@infoxchange/make-it-so 2.12.0-internal-testing-odic-verify-proxy-fix.2 → 2.12.0-internal-testing-add-ix-ses-idenity.1

package/README.md

@@ -261,6 +261,28 @@ new IxDnsRecord(scope, "IxDnsRecord", {
 
 </details>
 
+<details>
+<summary><strong>IxSESIdentity</strong> - Creates an SES domain identity for a domain managed by IX.</summary>
+
+```typescript
+import { IxSESIdentity } from "@infoxchange/make-it-so/cdk-constructs";
+
+new IxSESIdentity(scope, "IxSESIdentity", {
+  domain: "example.dev.ixapps.org",
+  mailFromSubdomain: "info",
+});
+```
+
+#### Options:
+
+| Prop              | Type   | Description                                                                                                                                                                           |
+| ----------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| domain            | string | The domain of the identity. Either this for `from` must be specified.                                                                                                                 |
+| from              | string | An email address from get domain of the identity. Either this for `domain` must be specified.                                                                                         |
+| mailFromSubdomain | string | (optional) by default the custom mail from domain will be `mail.${domain}`. This lets you change that. It should be given as just the subdomain part, not the fully qualified domain. |
+
+</details>
+
 <details>
 <summary><strong>IxWebsiteRedirect</strong> - Creates a redirect from one domain to another.</summary>
 

package/dist/cdk-constructs/IxDnsRecord.d.ts

@@ -7,10 +7,13 @@ type Props = {
     ttl?: number;
     hostedZoneId?: string;
 } & ({
-    type: "A" | "CNAME" | "NS" | "SOA";
+    type: "A" | "CNAME" | "NS" | "SOA" | "TXT";
 } | {
     type: "ALIAS";
     aliasZoneId: string;
+} | {
+    type: "MX";
+    priority: number;
 });
 export declare class IxDnsRecord extends Construct {
     constructor(scope: ConstructScope, id: ConstructId, props: Props);

package/dist/cdk-constructs/IxDnsRecord.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"IxDnsRecord.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/IxDnsRecord.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAKvC,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,KAAK,KAAK,GAAG;IACX,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,GAAG,CACA;IACE,IAAI,EAAE,GAAG,GAAG,OAAO,GAAG,IAAI,GAAG,KAAK,CAAC;CACpC,GACD;IACE,IAAI,EAAE,OAAO,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB,CACJ,CAAC;AAEF,qBAAa,WAAY,SAAQ,SAAS;gBAC5B,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAKhE,OAAO,CAAC,eAAe;CAyBxB"}
+{"version":3,"file":"IxDnsRecord.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/IxDnsRecord.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAKvC,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,KAAK,KAAK,GAAG;IACX,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,GAAG,CACA;IACE,IAAI,EAAE,GAAG,GAAG,OAAO,GAAG,IAAI,GAAG,KAAK,GAAG,KAAK,CAAC;CAC5C,GACD;IACE,IAAI,EAAE,OAAO,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB,GACD;IACE,IAAI,EAAE,IAAI,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;CAClB,CACJ,CAAC;AAEF,qBAAa,WAAY,SAAQ,SAAS;gBAC5B,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAKhE,OAAO,CAAC,eAAe;CA6CxB"}

package/dist/cdk-constructs/IxDnsRecord.js

@@ -9,14 +9,31 @@ export class IxDnsRecord extends Construct {
     }
     createDnsRecord(scope, id, constructProps) {
         const dnsRecordUpdaterLambdaArn = StringParameter.valueForStringParameter(scope, "/shared-services/route53/lambdaArn");
-        const lambdaProps = remapKeys(constructProps, {
+        const keysMap = {
             name: "RecordFQDN",
             value: "RecordValue",
             ttl: "RecordTTL",
             hostedZoneId: "HostedZoneId",
             type: "RecordType",
             aliasZoneId: "AliasZoneId",
-        });
+        };
+        let lambdaProps;
+        if (constructProps.type === "TXT") {
+            lambdaProps = remapKeys({
+                ...constructProps,
+                value: `"${constructProps.value}"`,
+            }, keysMap);
+        }
+        else if (constructProps.type === "MX") {
+            const { priority, ...rest } = constructProps;
+            lambdaProps = remapKeys({
+                ...rest,
+                value: `${priority} ${rest.value}`,
+            }, keysMap);
+        }
+        else {
+            lambdaProps = remapKeys(constructProps, keysMap);
+        }
         new CustomResource(scope, id + "-CertificateCustomResource", {
             resourceType: "Custom::DNSRecordUpdaterLambda",
             serviceToken: dnsRecordUpdaterLambdaArn,

