@infoxchange/make-it-so-sst-v2 3.0.1

package/.editorconfig

@@ -0,0 +1,16 @@
+root = true
+
+[*]
+end_of_line = lf
+charset = utf-8
+
+[{*.js,*.json,*.ts,*.md,*.yml,*.yaml}]
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.js]
+block_comment_start = /**
+block_comment = *
+block_comment_end = */

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Callum Gare
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,377 @@
+# Make It So (for SST v2 - see main branch for SST v3 support)
+
+[![NPM Version](https://img.shields.io/npm/v/%40infoxchange%2Fmake-it-so-sst-v2)](https://www.npmjs.com/package/@infoxchange/make-it-so-sst-v2)
+
+A helpful little library that allows you to deploy apps on Infoxchange's (IX) infrastructure without having to specify all the implementation details that are specific to IX's deployment environment. You tell it what you want and it will worry about making it happen. Most of the heavily lifting is done by [SST (version 2)](https://v2.sst.dev/what-is-sst) which is extending to take care the IX related specifics.
+
+## Installation
+
+```shell
+# NPM
+npm --save-dev @infoxchange/make-it-so-sst-v2
+# Yarn
+yarn add --dev @infoxchange/make-it-so-sst-v2
+```
+
+## Features
+
+### deployConfig
+
+The IX pipeline provides certain information about the deployment currently in progress via environment variables. deployConfig gives you a friendly (and typed) way to access these details.
+
+```typescript
+import deployConfig, {
+  getDeployConfig,
+} from "@infoxchange/make-it-so-sst-v2/deployConfig";
+
+if (deployConfig.isIxDeploy) {
+  console.log(
+    `Deploying ${deployConfig.appName} into ${deployConfig.environment}`,
+  );
+} else {
+  console.log(`Not deploying via the IX deploy pipeline`);
+}
+
+// Will return the same object but calculated when the function is run rather than when imported. Useful if any IX
+// deployment related environment variables are changed at runtime.
+console.log(getDeployConfig());
+```
+
+<details>
+<summary><strong>Full list of available deployment properties</strong></summary>
+
+| Name              | Description                            | Type for IX Deploy                 | Type for non-IX Deploy |
+| ----------------- | -------------------------------------- | ---------------------------------- | ---------------------- |
+| isIxDeploy        | Is deploying via IX pipeline or not    | true                               | false                  |
+| appName           | Name of app being deployed             | string                             | string                 |
+| environment       | Name of env app is being deployed to   | "dev" \| "test" \| "uat" \| "prod" | string                 |
+| workloadGroup     | The workload group of the app          | "ds" \| "srs"                      | string                 |
+| primaryAwsRegion  | AWS Region used by IX                  | "ap-southeast-2"                   | string                 |
+| siteDomains       | Domains for the app to use             | string[]                           | string[]               |
+| siteDomainAliases | Domains to be redirected to primary    | string[]                           | string[]               |
+| isInternalApp     | If app is for internal usage           | boolean                            | boolean \| undefined   |
+| deploymentType    | What pipeline type is being used       | "docker" \| "serverless"           | string                 |
+| sourceCommitRef   | The git commit ref of deployed code    | string                             | string                 |
+| sourceCommitHash  | The git commit hash of deployed code   | string                             | string                 |
+| deployTriggeredBy | Config commit id that triggered deploy | string                             | string                 |
+| smtpHost          | SMTP host for the app to use           | string                             | string                 |
+| smtpPort          | SMTP port for the app to use           | number                             | number \| undefined    |
+| clamAVUrl         | ClamAV instance url for the app to use | string                             | string                 |
+
+</details>
+
+### CDK Constructs
+
+<details>
+<summary><strong>IxNextjsSite</strong> - Deploys a serverless instance of a Next.js.</summary>
+
+IxNextjsSite extends [SST's NextjsSite](https://v2.sst.dev/constructs/NextjsSite) with a few minor changes to the props
+and behaviour.
+
+If the `customDomain` prop is not set then the first site domain provided by the IX deployment pipeline will be used as the primary custom domain, any additional domains (if there are any) will be used as alternative domain names and the first pipeline provided domain alias domain will be used will be used as a domain alias. This behaviour of setting pipeline configuring custom domains can be avoided by providing a value for `customDomain` (including explicitly setting it to `undefined` which will ensure no customDomain is used).
+
+If `isIxManagedDomain` is true (which is the case if `customDomain` is set automatically using pipeline provided values) and no custom certificate is given then one will be created for any custom domains given (including alternative domain names which the base SST construct doesn't currently do).
+
+Also if `isIxManagedDomain` is true DNS records will be automatically created for them.
+
+It will also automatically attach the site to the standard IX VPC created in each workload account (unless you
+explicitly pass other VPC details or set the VPC-related props (see the SST doco) to `undefined`) and set the env vars
+`HTTP_PROXY`, `http_proxy`, `HTTPS_PROXY` and `https_proxy` to the HTTP Proxy for the VPC.
+
+Unlike [NextjsSite](https://v2.sst.dev/constructs/NextjsSite), any environment variables set with `stackOrApp.setDefaultFunctionProps()` or
