@jaypie/constructs 1.1.21 → 1.1.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/JaypieBucketQueuedLambda.d.ts +63 -0
- package/dist/cjs/JaypieLambda.d.ts +73 -0
- package/dist/cjs/JaypieQueuedLambda.d.ts +3 -23
- package/dist/cjs/__tests__/JaypieBucketQueuedLambda.spec.d.ts +1 -0
- package/dist/cjs/__tests__/JaypieLambda.spec.d.ts +1 -0
- package/dist/cjs/index.cjs +625 -266
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/cjs/index.d.ts +2 -0
- package/dist/esm/JaypieBucketQueuedLambda.d.ts +63 -0
- package/dist/esm/JaypieLambda.d.ts +73 -0
- package/dist/esm/JaypieQueuedLambda.d.ts +3 -23
- package/dist/esm/__tests__/JaypieBucketQueuedLambda.spec.d.ts +1 -0
- package/dist/esm/__tests__/JaypieLambda.spec.d.ts +1 -0
- package/dist/esm/index.d.ts +2 -0
- package/dist/esm/index.js +598 -243
- package/dist/esm/index.js.map +1 -1
- package/package.json +2 -2
package/dist/cjs/index.cjs
CHANGED
|
@@ -1,15 +1,17 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
var cdk$1 = require('aws-cdk-lib');
|
|
4
|
+
var s3 = require('aws-cdk-lib/aws-s3');
|
|
5
|
+
var s3n = require('aws-cdk-lib/aws-s3-notifications');
|
|
6
|
+
var cdk = require('@jaypie/cdk');
|
|
3
7
|
var constructs = require('constructs');
|
|
4
|
-
var
|
|
8
|
+
var lambda = require('aws-cdk-lib/aws-lambda');
|
|
9
|
+
var sqs = require('aws-cdk-lib/aws-sqs');
|
|
10
|
+
var lambdaEventSources = require('aws-cdk-lib/aws-lambda-event-sources');
|
|
5
11
|
var secretsmanager = require('aws-cdk-lib/aws-secretsmanager');
|
|
6
|
-
var cdk$1 = require('@jaypie/cdk');
|
|
7
12
|
var awsIam = require('aws-cdk-lib/aws-iam');
|
|
8
13
|
var awsLogs = require('aws-cdk-lib/aws-logs');
|
|
9
14
|
var awsRoute53 = require('aws-cdk-lib/aws-route53');
|
|
10
|
-
var lambda = require('aws-cdk-lib/aws-lambda');
|
|
11
|
-
var sqs = require('aws-cdk-lib/aws-sqs');
|
|
12
|
-
var lambdaEventSources = require('aws-cdk-lib/aws-lambda-event-sources');
|
|
13
15
|
var sso = require('aws-cdk-lib/aws-sso');
|
|
14
16
|
|
|
15
17
|
function _interopNamespaceDefault(e) {
|
|
@@ -29,234 +31,64 @@ function _interopNamespaceDefault(e) {
|
|
|
29
31
|
return Object.freeze(n);
|
|
30
32
|
}
|
|
31
33
|
|
|
32
|
-
var cdk__namespace = /*#__PURE__*/_interopNamespaceDefault(cdk);
|
|
33
|
-
var
|
|
34
|
+
var cdk__namespace = /*#__PURE__*/_interopNamespaceDefault(cdk$1);
|
|
35
|
+
var s3__namespace = /*#__PURE__*/_interopNamespaceDefault(s3);
|
|
36
|
+
var s3n__namespace = /*#__PURE__*/_interopNamespaceDefault(s3n);
|
|
34
37
|
var lambda__namespace = /*#__PURE__*/_interopNamespaceDefault(lambda);
|
|
35
38
|
var sqs__namespace = /*#__PURE__*/_interopNamespaceDefault(sqs);
|
|
36
39
|
var lambdaEventSources__namespace = /*#__PURE__*/_interopNamespaceDefault(lambdaEventSources);
|
|
40
|
+
var secretsmanager__namespace = /*#__PURE__*/_interopNamespaceDefault(secretsmanager);
|
|
37
41
|
var sso__namespace = /*#__PURE__*/_interopNamespaceDefault(sso);
|
|
38
42
|
|
|
39
|
-
|
|
40
|
-
function checkEnvIsConsumer(env = process.env) {
|
|
41
|
-
return (env.PROJECT_ENV === cdk$1.CDK.ENV.PERSONAL ||
|
|
42
|
-
!!env.CDK_ENV_PERSONAL ||
|
|
43
|
-
/** @deprecated */ env.PROJECT_ENV === "ephemeral" ||
|
|
44
|
-
/** @deprecated */ !!env.CDK_ENV_EPHEMERAL);
|
|
45
|
-
}
|
|
46
|
-
function checkEnvIsProvider(env = process.env) {
|
|
47
|
-
return env.PROJECT_ENV === cdk$1.CDK.ENV.SANDBOX;
|
|
48
|
-
}
|
|
49
|
-
function cleanName(name) {
|
|
50
|
-
return name.replace(/[^a-zA-Z0-9:-]/g, "");
|
|
51
|
-
}
|
|
52
|
-
function exportEnvName(name, env = process.env) {
|
|
53
|
-
let rawName;
|
|
54
|
-
if (checkEnvIsProvider(env)) {
|
|
55
|
-
rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
|
|
56
|
-
// Clean the entire name to only allow alphanumeric, colons, and hyphens
|
|
57
|
-
return cleanName(rawName);
|
|
58
|
-
}
|
|
59
|
-
else {
|
|
60
|
-
if (checkEnvIsConsumer(env)) {
|
|
61
|
-
rawName = `env-${cdk$1.CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;
|
|
62
|
-
}
|
|
63
|
-
else {
|
|
64
|
-
rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
|
|
65
|
-
}
|
|
66
|
-
}
|
|
67
|
-
return cleanName(rawName);
|
|
68
|
-
}
|
|
69
|
-
class JaypieEnvSecret extends constructs.Construct {
|
|
43
|
+
class JaypieLambda extends constructs.Construct {
|
|
70
44
|
constructor(scope, id, props) {
|
|
71
45
|
super(scope, id);
|
|
72
|
-
const {
|
|
73
|
-
|
|
74
|
-
let
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
46
|
+
const { code, datadogApiKeyArn, environment: initialEnvironment = {}, envSecrets = {}, handler = "index.handler", layers = [], logRetention = cdk.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_20_X, secrets = [], timeout = cdk$1.Duration.seconds(cdk.CDK.DURATION.LAMBDA_WORKER), vendorTag, } = props;
|
|
47
|
+
// Create a mutable copy of the environment variables
|
|
48
|
+
let environment = { ...initialEnvironment };
|
|
49
|
+
this._code = typeof code === "string" ? lambda__namespace.Code.fromAsset(code) : code;
|
|
50
|
+
// Create a working copy of layers
|
|
51
|
+
const resolvedLayers = [...layers];
|
|
52
|
+
// Determine if we should add Datadog integration
|
|
53
|
+
// Check for datadog API key ARN in different sources
|
|
54
|
+
const resolvedDatadogApiKeyArn = datadogApiKeyArn ||
|
|
55
|
+
process.env.DATADOG_API_KEY_ARN ||
|
|
56
|
+
process.env.CDK_ENV_DATADOG_API_KEY_ARN;
|
|
57
|
+
// Add Datadog integration if API key is available
|
|
58
|
+
if (resolvedDatadogApiKeyArn) {
|
|
59
|
+
// Add Datadog Node.js layer
|
|
60
|
+
const datadogNodeLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogNodeLayer", `arn:aws:lambda:${cdk$1.Stack.of(this).region}:464622532012:layer:Datadog-Node20-x:${cdk.CDK.DATADOG.LAYER.NODE}`);
|
|
61
|
+
resolvedLayers.push(datadogNodeLayer);
|
|
62
|
+
// Add Datadog Extension layer
|
|
63
|
+
const datadogExtensionLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogExtensionLayer", `arn:aws:lambda:${cdk$1.Stack.of(this).region}:464622532012:layer:Datadog-Extension:${cdk.CDK.DATADOG.LAYER.EXTENSION}`);
|
|
64
|
+
resolvedLayers.push(datadogExtensionLayer);
|
|
65
|
+
// Set Datadog environment variables
|
|
66
|
+
Object.assign(environment, {
|
|
67
|
+
DD_API_KEY_SECRET_ARN: resolvedDatadogApiKeyArn,
|
|
68
|
+
DD_ENV: process.env.PROJECT_ENV || "",
|
|
69
|
+
DD_SERVICE: process.env.PROJECT_SERVICE || "",
|
|
70
|
+
DD_SITE: cdk.CDK.DATADOG.SITE,
|
|
71
|
+
DD_TAGS: `${cdk.CDK.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
|
|
87
72
|
});
|
|
88
73
|
}
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
: undefined,
|
|
95
|
-
};
|
|
96
|
-
this._secret = new secretsmanager__namespace.Secret(this, id, secretProps);
|
|
97
|
-
if (roleTag) {
|
|
98
|
-
cdk.Tags.of(this._secret).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
99
|
-
}
|
|
100
|
-
if (vendorTag) {
|
|
101
|
-
cdk.Tags.of(this._secret).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
|
|
102
|
-
}
|
|
103
|
-
if (provider) {
|
|
104
|
-
new cdk.CfnOutput(this, `ProvidedName`, {
|
|
105
|
-
value: this._secret.secretName,
|
|
106
|
-
exportName,
|
|
107
|
-
});
|
|
74
|
+
// Configure ParamsAndSecrets layer
|
|
75
|
+
let resolvedParamsAndSecrets = undefined;
|
|
76
|
+
if (paramsAndSecrets !== false) {
|
|
77
|
+
if (paramsAndSecrets instanceof lambda__namespace.ParamsAndSecretsLayerVersion) {
|
|
78
|
+
resolvedParamsAndSecrets = paramsAndSecrets;
|
|
108
79
|
}
|
|
109
80
|
else {
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
81
|
+
// Create default ParamsAndSecrets layer
|
|
82
|
+
resolvedParamsAndSecrets =
|
|
83
|
+
lambda__namespace.ParamsAndSecretsLayerVersion.fromVersion(lambda__namespace.ParamsAndSecretsVersions.V1_0_103, {
|
|
84
|
+
cacheSize: paramsAndSecretsOptions?.cacheSize,
|
|
85
|
+
logLevel: paramsAndSecretsOptions?.logLevel ||
|
|
86
|
+
lambda__namespace.ParamsAndSecretsLogLevel.WARN,
|
|
87
|
+
parameterStoreTtl: paramsAndSecretsOptions?.parameterStoreTtl,
|
|
88
|
+
secretsManagerTtl: paramsAndSecretsOptions?.secretsManagerTtl,
|
|
89
|
+
});
|
|
113
90
|
}
|
|
114
91
|
}
|
|
115
|
-
}
|
|
116
|
-
// IResource implementation
|
|
117
|
-
get stack() {
|
|
118
|
-
return cdk.Stack.of(this);
|
|
119
|
-
}
|
|
120
|
-
get env() {
|
|
121
|
-
return {
|
|
122
|
-
account: cdk.Stack.of(this).account,
|
|
123
|
-
region: cdk.Stack.of(this).region,
|
|
124
|
-
};
|
|
125
|
-
}
|
|
126
|
-
applyRemovalPolicy(policy) {
|
|
127
|
-
this._secret.applyRemovalPolicy(policy);
|
|
128
|
-
}
|
|
129
|
-
// ISecret implementation
|
|
130
|
-
get secretArn() {
|
|
131
|
-
return this._secret.secretArn;
|
|
132
|
-
}
|
|
133
|
-
get secretName() {
|
|
134
|
-
return this._secret.secretName;
|
|
135
|
-
}
|
|
136
|
-
get secretFullArn() {
|
|
137
|
-
return this._secret.secretFullArn;
|
|
138
|
-
}
|
|
139
|
-
get encryptionKey() {
|
|
140
|
-
return this._secret.encryptionKey;
|
|
141
|
-
}
|
|
142
|
-
get secretValue() {
|
|
143
|
-
return this._secret.secretValue;
|
|
144
|
-
}
|
|
145
|
-
secretValueFromJson(key) {
|
|
146
|
-
return this._secret.secretValueFromJson(key);
|
|
147
|
-
}
|
|
148
|
-
grantRead(grantee, versionStages) {
|
|
149
|
-
return this._secret.grantRead(grantee, versionStages);
|
|
150
|
-
}
|
|
151
|
-
grantWrite(grantee) {
|
|
152
|
-
return this._secret.grantWrite(grantee);
|
|
153
|
-
}
|
|
154
|
-
addRotationSchedule(id, options) {
|
|
155
|
-
return this._secret.addRotationSchedule(id, options);
|
|
156
|
-
}
|
|
157
|
-
addToResourcePolicy(statement) {
|
|
158
|
-
return this._secret.addToResourcePolicy(statement);
|
|
159
|
-
}
|
|
160
|
-
denyAccountRootDelete() {
|
|
161
|
-
this._secret.denyAccountRootDelete();
|
|
162
|
-
}
|
|
163
|
-
attach(target) {
|
|
164
|
-
return this._secret.attach(target);
|
|
165
|
-
}
|
|
166
|
-
get envKey() {
|
|
167
|
-
return this._envKey;
|
|
168
|
-
}
|
|
169
|
-
}
|
|
170
|
-
|
|
171
|
-
const SERVICE = {
|
|
172
|
-
ROUTE53: "route53.amazonaws.com",
|
|
173
|
-
};
|
|
174
|
-
class JaypieHostedZone extends constructs.Construct {
|
|
175
|
-
/**
|
|
176
|
-
* Create a new hosted zone with query logging
|
|
177
|
-
*/
|
|
178
|
-
constructor(scope, id, props) {
|
|
179
|
-
super(scope, id);
|
|
180
|
-
const { destination, zoneName, project } = props;
|
|
181
|
-
const service = props.service || cdk$1.CDK.SERVICE.INFRASTRUCTURE;
|
|
182
|
-
// Create the log group
|
|
183
|
-
this.logGroup = new awsLogs.LogGroup(this, "LogGroup", {
|
|
184
|
-
logGroupName: process.env.PROJECT_NONCE
|
|
185
|
-
? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`
|
|
186
|
-
: `/aws/route53/${zoneName}`,
|
|
187
|
-
retention: awsLogs.RetentionDays.ONE_WEEK,
|
|
188
|
-
});
|
|
189
|
-
// Add tags
|
|
190
|
-
cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.SERVICE, service);
|
|
191
|
-
cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
|
|
192
|
-
if (project) {
|
|
193
|
-
cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.PROJECT, project);
|
|
194
|
-
}
|
|
195
|
-
// Grant Route 53 permissions to write to the log group
|
|
196
|
-
