@gradientedge/cdk-utils 8.118.0 → 8.119.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/app/api-destined-function/package.json +1 -1
- package/dist/src/lib/common/construct.d.ts +32 -32
- package/dist/src/lib/common/construct.js +36 -59
- package/dist/src/lib/common/stack.d.ts +8 -7
- package/dist/src/lib/common/stack.js +17 -37
- package/dist/src/lib/common/types.d.ts +2 -2
- package/dist/src/lib/construct/api-to-eventbridge-target/api.d.ts +22 -22
- package/dist/src/lib/construct/api-to-eventbridge-target/event.d.ts +9 -9
- package/dist/src/lib/construct/api-to-eventbridge-target/main.d.ts +3 -3
- package/dist/src/lib/construct/api-to-eventbridge-target/main.js +37 -60
- package/dist/src/lib/construct/api-to-eventbridge-target-with-sns/api-destined-lambda.d.ts +9 -9
- package/dist/src/lib/construct/api-to-eventbridge-target-with-sns/main.d.ts +3 -3
- package/dist/src/lib/construct/api-to-eventbridge-target-with-sns/main.js +40 -63
- package/dist/src/lib/construct/api-to-lambda-target/api.d.ts +23 -23
- package/dist/src/lib/construct/api-to-lambda-target/main.d.ts +2 -2
- package/dist/src/lib/construct/api-to-lambda-target/main.js +15 -38
- package/dist/src/lib/construct/application-configuration/main.d.ts +7 -7
- package/dist/src/lib/construct/application-configuration/main.js +17 -41
- package/dist/src/lib/construct/graphql-api-lambda/main.d.ts +17 -17
- package/dist/src/lib/construct/graphql-api-lambda/main.js +6 -29
- package/dist/src/lib/construct/graphql-api-lambda-with-cache/main.d.ts +5 -5
- package/dist/src/lib/construct/graphql-api-lambda-with-cache/main.js +7 -7
- package/dist/src/lib/construct/lambda-with-iam-access/main.d.ts +16 -16
- package/dist/src/lib/construct/lambda-with-iam-access/main.js +8 -31
- package/dist/src/lib/construct/lambda-with-iam-access/types.d.ts +4 -4
- package/dist/src/lib/construct/rest-api-lambda/main.d.ts +16 -16
- package/dist/src/lib/construct/rest-api-lambda/main.js +5 -28
- package/dist/src/lib/construct/rest-api-lambda-with-cache/main.d.ts +5 -5
- package/dist/src/lib/construct/rest-api-lambda-with-cache/main.js +9 -32
- package/dist/src/lib/construct/site-with-ecs-backend/main.d.ts +38 -39
- package/dist/src/lib/construct/site-with-ecs-backend/main.js +33 -54
- package/dist/src/lib/construct/static-asset-deployment/main.d.ts +4 -4
- package/dist/src/lib/construct/static-asset-deployment/main.js +3 -26
- package/dist/src/lib/construct/static-site/main.d.ts +15 -15
- package/dist/src/lib/construct/static-site/main.js +4 -27
- package/dist/src/lib/services/aws/api-gateway/main.d.ts +10 -10
- package/dist/src/lib/services/aws/api-gateway/main.js +21 -44
- package/dist/src/lib/services/aws/api-gateway/types.d.ts +2 -2
- package/dist/src/lib/services/aws/appconfig/main.d.ts +7 -7
- package/dist/src/lib/services/aws/appconfig/main.js +14 -37
- package/dist/src/lib/services/aws/certificate-manager/main.d.ts +5 -5
- package/dist/src/lib/services/aws/certificate-manager/main.js +10 -33
- package/dist/src/lib/services/aws/certificate-manager/types.d.ts +2 -2
- package/dist/src/lib/services/aws/cloudfront/main.d.ts +18 -18
- package/dist/src/lib/services/aws/cloudfront/main.js +46 -45
- package/dist/src/lib/services/aws/cloudfront/types.d.ts +2 -3
- package/dist/src/lib/services/aws/cloudtrail/main.d.ts +5 -5
- package/dist/src/lib/services/aws/cloudtrail/main.js +5 -28
- package/dist/src/lib/services/aws/codebuild/main.d.ts +3 -3
- package/dist/src/lib/services/aws/codebuild/main.js +7 -30
- package/dist/src/lib/services/aws/dynamodb/main.d.ts +3 -3
- package/dist/src/lib/services/aws/dynamodb/main.js +8 -31
- package/dist/src/lib/services/aws/elastic-container-registry/main.d.ts +2 -2
- package/dist/src/lib/services/aws/elastic-container-registry/main.js +4 -27
- package/dist/src/lib/services/aws/elastic-container-service/main.d.ts +10 -10
- package/dist/src/lib/services/aws/elastic-container-service/main.js +27 -50
- package/dist/src/lib/services/aws/elastic-container-service/types.d.ts +4 -4
- package/dist/src/lib/services/aws/elastic-file-system/main.d.ts +3 -3
- package/dist/src/lib/services/aws/elastic-file-system/main.js +12 -35
- package/dist/src/lib/services/aws/elastic-kubernetes-service/main.d.ts +4 -4
- package/dist/src/lib/services/aws/elastic-kubernetes-service/main.js +8 -31
- package/dist/src/lib/services/aws/elasticache/main.d.ts +4 -4
- package/dist/src/lib/services/aws/elasticache/main.js +10 -33
- package/dist/src/lib/services/aws/eventbridge/main.d.ts +13 -13
- package/dist/src/lib/services/aws/eventbridge/main.js +26 -49
- package/dist/src/lib/services/aws/eventbridge/target.d.ts +10 -10
- package/dist/src/lib/services/aws/eventbridge/target.js +6 -29
- package/dist/src/lib/services/aws/evidently/main.d.ts +7 -7
- package/dist/src/lib/services/aws/evidently/main.js +18 -41
- package/dist/src/lib/services/aws/identity-access-management/main.d.ts +48 -49
- package/dist/src/lib/services/aws/identity-access-management/main.js +110 -133
- package/dist/src/lib/services/aws/key-management-service/main.d.ts +2 -2
- package/dist/src/lib/services/aws/key-management-service/main.js +5 -28
- package/dist/src/lib/services/aws/lambda/main.d.ts +11 -13
- package/dist/src/lib/services/aws/lambda/main.js +31 -58
- package/dist/src/lib/services/aws/route53/main.d.ts +9 -9
- package/dist/src/lib/services/aws/route53/main.js +21 -44
