@inizioevoke/evosynth 1.6.0

package/readme.md

@@ -0,0 +1,114 @@
+# @inizioevoke/evosynth
+
+EvoSynth/EvoGen is an npm package providing reusable AWS CDK stacks for deploying static serverless websites. It targets S3 + CloudFront + Route53 + ACM + WAF + CodePipeline architectures.
+
+## Prerequisites
+- [CDK v2.238.x](https://docs.aws.amazon.com/cdk/v2/guide/home.html)
+- Node version 22+
+- AWS Account ID, a configured profile, or other credentials
+- CodeConnection ARN or SSM Parameter Store path of a shared connection ARN
+- A WAF web ACL ARN or SSM Parameter Store path of a shared ACL ARN
+- The Bitbucket or GitHub repository
+
+## Project configuration
+
+- Copy the buildspec.yml on your Bitbucket Repo and the build configuration
+- Update/Configure the Stack example below
+
+
+## Example App
+
+```typescript
+import * as cdk from 'aws-cdk-lib/core';
+import { CloudFrontFunctionRedirects } from '@inizioevoke/evosynth/constructs/cloudfront';
+import { WebStaticServerlessStage } from '@inizioevoke/evosynth/stages/web-static-serverless-stage';
+import { AddSourceStageParams } from '@inizioevoke/evosynth/constructs/codepipeline'; 
+
+const app = new cdk.App();
+
+const env = getEnv('us-east-1');
+// const env = getEnv('000000000000');
+// const env = getEnv({ account: '000000000000', region: 'us-east-1' });
+
+const tags: Record<string, string> = {
+  'Account': 'Account Name',
+  'Brand': 'Brand Name'
+};
+
+const repository: Omit<AddSourceStageParams, 'branch'> = {
+  codestarConnection: 'ARN',
+  // codestarConnection: { path: '/my/connection/arn' },
+  repoOwner: 'evokegroup',
+  repo: 'myproject-v1'
+};
+
+const redirects: CloudFrontFunctionRedirects = {
+  paths: {
+    '/hello': '/world',
+    '/redirect': ['/here', 302]
+  }
+};
+
+new WebStaticServerlessStage(app, 'dev', {
+  env,
+  stageName: 'myproject-v1-dev',
+  tags,
+  envType: 'NOT_PROD',
+  description: 'My Project DEV',
+  hostedZone: 'evodev.net',
+  domainName: 'myproject-v1.evodev.net',
+  basicAuth: {
+    user: 'user',
+    password: 'password'
+  },
+  // basicAuth: 'dXNlcjpwYXNzd29yZA==',
+  // basicAuth: { path: '/my/basicAuth/credentials' }
+  webAcl: 'ARN',
+  // webAcl: { path: '/my/webacl/arn' },
+  // webAcl: true, // create new, but you probably should reuse one
+  redirects,
+  pipeline: {
+    sourceStage: {
+      ...repository,
+      branch: 'develop'
+    }
+  }
+});
+
+new WebStaticServerlessStage(app, 'prd', {
+  env,
+  stageName: 'myproject-v1-prd',
+  tags,
+  envType: 'PROD',
+  description: 'My Project PRD',
+  hostedZone: 'myproject.com',
+  domainName: 'www.myproject.com',
+  webAcl: 'ARN',
+  // webAcl: { path: '/my/webacl/arn' },
+  // webAcl: true, // create new, but you probably should reuse one
+  redirects,
+  pipeline: {
+    sourceStage: {
+      ...repository,
+      branch: 'prod'
+    }
+  }
+});
+```
+
+
+Win
+```
+cdk deploy dev/*
+```
+```
+cdk deploy prd/*
+```
+
+MacOS
+```
+cdk deploy "dev/*" 
+```
+```
+cdk deploy "prd/*"  
+```

