@jaypie/constructs 1.1.22 → 1.1.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/cjs/JaypieBucketQueuedLambda.d.ts +63 -0
  2. package/dist/cjs/__tests__/JaypieBucketQueuedLambda.spec.d.ts +1 -0
  3. package/dist/cjs/index.cjs +424 -241
  4. package/dist/cjs/index.cjs.map +1 -1
  5. package/dist/cjs/index.d.ts +1 -0
  6. package/dist/esm/JaypieBucketQueuedLambda.d.ts +63 -0
  7. package/dist/esm/__tests__/JaypieBucketQueuedLambda.spec.d.ts +1 -0
  8. package/dist/esm/index.d.ts +1 -0
  9. package/dist/esm/index.js +390 -210
  10. package/dist/esm/index.js.map +1 -1
  11. package/package.json +2 -2
package/dist/cjs/index.cjs CHANGED
@@ -1,15 +1,17 @@
1
1
  'use strict';
2
2
 
3
+ var cdk$1 = require('aws-cdk-lib');
4
+ var s3 = require('aws-cdk-lib/aws-s3');
5
+ var s3n = require('aws-cdk-lib/aws-s3-notifications');
6
+ var cdk = require('@jaypie/cdk');
3
7
  var constructs = require('constructs');
4
- var cdk = require('aws-cdk-lib');
8
+ var lambda = require('aws-cdk-lib/aws-lambda');
9
+ var sqs = require('aws-cdk-lib/aws-sqs');
10
+ var lambdaEventSources = require('aws-cdk-lib/aws-lambda-event-sources');
5
11
  var secretsmanager = require('aws-cdk-lib/aws-secretsmanager');
6
- var cdk$1 = require('@jaypie/cdk');
7
12
  var awsIam = require('aws-cdk-lib/aws-iam');
8
13
  var awsLogs = require('aws-cdk-lib/aws-logs');
9
14
  var awsRoute53 = require('aws-cdk-lib/aws-route53');
10
- var lambda = require('aws-cdk-lib/aws-lambda');
11
- var sqs = require('aws-cdk-lib/aws-sqs');
12
- var lambdaEventSources = require('aws-cdk-lib/aws-lambda-event-sources');
13
15
  var sso = require('aws-cdk-lib/aws-sso');
14
16
 
15
17
  function _interopNamespaceDefault(e) {
@@ -29,196 +31,19 @@ function _interopNamespaceDefault(e) {
29
31
  return Object.freeze(n);
30
32
  }
31
33
 
32
- var cdk__namespace = /*#__PURE__*/_interopNamespaceDefault(cdk);
33
- var secretsmanager__namespace = /*#__PURE__*/_interopNamespaceDefault(secretsmanager);
34
+ var cdk__namespace = /*#__PURE__*/_interopNamespaceDefault(cdk$1);
35
+ var s3__namespace = /*#__PURE__*/_interopNamespaceDefault(s3);
36
+ var s3n__namespace = /*#__PURE__*/_interopNamespaceDefault(s3n);
34
37
  var lambda__namespace = /*#__PURE__*/_interopNamespaceDefault(lambda);
35
38
  var sqs__namespace = /*#__PURE__*/_interopNamespaceDefault(sqs);
36
39
  var lambdaEventSources__namespace = /*#__PURE__*/_interopNamespaceDefault(lambdaEventSources);
40
+ var secretsmanager__namespace = /*#__PURE__*/_interopNamespaceDefault(secretsmanager);
37
41
  var sso__namespace = /*#__PURE__*/_interopNamespaceDefault(sso);
38
42
 
39
- // It is a consumer if the environment is ephemeral
40
- function checkEnvIsConsumer(env = process.env) {
41
- return (env.PROJECT_ENV === cdk$1.CDK.ENV.PERSONAL ||
42
- !!env.CDK_ENV_PERSONAL ||
43
- /** @deprecated */ env.PROJECT_ENV === "ephemeral" ||
44
- /** @deprecated */ !!env.CDK_ENV_EPHEMERAL);
45
- }
46
- function checkEnvIsProvider(env = process.env) {
47
- return env.PROJECT_ENV === cdk$1.CDK.ENV.SANDBOX;
48
- }
49
- function cleanName(name) {
50
- return name.replace(/[^a-zA-Z0-9:-]/g, "");
51
- }
52
- function exportEnvName(name, env = process.env) {
53
- let rawName;
54
- if (checkEnvIsProvider(env)) {
55
- rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
56
- // Clean the entire name to only allow alphanumeric, colons, and hyphens
57
- return cleanName(rawName);
58
- }
59
- else {
60
- if (checkEnvIsConsumer(env)) {
61
- rawName = `env-${cdk$1.CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;
62
- }
63
- else {
64
- rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
65
- }
66
- }
67
- return cleanName(rawName);
68
- }
69
- class JaypieEnvSecret extends constructs.Construct {
70
- constructor(scope, id, props) {
71
- super(scope, id);
72
- const { consumer = checkEnvIsConsumer(), envKey, export: exportParam, provider = checkEnvIsProvider(), roleTag, vendorTag, value, } = props || {};
73
- this._envKey = envKey;
74
- let exportName;
75
- if (!exportParam) {
76
- exportName = exportEnvName(id);
77
- }
78
- else {
79
- exportName = cleanName(exportParam);
80
- }
81
- if (consumer) {
82
