse;
+    restApi: RestApiProps;
+    useExisting: boolean;
+    withResource?: boolean;
+}
+export interface ApiToAnyTargetProps extends CommonStackProps {
+    api: ApiToAnyTargetRestApiProps;
+    apiRootPaths?: string[];
+    apiSubDomain: string;
+    logLevel: string;
+    nodeEnv: string;
+    timezone: string;
+    useExistingHostedZone: boolean;
+}

package/dist/src/lib/construct/api-to-any-target/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/src/lib/construct/index.d.ts

@@ -1,3 +1,4 @@
+export * from './api-to-any-target';
 export * from './api-to-eventbridge-target';
 export * from './api-to-eventbridge-target-with-sns';
 export * from './api-to-lambda-target';

package/dist/src/lib/construct/index.js

@@ -14,6 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./api-to-any-target"), exports);
 __exportStar(require("./api-to-eventbridge-target"), exports);
 __exportStar(require("./api-to-eventbridge-target-with-sns"), exports);
 __exportStar(require("./api-to-lambda-target"), exports);

package/dist/src/lib/construct/lambda-with-iam-access/main.d.ts

@@ -1,10 +1,11 @@
-import { CommonConstruct } from '../../common';
-import { Construct } from 'constructs';
-import { LambdaWithIamAccessEnvironment, LambdaWithIamAccessProps } from './types';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as efs from 'aws-cdk-lib/aws-efs';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import * as lambda from 'aws-cdk-lib/aws-lambda';
 import * as secretsManager from 'aws-cdk-lib/aws-secretsmanager';
-import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import { Construct } from 'constructs';
+import { CommonConstruct } from '../../common';
+import { LambdaWithIamAccessEnvironment, LambdaWithIamAccessProps } from './types';
 /**
  * @classdesc Provides a construct to create a lambda function with IAM access
  * @example
@@ -32,12 +33,20 @@ export declare class LambdaWithIamAccess extends CommonConstruct {
     lambdaUserAccessKey: iam.CfnAccessKey;
     lambdaUserAccessSecret: secretsManager.Secret;
     lambdaVpc: ec2.IVpc;
-    lambdaSecurityGroup: ec2.ISecurityGroup;
+    lambdaSecurityGroups: ec2.ISecurityGroup[];
+    lambdaAccessPoint: efs.IAccessPoint;
+    lambdaMountPath: string;
+    lambdaVpcSubnets: ec2.SubnetSelection;
     constructor(parent: Construct, id: string, props: LambdaWithIamAccessProps);
     /**
      * @summary Initialise and provision resources
      */
     initResources(): void;
+    protected resolveVpc(): void;
+    protected resolveSecurityGroups(): void;
+    protected resolveAccessPoint(): void;
+    protected resolveMountPath(): void;
+    protected resolveVpcSubnets(): void;
     /**
      * @summary Method to create iam policy for Lambda function
      */