package/dist/cdk-constructs/IxSESIdentity.d.ts

@@ -0,0 +1,15 @@
+import { Construct } from "constructs";
+type ConstructScope = ConstructorParameters<typeof Construct>[0];
+type ConstructId = ConstructorParameters<typeof Construct>[1];
+type Props = {
+    mailFromSubdomain?: string;
+} & ({
+    domain: string;
+} | {
+    from: string;
+});
+export declare class IxSESIdentity extends Construct {
+    constructor(scope: ConstructScope, id: ConstructId, props: Props);
+}
+export {};
+//# sourceMappingURL=IxSESIdentity.d.ts.map

package/dist/cdk-constructs/IxSESIdentity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IxSESIdentity.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/IxSESIdentity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAKvC,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,KAAK,KAAK,GAAG;IACX,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,GAAG,CACA;IACE,MAAM,EAAE,MAAM,CAAC;CAChB,GACD;IACE,IAAI,EAAE,MAAM,CAAC;CACd,CACJ,CAAC;AAEF,qBAAa,aAAc,SAAQ,SAAS;gBAC9B,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;CAqDjE"}

package/dist/cdk-constructs/IxSESIdentity.js

@@ -0,0 +1,43 @@
+import { Construct } from "constructs";
+import { IxDnsRecord } from "./IxDnsRecord.js";
+import * as ses from "aws-cdk-lib/aws-ses";
+import * as cdk from "aws-cdk-lib";
+export class IxSESIdentity extends Construct {
+    constructor(scope, id, props) {
+        const domain = "domain" in props ? props.domain : props.from.split("@")[1];
+        const mailFromDomain = `${props.mailFromSubdomain ?? "mail"}.${domain}`;
+        super(scope, id);
+        const identity = new ses.EmailIdentity(scope, "EmailIdentity", {
+            identity: ses.Identity.domain(domain),
+            mailFromDomain,
+        });
+        // Based on https://github.com/aws/aws-cdk/blob/e2ef65a26c833ecb4a29c22e070c3c5f01c31995/packages/aws-cdk-lib/aws-ses/lib/email-identity.ts#L247
+        for (const i of [1, 2, 3]) {
+            new IxDnsRecord(scope, `${id}DkimDnsToken${i}`, {
+                type: "CNAME",
+                name: identity[`dkimDnsTokenName${i}`],
+                value: identity[`dkimDnsTokenValue${i}`],
+                ttl: 1800,
+            });
+        }
+        // Based on
+        // https://github.com/aws/aws-cdk/blob/e2ef65a26c833ecb4a29c22e070c3c5f01c31995/packages/aws-cdk-lib/aws-ses/lib/email-identity.ts#L512
+        new IxDnsRecord(scope, `${id}MailFromMxRecord`, {
+            type: "MX",
+            name: mailFromDomain,
+            value: `feedback-smtp.${cdk.Stack.of(scope).region}.amazonses.com`,
+            priority: 10,
+        });
+        new IxDnsRecord(scope, `${id}MailFromTxtRecord`, {
+            type: "TXT",
+            name: mailFromDomain,
+            value: "v=spf1 include:amazonses.com ~all",
+        });
+        // Set up DMARC record
+        new IxDnsRecord(scope, `${id}DMARC`, {
+            type: "TXT",
+            name: `_dmarc.${domain}`,
+            value: "v=DMARC1; p=none;",
+        });
+    }
+}

package/dist/cdk-constructs/index.d.ts

@@ -1,6 +1,7 @@
 export * from "./IxVpcDetails.js";
 export * from "./IxCertificate.js";
 export * from "./IxDnsRecord.js";
+export * from "./IxSESIdentity.js";
 export * from "./IxNextjsSite.js";
 export * from "./IxStaticSite.js";
 export * from "./IxElasticache.js";

package/dist/cdk-constructs/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,kBAAkB,CAAC;AACjC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,YAAY,CAAC;AAC3B,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cdk-constructs/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,YAAY,CAAC;AAC3B,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC"}

