@infoxchange/make-it-so 1.0.1

package/.editorconfig

@@ -0,0 +1,16 @@
+root = true
+
+[*]
+end_of_line = lf
+charset = utf-8
+
+[{*.js,*.json,*.ts,*.md,*.yml,*.yaml}]
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.js]
+block_comment_start = /**
+block_comment = *
+block_comment_end = */

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Callum Gare
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,173 @@
+# Make It So
+
+[![NPM Version](https://img.shields.io/npm/v/%40infoxchange%2Fmake-it-so)](https://www.npmjs.com/package/@infoxchange/make-it-so)
+
+A helpful little library that allows you to deploy apps on Infoxchange's (IX) infrastructure without having to specify all the implementation details that are specific to IX's deployment environment. You tell it what you want and it will worry about making it happen. Most of the heavily lifting is done by [SST](https://sst.dev/) which is extending to take care the IX related specifics.
+
+## Installation
+
+```shell
+# NPM
+npm --save-dev @infoxchange/make-it-so
+# Yarn
+yarn add --dev @infoxchange/make-it-so
+```
+
+## Features
+
+### deployConfig
+
+The IX pipeline provides certain information about the deployment currently in progress via environment variables. deployConfig gives you a friendly (and typed) way to access these details.
+
+```typescript
+import deployConfig from "@infoxchange/make-it-so/deployConfig";
+
+if (deployConfig.isIxDeploy) {
+  console.log(
+    `Deploying ${deployConfig.appName} into ${deployConfig.environment}`,
+  );
+} else {
+  console.log(`Not deploying via the IX deploy pipeline`);
+}
+```
+
+| Name             | Description                          | Type for IX Deploy | Type for non-IX Deploy |
+| ---------------- | ------------------------------------ | ------------------ | ---------------------- |
+| isIxDeploy       | Is deploying via IX pipeline or not  | true               | false                  |
+| appName          | Name of app being deployed           | string             | undefined              |
+| environment      | Name of env app is being deployed to | string             | undefined              |
+| workloadGroup    | The workload group of the app        | string             | undefined              |
+| primaryAwsRegion | AWS Region used by IX                | string             | undefined              |
+| siteDomains      | Domains to be used by the app        | string[]           | []                     |
+
+### CDK Construct - IxNextjsSite
+
+Deploys a serverless instance of a Next.js. IxNextjsSite extends [SST's NextjsSite](https://docs.sst.dev/constructs/NextjsSite) and takes the exact same props.
+
+It will automatically create certificates and DNS records for any custom domains given (including alternative domain names which SST doesn't currently do). If the props `customDomain` is not set the first site domain provided by the IX deployment pipeline will be used as the primary custom domain and if there is more than one domain the rest will be used as alternative domain names. Explicitly setting `customDomain` to `undefined` will
+
+It will also automatically attach the site to the standard IX VPC created in each workload account (unless you explicitly pass other VPC details or set the VPC-related props (see the SST doco) to `undefined`).
+
+```typescript
+import { IxNextjsSite } from "@infoxchange/make-it-so/cdk-constructs";
+
+const site = new IxNextjsSite(stack, "site", {
+  environment: {
+    DATABASE_URL: process.env.DATABASE_URL || "",
+    SESSION_SECRET: process.env.SESSION_SECRET || "",
+  },
+  // Included by default:
+  // customDomain: {
+  //   domainName: ixDeployConfig.siteDomains[0],
+  //   alternateNames: ixDeployConfig.siteDomains.slice(1)
+  // },
+});
+```
+
+### CDK Construct - IxCertificate
+
+Creates a new DNS validated ACM certificate for a domain managed by IX.
+
+```typescript
+import { IxCertificate } from "@infoxchange/make-it-so/cdk-constructs";
+
+const domainCert = new IxCertificate(scope, "IxCertificate", {
+  domainName: "example.com",
+  subjectAlternativeNames: ["other-domain.com"],
+  region: "us-east-1",
+});
+```
+
+| Prop                    | Type     | Description                                                     |
+| ----------------------- | -------- | --------------------------------------------------------------- |
+| domainName              | string   | Domain name for cert                                            |
+| subjectAlternativeNames | string[] | (optional) Any domains for the certs "Subject Alternative Name" |
+| region                  | string   | (optional) The AWS region to create the cert in                 |
+
+### CDK Construct - IxDnsRecord
+
+Creates a DNS record for a domain managed by IX. Route53 HostedZones for IX managed domains live in the dns-hosting AWS account so if a workload AWS account requires a DNS record to be created this must be done "cross-account". IxDnsRecord handles that part for you. Just give it the details for the DNS record itself and IxDnsRecord will worry about creating it.
+
+```typescript
+import { IxDnsRecord } from "@infoxchange/make-it-so/cdk-constructs";
+
+new IxDnsRecord(scope, `DnsRecord-${domainNameLogicalId}`, {
+  type: "A",
+  name: "example.com",
+  value: "1.1.1.1",
+  ttl: 900,
+});
+```
+
+| Prop         | Type                                       | Description                                                                                                                                                                                                                     |
+| ------------ | ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| type         | "A" \| "CNAME" \| "NS" \| "SOA" \| "ALIAS" | DNS record type                                                                                                                                                                                                                 |
+| name         | string                                     | DNS record FQDN                                                                                                                                                                                                                 |
+| value        | string                                     | DNS record value                                                                                                                                                                                                                |
+| ttl          | number                                     | (optional) TTL value for DNS record                                                                                                                                                                                             |
+| hostedZoneId | string                                     | (optional) The ID of the Route53 HostedZone belonging to the dns-hosting account in which to create the DNS record. If not given the correct HostedZone will be inferred from the domain in the "value" prop.                   |
+| aliasZoneId  | string                                     | (only needed if type = "Alias") the Route53 HostedZone that the target of the alias record lives in. Generally this will be the well known ID of a HostedZone for a AWS service itself that is managed by AWS, not an end-user. |
+
+### CDK Construct - IxVpcDetails
+
+Fetches the standard VPC and subnets that exist in all IX workload aws accounts.
+
+```typescript
+import { IxVpcDetails } from "@infoxchange/make-it-so/cdk-constructs";
+
+const vpcDetails = new IxVpcDetails(scope, id + "-IxVpcDetails");
+```
+
+| Prop                    | Type     | Description                                                     |
+| ----------------------- | -------- | --------------------------------------------------------------- |
+| domainName              | string   | Domain name for cert                                            |
+| subjectAlternativeNames | string[] | (optional) Any domains for the certs "Subject Alternative Name" |
+| region                  | string   | (optional) The AWS region to create the cert in                 |
+
+## Full Example
+
+To deploy a Next.js based site you would include a `sst.config.ts` file at the root of repo with contents like this:
+
+```typescript
+import { SSTConfig } from "sst";
+import { IxNextjsSite } from "@infoxchange/make-it-so/cdk-constructs";
+import deployConfig from "@infoxchange/make-it-so/deployConfig";
+
+export default {
+  config: () => ({
+    name: deployConfig.appName || "fallback-app-name",
+    region: deployConfig.primaryAwsRegion,
+  }),
+  stacks(app) {
+    app.stack(
+      ({ stack }) => {
+        const site = new IxNextjsSite(stack, "site", {
+          environment: {
+            DATABASE_URL: process.env.DATABASE_URL || "",
+            SESSION_SECRET: process.env.SESSION_SECRET || "",
+          },
+        });
+
+        stack.addOutputs({
+          SiteUrl: site.primaryOrigin,
+        });
+      },
+      { stackName: `${app.name}-${app.stage}` }, // Use the same stack name format as our docker apps
+    );
+  },
+} satisfies SSTConfig;
+```
+
+Then simply configure the IX pipeline to deploy that repo as a serverless app.
+
+important that sst and aws lib version match those used in ix-deploy-support
+
+# The Name
+
+Honestly I've never seen Star Trek but I figured the name is appropriate since the goal of this library is to allow you, the user, to deploy applications by stating what you want and letting someone else handle the nitty gritty details of how to actually implement it.
+
+# Contributing
+
+Changes to the main branch automatically trigger the CI to build and publish to npm. We do this with [semantic-release](https://semantic-release.gitbook.io/) which uses commit messages to determine what the new version number should be.
+
+Commit messages must be formatted in the [Conventional Commits](https://www.conventionalcommits.org) style to allow semantic-release to generate release notes based on the git history. To help with this the CLI tool for creating a commit with a valid commit message can be used via `npm run commit`.