+`stackOrApp.addDefaultFunctionEnv()` will be inherited by the IxNextjsSite lambda functions.
+
+#### Options:
+
+| Prop                                 | Type                                                             | Description                                                                                                                                                                                                                                                                                                                |
+| ------------------------------------ | ---------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [...NextjsSiteProps]                 |                                                                  | Any props accepted by [SST's NextjsSite](https://v2.sst.dev/constructs/NextjsSite)                                                                                                                                                                                                                                         |
+| customDomain.isIxManagedDomain       | boolean                                                          | (optional) If true will attempt to create DNS records and certs for it using the IX shared infra. Only required if explicitly setting customDomains and you want DNS records + certs setup for them                                                                                                                        |
+| customDomain.additionalDomainAliases | string[]                                                         | (optional) Works like `customDomain.domainAlias` but `domainAlias` only allows one domain, additionalDomainAliases allows setting additional domains                                                                                                                                                                       |
+| environment                          | Record<string, string \| {buildtime?: string, runtime?: string}> | (optional) As well as accepting strings for environment variable values as is already done by [NextjsSite](https://v2.sst.dev/constructs/NextjsSite) it also accepts an object with the properties `buildtime` and/or `runtime` which allows you to customise the environment variable value during those different steps. |
+| auth                                 | object                                                           | (optional) If provided will put the site behind auth.                                                                                                                                                                                                                                                                      |
+| auth.oidc                            | object                                                           |                                                                                                                                                                                                                                                                                                                            |
+| auth.oidc.issuerUrl                  | string                                                           | An issuer URL for the OIDC server to use.                                                                                                                                                                                                                                                                                  |
+| auth.oidc.clientId                   | string                                                           | The OIDC client ID to use.                                                                                                                                                                                                                                                                                                 |
+| auth.oidc.scope                      | string                                                           | The scope used for the auth request.                                                                                                                                                                                                                                                                                       |
+| auth.prefix                          | string                                                           | (optional) A custom path to be used for the auth route.                                                                                                                                                                                                                                                                    |
+
+```typescript
+import { IxNextjsSite } from "@infoxchange/make-it-so-sst-v2/cdk-constructs";
+
+const site = new IxNextjsSite(stack, "Site", {
+  environment: {
+    DATABASE_URL: process.env.DATABASE_URL || "",
+    SESSION_SECRET: process.env.SESSION_SECRET || "",
+  },
+  // The default behaviour is the same as if you included:
+  // customDomain: {
+  //   domainName: ixDeployConfig.siteDomains[0],
+  //   alternateNames: ixDeployConfig.siteDomains.slice(1)
+  // },
+});
+```
+
+</details>
+
+<details>
+<summary><strong>IxStaticSite</strong> - Deploys a static site.</summary>
+
+IxNextjsSite extends [SST's StaticSite](https://v2.sst.dev/constructs/StaticSite) and takes the same props with the addition of `isIxManagedDomain` in the `customDomain` property.
+
