@jaypie/constructs 1.1.22 → 1.1.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/cjs/JaypieBucketQueuedLambda.d.ts +63 -0
  2. package/dist/cjs/__tests__/JaypieBucketQueuedLambda.spec.d.ts +1 -0
  3. package/dist/cjs/index.cjs +425 -241
  4. package/dist/cjs/index.cjs.map +1 -1
  5. package/dist/cjs/index.d.ts +1 -0
  6. package/dist/esm/JaypieBucketQueuedLambda.d.ts +63 -0
  7. package/dist/esm/__tests__/JaypieBucketQueuedLambda.spec.d.ts +1 -0
  8. package/dist/esm/index.d.ts +1 -0
  9. package/dist/esm/index.js +391 -210
  10. package/dist/esm/index.js.map +1 -1
  11. package/package.json +2 -2
package/dist/cjs/index.cjs CHANGED
@@ -1,15 +1,17 @@
1
1
  'use strict';
2
2
 
3
+ var cdk$1 = require('aws-cdk-lib');
4
+ var s3 = require('aws-cdk-lib/aws-s3');
5
+ var s3n = require('aws-cdk-lib/aws-s3-notifications');
6
+ var cdk = require('@jaypie/cdk');
3
7
  var constructs = require('constructs');
4
- var cdk = require('aws-cdk-lib');
8
+ var lambda = require('aws-cdk-lib/aws-lambda');
9
+ var sqs = require('aws-cdk-lib/aws-sqs');
10
+ var lambdaEventSources = require('aws-cdk-lib/aws-lambda-event-sources');
5
11
  var secretsmanager = require('aws-cdk-lib/aws-secretsmanager');
6
- var cdk$1 = require('@jaypie/cdk');
7
12
  var awsIam = require('aws-cdk-lib/aws-iam');
8
13
  var awsLogs = require('aws-cdk-lib/aws-logs');
9
14
  var awsRoute53 = require('aws-cdk-lib/aws-route53');
10
- var lambda = require('aws-cdk-lib/aws-lambda');
11
- var sqs = require('aws-cdk-lib/aws-sqs');
12
- var lambdaEventSources = require('aws-cdk-lib/aws-lambda-event-sources');
13
15
  var sso = require('aws-cdk-lib/aws-sso');
14
16
 
15
17
  function _interopNamespaceDefault(e) {
@@ -29,196 +31,19 @@ function _interopNamespaceDefault(e) {
29
31
  return Object.freeze(n);
30
32
  }
31
33
 
32
- var cdk__namespace = /*#__PURE__*/_interopNamespaceDefault(cdk);
33
- var secretsmanager__namespace = /*#__PURE__*/_interopNamespaceDefault(secretsmanager);
34
+ var cdk__namespace = /*#__PURE__*/_interopNamespaceDefault(cdk$1);
35
+ var s3__namespace = /*#__PURE__*/_interopNamespaceDefault(s3);
36
+ var s3n__namespace = /*#__PURE__*/_interopNamespaceDefault(s3n);
34
37
  var lambda__namespace = /*#__PURE__*/_interopNamespaceDefault(lambda);
35
38
  var sqs__namespace = /*#__PURE__*/_interopNamespaceDefault(sqs);
36
39
  var lambdaEventSources__namespace = /*#__PURE__*/_interopNamespaceDefault(lambdaEventSources);
40
+ var secretsmanager__namespace = /*#__PURE__*/_interopNamespaceDefault(secretsmanager);
37
41
  var sso__namespace = /*#__PURE__*/_interopNamespaceDefault(sso);
38
42
 
39
- // It is a consumer if the environment is ephemeral
40
- function checkEnvIsConsumer(env = process.env) {
41
- return (env.PROJECT_ENV === cdk$1.CDK.ENV.PERSONAL ||
42
- !!env.CDK_ENV_PERSONAL ||
43
- /** @deprecated */ env.PROJECT_ENV === "ephemeral" ||
44
- /** @deprecated */ !!env.CDK_ENV_EPHEMERAL);
45
- }
46
- function checkEnvIsProvider(env = process.env) {
47
- return env.PROJECT_ENV === cdk$1.CDK.ENV.SANDBOX;
48
- }
49
- function cleanName(name) {
50
- return name.replace(/[^a-zA-Z0-9:-]/g, "");
51
- }
52
- function exportEnvName(name, env = process.env) {
53
- let rawName;
54
- if (checkEnvIsProvider(env)) {
55
- rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
56
- // Clean the entire name to only allow alphanumeric, colons, and hyphens
57
- return cleanName(rawName);
58
- }
59
- else {
60
- if (checkEnvIsConsumer(env)) {
61
- rawName = `env-${cdk$1.CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;
62
- }
63
- else {
64
- rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
65
- }
66
- }
67
- return cleanName(rawName);
68
- }
69
- class JaypieEnvSecret extends constructs.Construct {
70
- constructor(scope, id, props) {
71
- super(scope, id);
72
- const { consumer = checkEnvIsConsumer(), envKey, export: exportParam, provider = checkEnvIsProvider(), roleTag, vendorTag, value, } = props || {};
73
- this._envKey = envKey;
74
- let exportName;
75
- if (!exportParam) {
76
- exportName = exportEnvName(id);
77
- }
78
- else {
79
- exportName = cleanName(exportParam);
80
- }
81
- if (consumer) {
82