package/samples/app.ts

@@ -0,0 +1,103 @@
+#!/usr/bin/env node
+import * as cdk from 'aws-cdk-lib/core';
+import { getEnv } from '@inizioevoke/evosynth';
+import { CloudFrontFunctionRedirects } from '@inizioevoke/evosynth/constructs/cloudfront';
+import { WebStaticServerlessStage } from '@inizioevoke/evosynth/stages/web-static-serverless-stage';
+import { AddSourceStageParams } from '@inizioevoke/evosynth/constructs/codepipeline';
+
+const app = new cdk.App();
+
+const env = getEnv('us-east-1');
+// const env = getEnv('000000000000');
+// const env = getEnv({ account: '000000000000', region: 'us-east-1' });
+
+const tags: Record<string, string> = {
+  'Account': 'Account Name',
+  'Brand': 'Brand Name'
+};
+
+const repository: Omit<AddSourceStageParams, 'branch'> = {
+  codestarConnection: { path: '/evosynth/provider/codeconnection' },
+  // codestarConnection: 'ARN',
+  repoOwner: 'orgname',
+  repo: 'myproject-v1'
+};
+
+const redirects: CloudFrontFunctionRedirects = {
+  paths: {
+    '/hello': '/world',
+    '/redirect': ['/here', 302]
+  }
+};
+
+new WebStaticServerlessStage(app, 'dev', {
+  env,
+  stageName: 'myproject-v1-dev',
+  tags,
+  envType: 'NOT_PROD',
+  description: 'My Project DEV',
+  hostedZone: 'evodev.net',
+  domainName: 'myproject-v1.evodev.net',
+  basicAuth: { path: '/evosynth/web/security/basicauth' },
+  // basicAuth: {
+  //   user: 'user',
+  //   password: 'password'
+  // },
+  // basicAuth: 'dXNlcjpwYXNzd29yZA==',
+  webAcl: { path: '/evosynth/web/security/webacl' },
+  // webAcl: 'ARN',
+  // webAcl: true, // create new, but you probably should reuse one,
+  redirects,
+  pipeline: {
+    sourceStage: {
+      ...repository,
+      branch: 'develop'
+    }
+  }
+});
+
+new WebStaticServerlessStage(app, 'uat', {
+  env,
+  stageName: 'myproject-v1-uat',
+  tags,
+  envType: 'NOT_PROD',
+  description: 'My Project UAT',
+  hostedZone: 'evostg.net',
+  domainName: 'myproject-v1.evostg.net',
+  basicAuth: { path: '/evosynth/web/security/basicauth' },
+  // basicAuth: {
+  //   user: 'user',
+  //   password: 'password'
+  // },
+  // basicAuth: 'dXNlcjpwYXNzd29yZA==',
+  webAcl: { path: '/evosynth/web/security/webacl' },
+  // webAcl: 'ARN',
+  // webAcl: true, // create new, but you probably should reuse one,
+  redirects,
+  pipeline: {
+    sourceStage: {
+      ...repository,
+      branch: 'uat'
+    }
+  }
+});
+
+new WebStaticServerlessStage(app, 'prd', {
+  env,
+  stageName: 'myproject-v1-prd',
+  tags,
+  envType: 'PROD',
+  description: 'My Project PRD',
+  hostedZone: 'myproject.com',
+  domainName: 'www.myproject.com',
+  webAcl: { path: '/evosynth/web/security/webacl' },
+  // webAcl: 'ARN',
+  // webAcl: true, // create new, but you probably should reuse one
+  redirects,
+  pipeline: {
+    sourceStage: {
+      ...repository,
+      branch: 'prod'
+    }
+  }
+});