package/dist/cdk-constructs/index.js

@@ -1,6 +1,7 @@
 export * from "./IxVpcDetails.js";
 export * from "./IxCertificate.js";
 export * from "./IxDnsRecord.js";
+export * from "./IxSESIdentity.js";
 export * from "./IxNextjsSite.js";
 export * from "./IxStaticSite.js";
 export * from "./IxElasticache.js";

package/dist/lib/auth/oidc.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAsB,UAAU,EAAa,MAAM,MAAM,CAAC;AAEjE,KAAK,uBAAuB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,IAAI;IACjE,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB,CAAC;AAEF;;;;;;;;;GASG;AACH,wBAAsB,iBAAiB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,EAAE,EAC1E,KAAK,EACL,SAAS,EACT,QAAQ,EACR,UAAU,GACX,EAAE,uBAAuB,CAAC,UAAU,CAAC,GAAG,OAAO,CAC9C,UAAU,SAAS,IAAI,GAEf;IAAE,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC;IAAC,OAAO,EAAE,IAAI,CAAA;CAAE,GACzC;IAAE,KAAK,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,GACxC,UAAU,CACf,CA+CA"}
+{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAsB,UAAU,EAAa,MAAM,MAAM,CAAC;AAEjE,KAAK,uBAAuB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,IAAI;IACjE,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB,CAAC;AAEF;;;;;;;;;GASG;AACH,wBAAsB,iBAAiB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,EAAE,EAC1E,KAAK,EACL,SAAS,EACT,QAAQ,EACR,UAAU,GACX,EAAE,uBAAuB,CAAC,UAAU,CAAC,GAAG,OAAO,CAC9C,UAAU,SAAS,IAAI,GAEf;IAAE,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC;IAAC,OAAO,EAAE,IAAI,CAAA;CAAE,GACzC;IAAE,KAAK,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,GACxC,UAAU,CACf,CAyCA"}

package/dist/lib/auth/oidc.js

@@ -12,21 +12,16 @@ import { createRemoteJWKSet, jwtVerify } from "jose";
  */
 export async function verifyAccessToken({ token, issuerUrl, audience, safeVerify, }) {
     try {
-        console.debug("Discovered JWKS URI aa:", issuerUrl);
         const issuer = await Issuer.discover(issuerUrl);
-        console.debug("Discovered JWKS URI aa 2");
         const jwksUri = issuer.metadata.jwks_uri;
         if (!jwksUri) {
             throw new Error("JWKS URI not found in issuer metadata");
         }
-        console.debug("Discovered JWKS URI:", jwksUri);
         const JWKS = createRemoteJWKSet(new URL(jwksUri));
-        console.debug("Discovered JWKS URI 1");
         // Verify the signature and basic claims
         const { payload } = await jwtVerify(token, JWKS, {
             issuer: issuer.metadata.issuer,
         });
-        console.debug("Discovered JWKS URI 2");
         const tokenAud = payload.aud ?? payload.client_id;
         let audienceMatches = false;
         for (const aud of Array.isArray(tokenAud) ? tokenAud : [tokenAud]) {

package/dist/lib/utils/objects.d.ts

@@ -1,4 +1,4 @@
 export declare function remapKeys<SourceObject extends object, MapObject extends Record<keyof SourceObject, string>>(object: SourceObject, keyMap: Readonly<MapObject>): {
-    [k in keyof SourceObject]: MapObject[k];
+    [k in keyof SourceObject as k extends keyof MapObject ? MapObject[k] : k]: SourceObject[k];
 };
 //# sourceMappingURL=objects.d.ts.map