this.logGroup.grantWrite(new awsIam.ServicePrincipal(SERVICE.ROUTE53));
|
|
197
|
-
// Add destination if provided
|
|
198
|
-
if (destination) {
|
|
199
|
-
this.logGroup.addSubscriptionFilter("DatadogLambdaDestination", {
|
|
200
|
-
destination,
|
|
201
|
-
filterPattern: awsLogs.FilterPattern.allEvents(),
|
|
202
|
-
});
|
|
203
|
-
}
|
|
204
|
-
// Create the hosted zone
|
|
205
|
-
this.hostedZone = new awsRoute53.HostedZone(this, "HostedZone", {
|
|
206
|
-
queryLogsLogGroupArn: this.logGroup.logGroupArn,
|
|
207
|
-
zoneName,
|
|
208
|
-
});
|
|
209
|
-
// Add tags
|
|
210
|
-
cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.SERVICE, service);
|
|
211
|
-
cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
|
|
212
|
-
if (project) {
|
|
213
|
-
cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.PROJECT, project);
|
|
214
|
-
}
|
|
215
|
-
}
|
|
216
|
-
}
|
|
217
|
-
|
|
218
|
-
class JaypieMongoDbSecret extends JaypieEnvSecret {
|
|
219
|
-
constructor(scope, id = "MongoConnectionString", props) {
|
|
220
|
-
const defaultProps = {
|
|
221
|
-
envKey: "MONGODB_URI",
|
|
222
|
-
roleTag: cdk$1.CDK.ROLE.STORAGE,
|
|
223
|
-
vendorTag: cdk$1.CDK.VENDOR.MONGODB,
|
|
224
|
-
...props,
|
|
225
|
-
};
|
|
226
|
-
super(scope, id, defaultProps);
|
|
227
|
-
}
|
|
228
|
-
}
|
|
229
|
-
|
|
230
|
-
class JaypieOpenAiSecret extends JaypieEnvSecret {
|
|
231
|
-
constructor(scope, id = "OpenAiApiKey", props) {
|
|
232
|
-
const defaultProps = {
|
|
233
|
-
envKey: "OPENAI_API_KEY",
|
|
234
|
-
roleTag: cdk$1.CDK.ROLE.PROCESSING,
|
|
235
|
-
vendorTag: cdk$1.CDK.VENDOR.OPENAI,
|
|
236
|
-
...props,
|
|
237
|
-
};
|
|
238
|
-
super(scope, id, defaultProps);
|
|
239
|
-
}
|
|
240
|
-
}
|
|
241
|
-
|
|
242
|
-
class JaypieQueuedLambda extends constructs.Construct {
|
|
243
|
-
constructor(scope, id, props) {
|
|
244
|
-
super(scope, id);
|
|
245
|
-
const { batchSize = 1, code, environment = {}, envSecrets = {}, fifo = true, handler = "index.handler", layers = [], logRetention = cdk$1.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk$1.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_20_X, secrets = [], timeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), vendorTag, visibilityTimeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), } = props;
|
|
246
|
-
this._code = typeof code === "string" ? lambda__namespace.Code.fromAsset(code) : code;
|
|
247
|
-
// Create SQS Queue
|
|
248
|
-
this._queue = new sqs__namespace.Queue(this, "Queue", {
|
|
249
|
-
fifo,
|
|
250
|
-
visibilityTimeout: typeof visibilityTimeout === "number"
|
|
251
|
-
? cdk.Duration.seconds(visibilityTimeout)
|
|
252
|
-
: visibilityTimeout,
|
|
253
|
-
});
|
|
254
|
-
if (roleTag) {
|
|
255
|
-
cdk.Tags.of(this._queue).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
256
|
-
}
|
|
257
|
-
if (vendorTag) {
|
|
258
|
-
cdk.Tags.of(this._queue).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
|
|
259
|
-
}
|
|
260
92
|
// Process secrets environment variables
|
|
261
93
|
const secretsEnvironment = Object.entries(envSecrets).reduce((acc, [key, secret]) => ({
|
|
262
94
|
...acc,
|
|
@@ -276,19 +108,18 @@ class JaypieQueuedLambda extends constructs.Construct {
|
|
|
276
108
|
this._lambda = new lambda__namespace.Function(this, "Function", {
|
|
277
109
|
code: this._code,
|
|
278
110
|
environment: {
|
|
279
|
-
CDK_ENV_QUEUE_URL: this._queue.queueUrl,
|
|
280
111
|
...environment,
|
|
281
112
|
...secretsEnvironment,
|
|
282
113
|
...jaypieSecretsEnvironment,
|
|
283
114
|
},
|
|
284
115
|
handler,
|
|
285
|
-
layers,
|
|
116
|
+
layers: resolvedLayers,
|
|
286
117
|
logRetention,
|
|
287
118
|
memorySize,
|
|
288
|
-
paramsAndSecrets,
|
|
119
|
+
paramsAndSecrets: resolvedParamsAndSecrets,
|
|
289
120
|
reservedConcurrentExecutions,
|
|
290
121
|
runtime,
|
|
291
|
-
timeout: typeof timeout === "number" ? cdk.Duration.seconds(timeout) : timeout,
|
|
122
|
+
timeout: typeof timeout === "number" ? cdk$1.Duration.seconds(timeout) : timeout,
|
|
292
123
|
});
|
|
293
124
|
// Grant secret read permissions
|
|
294
125
|
Object.values(envSecrets).forEach((secret) => {
|
|
@@ -299,22 +130,19 @@ class JaypieQueuedLambda extends constructs.Construct {
|
|
|
299
130
|
secret.grantRead(this);
|
|
300
131
|
secret.grantRead(this._lambda);
|
|
301
132
|
});
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
}
|
|
133
|
+
// Grant Datadog API key read permission if applicable
|
|
134
|
+
if (resolvedDatadogApiKeyArn) {
|
|
135
|
+
const datadogApiKey = secretsmanager__namespace.Secret.fromSecretCompleteArn(this, "DatadogApiKeyGrant", resolvedDatadogApiKeyArn);
|
|
136
|
+
datadogApiKey.grantRead(this._lambda);
|
|
137
|
+
}
|
|
307
138
|
if (roleTag) {
|
|
308
|
-
cdk.Tags.of(this._lambda).add(cdk
|
|
139
|
+
cdk$1.Tags.of(this._lambda).add(cdk.CDK.TAG.ROLE, roleTag);
|
|
309
140
|
}
|
|
310
141
|
if (vendorTag) {
|
|
311
|
-
cdk.Tags.of(this._lambda).add(cdk
|
|
142
|
+
cdk$1.Tags.of(this._lambda).add(cdk.CDK.TAG.VENDOR, vendorTag);
|
|
312
143
|
}
|
|
313
144
|
}
|
|
314
145
|
// Public accessors
|
|
315
|
-
get queue() {
|
|
316
|
-
return this._queue;
|
|
317
|
-
}
|
|
318
146
|
get lambda() {
|
|
319
147
|
return this._lambda;
|
|
320
148
|
}
|
|
@@ -403,8 +231,8 @@ class JaypieQueuedLambda extends constructs.Construct {
|
|
|
403
231
|
}
|
|
404
232
|
get env() {
|
|
405
233
|
return {
|
|
406
|
-
account: cdk.Stack.of(this).account,
|
|
407
|
-
region: cdk.Stack.of(this).region,
|
|
234
|
+
account: cdk$1.Stack.of(this).account,