package/dist/cdk-constructs/IxCertificate.d.ts

@@ -0,0 +1,16 @@
+import { Construct } from "constructs";
+import { ICertificate } from "aws-cdk-lib/aws-certificatemanager";
+type ConstructScope = ConstructorParameters<typeof Construct>[0];
+type ConstructId = ConstructorParameters<typeof Construct>[1];
+type Props = {
+    domainName: string;
+    subjectAlternativeNames?: string[];
+    region?: string;
+};
+export declare class IxCertificate extends Construct {
+    acmCertificate: ICertificate;
+    constructor(scope: ConstructScope, id: ConstructId, props: Props);
+    private createCertificate;
+}
+export {};
+//# sourceMappingURL=IxCertificate.d.ts.map

package/dist/cdk-constructs/IxCertificate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IxCertificate.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/IxCertificate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,OAAO,EAAe,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAG/E,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,KAAK,KAAK,GAAG;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,qBAAa,aAAc,SAAQ,SAAS;IACnC,cAAc,EAAE,YAAY,CAAC;gBAExB,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAKhE,OAAO,CAAC,iBAAiB;CA+B1B"}

package/dist/cdk-constructs/IxCertificate.js

@@ -0,0 +1,26 @@
+import { Construct } from "constructs";
+import { StringParameter } from "aws-cdk-lib/aws-ssm";
+import { Certificate } from "aws-cdk-lib/aws-certificatemanager";
+import { CustomResource } from "aws-cdk-lib";
+export class IxCertificate extends Construct {
+    acmCertificate;
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.acmCertificate = this.createCertificate(scope, id, props);
+    }
+    createCertificate(scope, id, props) {
+        const certificateCreationLambdaArn = StringParameter.valueForStringParameter(scope, "/shared-services/acm/lambdaArn");
+        const certificateCustomResource = new CustomResource(scope, "CertificateCustomResource", {
+            resourceType: "Custom::CertIssuingLambda",
+            serviceToken: certificateCreationLambdaArn,
+            properties: {
+                DomainName: props.domainName,
+                ...(props.subjectAlternativeNames && {
+                    SubjectAlternativeNames: props.subjectAlternativeNames,
+                }),
+                ...(props.region && { CertificateIssuingRegion: props.region }),
+            },
+        });
+        return Certificate.fromCertificateArn(scope, id + "-AwsCertificate", certificateCustomResource.ref);
+    }
+}