package/dist/lib/utils/objects.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"objects.d.ts","sourceRoot":"","sources":["../../../src/lib/utils/objects.ts"],"names":[],"mappings":"AAAA,wBAAgB,SAAS,CACvB,YAAY,SAAS,MAAM,EAC3B,SAAS,SAAS,MAAM,CAAC,MAAM,YAAY,EAAE,MAAM,CAAC,EAEpD,MAAM,EAAE,YAAY,EACpB,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,GAC1B;KAAG,CAAC,IAAI,MAAM,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC;CAAE,CAQ7C"}
+{"version":3,"file":"objects.d.ts","sourceRoot":"","sources":["../../../src/lib/utils/objects.ts"],"names":[],"mappings":"AAAA,wBAAgB,SAAS,CACvB,YAAY,SAAS,MAAM,EAC3B,SAAS,SAAS,MAAM,CAAC,MAAM,YAAY,EAAE,MAAM,CAAC,EAEpD,MAAM,EAAE,YAAY,EACpB,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,GAC1B;KACA,CAAC,IAAI,MAAM,YAAY,IAAI,CAAC,SAAS,MAAM,SAAS,GACjD,SAAS,CAAC,CAAC,CAAC,GACZ,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC;CACxB,CAQA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@infoxchange/make-it-so",
-  "version": "2.12.0-internal-testing-odic-verify-proxy-fix.2",
+  "version": "2.12.0-internal-testing-add-ix-ses-idenity.1",
   "description": "Makes deploying services to IX infra easy",
   "repository": "github:infoxchange/make-it-so",
   "type": "module",
@@ -17,8 +17,7 @@
   "exports": {
     "./cdk-constructs": "./dist/cdk-constructs/index.js",
     "./deployConfig": "./dist/deployConfig.js",
-    "./auth": "./dist/lib/auth/index.js",
-    "./proxy": "./dist/lib/proxy/index.js"
+    "./auth": "./dist/lib/auth/index.js"
   },
   "lint-staged": {
     "**/*": [
@@ -33,7 +32,6 @@
     "@eslint/js": "^9.3.0",
     "@tsconfig/node21": "^21.0.3",
     "@types/aws-cloudfront-function": "^1.0.6",
-    "@types/global-agent": "^3.0.0",
     "@types/jsonwebtoken": "^9.0.10",
     "aws-cdk-lib": "2.142.1",
     "constructs": "^10.3.0",
@@ -55,9 +53,7 @@
     "sst": "^2.0.0"
   },
   "dependencies": {
-    "global-agent": "^3.0.0",
     "jsonwebtoken": "^9.0.2",
-    "undici": "^7.16.0",
     "zod": "^3.24.2"
   }
 }

package/src/cdk-constructs/IxDnsRecord.ts

@@ -13,12 +13,16 @@ type Props = {
   hostedZoneId?: string;
 } & (
   | {
-      type: "A" | "CNAME" | "NS" | "SOA";
+      type: "A" | "CNAME" | "NS" | "SOA" | "TXT";
     }
   | {
       type: "ALIAS";
       aliasZoneId: string;
     }
+  | {
+      type: "MX";
+      priority: number;
+    }
 );
 
 export class IxDnsRecord extends Construct {
@@ -36,15 +40,35 @@ export class IxDnsRecord extends Construct {
       scope,
       "/shared-services/route53/lambdaArn",
     );
-
-    const lambdaProps = remapKeys(constructProps, {
+    const keysMap = {
       name: "RecordFQDN",
       value: "RecordValue",
       ttl: "RecordTTL",
       hostedZoneId: "HostedZoneId",
       type: "RecordType",
       aliasZoneId: "AliasZoneId",
-    });
+    };
+    let lambdaProps;
+    if (constructProps.type === "TXT") {
+      lambdaProps = remapKeys(
+        {
+          ...constructProps,
+          value: `"${constructProps.value}"`,
+        },
+        keysMap,
+      );
+    } else if (constructProps.type === "MX") {
+      const { priority, ...rest } = constructProps;
+      lambdaProps = remapKeys(
+        {
+          ...rest,
+          value: `${priority} ${rest.value}`,
+        },
+        keysMap,
+      );
+    } else {
+      lambdaProps = remapKeys(constructProps, keysMap);
+    }
 
     new CustomResource(scope, id + "-CertificateCustomResource", {
       resourceType: "Custom::DNSRecordUpdaterLambda",