- const secretName = cdk.Fn.importValue(exportName);
83
- this._secret = secretsmanager__namespace.Secret.fromSecretNameV2(this, id, secretName);
84
- // Add CfnOutput for consumer secrets
85
- new cdk.CfnOutput(this, `ConsumedName`, {
86
- value: this._secret.secretName,
87
- });
88
- }
89
- else {
90
- const secretValue = envKey && process.env[envKey] ? process.env[envKey] : value;
91
- const secretProps = {
92
- secretStringValue: secretValue
93
- ? cdk.SecretValue.unsafePlainText(secretValue)
94
- : undefined,
95
- };
96
- this._secret = new secretsmanager__namespace.Secret(this, id, secretProps);
97
- if (roleTag) {
98
- cdk.Tags.of(this._secret).add(cdk$1.CDK.TAG.ROLE, roleTag);
99
- }
100
- if (vendorTag) {
101
- cdk.Tags.of(this._secret).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
102
- }
103
- if (provider) {
104
- new cdk.CfnOutput(this, `ProvidedName`, {
105
- value: this._secret.secretName,
106
- exportName,
107
- });
108
- }
109
- else {
110
- new cdk.CfnOutput(this, `CreatedName`, {
111
- value: this._secret.secretName,
112
- });
113
- }
114
- }
115
- }
116
- // IResource implementation
117
- get stack() {
118
- return cdk.Stack.of(this);
119
- }
120
- get env() {
121
- return {
122
- account: cdk.Stack.of(this).account,
123
- region: cdk.Stack.of(this).region,
124
- };
125
- }
126
- applyRemovalPolicy(policy) {
127
- this._secret.applyRemovalPolicy(policy);
128
- }
129
- // ISecret implementation
130
- get secretArn() {
131
- return this._secret.secretArn;
132
- }
133
- get secretName() {
134
- return this._secret.secretName;
135
- }
136
- get secretFullArn() {
137
- return this._secret.secretFullArn;
138
- }
139
- get encryptionKey() {
140
- return this._secret.encryptionKey;
141
- }
142
- get secretValue() {
143
- return this._secret.secretValue;
144
- }
145
- secretValueFromJson(key) {
146
- return this._secret.secretValueFromJson(key);
147
- }
148
- grantRead(grantee, versionStages) {
149
- return this._secret.grantRead(grantee, versionStages);
150
- }
151
- grantWrite(grantee) {
152
- return this._secret.grantWrite(grantee);
153
- }
154
- addRotationSchedule(id, options) {
155
- return this._secret.addRotationSchedule(id, options);
156
- }
157
- addToResourcePolicy(statement) {
158
- return this._secret.addToResourcePolicy(statement);
159
- }
160
- denyAccountRootDelete() {
161
- this._secret.denyAccountRootDelete();
162
- }
163
- attach(target) {
164
- return this._secret.attach(target);
165
- }
166
- get envKey() {
167
- return this._envKey;
168
- }
169
- }
170
-
171
- const SERVICE = {
172
- ROUTE53: "route53.amazonaws.com",
173
- };
174
- class JaypieHostedZone extends constructs.Construct {
175
- /**
176
- * Create a new hosted zone with query logging
177
- */
178
- constructor(scope, id, props) {
179
- super(scope, id);
180
- const { destination, zoneName, project } = props;
181
- const service = props.service || cdk$1.CDK.SERVICE.INFRASTRUCTURE;
182
- // Create the log group
183
- this.logGroup = new awsLogs.LogGroup(this, "LogGroup", {
184
- logGroupName: process.env.PROJECT_NONCE
185
- ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`
186
- : `/aws/route53/${zoneName}`,
187
- retention: awsLogs.RetentionDays.ONE_WEEK,
188
- });
189
- // Add tags
190
- cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.SERVICE, service);
191
- cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
192
- if (project) {
193
- cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.PROJECT, project);
194
- }
195
- // Grant Route 53 permissions to write to the log group
196
- this.logGroup.grantWrite(new awsIam.ServicePrincipal(SERVICE.ROUTE53));
197
- // Add destination if provided
198
- if (destination) {
199
- this.logGroup.addSubscriptionFilter("DatadogLambdaDestination", {
200
- destination,
201
- filterPattern: awsLogs.FilterPattern.allEvents(),
202
- });
203
- }
204
- // Create the hosted zone
205
- this.hostedZone = new awsRoute53.HostedZone(this, "HostedZone", {
206
- queryLogsLogGroupArn: this.logGroup.logGroupArn,
207
- zoneName,
208
- });
209
- // Add tags
210
- cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.SERVICE, service);
211
- cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
212
- if (project) {
213
- cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.PROJECT, project);
214
- }
215
- }
216
- }
217
-
218
43
  class JaypieLambda extends constructs.Construct {
219
44
  constructor(scope, id, props) {
220
45
  super(scope, id);
221
- const { code, datadogApiKeyArn, environment: initialEnvironment = {}, envSecrets = {}, handler = "index.handler", layers = [], logRetention = cdk$1.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk$1.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_20_X, secrets = [], timeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), vendorTag, } = props;
46
+ const { code, datadogApiKeyArn, environment: initialEnvironment = {}, envSecrets = {}, handler = "index.handler", layers = [], logRetention = cdk.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_20_X, secrets = [], timeout = cdk$1.Duration.seconds(cdk.CDK.DURATION.LAMBDA_WORKER), vendorTag, } = props;
222
47
  // Create a mutable copy of the environment variables
223
48
  let environment = { ...initialEnvironment };
224
49
  this._code = typeof code === "string" ? lambda__namespace.Code.fromAsset(code) : code;
@@ -232,18 +57,18 @@ class JaypieLambda extends constructs.Construct {
232
57
  // Add Datadog integration if API key is available
233
58
  if (resolvedDatadogApiKeyArn) {
234
59
  // Add Datadog Node.js layer
235
- const datadogNodeLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogNodeLayer", `arn:aws:lambda:${cdk.Stack.of(this).region}:464622532012:layer:Datadog-Node20-x:${cdk$1.CDK.DATADOG.LAYER.NODE}`);
60
+ const datadogNodeLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogNodeLayer", `arn:aws:lambda:${cdk$1.Stack.of(this).region}:464622532012:layer:Datadog-Node20-x:${cdk.CDK.DATADOG.LAYER.NODE}`);
236
61
  resolvedLayers.push(datadogNodeLayer);
237
62
  // Add Datadog Extension layer
238
- const datadogExtensionLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogExtensionLayer", `arn:aws:lambda:${cdk.Stack.of(this).region}:464622532012:layer:Datadog-Extension:${cdk$1.CDK.DATADOG.LAYER.EXTENSION}`);
63
+ const datadogExtensionLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogExtensionLayer", `arn:aws:lambda:${cdk$1.Stack.of(this).region}:464622532012:layer:Datadog-Extension:${cdk.CDK.DATADOG.LAYER.EXTENSION}`);
239
64
  resolvedLayers.push(datadogExtensionLayer);
240
65
  // Set Datadog environment variables
241
66
  Object.assign(environment, {
242
67
  DD_API_KEY_SECRET_ARN: resolvedDatadogApiKeyArn,
243
68
  DD_ENV: process.env.PROJECT_ENV || "",
244
69
  DD_SERVICE: process.env.PROJECT_SERVICE || "",
245
- DD_SITE: cdk$1.CDK.DATADOG.SITE,
246
- DD_TAGS: `${cdk$1.CDK.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
70
+ DD_SITE: cdk.CDK.DATADOG.SITE,
71
+ DD_TAGS: `${cdk.CDK.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
247
72
  });
248
73
  }
249
74
  // Configure ParamsAndSecrets layer
@@ -294,7 +119,7 @@ class JaypieLambda extends constructs.Construct {
294
119
  paramsAndSecrets: resolvedParamsAndSecrets,
295
120
  reservedConcurrentExecutions,
296
121
  runtime,
297
- timeout: typeof timeout === "number" ? cdk.Duration.seconds(timeout) : timeout,
122
+ timeout: typeof timeout === "number" ? cdk$1.Duration.seconds(timeout) : timeout,
298
123
  });
299
124
  // Grant secret read permissions
300
125
  Object.values(envSecrets).forEach((secret) => {
@@ -311,10 +136,10 @@ class JaypieLambda extends constructs.Construct {
311
136
  datadogApiKey.grantRead(this._lambda);
312
137
  }
313
138
  if (roleTag) {
314
- cdk.Tags.of(this._lambda).add(cdk$1.CDK.TAG.ROLE, roleTag);
139
+ cdk$1.Tags.of(this._lambda).add(cdk.CDK.TAG.ROLE, roleTag);
315
140
  }
316
141
  if (vendorTag) {
317
- cdk.Tags.of(this._lambda).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
142
+ cdk$1.Tags.of(this._lambda).add(cdk.CDK.TAG.VENDOR, vendorTag);
318
143
  }
319
144
  }
320
145
  // Public accessors
@@ -406,8 +231,8 @@ class JaypieLambda extends constructs.Construct {
406
231
  }
407
232
  get env() {
408
233
  return {
409
- account: cdk.Stack.of(this).account,
410
- region: cdk.Stack.of(this).region,
