@jaypie/constructs 1.1.22 → 1.1.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/cjs/JaypieBucketQueuedLambda.d.ts +63 -0
  2. package/dist/cjs/__tests__/JaypieBucketQueuedLambda.spec.d.ts +1 -0
  3. package/dist/cjs/index.cjs +425 -241
  4. package/dist/cjs/index.cjs.map +1 -1
  5. package/dist/cjs/index.d.ts +1 -0
  6. package/dist/esm/JaypieBucketQueuedLambda.d.ts +63 -0
  7. package/dist/esm/__tests__/JaypieBucketQueuedLambda.spec.d.ts +1 -0
  8. package/dist/esm/index.d.ts +1 -0
  9. package/dist/esm/index.js +391 -210
  10. package/dist/esm/index.js.map +1 -1
  11. package/package.json +2 -2
package/dist/esm/index.js CHANGED
@@ -1,195 +1,18 @@
1
- import { Construct } from 'constructs';
2
1
  import * as cdk from 'aws-cdk-lib';
3
- import { Fn, CfnOutput, SecretValue, Tags, Stack, Duration } from 'aws-cdk-lib';
4
- import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
2
+ import { Duration, Stack, Tags, RemovalPolicy, Fn, CfnOutput, SecretValue } from 'aws-cdk-lib';
3
+ import * as s3 from 'aws-cdk-lib/aws-s3';
4
+ import * as s3n from 'aws-cdk-lib/aws-s3-notifications';
5
5
  import { CDK } from '@jaypie/cdk';
6
- import { ServicePrincipal } from 'aws-cdk-lib/aws-iam';
7
- import { LogGroup, RetentionDays, FilterPattern } from 'aws-cdk-lib/aws-logs';
8
- import { HostedZone } from 'aws-cdk-lib/aws-route53';
6
+ import { Construct } from 'constructs';
9
7
  import * as lambda from 'aws-cdk-lib/aws-lambda';
10
8
  import * as sqs from 'aws-cdk-lib/aws-sqs';
11
9
  import * as lambdaEventSources from 'aws-cdk-lib/aws-lambda-event-sources';
10
+ import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
11
+ import { ServicePrincipal } from 'aws-cdk-lib/aws-iam';
12
+ import { LogGroup, RetentionDays, FilterPattern } from 'aws-cdk-lib/aws-logs';
13
+ import { HostedZone } from 'aws-cdk-lib/aws-route53';
12
14
  import * as sso from 'aws-cdk-lib/aws-sso';
13
15
 
14
- // It is a consumer if the environment is ephemeral
15
- function checkEnvIsConsumer(env = process.env) {
16
- return (env.PROJECT_ENV === CDK.ENV.PERSONAL ||
17
- !!env.CDK_ENV_PERSONAL ||
18
- /** @deprecated */ env.PROJECT_ENV === "ephemeral" ||
19
- /** @deprecated */ !!env.CDK_ENV_EPHEMERAL);
20
- }
21
- function checkEnvIsProvider(env = process.env) {
22
- return env.PROJECT_ENV === CDK.ENV.SANDBOX;
23
- }
24
- function cleanName(name) {
25
- return name.replace(/[^a-zA-Z0-9:-]/g, "");
26
- }
27
- function exportEnvName(name, env = process.env) {
28
- let rawName;
29
- if (checkEnvIsProvider(env)) {
30
- rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
31
- // Clean the entire name to only allow alphanumeric, colons, and hyphens
32
- return cleanName(rawName);
33
- }
34
- else {
35
- if (checkEnvIsConsumer(env)) {
36
- rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;
37
- }
38
- else {
39
- rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
40
- }
41
- }
42
- return cleanName(rawName);
43
- }
44
- class JaypieEnvSecret extends Construct {
45
- constructor(scope, id, props) {
46
- super(scope, id);
47
- const { consumer = checkEnvIsConsumer(), envKey, export: exportParam, provider = checkEnvIsProvider(), roleTag, vendorTag, value, } = props || {};
48
- this._envKey = envKey;
49
- let exportName;
50
- if (!exportParam) {
51
- exportName = exportEnvName(id);
52
- }
53
- else {
54
- exportName = cleanName(exportParam);
55
- }
56
- if (consumer) {
57
- const secretName = Fn.importValue(exportName);
58
- this._secret = secretsmanager.Secret.fromSecretNameV2(this, id, secretName);
59
- // Add CfnOutput for consumer secrets
60
- new CfnOutput(this, `ConsumedName`, {
61
- value: this._secret.secretName,
62
- });
63
- }
64
- else {
65
- const secretValue = envKey && process.env[envKey] ? process.env[envKey] : value;
66
- const secretProps = {
67
- secretStringValue: secretValue
68
- ? SecretValue.unsafePlainText(secretValue)
69
- : undefined,
70
- };
71
- this._secret = new secretsmanager.Secret(this, id, secretProps);
72
- if (roleTag) {
73
- Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);
74
- }
75
- if (vendorTag) {
76
- Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);
77
- }
78
- if (provider) {
79
- new CfnOutput(this, `ProvidedName`, {
80
- value: this._secret.secretName,