|
|
235
|
+
region: cdk$1.Stack.of(this).region,
|
|
408
236
|
};
|
|
409
237
|
}
|
|
410
238
|
get stack() {
|
|
@@ -412,29 +240,177 @@ class JaypieQueuedLambda extends constructs.Construct {
|
|
|
412
240
|
}
|
|
413
241
|
applyRemovalPolicy(policy) {
|
|
414
242
|
this._lambda.applyRemovalPolicy(policy);
|
|
415
|
-
this._queue.applyRemovalPolicy(policy);
|
|
416
243
|
}
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
244
|
+
}
|
|
245
|
+
|
|
246
|
+
class JaypieQueuedLambda extends constructs.Construct {
|
|
247
|
+
constructor(scope, id, props) {
|
|
248
|
+
super(scope, id);
|
|
249
|
+
const { batchSize = 1, code, environment = {}, envSecrets = {}, fifo = true, handler = "index.handler", layers = [], logRetention = cdk.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_20_X, secrets = [], timeout = cdk$1.Duration.seconds(cdk.CDK.DURATION.LAMBDA_WORKER), vendorTag, visibilityTimeout = cdk$1.Duration.seconds(cdk.CDK.DURATION.LAMBDA_WORKER), } = props;
|
|
250
|
+
// Create SQS Queue
|
|
251
|
+
this._queue = new sqs__namespace.Queue(this, "Queue", {
|
|
252
|
+
fifo,
|
|
253
|
+
visibilityTimeout: typeof visibilityTimeout === "number"
|
|
254
|
+
? cdk$1.Duration.seconds(visibilityTimeout)
|
|
255
|
+
: visibilityTimeout,
|
|
256
|
+
});
|
|
257
|
+
if (roleTag) {
|
|
258
|
+
cdk$1.Tags.of(this._queue).add(cdk.CDK.TAG.ROLE, roleTag);
|
|
259
|
+
}
|
|
260
|
+
if (vendorTag) {
|
|
261
|
+
cdk$1.Tags.of(this._queue).add(cdk.CDK.TAG.VENDOR, vendorTag);
|
|
262
|
+
}
|
|
263
|
+
// Create Lambda with JaypieLambda
|
|
264
|
+
this._lambdaConstruct = new JaypieLambda(this, "Function", {
|
|
265
|
+
code,
|
|
266
|
+
environment: {
|
|
267
|
+
...environment,
|
|
268
|
+
CDK_ENV_QUEUE_URL: this._queue.queueUrl,
|
|
269
|
+
},
|
|
270
|
+
envSecrets,
|
|
271
|
+
handler,
|
|
272
|
+
layers,
|
|
273
|
+
logRetention,
|
|
274
|
+
memorySize,
|
|
275
|
+
paramsAndSecrets,
|
|
276
|
+
reservedConcurrentExecutions,
|
|
277
|
+
roleTag,
|
|
278
|
+
runtime,
|
|
279
|
+
secrets,
|
|
280
|
+
timeout,
|
|
281
|
+
vendorTag,
|
|
282
|
+
});
|
|
283
|
+
// Set up queue and lambda integration
|
|
284
|
+
this._queue.grantConsumeMessages(this._lambdaConstruct);
|
|
285
|
+
this._queue.grantSendMessages(this._lambdaConstruct);
|
|
286
|
+
this._lambdaConstruct.addEventSource(new lambdaEventSources__namespace.SqsEventSource(this._queue, {
|
|
287
|
+
batchSize,
|
|
288
|
+
}));
|
|
420
289
|
}
|
|
421
|
-
|
|
422
|
-
|
|
290
|
+
// Public accessors
|
|
291
|
+
get queue() {
|
|
292
|
+
return this._queue;
|
|
423
293
|
}
|
|
424
|
-
get
|
|
425
|
-
return this.
|
|
294
|
+
get lambda() {
|
|
295
|
+
return this._lambdaConstruct.lambda;
|
|
426
296
|
}
|
|
427
|
-
get
|
|
428
|
-
return this.
|
|
297
|
+
get code() {
|
|
298
|
+
return this._lambdaConstruct.code;
|
|
429
299
|
}
|
|
430
|
-
|
|
431
|
-
|
|
300
|
+
// IFunction implementation
|
|
301
|
+
get functionArn() {
|
|
302
|
+
return this._lambdaConstruct.functionArn;
|
|
432
303
|
}
|
|
433
|
-
|
|
434
|
-
return this.
|
|
304
|
+
get functionName() {
|
|
305
|
+
return this._lambdaConstruct.functionName;
|
|
435
306
|
}
|
|
436
|
-
|
|
437
|
-
return this.
|
|
307
|
+
get grantPrincipal() {
|
|
308
|
+
return this._lambdaConstruct.grantPrincipal;
|
|
309
|
+
}
|
|
310
|
+
get role() {
|
|
311
|
+
return this._lambdaConstruct.role;
|
|
312
|
+
}
|
|
313
|
+
get architecture() {
|
|
314
|
+
return this._lambdaConstruct.architecture;
|
|
315
|
+
}
|
|
316
|
+
get connections() {
|
|
317
|
+
return this._lambdaConstruct.connections;
|
|
318
|
+
}
|
|
319
|
+
get isBoundToVpc() {
|
|
320
|
+
return this._lambdaConstruct.isBoundToVpc;
|
|
321
|
+
}
|
|
322
|
+
get latestVersion() {
|
|
323
|
+
return this._lambdaConstruct.latestVersion;
|
|
324
|
+
}
|
|
325
|
+
get permissionsNode() {
|
|
326
|
+
return this._lambdaConstruct.permissionsNode;
|
|
327
|
+
}
|
|
328
|
+
get resourceArnsForGrantInvoke() {
|
|
329
|
+
return this._lambdaConstruct.resourceArnsForGrantInvoke;
|
|
330
|
+
}
|
|
331
|
+
addEventSource(source) {
|
|
332
|
+
this._lambdaConstruct.addEventSource(source);
|
|
333
|
+
}
|
|
334
|
+
addEventSourceMapping(id, options) {
|
|
335
|
+
return this._lambdaConstruct.addEventSourceMapping(id, options);
|
|
336
|
+
}
|
|
337
|
+
addFunctionUrl(options) {
|
|
338
|
+
return this._lambdaConstruct.addFunctionUrl(options);
|
|
339
|
+
}
|
|
340
|
+
addPermission(id, permission) {
|
|
341
|
+
this._lambdaConstruct.addPermission(id, permission);
|
|
342
|
+
}
|
|
343
|
+
addToRolePolicy(statement) {
|
|
344
|
+
this._lambdaConstruct.addToRolePolicy(statement);
|
|
345
|
+
}
|
|
346
|
+
configureAsyncInvoke(options) {
|
|
347
|
+
this._lambdaConstruct.configureAsyncInvoke(options);
|
|
348
|
+
}
|
|
349
|
+
grantInvoke(grantee) {
|
|
350
|
+
return this._lambdaConstruct.grantInvoke(grantee);
|
|
351
|
+
}
|
|
352
|
+
grantInvokeCompositePrincipal(compositePrincipal) {
|
|
353
|
+
return this._lambdaConstruct.grantInvokeCompositePrincipal(compositePrincipal);
|
|
354
|
+
}
|
|
355
|
+
grantInvokeUrl(grantee) {
|
|
356
|
+
return this._lambdaConstruct.grantInvokeUrl(grantee);
|
|
357
|
+
}
|
|
358
|
+
metric(metricName, props) {
|
|
359
|
+
return this._lambdaConstruct.metric(metricName, props);
|
|
360
|
+
}
|
|
361
|
+
metricDuration(props) {
|
|
362
|
+
return this._lambdaConstruct.metricDuration(props);
|
|
363
|
+
}
|
|
364
|
+
metricErrors(props) {
|
|
365
|
+
return this._lambdaConstruct.metricErrors(props);
|
|
366
|
+
}
|
|
367
|
+
metricInvocations(props) {
|
|
