@gradientedge/cdk-utils 8.99.1 → 8.101.0

package/dist/src/lib/services/aws/identity-access-management/main.d.ts

@@ -207,6 +207,14 @@ export declare class IamManager {
      * @param servicePrinicpal
      */
     createRoleForLambda(id: string, scope: CommonConstruct, policy: iam.PolicyDocument, servicePrinicpal?: iam.ServicePrincipal): cdk.aws_iam.Role;
+    /**
+     * @summary Method to create iam statement for appconfig secrets manager integration
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param policy
+     * @param servicePrinicpal
+     */
+    createRoleForAppConfigSecrets(id: string, scope: CommonConstruct, policy: iam.PolicyDocument, servicePrinicpal?: iam.ServicePrincipal): cdk.aws_iam.Role;
     /**
      * @summary Method to create iam statement for step function execution
      * @param id scoped id of the resource

package/dist/src/lib/services/aws/identity-access-management/main.js

@@ -499,6 +499,24 @@ class IamManager {
         utils.createCfnOutput(`${id}Name`, scope, role.roleName);
         return role;
     }
+    /**
+     * @summary Method to create iam statement for appconfig secrets manager integration
+     * @param id scoped id of the resource
+     * @param scope scope in which this resource is defined
+     * @param policy
+     * @param servicePrinicpal
+     */
+    createRoleForAppConfigSecrets(id, scope, policy, servicePrinicpal) {
+        const role = new iam.Role(scope, `${id}`, {
+            assumedBy: servicePrinicpal ?? new iam.ServicePrincipal('appconfig.amazonaws.com'),
+            description: `Role for ${id} AppConfig Secrets`,
+            inlinePolicies: { policy },
+            roleName: `${id}-${scope.props.stage}`,
+        });
+        utils.createCfnOutput(`${id}Arn`, scope, role.roleArn);
+        utils.createCfnOutput(`${id}Name`, scope, role.roleName);
+        return role;
+    }
     /**
      * @summary Method to create iam statement for step function execution
      * @param id scoped id of the resource

package/dist/src/lib/services/aws/secrets-manager/main.d.ts

@@ -35,9 +35,9 @@ export declare class SecretsManager {
     retrieveSecretFromSecretsManager(id: string, scope: CommonConstruct, stackName: string, exportName: string): cdk.aws_secretsmanager.ISecret;
     /**
      * @summary Method to resolve secret value from a secret using AWS SDK
-     * @param scope scope in which this resource is defined
+     * @param region the region in which the secret is defined
      * @param secretId the secret name/ARN
      * @param secretKey the secret key to resolve the value for
      */
-    resolveSecretValue(scope: CommonConstruct, secretId: string, secretKey: string): Promise<any>;
+    resolveSecretValue(region: string, secretId: string, secretKey: string): Promise<any>;
 }

package/dist/src/lib/services/aws/secrets-manager/main.js

@@ -72,14 +72,14 @@ class SecretsManager {
     }
     /**
      * @summary Method to resolve secret value from a secret using AWS SDK
-     * @param scope scope in which this resource is defined
+     * @param region the region in which the secret is defined
      * @param secretId the secret name/ARN
      * @param secretKey the secret key to resolve the value for
      */
-    async resolveSecretValue(scope, secretId, secretKey) {
+    async resolveSecretValue(region, secretId, secretKey) {
         const client = new client_secrets_manager_1.SecretsManagerClient({
             credentials: utils.determineCredentials(),
-            region: scope.props.region,
+            region: region,
         });
         const command = new client_secrets_manager_1.GetSecretValueCommand({
             SecretId: secretId,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gradientedge/cdk-utils",
-  "version": "8.99.1",
+  "version": "8.101.0",
   "description": "Utilities for AWS CDK provisioning",
   "main": "dist/index.js",
   "engines": {

package/src/lib/services/aws/identity-access-management/main.ts

@@ -538,6 +538,32 @@ export class IamManager {
     return role
   }
 
+  /**
+   * @summary Method to create iam statement for appconfig secrets manager integration
+   * @param id scoped id of the resource
+   * @param scope scope in which this resource is defined
+   * @param policy
+   * @param servicePrinicpal
+   */
+  public createRoleForAppConfigSecrets(
+    id: string,
+    scope: CommonConstruct,
+    policy: iam.PolicyDocument,
+    servicePrinicpal?: iam.ServicePrincipal
+  ) {
+    const role = new iam.Role(scope, `${id}`, {
+      assumedBy: servicePrinicpal ?? new iam.ServicePrincipal('appconfig.amazonaws.com'),
+      description: `Role for ${id} AppConfig Secrets`,
+      inlinePolicies: { policy },
+      roleName: `${id}-${scope.props.stage}`,
+    })
+
+    utils.createCfnOutput(`${id}Arn`, scope, role.roleArn)
+    utils.createCfnOutput(`${id}Name`, scope, role.roleName)
+
+    return role
+  }
+
   /**
    * @summary Method to create iam statement for step function execution
    * @param id scoped id of the resource

package/src/lib/services/aws/secrets-manager/main.ts

@@ -56,14 +56,14 @@ export class SecretsManager {
 
   /**
    * @summary Method to resolve secret value from a secret using AWS SDK
-   * @param scope scope in which this resource is defined
+   * @param region the region in which the secret is defined
    * @param secretId the secret name/ARN
    * @param secretKey the secret key to resolve the value for
    */
-  public async resolveSecretValue(scope: CommonConstruct, secretId: string, secretKey: string) {
+  public async resolveSecretValue(region: string, secretId: string, secretKey: string) {
     const client = new SecretsManagerClient({
       credentials: utils.determineCredentials(),
-      region: scope.props.region,
+      region: region,
     })
     const command = new GetSecretValueCommand({
       SecretId: secretId,