234
+ account: cdk$1.Stack.of(this).account,
235
+ region: cdk$1.Stack.of(this).region,
411
236
  };
412
237
  }
413
238
  get stack() {
@@ -418,46 +243,22 @@ class JaypieLambda extends constructs.Construct {
418
243
  }
419
244
  }
420
245
 
421
- class JaypieMongoDbSecret extends JaypieEnvSecret {
422
- constructor(scope, id = "MongoConnectionString", props) {
423
- const defaultProps = {
424
- envKey: "MONGODB_URI",
425
- roleTag: cdk$1.CDK.ROLE.STORAGE,
426
- vendorTag: cdk$1.CDK.VENDOR.MONGODB,
427
- ...props,
428
- };
429
- super(scope, id, defaultProps);
430
- }
431
- }
432
-
433
- class JaypieOpenAiSecret extends JaypieEnvSecret {
434
- constructor(scope, id = "OpenAiApiKey", props) {
435
- const defaultProps = {
436
- envKey: "OPENAI_API_KEY",
437
- roleTag: cdk$1.CDK.ROLE.PROCESSING,
438
- vendorTag: cdk$1.CDK.VENDOR.OPENAI,
439
- ...props,
440
- };
441
- super(scope, id, defaultProps);
442
- }
443
- }
444
-
445
246
  class JaypieQueuedLambda extends constructs.Construct {
446
247
  constructor(scope, id, props) {
447
248
  super(scope, id);
448
- const { batchSize = 1, code, environment = {}, envSecrets = {}, fifo = true, handler = "index.handler", layers = [], logRetention = cdk$1.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk$1.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_20_X, secrets = [], timeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), vendorTag, visibilityTimeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), } = props;
249
+ const { batchSize = 1, code, environment = {}, envSecrets = {}, fifo = true, handler = "index.handler", layers = [], logRetention = cdk.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_20_X, secrets = [], timeout = cdk$1.Duration.seconds(cdk.CDK.DURATION.LAMBDA_WORKER), vendorTag, visibilityTimeout = cdk$1.Duration.seconds(cdk.CDK.DURATION.LAMBDA_WORKER), } = props;
449
250
  // Create SQS Queue
450
251
  this._queue = new sqs__namespace.Queue(this, "Queue", {
451
252
  fifo,
452
253
  visibilityTimeout: typeof visibilityTimeout === "number"
453
- ? cdk.Duration.seconds(visibilityTimeout)
254
+ ? cdk$1.Duration.seconds(visibilityTimeout)
454
255
  : visibilityTimeout,
455
256
  });
456
257
  if (roleTag) {
457
- cdk.Tags.of(this._queue).add(cdk$1.CDK.TAG.ROLE, roleTag);
258
+ cdk$1.Tags.of(this._queue).add(cdk.CDK.TAG.ROLE, roleTag);
458
259
  }
459
260
  if (vendorTag) {
460
- cdk.Tags.of(this._queue).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
261
+ cdk$1.Tags.of(this._queue).add(cdk.CDK.TAG.VENDOR, vendorTag);
461
262
  }
462
263
  // Create Lambda with JaypieLambda
463
264
  this._lambdaConstruct = new JaypieLambda(this, "Function", {
@@ -578,12 +379,12 @@ class JaypieQueuedLambda extends constructs.Construct {
578
379
  }
579
380
  get env() {
580
381
  return {
581
- account: cdk.Stack.of(this).account,
582
- region: cdk.Stack.of(this).region,
382
+ account: cdk$1.Stack.of(this).account,
383
+ region: cdk$1.Stack.of(this).region,
583
384
  };
584
385
  }
585
386
  get stack() {
586
- return cdk.Stack.of(this);
387
+ return cdk$1.Stack.of(this);
587
388
  }
588
389
  applyRemovalPolicy(policy) {
589
390
  this._lambdaConstruct.applyRemovalPolicy(policy);
@@ -650,6 +451,387 @@ class JaypieQueuedLambda extends constructs.Construct {
650
451
  }
651
452
  }
652
453
 
454
+ class JaypieBucketQueuedLambda extends JaypieQueuedLambda {
455
+ constructor(scope, id, props) {
456
+ super(scope, id, props);
457
+ const { bucketName, roleTag, vendorTag, bucketOptions = {} } = props;
458
+ // Create S3 Bucket
459
+ this._bucket = new s3__namespace.Bucket(this, "Bucket", {
460
+ bucketName: bucketOptions.bucketName || bucketName,
461
+ removalPolicy: bucketOptions.removalPolicy || cdk$1.RemovalPolicy.RETAIN,
462
+ ...bucketOptions,
463
+ });
464
+ // Add tags to bucket
465
+ if (roleTag) {
466
+ cdk$1.Tags.of(this._bucket).add(cdk.CDK.TAG.ROLE, roleTag);
467
+ }
468
+ if (vendorTag) {
469
+ cdk$1.Tags.of(this._bucket).add(cdk.CDK.TAG.VENDOR, vendorTag);
470
+ }
471
+ // Add an event notification from the bucket to the queue
472
+ this._bucket.addEventNotification(s3__namespace.EventType.OBJECT_CREATED, new s3n__namespace.SqsDestination(this.queue));