package/dist/src/lib/construct/lambda-with-iam-access/main.js

@@ -24,9 +24,9 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.LambdaWithIamAccess = void 0;
-const common_1 = require("../../common");
 const iam = __importStar(require("aws-cdk-lib/aws-iam"));
 const secretsManager = __importStar(require("aws-cdk-lib/aws-secretsmanager"));
+const common_1 = require("../../common");
 /**
  * @classdesc Provides a construct to create a lambda function with IAM access
  * @example
@@ -56,7 +56,10 @@ class LambdaWithIamAccess extends common_1.CommonConstruct {
     lambdaUserAccessKey;
     lambdaUserAccessSecret;
     lambdaVpc;
-    lambdaSecurityGroup;
+    lambdaSecurityGroups;
+    lambdaAccessPoint;
+    lambdaMountPath;
+    lambdaVpcSubnets;
     constructor(parent, id, props) {
         super(parent, id, props);
         this.props = props;
@@ -66,6 +69,11 @@ class LambdaWithIamAccess extends common_1.CommonConstruct {
      * @summary Initialise and provision resources
      */
     initResources() {
+        this.resolveVpc();
+        this.resolveSecurityGroups();
+        this.resolveAccessPoint();
+        this.resolveMountPath();
+        this.resolveVpcSubnets();
         this.createLambdaPolicy();
         this.createLambdaRole();
         this.createLambdaEnvironment();
@@ -74,6 +82,11 @@ class LambdaWithIamAccess extends common_1.CommonConstruct {
         this.createIamUserForLambdaFunction();
         this.createIamSecretForLambdaFunction();
     }
+    resolveVpc() { }
+    resolveSecurityGroups() { }
+    resolveAccessPoint() { }
+    resolveMountPath() { }
+    resolveVpcSubnets() { }
     /**
      * @summary Method to create iam policy for Lambda function
      */
@@ -114,7 +127,7 @@ class LambdaWithIamAccess extends common_1.CommonConstruct {
      * @summary Method to create lambda function
      */
     createLambdaFunction() {
-        this.lambdaFunction = this.lambdaManager.createLambdaFunction(`${this.id}-lambda`, this, this.props.lambda, this.lambdaRole, this.lambdaLayers, this.props.lambdaSource, this.props.lambdaHandler || 'index.handler', this.lambdaEnvironment, this.lambdaVpc, [this.lambdaSecurityGroup], undefined, undefined, this.lambdaVpc);
+        this.lambdaFunction = this.lambdaManager.createLambdaFunction(`${this.id}-lambda`, this, this.props.lambda, this.lambdaRole, this.lambdaLayers, this.props.lambdaSource, this.props.lambdaHandler || 'index.handler', this.lambdaEnvironment, this.lambdaVpc, this.lambdaSecurityGroups, this.lambdaAccessPoint, this.lambdaMountPath, this.lambdaVpcSubnets);
     }
     /**
      * @summary Method to create iam user for the lambda function

package/dist/src/lib/services/aws/api-gateway/main.d.ts

@@ -52,7 +52,9 @@ export declare class ApiManager {
      * @param methodRequestParameters
      * @param proxyIntegration
      */
-    createApiResource(id: string, scope: CommonConstruct, parent: apig.IResource, path: string, integration: apig.Integration, addProxy: boolean, authorizer?: apig.IAuthorizer, allowedOrigins?: string[], allowedMethods?: string[], allowedHeaders?: string[], methodRequestParameters?: any, proxyIntegration?: apig.Integration): apig.Resource;
+    createApiResource(id: string, scope: CommonConstruct, parent: apig.IResource, path: string, integration: apig.Integration, addProxy: boolean, authorizer?: apig.IAuthorizer, allowedOrigins?: string[], allowedMethods?: string[], allowedHeaders?: string[], methodRequestParameters?: {
+        [param: string]: boolean;
+    }, proxyIntegration?: apig.Integration): apig.Resource;
     /**
      * @summary Method to create an api deployment
      * @param id

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gradientedge/cdk-utils",
-  "version": "8.114.0",
+  "version": "8.116.0",
   "description": "Utilities for AWS CDK provisioning",
   "main": "dist/index.js",
   "engines": {

package/src/lib/construct/api-to-any-target/index.ts

@@ -0,0 +1,3 @@
+export * from './main'
+export * from './target'
+export * from './types'

