@gradientedge/cdk-utils 8.73.0 → 8.74.0

package/dist/src/lib/manager/aws/iam-manager.d.ts

@@ -58,6 +58,21 @@ export declare class IamManager {
      * @param {string[]} resourceArns list of ARNs to allow access to
      */
     statementForReadAnyAppConfig(resourceArns?: string[]): cdk.aws_iam.PolicyStatement;
+    /**
+     * @summary Method to create iam statement to access app config
+     * @param {string[]} resourceArns list of ARNs to allow access to
+     */
+    statementForAppConfigExecution(resourceArns?: string[]): cdk.aws_iam.PolicyStatement;
+    /**
+     * @summary Method to create iam statement to put xray telemetry
+     * @param {string[]} resourceArns list of ARNs to allow access to
+     */
+    statementForPutXrayTelemetry(resourceArns?: string[]): cdk.aws_iam.PolicyStatement;
+    /**
+     * @summary Method to create iam statement to decrypt kms
+     * @param {string[]} resourceArns list of ARNs to allow access to
+     */
+    statementForDecryptKms(resourceArns?: string[]): cdk.aws_iam.PolicyStatement;
     /**
      * @summary Method to create iam statement to list s3 buckets
      * @param {common.CommonConstruct} scope scope in which this resource is defined

package/dist/src/lib/manager/aws/iam-manager.js

@@ -130,6 +130,39 @@ class IamManager {
             resources: resourceArns ?? ['*'],
         });
     }
+    /**
+     * @summary Method to create iam statement to access app config
+     * @param {string[]} resourceArns list of ARNs to allow access to
+     */
+    statementForAppConfigExecution(resourceArns) {
+        return new iam.PolicyStatement({
+            effect: iam.Effect.ALLOW,
+            actions: ['appconfig:GetLatestConfiguration', 'appconfig:StartConfigurationSession'],
+            resources: resourceArns ?? ['*'],
+        });
+    }
+    /**
+     * @summary Method to create iam statement to put xray telemetry
+     * @param {string[]} resourceArns list of ARNs to allow access to
+     */
+    statementForPutXrayTelemetry(resourceArns) {
+        return new iam.PolicyStatement({
+            effect: iam.Effect.ALLOW,
+            actions: ['xray:PutTraceSegments', 'xray:PutTelemetryRecords'],
+            resources: resourceArns ?? ['*'],
+        });
+    }
+    /**
+     * @summary Method to create iam statement to decrypt kms
+     * @param {string[]} resourceArns list of ARNs to allow access to
+     */
+    statementForDecryptKms(resourceArns) {
+        return new iam.PolicyStatement({
+            effect: iam.Effect.ALLOW,
+            actions: ['kms:Decrypt'],
+            resources: resourceArns ?? ['*'],
+        });
+    }
     /**
      * @summary Method to create iam statement to list s3 buckets
      * @param {common.CommonConstruct} scope scope in which this resource is defined

package/dist/src/lib/manager/aws/lambda-manager.js

@@ -215,6 +215,7 @@ class LambdaManager {
                 filesystem: accessPoint
                     ? lambda.FileSystem.fromEfsAccessPoint(accessPoint, mountPath || '/mnt/msg')
                     : undefined,
+                logRetention: scope.props.logRetention ?? props.logRetention,
                 reservedConcurrentExecutions: props.reservedConcurrentExecutions,
                 role: role instanceof iam.Role ? role : undefined,
                 securityGroups: securityGroups,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gradientedge/cdk-utils",
-  "version": "8.73.0",
+  "version": "8.74.0",
   "description": "Utilities for AWS CDK provisioning",
   "main": "dist/index.js",
   "engines": {

package/src/lib/manager/aws/iam-manager.ts

@@ -117,6 +117,42 @@ export class IamManager {
     })
   }
 
+  /**
+   * @summary Method to create iam statement to access app config
+   * @param {string[]} resourceArns list of ARNs to allow access to
+   */
+  public statementForAppConfigExecution(resourceArns?: string[]) {
+    return new iam.PolicyStatement({
+      effect: iam.Effect.ALLOW,
+      actions: ['appconfig:GetLatestConfiguration', 'appconfig:StartConfigurationSession'],
+      resources: resourceArns ?? ['*'],
+    })
+  }
+
+  /**
+   * @summary Method to create iam statement to put xray telemetry
+   * @param {string[]} resourceArns list of ARNs to allow access to
+   */
+  public statementForPutXrayTelemetry(resourceArns?: string[]) {
+    return new iam.PolicyStatement({
+      effect: iam.Effect.ALLOW,
+      actions: ['xray:PutTraceSegments', 'xray:PutTelemetryRecords'],
+      resources: resourceArns ?? ['*'],
+    })
+  }
+
+  /**
+   * @summary Method to create iam statement to decrypt kms
+   * @param {string[]} resourceArns list of ARNs to allow access to
+   */
+  public statementForDecryptKms(resourceArns?: string[]) {
+    return new iam.PolicyStatement({
+      effect: iam.Effect.ALLOW,
+      actions: ['kms:Decrypt'],
+      resources: resourceArns ?? ['*'],
+    })
+  }
+
   /**
    * @summary Method to create iam statement to list s3 buckets
    * @param {common.CommonConstruct} scope scope in which this resource is defined

package/src/lib/manager/aws/lambda-manager.ts

@@ -270,6 +270,7 @@ export class LambdaManager {
         filesystem: accessPoint
           ? lambda.FileSystem.fromEfsAccessPoint(accessPoint, mountPath || '/mnt/msg')
           : undefined,
+        logRetention: scope.props.logRetention ?? props.logRetention,
         reservedConcurrentExecutions: props.reservedConcurrentExecutions,
         role: role instanceof iam.Role ? role : undefined,
         securityGroups: securityGroups,