- package/dist/src/lib/services/aws/secrets-manager/main.d.ts +5 -6
- package/dist/src/lib/services/aws/secrets-manager/main.js +10 -33
- package/dist/src/lib/services/aws/simple-notification-service/main.d.ts +4 -4
- package/dist/src/lib/services/aws/simple-notification-service/main.js +11 -34
- package/dist/src/lib/services/aws/simple-queue-service/main.d.ts +6 -7
- package/dist/src/lib/services/aws/simple-queue-service/main.js +15 -38
- package/dist/src/lib/services/aws/simple-storage-service/main.d.ts +10 -11
- package/dist/src/lib/services/aws/simple-storage-service/main.js +31 -54
- package/dist/src/lib/services/aws/step-function/main.d.ts +31 -32
- package/dist/src/lib/services/aws/step-function/main.js +33 -57
- package/dist/src/lib/services/aws/systems-manager/main.d.ts +4 -4
- package/dist/src/lib/services/aws/systems-manager/main.js +10 -33
- package/dist/src/lib/services/aws/virtual-private-cloud/main.d.ts +5 -6
- package/dist/src/lib/services/aws/virtual-private-cloud/main.js +14 -37
- package/dist/src/lib/services/aws/web-application-firewall/main.d.ts +3 -3
- package/dist/src/lib/services/aws/web-application-firewall/main.js +8 -31
- package/dist/src/lib/utils/aws/index.d.ts +6 -3
- package/dist/src/lib/utils/aws/index.js +9 -26
- package/package.json +15 -15
- package/src/lib/common/construct.ts +97 -67
- package/src/lib/common/stack.ts +12 -12
- package/src/lib/common/types.ts +2 -2
- package/src/lib/construct/api-to-eventbridge-target/api.ts +31 -22
- package/src/lib/construct/api-to-eventbridge-target/event.ts +9 -9
- package/src/lib/construct/api-to-eventbridge-target/main.ts +56 -41
- package/src/lib/construct/api-to-eventbridge-target-with-sns/api-destined-lambda.ts +9 -9
- package/src/lib/construct/api-to-eventbridge-target-with-sns/main.ts +62 -47
- package/src/lib/construct/api-to-lambda-target/api.ts +33 -23
- package/src/lib/construct/api-to-lambda-target/main.ts +24 -18
- package/src/lib/construct/application-configuration/main.ts +31 -24
- package/src/lib/construct/graphql-api-lambda/main.ts +22 -22
- package/src/lib/construct/graphql-api-lambda-with-cache/main.ts +13 -13
- package/src/lib/construct/lambda-with-iam-access/main.ts +25 -25
- package/src/lib/construct/lambda-with-iam-access/types.ts +4 -4
- package/src/lib/construct/rest-api-lambda/main.ts +21 -21
- package/src/lib/construct/rest-api-lambda-with-cache/main.ts +14 -14
- package/src/lib/construct/site-with-ecs-backend/main.ts +79 -60
- package/src/lib/construct/static-asset-deployment/main.ts +6 -6
- package/src/lib/construct/static-site/main.ts +23 -17
- package/src/lib/services/aws/api-gateway/main.ts +42 -36
- package/src/lib/services/aws/api-gateway/types.ts +2 -2
- package/src/lib/services/aws/appconfig/main.ts +19 -19
- package/src/lib/services/aws/certificate-manager/main.ts +14 -14
- package/src/lib/services/aws/certificate-manager/types.ts +2 -2
- package/src/lib/services/aws/cloudfront/main.ts +88 -74
- package/src/lib/services/aws/cloudfront/types.ts +6 -3
- package/src/lib/services/aws/cloudtrail/main.ts +11 -11
- package/src/lib/services/aws/codebuild/main.ts +7 -7
- package/src/lib/services/aws/dynamodb/main.ts +8 -8
- package/src/lib/services/aws/elastic-container-registry/main.ts +4 -4
- package/src/lib/services/aws/elastic-container-service/main.ts +48 -37
- package/src/lib/services/aws/elastic-container-service/types.ts +4 -4
- package/src/lib/services/aws/elastic-file-system/main.ts +16 -16
- package/src/lib/services/aws/elastic-kubernetes-service/main.ts +11 -11
- package/src/lib/services/aws/elasticache/main.ts +10 -10
- package/src/lib/services/aws/eventbridge/main.ts +37 -37
- package/src/lib/services/aws/eventbridge/target.ts +14 -14
- package/src/lib/services/aws/evidently/main.ts +18 -18
- package/src/lib/services/aws/identity-access-management/main.ts +142 -134
- package/src/lib/services/aws/key-management-service/main.ts +5 -5
- package/src/lib/services/aws/lambda/main.ts +65 -59
- package/src/lib/services/aws/route53/main.ts +31 -31
- package/src/lib/services/aws/secrets-manager/main.ts +11 -15
- package/src/lib/services/aws/simple-notification-service/main.ts +13 -13
- package/src/lib/services/aws/simple-queue-service/main.ts +18 -18
- package/src/lib/services/aws/simple-storage-service/main.ts +40 -40
- package/src/lib/services/aws/step-function/main.ts +77 -65
- package/src/lib/services/aws/systems-manager/main.ts +17 -12
- package/src/lib/services/aws/virtual-private-cloud/main.ts +16 -16
- package/src/lib/services/aws/web-application-firewall/main.ts +8 -8
- package/src/lib/utils/aws/index.ts +8 -5
|
@@ -1,41 +1,18 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
-
if (mod && mod.__esModule) return mod;
|
|
20
|
-
var result = {};
|
|
21
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
-
__setModuleDefault(result, mod);
|
|
23
|
-
return result;
|
|
24
|
-
};
|
|
25
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
3
|
exports.IamManager = void 0;
|
|
27
|
-
const
|
|
28
|
-
const
|
|
29
|
-
const
|
|
4
|
+
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
+
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
6
|
+
const utils_1 = require("../../../utils");
|
|
30
7
|
/**
|
|
31
|
-
* @classdesc Provides operations on AWS
|
|
8
|
+
* @classdesc Provides operations on AWS
|
|
32
9
|
* - A new instance of this class is injected into {@link CommonConstruct} constructor.