- const secretName = cdk.Fn.importValue(exportName);
83
- this._secret = secretsmanager__namespace.Secret.fromSecretNameV2(this, id, secretName);
84
- // Add CfnOutput for consumer secrets
85
- new cdk.CfnOutput(this, `ConsumedName`, {
86
- value: this._secret.secretName,
87
- });
88
- }
89
- else {
90
- const secretValue = envKey && process.env[envKey] ? process.env[envKey] : value;
91
- const secretProps = {
92
- secretStringValue: secretValue
93
- ? cdk.SecretValue.unsafePlainText(secretValue)
94
- : undefined,
95
- };
96
- this._secret = new secretsmanager__namespace.Secret(this, id, secretProps);
97
- if (roleTag) {
98
- cdk.Tags.of(this._secret).add(cdk$1.CDK.TAG.ROLE, roleTag);
99
- }
100
- if (vendorTag) {
101
- cdk.Tags.of(this._secret).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
102
- }
103
- if (provider) {
104
- new cdk.CfnOutput(this, `ProvidedName`, {
105
- value: this._secret.secretName,
106
- exportName,
107
- });
108
- }
109
- else {
110
- new cdk.CfnOutput(this, `CreatedName`, {
111
- value: this._secret.secretName,
112
- });
113
- }
114
- }
115
- }
116
- // IResource implementation
117
- get stack() {
118
- return cdk.Stack.of(this);
119
- }
120
- get env() {
121
- return {
122
- account: cdk.Stack.of(this).account,
123
- region: cdk.Stack.of(this).region,
124
- };
125
- }
126
- applyRemovalPolicy(policy) {
127
- this._secret.applyRemovalPolicy(policy);
128
- }
129
- // ISecret implementation
130
- get secretArn() {
131
- return this._secret.secretArn;
132
- }
133
- get secretName() {
134
- return this._secret.secretName;
135
- }
136
- get secretFullArn() {
137
- return this._secret.secretFullArn;
138
- }
139
- get encryptionKey() {
140
- return this._secret.encryptionKey;
141
- }
142
- get secretValue() {
143
- return this._secret.secretValue;
144
- }
145
- secretValueFromJson(key) {
146
- return this._secret.secretValueFromJson(key);
147
- }
148
- grantRead(grantee, versionStages) {
149
- return this._secret.grantRead(grantee, versionStages);
150
- }
151
- grantWrite(grantee) {
152
- return this._secret.grantWrite(grantee);
153
- }
154
- addRotationSchedule(id, options) {
155
- return this._secret.addRotationSchedule(id, options);
156
- }
157
- addToResourcePolicy(statement) {
158
- return this._secret.addToResourcePolicy(statement);
159
- }
160
- denyAccountRootDelete() {
161
- this._secret.denyAccountRootDelete();
162
- }
163
- attach(target) {
164
- return this._secret.attach(target);
165
- }
166
- get envKey() {
167
- return this._envKey;
168
- }
169
- }
170
-
171
- const SERVICE = {
172
- ROUTE53: "route53.amazonaws.com",
173
- };
174
- class JaypieHostedZone extends constructs.Construct {
175
- /**
176
- * Create a new hosted zone with query logging
177
- */
178
- constructor(scope, id, props) {
179
- super(scope, id);
180
- const { destination, zoneName, project } = props;
181
- const service = props.service || cdk$1.CDK.SERVICE.INFRASTRUCTURE;
182
- // Create the log group
183
- this.logGroup = new awsLogs.LogGroup(this, "LogGroup", {
184
- logGroupName: process.env.PROJECT_NONCE
185
- ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`
186
- : `/aws/route53/${zoneName}`,
187
- retention: awsLogs.RetentionDays.ONE_WEEK,
188
- });
189
- // Add tags
190
- cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.SERVICE, service);
191
- cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
192
- if (project) {
193
- cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.PROJECT, project);
194
- }
195
- // Grant Route 53 permissions to write to the log group
196
- this.logGroup.grantWrite(new awsIam.ServicePrincipal(SERVICE.ROUTE53));
197
- // Add destination if provided
198
- if (destination) {
199
- this.logGroup.addSubscriptionFilter("DatadogLambdaDestination", {
200
- destination,
201
- filterPattern: awsLogs.FilterPattern.allEvents(),
202
- });
203
- }
204
- // Create the hosted zone
205
- this.hostedZone = new awsRoute53.HostedZone(this, "HostedZone", {
206
- queryLogsLogGroupArn: this.logGroup.logGroupArn,
207
- zoneName,
208
- });
209
- // Add tags
210
- cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.SERVICE, service);
211
- cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