package/src/lib/construct/api-to-any-target/main.ts

@@ -0,0 +1,225 @@
+import { Fn, RemovalPolicy } from 'aws-cdk-lib'
+import {
+  AccessLogFormat,
+  BasePathMapping,
+  Cors,
+  EndpointType,
+  LogGroupLogDestination,
+  MethodLoggingLevel,
+  Resource,
+  RestApi,
+} from 'aws-cdk-lib/aws-apigateway'
+import { ISecret } from 'aws-cdk-lib/aws-secretsmanager'
+import { Construct } from 'constructs'
+import { CommonConstruct } from '../../common'
+import { ApiToAnyTargetProps, ApiToAnyTargetRestApiResource, ApiToAnyTargetRestApiType } from './types'
+import { ApiToAnyTargetRestApi } from './target'
+
+/**
+ * @classdesc Provides a construct to create and deploy a shallow API Gateway
+ * @example
+ * import { ApiToAnyTarget, ApiToAnyTargetProps } '@gradientedge/cdk-utils'
+ * import { Construct } from 'constructs'
+ *
+ * class CustomConstruct extends ApiToAnyTarget {
+ *   constructor(parent: Construct, id: string, props: ApiToAnyTargetProps) {
+ *     super(parent, id, props)
+ *     this.props = props
+ *     this.id = id
+ *     this.initResources()
+ *   }
+ * }
+ */
+export class ApiToAnyTarget extends CommonConstruct {
+  props: ApiToAnyTargetProps
+  id: string
+
+  /* application related resources */
+  applicationSecrets: ISecret[]
+
+  /* rest restApi related resources */
+  apiToAnyTargetRestApi: ApiToAnyTargetRestApiType
+  apiResource: string
+
+  constructor(parent: Construct, id: string, props: ApiToAnyTargetProps) {
+    super(parent, id, props)
+    this.props = props
+    this.id = id
+
+    this.apiToAnyTargetRestApi = new ApiToAnyTargetRestApi()
+  }
+
+  protected initResources() {
+    /* application related resources */
+    this.resolveSecrets()
+
+    /* core resources */
+    this.resolveHostedZone()
+    this.resolveCertificate()
+
+    /* restApi related resources */
+    this.createApiToAnyTargetRestApiLogGroup()
+    this.createApiToAnyTargetRestApi()
+    this.createApiDomain()
+    this.createApiBasePathMapping()
+    this.createApiRouteAssets()
+  }
+
+  /**
+   * @summary Method to resolve secrets from SecretsManager
+   * - To be implemented in the overriding method in the implementation class
+   */
+  protected resolveSecrets() {
+    this.applicationSecrets = []
+  }
+
+  /**
+   * @summary Method to resolve a hosted zone based on domain attributes
+   */
+  protected resolveHostedZone() {
+    this.apiToAnyTargetRestApi.hostedZone = this.route53Manager.withHostedZoneFromFullyQualifiedDomainName(
+      `${this.id}-hosted-zone`,
+      this,
+      this.props.useExistingHostedZone
+    )
+  }
+
+  /**
+   * @summary Method to resolve a certificate based on attributes
+   */
+  protected resolveCertificate() {
+    if (this.props.api.useExisting) return
+    if (
+      this.props.api.certificate.useExistingCertificate &&
+      this.props.api.certificate.certificateSsmName &&
+      this.props.api.certificate.certificateRegion
+    ) {
+      this.props.api.certificate.certificateArn = this.ssmManager.readStringParameterFromRegion(
+        `${this.id}-certificate-param`,
+        this,
+        this.props.api.certificate.certificateSsmName,
+        this.props.api.certificate.certificateRegion
+      )
+    }
+
+    this.apiToAnyTargetRestApi.certificate = this.acmManager.resolveCertificate(
+      `${this.id}-certificate`,
+      this,
+      this.props.api.certificate
+    )
+  }
+
+  protected createApiToAnyTargetRestApiLogGroup() {
+    this.apiToAnyTargetRestApi.accessLogGroup = this.logManager.createLogGroup(`${this.id}-rest-api-access-log`, this, {
+      logGroupName: `/custom/api/${this.id}-rest-api-access`,
+      removalPolicy: RemovalPolicy.DESTROY,
+    })
+  }
+
+  protected createApiToAnyTargetRestApi() {
+    if (this.props.api.useExisting && this.props.api.importedRestApiRef) {
+      this.apiToAnyTargetRestApi.api = RestApi.fromRestApiId(
+        this,
+        `${this.id}-rest-api`,
+        Fn.importValue(this.props.api.importedRestApiRef)
+      )
+      return
+    }
+