473
+ // Grant the lambda access to the bucket
474
+ this._bucket.grantReadWrite(this);
475
+ // Add environment variable for bucket name
476
+ this.lambda.addEnvironment("CDK_ENV_BUCKET_NAME", this._bucket.bucketName);
477
+ }
478
+ // Public accessors
479
+ get bucket() {
480
+ return this._bucket;
481
+ }
482
+ // IBucket implementation
483
+ get bucketArn() {
484
+ return this._bucket.bucketArn;
485
+ }
486
+ get bucketDomainName() {
487
+ return this._bucket.bucketDomainName;
488
+ }
489
+ get bucketDualStackDomainName() {
490
+ return this._bucket.bucketDualStackDomainName;
491
+ }
492
+ get bucketName() {
493
+ return this._bucket.bucketName;
494
+ }
495
+ get bucketRegionalDomainName() {
496
+ return this._bucket.bucketRegionalDomainName;
497
+ }
498
+ get bucketWebsiteDomainName() {
499
+ return this._bucket.bucketWebsiteDomainName;
500
+ }
501
+ get bucketWebsiteUrl() {
502
+ return this._bucket.bucketWebsiteUrl;
503
+ }
504
+ get encryptionKey() {
505
+ return this._bucket.encryptionKey;
506
+ }
507
+ get isWebsite() {
508
+ return this._bucket.isWebsite || false;
509
+ }
510
+ get policy() {
511
+ return this._bucket.policy;
512
+ }
513
+ addEventNotification(event, dest, filters) {
514
+ this._bucket.addEventNotification(event, dest, ...filters);
515
+ }
516
+ addObjectCreatedNotification(dest, ...filters) {
517
+ this._bucket.addObjectCreatedNotification(dest, ...filters);
518
+ }
519
+ addObjectRemovedNotification(dest, ...filters) {
520
+ this._bucket.addObjectRemovedNotification(dest, ...filters);
521
+ }
522
+ addToResourcePolicy(permission) {
523
+ return this._bucket.addToResourcePolicy(permission);
524
+ }
525
+ arnForObjects(objectKeyPattern) {
526
+ return this._bucket.arnForObjects(objectKeyPattern);
527
+ }
528
+ enableEventBridgeNotification() {
529
+ this._bucket.enableEventBridgeNotification();
530
+ }
531
+ grant(grantee, ...actions) {
532
+ return this._bucket.grant(grantee, ...actions);
533
+ }
534
+ grantDelete(grantee, objectsKeyPattern) {
535
+ return this._bucket.grantDelete(grantee, objectsKeyPattern);
536
+ }
537
+ grantPublicAccess(keyPrefix, ...allowedActions) {
538
+ return this._bucket.grantPublicAccess(keyPrefix, ...allowedActions);
539
+ }
540
+ grantPut(grantee, objectsKeyPattern) {
541
+ return this._bucket.grantPut(grantee, objectsKeyPattern);
542
+ }
543
+ grantPutAcl(grantee, objectsKeyPattern) {
544
+ return this._bucket.grantPutAcl(grantee, objectsKeyPattern);
545
+ }
546
+ grantRead(grantee, objectsKeyPattern) {
547
+ return this._bucket.grantRead(grantee, objectsKeyPattern);
548
+ }
549
+ grantReadWrite(grantee, objectsKeyPattern) {
550
+ return this._bucket.grantReadWrite(grantee, objectsKeyPattern);
551
+ }
552
+ grantWrite(grantee, objectsKeyPattern) {
553
+ return this._bucket.grantWrite(grantee, objectsKeyPattern);
554
+ }
555
+ onCloudTrailEvent(id, options) {
556
+ return this._bucket.onCloudTrailEvent(id, options);
557
+ }
558
+ onCloudTrailPutObject(id, options) {
559
+ return this._bucket.onCloudTrailPutObject(id, options);
560
+ }
561
+ onCloudTrailWriteObject(id, options) {
562
+ return this._bucket.onCloudTrailWriteObject(id, options);
563
+ }
564
+ s3UrlForObject(key) {
565
+ return this._bucket.s3UrlForObject(key);
566
+ }
567
+ transferAccelerationUrlForObject(key, options) {
568
+ return this._bucket.transferAccelerationUrlForObject(key, options);
569
+ }
570
+ urlForObject(key) {
571
+ return this._bucket.urlForObject(key);
572
+ }
573
+ virtualHostedUrlForObject(key, options) {
574
+ return this._bucket.virtualHostedUrlForObject(key, options);
575
+ }
576
+ // Bucket metrics
577
+ metricAllRequests(props) {
578
+ return this._bucket.metricAllRequests(props);
579
+ }
580
+ metricBucketSizeBytes(props) {
581
+ return this._bucket.metricBucketSizeBytes(props);
582
+ }
583
+ metricDeleteRequests(props) {
584
+ return this._bucket.metricDeleteRequests(props);
585
+ }
586
+ metricDownloadBytes(props) {
587
+ return this._bucket.metricDownloadBytes(props);
588
+ }
589
+ metricFirstByteLatency(props) {
590
+ return this._bucket.metricFirstByteLatency(props);
591