package/dist/cdk-constructs/IxDnsRecord.d.ts

@@ -0,0 +1,20 @@
+import { Construct } from "constructs";
+type ConstructScope = ConstructorParameters<typeof Construct>[0];
+type ConstructId = ConstructorParameters<typeof Construct>[1];
+type Props = {
+    name: string;
+    value: string;
+    ttl?: number;
+    hostedZoneId?: string;
+} & ({
+    type: "A" | "CNAME" | "NS" | "SOA";
+} | {
+    type: "ALIAS";
+    aliasZoneId: string;
+});
+export declare class IxDnsRecord extends Construct {
+    constructor(scope: ConstructScope, id: ConstructId, props: Props);
+    private createDnsRecord;
+}
+export {};
+//# sourceMappingURL=IxDnsRecord.d.ts.map

package/dist/cdk-constructs/IxDnsRecord.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IxDnsRecord.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/IxDnsRecord.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAKvC,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,KAAK,KAAK,GAAG;IACX,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,GAAG,CACA;IACE,IAAI,EAAE,GAAG,GAAG,OAAO,GAAG,IAAI,GAAG,KAAK,CAAC;CACpC,GACD;IACE,IAAI,EAAE,OAAO,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB,CACJ,CAAC;AAEF,qBAAa,WAAY,SAAQ,SAAS;gBAC5B,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAKhE,OAAO,CAAC,eAAe;CAyBxB"}

package/dist/cdk-constructs/IxDnsRecord.js

@@ -0,0 +1,26 @@
+import { Construct } from "constructs";
+import { StringParameter } from "aws-cdk-lib/aws-ssm";
+import { CustomResource } from "aws-cdk-lib";
+import { remapKeys } from "../shared.js";
+export class IxDnsRecord extends Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.createDnsRecord(scope, id, props);
+    }
+    createDnsRecord(scope, id, constructProps) {
+        const dnsRecordUpdaterLambdaArn = StringParameter.valueForStringParameter(scope, "/shared-services/route53/lambdaArn");
+        const lambdaProps = remapKeys(constructProps, {
+            name: "RecordFQDN",
+            value: "RecordValue",
+            ttl: "RecordTTL",
+            hostedZoneId: "HostedZoneId",
+            type: "RecordType",
+            aliasZoneId: "AliasZoneId",
+        });
+        new CustomResource(scope, id + "-CertificateCustomResource", {
+            resourceType: "Custom::DNSRecordUpdaterLambda",
+            serviceToken: dnsRecordUpdaterLambdaArn,
+            properties: lambdaProps,
+        });
+    }
+}

package/dist/cdk-constructs/IxNextjsSite.d.ts

@@ -0,0 +1,19 @@
+import { NextjsSite } from "sst/constructs";
+type ConstructScope = ConstructorParameters<typeof NextjsSite>[0];
+type ConstructId = ConstructorParameters<typeof NextjsSite>[1];
+type ConstructProps = Exclude<ConstructorParameters<typeof NextjsSite>[2], undefined>;
+export declare class IxNextjsSite extends NextjsSite {
+    constructor(scope: ConstructScope, id: ConstructId, props?: ConstructProps);
+    private static addVpcDetailsToProps;
+    private static setupCustomDomain;
+    private static setupCertificate;
+    private createDnsRecords;
+    get customDomains(): string[];
+    get primaryCustomDomain(): string | null;
+    get aliasDomain(): string | null;
+    get alternativeDomains(): string[];
+    primaryDomain: string | undefined;
+    primaryOrigin: string;
+}
+export {};
+//# sourceMappingURL=IxNextjsSite.d.ts.map

package/dist/cdk-constructs/IxNextjsSite.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IxNextjsSite.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/IxNextjsSite.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAO5C,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;AAClE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;AAC/D,KAAK,cAAc,GAAG,OAAO,CAC3B,qBAAqB,CAAC,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC,EAC3C,SAAS,CACV,CAAC;AAEF,qBAAa,YAAa,SAAQ,UAAU;gBAExC,KAAK,EAAE,cAAc,EACrB,EAAE,EAAE,WAAW,EACf,KAAK,GAAE,cAAmB;IAiB5B,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAqCnC,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAiBhC,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAgC/B,OAAO,CAAC,gBAAgB;IAgBxB,IAAW,aAAa,IAAI,MAAM,EAAE,CASnC;IAED,IAAW,mBAAmB,IAAI,MAAM,GAAG,IAAI,CAO9C;IAED,IAAW,WAAW,IAAI,MAAM,GAAG,IAAI,CAKtC;IAED,IAAW,kBAAkB,IAAI,MAAM,EAAE,CAKxC;IAEM,aAAa,qBACwD;IAErE,aAAa,SAAmC;CACxD"}

