@gradientedge/cdk-utils 8.84.0 → 8.85.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/dist/src/lib/construct/index.d.ts +1 -0
  2. package/dist/src/lib/construct/index.js +1 -0
  3. package/dist/src/lib/construct/lambda-with-iam-access/index.d.ts +2 -0
  4. package/dist/src/lib/construct/lambda-with-iam-access/index.js +18 -0
  5. package/dist/src/lib/construct/lambda-with-iam-access/main.d.ts +78 -0
  6. package/dist/src/lib/construct/lambda-with-iam-access/main.js +160 -0
  7. package/dist/src/lib/construct/lambda-with-iam-access/types.d.ts +15 -0
  8. package/dist/src/lib/construct/lambda-with-iam-access/types.js +2 -0
  9. package/package.json +1 -1
  10. package/src/lib/construct/index.ts +1 -0
  11. package/src/lib/construct/lambda-with-iam-access/index.ts +2 -0
  12. package/src/lib/construct/lambda-with-iam-access/main.ts +166 -0
  13. package/src/lib/construct/lambda-with-iam-access/types.ts +16 -0
package/dist/src/lib/construct/index.d.ts CHANGED
@@ -3,6 +3,7 @@ export * from './api-to-eventbridge-target-with-sns';
3
3
  export * from './api-to-lambda-target';
4
4
  export * from './graphql-api-lambda';
5
5
  export * from './graphql-api-lambda-with-cache';
6
+ export * from './lambda-with-iam-access';
6
7
  export * from './rest-api-lambda';
7
8
  export * from './rest-api-lambda-with-cache';
8
9
  export * from './site-with-ecs-backend';
package/dist/src/lib/construct/index.js CHANGED
@@ -19,6 +19,7 @@ __exportStar(require("./api-to-eventbridge-target-with-sns"), exports);
19
19
  __exportStar(require("./api-to-lambda-target"), exports);
20
20
  __exportStar(require("./graphql-api-lambda"), exports);
21
21
  __exportStar(require("./graphql-api-lambda-with-cache"), exports);
22
+ __exportStar(require("./lambda-with-iam-access"), exports);
22
23
  __exportStar(require("./rest-api-lambda"), exports);
23
24
  __exportStar(require("./rest-api-lambda-with-cache"), exports);
24
25
  __exportStar(require("./site-with-ecs-backend"), exports);
package/dist/src/lib/construct/lambda-with-iam-access/index.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ export * from './main';
2
+ export * from './types';
package/dist/src/lib/construct/lambda-with-iam-access/index.js ADDED
@@ -0,0 +1,18 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
+ for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
+ };
16
+ Object.defineProperty(exports, "__esModule", { value: true });
17
+ __exportStar(require("./main"), exports);
18
+ __exportStar(require("./types"), exports);
package/dist/src/lib/construct/lambda-with-iam-access/main.d.ts ADDED
@@ -0,0 +1,78 @@
1
+ import { CommonConstruct } from '../../common';
2
+ import { Construct } from 'constructs';
3
+ import { LambdaWithIamAccessEnvironment, LambdaWithIamAccessProps } from './types';
4
+ import * as iam from 'aws-cdk-lib/aws-iam';
5
+ import * as lambda from 'aws-cdk-lib/aws-lambda';
6
+ import * as secretsManager from 'aws-cdk-lib/aws-secretsmanager';
7
+ /**
8
+ * @category cdk-utils.lambda-with-iam-access
9
+ * @subcategory construct
10
+ * @classdesc Provides a construct to create a lambda function with IAM access
11
+ *
12
+ * @example
13
+ * import { LambdaWithIamAccess, LambdaWithIamAccessProps } '@gradientedge/cdk-utils'
14
+ * import { Construct } from 'constructs'
15
+ *
16
+ * class CustomConstruct extends LambdaWithIamAccess {
17
+ * constructor(parent: Construct, id: string, props: LambdaWithIamAccessProps) {
18
+ * super(parent, id, props)
19
+ * this.props = props
20
+ * this.id = id
21
+ * this.initResources()
22
+ * }
23
+ * }
24
+ * @mixin
25
+ */
26