368
|
+
return this._lambdaConstruct.metricInvocations(props);
|
|
369
|
+
}
|
|
370
|
+
metricThrottles(props) {
|
|
371
|
+
return this._lambdaConstruct.metricThrottles(props);
|
|
372
|
+
}
|
|
373
|
+
// Additional IFunction implementation
|
|
374
|
+
grantInvokeLatestVersion(grantee) {
|
|
375
|
+
return this._lambdaConstruct.grantInvokeLatestVersion(grantee);
|
|
376
|
+
}
|
|
377
|
+
grantInvokeVersion(grantee, version) {
|
|
378
|
+
return this._lambdaConstruct.grantInvokeVersion(grantee, version);
|
|
379
|
+
}
|
|
380
|
+
get env() {
|
|
381
|
+
return {
|
|
382
|
+
account: cdk$1.Stack.of(this).account,
|
|
383
|
+
region: cdk$1.Stack.of(this).region,
|
|
384
|
+
};
|
|
385
|
+
}
|
|
386
|
+
get stack() {
|
|
387
|
+
return cdk$1.Stack.of(this);
|
|
388
|
+
}
|
|
389
|
+
applyRemovalPolicy(policy) {
|
|
390
|
+
this._lambdaConstruct.applyRemovalPolicy(policy);
|
|
391
|
+
this._queue.applyRemovalPolicy(policy);
|
|
392
|
+
}
|
|
393
|
+
// IQueue implementation
|
|
394
|
+
get fifo() {
|
|
395
|
+
return this._queue.fifo;
|
|
396
|
+
}
|
|
397
|
+
get queueArn() {
|
|
398
|
+
return this._queue.queueArn;
|
|
399
|
+
}
|
|
400
|
+
get queueName() {
|
|
401
|
+
return this._queue.queueName;
|
|
402
|
+
}
|
|
403
|
+
get queueUrl() {
|
|
404
|
+
return this._queue.queueUrl;
|
|
405
|
+
}
|
|
406
|
+
get encryptionMasterKey() {
|
|
407
|
+
return this._queue.encryptionMasterKey;
|
|
408
|
+
}
|
|
409
|
+
addToResourcePolicy(statement) {
|
|
410
|
+
return this._queue.addToResourcePolicy(statement);
|
|
411
|
+
}
|
|
412
|
+
grant(grantee, ...actions) {
|
|
413
|
+
return this._queue.grant(grantee, ...actions);
|
|
438
414
|
}
|
|
439
415
|
grantConsumeMessages(grantee) {
|
|
440
416
|
return this._queue.grantConsumeMessages(grantee);
|
|
@@ -475,6 +451,387 @@ class JaypieQueuedLambda extends constructs.Construct {
|
|
|
475
451
|
}
|
|
476
452
|
}
|
|
477
453
|
|
|
454
|
+
class JaypieBucketQueuedLambda extends JaypieQueuedLambda {
|
|
455
|
+
constructor(scope, id, props) {
|
|
456
|
+
super(scope, id, props);
|
|
457
|
+
const { bucketName, roleTag, vendorTag, bucketOptions = {} } = props;
|
|
458
|
+
// Create S3 Bucket
|
|
459
|
+
this._bucket = new s3__namespace.Bucket(this, "Bucket", {
|
|
460
|
+
bucketName: bucketOptions.bucketName || bucketName,
|
|
461
|
+
removalPolicy: bucketOptions.removalPolicy || cdk$1.RemovalPolicy.RETAIN,
|
|
462
|
+
...bucketOptions,
|
|
463
|
+
});
|
|
464
|
+
// Add tags to bucket
|
|
465
|
+
if (roleTag) {
|
|
466
|
+
cdk$1.Tags.of(this._bucket).add(cdk.CDK.TAG.ROLE, roleTag);
|
|
467
|
+
}
|
|
468
|
+
if (vendorTag) {
|
|
469
|
+
cdk$1.Tags.of(this._bucket).add(cdk.CDK.TAG.VENDOR, vendorTag);
|
|
470
|
+
}
|
|
471
|
+
// Add an event notification from the bucket to the queue
|
|
472
|
+
this._bucket.addEventNotification(s3__namespace.EventType.OBJECT_CREATED, new s3n__namespace.SqsDestination(this.queue));
|
|
473
|
+
// Grant the lambda access to the bucket
|
|
474
|
+
this._bucket.grantReadWrite(this);
|
|
475
|
+
// Add environment variable for bucket name
|
|
476
|
+
this.lambda.addEnvironment("CDK_ENV_BUCKET_NAME", this._bucket.bucketName);
|
|
477
|
+
}
|
|
478
|
+
// Public accessors
|
|
479
|
+
get bucket() {
|
|
480
|
+
return this._bucket;
|
|
481
|
+
}
|
|
482
|
+
// IBucket implementation
|
|
483
|
+
get bucketArn() {
|
|
484
|
+
return this._bucket.bucketArn;
|
|
485
|
+
}
|
|
486
|
+
get bucketDomainName() {
|
|
487
|
+
return this._bucket.bucketDomainName;
|
|
488
|
+
}
|
|
489
|
+
get bucketDualStackDomainName() {
|
|
490
|
+
return this._bucket.bucketDualStackDomainName;
|
|
491
|
+
}
|
|
492
|
+
get bucketName() {
|
|
493
|
+
return this._bucket.bucketName;
|
|
494
|
+
}
|
|
495
|
+
get bucketRegionalDomainName() {
|
|
496
|
+
return this._bucket.bucketRegionalDomainName;
|
|
497
|
+
}
|
|
498
|
+
get bucketWebsiteDomainName() {
|
|
499
|
+
return this._bucket.bucketWebsiteDomainName;
|
|
500
|
+
}
|
|
501
|
+
get bucketWebsiteUrl() {
|
|
502
|
+
return this._bucket.bucketWebsiteUrl;
|
|
503
|
+
}
|
|
504
|
+
get encryptionKey() {
|
|
505
|
+
return this._bucket.encryptionKey;
|
|
506
|
+
}
|
|
507
|
+
get isWebsite() {
|
|
508
|
+
return this._bucket.isWebsite || false;
|
|
509
|
+
}
|
|
510
|
+
get policy() {
|
|
511
|
+
return this._bucket.policy;
|
|
512
|
+
}
|
|
513
|
+
addEventNotification(event, dest, filters) {
|
|
514
|
+
this._bucket.addEventNotification(event, dest, ...filters);
|
|
515
|
+
}
|
|
516
|
+
addObjectCreatedNotification(dest, ...filters) {
|
|
517
|
+
this._bucket.addObjectCreatedNotification(dest, ...filters);
|
|
518
|
+
}
|
|
519
|
+
addObjectRemovedNotification(dest, ...filters) {
|
|
520
|
+
this._bucket.addObjectRemovedNotification(dest, ...filters);
|
|
521
|
+
}
|
|
522
|
+
addToResourcePolicy(permission) {
|
|
523
|
+
return this._bucket.addToResourcePolicy(permission);
|
|
524
|
+
}
|
|
525
|
+
arnForObjects(objectKeyPattern) {
|
|
526
|
+
return this._bucket.arnForObjects(objectKeyPattern);
|
|
527
|
+
}
|
|
528
|
+
enableEventBridgeNotification() {
|
|
529
|
+
this._bucket.enableEventBridgeNotification();
|
|
530
|
+
}
|
|
531
|
+
grant(grantee, ...actions) {
|
|
532
|
+
return this._bucket.grant(grantee, ...actions);
|
|
533
|
+
}
|
|
534
|
+
grantDelete(grantee, objectsKeyPattern) {
|
|
535
|
+
return this._bucket.grantDelete(grantee, objectsKeyPattern);
|
|
536
|
+
}
|
|
537
|
+
grantPublicAccess(keyPrefix, ...allowedActions) {
|
|
538
|
+
return this._bucket.grantPublicAccess(keyPrefix, ...allowedActions);
|
|
539
|
+