+ }
592
+ metricGetRequests(props) {
593
+ return this._bucket.metricGetRequests(props);
594
+ }
595
+ metricHeadRequests(props) {
596
+ return this._bucket.metricHeadRequests(props);
597
+ }
598
+ metricHttpRequests(props) {
599
+ return this._bucket.metricHttpRequests(props);
600
+ }
601
+ metricListRequests(props) {
602
+ return this._bucket.metricListRequests(props);
603
+ }
604
+ metricNumberOfObjects(props) {
605
+ return this._bucket.metricNumberOfObjects(props);
606
+ }
607
+ metricPostRequests(props) {
608
+ return this._bucket.metricPostRequests(props);
609
+ }
610
+ metricPutRequests(props) {
611
+ return this._bucket.metricPutRequests(props);
612
+ }
613
+ metricSelectRequests(props) {
614
+ return this._bucket.metricSelectRequests(props);
615
+ }
616
+ metricSelectScannedBytes(props) {
617
+ return this._bucket.metricSelectScannedBytes(props);
618
+ }
619
+ metricUploadBytes(props) {
620
+ return this._bucket.metricUploadBytes(props);
621
+ }
622
+ metricSelectReturnedBytes(props) {
623
+ return this._bucket.metricSelectReturnedBytes(props);
624
+ }
625
+ // Override applyRemovalPolicy to apply to all resources
626
+ applyRemovalPolicy(policy) {
627
+ super.applyRemovalPolicy(policy);
628
+ this._bucket.applyRemovalPolicy(policy);
629
+ }
630
+ }
631
+
632
+ // It is a consumer if the environment is ephemeral
633
+ function checkEnvIsConsumer(env = process.env) {
634
+ return (env.PROJECT_ENV === cdk.CDK.ENV.PERSONAL ||
635
+ !!env.CDK_ENV_PERSONAL ||
636
+ /** @deprecated */ env.PROJECT_ENV === "ephemeral" ||
637
+ /** @deprecated */ !!env.CDK_ENV_EPHEMERAL);
638
+ }
639
+ function checkEnvIsProvider(env = process.env) {
640
+ return env.PROJECT_ENV === cdk.CDK.ENV.SANDBOX;
641
+ }
642
+ function cleanName(name) {
643
+ return name.replace(/[^a-zA-Z0-9:-]/g, "");
644
+ }
645
+ function exportEnvName(name, env = process.env) {
646
+ let rawName;
647
+ if (checkEnvIsProvider(env)) {
648
+ rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
649
+ // Clean the entire name to only allow alphanumeric, colons, and hyphens
650
+ return cleanName(rawName);
651
+ }
652
+ else {
653
+ if (checkEnvIsConsumer(env)) {
654
+ rawName = `env-${cdk.CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;
655
+ }
656
+ else {
657
+ rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
658
+ }
659
+ }
660
+ return cleanName(rawName);
661
+ }
662
+ class JaypieEnvSecret extends constructs.Construct {
663
+ constructor(scope, id, props) {
664
+ super(scope, id);
665
+ const { consumer = checkEnvIsConsumer(), envKey, export: exportParam, provider = checkEnvIsProvider(), roleTag, vendorTag, value, } = props || {};
666
+ this._envKey = envKey;
667
+ let exportName;
668
+ if (!exportParam) {
669
+ exportName = exportEnvName(id);
670
+ }
671
+ else {
672
+ exportName = cleanName(exportParam);
673
+ }
674
+ if (consumer) {
675
+ const secretName = cdk$1.Fn.importValue(exportName);
676
+ this._secret = secretsmanager__namespace.Secret.fromSecretNameV2(this, id, secretName);
677
+ // Add CfnOutput for consumer secrets
678
+ new cdk$1.CfnOutput(this, `ConsumedName`, {
679
+ value: this._secret.secretName,
680
+ });
681
+ }
682
+ else {
683
+ const secretValue = envKey && process.env[envKey] ? process.env[envKey] : value;
684
+ const secretProps = {
685
+ secretStringValue: secretValue
686
+ ? cdk$1.SecretValue.unsafePlainText(secretValue)
687
+ : undefined,
688
+ };
689
+ this._secret = new secretsmanager__namespace.Secret(this, id, secretProps);
690
+ if (roleTag) {
691
+ cdk$1.Tags.of(this._secret).add(cdk.CDK.TAG.ROLE, roleTag);
692
+ }
693
+ if (vendorTag) {
694
+ cdk$1.Tags.of(this._secret).add(cdk.CDK.TAG.VENDOR, vendorTag);
695
+ }
696
+ if (provider) {
697
+ new cdk$1.CfnOutput(this, `ProvidedName`, {
698
+ value: this._secret.secretName,
699
+ exportName,
700
+ });
701
+ }
702
+ else {
703
+ new cdk$1.CfnOutput(this, `CreatedName`, {
704
+ value: this._secret.secretName,
705
+ });
706
+ }
707
+ }
708
+ }
709
+ // IResource implementation
710
+ get stack() {
711
+ return cdk$1.Stack.of(this);
712
+ }
713
+ get env() {
714
+ return {
715
+ account: cdk$1.Stack.of(this).account,
716