+ export declare class LambdaWithIamAccess extends CommonConstruct {
27
+ props: LambdaWithIamAccessProps;
28
+ id: string;
29
+ lambdaPolicy: iam.PolicyDocument;
30
+ lambdaRole: iam.Role;
31
+ lambdaEnvironment: LambdaWithIamAccessEnvironment;
32
+ lambdaLayers: lambda.LayerVersion[];
33
+ lambdaFunction: lambda.Function;
34
+ lambdaIamUser: iam.User;
35
+ lambdaUserAccessKey: iam.CfnAccessKey;
36
+ lambdaUserAccessSecret: secretsManager.Secret;
37
+ protected constructor(parent: Construct, id: string, props: LambdaWithIamAccessProps);
38
+ /**
39
+ * @summary Initialise and provision resources
40
+ * @protected
41
+ */
42
+ initResources(): void;
43
+ /**
44
+ * @summary Method to create iam policy for Lambda function
45
+ * @protected
46
+ */
47
+ protected createLambdaPolicy(): void;
48
+ /**
49
+ * @summary Method to create iam role for Lambda function
50
+ * @protected
51
+ */
52
+ protected createLambdaRole(): void;
53
+ /**
54
+ * @summary Method to create environment variables for Lambda function
55
+ * @protected
56
+ */
57
+ protected createLambdaEnvironment(): void;
58
+ /**
59
+ * @summary Method to create layers for Lambda function
60
+ * @protected
61
+ */
62
+ protected createLambdaLayers(): void;
63
+ /**
64
+ * @summary Method to create lambda function
65
+ * @protected
66
+ */
67
+ protected createLambdaFunction(): void;
68
+ /**
69
+ * @summary Method to create iam user for the lambda function
70
+ * @protected
71
+ */
72
+ protected createIamUserForLambdaFunction(): void;
73
+ /**
74
+ * @summary Method to create iam secret for the lambda function
75
+ * @protected
76
+ */
77
+ protected createIamSecretForLambdaFunction(): void;
78
+ }
package/dist/src/lib/construct/lambda-with-iam-access/main.js ADDED
@@ -0,0 +1,160 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || function (mod) {
19
+ if (mod && mod.__esModule) return mod;
20
+ var result = {};
21
+ if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
22
+ __setModuleDefault(result, mod);
23
+ return result;
24
+ };
25
+ Object.defineProperty(exports, "__esModule", { value: true });
26
+ exports.LambdaWithIamAccess = void 0;
27
+ const common_1 = require("../../common");
28
+ const iam = __importStar(require("aws-cdk-lib/aws-iam"));
29
+ const secretsManager = __importStar(require("aws-cdk-lib/aws-secretsmanager"));
30
+ /**
31
+ * @category cdk-utils.lambda-with-iam-access
32
+ * @subcategory construct
33
+ * @classdesc Provides a construct to create a lambda function with IAM access
34
+ *
35
+ * @example
36
+ * import { LambdaWithIamAccess, LambdaWithIamAccessProps } '@gradientedge/cdk-utils'
37
+ * import { Construct } from 'constructs'
38
+ *
39
+ * class CustomConstruct extends LambdaWithIamAccess {
40
+ * constructor(parent: Construct, id: string, props: LambdaWithIamAccessProps) {
41
+ * super(parent, id, props)
42
+ * this.props = props
43
+ * this.id = id
44
+ * this.initResources()
45
+ * }
46
+ * }
47
+ * @mixin
48
+ */
49
+ class LambdaWithIamAccess extends common_1.CommonConstruct {
50
+ /* LambdaWithIamAccess props */
51
+ props;
52
+ id;
53
+ /* LambdaWithIamAccess resources */
54
+ lambdaPolicy;
55
+ lambdaRole;
56
+ lambdaEnvironment;
57
+ lambdaLayers;
58
+ lambdaFunction;
59
+ lambdaIamUser;
60
+ lambdaUserAccessKey;
61
+ lambdaUserAccessSecret;
62
+ constructor(parent, id, props) {
63
+ super(parent, id, props);
64
+ this.props = props;
65
+ this.id = id;
66
+ }
67
+ /**
68
+ * @summary Initialise and provision resources
69
+ * @protected
70
+ */
71
+ initResources() {
72
+ this.createLambdaPolicy();
73
+ this.createLambdaRole();
74
+ this.createLambdaEnvironment();
75