package/src/cdk-constructs/IxSESIdentity.ts

@@ -0,0 +1,74 @@
+import { Construct } from "constructs";
+import { IxDnsRecord } from "./IxDnsRecord.js";
+import * as ses from "aws-cdk-lib/aws-ses";
+import * as cdk from "aws-cdk-lib";
+
+type ConstructScope = ConstructorParameters<typeof Construct>[0];
+type ConstructId = ConstructorParameters<typeof Construct>[1];
+
+type Props = {
+  mailFromSubdomain?: string;
+} & (
+  | {
+      domain: string;
+    }
+  | {
+      from: string;
+    }
+);
+
+export class IxSESIdentity extends Construct {
+  constructor(scope: ConstructScope, id: ConstructId, props: Props) {
+    const domain = "domain" in props ? props.domain : props.from.split("@")[1];
+    const mailFromDomain = `${props.mailFromSubdomain ?? "mail"}.${domain}`;
+
+    super(scope, id);
+
+    const identity = new ses.EmailIdentity(scope, "EmailIdentity", {
+      identity: ses.Identity.domain(domain),
+      mailFromDomain,
+    });
+
+    // Based on https://github.com/aws/aws-cdk/blob/e2ef65a26c833ecb4a29c22e070c3c5f01c31995/packages/aws-cdk-lib/aws-ses/lib/email-identity.ts#L247
+    for (const i of [1, 2, 3]) {
+      new IxDnsRecord(scope, `${id}DkimDnsToken${i}`, {
+        type: "CNAME",
+        name: identity[
+          `dkimDnsTokenName${i}` as
+            | "dkimDnsTokenName1"
+            | "dkimDnsTokenName2"
+            | "dkimDnsTokenName3"
+        ],
+        value:
+          identity[
+            `dkimDnsTokenValue${i}` as
+              | "dkimDnsTokenValue1"
+              | "dkimDnsTokenValue2"
+              | "dkimDnsTokenValue3"
+          ],
+        ttl: 1800,
+      });
+    }
+
+    // Based on
+    // https://github.com/aws/aws-cdk/blob/e2ef65a26c833ecb4a29c22e070c3c5f01c31995/packages/aws-cdk-lib/aws-ses/lib/email-identity.ts#L512
+    new IxDnsRecord(scope, `${id}MailFromMxRecord`, {
+      type: "MX",
+      name: mailFromDomain,
+      value: `feedback-smtp.${cdk.Stack.of(scope).region}.amazonses.com`,
+      priority: 10,
+    });
+    new IxDnsRecord(scope, `${id}MailFromTxtRecord`, {
+      type: "TXT",
+      name: mailFromDomain,
+      value: "v=spf1 include:amazonses.com ~all",
+    });
+
+    // Set up DMARC record
+    new IxDnsRecord(scope, `${id}DMARC`, {
+      type: "TXT",
+      name: `_dmarc.${domain}`,
+      value: "v=DMARC1; p=none;",
+    });
+  }
+}

package/src/cdk-constructs/index.ts

@@ -1,6 +1,7 @@
 export * from "./IxVpcDetails.js";
 export * from "./IxCertificate.js";
 export * from "./IxDnsRecord.js";
+export * from "./IxSESIdentity.js";
 export * from "./IxNextjsSite.js";
 export * from "./IxStaticSite.js";
 export * from "./IxElasticache.js";

package/src/lib/auth/oidc.ts

@@ -31,24 +31,18 @@ export async function verifyAccessToken<SafeVerify extends boolean = false>({
     : JWTPayload
 > {
   try {
-    console.debug("Discovered JWKS URI aa:", issuerUrl);
     const issuer = await Issuer.discover(issuerUrl);
-    console.debug("Discovered JWKS URI aa 2");
     const jwksUri = issuer.metadata.jwks_uri;
     if (!jwksUri) {
       throw new Error("JWKS URI not found in issuer metadata");
     }
-    console.debug("Discovered JWKS URI:", jwksUri);
     const JWKS = createRemoteJWKSet(new URL(jwksUri));
-    console.debug("Discovered JWKS URI 1");
 
     // Verify the signature and basic claims
     const { payload } = await jwtVerify(token, JWKS, {
       issuer: issuer.metadata.issuer,
     });
 
-    console.debug("Discovered JWKS URI 2");
-
     const tokenAud = payload.aud ?? payload.client_id;
     let audienceMatches = false;
     for (const aud of Array.isArray(tokenAud) ? tokenAud : [tokenAud]) {

package/src/lib/utils/objects.ts

@@ -4,7 +4,11 @@ export function remapKeys<
 >(
   object: SourceObject,
   keyMap: Readonly<MapObject>,
-): { [k in keyof SourceObject]: MapObject[k] } {
+): {
+  [k in keyof SourceObject as k extends keyof MapObject
+    ? MapObject[k]
+    : k]: SourceObject[k];
+} {
   return Object.fromEntries(
     Object.entries(object).map(([key, value]) => {
       // @ts-expect-error the typing for map() reduces keys to general string