+    this.apiToAnyTargetRestApi.api = new RestApi(this, `${this.id}-rest-api`, {
+      ...{
+        cloudWatchRole: this.props.api.restApi?.cloudWatchRole ?? true,
+        defaultCorsPreflightOptions: {
+          allowHeaders: Cors.DEFAULT_HEADERS,
+          allowMethods: Cors.ALL_METHODS,
+          allowOrigins: Cors.ALL_ORIGINS,
+        },
+        defaultIntegration: this.apiToAnyTargetRestApi.integration,
+        defaultMethodOptions: {
+          methodResponses: [this.apiToAnyTargetRestApi.methodResponse, this.apiToAnyTargetRestApi.methodErrorResponse],
+        },
+        deploy: this.props.api.restApi?.deploy ?? true,
+        deployOptions: {
+          accessLogDestination: new LogGroupLogDestination(this.apiToAnyTargetRestApi.accessLogGroup),
+          accessLogFormat: AccessLogFormat.jsonWithStandardFields(),
+          dataTraceEnabled: this.props.api.restApi?.deployOptions?.dataTraceEnabled,
+          description: `${this.id} - ${this.props.stage} stage`,
+          loggingLevel: MethodLoggingLevel.INFO,
+          metricsEnabled: true,
+          stageName: this.props.stage,
+          tracingEnabled: this.props.api.restApi?.deployOptions?.tracingEnabled,
+        },
+        endpointConfiguration: {
+          types: [this.isProductionStage() ? EndpointType.EDGE : EndpointType.REGIONAL],
+        },
+        restApiName: `${this.id}-rest-api-${this.props.stage}`,
+      },
+      ...this.props.api.restApi,
+    })
+    this.addCfnOutput(`${this.id}-restApiId`, this.apiToAnyTargetRestApi.api.restApiId)
+    this.addCfnOutput(`${this.id}-restApiRootResourceId`, this.apiToAnyTargetRestApi.api.root.resourceId)
+  }
+
+  protected createApiToAnyTargetResource(apiResourceProps: ApiToAnyTargetRestApiResource) {
+    if (!this.props.api.withResource) return
+    let rootResource
+    if (this.props.api.withResource && this.props.api.importedRestApiRootResourceRef) {
+      rootResource = Resource.fromResourceAttributes(this, `${this.id}-root-resource-for-${apiResourceProps.path}`, {
+        path: '/',
+        resourceId: Fn.importValue(this.props.api.importedRestApiRootResourceRef),
+        restApi: this.apiToAnyTargetRestApi.api,
+      })
+    } else {
+      rootResource = this.apiToAnyTargetRestApi.api.root
+    }
+
+    return this.apiManager.createApiResource(
+      `${this.id}-resource-${apiResourceProps.path}}`,
+      this,
+      apiResourceProps.parent ?? rootResource,
+      apiResourceProps.path,
+      apiResourceProps.integration,
+      apiResourceProps.addProxy,
+      apiResourceProps.authorizer,
+      apiResourceProps.allowedOrigins,
+      apiResourceProps.allowedMethods,
+      apiResourceProps.allowedHeaders,
+      apiResourceProps.methodRequestParameters,
+      apiResourceProps.proxyIntegration
+    )
+  }
+
+  protected createApiDomain() {
+    if (this.props.api.useExisting) return
+    this.apiToAnyTargetRestApi.domain = this.apiManager.createApiDomain(
+      `${this.id}-api-domain`,
+      this,
+      this.isProductionStage() || this.props.skipStageForARecords
+        ? `${this.props.apiSubDomain}.${this.fullyQualifiedDomainName}`
+        : `${this.props.apiSubDomain}-${this.props.stage}.${this.fullyQualifiedDomainName}`,
+      this.apiToAnyTargetRestApi.certificate
+    )
+  }
+
+  protected createApiBasePathMapping() {
+    if (this.props.api.useExisting) return
+    new BasePathMapping(this, `${this.id}-base-bath-mapping`, {
+      basePath: '',
+      domainName: this.apiToAnyTargetRestApi.domain,
+      restApi: this.apiToAnyTargetRestApi.api,
+      stage: this.apiToAnyTargetRestApi.api.deploymentStage,
+    })
+  }
+
+  protected createApiRouteAssets() {
+    if (this.props.api.useExisting) return
+    this.route53Manager.createApiGatewayARecord(
+      `${this.id}-custom-domain-a-record`,
+      this,
+      this.props.apiSubDomain,
+      this.apiToAnyTargetRestApi.domain,
+      this.apiToAnyTargetRestApi.hostedZone,
+      this.props.skipStageForARecords
+    )
+  }
+}