package/samples/codebuild/buildspec.yml

@@ -0,0 +1,24 @@
+version: 0.2
+
+env:
+  variables:
+    # NODE_ENV: production
+    S3_BUCKET_NAME:
+    CLOUDFRONT_DISTRIBUTION_ID:
+
+phases:
+  install:
+    runtime-versions:
+      nodejs: 24
+    commands:
+      - npm install
+  build:
+    commands:
+      - npm run build
+  post_build:
+    commands:
+      - '[ ${CODEBUILD_BUILD_SUCCEEDING:-0} -eq 1 ] || exit 1'
+      - echo "Syncing to S3"
+      - aws s3 sync dist s3://${S3_BUCKET_NAME}/ --delete
+      - echo "Invalidating CloudFront"
+      - aws cloudfront create-invalidation --distribution-id ${CLOUDFRONT_DISTRIBUTION_ID} --paths "/*"

package/samples/config/redirects.csv

@@ -0,0 +1,6 @@
+source,destination,http_code
+/old-page,/new-page,301
+/temp-redirect,/other-page,302
+/moa,/moa-video,307
+/legacy,/new,308
+/about-us,/about,

package/src/constructs/certificatemanager.ts

@@ -0,0 +1,28 @@
+import { RemovalPolicy } from "aws-cdk-lib";
+import { Construct } from 'constructs';
+import { Certificate, CertificateValidation } from "aws-cdk-lib/aws-certificatemanager";
+import { IHostedZone } from "aws-cdk-lib/aws-route53";
+import { tagResource } from "../lib/tags.ts";
+import { ResourceProps } from "../lib/types.js";
+
+export interface SSLCertificateProps extends ResourceProps {
+  hostedZone: IHostedZone;
+  domainName: string;
+}
+
+export class SSLCertificate extends Construct {
+  public readonly certificate: Certificate;
+
+  constructor(scope: Construct, id: string, props: SSLCertificateProps) {
+    super(scope, id);
+
+    this.certificate = new Certificate(this, `Certificate-${props.domainName}`, {
+      domainName: props.domainName,
+      validation: CertificateValidation.fromDns(props.hostedZone),
+    });
+    tagResource(this.certificate, props.tags);
+    if (typeof props.destroy == 'boolean') {
+      this.certificate.applyRemovalPolicy(props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN);
+    }
+  }
+}