}
|
|
540
|
+
grantPut(grantee, objectsKeyPattern) {
|
|
541
|
+
return this._bucket.grantPut(grantee, objectsKeyPattern);
|
|
542
|
+
}
|
|
543
|
+
grantPutAcl(grantee, objectsKeyPattern) {
|
|
544
|
+
return this._bucket.grantPutAcl(grantee, objectsKeyPattern);
|
|
545
|
+
}
|
|
546
|
+
grantRead(grantee, objectsKeyPattern) {
|
|
547
|
+
return this._bucket.grantRead(grantee, objectsKeyPattern);
|
|
548
|
+
}
|
|
549
|
+
grantReadWrite(grantee, objectsKeyPattern) {
|
|
550
|
+
return this._bucket.grantReadWrite(grantee, objectsKeyPattern);
|
|
551
|
+
}
|
|
552
|
+
grantWrite(grantee, objectsKeyPattern) {
|
|
553
|
+
return this._bucket.grantWrite(grantee, objectsKeyPattern);
|
|
554
|
+
}
|
|
555
|
+
onCloudTrailEvent(id, options) {
|
|
556
|
+
return this._bucket.onCloudTrailEvent(id, options);
|
|
557
|
+
}
|
|
558
|
+
onCloudTrailPutObject(id, options) {
|
|
559
|
+
return this._bucket.onCloudTrailPutObject(id, options);
|
|
560
|
+
}
|
|
561
|
+
onCloudTrailWriteObject(id, options) {
|
|
562
|
+
return this._bucket.onCloudTrailWriteObject(id, options);
|
|
563
|
+
}
|
|
564
|
+
s3UrlForObject(key) {
|
|
565
|
+
return this._bucket.s3UrlForObject(key);
|
|
566
|
+
}
|
|
567
|
+
transferAccelerationUrlForObject(key, options) {
|
|
568
|
+
return this._bucket.transferAccelerationUrlForObject(key, options);
|
|
569
|
+
}
|
|
570
|
+
urlForObject(key) {
|
|
571
|
+
return this._bucket.urlForObject(key);
|
|
572
|
+
}
|
|
573
|
+
virtualHostedUrlForObject(key, options) {
|
|
574
|
+
return this._bucket.virtualHostedUrlForObject(key, options);
|
|
575
|
+
}
|
|
576
|
+
// Bucket metrics
|
|
577
|
+
metricAllRequests(props) {
|
|
578
|
+
return this._bucket.metricAllRequests(props);
|
|
579
|
+
}
|
|
580
|
+
metricBucketSizeBytes(props) {
|
|
581
|
+
return this._bucket.metricBucketSizeBytes(props);
|
|
582
|
+
}
|
|
583
|
+
metricDeleteRequests(props) {
|
|
584
|
+
return this._bucket.metricDeleteRequests(props);
|
|
585
|
+
}
|
|
586
|
+
metricDownloadBytes(props) {
|
|
587
|
+
return this._bucket.metricDownloadBytes(props);
|
|
588
|
+
}
|
|
589
|
+
metricFirstByteLatency(props) {
|
|
590
|
+
return this._bucket.metricFirstByteLatency(props);
|
|
591
|
+
}
|
|
592
|
+
metricGetRequests(props) {
|
|
593
|
+
return this._bucket.metricGetRequests(props);
|
|
594
|
+
}
|
|
595
|
+
metricHeadRequests(props) {
|
|
596
|
+
return this._bucket.metricHeadRequests(props);
|
|
597
|
+
}
|
|
598
|
+
metricHttpRequests(props) {
|
|
599
|
+
return this._bucket.metricHttpRequests(props);
|
|
600
|
+
}
|
|
601
|
+
metricListRequests(props) {
|
|
602
|
+
return this._bucket.metricListRequests(props);
|
|
603
|
+
}
|
|
604
|
+
metricNumberOfObjects(props) {
|
|
605
|
+
return this._bucket.metricNumberOfObjects(props);
|
|
606
|
+
}
|
|
607
|
+
metricPostRequests(props) {
|
|
608
|
+
return this._bucket.metricPostRequests(props);
|
|
609
|
+
}
|
|
610
|
+
metricPutRequests(props) {
|
|
611
|
+
return this._bucket.metricPutRequests(props);
|
|
612
|
+
}
|
|
613
|
+
metricSelectRequests(props) {
|
|
614
|
+
return this._bucket.metricSelectRequests(props);
|
|
615
|
+
}
|
|
616
|
+
metricSelectScannedBytes(props) {
|
|
617
|
+
return this._bucket.metricSelectScannedBytes(props);
|
|
618
|
+
}
|
|
619
|
+
metricUploadBytes(props) {
|
|
620
|
+
return this._bucket.metricUploadBytes(props);
|
|
621
|
+
}
|
|
622
|
+
metricSelectReturnedBytes(props) {
|
|
623
|
+
return this._bucket.metricSelectReturnedBytes(props);
|
|
624
|
+
}
|
|
625
|
+
// Override applyRemovalPolicy to apply to all resources
|
|
626
|
+
applyRemovalPolicy(policy) {
|
|
627
|
+
super.applyRemovalPolicy(policy);
|
|
628
|
+
this._bucket.applyRemovalPolicy(policy);
|
|
629
|
+
}
|
|
630
|
+
}
|
|
631
|
+
|
|
632
|
+
// It is a consumer if the environment is ephemeral
|
|
633
|
+
function checkEnvIsConsumer(env = process.env) {
|
|
634
|
+
return (env.PROJECT_ENV === cdk.CDK.ENV.PERSONAL ||
|
|
635
|
+
!!env.CDK_ENV_PERSONAL ||
|
|
636
|
+
/** @deprecated */ env.PROJECT_ENV === "ephemeral" ||
|
|
637
|
+
/** @deprecated */ !!env.CDK_ENV_EPHEMERAL);
|
|
638
|
+
}
|
|
639
|
+
function checkEnvIsProvider(env = process.env) {
|
|
640
|
+
return env.PROJECT_ENV === cdk.CDK.ENV.SANDBOX;
|
|
641
|
+
}
|
|
642
|
+
function cleanName(name) {
|
|
643
|
+
return name.replace(/[^a-zA-Z0-9:-]/g, "");
|
|
644
|
+
}
|
|
645
|
+
function exportEnvName(name, env = process.env) {
|
|
646
|
+
let rawName;
|
|
647
|
+
if (checkEnvIsProvider(env)) {
|
|
648
|
+
rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
|
|
649
|
+
// Clean the entire name to only allow alphanumeric, colons, and hyphens
|
|
650
|
+
return cleanName(rawName);
|
|
651
|
+
}
|
|
652
|
+
else {
|
|
653
|
+
if (checkEnvIsConsumer(env)) {
|
|
654
|
+
rawName = `env-${cdk.CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;
|
|
655
|
+
}
|
|
656
|
+
else {
|
|
657
|
+
rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
|
|
658
|
+
}
|
|
659
|
+
}
|
|
660
|
+
return cleanName(rawName);
|
|
661
|
+
}
|
|
662
|
+
class JaypieEnvSecret extends constructs.Construct {
|
|
663
|
+
constructor(scope, id, props) {
|
|
664
|
+
super(scope, id);
|
|
665
|
+
const { consumer = checkEnvIsConsumer(), envKey, export: exportParam, provider = checkEnvIsProvider(), roleTag, vendorTag, value, } = props || {};
|
|
666
|
+
this._envKey = envKey;
|
|
667
|
+
let exportName;
|
|
668
|
+
if (!exportParam) {
|
|
669
|
+
exportName = exportEnvName(id);
|
|
670
|
+
}
|
|
671
|
+
else {
|
|
672
|
+
exportName = cleanName(exportParam);
|
|
673
|