212
- if (project) {
213
- cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.PROJECT, project);
214
- }
215
- }
216
- }
217
-
218
43
  class JaypieLambda extends constructs.Construct {
219
44
  constructor(scope, id, props) {
220
45
  super(scope, id);
221
- const { code, datadogApiKeyArn, environment: initialEnvironment = {}, envSecrets = {}, handler = "index.handler", layers = [], logRetention = cdk$1.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk$1.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_20_X, secrets = [], timeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), vendorTag, } = props;
46
+ const { code, datadogApiKeyArn, environment: initialEnvironment = {}, envSecrets = {}, handler = "index.handler", layers = [], logRetention = cdk.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_20_X, secrets = [], timeout = cdk$1.Duration.seconds(cdk.CDK.DURATION.LAMBDA_WORKER), vendorTag, } = props;
222
47
  // Create a mutable copy of the environment variables
223
48
  let environment = { ...initialEnvironment };
224
49
  this._code = typeof code === "string" ? lambda__namespace.Code.fromAsset(code) : code;
@@ -232,18 +57,18 @@ class JaypieLambda extends constructs.Construct {
232
57
  // Add Datadog integration if API key is available
233
58
  if (resolvedDatadogApiKeyArn) {
234
59
  // Add Datadog Node.js layer
235
- const datadogNodeLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogNodeLayer", `arn:aws:lambda:${cdk.Stack.of(this).region}:464622532012:layer:Datadog-Node20-x:${cdk$1.CDK.DATADOG.LAYER.NODE}`);
60
+ const datadogNodeLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogNodeLayer", `arn:aws:lambda:${cdk$1.Stack.of(this).region}:464622532012:layer:Datadog-Node20-x:${cdk.CDK.DATADOG.LAYER.NODE}`);
236
61
  resolvedLayers.push(datadogNodeLayer);
237
62
  // Add Datadog Extension layer
238
- const datadogExtensionLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogExtensionLayer", `arn:aws:lambda:${cdk.Stack.of(this).region}:464622532012:layer:Datadog-Extension:${cdk$1.CDK.DATADOG.LAYER.EXTENSION}`);
63
+ const datadogExtensionLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogExtensionLayer", `arn:aws:lambda:${cdk$1.Stack.of(this).region}:464622532012:layer:Datadog-Extension:${cdk.CDK.DATADOG.LAYER.EXTENSION}`);
239
64
  resolvedLayers.push(datadogExtensionLayer);
240
65
  // Set Datadog environment variables
241
66
  Object.assign(environment, {
242
67
  DD_API_KEY_SECRET_ARN: resolvedDatadogApiKeyArn,
243
68
  DD_ENV: process.env.PROJECT_ENV || "",
244
69
  DD_SERVICE: process.env.PROJECT_SERVICE || "",
245
- DD_SITE: cdk$1.CDK.DATADOG.SITE,
246
- DD_TAGS: `${cdk$1.CDK.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
70
+ DD_SITE: cdk.CDK.DATADOG.SITE,
71
+ DD_TAGS: `${cdk.CDK.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
247
72
  });
248
73
  }
249
74
  // Configure ParamsAndSecrets layer
@@ -294,7 +119,7 @@ class JaypieLambda extends constructs.Construct {
294
119
  paramsAndSecrets: resolvedParamsAndSecrets,
295
120
  reservedConcurrentExecutions,
296
121
  runtime,
297
- timeout: typeof timeout === "number" ? cdk.Duration.seconds(timeout) : timeout,
122
+ timeout: typeof timeout === "number" ? cdk$1.Duration.seconds(timeout) : timeout,
298
123
  });
299
124
  // Grant secret read permissions
300
125
  Object.values(envSecrets).forEach((secret) => {
@@ -311,10 +136,10 @@ class JaypieLambda extends constructs.Construct {
311
136
  datadogApiKey.grantRead(this._lambda);
312
137
  }
313
138
  if (roleTag) {
314
- cdk.Tags.of(this._lambda).add(cdk$1.CDK.TAG.ROLE, roleTag);
139
+ cdk$1.Tags.of(this._lambda).add(cdk.CDK.TAG.ROLE, roleTag);
315
140
  }
316
141
  if (vendorTag) {
317
- cdk.Tags.of(this._lambda).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
142
+ cdk$1.Tags.of(this._lambda).add(cdk.CDK.TAG.VENDOR, vendorTag);
318
143
  }
319
144
  }
320
145
  // Public accessors
@@ -406,8 +231,8 @@ class JaypieLambda extends constructs.Construct {
406
231
  }
407
232
  get env() {
408
233
  return {
409
- account: cdk.Stack.of(this).account,
410
- region: cdk.Stack.of(this).region,
234