package/dist/cdk-constructs/IxNextjsSite.js

@@ -0,0 +1,147 @@
+import { NextjsSite } from "sst/constructs";
+import { IxCertificate } from "./IxCertificate.js";
+import { CloudFrontTarget } from "aws-cdk-lib/aws-route53-targets";
+import { IxVpcDetails } from "./IxVpcDetails.js";
+import { IxDnsRecord } from "./IxDnsRecord.js";
+import ixDeployConfig from "../deployConfig.js";
+export class IxNextjsSite extends NextjsSite {
+    constructor(scope, id, props = {}) {
+        const isIxDeploy = !!process.env.IX_APP_NAME;
+        if (isIxDeploy) {
+            IxNextjsSite.addVpcDetailsToProps(scope, id, props);
+            IxNextjsSite.setupCustomDomain(scope, id, props);
+        }
+        super(scope, id, props);
+        if (isIxDeploy) {
+            this.createDnsRecords(scope);
+        }
+    }
+    // This must be static because we need to call it in the constructor before super
+    static addVpcDetailsToProps(scope, id, props) {
+        const vpcDetails = new IxVpcDetails(scope, id + "-IxVpcDetails");
+        if (!props.cdk?.server || !("vpc" in props.cdk.server)) {
+            props.cdk = props.cdk ?? {};
+            props.cdk.server = {
+                ...props.cdk.server,
+                vpc: vpcDetails.vpc,
+            };
+        }
+        if (!props.cdk?.revalidation || !("vpc" in props.cdk.revalidation)) {
+            props.cdk = props.cdk ?? {};
+            props.cdk.revalidation = {
+                ...props.cdk.revalidation,
+                vpc: vpcDetails.vpc,
+            };
+        }
+        if (!props.cdk?.server || !("vpcSubnets" in props.cdk.server)) {
+            props.cdk = props.cdk ?? {};
+            props.cdk.server = {
+                ...props.cdk.server,
+                vpcSubnets: vpcDetails.vpcSubnets,
+            };
+        }
+        if (!props.cdk?.revalidation || !("vpcSubnets" in props.cdk.revalidation)) {
+            props.cdk = props.cdk ?? {};
+            props.cdk.revalidation = {
+                ...props.cdk.revalidation,
+                vpcSubnets: vpcDetails.vpcSubnets,
+            };
+        }
+    }
+    // This must be static because we need to call it in the constructor before super
+    static setupCustomDomain(scope, id, props) {
+        // Default to using domains names passed in by the pipeline as the custom domain
+        if (ixDeployConfig.isIxDeploy && !("customDomain" in props)) {
+            props.customDomain = {
+                domainName: ixDeployConfig.siteDomains[0],
+                alternateNames: ixDeployConfig.siteDomains.slice(1),
+            };
+        }
+        this.setupCertificate(scope, id, props);
+    }
+    // This must be static because we need to call it in the constructor before super
+    static setupCertificate(scope, id, props) {
+        if (!props?.customDomain)
+            return;
+        if (typeof props.customDomain === "string") {
+            props.customDomain = { domainName: props.customDomain };
+        }
+        const domainName = props.customDomain.domainName;
+        let subjectAlternativeNames = props.customDomain.alternateNames;
+        // If domainAlias is provided, ensure it's in the subjectAlternativeNames
+        if (props.customDomain.domainAlias) {
+            subjectAlternativeNames = subjectAlternativeNames ?? [];
+            if (!subjectAlternativeNames.includes(props.customDomain.domainAlias)) {
+                subjectAlternativeNames.push(props.customDomain.domainAlias);
+            }
+        }
+        const domainCert = new IxCertificate(scope, id + "-IxCertificate", {
+            domainName,
+            subjectAlternativeNames,
+            region: "us-east-1", // CloudFront will only use certificates in us-east-1
+        });
+        props.customDomain.isExternalDomain = true;
+        props.customDomain.cdk = props.customDomain.cdk ?? {};
+        props.customDomain.cdk.certificate = domainCert.acmCertificate;
+    }
+    createDnsRecords(scope) {
+        if (!this.cdk?.distribution)
+            return;
+        for (const domainName of this.customDomains) {
+            const domainNameLogicalId = convertToBase62Hash(domainName);
+            new IxDnsRecord(scope, `DnsRecord-${domainNameLogicalId}`, {
+                type: "ALIAS",
+                name: domainName,
+                value: this.cdk.distribution.distributionDomainName,
+                aliasZoneId: CloudFrontTarget.getHostedZoneId(scope),
+                ttl: 900,
+            });
+        }
+    }
+    get customDomains() {
+        const domainNames = new Set();
+        if (this.primaryCustomDomain)
+            domainNames.add(this.primaryCustomDomain);
+        if (this.aliasDomain)
+            domainNames.add(this.aliasDomain);
+        if (this.alternativeDomains.length)
+            this.alternativeDomains.forEach((domain) => domainNames.add(domain));
+        return Array.from(domainNames);
+    }
+    get primaryCustomDomain() {
+        if (typeof this.props.customDomain === "string") {
+            return this.props.customDomain;
+        }
+        else if (typeof this.props.customDomain === "object") {
+            return this.props.customDomain.domainName ?? null;
+        }
+        return null;
+    }
+    get aliasDomain() {
+        if (typeof this.props.customDomain === "object") {
+            return this.props.customDomain.domainAlias ?? null;
+        }
+        return null;
+    }
+    get alternativeDomains() {
+        if (typeof this.props.customDomain === "object") {
+            return this.props.customDomain.alternateNames ?? [];
+        }
+        return [];
+    }
+    primaryDomain = this.primaryCustomDomain ?? this.cdk?.distribution.distributionDomainName;
+    primaryOrigin = `https://${this.primaryDomain}`;
+}
+function convertToBase62Hash(string) {
+    const base62Chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+    let hash = "";
+    let num = 0;
+    for (let i = 0; i < string.length; i++) {
+        num += string.charCodeAt(i);
+    }
+    while (num > 0) {
+        hash = base62Chars[num % 62] + hash;
+        num = Math.floor(num / 62);
+    }
+    return hash;
+}

