@inizioevoke/evosynth 1.8.0 → 2.0.0

package/src/constructs/codebuild.ts

@@ -11,7 +11,33 @@ import type { ResourceProps } from "../types.d.ts";
 
 export type EnvironmentVariables = Record<string, { value: any, type?: BuildEnvironmentVariableType }>;
 
-interface SsmParameter extends SsmStringParameter {
+export type CodeBuildImageId = 
+  'aws/codebuild/amazonlinux2-aarch64-standard:1.0' | 
+  'aws/codebuild/amazonlinux2-x86_64-standard:2.0' |
+  'aws/codebuild/amazonlinux2-x86_64-standard:3.0' |
+  'aws/codebuild/amazonlinux-x86_64-standard:4.0' |
+  'aws/codebuild/amazonlinux-x86_64-standard:5.0' |
+  'aws/codebuild/amazonlinux-x86_64-standard:6.0' |
+  'aws/codebuild/amazonlinux-x86_64-standard:corretto8' |
+  'aws/codebuild/amazonlinux-x86_64-standard:corretto11' |
+  'aws/codebuild/amazonlinux-aarch64-standard:2.0' |
+  'aws/codebuild/amazonlinux-aarch64-standard:3.0' |
+  'aws/codebuild/standard:3.0' |
+  'aws/codebuild/standard:4.0' | 
+  'aws/codebuild/standard:5.0' | // nodejs 12, 14
+  'aws/codebuild/standard:6.0' | // nodejs 16
+  'aws/codebuild/standard:7.0' | // nodejs 18, 20, 22, 24
+  'aws/codebuild/standard:8.0' | // nodejs 22, 24
+  'aws/codebuild/windows-base:2019-1.0' |
+  'aws/codebuild/windows-base:2019-2.0' |
+  'aws/codebuild/windows-base:2019-3.0' |
+  'aws/codebuild/windows-base:2022-1.0' |
+  (string & {});
+
+export type CodeBuildComputeType = 'SMALL' | 'MEDIUM' | 'LARGE' | 'X_LARGE' | 'X2_LARGE' | (string & {});
+export type CodeBuildNodeJs = 12 | 14 | 16 | 18 | 20 | 22 | 24 | (number & {});
+
+export interface CodeBuildSsmParameter extends SsmStringParameter {
   encrypted?: boolean;
 }
 export interface EcrBuildImage {
@@ -21,13 +47,15 @@ export interface EcrBuildImage {
 export interface CodeBuildPipelineProjectProps extends ResourceProps {
   projectName?: string;
   buildSpec?: string | object;
-  buildImage?: ('STANDARD_5_0' | 'STANDARD_6_0' | 'STANDARD_7_0') | IBuildImage;
   ecrBuildImage?: EcrBuildImage,
-  computeType?: ('SMALL' | 'MEDIUM' | 'LARGE' | 'X_LARGE' | 'X2_LARGE') | string;
+  buildImage?: IBuildImage;
+  buildImageNodeJS?: CodeBuildNodeJs;
+  buildImageId?: CodeBuildImageId;
+  computeType?: CodeBuildComputeType;
   environmentVariables?: EnvironmentVariables;
   cloudFrontDistributionArn?: string;
   s3BucketName?: string;
-  ssmParameters?: SsmParameter[];
+  ssmParameters?: CodeBuildSsmParameter[];
 }
 
 export class CodeBuildPipelineProject extends Construct {
@@ -58,12 +86,27 @@ export class CodeBuildPipelineProject extends Construct {
         Repository.fromRepositoryName(this, 'EcrRepository', props.ecrBuildImage.repository);
       buildImage = LinuxBuildImage.fromEcrRepository(repository, props.ecrBuildImage.tag);
     } else if (props.buildImage) {
-      if (typeof props.buildImage == 'string') {
-        buildImage = LinuxBuildImage[props.buildImage ?? 'STANDARD_7_0']
-      } else {
-        buildImage = props.buildImage as IBuildImage;
+      buildImage = props.buildImage as IBuildImage;
+    } else if (props.buildImageNodeJS) {
+      let standard = 8;
+      switch (props.buildImageNodeJS) {
+        case 12:
+        case 14:
+          standard = 5;
+          break;
+        case 16:
+          standard = 6;
+          break;
+        case 18:
+        case 20:
+          standard = 7;
+          break;
       }
-    }
+      buildImage = LinuxBuildImage.fromCodeBuildImageId(`aws/codebuild/standard:${standard}.0`);
+    } else if (props.buildImageId) {
+      buildImage = LinuxBuildImage.fromCodeBuildImageId(props.buildImageId);
+    } 
+    
 