+ this.createLambdaLayers();
76
+ this.createLambdaFunction();
77
+ this.createIamUserForLambdaFunction();
78
+ this.createIamSecretForLambdaFunction();
79
+ }
80
+ /**
81
+ * @summary Method to create iam policy for Lambda function
82
+ * @protected
83
+ */
84
+ createLambdaPolicy() {
85
+ this.lambdaPolicy = new iam.PolicyDocument({
86
+ statements: [this.iamManager.statementForCreateAnyLogStream()],
87
+ });
88
+ }
89
+ /**
90
+ * @summary Method to create iam role for Lambda function
91
+ * @protected
92
+ */
93
+ createLambdaRole() {
94
+ this.lambdaRole = this.iamManager.createRoleForLambda(`${this.id}-lambda-role`, this, this.lambdaPolicy);
95
+ }
96
+ /**
97
+ * @summary Method to create environment variables for Lambda function
98
+ * @protected
99
+ */
100
+ createLambdaEnvironment() {
101
+ this.lambdaEnvironment = {
102
+ NODE_ENV: this.props.nodeEnv,
103
+ LOG_LEVEL: this.props.logLevel,
104
+ TZ: this.props.timezone,
105
+ };
106
+ }
107
+ /**
108
+ * @summary Method to create layers for Lambda function
109
+ * @protected
110
+ */
111
+ createLambdaLayers() {
112
+ const layers = [];
113
+ if (!this.props.lambdaLayerSources)
114
+ return;
115
+ this.props.lambdaLayerSources.forEach((source, index) => {
116
+ layers.push(this.lambdaManager.createLambdaLayer(`${this.id}-layer-${index}`, this, source));
117
+ });
118
+ this.lambdaLayers = layers;
119
+ }
120
+ /**
121
+ * @summary Method to create lambda function
122
+ * @protected
123
+ */
124
+ createLambdaFunction() {
125
+ this.lambdaFunction = this.lambdaManager.createLambdaFunction(`${this.id}-lambda`, this, this.props.lambda, this.lambdaRole, this.lambdaLayers, this.props.lambdaSource, this.props.lambdaHandler || 'index.handler', this.lambdaEnvironment);
126
+ }
127
+ /**
128
+ * @summary Method to create iam user for the lambda function
129
+ * @protected
130
+ */
131
+ createIamUserForLambdaFunction() {
132
+ this.lambdaIamUser = new iam.User(this, `${this.id}-lambda-user`, {
133
+ userName: `${this.id}-user-${this.props.stage}`,
134
+ });
135
+ new iam.Policy(this, `${this.id}-lambda-user-policy`, {
136
+ policyName: `${this.id}-policy-${this.props.stage}`,
137
+ statements: [
138
+ new iam.PolicyStatement({
139
+ resources: [this.lambdaFunction.functionArn],
140
+ actions: ['lambda:InvokeFunction'],
141
+ }),
142
+ ],
143
+ users: [this.lambdaIamUser],
144
+ });
145
+ this.lambdaUserAccessKey = new iam.CfnAccessKey(this, `${this.id}-access-key-${this.props.stage}`, {
146
+ userName: this.lambdaIamUser.userName,
147
+ });
148
+ }
149
+ /**
150
+ * @summary Method to create iam secret for the lambda function
151
+ * @protected
152
+ */
153
+ createIamSecretForLambdaFunction() {
154
+ this.lambdaUserAccessSecret = new secretsManager.Secret(this, `${this.id}-lambda-user-secret-${this.props.stage}`, this.props.lambdaSecret);
155
+ const cfnSecret = this.lambdaUserAccessSecret.node.defaultChild;
156
+ cfnSecret.generateSecretString = undefined;
157
+ cfnSecret.secretString = `{ "ACCESS_KEY_ID": "${this.lambdaUserAccessKey.ref}", "ACCESS_KEY_SECRET": "${this.lambdaUserAccessKey.attrSecretAccessKey}" }`;
158
+ }
159
+ }
160
+ exports.LambdaWithIamAccess = LambdaWithIamAccess;
package/dist/src/lib/construct/lambda-with-iam-access/types.d.ts ADDED
@@ -0,0 +1,15 @@
1
+ import { CommonStackProps, LambdaEnvironment, LambdaProps } from '../../types';
2
+ import * as lambda from 'aws-cdk-lib/aws-lambda';
3
+ import { SecretProps } from 'aws-cdk-lib/aws-secretsmanager';
4
+ export interface LambdaWithIamAccessProps extends CommonStackProps {
5
+ lambda: LambdaProps;
6
+ lambdaHandler?: string;