+If the props `customDomain` is not set then the first site domain provided by the IX deployment pipeline will be used as the primary custom domain, any additional domains (if there are any) will be used as alternative domain names and the first pipeline provided domain alias domain will be used will be used as a domain alias. This behaviour of setting pipeline configuring custom domains can be avoided by providing a value for `customDomain` (including explicitly setting it to `undefined` which will ensure no customDomain is used).
+
+If `isIxManagedDomain` is true (which is the case if `customDomain` is set automatically using pipeline provided values) and no custom certificate is given then one will be created for any custom domains given (including alternative domain names which the base SST construct doesn't currently do).
+
+Also if `isIxManagedDomain` is true DNS records will be automatically created for them.
+
+#### Options:
+
+| Prop                                 | Type     | Description                                                                                                                                                                                         |
+| ------------------------------------ | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [...StaticSiteProps]                 |          | Any props accepted by [SST's StaticSite](https://v2.sst.dev/constructs/StaticSite)                                                                                                                  |
+| customDomain.isIxManagedDomain       | boolean  | (optional) If true will attempt to create DNS records and certs for it using the IX shared infra. Only required if explicitly setting customDomains and you want DNS records + certs setup for them |
+| customDomain.additionalDomainAliases | string[] | (optional) Works like `customDomain.domainAlias` but `domainAlias` only allows one domain, additionalDomainAliases allows setting additional domains                                                |
+| auth                                 | object   | (optional) If provided will put the site behind auth.                                                                                                                                               |
+| auth.oidc                            | object   |                                                                                                                                                                                                     |
+| auth.oidc.issuerUrl                  | string   | An issuer URL for the OIDC server to use.                                                                                                                                                           |
+| auth.oidc.clientId                   | string   | The OIDC client ID to use.                                                                                                                                                                          |
+| auth.oidc.scope                      | string   | The scope used for the auth request.                                                                                                                                                                |
+| auth.prefix                          | string   | (optional) A custom path to be used for the auth route.                                                                                                                                             |
+
+```typescript
+import { IxStaticSite } from "@infoxchange/make-it-so-sst-v2/cdk-constructs";
+
+const site = new IxStaticSite(stack, "Site", {
+  environment: {
+    DOOHICKEY_NAME: process.env.DOOHICKEY_NAME || "",
+  },
+  // The default behaviour is the same as if you included:
+  // customDomain: {
+  //   domainName: ixDeployConfig.siteDomains[0],
+  //   alternateNames: ixDeployConfig.siteDomains.slice(1)
+  // },
+});
+```
+
+</details>
+
+<details>
+<summary><strong>IxApi</strong> - Deploys an instance of API Gateway.</summary>
+
+IxApi extends [SST's Api](https://v2.sst.dev/constructs/Api) and takes the exact same props.
+
+It will automatically create certificates and DNS records for a single domain that the API should deploy to. If the props `customDomain` is not set the first site domain provided by the IX deployment pipeline will be used as the domain. Explicitly setting `customDomain` to `undefined` will ensure no customDomain is used. Regardless of if a custom domain is set, the API Gateway will still be accessible via the 'api-id.execute-api.region.amazonaws.com' url.
+
+```typescript
+import { IxApi } from "@infoxchange/make-it-so-sst-v2/cdk-constructs";
+
+const site = new IxApi(stack, "api", {
+  // The default behaviour is the same as if you included:
+  // customDomain: {
+  //   domainName: ixDeployConfig.siteDomains[0],
+  // },
+});
+```
+
+</details>
+
+<details>
+<summary><strong>IxElasticache</strong> - Deploys an AWS Elasticache cluster, either the redis or the memcached flavour.</summary>
+
+It will also automatically attach the cluster to the standard IX VPC created in each workload account (unless you explicitly pass a different VPC to be attached with the vpc prop or set the vpc prop to `undefined` which will stop any VPC being attached).
+
+```typescript
+import { IxElasticache } from "@infoxchange/make-it-so-sst-v2/cdk-constructs";
+
+const redisCluster = new IxElasticache(stack, "elasticache", {
+  autoMinorVersionUpgrade: true,
+  cacheNodeType: "cache.t2.small",
+  engine: "redis",
+  numCacheNodes: 1,
+});
+```
+
+#### Options:
+
+| Prop                      | Type     | Description                                                                                                                                           |
+| ------------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
+| vpc                       | IVpc     | (optional) A VPC to attach if not using default IX VPC                                                                                                |