package/src/constructs/cloudfront.ts

@@ -0,0 +1,148 @@
+import { resolve } from 'node:path';
+import { readFileSync } from 'node:fs';
+import { RemovalPolicy } from "aws-cdk-lib";
+import { Construct } from 'constructs';
+import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager';
+import { BehaviorOptions, Distribution, Function, FunctionCode, FunctionRuntime, PriceClass } from 'aws-cdk-lib/aws-cloudfront';
+import { tagResource } from '../lib/tags.js';
+import { parseCsvRedirects } from '../lib/csv-redirects.js';
+import type { ResourceProps } from '../lib/types.js';
+
+const __dirname = import.meta.dirname;
+
+export interface CloudFrontDistributionProps extends ResourceProps {
+  domainName: string;
+  description?: string;
+  defaultBehavior: BehaviorOptions;
+  additionalBehaviors?: Record<string, BehaviorOptions>;
+  priceClass?: 'PRICE_CLASS_ALL' | 'PRICE_CLASS_100' | 'PRICE_CLASS_200' | 'NOT_PROD' | 'PROD';
+  certificate: ICertificate;
+  webAclId?: string;
+}
+export class CloudFrontDistribution extends Construct {
+  public readonly distribution: Distribution;
+
+  constructor(scope: Construct, id: string, props: CloudFrontDistributionProps) {
+    super(scope, id);
+
+    let priceClass = PriceClass.PRICE_CLASS_ALL;
+    switch (props.priceClass) {
+      case 'NOT_PROD':
+      case 'PRICE_CLASS_100':
+        priceClass = PriceClass.PRICE_CLASS_100;
+        break;
+      case 'PRICE_CLASS_200':
+        priceClass = PriceClass.PRICE_CLASS_200;
+        break;
+    }
+
+    this.distribution = new Distribution(this, `${id}|CloudFrontDistribution`, {
+      comment: props.description,
+      defaultBehavior: props.defaultBehavior,
+      additionalBehaviors: props.additionalBehaviors,
+      domainNames: [props.domainName],
+      certificate: props.certificate,
+      priceClass,
+      webAclId: props.webAclId
+    });
+    tagResource(this.distribution, props.tags);
+    if (typeof props.destroy == 'boolean') {
+      this.distribution.applyRemovalPolicy(props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN);
+    }
+  }
+}
+
+export type HttpRedirectCode = 301 | 302 | 303 | 307 | 308;
+export type CloudFrontFunctionRedirectPaths = Record<string, string | [string, HttpRedirectCode]>;
+
+export interface CloudFrontFunctionRedirects {
+  trailingSlash?: boolean;
+  defaultDocument?: string;
+  redirectDefaultDocument?: boolean;
+  paths?: CloudFrontFunctionRedirectPaths;
+  pathsCsvFile?: string;
+}
+
+export interface ViewerRequestResponseFunctionProps extends ResourceProps {
+  functionName?: string;
+  defaultDocument?: string;
+  redirects?: CloudFrontFunctionRedirects;
+  redirectsCsvPath?: string;
+  credentials?: string;
+  code: string;
+}
+