+ region: cdk$1.Stack.of(this).region,
717
+ };
718
+ }
719
+ applyRemovalPolicy(policy) {
720
+ this._secret.applyRemovalPolicy(policy);
721
+ }
722
+ // ISecret implementation
723
+ get secretArn() {
724
+ return this._secret.secretArn;
725
+ }
726
+ get secretName() {
727
+ return this._secret.secretName;
728
+ }
729
+ get secretFullArn() {
730
+ return this._secret.secretFullArn;
731
+ }
732
+ get encryptionKey() {
733
+ return this._secret.encryptionKey;
734
+ }
735
+ get secretValue() {
736
+ return this._secret.secretValue;
737
+ }
738
+ secretValueFromJson(key) {
739
+ return this._secret.secretValueFromJson(key);
740
+ }
741
+ grantRead(grantee, versionStages) {
742
+ return this._secret.grantRead(grantee, versionStages);
743
+ }
744
+ grantWrite(grantee) {
745
+ return this._secret.grantWrite(grantee);
746
+ }
747
+ addRotationSchedule(id, options) {
748
+ return this._secret.addRotationSchedule(id, options);
749
+ }
750
+ addToResourcePolicy(statement) {
751
+ return this._secret.addToResourcePolicy(statement);
752
+ }
753
+ denyAccountRootDelete() {
754
+ this._secret.denyAccountRootDelete();
755
+ }
756
+ attach(target) {
757
+ return this._secret.attach(target);
758
+ }
759
+ get envKey() {
760
+ return this._envKey;
761
+ }
762
+ }
763
+
764
+ const SERVICE = {
765
+ ROUTE53: "route53.amazonaws.com",
766
+ };
767
+ class JaypieHostedZone extends constructs.Construct {
768
+ /**
769
+ * Create a new hosted zone with query logging
770
+ */
771
+ constructor(scope, id, props) {
772
+ super(scope, id);
773
+ const { destination, zoneName, project } = props;
774
+ const service = props.service || cdk.CDK.SERVICE.INFRASTRUCTURE;
775
+ // Create the log group
776
+ this.logGroup = new awsLogs.LogGroup(this, "LogGroup", {
777
+ logGroupName: process.env.PROJECT_NONCE
778
+ ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`
779
+ : `/aws/route53/${zoneName}`,
780
+ retention: awsLogs.RetentionDays.ONE_WEEK,
781
+ });
782
+ // Add tags
783
+ cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.SERVICE, service);
784
+ cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
785
+ if (project) {
786
+ cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.PROJECT, project);
787
+ }
788
+ // Grant Route 53 permissions to write to the log group
789
+ this.logGroup.grantWrite(new awsIam.ServicePrincipal(SERVICE.ROUTE53));
790
+ // Add destination if provided
791
+ if (destination) {
792
+ this.logGroup.addSubscriptionFilter("DatadogLambdaDestination", {
793
+ destination,
794
+ filterPattern: awsLogs.FilterPattern.allEvents(),
795
+ });
796
+ }
797
+ // Create the hosted zone
798
+ this.hostedZone = new awsRoute53.HostedZone(this, "HostedZone", {
799
+ queryLogsLogGroupArn: this.logGroup.logGroupArn,
800
+ zoneName,
801
+ });
802
+ // Add tags
803
+ cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.SERVICE, service);
804
+ cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
805
+ if (project) {
806
+ cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.PROJECT, project);
807
+ }
808
+ }
809
+ }
810
+
811
+ class JaypieMongoDbSecret extends JaypieEnvSecret {
812
+ constructor(scope, id = "MongoConnectionString", props) {
813
+ const defaultProps = {
814
+ envKey: "MONGODB_URI",
815
+ roleTag: cdk.CDK.ROLE.STORAGE,
816
+ vendorTag: cdk.CDK.VENDOR.MONGODB,
817
+ ...props,
818
+ };
819
+ super(scope, id, defaultProps);
820
+ }
821
+ }
822
+
823
+ class JaypieOpenAiSecret extends JaypieEnvSecret {
824
+ constructor(scope, id = "OpenAiApiKey", props) {
825
+ const defaultProps = {
826
+ envKey: "OPENAI_API_KEY",
827
+ roleTag: cdk.CDK.ROLE.PROCESSING,
828
+ vendorTag: cdk.CDK.VENDOR.OPENAI,
829
+ ...props,
830
+ };
831
+ super(scope, id, defaultProps);
832
+ }
833
+ }
834
+
653
835
  /**
654
836
  * Permission set types with corresponding AWS managed policies
655
837
  */
@@ -703,11 +885,11 @@ class JaypieSsoGroups extends constructs.Construct {
703
885
  instanceArn: this.instanceArn,
704
886
  name: exports.PermissionSetType.ADMINISTRATOR,
705
887
  description: "Full administrative access to all AWS services and resources",
706
- sessionDuration: cdk.Duration.hours(8).toIsoString(),