+| vpcSubnetIds              | string[] | (optional) List of IDs of subnets to be used if not using default IX VPC subnets                                                                      |
+| [...CfnCacheClusterProps] |          | Any props accepted by [CfnCacheCluster](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticache.CfnCacheCluster.html#construct-props) |
+
+#### Properties:
+
+| Properties       | Type            | Description                                                      |
+| ---------------- | --------------- | ---------------------------------------------------------------- |
+| connectionString | string          | A string with all the details required to connect to the cluster |
+| cluster          | CfnCacheCluster | An AWS CDK CfnCacheCluster instance                              |
+
+</details>
+
+<details>
+<summary><strong>IxCertificate</strong> - Creates a new DNS validated ACM certificate for a domain managed by IX.</summary>
+
+```typescript
+import { IxCertificate } from "@infoxchange/make-it-so-sst-v2/cdk-constructs";
+
+const domainCert = new IxCertificate(scope, "ExampleDotComCertificate", {
+  domainName: "example.com",
+  subjectAlternativeNames: ["other-domain.com"],
+  region: "us-east-1",
+});
+```
+
+#### Options:
+
+| Prop                    | Type     | Description                                                     |
+| ----------------------- | -------- | --------------------------------------------------------------- |
+| domainName              | string   | Domain name for cert                                            |
+| subjectAlternativeNames | string[] | (optional) Any domains for the certs "Subject Alternative Name" |
+| region                  | string   | (optional) The AWS region to create the cert in                 |
+
+</details>
+
+<details>
+<summary><strong>IxDnsRecord</strong> - Creates a DNS record for a domain managed by IX.</summary>
+
+Route53 HostedZones for IX managed domains live in the dns-hosting AWS account so if a workload AWS account requires a DNS record to be created this must be done "cross-account". IxDnsRecord handles that part for you. Just give it the details for the DNS record itself and IxDnsRecord will worry about creating it.
+
+```typescript
+import { IxDnsRecord } from "@infoxchange/make-it-so-sst-v2/cdk-constructs";
+
+new IxDnsRecord(scope, "IxDnsRecord", {
+  type: "A",
+  name: "example.com",
+  value: "1.1.1.1",
+  ttl: 900,
+});
+```
+
+#### Options:
+
+| Prop         | Type                                                        | Description                                                                                                                                                                                                                     |
+| ------------ | ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| type         | "A" \| "CNAME" \| "NS" \| "SOA" \| "ALIAS" \| "TXT" \| "MX" | DNS record type                                                                                                                                                                                                                 |
+| name         | string                                                      | DNS record FQDN                                                                                                                                                                                                                 |
+| value        | string                                                      | DNS record value                                                                                                                                                                                                                |
+| ttl          | number                                                      | (optional) TTL value for DNS record                                                                                                                                                                                             |
+| hostedZoneId | string                                                      | (optional) The ID of the Route53 HostedZone belonging to the dns-hosting account in which to create the DNS record. If not given the correct HostedZone will be inferred from the domain in the "value" prop.                   |
+| aliasZoneId  | string                                                      | (only needed if type = "Alias") the Route53 HostedZone that the target of the alias record lives in. Generally this will be the well known ID of a HostedZone for a AWS service itself that is managed by AWS, not an end-user. |
+| priority     | number                                                      | (only needed if type = "MX") The priority level of the MX record.                                                                                                                                                               |
+
+</details>
+
+<details>
+<summary><strong>IxSESIdentity</strong> - Creates an SES domain identity for a domain managed by IX.</summary>
+
+```typescript
+import { IxSESIdentity } from "@infoxchange/make-it-so-sst-v2/cdk-constructs";
+
+new IxSESIdentity(scope, "IxSESIdentity", {
+  // Email identity domain will be: example.dev.ixapps.org
+  // Custom mail from domain will be: info.example.dev.ixapps.org
+  domain: "example.dev.ixapps.org",
+  mailFromSubdomain: "info", // optional, "mail" will be used otherwise
+});
+```
+
+#### Options:
+
+| Prop              | Type   | Description                                                                                                                                                                           |