+
}
|
|
674
|
+
if (consumer) {
|
|
675
|
+
const secretName = cdk$1.Fn.importValue(exportName);
|
|
676
|
+
this._secret = secretsmanager__namespace.Secret.fromSecretNameV2(this, id, secretName);
|
|
677
|
+
// Add CfnOutput for consumer secrets
|
|
678
|
+
new cdk$1.CfnOutput(this, `ConsumedName`, {
|
|
679
|
+
value: this._secret.secretName,
|
|
680
|
+
});
|
|
681
|
+
}
|
|
682
|
+
else {
|
|
683
|
+
const secretValue = envKey && process.env[envKey] ? process.env[envKey] : value;
|
|
684
|
+
const secretProps = {
|
|
685
|
+
secretStringValue: secretValue
|
|
686
|
+
? cdk$1.SecretValue.unsafePlainText(secretValue)
|
|
687
|
+
: undefined,
|
|
688
|
+
};
|
|
689
|
+
this._secret = new secretsmanager__namespace.Secret(this, id, secretProps);
|
|
690
|
+
if (roleTag) {
|
|
691
|
+
cdk$1.Tags.of(this._secret).add(cdk.CDK.TAG.ROLE, roleTag);
|
|
692
|
+
}
|
|
693
|
+
if (vendorTag) {
|
|
694
|
+
cdk$1.Tags.of(this._secret).add(cdk.CDK.TAG.VENDOR, vendorTag);
|
|
695
|
+
}
|
|
696
|
+
if (provider) {
|
|
697
|
+
new cdk$1.CfnOutput(this, `ProvidedName`, {
|
|
698
|
+
value: this._secret.secretName,
|
|
699
|
+
exportName,
|
|
700
|
+
});
|
|
701
|
+
}
|
|
702
|
+
else {
|
|
703
|
+
new cdk$1.CfnOutput(this, `CreatedName`, {
|
|
704
|
+
value: this._secret.secretName,
|
|
705
|
+
});
|
|
706
|
+
}
|
|
707
|
+
}
|
|
708
|
+
}
|
|
709
|
+
// IResource implementation
|
|
710
|
+
get stack() {
|
|
711
|
+
return cdk$1.Stack.of(this);
|
|
712
|
+
}
|
|
713
|
+
get env() {
|
|
714
|
+
return {
|
|
715
|
+
account: cdk$1.Stack.of(this).account,
|
|
716
|
+
region: cdk$1.Stack.of(this).region,
|
|
717
|
+
};
|
|
718
|
+
}
|
|
719
|
+
applyRemovalPolicy(policy) {
|
|
720
|
+
this._secret.applyRemovalPolicy(policy);
|
|
721
|
+
}
|
|
722
|
+
// ISecret implementation
|
|
723
|
+
get secretArn() {
|
|
724
|
+
return this._secret.secretArn;
|
|
725
|
+
}
|
|
726
|
+
get secretName() {
|
|
727
|
+
return this._secret.secretName;
|
|
728
|
+
}
|
|
729
|
+
get secretFullArn() {
|
|
730
|
+
return this._secret.secretFullArn;
|
|
731
|
+
}
|
|
732
|
+
get encryptionKey() {
|
|
733
|
+
return this._secret.encryptionKey;
|
|
734
|
+
}
|
|
735
|
+
get secretValue() {
|
|
736
|
+
return this._secret.secretValue;
|
|
737
|
+
}
|
|
738
|
+
secretValueFromJson(key) {
|
|
739
|
+
return this._secret.secretValueFromJson(key);
|
|
740
|
+
}
|
|
741
|
+
grantRead(grantee, versionStages) {
|
|
742
|
+
return this._secret.grantRead(grantee, versionStages);
|
|
743
|
+
}
|
|
744
|
+
grantWrite(grantee) {
|
|
745
|
+
return this._secret.grantWrite(grantee);
|
|
746
|
+
}
|
|
747
|
+
addRotationSchedule(id, options) {
|
|
748
|
+
return this._secret.addRotationSchedule(id, options);
|
|
749
|
+
}
|
|
750
|
+
addToResourcePolicy(statement) {
|
|
751
|
+
return this._secret.addToResourcePolicy(statement);
|
|
752
|
+
}
|
|
753
|
+
denyAccountRootDelete() {
|
|
754
|
+
this._secret.denyAccountRootDelete();
|
|
755
|
+
}
|
|
756
|
+
attach(target) {
|
|
757
|
+
return this._secret.attach(target);
|
|
758
|
+
}
|
|
759
|
+
get envKey() {
|
|
760
|
+
return this._envKey;
|
|
761
|
+
}
|
|
762
|
+
}
|
|
763
|
+
|
|
764
|
+
const SERVICE = {
|
|
765
|
+
ROUTE53: "route53.amazonaws.com",
|
|
766
|
+
};
|
|
767
|
+
class JaypieHostedZone extends constructs.Construct {
|
|
768
|
+
/**
|
|
769
|
+
* Create a new hosted zone with query logging
|
|
770
|
+
*/
|
|
771
|
+
constructor(scope, id, props) {
|
|
772
|
+
super(scope, id);
|
|
773
|
+
const { destination, zoneName, project } = props;
|
|
774
|
+
const service = props.service || cdk.CDK.SERVICE.INFRASTRUCTURE;
|
|
775
|
+
// Create the log group
|
|
776
|
+
this.logGroup = new awsLogs.LogGroup(this, "LogGroup", {
|
|
777
|
+
logGroupName: process.env.PROJECT_NONCE
|
|
778
|
+
? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`
|
|
779
|
+
: `/aws/route53/${zoneName}`,
|
|
780
|
+
retention: awsLogs.RetentionDays.ONE_WEEK,
|
|
781
|
+
});
|
|
782
|
+
// Add tags
|
|
783
|
+
cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.SERVICE, service);
|
|
784
|
+
cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
|
|
785
|
+
if (project) {
|
|
786
|
+
cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.PROJECT, project);
|
|
787
|
+
}
|
|
788
|
+
// Grant Route 53 permissions to write to the log group
|
|
789
|
+
this.logGroup.grantWrite(new awsIam.ServicePrincipal(SERVICE.ROUTE53));
|
|
790
|
+
// Add destination if provided
|
|
791
|
+
if (destination) {
|
|
792
|
+
this.logGroup.addSubscriptionFilter("DatadogLambdaDestination", {
|
|
793
|
+
destination,
|
|
794
|
+
filterPattern: awsLogs.FilterPattern.allEvents(),
|
|
795
|
+
});
|
|
796
|
+
}
|
|
797
|
+
// Create the hosted zone
|
|
798
|
+
this.hostedZone = new awsRoute53.HostedZone(this, "HostedZone", {
|
|
799
|
+
queryLogsLogGroupArn: this.logGroup.logGroupArn,
|
|
800
|
+
zoneName,
|
|
801
|
+
});
|
|
802
|
+
// Add tags
|
|
803
|
+
cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.SERVICE, service);
|
|
804
|
+
cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
|
|
805
|
+
if (project) {
|
|
806
|
+
cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.PROJECT, project);
|
|
807
|
+
}
|
|
808
|
+
}
|
|
809
|
+
}
|
|
810
|
+
|
|
811
|
+
class JaypieMongoDbSecret extends JaypieEnvSecret {
|
|
812
|
+
constructor(scope, id = "MongoConnectionString", props) {
|
|
813
|
+
const defaultProps = {
|
|
814
|
+
envKey: "MONGODB_URI",
|
|
815
|
+
roleTag: cdk.CDK.ROLE.STORAGE,
|
|
816
|
+
vendorTag: cdk.CDK.VENDOR.MONGODB,
|
|
817
|
+
...props,