+export interface DefaultDocFunctionProps extends ResourceProps, Pick<ViewerRequestResponseFunctionProps, 'functionName' | 'defaultDocument' | 'redirects' | 'redirectsCsvPath'> {
+  functionName?: string;
+  defaultDocument?: string;
+  redirects?: CloudFrontFunctionRedirects;
+  redirectsCsvPath?: string;
+}
+
+export interface BasicAuthDefaultDocFunctionProps extends DefaultDocFunctionProps {
+  credentials: string;
+}
+
+
+export interface CloudFrontFunctionProps extends ResourceProps {
+  code: string;
+  functionName?: string;
+  runtime?: 'JS_1_0' | 'JS_2_0';
+}
+export class CloudFrontFunction extends Construct {
+  public readonly fn: Function;
+
+  constructor(scope: Construct, id: string, props: CloudFrontFunctionProps) {
+    super(scope, id);
+
+    this.fn = new Function(this, 'CloudFrontFunction', {
+      functionName: props.functionName,
+      runtime: FunctionRuntime[props.runtime ?? 'JS_2_0'],
+      code: FunctionCode.fromInline(props.code)
+    });
+    tagResource(this.fn, props.tags);
+
+    if (typeof props.destroy == 'boolean') {
+      this.fn.applyRemovalPolicy(props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN);
+    }
+  }
+
+  static createDefaultDoc(scope: Construct, props: DefaultDocFunctionProps) {
+    const code = readFileSync(resolve(__dirname, '../templates/cffn-default-doc.js'), 'utf8');
+
+    return this.createViewerRequestResponseFunction(scope, 'DefaultDocFunction', {
+      ...props,
+      credentials: '',
+      code
+    });
+  }
+
+  static createBasicAuthDefaultDoc(scope: Construct, props: BasicAuthDefaultDocFunctionProps) {
+    const code = readFileSync(resolve(__dirname, '../templates/cffn-default-doc-basic-auth.js'), 'utf8');
+
+    return this.createViewerRequestResponseFunction(scope, 'BasicAuthDefaultDocFunction', {
+      ...props,
+      code
+    });
+
+  }
+
+  static createViewerRequestResponseFunction(scope: Construct, id: string | null, props: ViewerRequestResponseFunctionProps) {
+    const csvPath = props.redirects?.pathsCsvFile ?? props.redirectsCsvPath;
+    const redirectPaths = csvPath ? parseCsvRedirects(csvPath) : (props.redirects?.paths ?? {});
+    const hasRedirects = Object.keys(redirectPaths).length > 0;
+
+    props.code = props.code
+      .replace('__DEFAULT_DOCUMENT__', props.defaultDocument ?? 'index.html')
+      .replace('__CREDENTIALS__', props.credentials ?? 'Og==')
+      .replace('__REDIRECTS__', hasRedirects ? JSON.stringify(redirectPaths) : 'null')
+      .replace('__TRAILING_SLASH__', props.redirects?.trailingSlash?.toString() ?? 'null')
+      .replace('__REDIR_DEF_DOC__', props.redirects?.redirectDefaultDocument?.toString() ?? 'false');
+
+    return new CloudFrontFunction(scope, id || 'ViewerRequestResponseFunction', {
+      functionName: props.functionName,
+      runtime: 'JS_2_0',
+      code: props.code
+    });
+  }
+}