package/dist/cdk-constructs/IxVpcDetails.d.ts

@@ -0,0 +1,13 @@
+import { Construct } from "constructs";
+import { IVpc, SubnetSelection } from "aws-cdk-lib/aws-ec2";
+type ConstructScope = ConstructorParameters<typeof Construct>[0];
+type ConstructId = ConstructorParameters<typeof Construct>[1];
+export declare class IxVpcDetails extends Construct {
+    vpc: IVpc;
+    vpcSubnets: SubnetSelection;
+    constructor(scope: ConstructScope, id: ConstructId);
+    private getVpc;
+    private getVpcSubnet;
+}
+export {};
+//# sourceMappingURL=IxVpcDetails.d.ts.map

package/dist/cdk-constructs/IxVpcDetails.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IxVpcDetails.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/IxVpcDetails.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,OAAO,EAAO,IAAI,EAAE,eAAe,EAAgB,MAAM,qBAAqB,CAAC;AAG/E,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,qBAAa,YAAa,SAAQ,SAAS;IAClC,GAAG,EAAE,IAAI,CAAC;IACV,UAAU,EAAE,eAAe,CAAC;gBAEvB,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW;IAMlD,OAAO,CAAC,MAAM;IAKd,OAAO,CAAC,YAAY;CAWrB"}

package/dist/cdk-constructs/IxVpcDetails.js

@@ -0,0 +1,23 @@
+import { Construct } from "constructs";
+import { StringParameter } from "aws-cdk-lib/aws-ssm";
+import { Vpc, SubnetFilter } from "aws-cdk-lib/aws-ec2";
+import ixDeployConfig from "../deployConfig.js";
+export class IxVpcDetails extends Construct {
+    vpc;
+    vpcSubnets;
+    constructor(scope, id) {
+        super(scope, id);
+        this.vpc = this.getVpc(scope, id);
+        this.vpcSubnets = this.getVpcSubnet(scope);
+    }
+    getVpc(scope, id) {
+        const vpcId = StringParameter.valueFromLookup(scope, "/vpc/id");
+        return Vpc.fromLookup(scope, id + "-Vpc", { vpcId });
+    }
+    getVpcSubnet(scope) {
+        const vpcSubnetIds = [1, 2, 3].map((subnetNum) => StringParameter.valueFromLookup(scope, `/vpc/subnet/private-${ixDeployConfig.workloadGroup}/${subnetNum}/id`));
+        return {
+            subnetFilters: [SubnetFilter.byIds(vpcSubnetIds)],
+        };
+    }
+}

package/dist/cdk-constructs/index.d.ts

@@ -0,0 +1,5 @@
+export * from "./IxVpcDetails.js";
+export * from "./IxCertificate.js";
+export * from "./IxDnsRecord.js";
+export * from "./IxNextjsSite.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/cdk-constructs/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,kBAAkB,CAAC;AACjC,cAAc,mBAAmB,CAAC"}

package/dist/cdk-constructs/index.js

@@ -0,0 +1,4 @@
+export * from "./IxVpcDetails.js";
+export * from "./IxCertificate.js";
+export * from "./IxDnsRecord.js";
+export * from "./IxNextjsSite.js";

package/dist/deployConfig.d.ts

@@ -0,0 +1,18 @@
+type IxDeployConfig = {
+    isIxDeploy: true;
+    appName: string;
+    environment: string;
+    workloadGroup: string;
+    primaryAwsRegion: string;
+    siteDomains: string[];
+} | {
+    isIxDeploy: false;
+    appName: undefined;
+    environment: undefined;
+    workloadGroup: undefined;
+    primaryAwsRegion: undefined;
+    siteDomains: [];
+};
+declare const _default: IxDeployConfig;
+export default _default;
+//# sourceMappingURL=deployConfig.d.ts.map

package/dist/deployConfig.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deployConfig.d.ts","sourceRoot":"","sources":["../src/deployConfig.ts"],"names":[],"mappings":"AAAA,KAAK,cAAc,GACf;IACE,UAAU,EAAE,IAAI,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB,GACD;IACE,UAAU,EAAE,KAAK,CAAC;IAClB,OAAO,EAAE,SAAS,CAAC;IACnB,WAAW,EAAE,SAAS,CAAC;IACvB,aAAa,EAAE,SAAS,CAAC;IACzB,gBAAgB,EAAE,SAAS,CAAC;IAC5B,WAAW,EAAE,EAAE,CAAC;CACjB,CAAC;;AAEN,wBASoB"}

package/dist/deployConfig.js

@@ -0,0 +1,10 @@
+export default {
+    isIxDeploy: Boolean(process.env.IX_DEPLOYMENT),
+    appName: process.env.IX_APP_NAME,
+    environment: process.env.IX_ENVIRONMENT,
+    workloadGroup: process.env.IX_WORKLOAD_GROUP,
+    primaryAwsRegion: process.env.IX_PRIMARY_AWS_REGION,
+    siteDomains: (process.env.IX_SITE_DOMAINS || "")
+        .split(",")
+        .map((domain) => domain.trim()),
+};

package/dist/shared.d.ts

@@ -0,0 +1,4 @@
+export declare function remapKeys(object: Record<string, unknown>, keyMap: Record<string, string>): {
+    [k: string]: unknown;
+};
+//# sourceMappingURL=shared.d.ts.map

package/dist/shared.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shared.d.ts","sourceRoot":"","sources":["../src/shared.ts"],"names":[],"mappings":"AAAA,wBAAgB,SAAS,CACvB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;;EAQ/B"}

package/dist/shared.js

@@ -0,0 +1,6 @@
+export function remapKeys(object, keyMap) {
+    return Object.fromEntries(Object.entries(object).map(([key, value]) => {
+        const newKey = keyMap[key] ?? key;
+        return [newKey, value];
+    }));
+}