+ account: cdk$1.Stack.of(this).account,
235
+ region: cdk$1.Stack.of(this).region,
411
236
  };
412
237
  }
413
238
  get stack() {
@@ -418,46 +243,22 @@ class JaypieLambda extends constructs.Construct {
418
243
  }
419
244
  }
420
245
 
421
- class JaypieMongoDbSecret extends JaypieEnvSecret {
422
- constructor(scope, id = "MongoConnectionString", props) {
423
- const defaultProps = {
424
- envKey: "MONGODB_URI",
425
- roleTag: cdk$1.CDK.ROLE.STORAGE,
426
- vendorTag: cdk$1.CDK.VENDOR.MONGODB,
427
- ...props,
428
- };
429
- super(scope, id, defaultProps);
430
- }
431
- }
432
-
433
- class JaypieOpenAiSecret extends JaypieEnvSecret {
434
- constructor(scope, id = "OpenAiApiKey", props) {
435
- const defaultProps = {
436
- envKey: "OPENAI_API_KEY",
437
- roleTag: cdk$1.CDK.ROLE.PROCESSING,
438
- vendorTag: cdk$1.CDK.VENDOR.OPENAI,
439
- ...props,
440
- };
441
- super(scope, id, defaultProps);
442
- }
443
- }
444
-
445
246
  class JaypieQueuedLambda extends constructs.Construct {
446
247
  constructor(scope, id, props) {
447
248
  super(scope, id);
448
- const { batchSize = 1, code, environment = {}, envSecrets = {}, fifo = true, handler = "index.handler", layers = [], logRetention = cdk$1.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk$1.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_20_X, secrets = [], timeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), vendorTag, visibilityTimeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), } = props;
249
+ const { batchSize = 1, code, environment = {}, envSecrets = {}, fifo = true, handler = "index.handler", layers = [], logRetention = cdk.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_20_X, secrets = [], timeout = cdk$1.Duration.seconds(cdk.CDK.DURATION.LAMBDA_WORKER), vendorTag, visibilityTimeout = cdk$1.Duration.seconds(cdk.CDK.DURATION.LAMBDA_WORKER), } = props;
449
250
  // Create SQS Queue
450
251
  this._queue = new sqs__namespace.Queue(this, "Queue", {
451
252
  fifo,
452
253
  visibilityTimeout: typeof visibilityTimeout === "number"
453
- ? cdk.Duration.seconds(visibilityTimeout)
254
+ ? cdk$1.Duration.seconds(visibilityTimeout)
454
255
  : visibilityTimeout,
455
256
  });
456
257
  if (roleTag) {
457
- cdk.Tags.of(this._queue).add(cdk$1.CDK.TAG.ROLE, roleTag);
258
+ cdk$1.Tags.of(this._queue).add(cdk.CDK.TAG.ROLE, roleTag);
458
259
  }
459
260
  if (vendorTag) {
460
- cdk.Tags.of(this._queue).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
261
+ cdk$1.Tags.of(this._queue).add(cdk.CDK.TAG.VENDOR, vendorTag);
461
262
  }
462
263
  // Create Lambda with JaypieLambda
463
264
  this._lambdaConstruct = new JaypieLambda(this, "Function", {
@@ -578,12 +379,12 @@ class JaypieQueuedLambda extends constructs.Construct {
578
379
  }
579
380
  get env() {
580
381
  return {
581
- account: cdk.Stack.of(this).account,
582
- region: cdk.Stack.of(this).region,
382
+ account: cdk$1.Stack.of(this).account,
383
+ region: cdk$1.Stack.of(this).region,
583
384
  };
584
385
  }
585
386
  get stack() {
586
- return cdk.Stack.of(this);
387
+ return cdk$1.Stack.of(this);
587
388
  }
588
389
  applyRemovalPolicy(policy) {
589
390
  this._lambdaConstruct.applyRemovalPolicy(policy);
@@ -650,6 +451,388 @@ class JaypieQueuedLambda extends constructs.Construct {
650
451
  }
651
452
  }
652
453
 
454
+ class JaypieBucketQueuedLambda extends JaypieQueuedLambda {
455
+ constructor(scope, id, props) {
456
+ props.fifo = false; // S3 event notifications are not supported for FIFO queues
457
+ super(scope, id, props);
458
+ const { bucketName, roleTag, vendorTag, bucketOptions = {} } = props;
459
+ // Create S3 Bucket
460
+ this._bucket = new s3__namespace.Bucket(this, "Bucket", {
461
+ bucketName: bucketOptions.bucketName || bucketName,
462
+ removalPolicy: bucketOptions.removalPolicy || cdk$1.RemovalPolicy.RETAIN,
463
+ ...bucketOptions,
464
+ });
465
+ // Add tags to bucket
466
+ if (roleTag) {
467
+ cdk$1.Tags.of(this._bucket).add(cdk.CDK.TAG.ROLE, roleTag);
468
+ }
469
+ if (vendorTag) {
470
+ cdk$1.Tags.of(this._bucket).add(cdk.CDK.TAG.VENDOR, vendorTag);
471
+ }
472
+ // Add an event notification from the bucket to the queue
473