|
|
33
10
|
* - If a custom construct extends {@link CommonConstruct}, an instance is available within the context.
|
|
34
11
|
* @example
|
|
35
12
|
* import { CommonConstruct } from '@gradientedge/cdk-utils'
|
|
36
13
|
*
|
|
37
14
|
* class CustomConstruct extends CommonConstruct {
|
|
38
|
-
* constructor(parent:
|
|
15
|
+
* constructor(parent: Construct, id: string, props: common.CommonStackProps) {
|
|
39
16
|
* super(parent, id, props)
|
|
40
17
|
* this.props = props
|
|
41
18
|
* this.iamManager.createRoleForEcsEvent('MyEcsRole', this, cluster, task)
|
|
@@ -50,11 +27,11 @@ class IamManager {
|
|
|
50
27
|
* @param resourceArns list of ARNs to allow access to
|
|
51
28
|
*/
|
|
52
29
|
statementForReadSecrets(scope, resourceArns) {
|
|
53
|
-
return new
|
|
30
|
+
return new aws_iam_1.PolicyStatement({
|
|
54
31
|
actions: ['secretsmanager:GetSecretValue'],
|
|
55
|
-
effect:
|
|
32
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
56
33
|
resources: resourceArns ?? [
|
|
57
|
-
`arn:aws:secretsmanager:${
|
|
34
|
+
`arn:aws:secretsmanager:${aws_cdk_lib_1.Stack.of(scope).region}:${aws_cdk_lib_1.Stack.of(scope).account}:secret:*`,
|
|
58
35
|
],
|
|
59
36
|
});
|
|
60
37
|
}
|
|
@@ -63,20 +40,20 @@ class IamManager {
|
|
|
63
40
|
* @param resourceArns list of ARNs to allow access to
|
|
64
41
|
*/
|
|
65
42
|
statementForPutEvents(resourceArns) {
|
|
66
|
-
return new
|
|
43
|
+
return new aws_iam_1.PolicyStatement({
|
|
67
44
|
actions: ['events:PutEvents'],
|
|
68
|
-
effect:
|
|
45
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
69
46
|
resources: resourceArns ?? ['*'],
|
|
70
47
|
});
|
|
71
48
|
}
|
|
72
49
|
/**
|
|
73
|
-
* @summary Method to create iam statement to start
|
|
50
|
+
* @summary Method to create iam statement to start step function execution
|
|
74
51
|
* @param resourceArns list of ARNs to allow access to
|
|
75
52
|
*/
|
|
76
53
|
statementForStartExecution(resourceArns) {
|
|
77
|
-
return new
|
|
54
|
+
return new aws_iam_1.PolicyStatement({
|
|
78
55
|
actions: ['states:StartExecution'],
|
|
79
|
-
effect:
|
|
56
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
80
57
|
resources: resourceArns ?? ['*'],
|
|
81
58
|
});
|
|
82
59
|
}
|
|
@@ -85,9 +62,9 @@ class IamManager {
|
|
|
85
62
|
* @param resourceArns list of ARNs to allow access to
|
|
86
63
|
*/
|
|
87
64
|
statementForPollQueue(resourceArns) {
|
|
88
|
-
return new
|
|
65
|
+
return new aws_iam_1.PolicyStatement({
|
|
89
66
|
actions: ['sqs:ReceiveMessage', 'sqs:DeleteMessage', 'sqs:GetQueueAttributes'],
|
|
90
|
-
effect:
|
|
67
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
91
68
|
resources: resourceArns ?? ['*'],
|
|
92
69
|
});
|
|
93
70
|
}
|
|
@@ -96,9 +73,9 @@ class IamManager {
|
|
|
96
73
|
* @param resourceArns list of ARNs to allow access to
|
|
97
74
|
*/
|
|
98
75
|
statementForInvokeLambda(resourceArns) {
|
|
99
|
-
return new
|
|
76
|
+
return new aws_iam_1.PolicyStatement({
|
|
100
77
|
actions: ['lambda:InvokeFunction'],
|
|
101
|
-
effect:
|
|
78
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
102
79
|
resources: resourceArns ?? ['*'],
|
|
103
80
|
});
|
|
104
81
|
}
|
|
@@ -107,7 +84,7 @@ class IamManager {
|
|
|
107
84
|
* @param resourceArns list of ARNs to allow access to
|
|
108
85
|
*/
|
|
109
86
|
statementForReadAnyAppConfig(resourceArns) {
|
|
110
|
-
return new
|
|
87
|
+
return new aws_iam_1.PolicyStatement({
|
|
111
88
|
actions: [
|
|
112
89
|
'ssm:GetDocument',
|
|
113
90
|
'ssm:ListDocuments',
|
|
@@ -122,7 +99,7 @@ class IamManager {
|
|
|
122
99
|
'appconfig:GetConfiguration',
|
|
123
100
|
'appconfig:ListDeployments',
|
|
124
101
|
],
|
|
125
|
-
effect:
|
|
102
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
126
103
|
resources: resourceArns ?? ['*'],
|
|
127
104
|
});
|
|
128
105
|
}
|
|
@@ -131,9 +108,9 @@ class IamManager {
|
|
|
131
108
|
* @param resourceArns list of ARNs to allow access to
|
|
132
109
|
*/
|
|
133
110
|
statementForAppConfigExecution(resourceArns) {
|
|
134
|
-
return new
|
|
111
|
+
return new aws_iam_1.PolicyStatement({
|
|
135
112
|
actions: ['appconfig:GetLatestConfiguration', 'appconfig:StartConfigurationSession'],
|
|
136
|
-
effect:
|
|
113
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
137
114
|
resources: resourceArns ?? ['*'],
|
|
138
115
|
});
|
|
139
116
|
}
|
|
@@ -142,9 +119,9 @@ class IamManager {