package/eslint.config.js

@@ -0,0 +1,11 @@
+import globals from "globals";
+import pluginJs from "@eslint/js";
+import tseslint from "typescript-eslint";
+import eslintConfigPrettier from "eslint-config-prettier";
+
+export default [
+  { languageOptions: { globals: globals.node } },
+  pluginJs.configs.recommended,
+  ...tseslint.configs.recommended,
+  eslintConfigPrettier,
+];

package/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "@infoxchange/make-it-so",
+  "version": "1.0.1",
+  "description": "Makes deploying services to IX infra easy",
+  "type": "module",
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest",
+    "lint": "eslint . --fix && prettier . --write",
+    "prepare": "husky",
+    "commit": "lint-staged && commit"
+  },
+  "author": "Infoxchange Vic Dev Team <vicdevs@infoxchange.org>",
+  "license": "MIT",
+  "exports": {
+    "./cdk-constructs": "./dist/cdk-constructs/index.js",
+    "./deployConfig": "./dist/deployConfig.js"
+  },
+  "lint-staged": {
+    "**/*": [
+      "eslint --fix --no-warn-ignored",
+      "prettier --write --ignore-unknown"
+    ]
+  },
+  "dependencies": {
+    "@eslint/js": "^9.3.0",
+    "aws-cdk-lib": "2.142.1",
+    "constructs": "^10.3.0",
+    "eslint": "^8.57.0",
+    "eslint-config-prettier": "^9.1.0",
+    "sst": "2.42.0",
+    "typescript-eslint": "^7.11.0"
+  },
+  "devDependencies": {
+    "@commitlint/cli": "^19.3.0",
+    "@commitlint/config-conventional": "^19.2.2",
+    "@commitlint/prompt-cli": "^19.3.1",
+    "@tsconfig/node21": "^21.0.3",
+    "globals": "^15.3.0",
+    "husky": "^9.0.11",
+    "lint-staged": "^15.2.5",
+    "prettier": "3.2.5",
+    "semantic-release": "^23.1.1",
+    "typescript": "^5.4.5",
+    "vitest": "^1.6.0"
+  }
+}

package/src/cdk-constructs/IxCertificate.ts

@@ -0,0 +1,54 @@
+import { Construct } from "constructs";
+import { StringParameter } from "aws-cdk-lib/aws-ssm";
+import { Certificate, ICertificate } from "aws-cdk-lib/aws-certificatemanager";
+import { CustomResource } from "aws-cdk-lib";
+
+type ConstructScope = ConstructorParameters<typeof Construct>[0];
+type ConstructId = ConstructorParameters<typeof Construct>[1];
+
+type Props = {
+  domainName: string;
+  subjectAlternativeNames?: string[];
+  region?: string;
+};
+
+export class IxCertificate extends Construct {
+  public acmCertificate: ICertificate;
+
+  constructor(scope: ConstructScope, id: ConstructId, props: Props) {
+    super(scope, id);
+    this.acmCertificate = this.createCertificate(scope, id, props);
+  }
+
+  private createCertificate(
+    scope: ConstructScope,
+    id: ConstructId,
+    props: Props,
+  ): ICertificate {
+    const certificateCreationLambdaArn =
+      StringParameter.valueForStringParameter(
+        scope,
+        "/shared-services/acm/lambdaArn",
+      );
+    const certificateCustomResource = new CustomResource(
+      scope,
+      "CertificateCustomResource",
+      {
+        resourceType: "Custom::CertIssuingLambda",
+        serviceToken: certificateCreationLambdaArn,
+        properties: {
+          DomainName: props.domainName,
+          ...(props.subjectAlternativeNames && {
+            SubjectAlternativeNames: props.subjectAlternativeNames,
+          }),
+          ...(props.region && { CertificateIssuingRegion: props.region }),
+        },
+      },
+    );
+    return Certificate.fromCertificateArn(
+      scope,
+      id + "-AwsCertificate",
+      certificateCustomResource.ref,
+    );
+  }
+}

package/src/cdk-constructs/IxDnsRecord.ts

@@ -0,0 +1,55 @@
+import { Construct } from "constructs";
+import { StringParameter } from "aws-cdk-lib/aws-ssm";
+import { CustomResource } from "aws-cdk-lib";
+import { remapKeys } from "../shared.js";
+
+type ConstructScope = ConstructorParameters<typeof Construct>[0];
+type ConstructId = ConstructorParameters<typeof Construct>[1];
+
+type Props = {
+  name: string;
+  value: string;
+  ttl?: number;
+  hostedZoneId?: string;
+} & (
+  | {
+      type: "A" | "CNAME" | "NS" | "SOA";
+    }
+  | {
+      type: "ALIAS";
+      aliasZoneId: string;
+    }
+);
+
+export class IxDnsRecord extends Construct {
+  constructor(scope: ConstructScope, id: ConstructId, props: Props) {
+    super(scope, id);
+    this.createDnsRecord(scope, id, props);
+  }
+
+  private createDnsRecord(
+    scope: ConstructScope,
+    id: ConstructId,
+    constructProps: Props,
+  ): void {
+    const dnsRecordUpdaterLambdaArn = StringParameter.valueForStringParameter(
+      scope,
+      "/shared-services/route53/lambdaArn",
+    );
+
+    const lambdaProps = remapKeys(constructProps, {
+      name: "RecordFQDN",
+      value: "RecordValue",
+      ttl: "RecordTTL",
+      hostedZoneId: "HostedZoneId",
+      type: "RecordType",
+      aliasZoneId: "AliasZoneId",
+    });
+
+    new CustomResource(scope, id + "-CertificateCustomResource", {
+      resourceType: "Custom::DNSRecordUpdaterLambda",
+      serviceToken: dnsRecordUpdaterLambdaArn,
+      properties: lambdaProps,
+    });
+  }
+}