package/src/lib/construct/api-to-any-target/target.ts

@@ -0,0 +1,29 @@
+import {
+  IRestApi,
+  IAuthorizer,
+  BasePathMapping,
+  DomainName,
+  Integration,
+  Method,
+  MethodResponse,
+  Resource,
+} from 'aws-cdk-lib/aws-apigateway'
+import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager'
+import { LogGroup } from 'aws-cdk-lib/aws-logs'
+import { IHostedZone } from 'aws-cdk-lib/aws-route53'
+import { ApiToAnyTargetRestApiType } from './types'
+
+export class ApiToAnyTargetRestApi implements ApiToAnyTargetRestApiType {
+  accessLogGroup: LogGroup
+  api: IRestApi
+  authoriser?: IAuthorizer
+  basePathMappings: BasePathMapping[]
+  certificate: ICertificate
+  domain: DomainName
+  hostedZone: IHostedZone
+  integration: Integration
+  method: { [httpMethod: string]: Method }
+  methodErrorResponse: MethodResponse
+  methodResponse: MethodResponse
+  resource: { [path: string]: Resource }
+}

package/src/lib/construct/api-to-any-target/types.ts

@@ -0,0 +1,66 @@
+import {
+  BasePathMapping,
+  DomainName,
+  IAuthorizer,
+  IResource,
+  IRestApi,
+  Integration,
+  Method,
+  MethodResponse,
+  Resource,
+  RestApiProps,
+} from 'aws-cdk-lib/aws-apigateway'
+import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager'
+import { LogGroup } from 'aws-cdk-lib/aws-logs'
+import { IHostedZone } from 'aws-cdk-lib/aws-route53'
+import { CommonStackProps } from '../../common'
+import { AcmProps } from '../../services'
+
+export interface ApiToAnyTargetRestApiType {
+  accessLogGroup: LogGroup
+  api: IRestApi
+  authoriser?: IAuthorizer
+  basePathMappings: BasePathMapping[]
+  certificate: ICertificate
+  domain: DomainName
+  hostedZone: IHostedZone
+  integration: Integration
+  method: { [httpMethod: string]: Method }
+  methodErrorResponse: MethodResponse
+  methodResponse: MethodResponse
+  resource: { [path: string]: Resource }
+}
+
+export interface ApiToAnyTargetRestApiResource {
+  addProxy: boolean
+  authorizer?: IAuthorizer
+  allowedOrigins?: string[]
+  allowedMethods?: string[]
+  allowedHeaders?: string[]
+  integration: Integration
+  methodRequestParameters?: { [param: string]: boolean }
+  path: string
+  parent?: IResource
+  proxyIntegration?: Integration
+}
+
+export interface ApiToAnyTargetRestApiProps {
+  certificate: AcmProps
+  importedRestApiRef?: string
+  importedRestApiRootResourceRef?: string
+  methodErrorResponse: MethodResponse
+  methodResponse: MethodResponse
+  restApi: RestApiProps
+  useExisting: boolean
+  withResource?: boolean
+}
+
+export interface ApiToAnyTargetProps extends CommonStackProps {
+  api: ApiToAnyTargetRestApiProps
+  apiRootPaths?: string[]
+  apiSubDomain: string
+  logLevel: string
+  nodeEnv: string
+  timezone: string
+  useExistingHostedZone: boolean
+}