|
|
|
142
119
|
* @param resourceArns list of ARNs to allow access to
|
|
143
120
|
*/
|
|
144
121
|
statementForPutXrayTelemetry(resourceArns) {
|
|
145
|
-
return new
|
|
122
|
+
return new aws_iam_1.PolicyStatement({
|
|
146
123
|
actions: ['xray:PutTraceSegments', 'xray:PutTelemetryRecords'],
|
|
147
|
-
effect:
|
|
124
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
148
125
|
resources: resourceArns ?? ['*'],
|
|
149
126
|
});
|
|
150
127
|
}
|
|
@@ -153,9 +130,9 @@ class IamManager {
|
|
|
153
130
|
* @param resourceArns list of ARNs to allow access to
|
|
154
131
|
*/
|
|
155
132
|
statementForDecryptKms(resourceArns) {
|
|
156
|
-
return new
|
|
133
|
+
return new aws_iam_1.PolicyStatement({
|
|
157
134
|
actions: ['kms:Decrypt'],
|
|
158
|
-
effect:
|
|
135
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
159
136
|
resources: resourceArns ?? ['*'],
|
|
160
137
|
});
|
|
161
138
|
}
|
|
@@ -165,9 +142,9 @@ class IamManager {
|
|
|
165
142
|
* @param bucket
|
|
166
143
|
*/
|
|
167
144
|
statementForListBucket(scope, bucket) {
|
|
168
|
-
return new
|
|
145
|
+
return new aws_iam_1.PolicyStatement({
|
|
169
146
|
actions: ['s3:ListBucket'],
|
|
170
|
-
effect:
|
|
147
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
171
148
|
resources: [bucket.bucketArn],
|
|
172
149
|
});
|
|
173
150
|
}
|
|
@@ -176,9 +153,9 @@ class IamManager {
|
|
|
176
153
|
* @param resourceArns list of ARNs to allow access to
|
|
177
154
|
*/
|
|
178
155
|
statementForListAllMyBuckets(resourceArns) {
|
|
179
|
-
return new
|
|
156
|
+
return new aws_iam_1.PolicyStatement({
|
|
180
157
|
actions: ['s3:ListAllMyBuckets'],
|
|
181
|
-
effect:
|
|
158
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
182
159
|
resources: resourceArns ?? ['*'],
|
|
183
160
|
});
|
|
184
161
|
}
|
|
@@ -189,9 +166,9 @@ class IamManager {
|
|
|
189
166
|
* @param resourceArns list of ARNs to allow access to
|
|
190
167
|
*/
|
|
191
168
|
statementForGetAnyS3Objects(scope, bucket, resourceArns) {
|
|
192
|
-
return new
|
|
169
|
+
return new aws_iam_1.PolicyStatement({
|
|
193
170
|
actions: ['s3:GetObject', 's3:GetObjectAcl'],
|
|
194
|
-
effect:
|
|
171
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
195
172
|
resources: resourceArns ?? [bucket.arnForObjects(`*`)],
|
|
196
173
|
});
|
|
197
174
|
}
|
|
@@ -202,9 +179,9 @@ class IamManager {
|
|
|
202
179
|
* @param resourceArns list of ARNs to allow access to
|
|
203
180
|
*/
|
|
204
181
|
statementForDeleteAnyS3Objects(scope, bucket, resourceArns) {
|
|
205
|
-
return new
|
|
182
|
+
return new aws_iam_1.PolicyStatement({
|
|
206
183
|
actions: ['s3:DeleteObject'],
|
|
207
|
-
effect:
|
|
184
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
208
185
|
resources: resourceArns ?? [bucket.arnForObjects(`*`)],
|
|
209
186
|
});
|
|
210
187
|
}
|
|
@@ -215,9 +192,9 @@ class IamManager {
|
|
|
215
192
|
* @param resourceArns list of ARNs to allow access to
|
|
216
193
|
*/
|
|
217
194
|
statementForPutAnyS3Objects(scope, bucket, resourceArns) {
|
|
218
|
-
return new
|
|
195
|
+
return new aws_iam_1.PolicyStatement({
|
|
219
196
|
actions: ['s3:PutObject', 's3:PutObjectAcl'],
|
|
220
|
-
effect:
|
|
197
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
221
198
|
resources: resourceArns ?? [bucket.arnForObjects(`*`)],
|
|
222
199
|
});
|
|
223
200
|
}
|
|
@@ -226,9 +203,9 @@ class IamManager {
|
|
|
226
203
|
* @param resourceArns list of ARNs to allow access to
|
|
227
204
|
*/
|
|
228
205
|
statementForPassRole(resourceArns) {
|
|
229
|
-
return new
|
|
206
|
+
return new aws_iam_1.PolicyStatement({
|
|
230
207
|
actions: ['iam:PassRole'],
|
|
231
|
-
effect:
|
|
208
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
232
209
|
resources: resourceArns ?? ['*'],
|
|
233
210
|
});
|
|
234
211
|
}
|
|
@@ -237,9 +214,9 @@ class IamManager {
|
|
|
237
214
|
* @param resourceArns list of ARNs to allow access to
|
|
238
215
|
*/
|
|
239
216
|
statementForCloudfrontInvalidation(resourceArns) {
|
|
240
|
-
return new
|
|
217
|
+
return new aws_iam_1.PolicyStatement({
|
|
241
218
|
actions: ['cloudfront:GetInvalidation', 'cloudfront:CreateInvalidation'],
|
|
242
|
-
effect:
|
|
219
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
243
220
|
resources: resourceArns ?? ['*'],
|
|
244
221
|
});
|
|
245
222
|
}
|
|
@@ -248,9 +225,9 @@ class IamManager {