81
- exportName,
82
- });
83
- }
84
- else {
85
- new CfnOutput(this, `CreatedName`, {
86
- value: this._secret.secretName,
87
- });
88
- }
89
- }
90
- }
91
- // IResource implementation
92
- get stack() {
93
- return Stack.of(this);
94
- }
95
- get env() {
96
- return {
97
- account: Stack.of(this).account,
98
- region: Stack.of(this).region,
99
- };
100
- }
101
- applyRemovalPolicy(policy) {
102
- this._secret.applyRemovalPolicy(policy);
103
- }
104
- // ISecret implementation
105
- get secretArn() {
106
- return this._secret.secretArn;
107
- }
108
- get secretName() {
109
- return this._secret.secretName;
110
- }
111
- get secretFullArn() {
112
- return this._secret.secretFullArn;
113
- }
114
- get encryptionKey() {
115
- return this._secret.encryptionKey;
116
- }
117
- get secretValue() {
118
- return this._secret.secretValue;
119
- }
120
- secretValueFromJson(key) {
121
- return this._secret.secretValueFromJson(key);
122
- }
123
- grantRead(grantee, versionStages) {
124
- return this._secret.grantRead(grantee, versionStages);
125
- }
126
- grantWrite(grantee) {
127
- return this._secret.grantWrite(grantee);
128
- }
129
- addRotationSchedule(id, options) {
130
- return this._secret.addRotationSchedule(id, options);
131
- }
132
- addToResourcePolicy(statement) {
133
- return this._secret.addToResourcePolicy(statement);
134
- }
135
- denyAccountRootDelete() {
136
- this._secret.denyAccountRootDelete();
137
- }
138
- attach(target) {
139
- return this._secret.attach(target);
140
- }
141
- get envKey() {
142
- return this._envKey;
143
- }
144
- }
145
-
146
- const SERVICE = {
147
- ROUTE53: "route53.amazonaws.com",
148
- };
149
- class JaypieHostedZone extends Construct {
150
- /**
151
- * Create a new hosted zone with query logging
152
- */
153
- constructor(scope, id, props) {
154
- super(scope, id);
155
- const { destination, zoneName, project } = props;
156
- const service = props.service || CDK.SERVICE.INFRASTRUCTURE;
157
- // Create the log group
158
- this.logGroup = new LogGroup(this, "LogGroup", {
159
- logGroupName: process.env.PROJECT_NONCE
160
- ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`
161
- : `/aws/route53/${zoneName}`,
162
- retention: RetentionDays.ONE_WEEK,
163
- });
164
- // Add tags
165
- cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);
166
- cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);
167
- if (project) {
168
- cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);
169
- }
170
- // Grant Route 53 permissions to write to the log group
171
- this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));
172
- // Add destination if provided
173
- if (destination) {
174
- this.logGroup.addSubscriptionFilter("DatadogLambdaDestination", {
175
- destination,
176
- filterPattern: FilterPattern.allEvents(),
177
- });
178
- }
179
- // Create the hosted zone
180
- this.hostedZone = new HostedZone(this, "HostedZone", {
181
- queryLogsLogGroupArn: this.logGroup.logGroupArn,
182
- zoneName,
183
- });
184
- // Add tags
185
- cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);
186
- cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);
187
- if (project) {
188
- cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);
189
- }
190
- }
191
- }
192
-
193
16
  class JaypieLambda extends Construct {
194
17
  constructor(scope, id, props) {
195
18
  super(scope, id);
@@ -393,30 +216,6 @@ class JaypieLambda extends Construct {
393
216
  }
394
217
  }
395
218
 
396
- class JaypieMongoDbSecret extends JaypieEnvSecret {
397
- constructor(scope, id = "MongoConnectionString", props) {
398
- const defaultProps = {
399
- envKey: "MONGODB_URI",
400
- roleTag: CDK.ROLE.STORAGE,
401
- vendorTag: CDK.VENDOR.MONGODB,
402
- ...props,
403
- };
404
- super(scope, id, defaultProps);
405
- }
406
- }
407
-
408
- class JaypieOpenAiSecret extends JaypieEnvSecret {
409
- constructor(scope, id = "OpenAiApiKey", props) {
410
- const defaultProps = {
411
- envKey: "OPENAI_API_KEY",
412
- roleTag: CDK.ROLE.PROCESSING,
413
- vendorTag: CDK.VENDOR.OPENAI,
414
- ...props,
415
- };
416
- super(scope, id, defaultProps);
417
- }
418
- }
419
-
420
219
  class JaypieQueuedLambda extends Construct {
421
220
  constructor(scope, id, props) {
422