+| ----------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| domain            | string | The domain of the identity. An email address can also be provided in which case the domain will be extracted from the email.                                                          |
+| mailFromSubdomain | string | (optional) by default the custom mail from domain will be `mail.${domain}`. This lets you change that. It should be given as just the subdomain part, not the fully qualified domain. |
+
+</details>
+
+<details>
+<summary><strong>IxWebsiteRedirect</strong> - Creates a redirect from one domain to another.</summary>
+
+```typescript
+import { IxWebsiteRedirect } from "@infoxchange/make-it-so-sst-v2/cdk-constructs";
+
+new IxWebsiteRedirect(scope, "WebsiteRedirect", {
+  recordNames: ["www.example.com", "othersubdomain.example.com"],
+  targetDomain: "www.example.com",
+});
+```
+
+#### Options:
+
+| Prop         | Type                                                                                                             | Description                                                                                   |
+| ------------ | ---------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- |
+| targetDomain | string                                                                                                           | The domain to redirect to                                                                     |
+| recordNames  | string[]                                                                                                         | The domains to redirect from                                                                  |
+| certificate  | [ICertificate](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_certificatemanager.ICertificate.html) | (optional) The certificate to use when serving the redirect, one will be created if not given |
+
+</details>
+
+<details>
+<summary><strong>IxVpcDetails</strong> - Fetches the standard VPC and subnets that exist in all IX workload aws accounts.</summary>
+
+```typescript
+import { IxVpcDetails } from "@infoxchange/make-it-so-sst-v2/cdk-constructs";
+
+const vpcDetails = new IxVpcDetails(scope, "VpcDetails");
+```
+
+#### Options:
+
+| Prop                    | Type     | Description                                                     |
+| ----------------------- | -------- | --------------------------------------------------------------- |
+| domainName              | string   | Domain name for cert                                            |
+| subjectAlternativeNames | string[] | (optional) Any domains for the certs "Subject Alternative Name" |
+| region                  | string   | (optional) The AWS region to create the cert in                 |
+
+</details>
+
+## Example App Using Make It So
+
+To deploy a Next.js based site you would include a `sst.config.ts` file at the root of repo with contents like this:
+
+```typescript
+import { SSTConfig } from "sst";
+import { IxNextjsSite } from "@infoxchange/make-it-so-sst-v2/cdk-constructs";
+import deployConfig from "@infoxchange/make-it-so-sst-v2/deployConfig";
+
+export default {
+  config: () => ({
+    name: deployConfig.appName || "fallback-app-name",
+    region: deployConfig.primaryAwsRegion,
+  }),
+  stacks(app) {
+    app.stack(
+      ({ stack }) => {
+        const site = new IxNextjsSite(stack, "site", {
+          environment: {
+            DATABASE_URL: process.env.DATABASE_URL || "",
+            SESSION_SECRET: process.env.SESSION_SECRET || "",
+          },
+        });
+
+        stack.addOutputs({
+          SiteUrl: site.primaryOrigin,
+        });
+      },
+      { stackName: `${app.name}-${app.stage}` }, // Use the same stack name format as our docker apps
+    );
+  },
+} satisfies SSTConfig;
+```
+
+Then simply configure the IX pipeline to deploy that repo as a serverless app. Note it is important that any AWS CDK libraries included in package.json match version match the version used by SST.
+
+# The Name
+
+Honestly I've never seen Star Trek but I figured the name is appropriate since the goal of this library is to allow you, the user, to deploy applications by stating what you want and letting someone else handle the nitty gritty details of how to actually implement it.
+
+# Development and Contributing
+
+Changes to the main branch automatically trigger the CI to build and publish to npm. We do this with [semantic-release](https://semantic-release.gitbook.io/) which uses commit messages to determine what the new version number should be.
+
+Commit messages must be formatted in the [Conventional Commits](https://www.conventionalcommits.org) style to allow semantic-release to generate release notes based on the git history. To help with this the CLI tool for creating a commit with a valid commit message can be used via `npm run commit`.
+
+If adding a new construct the easiest way to develop it maybe by building it in whatever app repo it is intended to be used in. When it appears to be working correctly it can be moved into make-it-so and the app can be updated to import that construct from make-it-so.
+
+To test change a change in make-it-so create a branch starting with the prefix "internal-testing-". When pushed the CI will release a new package with a pre-release version. It'll look a little something like `2.1.3-internal-testing-name-of-feature.3`. A serverless app using make-it-so can be modified to use this package version and then deployed to a dev environment to test that the make-it-so changes are functioning correctly. Once a change has been merged into main and there are no serverless apps using the pre-release package any more it's a good idea to [delete that version](https://docs.npmjs.com/unpublishing-packages-from-the-registry#unpublishing-a-single-version-of-a-package) to keep the [npm package version history clean](https://www.npmjs.com/package/@infoxchange/make-it-so-sst-v2?activeTab=versions).