|
|
|
248
225
|
* @param resourceArns list of ARNs to allow access to
|
|
249
226
|
*/
|
|
250
227
|
statementForWriteEfs(resourceArns) {
|
|
251
|
-
return new
|
|
228
|
+
return new aws_iam_1.PolicyStatement({
|
|
252
229
|
actions: ['elasticfilesystem:*'],
|
|
253
|
-
effect:
|
|
230
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
254
231
|
resources: resourceArns ?? ['*'],
|
|
255
232
|
});
|
|
256
233
|
}
|
|
@@ -259,19 +236,19 @@ class IamManager {
|
|
|
259
236
|
* @param resourceArns list of ARNs to allow access to
|
|
260
237
|
*/
|
|
261
238
|
policyForCloudfrontInvalidation(resourceArns) {
|
|
262
|
-
return new
|
|
239
|
+
return new aws_iam_1.PolicyDocument({
|
|
263
240
|
statements: [
|
|
264
241
|
this.statementForCreateAnyLogStream(),
|
|
265
242
|
this.statementForPutAnyLogEvent(),
|
|
266
243
|
this.statementForCloudfrontInvalidation(),
|
|
267
|
-
new
|
|
244
|
+
new aws_iam_1.PolicyStatement({
|
|
268
245
|
actions: [
|
|
269
246
|
'ecr:GetDownloadUrlForLayer',
|
|
270
247
|
'ecr:BatchGetImage',
|
|
271
248
|
'ecr:BatchCheckLayerAvailability',
|
|
272
249
|
'ecr:GetAuthorizationToken',
|
|
273
250
|
],
|
|
274
|
-
effect:
|
|
251
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
275
252
|
resources: resourceArns ?? ['*'],
|
|
276
253
|
}),
|
|
277
254
|
],
|
|
@@ -283,8 +260,8 @@ class IamManager {
|
|
|
283
260
|
* @param scope scope in which this resource is defined
|
|
284
261
|
*/
|
|
285
262
|
roleForCloudfrontInvalidation(id, scope) {
|
|
286
|
-
return new
|
|
287
|
-
assumedBy: new
|
|
263
|
+
return new aws_iam_1.Role(scope, `${id}-install-deps-project-role`, {
|
|
264
|
+
assumedBy: new aws_iam_1.ServicePrincipal('codebuild.amazonaws.com'),
|
|
288
265
|
inlinePolicies: {
|
|
289
266
|
codeBuildPolicy: this.policyForCloudfrontInvalidation(),
|
|
290
267
|
},
|
|
@@ -296,9 +273,9 @@ class IamManager {
|
|
|
296
273
|
* @param servicePrincipals
|
|
297
274
|
*/
|
|
298
275
|
statementForAssumeRole(scope, servicePrincipals) {
|
|
299
|
-
return new
|
|
276
|
+
return new aws_iam_1.PolicyStatement({
|
|
300
277
|
actions: ['sts:AssumeRole'],
|
|
301
|
-
effect:
|
|
278
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
302
279
|
principals: servicePrincipals,
|
|
303
280
|
});
|
|
304
281
|
}
|
|
@@ -307,10 +284,10 @@ class IamManager {
|
|
|
307
284
|
* @param resourceArns list of ARNs to allow access to
|
|
308
285
|
*/
|
|
309
286
|
statementForEcsPassRole(resourceArns) {
|
|
310
|
-
return new
|
|
287
|
+
return new aws_iam_1.PolicyStatement({
|
|
311
288
|
actions: ['iam:PassRole'],
|
|
312
289
|
conditions: { StringLike: { 'iam:PassedToService': 'ecs-tasks.amazonaws.com' } },
|
|
313
|
-
effect:
|
|
290
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
314
291
|
resources: resourceArns ?? ['*'],
|
|
315
292
|
});
|
|
316
293
|
}
|
|
@@ -321,10 +298,10 @@ class IamManager {
|
|
|
321
298
|
* @param task
|
|
322
299
|
*/
|
|
323
300
|
statementForRunEcsTask(scope, cluster, task) {
|
|
324
|
-
return new
|
|
301
|
+
return new aws_iam_1.PolicyStatement({
|
|
325
302
|
actions: ['ecs:RunTask'],
|
|
326
303
|
conditions: { ArnLike: { 'ecs:cluster': cluster.clusterArn } },
|
|
327
|
-
effect:
|
|
304
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
328
305
|
resources: [task.taskDefinitionArn],
|
|
329
306
|
});
|
|
330
307
|
}
|
|
@@ -334,11 +311,11 @@ class IamManager {
|
|
|
334
311
|
* @param logGroup
|
|
335
312
|
*/
|
|
336
313
|
statementForCreateLogStream(scope, logGroup) {
|
|
337
|
-
return new
|
|
314
|
+
return new aws_iam_1.PolicyStatement({
|
|
338
315
|
actions: ['logs:CreateLogStream'],
|
|
339
|
-
effect:
|
|
316
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
340
317
|
resources: [
|
|
341
|
-
`arn:aws:logs:${
|
|
318
|
+
`arn:aws:logs:${aws_cdk_lib_1.Stack.of(scope).region}:${aws_cdk_lib_1.Stack.of(scope).account}:log-group:${logGroup.logGroupName}:log-stream:${aws_cdk_lib_1.Stack.of(scope).account}_CloudTrail_eu-west-1*`,
|
|
342
319
|
],
|
|
343
320
|
sid: 'AWSCloudTrailCreateLogStream2014110',
|
|
344
321
|
});
|
|
@@ -348,9 +325,9 @@ class IamManager {
|
|
|
348
325
|
* @param resourceArns list of ARNs to allow access to
|
|
349
326
|
*/
|
|
350
327
|
statementForCreateAnyLogStream(resourceArns) {
|
|
351
|
-
return new
|
|
328
|
+
return new aws_iam_1.PolicyStatement({
|
|
352
329
|