7
+ lambdaLayerSources: lambda.AssetCode[];
8
+ lambdaSecret: SecretProps;
9
+ lambdaSource: lambda.AssetCode;
10
+ logLevel: string;
11
+ nodeEnv: string;
12
+ timezone: string;
13
+ }
14
+ export interface LambdaWithIamAccessEnvironment extends LambdaEnvironment {
15
+ }
package/dist/src/lib/construct/lambda-with-iam-access/types.js ADDED
@@ -0,0 +1,2 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@gradientedge/cdk-utils",
3
- "version": "8.84.0",
3
+ "version": "8.85.0",
4
4
  "description": "Utilities for AWS CDK provisioning",
5
5
  "main": "dist/index.js",
6
6
  "engines": {
package/src/lib/construct/index.ts CHANGED
@@ -3,6 +3,7 @@ export * from './api-to-eventbridge-target-with-sns'
3
3
  export * from './api-to-lambda-target'
4
4
  export * from './graphql-api-lambda'
5
5
  export * from './graphql-api-lambda-with-cache'
6
+ export * from './lambda-with-iam-access'
6
7
  export * from './rest-api-lambda'
7
8
  export * from './rest-api-lambda-with-cache'
8
9
  export * from './site-with-ecs-backend'
package/src/lib/construct/lambda-with-iam-access/index.ts ADDED
@@ -0,0 +1,2 @@
1
+ export * from './main'
2
+ export * from './types'
package/src/lib/construct/lambda-with-iam-access/main.ts ADDED
@@ -0,0 +1,166 @@
1
+ import { CommonConstruct } from '../../common'
2
+ import { Construct } from 'constructs'
3
+ import { LambdaWithIamAccessEnvironment, LambdaWithIamAccessProps } from './types'
4
+ import * as iam from 'aws-cdk-lib/aws-iam'
5
+ import * as lambda from 'aws-cdk-lib/aws-lambda'
6
+ import * as secretsManager from 'aws-cdk-lib/aws-secretsmanager'
7
+
8
+ /**
9
+ * @category cdk-utils.lambda-with-iam-access
10
+ * @subcategory construct
11
+ * @classdesc Provides a construct to create a lambda function with IAM access
12
+ *
13
+ * @example
14
+ * import { LambdaWithIamAccess, LambdaWithIamAccessProps } '@gradientedge/cdk-utils'
15
+ * import { Construct } from 'constructs'
16
+ *
17
+ * class CustomConstruct extends LambdaWithIamAccess {
18
+ * constructor(parent: Construct, id: string, props: LambdaWithIamAccessProps) {
19
+ * super(parent, id, props)
20
+ * this.props = props
21
+ * this.id = id
22
+ * this.initResources()
23
+ * }
24
+ * }
25
+ * @mixin
26
+ */
27
+ export class LambdaWithIamAccess extends CommonConstruct {
28
+ /* LambdaWithIamAccess props */
29
+ props: LambdaWithIamAccessProps
30
+ id: string
31
+
32
+ /* LambdaWithIamAccess resources */
33
+ lambdaPolicy: iam.PolicyDocument
34
+ lambdaRole: iam.Role
35
+ lambdaEnvironment: LambdaWithIamAccessEnvironment
36
+ lambdaLayers: lambda.LayerVersion[]
37
+ lambdaFunction: lambda.Function
38
+ lambdaIamUser: iam.User
39
+ lambdaUserAccessKey: iam.CfnAccessKey
40
+ lambdaUserAccessSecret: secretsManager.Secret
41
+
42
+ protected constructor(parent: Construct, id: string, props: LambdaWithIamAccessProps) {
43
+ super(parent, id, props)
44
+
45
+ this.props = props
46
+ this.id = id
47
+ }
48
+
49
+ /**
50
+ * @summary Initialise and provision resources
51
+ * @protected
52
+ */
53
+ public initResources() {
54
+ this.createLambdaPolicy()
55
+ this.createLambdaRole()
56
+ this.createLambdaEnvironment()
57
+ this.createLambdaLayers()
58
+ this.createLambdaFunction()
59
+ this.createIamUserForLambdaFunction()
60
+ this.createIamSecretForLambdaFunction()
61
+ }
62
+
63
+ /**
64
+ * @summary Method to create iam policy for Lambda function
65
+ * @protected
66
+ */
67
+ protected createLambdaPolicy() {
68
+ this.lambdaPolicy = new iam.PolicyDocument({
69
+ statements: [this.iamManager.statementForCreateAnyLogStream()],
70
+ })
71
+ }
72
+
73
+ /**
74