     this.project = new PipelineProject(this, 'CodeBuildPipelineProjectProps', {
       projectName: props.projectName,

package/src/constructs/codepipeline.ts

@@ -1,7 +1,7 @@
 import { RemovalPolicy, PhysicalName, Aws } from "aws-cdk-lib";
 import { Construct } from 'constructs';
 import { IProject } from "aws-cdk-lib/aws-codebuild";
-import { Artifact, Pipeline } from "aws-cdk-lib/aws-codepipeline";
+import { Artifact, Pipeline, PipelineType } from "aws-cdk-lib/aws-codepipeline";
 import { CodeBuildAction, CodeStarConnectionsSourceAction } from "aws-cdk-lib/aws-codepipeline-actions";
 import { Bucket } from 'aws-cdk-lib/aws-s3';
 import { StringParameter } from 'aws-cdk-lib/aws-ssm';
@@ -45,7 +45,8 @@ export class CodePipelineProject extends Construct {
 
     this.pipeline = new Pipeline(this, 'CodePipelineProject', {
       pipelineName: props.pipelineName,
-      artifactBucket: this.s3Bucket
+      artifactBucket: this.s3Bucket,
+      pipelineType: PipelineType.V2
     });
 
     tagResource(this.pipeline, props.tags);

package/src/index.ts

@@ -1,6 +1,7 @@
 import { Environment } from "aws-cdk-lib";
 
-export * from './lib/tags.ts';
+export * from './lib/tags.js';
+export * from './cli/index.js';
 
 interface GetEnvParams { 
   account?: number | string;

package/src/stacks/web-static-serverless/web-global-stack.ts

@@ -17,18 +17,7 @@ import { CloudFrontWebAcl } from '../../constructs/waf.js';
 import { domainAsId } from '../../lib/utils.js';
 import { addEvoStackTags } from '../../lib/tags.ts';
 import { S3BucketOrigin } from 'aws-cdk-lib/aws-cloudfront-origins';
-import type { BasicAuthCredentials, CspHeaders } from '../../types.d.ts';
-
-
-type AWSManagedResponseHeadersPolicy = 
-  'CORS_ALLOW_ALL_ORIGINS' |
-  'CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS' |
-  'CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT' |
-  'CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS' |
-  'SECURITY_HEADERS';
-
-type UUID = `${string}-${string}-${string}-${string}-${string}`;
-type CloudFrontFunctionEventType = keyof typeof FunctionEventType;
+import type { BasicAuthCredentials, CspHeaders, CloudFrontFunctionEventType, UUID, AWSManagedResponseHeadersPolicy } from '../../types.d.ts';
 
 export interface WebGlobalStackProps {
   envType: 'NOT_PROD' | 'PROD';
@@ -38,14 +27,14 @@ export interface WebGlobalStackProps {
   domainName: string;
   basicAuth?: string | BasicAuthCredentials | SsmStringParameter;
   cloudfrontFunction?: {
-    eventType: CloudFrontFunctionEventType[];
     code: string;
+    eventType: CloudFrontFunctionEventType[];
   }
   redirects?: CloudFrontFunctionRedirects;
   redirectsCsvPath?: string;
   // attachWebAcl?: boolean | string;
   webAcl?: boolean | string | SsmStringParameter;
-  responseHeadersPolicy?: false | AWSManagedResponseHeadersPolicy | 'NONE' | UUID | SsmStringParameter;
+  responseHeadersPolicy?: false | AWSManagedResponseHeadersPolicy | UUID | SsmStringParameter;
   responseHeadersPolicyProps?: ResponseHeadersPolicyProps;
   responseCspHeaders?: CspHeaders;
   destroy?: boolean;
@@ -82,69 +71,65 @@ export class WebGlobalStack extends Stack {
     this.s3Bucket = _s3Bucket.bucket;
 