actions: ['logs:CreateLogStream'],
|
|
353
|
-
effect:
|
|
330
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
354
331
|
resources: resourceArns ?? ['*'],
|
|
355
332
|
});
|
|
356
333
|
}
|
|
@@ -360,11 +337,11 @@ class IamManager {
|
|
|
360
337
|
* @param logGroup
|
|
361
338
|
*/
|
|
362
339
|
statementForPutLogEvent(scope, logGroup) {
|
|
363
|
-
return new
|
|
340
|
+
return new aws_iam_1.PolicyStatement({
|
|
364
341
|
actions: ['logs:PutLogEvents'],
|
|
365
|
-
effect:
|
|
342
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
366
343
|
resources: [
|
|
367
|
-
`arn:aws:logs:${
|
|
344
|
+
`arn:aws:logs:${aws_cdk_lib_1.Stack.of(scope).region}:${aws_cdk_lib_1.Stack.of(scope).account}:log-group:${logGroup.logGroupName}:log-stream:${aws_cdk_lib_1.Stack.of(scope).account}_CloudTrail_eu-west-1*`,
|
|
368
345
|
],
|
|
369
346
|
sid: 'AWSCloudTrailPutLogEvents20141101',
|
|
370
347
|
});
|
|
@@ -374,9 +351,9 @@ class IamManager {
|
|
|
374
351
|
* @param resourceArns list of ARNs to allow access to
|
|
375
352
|
*/
|
|
376
353
|
statementForPutAnyLogEvent(resourceArns) {
|
|
377
|
-
return new
|
|
354
|
+
return new aws_iam_1.PolicyStatement({
|
|
378
355
|
actions: ['logs:PutLogEvents'],
|
|
379
|
-
effect:
|
|
356
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
380
357
|
resources: resourceArns ?? ['*'],
|
|
381
358
|
});
|
|
382
359
|
}
|
|
@@ -385,7 +362,7 @@ class IamManager {
|
|
|
385
362
|
* @param resourceArns list of ARNs to allow access to
|
|
386
363
|
*/
|
|
387
364
|
statementForReadTableItems(resourceArns) {
|
|
388
|
-
return new
|
|
365
|
+
return new aws_iam_1.PolicyStatement({
|
|
389
366
|
actions: [
|
|
390
367
|
'dynamodb:PartiQLSelect',
|
|
391
368
|
'dynamodb:DescribeTable',
|
|
@@ -396,7 +373,7 @@ class IamManager {
|
|
|
396
373
|
'dynamodb:GetRecords',
|
|
397
374
|
'dynamodb:BatchGetItem',
|
|
398
375
|
],
|
|
399
|
-
effect:
|
|
376
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
400
377
|
resources: resourceArns ?? ['*'],
|
|
401
378
|
});
|
|
402
379
|
}
|
|
@@ -405,9 +382,9 @@ class IamManager {
|
|
|
405
382
|
* @param resourceArns list of ARNs to allow access to
|
|
406
383
|
*/
|
|
407
384
|
statementForWriteTableItems(resourceArns) {
|
|
408
|
-
return new
|
|
385
|
+
return new aws_iam_1.PolicyStatement({
|
|
409
386
|
actions: ['dynamodb:BatchWriteItem', 'dynamodb:DeleteItem', 'dynamodb:PutItem', 'dynamodb:UpdateItem'],
|
|
410
|
-
effect:
|
|
387
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
411
388
|
resources: resourceArns ?? ['*'],
|
|
412
389
|
});
|
|
413
390
|
}
|
|
@@ -418,12 +395,12 @@ class IamManager {
|
|
|
418
395
|
* @param logGroup
|
|
419
396
|
*/
|
|
420
397
|
createRoleForCloudTrail(id, scope, logGroup) {
|
|
421
|
-
const policy = new
|
|
398
|
+
const policy = new aws_iam_1.PolicyDocument({
|
|
422
399
|
statements: [this.statementForCreateLogStream(scope, logGroup), this.statementForPutLogEvent(scope, logGroup)],
|
|
423
400
|
});
|
|
424
|
-
const role = new
|
|
425
|
-
assumeRolePolicyDocument: new
|
|
426
|
-
statements: [this.statementForAssumeRole(scope, [new
|
|
401
|
+
const role = new aws_iam_1.CfnRole(scope, `${id}`, {
|
|
402
|
+
assumeRolePolicyDocument: new aws_iam_1.PolicyDocument({
|
|
403
|
+
statements: [this.statementForAssumeRole(scope, [new aws_iam_1.ServicePrincipal('cloudtrail.amazonaws.com')])],
|
|
427
404
|
}),
|
|
428
405
|
policies: [
|
|
429
406
|
{
|
|
@@ -433,8 +410,8 @@ class IamManager {
|
|
|
433
410
|
],
|
|
434
411
|
roleName: `${id}-${scope.props.stage}`,
|
|
435
412
|
});
|
|
436
|
-
|
|
437
|
-
|
|
413
|
+
(0, utils_1.createCfnOutput)(`${id}Arn`, scope, role.attrArn);
|
|
414
|
+
(0, utils_1.createCfnOutput)(`${id}Name`, scope, role.roleName);
|
|
438
415
|
return role;
|
|
439
416
|
}
|
|
440
417
|
/**
|
|
@@ -445,17 +422,17 @@ class IamManager {
|
|
|
445
422
|
* @param task
|
|
446
423
|
*/
|
|
447
424
|
createRoleForEcsEvent(id, scope, cluster, task) {
|
|
448
|
-
const policy = new
|
|
425
|
+
const policy = new aws_iam_1.PolicyDocument({
|
|
449
426
|
statements: [this.statementForRunEcsTask(scope, cluster, task), this.statementForEcsPassRole()],
|
|
450
427
|
});
|
|
451
|
-
const role = new
|
|
452
|
-
assumedBy: new
|
|
428
|
+
const role = new aws_iam_1.Role(scope, `${id}`, {
|
|
429
|
+
assumedBy: new aws_iam_1.ServicePrincipal('events.amazonaws.com'),
|
|
453
430
|