package/src/cdk-constructs/IxNextjsSite.ts

@@ -0,0 +1,191 @@
+import { NextjsSite } from "sst/constructs";
+import { IxCertificate } from "./IxCertificate.js";
+import { CloudFrontTarget } from "aws-cdk-lib/aws-route53-targets";
+import { IxVpcDetails } from "./IxVpcDetails.js";
+import { IxDnsRecord } from "./IxDnsRecord.js";
+import ixDeployConfig from "../deployConfig.js";
+
+type ConstructScope = ConstructorParameters<typeof NextjsSite>[0];
+type ConstructId = ConstructorParameters<typeof NextjsSite>[1];
+type ConstructProps = Exclude<
+  ConstructorParameters<typeof NextjsSite>[2],
+  undefined
+>;
+
+export class IxNextjsSite extends NextjsSite {
+  constructor(
+    scope: ConstructScope,
+    id: ConstructId,
+    props: ConstructProps = {},
+  ) {
+    const isIxDeploy = !!process.env.IX_APP_NAME;
+
+    if (isIxDeploy) {
+      IxNextjsSite.addVpcDetailsToProps(scope, id, props);
+      IxNextjsSite.setupCustomDomain(scope, id, props);
+    }
+
+    super(scope, id, props);
+
+    if (isIxDeploy) {
+      this.createDnsRecords(scope);
+    }
+  }
+
+  // This must be static because we need to call it in the constructor before super
+  private static addVpcDetailsToProps(
+    scope: ConstructScope,
+    id: ConstructId,
+    props: ConstructProps,
+  ): void {
+    const vpcDetails = new IxVpcDetails(scope, id + "-IxVpcDetails");
+    if (!props.cdk?.server || !("vpc" in props.cdk.server)) {
+      props.cdk = props.cdk ?? {};
+      props.cdk.server = {
+        ...props.cdk.server,
+        vpc: vpcDetails.vpc,
+      };
+    }
+    if (!props.cdk?.revalidation || !("vpc" in props.cdk.revalidation)) {
+      props.cdk = props.cdk ?? {};
+      props.cdk.revalidation = {
+        ...props.cdk.revalidation,
+        vpc: vpcDetails.vpc,
+      };
+    }
+    if (!props.cdk?.server || !("vpcSubnets" in props.cdk.server)) {
+      props.cdk = props.cdk ?? {};
+      props.cdk.server = {
+        ...props.cdk.server,
+        vpcSubnets: vpcDetails.vpcSubnets,
+      };
+    }
+    if (!props.cdk?.revalidation || !("vpcSubnets" in props.cdk.revalidation)) {
+      props.cdk = props.cdk ?? {};
+      props.cdk.revalidation = {
+        ...props.cdk.revalidation,
+        vpcSubnets: vpcDetails.vpcSubnets,
+      };
+    }
+  }
+
+  // This must be static because we need to call it in the constructor before super
+  private static setupCustomDomain(
+    scope: ConstructScope,
+    id: ConstructId,
+    props: ConstructProps,
+  ): void {
+    // Default to using domains names passed in by the pipeline as the custom domain
+    if (ixDeployConfig.isIxDeploy && !("customDomain" in props)) {
+      props.customDomain = {
+        domainName: ixDeployConfig.siteDomains[0],
+        alternateNames: ixDeployConfig.siteDomains.slice(1),
+      };
+    }
+
+    this.setupCertificate(scope, id, props);
+  }
+
+  // This must be static because we need to call it in the constructor before super
+  private static setupCertificate(
+    scope: ConstructScope,
+    id: ConstructId,
+    props: ConstructProps,
+  ): void {
+    if (!props?.customDomain) return;
+
+    if (typeof props.customDomain === "string") {
+      props.customDomain = { domainName: props.customDomain };
+    }
+    const domainName = props.customDomain.domainName;
+    let subjectAlternativeNames = props.customDomain.alternateNames;
+
+    // If domainAlias is provided, ensure it's in the subjectAlternativeNames
+    if (props.customDomain.domainAlias) {
+      subjectAlternativeNames = subjectAlternativeNames ?? [];
+
+      if (!subjectAlternativeNames.includes(props.customDomain.domainAlias)) {
+        subjectAlternativeNames.push(props.customDomain.domainAlias);
+      }
+    }
+
+    const domainCert = new IxCertificate(scope, id + "-IxCertificate", {
+      domainName,
+      subjectAlternativeNames,
+      region: "us-east-1", // CloudFront will only use certificates in us-east-1
+    });
+    props.customDomain.isExternalDomain = true;
+    props.customDomain.cdk = props.customDomain.cdk ?? {};
+    props.customDomain.cdk.certificate = domainCert.acmCertificate;
+  }
+
+  private createDnsRecords(scope: ConstructScope) {
+    if (!this.cdk?.distribution) return;
+
+    for (const domainName of this.customDomains) {
+      const domainNameLogicalId = convertToBase62Hash(domainName);
+
+      new IxDnsRecord(scope, `DnsRecord-${domainNameLogicalId}`, {
+        type: "ALIAS",
+        name: domainName,
+        value: this.cdk.distribution.distributionDomainName,
+        aliasZoneId: CloudFrontTarget.getHostedZoneId(scope),
+        ttl: 900,
+      });
+    }
+  }
+
+  public get customDomains(): string[] {
+    const domainNames = new Set<string>();
+
+    if (this.primaryCustomDomain) domainNames.add(this.primaryCustomDomain);
+    if (this.aliasDomain) domainNames.add(this.aliasDomain);
+    if (this.alternativeDomains.length)
+      this.alternativeDomains.forEach((domain) => domainNames.add(domain));
+
+    return Array.from(domainNames);
+  }
+
+  public get primaryCustomDomain(): string | null {
+    if (typeof this.props.customDomain === "string") {
+      return this.props.customDomain;
+    } else if (typeof this.props.customDomain === "object") {
+      return this.props.customDomain.domainName ?? null;
+    }
+    return null;
+  }
+
+  public get aliasDomain(): string | null {
+    if (typeof this.props.customDomain === "object") {
+      return this.props.customDomain.domainAlias ?? null;
+    }
+    return null;
+  }
+
+  public get alternativeDomains(): string[] {
+    if (typeof this.props.customDomain === "object") {
+      return this.props.customDomain.alternateNames ?? [];
+    }
+    return [];
+  }
+
+  public primaryDomain =
+    this.primaryCustomDomain ?? this.cdk?.distribution.distributionDomainName;
+
+  public primaryOrigin = `https://${this.primaryDomain}`;
+}
+
+function convertToBase62Hash(string: string): string {
+  const base62Chars =
+    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+  let hash = "";
+  let num = 0;
+  for (let i = 0; i < string.length; i++) {
+    num += string.charCodeAt(i);
+  }
+  while (num > 0) {
+    hash = base62Chars[num % 62] + hash;
+    num = Math.floor(num / 62);
+  }
+  return hash;
+}