+ this._bucket.addEventNotification(s3__namespace.EventType.OBJECT_CREATED, new s3n__namespace.SqsDestination(this.queue));
474
+ // Grant the lambda access to the bucket
475
+ this._bucket.grantReadWrite(this);
476
+ // Add environment variable for bucket name
477
+ this.lambda.addEnvironment("CDK_ENV_BUCKET_NAME", this._bucket.bucketName);
478
+ }
479
+ // Public accessors
480
+ get bucket() {
481
+ return this._bucket;
482
+ }
483
+ // IBucket implementation
484
+ get bucketArn() {
485
+ return this._bucket.bucketArn;
486
+ }
487
+ get bucketDomainName() {
488
+ return this._bucket.bucketDomainName;
489
+ }
490
+ get bucketDualStackDomainName() {
491
+ return this._bucket.bucketDualStackDomainName;
492
+ }
493
+ get bucketName() {
494
+ return this._bucket.bucketName;
495
+ }
496
+ get bucketRegionalDomainName() {
497
+ return this._bucket.bucketRegionalDomainName;
498
+ }
499
+ get bucketWebsiteDomainName() {
500
+ return this._bucket.bucketWebsiteDomainName;
501
+ }
502
+ get bucketWebsiteUrl() {
503
+ return this._bucket.bucketWebsiteUrl;
504
+ }
505
+ get encryptionKey() {
506
+ return this._bucket.encryptionKey;
507
+ }
508
+ get isWebsite() {
509
+ return this._bucket.isWebsite || false;
510
+ }
511
+ get policy() {
512
+ return this._bucket.policy;
513
+ }
514
+ addEventNotification(event, dest, filters) {
515
+ this._bucket.addEventNotification(event, dest, ...filters);
516
+ }
517
+ addObjectCreatedNotification(dest, ...filters) {
518
+ this._bucket.addObjectCreatedNotification(dest, ...filters);
519
+ }
520
+ addObjectRemovedNotification(dest, ...filters) {
521
+ this._bucket.addObjectRemovedNotification(dest, ...filters);
522
+ }
523
+ addToResourcePolicy(permission) {
524
+ return this._bucket.addToResourcePolicy(permission);
525
+ }
526
+ arnForObjects(objectKeyPattern) {
527
+ return this._bucket.arnForObjects(objectKeyPattern);
528
+ }
529
+ enableEventBridgeNotification() {
530
+ this._bucket.enableEventBridgeNotification();
531
+ }
532
+ grant(grantee, ...actions) {
533
+ return this._bucket.grant(grantee, ...actions);
534
+ }
535
+ grantDelete(grantee, objectsKeyPattern) {
536
+ return this._bucket.grantDelete(grantee, objectsKeyPattern);
537
+ }
538
+ grantPublicAccess(keyPrefix, ...allowedActions) {
539
+ return this._bucket.grantPublicAccess(keyPrefix, ...allowedActions);
540
+ }
541
+ grantPut(grantee, objectsKeyPattern) {
542
+ return this._bucket.grantPut(grantee, objectsKeyPattern);
543
+ }
544
+ grantPutAcl(grantee, objectsKeyPattern) {
545
+ return this._bucket.grantPutAcl(grantee, objectsKeyPattern);
546
+ }
547
+ grantRead(grantee, objectsKeyPattern) {
548
+ return this._bucket.grantRead(grantee, objectsKeyPattern);
549
+ }
550
+ grantReadWrite(grantee, objectsKeyPattern) {
551
+ return this._bucket.grantReadWrite(grantee, objectsKeyPattern);
552
+ }
553
+ grantWrite(grantee, objectsKeyPattern) {
554
+ return this._bucket.grantWrite(grantee, objectsKeyPattern);
555
+ }
556
+ onCloudTrailEvent(id, options) {
557
+ return this._bucket.onCloudTrailEvent(id, options);
558
+ }
559
+ onCloudTrailPutObject(id, options) {
560
+ return this._bucket.onCloudTrailPutObject(id, options);
561
+ }
562
+ onCloudTrailWriteObject(id, options) {
563
+ return this._bucket.onCloudTrailWriteObject(id, options);
564
+ }
565
+ s3UrlForObject(key) {
566
+ return this._bucket.s3UrlForObject(key);
567
+ }
568
+ transferAccelerationUrlForObject(key, options) {
569
+ return this._bucket.transferAccelerationUrlForObject(key, options);
570
+ }
571
+ urlForObject(key) {
572
+ return this._bucket.urlForObject(key);
573
+ }
574
+ virtualHostedUrlForObject(key, options) {
575
+ return this._bucket.virtualHostedUrlForObject(key, options);
576
+ }
577
+ // Bucket metrics
578
+ metricAllRequests(props) {
579
+ return this._bucket.metricAllRequests(props);
580
+ }
581
+ metricBucketSizeBytes(props) {
582
+ return this._bucket.metricBucketSizeBytes(props);
583
+ }
584
+ metricDeleteRequests(props) {
585
+ return this._bucket.metricDeleteRequests(props);
586
+ }
587
+ metricDownloadBytes(props) {
588
+ return this._bucket.metricDownloadBytes(props);
589
+ }
590
+ metricFirstByteLatency(props) {
591