description: `Role for ${id} ECS Task execution from EventBridge`,
|
|
454
431
|
inlinePolicies: { policy },
|
|
455
432
|
roleName: `${id}-${scope.props.stage}`,
|
|
456
433
|
});
|
|
457
|
-
|
|
458
|
-
|
|
434
|
+
(0, utils_1.createCfnOutput)(`${id}Arn`, scope, role.roleArn);
|
|
435
|
+
(0, utils_1.createCfnOutput)(`${id}Name`, scope, role.roleName);
|
|
459
436
|
return role;
|
|
460
437
|
}
|
|
461
438
|
/**
|
|
@@ -465,17 +442,17 @@ class IamManager {
|
|
|
465
442
|
* @param policy
|
|
466
443
|
*/
|
|
467
444
|
createRoleForEcsExecution(id, scope, policy) {
|
|
468
|
-
const role = new
|
|
469
|
-
assumedBy: new
|
|
445
|
+
const role = new aws_iam_1.Role(scope, `${id}`, {
|
|
446
|
+
assumedBy: new aws_iam_1.ServicePrincipal('ecs-tasks.amazonaws.com'),
|
|
470
447
|
description: `Role for ${id} ECS Task execution`,
|
|
471
448
|
inlinePolicies: { policy },
|
|
472
449
|
managedPolicies: [
|
|
473
|
-
|
|
450
|
+
aws_iam_1.ManagedPolicy.fromManagedPolicyArn(scope, `${id}-AmazonECSTaskExecutionRolePolicy`, 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'),
|
|
474
451
|
],
|
|
475
452
|
roleName: `${id}-${scope.props.stage}`,
|
|
476
453
|
});
|
|
477
|
-
|
|
478
|
-
|
|
454
|
+
(0, utils_1.createCfnOutput)(`${id}Arn`, scope, role.roleArn);
|
|
455
|
+
(0, utils_1.createCfnOutput)(`${id}Name`, scope, role.roleName);
|
|
479
456
|
return role;
|
|
480
457
|
}
|
|
481
458
|
/**
|
|
@@ -483,20 +460,20 @@ class IamManager {
|
|
|
483
460
|
* @param id scoped id of the resource
|
|
484
461
|
* @param scope scope in which this resource is defined
|
|
485
462
|
* @param policy
|
|
486
|
-
* @param
|
|
463
|
+
* @param servicePrincipal
|
|
487
464
|
*/
|
|
488
|
-
createRoleForLambda(id, scope, policy,
|
|
489
|
-
const role = new
|
|
490
|
-
assumedBy:
|
|
465
|
+
createRoleForLambda(id, scope, policy, servicePrincipal) {
|
|
466
|
+
const role = new aws_iam_1.Role(scope, `${id}`, {
|
|
467
|
+
assumedBy: servicePrincipal ?? new aws_iam_1.ServicePrincipal('lambda.amazonaws.com'),
|
|
491
468
|
description: `Role for ${id} Lambda function`,
|
|
492
469
|
inlinePolicies: { policy },
|
|
493
470
|
managedPolicies: [
|
|
494
|
-
|
|
471
|
+
aws_iam_1.ManagedPolicy.fromManagedPolicyArn(scope, `${id}-AWSLambdaBasicExecutionRole`, 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'),
|
|
495
472
|
],
|
|
496
473
|
roleName: `${id}-${scope.props.stage}`,
|
|
497
474
|
});
|
|
498
|
-
|
|
499
|
-
|
|
475
|
+
(0, utils_1.createCfnOutput)(`${id}Arn`, scope, role.roleArn);
|
|
476
|
+
(0, utils_1.createCfnOutput)(`${id}Name`, scope, role.roleName);
|
|
500
477
|
return role;
|
|
501
478
|
}
|
|
502
479
|
/**
|
|
@@ -504,17 +481,17 @@ class IamManager {
|
|
|
504
481
|
* @param id scoped id of the resource
|
|
505
482
|
* @param scope scope in which this resource is defined
|
|
506
483
|
* @param policy
|
|
507
|
-
* @param
|
|
484
|
+
* @param servicePrincipal
|
|
508
485
|
*/
|
|
509
|
-
createRoleForAppConfigSecrets(id, scope, policy,
|
|
510
|
-
const role = new
|
|
511
|
-
assumedBy:
|
|
486
|
+
createRoleForAppConfigSecrets(id, scope, policy, servicePrincipal) {
|
|
487
|
+
const role = new aws_iam_1.Role(scope, `${id}`, {
|
|
488
|
+
assumedBy: servicePrincipal ?? new aws_iam_1.ServicePrincipal('appconfig.amazonaws.com'),
|
|
512
489
|
description: `Role for ${id} AppConfig Secrets`,
|
|
513
490
|
inlinePolicies: { policy },
|
|
514
491
|
roleName: `${id}-${scope.props.stage}`,
|
|
515
492
|
});
|
|
516
|
-
|
|
517
|
-
|
|
493
|
+
(0, utils_1.createCfnOutput)(`${id}Arn`, scope, role.roleArn);
|
|
494
|
+
(0, utils_1.createCfnOutput)(`${id}Name`, scope, role.roleName);
|
|
518
495
|
return role;
|
|
519
496
|
}
|
|
520
497
|
/**
|
|
@@ -522,20 +499,20 @@ class IamManager {
|
|
|
522
499
|
* @param id scoped id of the resource
|
|
523
500
|
* @param scope scope in which this resource is defined
|
|
524
501
|
* @param policy
|
|
525
|
-
* @param
|
|
502
|
+
* @param servicePrincipal
|
|
526
503
|
*/
|
|
527
|
-
createRoleForStepFunction(id, scope, policy,
|
|
528
|
-
const role = new
|
|
529
|
-
assumedBy:
|
|
504
|
+
createRoleForStepFunction(id, scope, policy, servicePrincipal) {
|
|
505
|
+
const role = new aws_iam_1.Role(scope, `${id}`, {
|
|
506
|
+
assumedBy: servicePrincipal ?? new aws_iam_1.ServicePrincipal('states.amazonaws.com'),
|
|
530
507
|
description: `Role for ${id} Lambda function`,