     let responseHeadersPolicy: IResponseHeadersPolicy | undefined = undefined;
-    if (props.responseHeadersPolicy !== 'NONE') { // I don't know why you would want to not have the policy but just in case
-      if (props.responseHeadersPolicy) {
-        if (typeof props.responseHeadersPolicy == 'string') {
-          if (/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(props.responseHeadersPolicy)) {
-            responseHeadersPolicy = ResponseHeadersPolicy.fromResponseHeadersPolicyId(this, 'response-headers-policy-by-id', props.responseHeadersPolicy);
-          } else {
-            responseHeadersPolicy = ResponseHeadersPolicy[props.responseHeadersPolicy as keyof typeof ResponseHeadersPolicy] as IResponseHeadersPolicy ?? ResponseHeadersPolicy.SECURITY_HEADERS;
-          }
-        } else if (props.responseHeadersPolicy.path) {
-          responseHeadersPolicy = ResponseHeadersPolicy.fromResponseHeadersPolicyId(this, 'response-headers-policy-by-id', StringParameter.valueForStringParameter(this, props.responseHeadersPolicy.path, props.responseHeadersPolicy.version));
+    if (props.responseHeadersPolicy) {
+      if (typeof props.responseHeadersPolicy == 'string') {
+        if (/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(props.responseHeadersPolicy)) {
+          responseHeadersPolicy = ResponseHeadersPolicy.fromResponseHeadersPolicyId(this, 'response-headers-policy-by-id', props.responseHeadersPolicy);
+        } else {
+          responseHeadersPolicy = ResponseHeadersPolicy[props.responseHeadersPolicy as keyof typeof ResponseHeadersPolicy] as IResponseHeadersPolicy ?? ResponseHeadersPolicy.SECURITY_HEADERS;
         }
+      } else if (props.responseHeadersPolicy.path) {
+        responseHeadersPolicy = ResponseHeadersPolicy.fromResponseHeadersPolicyId(this, 'response-headers-policy-by-id', StringParameter.valueForStringParameter(this, props.responseHeadersPolicy.path, props.responseHeadersPolicy.version));
       }
-      if (!responseHeadersPolicy) {
-        // const baseHeadersBehavior: ResponseSecurityHeadersBehavior = {
-        //   strictTransportSecurity: {
-        //     override: true,
-        //     accessControlMaxAge: Duration.seconds(31536000)
-        //   },
-        //   contentTypeOptions: {
-        //     override: true
-        //   },
-        //   frameOptions: {
-        //     override: true,
-        //     frameOption: HeadersFrameOption.SAMEORIGIN,
-        //   },
-        //   referrerPolicy: {
-        //     override: true,
-        //     referrerPolicy: HeadersReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN
-        //   },
-        //   xssProtection: {
-        //     override: true,
-        //     protection: true,
-        //     modeBlock: true
-        //   }
-        // };
-
-        const responseHeadersPolicyName = `${domainAsId(props.domainName)}-response-headers-policy`;
-        
-        if (props.responseHeadersPolicyProps) {
-          responseHeadersPolicy = new ResponseHeadersPolicy(this, 'response-headers-policy', {
-            ...ResponseHeadersPolicy.SECURITY_HEADERS,
-            ...props.responseHeadersPolicyProps,
-            responseHeadersPolicyName: props.responseHeadersPolicyProps.responseHeadersPolicyName || responseHeadersPolicyName
-          });
-        } else if (props.responseCspHeaders) {
-          responseHeadersPolicy = new ResponseHeadersPolicy(this, 'response-headers-policy', {
-            securityHeadersBehavior: {
-              ...ResponseHeadersPolicy.SECURITY_HEADERS,
-              contentSecurityPolicy: {
-                override: true,
-                contentSecurityPolicy: Object.entries(props.responseCspHeaders).map(([directive, values]) => {
-                  return `${directive} ${values.join(' ')};`
-                }).join(' ')
-              },
-            },
-            responseHeadersPolicyName
-          });
-        } else {
-          responseHeadersPolicy = ResponseHeadersPolicy.SECURITY_HEADERS;
+    } else {
+      const baseHeadersBehavior: ResponseSecurityHeadersBehavior = {
+        strictTransportSecurity: {
+          override: true,
+          accessControlMaxAge: Duration.seconds(31536000)
+        },
+        contentTypeOptions: {
+          override: true
+        },
+        frameOptions: {
+          override: true,
+          frameOption: HeadersFrameOption.SAMEORIGIN,
+        },
+        referrerPolicy: {
+          override: true,
+          referrerPolicy: HeadersReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN
+        },
+        xssProtection: {
+          override: true,
+          protection: true,
+          modeBlock: true
         }
+      };
+
+      const responseHeadersPolicyName = `${domainAsId(props.domainName)}-response-headers-policy`;
+      
+      if (props.responseHeadersPolicyProps) {
+        responseHeadersPolicy = new ResponseHeadersPolicy(this, 'response-headers-policy', {
+          ...baseHeadersBehavior,
+          ...props.responseHeadersPolicyProps,
+          responseHeadersPolicyName: props.responseHeadersPolicyProps.responseHeadersPolicyName || responseHeadersPolicyName
+        });
+      } else if (props.responseCspHeaders) {
+        responseHeadersPolicy = new ResponseHeadersPolicy(this, 'response-headers-policy', {
+          securityHeadersBehavior: {
+            ...baseHeadersBehavior,
+            contentSecurityPolicy: {
+              override: true,
+              contentSecurityPolicy: Object.entries(props.responseCspHeaders).map(([directive, values]) => {
+                return `${directive} ${values.join(' ')};`
+              }).join(' ')
+            },
+          },
+          responseHeadersPolicyName
+        });
       }
-      this.responseHeadersPolicy = responseHeadersPolicy;
     }
+    // TODO: Figure out why the the policy is not getting updated in the CloudFront behavior
+    this.responseHeadersPolicy = responseHeadersPolicy;
 