+ return this._bucket.metricFirstByteLatency(props);
592
+ }
593
+ metricGetRequests(props) {
594
+ return this._bucket.metricGetRequests(props);
595
+ }
596
+ metricHeadRequests(props) {
597
+ return this._bucket.metricHeadRequests(props);
598
+ }
599
+ metricHttpRequests(props) {
600
+ return this._bucket.metricHttpRequests(props);
601
+ }
602
+ metricListRequests(props) {
603
+ return this._bucket.metricListRequests(props);
604
+ }
605
+ metricNumberOfObjects(props) {
606
+ return this._bucket.metricNumberOfObjects(props);
607
+ }
608
+ metricPostRequests(props) {
609
+ return this._bucket.metricPostRequests(props);
610
+ }
611
+ metricPutRequests(props) {
612
+ return this._bucket.metricPutRequests(props);
613
+ }
614
+ metricSelectRequests(props) {
615
+ return this._bucket.metricSelectRequests(props);
616
+ }
617
+ metricSelectScannedBytes(props) {
618
+ return this._bucket.metricSelectScannedBytes(props);
619
+ }
620
+ metricUploadBytes(props) {
621
+ return this._bucket.metricUploadBytes(props);
622
+ }
623
+ metricSelectReturnedBytes(props) {
624
+ return this._bucket.metricSelectReturnedBytes(props);
625
+ }
626
+ // Override applyRemovalPolicy to apply to all resources
627
+ applyRemovalPolicy(policy) {
628
+ super.applyRemovalPolicy(policy);
629
+ this._bucket.applyRemovalPolicy(policy);
630
+ }
631
+ }
632
+
633
+ // It is a consumer if the environment is ephemeral
634
+ function checkEnvIsConsumer(env = process.env) {
635
+ return (env.PROJECT_ENV === cdk.CDK.ENV.PERSONAL ||
636
+ !!env.CDK_ENV_PERSONAL ||
637
+ /** @deprecated */ env.PROJECT_ENV === "ephemeral" ||
638
+ /** @deprecated */ !!env.CDK_ENV_EPHEMERAL);
639
+ }
640
+ function checkEnvIsProvider(env = process.env) {
641
+ return env.PROJECT_ENV === cdk.CDK.ENV.SANDBOX;
642
+ }
643
+ function cleanName(name) {
644
+ return name.replace(/[^a-zA-Z0-9:-]/g, "");
645
+ }
646
+ function exportEnvName(name, env = process.env) {
647
+ let rawName;
648
+ if (checkEnvIsProvider(env)) {
649
+ rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
650
+ // Clean the entire name to only allow alphanumeric, colons, and hyphens
651
+ return cleanName(rawName);
652
+ }
653
+ else {
654
+ if (checkEnvIsConsumer(env)) {
655
+ rawName = `env-${cdk.CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;
656
+ }
657
+ else {
658
+ rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
659
+ }
660
+ }
661
+ return cleanName(rawName);
662
+ }
663
+ class JaypieEnvSecret extends constructs.Construct {
664
+ constructor(scope, id, props) {
665
+ super(scope, id);
666
+ const { consumer = checkEnvIsConsumer(), envKey, export: exportParam, provider = checkEnvIsProvider(), roleTag, vendorTag, value, } = props || {};
667
+ this._envKey = envKey;
668
+ let exportName;
669
+ if (!exportParam) {
670
+ exportName = exportEnvName(id);
671
+ }
672
+ else {
673
+ exportName = cleanName(exportParam);
674
+ }
675
+ if (consumer) {
676
+ const secretName = cdk$1.Fn.importValue(exportName);
677
+ this._secret = secretsmanager__namespace.Secret.fromSecretNameV2(this, id, secretName);
678
+ // Add CfnOutput for consumer secrets
679
+ new cdk$1.CfnOutput(this, `ConsumedName`, {
680
+ value: this._secret.secretName,
681
+ });
682
+ }
683
+ else {
684
+ const secretValue = envKey && process.env[envKey] ? process.env[envKey] : value;
685
+ const secretProps = {
686
+ secretStringValue: secretValue
687
+ ? cdk$1.SecretValue.unsafePlainText(secretValue)
688
+ : undefined,
689
+ };
690
+ this._secret = new secretsmanager__namespace.Secret(this, id, secretProps);
691
+ if (roleTag) {
692
+ cdk$1.Tags.of(this._secret).add(cdk.CDK.TAG.ROLE, roleTag);
693
+ }
694
+ if (vendorTag) {
695
+ cdk$1.Tags.of(this._secret).add(cdk.CDK.TAG.VENDOR, vendorTag);
696
+ }
697
+ if (provider) {
698
+ new cdk$1.CfnOutput(this, `ProvidedName`, {
699
+ value: this._secret.secretName,
700
+ exportName,
701
+ });
702
+ }
703
+ else {
704
+ new cdk$1.CfnOutput(this, `CreatedName`, {
705
+ value: this._secret.secretName,
706
+ });
707
+ }
708
+ }
709
+ }
710
+ // IResource implementation
711
+ get stack() {
712
+ return cdk$1.Stack.of(this);
713
+ }
714
+ get env() {
715
+ return {
716
+ account: cdk$1.Stack.of(this).account,