888
+ sessionDuration: cdk$1.Duration.hours(8).toIsoString(),
707
889
  managedPolicies: ["arn:aws:iam::aws:policy/AdministratorAccess"],
708
890
  inlinePolicy: mergedPolicy,
709
891
  });
710
- cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
892
+ cdk$1.Tags.of(permissionSet).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
711
893
  this.permissionSets[exports.PermissionSetType.ADMINISTRATOR] = permissionSet;
712
894
  }
713
895
  /**
@@ -740,11 +922,11 @@ class JaypieSsoGroups extends constructs.Construct {
740
922
  instanceArn: this.instanceArn,
741
923
  name: exports.PermissionSetType.ANALYST,
742
924
  description: "Read-only access with billing visibility and limited write access",
743
- sessionDuration: cdk.Duration.hours(4).toIsoString(),
925
+ sessionDuration: cdk$1.Duration.hours(4).toIsoString(),
744
926
  managedPolicies: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
745
927
  inlinePolicy: mergedPolicy,
746
928
  });
747
- cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
929
+ cdk$1.Tags.of(permissionSet).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
748
930
  this.permissionSets[exports.PermissionSetType.ANALYST] = permissionSet;
749
931
  }
750
932
  /**
@@ -792,13 +974,13 @@ class JaypieSsoGroups extends constructs.Construct {
792
974
  instanceArn: this.instanceArn,
793
975
  name: exports.PermissionSetType.DEVELOPER,
794
976
  description: "System administrator access with expanded write permissions",
795
- sessionDuration: cdk.Duration.hours(8).toIsoString(),
977
+ sessionDuration: cdk$1.Duration.hours(8).toIsoString(),
796
978
  managedPolicies: [
797
979
  "arn:aws:iam::aws:policy/job-function/SystemAdministrator",
798
980
  ],
799
981
  inlinePolicy: mergedPolicy,
800
982
  });
801
- cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
983
+ cdk$1.Tags.of(permissionSet).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
802
984
  this.permissionSets[exports.PermissionSetType.DEVELOPER] = permissionSet;
803
985
  }
804
986
  /**
@@ -865,8 +1047,8 @@ class JaypieSsoGroups extends constructs.Construct {
865
1047
  targetId: accountId,
866
1048
  targetType: "AWS_ACCOUNT",
867
1049
  });
868
- cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
869
- cdk.Tags.of(assignment).add("Group", "administrators");
1050
+ cdk$1.Tags.of(assignment).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
1051
+ cdk$1.Tags.of(assignment).add("Group", "administrators");
870
1052
  });
871
1053
  }
872
1054
  /**
@@ -892,8 +1074,8 @@ class JaypieSsoGroups extends constructs.Construct {
892
1074
  targetId: accountId,
893
1075
  targetType: "AWS_ACCOUNT",
894
1076
  });
895
- cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
896
- cdk.Tags.of(assignment).add("Group", "analysts");
1077
+ cdk$1.Tags.of(assignment).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
1078
+ cdk$1.Tags.of(assignment).add("Group", "analysts");
897
1079
  });
898
1080
  }
899
1081
  /**
@@ -918,8 +1100,8 @@ class JaypieSsoGroups extends constructs.Construct {
918
1100
  targetId: accountId,
919
1101
  targetType: "AWS_ACCOUNT",
920
1102
  });
921
- cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
922
- cdk.Tags.of(assignment).add("Group", "developers");
1103
+ cdk$1.Tags.of(assignment).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
1104
+ cdk$1.Tags.of(assignment).add("Group", "developers");
923
1105
  });
924
1106
  }
925
1107
  }
@@ -928,14 +1110,15 @@ class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
928
1110
  constructor(scope, id = "TraceSigningKey", props) {
929
1111
  const defaultProps = {
930
1112
  envKey: "TRACE_SIGNING_KEY",
931
- roleTag: cdk$1.CDK.ROLE.API,
932
- vendorTag: cdk$1.CDK.VENDOR.KNOWTRACE,
1113
+ roleTag: cdk.CDK.ROLE.API,
1114
+ vendorTag: cdk.CDK.VENDOR.KNOWTRACE,
933
1115
  ...props,
934
1116
  };
935
1117
  super(scope, id, defaultProps);
936
1118
  }
937
1119
  }
938
1120
 
1121
+ exports.JaypieBucketQueuedLambda = JaypieBucketQueuedLambda;
939
1122
  exports.JaypieEnvSecret = JaypieEnvSecret;
940
1123
  exports.JaypieHostedZone = JaypieHostedZone;
941
1124
  exports.JaypieLambda = JaypieLambda;