package/dist/lib/proxy/fetch.d.ts

@@ -1,4 +0,0 @@
-import { fetch as undiciFetch } from "undici";
-export declare function setupProxyGlobally(): void;
-export declare function getProxiedFetch(): typeof undiciFetch;
-//# sourceMappingURL=fetch.d.ts.map

package/dist/lib/proxy/fetch.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../../../src/lib/proxy/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,IAAI,WAAW,EACrB,MAAM,QAAQ,CAAC;AAGhB,wBAAgB,kBAAkB,SAcjC;AAED,wBAAgB,eAAe,uBAY9B"}

package/dist/lib/proxy/fetch.js

@@ -1,27 +0,0 @@
-import { setGlobalDispatcher, EnvHttpProxyAgent, fetch as undiciFetch, } from "undici";
-import { bootstrap } from "global-agent";
-export function setupProxyGlobally() {
-    // To cover libraries that use fetch
-    // See https://nodejs.org/api/globals.html#custom-dispatcher
-    // This might stop being needed at some point: https://github.com/actions/create-github-app-token/pull/143#discussion_r1747641337
-    const envHttpProxyAgent = new EnvHttpProxyAgent();
-    setGlobalDispatcher(envHttpProxyAgent);
-    // To cover libraries that use the http/https object
-    if (!process.env.GLOBAL_AGENT_HTTP_PROXY) {
-        process.env.GLOBAL_AGENT_HTTP_PROXY = process.env.HTTP_PROXY;
-        process.env.GLOBAL_AGENT_HTTPS_PROXY =
-            process.env.HTTPS_PROXY ?? process.env.HTTP_PROXY;
-    }
-    bootstrap();
-}
-export function getProxiedFetch() {
-    const fetch = (input, init = {}) => {
-        console.log("Using proxied fetch for request to:", input);
-        if (init.dispatcher) {
-            console.warn("A custom dispatcher was provided to fetch but this is ignored as a proxy agent is being used.");
-        }
-        const envHttpProxyAgent = new EnvHttpProxyAgent();
-        return undiciFetch(input, { ...init, dispatcher: envHttpProxyAgent });
-    };
-    return fetch;
-}

package/dist/lib/proxy/index.d.ts

@@ -1,2 +0,0 @@
-export * from "./fetch.js";
-//# sourceMappingURL=index.d.ts.map

package/dist/lib/proxy/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/proxy/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC"}

package/dist/lib/proxy/index.js

@@ -1 +0,0 @@
-export * from "./fetch.js";

package/src/lib/proxy/fetch.ts

@@ -1,36 +0,0 @@
-import {
-  setGlobalDispatcher,
-  EnvHttpProxyAgent,
-  fetch as undiciFetch,
-} from "undici";
-import { bootstrap } from "global-agent";
-
-export function setupProxyGlobally() {
-  // To cover libraries that use fetch
-  // See https://nodejs.org/api/globals.html#custom-dispatcher
-  // This might stop being needed at some point: https://github.com/actions/create-github-app-token/pull/143#discussion_r1747641337
-  const envHttpProxyAgent = new EnvHttpProxyAgent();
-  setGlobalDispatcher(envHttpProxyAgent);
-
-  // To cover libraries that use the http/https object
-  if (!process.env.GLOBAL_AGENT_HTTP_PROXY) {
-    process.env.GLOBAL_AGENT_HTTP_PROXY = process.env.HTTP_PROXY;
-    process.env.GLOBAL_AGENT_HTTPS_PROXY =
-      process.env.HTTPS_PROXY ?? process.env.HTTP_PROXY;
-  }
-  bootstrap();
-}
-
-export function getProxiedFetch() {
-  const fetch: typeof undiciFetch = (input, init = {}) => {
-    console.log("Using proxied fetch for request to:", input);
-    if (init.dispatcher) {
-      console.warn(
-        "A custom dispatcher was provided to fetch but this is ignored as a proxy agent is being used.",
-      );
-    }
-    const envHttpProxyAgent = new EnvHttpProxyAgent();
-    return undiciFetch(input, { ...init, dispatcher: envHttpProxyAgent });
-  };
-  return fetch;
-}

package/src/lib/proxy/index.ts

@@ -1 +0,0 @@
-export * from "./fetch.js";