package/commitlint.config.ts

@@ -0,0 +1,14 @@
+import type { UserConfig } from "@commitlint/types";
+
+export default {
+  ignores: [
+    (message) =>
+      // Allow "wip" commits except when publishing a production release or on PR CI jobs
+      process.env.GITHUB_EVENT_NAME !== "pull_request" &&
+      (process.env.GITHUB_WORKFLOW !== "Publish" ||
+        (process.env.GITHUB_REF_NAME?.startsWith("internal-testing-") ??
+          true)) &&
+      (message === "wip" || message.startsWith("wip:")),
+  ],
+  extends: ["@commitlint/config-conventional"],
+} satisfies UserConfig;

package/dist/cdk-constructs/IxApi.d.ts

@@ -0,0 +1,12 @@
+import { Api } from "sst/constructs";
+type ConstructScope = ConstructorParameters<typeof Api>[0];
+type ConstructId = ConstructorParameters<typeof Api>[1];
+type ConstructProps = Exclude<ConstructorParameters<typeof Api>[2], undefined>;
+export declare class IxApi extends Api {
+    constructor(scope: ConstructScope, id: ConstructId, props?: ConstructProps);
+    private static setupCustomDomain;
+    private static setupCertificate;
+    private createDnsRecords;
+}
+export {};
+//# sourceMappingURL=IxApi.d.ts.map

package/dist/cdk-constructs/IxApi.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IxApi.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/IxApi.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAMrC,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3D,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AACxD,KAAK,cAAc,GAAG,OAAO,CAAC,qBAAqB,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;AAE/E,qBAAa,KAAM,SAAQ,GAAG;gBAE1B,KAAK,EAAE,cAAc,EACrB,EAAE,EAAE,WAAW,EACf,KAAK,GAAE,cAAmB;IAc5B,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAgBhC,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAuB/B,OAAO,CAAC,gBAAgB;CAazB"}