717
+ region: cdk$1.Stack.of(this).region,
718
+ };
719
+ }
720
+ applyRemovalPolicy(policy) {
721
+ this._secret.applyRemovalPolicy(policy);
722
+ }
723
+ // ISecret implementation
724
+ get secretArn() {
725
+ return this._secret.secretArn;
726
+ }
727
+ get secretName() {
728
+ return this._secret.secretName;
729
+ }
730
+ get secretFullArn() {
731
+ return this._secret.secretFullArn;
732
+ }
733
+ get encryptionKey() {
734
+ return this._secret.encryptionKey;
735
+ }
736
+ get secretValue() {
737
+ return this._secret.secretValue;
738
+ }
739
+ secretValueFromJson(key) {
740
+ return this._secret.secretValueFromJson(key);
741
+ }
742
+ grantRead(grantee, versionStages) {
743
+ return this._secret.grantRead(grantee, versionStages);
744
+ }
745
+ grantWrite(grantee) {
746
+ return this._secret.grantWrite(grantee);
747
+ }
748
+ addRotationSchedule(id, options) {
749
+ return this._secret.addRotationSchedule(id, options);
750
+ }
751
+ addToResourcePolicy(statement) {
752
+ return this._secret.addToResourcePolicy(statement);
753
+ }
754
+ denyAccountRootDelete() {
755
+ this._secret.denyAccountRootDelete();
756
+ }
757
+ attach(target) {
758
+ return this._secret.attach(target);
759
+ }
760
+ get envKey() {
761
+ return this._envKey;
762
+ }
763
+ }
764
+
765
+ const SERVICE = {
766
+ ROUTE53: "route53.amazonaws.com",
767
+ };
768
+ class JaypieHostedZone extends constructs.Construct {
769
+ /**
770
+ * Create a new hosted zone with query logging
771
+ */
772
+ constructor(scope, id, props) {
773
+ super(scope, id);
774
+ const { destination, zoneName, project } = props;
775
+ const service = props.service || cdk.CDK.SERVICE.INFRASTRUCTURE;
776
+ // Create the log group
777
+ this.logGroup = new awsLogs.LogGroup(this, "LogGroup", {
778
+ logGroupName: process.env.PROJECT_NONCE
779
+ ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`
780
+ : `/aws/route53/${zoneName}`,
781
+ retention: awsLogs.RetentionDays.ONE_WEEK,
782
+ });
783
+ // Add tags
784
+ cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.SERVICE, service);
785
+ cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
786
+ if (project) {
787
+ cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.PROJECT, project);
788
+ }
789
+ // Grant Route 53 permissions to write to the log group
790
+ this.logGroup.grantWrite(new awsIam.ServicePrincipal(SERVICE.ROUTE53));
791
+ // Add destination if provided
792
+ if (destination) {
793
+ this.logGroup.addSubscriptionFilter("DatadogLambdaDestination", {
794
+ destination,
795
+ filterPattern: awsLogs.FilterPattern.allEvents(),
796
+ });
797
+ }
798
+ // Create the hosted zone
799
+ this.hostedZone = new awsRoute53.HostedZone(this, "HostedZone", {
800
+ queryLogsLogGroupArn: this.logGroup.logGroupArn,
801
+ zoneName,
802
+ });
803
+ // Add tags
804
+ cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.SERVICE, service);
805
+ cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
806
+ if (project) {
807
+ cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.PROJECT, project);
808
+ }
809
+ }
810
+ }
811
+
812
+ class JaypieMongoDbSecret extends JaypieEnvSecret {
813
+ constructor(scope, id = "MongoConnectionString", props) {
814
+ const defaultProps = {
815
+ envKey: "MONGODB_URI",
816
+ roleTag: cdk.CDK.ROLE.STORAGE,
817
+ vendorTag: cdk.CDK.VENDOR.MONGODB,
818
+ ...props,
819
+ };
820
+ super(scope, id, defaultProps);
821
+ }
822
+ }
823
+
824
+ class JaypieOpenAiSecret extends JaypieEnvSecret {
825
+ constructor(scope, id = "OpenAiApiKey", props) {
826
+ const defaultProps = {
827
+ envKey: "OPENAI_API_KEY",
828
+ roleTag: cdk.CDK.ROLE.PROCESSING,
829
+ vendorTag: cdk.CDK.VENDOR.OPENAI,
830
+ ...props,
831
+ };
832
+ super(scope, id, defaultProps);
833
+ }
834
+ }
835
+
653
836
  /**
654
837
  * Permission set types with corresponding AWS managed policies
655
838
  */
@@ -703,11 +886,11 @@ class JaypieSsoGroups extends constructs.Construct {
703
886
  instanceArn: this.instanceArn,
704
887
  name: exports.PermissionSetType.ADMINISTRATOR,
705
888
  description: "Full administrative access to all AWS services and resources",
706
- sessionDuration: cdk.Duration.hours(8).toIsoString(),