package/src/constructs/codebuild.ts

@@ -0,0 +1,124 @@
+import { RemovalPolicy } from "aws-cdk-lib";
+import { Construct } from 'constructs';
+import { BuildEnvironmentVariableType, BuildSpec, ComputeType, IBuildImage, LinuxBuildImage, PipelineProject } from 'aws-cdk-lib/aws-codebuild';
+import { Repository } from "aws-cdk-lib/aws-ecr";
+import { PolicyStatement } from 'aws-cdk-lib/aws-iam';
+import { Bucket } from 'aws-cdk-lib/aws-s3';
+import { IStringParameter, StringParameter } from 'aws-cdk-lib/aws-ssm';
+import { tagResource } from "../lib/tags.js";
+import { ResourceProps } from "../lib/types.js";
+import { SsmStringParameter as _SsmStringParameter } from '../lib/types.ts';
+
+export type EnvironmentVariables = Record<string, { value: any, type?: BuildEnvironmentVariableType }>;
+
+interface SsmStringParameter extends _SsmStringParameter {
+  encrypted?: boolean;
+}
+export interface EcrBuildImage {
+  repository: string;
+  tag: string;
+}
+export interface CodeBuildPipelineProjectProps extends ResourceProps {
+  projectName?: string;
+  buildSpec?: string | object;
+  buildImage?: ('STANDARD_5_0' | 'STANDARD_6_0' | 'STANDARD_7_0') | IBuildImage;
+  ecrBuildImage?: EcrBuildImage,
+  computeType?: ('SMALL' | 'MEDIUM' | 'LARGE' | 'X_LARGE' | 'X2_LARGE') | string;
+  environmentVariables?: EnvironmentVariables;
+  cloudFrontDistributionArn?: string;
+  s3BucketName?: string;
+  ssmParameters?: SsmStringParameter[];
+}
+
+export class CodeBuildPipelineProject extends Construct {
+  public readonly project: PipelineProject;
+
+  constructor(scope: Construct, id: string, props: CodeBuildPipelineProjectProps) {
+    super(scope, id);
+
+    if (!props.environmentVariables) {
+      props.environmentVariables = {};
+    }
+    if (props.cloudFrontDistributionArn && !props.environmentVariables.CLOUDFRONT_DISTRIBUTION_ID) {
+      props.environmentVariables.CLOUDFRONT_DISTRIBUTION_ID = {
+        value: props.cloudFrontDistributionArn.split('/').pop()
+      };
+    }
+
+    if (props.s3BucketName && !props.environmentVariables.S3_BUCKET_NAME) {
+      props.environmentVariables.S3_BUCKET_NAME = {
+        value: props.s3BucketName
+      };
+    }
+
+    let buildImage: IBuildImage | undefined = undefined;
+    if (props.ecrBuildImage) {
+      const repository = props.ecrBuildImage.repository.startsWith('arn:aws') ? 
+        Repository.fromRepositoryArn(this, 'EcrRepository', props.ecrBuildImage.repository) :
+        Repository.fromRepositoryName(this, 'EcrRepository', props.ecrBuildImage.repository);
+      buildImage = LinuxBuildImage.fromEcrRepository(repository, props.ecrBuildImage.tag);
+    } else if (props.buildImage) {
+      if (typeof props.buildImage == 'string') {
+        buildImage = LinuxBuildImage[props.buildImage ?? 'STANDARD_7_0']
+      } else {
+        buildImage = props.buildImage as IBuildImage;
+      }
+    }
+
+    this.project = new PipelineProject(this, 'CodeBuildPipelineProjectProps', {
+      projectName: props.projectName,
+      buildSpec: props.buildSpec ? typeof props.buildSpec == 'object' ? BuildSpec.fromObjectToYaml(props.buildSpec) : BuildSpec.fromSourceFilename(props.buildSpec ?? 'buildspec.yml') : undefined,
+      environment: {
+        buildImage: buildImage ?? LinuxBuildImage.STANDARD_7_0,
+        computeType: ComputeType[props.computeType as (keyof typeof ComputeType | undefined) ?? 'SMALL'],
+        environmentVariables: props.environmentVariables
+      }
+    });
+    tagResource(this.project, props.tags);
+    if (typeof props.destroy == 'boolean') {
+      this.project.applyRemovalPolicy(props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN);
+    }
+
+    // Add CloudWatch log permissions
+    this.project.addToRolePolicy(new PolicyStatement({
+      actions: [
+        'logs:CreateLogGroup',
+        'logs:CreateLogStream',
+        'logs:PutLogEvents'
+      ],
+      resources: [this.project.projectArn]
+    }));
+
+    // Allow the project to create an invalidation
+    if (props.cloudFrontDistributionArn) {
+      this.project.addToRolePolicy(new PolicyStatement({
+        actions: ['cloudfront:CreateInvalidation'],
+        resources: [props.cloudFrontDistributionArn]
+      }));
+    }
+
+    // Allow the project to sync files to S3
+    if (props.s3BucketName) {
+      const s3Bucket = Bucket.fromBucketName(this, 'S3BucketByName', props.s3BucketName);
+      s3Bucket.grantReadWrite(this.project);
+    }
+
+    if (props.ssmParameters) {
+      for (const param of props.ssmParameters) {
+        let strParam: IStringParameter;
+        if (param.encrypted) {
+          strParam = StringParameter.fromSecureStringParameterAttributes(this, param.path, {
+            parameterName: param.path,
+            version: param.version
+          });
+        } else {
+          strParam = StringParameter.fromStringParameterAttributes(this, param.path, {
+            parameterName: param.path,
+            version: param.version
+          });
+        }
+        strParam.grantRead(this.project);
+      }
+    }
+  }
+}