|
|
531
508
|
inlinePolicies: { policy },
|
|
532
509
|
managedPolicies: [
|
|
533
|
-
|
|
510
|
+
aws_iam_1.ManagedPolicy.fromManagedPolicyArn(scope, `${id}-AWSLambdaBasicExecutionRole`, 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'),
|
|
534
511
|
],
|
|
535
512
|
roleName: `${id}-${scope.props.stage}`,
|
|
536
513
|
});
|
|
537
|
-
|
|
538
|
-
|
|
514
|
+
(0, utils_1.createCfnOutput)(`${id}Arn`, scope, role.roleArn);
|
|
515
|
+
(0, utils_1.createCfnOutput)(`${id}Name`, scope, role.roleName);
|
|
539
516
|
return role;
|
|
540
517
|
}
|
|
541
518
|
/**
|
|
@@ -546,15 +523,15 @@ class IamManager {
|
|
|
546
523
|
* @param stepFunctionArn the arn of the step function
|
|
547
524
|
*/
|
|
548
525
|
createRoleForSqsToSfnPipe(id, scope, queueArn, stepFunctionArn) {
|
|
549
|
-
const role = new
|
|
550
|
-
assumedBy: new
|
|
526
|
+
const role = new aws_iam_1.Role(scope, `${id}`, {
|
|
527
|
+
assumedBy: new aws_iam_1.ServicePrincipal('pipes.amazonaws.com'),
|
|
551
528
|
description: `Role for ${id} Pipe`,
|
|
552
529
|
roleName: `${id}-${scope.props.stage}`,
|
|
553
530
|
});
|
|
554
531
|
role.addToPolicy(this.statementForPollQueue([queueArn]));
|
|
555
532
|
role.addToPolicy(this.statementForStartExecution([stepFunctionArn]));
|
|
556
|
-
|
|
557
|
-
|
|
533
|
+
(0, utils_1.createCfnOutput)(`${id}Arn`, scope, role.roleArn);
|
|
534
|
+
(0, utils_1.createCfnOutput)(`${id}Name`, scope, role.roleName);
|
|
558
535
|
return role;
|
|
559
536
|
}
|
|
560
537
|
/**
|
|
@@ -566,17 +543,17 @@ class IamManager {
|
|
|
566
543
|
* @param servicePrincipals
|
|
567
544
|
*/
|
|
568
545
|
createPolicyForSqsEvent(id, scope, sqsQueue, eventBridgeRule, servicePrincipals) {
|
|
569
|
-
return new
|
|
546
|
+
return new aws_iam_1.PolicyDocument({
|
|
570
547
|
statements: [
|
|
571
|
-
new
|
|
548
|
+
new aws_iam_1.PolicyStatement({
|
|
572
549
|
actions: ['sqs:*'],
|
|
573
550
|
conditions: {
|
|
574
551
|
ArnEquals: {
|
|
575
552
|
'aws:SourceArn': eventBridgeRule,
|
|
576
553
|
},
|
|
577
554
|
},
|
|
578
|
-
effect:
|
|
579
|
-
principals: servicePrincipals ?? [new
|
|
555
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
556
|
+
principals: servicePrincipals ?? [new aws_iam_1.ServicePrincipal('events.amazonaws.com')],
|
|
580
557
|
resources: [sqsQueue.queueArn],
|
|
581
558
|
}),
|
|
582
559
|
],
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import
|
|
1
|
+
import { Key } from 'aws-cdk-lib/aws-kms';
|
|
2
2
|
import { CommonConstruct } from '../../../common';
|
|
3
3
|
import { KmsKeyProps } from './types';
|
|
4
4
|
/**
|
|
@@ -24,5 +24,5 @@ export declare class KmsManager {
|
|
|
24
24
|
* @param scope scope in which this resource is defined
|
|
25
25
|
* @param props KMS key props
|
|
26
26
|
*/
|
|
27
|
-
createKey(id: string, scope: CommonConstruct, props: KmsKeyProps):
|
|
27
|
+
createKey(id: string, scope: CommonConstruct, props: KmsKeyProps): Key;
|
|
28
28
|
}
|
|
@@ -1,31 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
-
if (mod && mod.__esModule) return mod;
|
|
20
|
-
var result = {};
|
|
21
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
-
__setModuleDefault(result, mod);
|
|
23
|
-
return result;
|
|
24
|
-
};
|
|
25
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
3
|
exports.KmsManager = void 0;
|
|
27
|
-
const
|
|
28
|
-
const
|
|
4
|
+
const aws_kms_1 = require("aws-cdk-lib/aws-kms");
|
|
5
|
+
const utils_1 = require("../../../utils");
|
|
29
6
|
/**
|
|
30
7
|
* @classdesc Provides operations on AWS KMS.
|
|
31
8
|
* - A new instance of this class is injected into {@link CommonConstruct} constructor.
|
|
@@ -52,7 +29,7 @@ class KmsManager {
|
|
|
52
29
|
createKey(id, scope, props) {
|
|
53
30
|
if (!props)
|
|
54
31
|
throw `KMS Key props undefined for ${id}`;
|
|
55
|
-
const key = new
|
|
32
|
+
const key = new aws_kms_1.Key(scope, `${id}`, {
|
|
56
33
|
admins: props.admins,
|
|
57
34
|
alias: `${props.alias}-${scope.props.stage}`,
|
|
58
35
|
description: props.description,
|
|
@@ -64,8 +41,8 @@ class KmsManager {
|
|
|
64
41
|
policy: props.policy,
|
|
65
42
|
removalPolicy: props.removalPolicy,
|
|
66
43
|
});
|
|
67
|
-
|
|
68
|
-
|
|
44
|
+
(0, utils_1.createCfnOutput)(`${id}-keyId`, scope, key.keyId);
|
|
45
|
+
(0, utils_1.createCfnOutput)(`${id}-keyArn`, scope, key.keyArn);
|
|
69
46
|
return key;
|
|
70
47
|
}
|
|
71
48
|
}
|