|
|
818
|
+
};
|
|
819
|
+
super(scope, id, defaultProps);
|
|
820
|
+
}
|
|
821
|
+
}
|
|
822
|
+
|
|
823
|
+
class JaypieOpenAiSecret extends JaypieEnvSecret {
|
|
824
|
+
constructor(scope, id = "OpenAiApiKey", props) {
|
|
825
|
+
const defaultProps = {
|
|
826
|
+
envKey: "OPENAI_API_KEY",
|
|
827
|
+
roleTag: cdk.CDK.ROLE.PROCESSING,
|
|
828
|
+
vendorTag: cdk.CDK.VENDOR.OPENAI,
|
|
829
|
+
...props,
|
|
830
|
+
};
|
|
831
|
+
super(scope, id, defaultProps);
|
|
832
|
+
}
|
|
833
|
+
}
|
|
834
|
+
|
|
478
835
|
/**
|
|
479
836
|
* Permission set types with corresponding AWS managed policies
|
|
480
837
|
*/
|
|
@@ -528,11 +885,11 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
528
885
|
instanceArn: this.instanceArn,
|
|
529
886
|
name: exports.PermissionSetType.ADMINISTRATOR,
|
|
530
887
|
description: "Full administrative access to all AWS services and resources",
|
|
531
|
-
sessionDuration: cdk.Duration.hours(8).toIsoString(),
|
|
888
|
+
sessionDuration: cdk$1.Duration.hours(8).toIsoString(),
|
|
532
889
|
managedPolicies: ["arn:aws:iam::aws:policy/AdministratorAccess"],
|
|
533
890
|
inlinePolicy: mergedPolicy,
|
|
534
891
|
});
|
|
535
|
-
cdk.Tags.of(permissionSet).add(cdk
|
|
892
|
+
cdk$1.Tags.of(permissionSet).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
|
|
536
893
|
this.permissionSets[exports.PermissionSetType.ADMINISTRATOR] = permissionSet;
|
|
537
894
|
}
|
|
538
895
|
/**
|
|
@@ -565,11 +922,11 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
565
922
|
instanceArn: this.instanceArn,
|
|
566
923
|
name: exports.PermissionSetType.ANALYST,
|
|
567
924
|
description: "Read-only access with billing visibility and limited write access",
|
|
568
|
-
sessionDuration: cdk.Duration.hours(4).toIsoString(),
|
|
925
|
+
sessionDuration: cdk$1.Duration.hours(4).toIsoString(),
|
|
569
926
|
managedPolicies: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
|
|
570
927
|
inlinePolicy: mergedPolicy,
|
|
571
928
|
});
|
|
572
|
-
cdk.Tags.of(permissionSet).add(cdk
|
|
929
|
+
cdk$1.Tags.of(permissionSet).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
|
|
573
930
|
this.permissionSets[exports.PermissionSetType.ANALYST] = permissionSet;
|
|
574
931
|
}
|
|
575
932
|
/**
|
|
@@ -617,13 +974,13 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
617
974
|
instanceArn: this.instanceArn,
|
|
618
975
|
name: exports.PermissionSetType.DEVELOPER,
|
|
619
976
|
description: "System administrator access with expanded write permissions",
|
|
620
|
-
sessionDuration: cdk.Duration.hours(8).toIsoString(),
|
|
977
|
+
sessionDuration: cdk$1.Duration.hours(8).toIsoString(),
|
|
621
978
|
managedPolicies: [
|
|
622
979
|
"arn:aws:iam::aws:policy/job-function/SystemAdministrator",
|
|
623
980
|
],
|
|
624
981
|
inlinePolicy: mergedPolicy,
|
|
625
982
|
});
|
|
626
|
-
cdk.Tags.of(permissionSet).add(cdk
|
|
983
|
+
cdk$1.Tags.of(permissionSet).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
|
|
627
984
|
this.permissionSets[exports.PermissionSetType.DEVELOPER] = permissionSet;
|
|
628
985
|
}
|
|
629
986
|
/**
|
|
@@ -690,8 +1047,8 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
690
1047
|
targetId: accountId,
|
|
691
1048
|
targetType: "AWS_ACCOUNT",
|
|
692
1049
|
});
|
|
693
|
-
cdk.Tags.of(assignment).add(cdk
|
|
694
|
-
cdk.Tags.of(assignment).add("Group", "administrators");
|
|
1050
|
+
cdk$1.Tags.of(assignment).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
|
|
1051
|
+
cdk$1.Tags.of(assignment).add("Group", "administrators");
|
|
695
1052
|
});
|
|
696
1053
|
}
|
|
697
1054
|
/**
|
|
@@ -717,8 +1074,8 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
717
1074
|
targetId: accountId,
|
|
718
1075
|
targetType: "AWS_ACCOUNT",
|
|
719
1076
|
});
|
|
720
|
-
cdk.Tags.of(assignment).add(cdk
|
|
721
|
-
cdk.Tags.of(assignment).add("Group", "analysts");
|
|
1077
|
+
cdk$1.Tags.of(assignment).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
|
|
1078
|
+
cdk$1.Tags.of(assignment).add("Group", "analysts");
|
|
722
1079
|
});
|
|
723
1080
|
}
|
|
724
1081
|
/**
|
|
@@ -743,8 +1100,8 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
743
1100
|
targetId: accountId,
|
|
744
1101
|
targetType: "AWS_ACCOUNT",
|
|
745
1102
|
});
|
|
746
|
-
cdk.Tags.of(assignment).add(cdk
|
|
747
|
-
cdk.Tags.of(assignment).add("Group", "developers");
|
|
1103
|
+
cdk$1.Tags.of(assignment).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
|
|
1104
|
+
cdk$1.Tags.of(assignment).add("Group", "developers");
|
|
748
1105
|
});
|
|
749
1106
|
}
|
|
750
1107
|
}
|
|
@@ -753,16 +1110,18 @@ class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
|
|
|
753
1110
|
constructor(scope, id = "TraceSigningKey", props) {
|
|
754
1111
|
const defaultProps = {
|
|
755
1112
|
envKey: "TRACE_SIGNING_KEY",
|
|
756
|
-
roleTag: cdk
|
|
757
|
-
vendorTag: cdk
|
|
1113
|
+
roleTag: cdk.CDK.ROLE.API,
|
|
1114
|
+
vendorTag: cdk.CDK.VENDOR.KNOWTRACE,
|
|
758
1115
|
...props,
|
|
759
1116
|
};
|
|
760
1117
|
super(scope, id, defaultProps);
|
|
761
1118
|
}
|
|
762
1119
|
}
|
|
763
1120
|
|
|
1121
|
+
exports.JaypieBucketQueuedLambda = JaypieBucketQueuedLambda;
|
|
764
1122
|
exports.JaypieEnvSecret = JaypieEnvSecret;
|
|
765
1123
|
exports.JaypieHostedZone = JaypieHostedZone;
|
|
1124
|
+
exports.JaypieLambda = JaypieLambda;
|
|
766
1125
|
exports.JaypieMongoDbSecret = JaypieMongoDbSecret;
|
|
767
1126
|
exports.JaypieOpenAiSecret = JaypieOpenAiSecret;
|
|
768
1127
|
exports.JaypieQueuedLambda = JaypieQueuedLambda;
|