package/src/constructs/codepipeline.ts

@@ -0,0 +1,93 @@
+import { RemovalPolicy, PhysicalName, Aws } from "aws-cdk-lib";
+import { Construct } from 'constructs';
+import { IProject } from "aws-cdk-lib/aws-codebuild";
+import { Artifact, Pipeline } from "aws-cdk-lib/aws-codepipeline";
+import { CodeBuildAction, CodeStarConnectionsSourceAction } from "aws-cdk-lib/aws-codepipeline-actions";
+import { Bucket } from 'aws-cdk-lib/aws-s3';
+import { StringParameter } from 'aws-cdk-lib/aws-ssm';
+
+import type { EnvironmentVariables } from './codebuild.js';
+import { tagResource } from "../lib/tags.js";
+import { ResourceProps, SsmStringParameter } from "../lib/types.js";
+
+export interface AddSourceStageParams {
+  stageName?: string;
+  codestarConnection: string | SsmStringParameter;
+  repoOwner: string;
+  repo: string;
+  branch: string;
+  artifactFormat: 'default' | 'fullClone'
+}
+export interface AddBuildStageParams {
+  stageName?: string;
+  codeBuildProject: IProject;
+  sourceArtifact: Artifact;
+  environmentVariables?: EnvironmentVariables;
+}
+
+export interface CodePipelineProjectProps extends ResourceProps {
+  pipelineName?: string;
+}
+export class CodePipelineProject extends Construct {
+  public readonly s3Bucket: Bucket;
+  public readonly pipeline: Pipeline;
+
+  constructor(scope: Construct, id: string, props: CodePipelineProjectProps) {
+    super(scope, id);
+
+    this.s3Bucket = new Bucket(this, 'CodePipelineArtifactBucket', {
+      bucketName: PhysicalName.GENERATE_IF_NEEDED,
+      removalPolicy: props.destroy !== undefined ? props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN : undefined,
+      autoDeleteObjects: props.destroy === true ? true : undefined
+    });
+    tagResource(this.s3Bucket, props.tags);
+
+    this.pipeline = new Pipeline(this, 'CodePipelineProject', {
+      pipelineName: props.pipelineName,
+      artifactBucket: this.s3Bucket
+    });
+
+    tagResource(this.pipeline, props.tags);
+    if (typeof props.destroy == 'boolean') {
+      this.pipeline.applyRemovalPolicy(props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN);
+    }
+  }
+
+  addSourceStage(params: AddSourceStageParams): Artifact {
+    const artifact = new Artifact();
+
+    const connectionArn: string = typeof params.codestarConnection == 'string' ?
+       params.codestarConnection :
+       StringParameter.valueForStringParameter(this, (params.codestarConnection as SsmStringParameter).path, (params.codestarConnection as SsmStringParameter).version);
+
+    this.pipeline.addStage({
+      stageName: params.stageName ?? 'Source',
+      actions: [
+        new CodeStarConnectionsSourceAction({
+          actionName: params.stageName ?? 'Source',
+          output: artifact,
+          connectionArn,
+          owner: params.repoOwner,
+          repo: params.repo,
+          branch: params.branch,
+          codeBuildCloneOutput: params.artifactFormat === 'fullClone'
+        })
+      ]
+    });
+    return artifact;
+  }
+
+  addBuildStage(params: AddBuildStageParams) {
+    this.pipeline.addStage({
+      stageName: params.stageName ?? 'Build',
+      actions: [
+        new CodeBuildAction({
+          actionName: params.stageName ?? 'Build',
+          project: params.codeBuildProject,
+          input: params.sourceArtifact,
+          environmentVariables: params.environmentVariables
+        })
+      ]
+    });
+  }
+}

package/src/constructs/route53.ts

@@ -0,0 +1,34 @@
+import { IDistribution } from "aws-cdk-lib/aws-cloudfront";
+import { ARecord, AaaaRecord, HostedZone, IHostedZone, RecordTarget } from "aws-cdk-lib/aws-route53";
+import { CloudFrontTarget } from "aws-cdk-lib/aws-route53-targets";
+import { Construct } from "constructs";
+
+export interface CloudFrontAliasProps {
+  hostedZone: IHostedZone;
+  domainName: string;
+  distribution: IDistribution; 
+}
+export class CloudFrontAlias extends Construct {
+  public readonly aRecord: ARecord;
+  public readonly aaaaRecord: AaaaRecord;
+
+  constructor(scope: Construct, id: string, props: CloudFrontAliasProps) {
+    super(scope, id);
+
+    this.aRecord = new ARecord(this, `ARecord-${props.domainName}`, {
+      zone: props.hostedZone,
+      target: RecordTarget.fromAlias(new CloudFrontTarget(props.distribution)),
+      recordName: props.domainName
+    });
+
+    this.aaaaRecord = new AaaaRecord(this, `AaaaRecord-${props.domainName}`, {
+      zone: props.hostedZone,
+      target: RecordTarget.fromAlias(new CloudFrontTarget(props.distribution)),
+      recordName: props.domainName
+    });
+  }
+}
+
+export function getHostedZone(scope: Construct, id: string, domainName: string) {
+  return HostedZone.fromLookup(scope, `getHostedZone-${domainName}`, { domainName });
+}