     const defaultBehavior: BehaviorOptions = {
       origin: S3BucketOrigin.withOriginAccessControl(this.s3Bucket),

package/src/types.d.ts

@@ -1,3 +1,6 @@
+
+import { FunctionEventType } from 'aws-cdk-lib/aws-cloudfront';
+
 export type DeepPartial<T> = T extends object ? {
   [P in keyof T]?: DeepPartial<T[P]>;
 } : T;
@@ -6,6 +9,11 @@ export type WithRequiredProperty<Type, Key extends keyof Type> = Omit<Type, Key>
   [Property in Key]-?: Type[Property];
 };
 
+export type UUID = `${string}-${string}-${string}-${string}-${string}`; // & { readonly __brand: unique symbol };
+
+export type EvosynthTagKey = 'Account' | 'Brand' | (string & {});
+export type CloudFrontFunctionEventType = keyof typeof FunctionEventType;
+
 export interface ResourceProps {
   destroy?: boolean;
   tags?: Record<string, string>;
@@ -18,4 +26,11 @@ export interface BasicAuthCredentials {
 
 export type CspDirective = 'connect-src' | 'default-src' | 'font-src' | 'frame-src' | 'img-src' | 'media-src' | 'object-src' | 'script-src' | 'style-src';
 export type CspDirectiveValue = "'self'" | "'none'" | "'unsafe-inline'" | "https:";
-export type CspHeaders = Partial<Record<CspDirective, CspDirectiveValue[] | string[]>>;
+export type CspHeaders = Partial<Record<CspDirective, CspDirectiveValue[] | string[]>>;
+
+export type AWSManagedResponseHeadersPolicy = 
+  'CORS_ALLOW_ALL_ORIGINS' |
+  'CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS' |
+  'CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT' |
+  'CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS' |
+  'SECURITY_HEADERS';