889
+ sessionDuration: cdk$1.Duration.hours(8).toIsoString(),
707
890
  managedPolicies: ["arn:aws:iam::aws:policy/AdministratorAccess"],
708
891
  inlinePolicy: mergedPolicy,
709
892
  });
710
- cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
893
+ cdk$1.Tags.of(permissionSet).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
711
894
  this.permissionSets[exports.PermissionSetType.ADMINISTRATOR] = permissionSet;
712
895
  }
713
896
  /**
@@ -740,11 +923,11 @@ class JaypieSsoGroups extends constructs.Construct {
740
923
  instanceArn: this.instanceArn,
741
924
  name: exports.PermissionSetType.ANALYST,
742
925
  description: "Read-only access with billing visibility and limited write access",
743
- sessionDuration: cdk.Duration.hours(4).toIsoString(),
926
+ sessionDuration: cdk$1.Duration.hours(4).toIsoString(),
744
927
  managedPolicies: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
745
928
  inlinePolicy: mergedPolicy,
746
929
  });
747
- cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
930
+ cdk$1.Tags.of(permissionSet).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
748
931
  this.permissionSets[exports.PermissionSetType.ANALYST] = permissionSet;
749
932
  }
750
933
  /**
@@ -792,13 +975,13 @@ class JaypieSsoGroups extends constructs.Construct {
792
975
  instanceArn: this.instanceArn,
793
976
  name: exports.PermissionSetType.DEVELOPER,
794
977
  description: "System administrator access with expanded write permissions",
795
- sessionDuration: cdk.Duration.hours(8).toIsoString(),
978
+ sessionDuration: cdk$1.Duration.hours(8).toIsoString(),
796
979
  managedPolicies: [
797
980
  "arn:aws:iam::aws:policy/job-function/SystemAdministrator",
798
981
  ],
799
982
  inlinePolicy: mergedPolicy,
800
983
  });
801
- cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
984
+ cdk$1.Tags.of(permissionSet).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
802
985
  this.permissionSets[exports.PermissionSetType.DEVELOPER] = permissionSet;
803
986
  }
804
987
  /**
@@ -865,8 +1048,8 @@ class JaypieSsoGroups extends constructs.Construct {
865
1048
  targetId: accountId,
866
1049
  targetType: "AWS_ACCOUNT",
867
1050
  });
868
- cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
869
- cdk.Tags.of(assignment).add("Group", "administrators");
1051
+ cdk$1.Tags.of(assignment).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
1052
+ cdk$1.Tags.of(assignment).add("Group", "administrators");
870
1053
  });
871
1054
  }
872
1055
  /**
@@ -892,8 +1075,8 @@ class JaypieSsoGroups extends constructs.Construct {
892
1075
  targetId: accountId,
893
1076
  targetType: "AWS_ACCOUNT",
894
1077
  });
895
- cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
896
- cdk.Tags.of(assignment).add("Group", "analysts");
1078
+ cdk$1.Tags.of(assignment).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
1079
+ cdk$1.Tags.of(assignment).add("Group", "analysts");
897
1080
  });
898
1081
  }
899
1082
  /**
@@ -918,8 +1101,8 @@ class JaypieSsoGroups extends constructs.Construct {
918
1101
  targetId: accountId,
919
1102
  targetType: "AWS_ACCOUNT",
920
1103
  });
921
- cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
922
- cdk.Tags.of(assignment).add("Group", "developers");
1104
+ cdk$1.Tags.of(assignment).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
1105
+ cdk$1.Tags.of(assignment).add("Group", "developers");
923
1106
  });
924
1107
  }
925
1108
  }
@@ -928,14 +1111,15 @@ class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
928
1111
  constructor(scope, id = "TraceSigningKey", props) {
929
1112
  const defaultProps = {
930
1113
  envKey: "TRACE_SIGNING_KEY",
931
- roleTag: cdk$1.CDK.ROLE.API,
932
- vendorTag: cdk$1.CDK.VENDOR.KNOWTRACE,
1114
+ roleTag: cdk.CDK.ROLE.API,
1115
+ vendorTag: cdk.CDK.VENDOR.KNOWTRACE,
933
1116
  ...props,
934
1117
  };
935
1118
  super(scope, id, defaultProps);
936
1119
  }
937
1120
  }
938
1121
 
1122
+ exports.JaypieBucketQueuedLambda = JaypieBucketQueuedLambda;
939
1123
  exports.JaypieEnvSecret = JaypieEnvSecret;
940
1124
  exports.JaypieHostedZone = JaypieHostedZone;
941
1125
  exports.JaypieLambda = JaypieLambda;