package/src/cdk-constructs/IxVpcDetails.ts

@@ -0,0 +1,35 @@
+import { Construct } from "constructs";
+import { StringParameter } from "aws-cdk-lib/aws-ssm";
+import { Vpc, IVpc, SubnetSelection, SubnetFilter } from "aws-cdk-lib/aws-ec2";
+import ixDeployConfig from "../deployConfig.js";
+
+type ConstructScope = ConstructorParameters<typeof Construct>[0];
+type ConstructId = ConstructorParameters<typeof Construct>[1];
+
+export class IxVpcDetails extends Construct {
+  public vpc: IVpc;
+  public vpcSubnets: SubnetSelection;
+
+  constructor(scope: ConstructScope, id: ConstructId) {
+    super(scope, id);
+    this.vpc = this.getVpc(scope, id);
+    this.vpcSubnets = this.getVpcSubnet(scope);
+  }
+
+  private getVpc(scope: ConstructScope, id: ConstructId): IVpc {
+    const vpcId = StringParameter.valueFromLookup(scope, "/vpc/id");
+    return Vpc.fromLookup(scope, id + "-Vpc", { vpcId });
+  }
+
+  private getVpcSubnet(scope: ConstructScope): SubnetSelection {
+    const vpcSubnetIds = [1, 2, 3].map((subnetNum) =>
+      StringParameter.valueFromLookup(
+        scope,
+        `/vpc/subnet/private-${ixDeployConfig.workloadGroup}/${subnetNum}/id`,
+      ),
+    );
+    return {
+      subnetFilters: [SubnetFilter.byIds(vpcSubnetIds)],
+    };
+  }
+}

package/src/cdk-constructs/index.ts

@@ -0,0 +1,4 @@
+export * from "./IxVpcDetails.js";
+export * from "./IxCertificate.js";
+export * from "./IxDnsRecord.js";
+export * from "./IxNextjsSite.js";

package/src/deployConfig.ts

@@ -0,0 +1,28 @@
+type IxDeployConfig =
+  | {
+      isIxDeploy: true;
+      appName: string;
+      environment: string;
+      workloadGroup: string;
+      primaryAwsRegion: string;
+      siteDomains: string[];
+    }
+  | {
+      isIxDeploy: false;
+      appName: undefined;
+      environment: undefined;
+      workloadGroup: undefined;
+      primaryAwsRegion: undefined;
+      siteDomains: [];
+    };
+
+export default {
+  isIxDeploy: Boolean(process.env.IX_DEPLOYMENT),
+  appName: process.env.IX_APP_NAME,
+  environment: process.env.IX_ENVIRONMENT,
+  workloadGroup: process.env.IX_WORKLOAD_GROUP,
+  primaryAwsRegion: process.env.IX_PRIMARY_AWS_REGION,
+  siteDomains: (process.env.IX_SITE_DOMAINS || "")
+    .split(",")
+    .map((domain) => domain.trim()),
+} as IxDeployConfig;

package/src/shared.ts

@@ -0,0 +1,11 @@
+export function remapKeys(
+  object: Record<string, unknown>,
+  keyMap: Record<string, string>,
+) {
+  return Object.fromEntries(
+    Object.entries(object).map(([key, value]) => {
+      const newKey = keyMap[key] ?? key;
+      return [newKey, value];
+    }),
+  );
+}

package/tsconfig.json

@@ -0,0 +1,9 @@
+{
+  "compilerOptions": {
+    "declaration": true,
+    "declarationMap": true,
+    "outDir": "dist"
+  },
+  "include": ["src/**/*.ts"],
+  "extends": "@tsconfig/node21/tsconfig.json"
+}