package/dist/cdk-constructs/IxApi.js

@@ -0,0 +1,56 @@
+import { Api } from "sst/constructs";
+import { IxCertificate } from "./IxCertificate.js";
+import { IxDnsRecord } from "./IxDnsRecord.js";
+import ixDeployConfig from "../deployConfig.js";
+import { convertToBase62Hash } from "../lib/utils/hash.js";
+export class IxApi extends Api {
+    constructor(scope, id, props = {}) {
+        if (ixDeployConfig.isIxDeploy) {
+            IxApi.setupCustomDomain(scope, id, props);
+        }
+        super(scope, id, props);
+        if (ixDeployConfig.isIxDeploy) {
+            this.createDnsRecords(scope);
+        }
+    }
+    // This must be static because we need to call it in the constructor before super
+    static setupCustomDomain(scope, id, props) {
+        // Default to using domains names passed in by the pipeline as the custom domain
+        if (ixDeployConfig.isIxDeploy && !("customDomain" in props)) {
+            props.customDomain = {
+                domainName: ixDeployConfig.siteDomains[0],
+            };
+        }
+        this.setupCertificate(scope, id, props);
+    }
+    // This must be static because we need to call it in the constructor before super
+    static setupCertificate(scope, id, props) {
+        if (!props?.customDomain)
+            return;
+        if (typeof props.customDomain === "string") {
+            props.customDomain = { domainName: props.customDomain };
+        }
+        const domainName = props.customDomain.domainName;
+        if (domainName) {
+            const domainCert = new IxCertificate(scope, id + "-IxCertificate", {
+                domainName,
+                region: "ap-southeast-2", // API Gateway wants southeast-2.
+            });
+            props.customDomain.isExternalDomain = true;
+            props.customDomain.cdk = props.customDomain.cdk ?? {};
+            props.customDomain.cdk.certificate = domainCert.acmCertificate;
+        }
+    }
+    createDnsRecords(scope) {
+        if (this.cdk.domainName?.name && this.cdk.domainName?.regionalDomainName) {
+            const domainNameLogicalId = convertToBase62Hash(this.cdk.domainName.name);
+            // API Gateway has a separate domain for using with a CNAME (regionalDomainName)
+            new IxDnsRecord(scope, `DnsRecord-${domainNameLogicalId}`, {
+                type: "CNAME",
+                name: this.cdk.domainName.name,
+                value: this.cdk.domainName?.regionalDomainName,
+                ttl: 900,
+            });
+        }
+    }
+}

package/dist/cdk-constructs/IxBucket.d.ts

@@ -0,0 +1,9 @@
+import { Bucket } from "sst/constructs";
+type ConstructScope = ConstructorParameters<typeof Bucket>[0];
+type ConstructId = ConstructorParameters<typeof Bucket>[1];
+type ConstructProps = Exclude<ConstructorParameters<typeof Bucket>[2], undefined>;
+export declare class IxBucket extends Bucket {
+    constructor(scope: ConstructScope, id: ConstructId, props?: ConstructProps);
+}
+export {};
+//# sourceMappingURL=IxBucket.d.ts.map

package/dist/cdk-constructs/IxBucket.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IxBucket.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/IxBucket.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAIxC,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9D,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3D,KAAK,cAAc,GAAG,OAAO,CAC3B,qBAAqB,CAAC,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC,EACvC,SAAS,CACV,CAAC;AAEF,qBAAa,QAAS,SAAQ,MAAM;gBAEhC,KAAK,EAAE,cAAc,EACrB,EAAE,EAAE,WAAW,EACf,KAAK,GAAE,cAAmB;CAmB7B"}

package/dist/cdk-constructs/IxBucket.js

@@ -0,0 +1,22 @@
+import { Bucket } from "sst/constructs";
+import { BucketEncryption } from "aws-cdk-lib/aws-s3";
+import ixDeployConfig from "../deployConfig.js";
+export class IxBucket extends Bucket {
+    constructor(scope, id, props = {}) {
+        const bucketProps = {
+            blockPublicACLs: true,
+            ...props,
+            cdk: {
+                ...props.cdk,
+                bucket: {
+                    enforceSSL: true,
+                    ...(ixDeployConfig.isIxDeploy
+                        ? { encryption: BucketEncryption.S3_MANAGED }
+                        : {}),
+                    ...props.cdk?.bucket,
+                },
+            },
+        };
+        super(scope, id, bucketProps);
+    }
+}