+ * @summary Method to create iam role for Lambda function
75
+ * @protected
76
+ */
77
+ protected createLambdaRole() {
78
+ this.lambdaRole = this.iamManager.createRoleForLambda(`${this.id}-lambda-role`, this, this.lambdaPolicy)
79
+ }
80
+
81
+ /**
82
+ * @summary Method to create environment variables for Lambda function
83
+ * @protected
84
+ */
85
+ protected createLambdaEnvironment() {
86
+ this.lambdaEnvironment = {
87
+ NODE_ENV: this.props.nodeEnv,
88
+ LOG_LEVEL: this.props.logLevel,
89
+ TZ: this.props.timezone,
90
+ }
91
+ }
92
+
93
+ /**
94
+ * @summary Method to create layers for Lambda function
95
+ * @protected
96
+ */
97
+ protected createLambdaLayers() {
98
+ const layers: lambda.LayerVersion[] = []
99
+
100
+ if (!this.props.lambdaLayerSources) return
101
+
102
+ this.props.lambdaLayerSources.forEach((source: lambda.AssetCode, index: number) => {
103
+ layers.push(this.lambdaManager.createLambdaLayer(`${this.id}-layer-${index}`, this, source))
104
+ })
105
+
106
+ this.lambdaLayers = layers
107
+ }
108
+
109
+ /**
110
+ * @summary Method to create lambda function
111
+ * @protected
112
+ */
113
+ protected createLambdaFunction() {
114
+ this.lambdaFunction = this.lambdaManager.createLambdaFunction(
115
+ `${this.id}-lambda`,
116
+ this,
117
+ this.props.lambda,
118
+ this.lambdaRole,
119
+ this.lambdaLayers,
120
+ this.props.lambdaSource,
121
+ this.props.lambdaHandler || 'index.handler',
122
+ this.lambdaEnvironment
123
+ )
124
+ }
125
+
126
+ /**
127
+ * @summary Method to create iam user for the lambda function
128
+ * @protected
129
+ */
130
+ protected createIamUserForLambdaFunction() {
131
+ this.lambdaIamUser = new iam.User(this, `${this.id}-lambda-user`, {
132
+ userName: `${this.id}-user-${this.props.stage}`,
133
+ })
134
+
135
+ new iam.Policy(this, `${this.id}-lambda-user-policy`, {
136
+ policyName: `${this.id}-policy-${this.props.stage}`,
137
+ statements: [
138
+ new iam.PolicyStatement({
139
+ resources: [this.lambdaFunction.functionArn],
140
+ actions: ['lambda:InvokeFunction'],
141
+ }),
142
+ ],
143
+ users: [this.lambdaIamUser],
144
+ })
145
+
146
+ this.lambdaUserAccessKey = new iam.CfnAccessKey(this, `${this.id}-access-key-${this.props.stage}`, {
147
+ userName: this.lambdaIamUser.userName,
148
+ })
149
+ }
150
+
151
+ /**
152
+ * @summary Method to create iam secret for the lambda function
153
+ * @protected
154
+ */
155
+ protected createIamSecretForLambdaFunction() {
156
+ this.lambdaUserAccessSecret = new secretsManager.Secret(
157
+ this,
158
+ `${this.id}-lambda-user-secret-${this.props.stage}`,
159
+ this.props.lambdaSecret
160
+ )
161
+
162
+ const cfnSecret = this.lambdaUserAccessSecret.node.defaultChild as secretsManager.CfnSecret
163
+ cfnSecret.generateSecretString = undefined
164
+ cfnSecret.secretString = `{ "ACCESS_KEY_ID": "${this.lambdaUserAccessKey.ref}", "ACCESS_KEY_SECRET": "${this.lambdaUserAccessKey.attrSecretAccessKey}" }`
165
+ }
166
+ }
package/src/lib/construct/lambda-with-iam-access/types.ts ADDED
@@ -0,0 +1,16 @@
1
+ import { CommonStackProps, LambdaEnvironment, LambdaProps } from '../../types'
2
+ import * as lambda from 'aws-cdk-lib/aws-lambda'
3
+ import { SecretProps } from 'aws-cdk-lib/aws-secretsmanager'
4
+
5
+ export interface LambdaWithIamAccessProps extends CommonStackProps {
6
+ lambda: LambdaProps
7
+ lambdaHandler?: string
8
+ lambdaLayerSources: lambda.AssetCode[]
9
+ lambdaSecret: SecretProps
10
+ lambdaSource: lambda.AssetCode
11
+ logLevel: string
12
+ nodeEnv: string
13
+ timezone: string
14
+ }
15
+
16
+ export interface LambdaWithIamAccessEnvironment extends LambdaEnvironment {}