package/src/lib/construct/index.ts

@@ -1,3 +1,4 @@
+export * from './api-to-any-target'
 export * from './api-to-eventbridge-target'
 export * from './api-to-eventbridge-target-with-sns'
 export * from './api-to-lambda-target'

package/src/lib/construct/lambda-with-iam-access/main.ts

@@ -1,10 +1,11 @@
-import { CommonConstruct } from '../../common'
-import { Construct } from 'constructs'
-import { LambdaWithIamAccessEnvironment, LambdaWithIamAccessProps } from './types'
+import * as ec2 from 'aws-cdk-lib/aws-ec2'
+import * as efs from 'aws-cdk-lib/aws-efs'
 import * as iam from 'aws-cdk-lib/aws-iam'
 import * as lambda from 'aws-cdk-lib/aws-lambda'
 import * as secretsManager from 'aws-cdk-lib/aws-secretsmanager'
-import * as ec2 from 'aws-cdk-lib/aws-ec2'
+import { Construct } from 'constructs'
+import { CommonConstruct } from '../../common'
+import { LambdaWithIamAccessEnvironment, LambdaWithIamAccessProps } from './types'
 
 /**
  * @classdesc Provides a construct to create a lambda function with IAM access
@@ -36,7 +37,10 @@ export class LambdaWithIamAccess extends CommonConstruct {
   lambdaUserAccessKey: iam.CfnAccessKey
   lambdaUserAccessSecret: secretsManager.Secret
   lambdaVpc: ec2.IVpc
-  lambdaSecurityGroup: ec2.ISecurityGroup
+  lambdaSecurityGroups: ec2.ISecurityGroup[]
+  lambdaAccessPoint: efs.IAccessPoint
+  lambdaMountPath: string
+  lambdaVpcSubnets: ec2.SubnetSelection
 
   constructor(parent: Construct, id: string, props: LambdaWithIamAccessProps) {
     super(parent, id, props)
@@ -49,6 +53,11 @@ export class LambdaWithIamAccess extends CommonConstruct {
    * @summary Initialise and provision resources
    */
   public initResources() {
+    this.resolveVpc()
+    this.resolveSecurityGroups()
+    this.resolveAccessPoint()
+    this.resolveMountPath()
+    this.resolveVpcSubnets()
     this.createLambdaPolicy()
     this.createLambdaRole()
     this.createLambdaEnvironment()
@@ -58,6 +67,16 @@ export class LambdaWithIamAccess extends CommonConstruct {
     this.createIamSecretForLambdaFunction()
   }
 
+  protected resolveVpc() {}
+
+  protected resolveSecurityGroups() {}
+
+  protected resolveAccessPoint() {}
+
+  protected resolveMountPath() {}
+
+  protected resolveVpcSubnets() {}
+
   /**
    * @summary Method to create iam policy for Lambda function
    */
@@ -114,10 +133,10 @@ export class LambdaWithIamAccess extends CommonConstruct {
       this.props.lambdaHandler || 'index.handler',
       this.lambdaEnvironment,
       this.lambdaVpc,
-      [this.lambdaSecurityGroup],
-      undefined,
-      undefined,
-      this.lambdaVpc
+      this.lambdaSecurityGroups,
+      this.lambdaAccessPoint,
+      this.lambdaMountPath,
+      this.lambdaVpcSubnets
     )
   }
 

package/src/lib/services/aws/api-gateway/main.ts

@@ -135,7 +135,7 @@ export class ApiManager {
     allowedOrigins?: string[],
     allowedMethods?: string[],
     allowedHeaders?: string[],
-    methodRequestParameters?: any,
+    methodRequestParameters?: { [param: string]: boolean },
     proxyIntegration?: apig.Integration
   ) {
     const methods = allowedMethods ?? apig.Cors.ALL_METHODS