package/dist/cdk-constructs/IxCertificate.d.ts

@@ -0,0 +1,16 @@
+import { Construct } from "constructs";
+import { ICertificate } from "aws-cdk-lib/aws-certificatemanager";
+type ConstructScope = ConstructorParameters<typeof Construct>[0];
+type ConstructId = ConstructorParameters<typeof Construct>[1];
+type Props = {
+    domainName: string;
+    subjectAlternativeNames?: string[];
+    region?: string;
+};
+export declare class IxCertificate extends Construct {
+    acmCertificate: ICertificate;
+    constructor(scope: ConstructScope, id: ConstructId, props: Props);
+    private createCertificate;
+}
+export {};
+//# sourceMappingURL=IxCertificate.d.ts.map

package/dist/cdk-constructs/IxCertificate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IxCertificate.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/IxCertificate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,OAAO,EAAe,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAG/E,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,KAAK,KAAK,GAAG;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,qBAAa,aAAc,SAAQ,SAAS;IACnC,cAAc,EAAE,YAAY,CAAC;gBAExB,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAKhE,OAAO,CAAC,iBAAiB;CA+B1B"}

package/dist/cdk-constructs/IxCertificate.js

@@ -0,0 +1,26 @@
+import { Construct } from "constructs";
+import { StringParameter } from "aws-cdk-lib/aws-ssm";
+import { Certificate } from "aws-cdk-lib/aws-certificatemanager";
+import { CustomResource } from "aws-cdk-lib";
+export class IxCertificate extends Construct {
+    acmCertificate;
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.acmCertificate = this.createCertificate(scope, id, props);
+    }
+    createCertificate(scope, id, props) {
+        const certificateCreationLambdaArn = StringParameter.valueForStringParameter(scope, "/shared-services/acm/lambdaArn-v2");
+        const certificateCustomResource = new CustomResource(scope, "DomainCert-" + id, {
+            resourceType: "Custom::CertIssuingLambda",
+            serviceToken: certificateCreationLambdaArn,
+            properties: {
+                DomainName: props.domainName,
+                ...(props.subjectAlternativeNames && {
+                    SubjectAlternativeNames: props.subjectAlternativeNames,
+                }),
+                ...(props.region && { CertificateIssuingRegion: props.region }),
+            },
+        });
+        return Certificate.fromCertificateArn(scope, id + "-AwsCertificate", certificateCustomResource.ref);
+    }
+}

package/dist/cdk-constructs/IxDnsRecord.d.ts

@@ -0,0 +1,23 @@
+import { Construct } from "constructs";
+type ConstructScope = ConstructorParameters<typeof Construct>[0];
+type ConstructId = ConstructorParameters<typeof Construct>[1];
+type Props = {
+    name: string;
+    value: string;
+    ttl?: number;
+    hostedZoneId?: string;
+} & ({
+    type: "A" | "CNAME" | "NS" | "SOA" | "TXT";
+} | {
+    type: "ALIAS";
+    aliasZoneId: string;
+} | {
+    type: "MX";
+    priority: number;
+});
+export declare class IxDnsRecord extends Construct {
+    constructor(scope: ConstructScope, id: ConstructId, props: Props);
+    private createDnsRecord;
+}
+export {};
+//# sourceMappingURL=IxDnsRecord.d.ts.map

package/dist/cdk-constructs/IxDnsRecord.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IxDnsRecord.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/IxDnsRecord.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAKvC,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,KAAK,KAAK,GAAG;IACX,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,GAAG,CACA;IACE,IAAI,EAAE,GAAG,GAAG,OAAO,GAAG,IAAI,GAAG,KAAK,GAAG,KAAK,CAAC;CAC5C,GACD;IACE,IAAI,EAAE,OAAO,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB,GACD;IACE,IAAI,EAAE,IAAI,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;CAClB,CACJ,CAAC;AAEF,qBAAa,WAAY,SAAQ,SAAS;gBAC5B,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAKhE,OAAO,CAAC,eAAe;CA6CxB"}