221
  super(scope, id);
@@ -625,6 +424,388 @@ class JaypieQueuedLambda extends Construct {
625
424
  }
626
425
  }
627
426
 
427
+ class JaypieBucketQueuedLambda extends JaypieQueuedLambda {
428
+ constructor(scope, id, props) {
429
+ props.fifo = false; // S3 event notifications are not supported for FIFO queues
430
+ super(scope, id, props);
431
+ const { bucketName, roleTag, vendorTag, bucketOptions = {} } = props;
432
+ // Create S3 Bucket
433
+ this._bucket = new s3.Bucket(this, "Bucket", {
434
+ bucketName: bucketOptions.bucketName || bucketName,
435
+ removalPolicy: bucketOptions.removalPolicy || RemovalPolicy.RETAIN,
436
+ ...bucketOptions,
437
+ });
438
+ // Add tags to bucket
439
+ if (roleTag) {
440
+ Tags.of(this._bucket).add(CDK.TAG.ROLE, roleTag);
441
+ }
442
+ if (vendorTag) {
443
+ Tags.of(this._bucket).add(CDK.TAG.VENDOR, vendorTag);
444
+ }
445
+ // Add an event notification from the bucket to the queue
446
+ this._bucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3n.SqsDestination(this.queue));
447
+ // Grant the lambda access to the bucket
448
+ this._bucket.grantReadWrite(this);
449
+ // Add environment variable for bucket name
450
+ this.lambda.addEnvironment("CDK_ENV_BUCKET_NAME", this._bucket.bucketName);
451
+ }
452
+ // Public accessors
453
+ get bucket() {
454
+ return this._bucket;
455
+ }
456
+ // IBucket implementation
457
+ get bucketArn() {
458
+ return this._bucket.bucketArn;
459
+ }
460
+ get bucketDomainName() {
461
+ return this._bucket.bucketDomainName;
462
+ }
463
+ get bucketDualStackDomainName() {
464
+ return this._bucket.bucketDualStackDomainName;
465
+ }
466
+ get bucketName() {
467
+ return this._bucket.bucketName;
468
+ }
469
+ get bucketRegionalDomainName() {
470
+ return this._bucket.bucketRegionalDomainName;
471
+ }
472
+ get bucketWebsiteDomainName() {
473
+ return this._bucket.bucketWebsiteDomainName;
474
+ }
475
+ get bucketWebsiteUrl() {
476
+ return this._bucket.bucketWebsiteUrl;
477
+ }
478
+ get encryptionKey() {
479
+ return this._bucket.encryptionKey;
480
+ }
481
+ get isWebsite() {
482
+ return this._bucket.isWebsite || false;
483
+ }
484
+ get policy() {
485
+ return this._bucket.policy;
486
+ }
487
+ addEventNotification(event, dest, filters) {
488
+ this._bucket.addEventNotification(event, dest, ...filters);
489
+ }
490
+ addObjectCreatedNotification(dest, ...filters) {
491
+ this._bucket.addObjectCreatedNotification(dest, ...filters);
492
+ }
493
+ addObjectRemovedNotification(dest, ...filters) {
494
+ this._bucket.addObjectRemovedNotification(dest, ...filters);
495
+ }
496
+ addToResourcePolicy(permission) {
497
+ return this._bucket.addToResourcePolicy(permission);
498
+ }
499
+ arnForObjects(objectKeyPattern) {
500
+ return this._bucket.arnForObjects(objectKeyPattern);
501
+ }
502
+ enableEventBridgeNotification() {
503
+ this._bucket.enableEventBridgeNotification();
504
+ }
505
+ grant(grantee, ...actions) {
506
+ return this._bucket.grant(grantee, ...actions);
507
+ }
508
+ grantDelete(grantee, objectsKeyPattern) {
509
+ return this._bucket.grantDelete(grantee, objectsKeyPattern);
510
+ }
511
+ grantPublicAccess(keyPrefix, ...allowedActions) {
512
+ return this._bucket.grantPublicAccess(keyPrefix, ...allowedActions);
513
+ }
514
+ grantPut(grantee, objectsKeyPattern) {
515
+ return this._bucket.grantPut(grantee, objectsKeyPattern);
516
+ }
517
+ grantPutAcl(grantee, objectsKeyPattern) {
518
+ return this._bucket.grantPutAcl(grantee, objectsKeyPattern);
519
+ }
520
+ grantRead(grantee, objectsKeyPattern) {
521
+ return this._bucket.grantRead(grantee, objectsKeyPattern);
522
+ }
523
+ grantReadWrite(grantee, objectsKeyPattern) {
524
+ return this._bucket.grantReadWrite(grantee, objectsKeyPattern);
525
+ }
526
+ grantWrite(grantee, objectsKeyPattern) {
527
+ return this._bucket.grantWrite(grantee, objectsKeyPattern);
528
+ }
529
+ onCloudTrailEvent(id, options) {
530
+ return this._bucket.onCloudTrailEvent(id, options);
531
+ }
532
+ onCloudTrailPutObject(id, options) {
533
+ return this._bucket.onCloudTrailPutObject(id, options);
534
+ }
535
+ onCloudTrailWriteObject(id, options) {
536
+ return this._bucket.onCloudTrailWriteObject(id, options);
537
+ }
538
+ s3UrlForObject(key) {
539
+ return this._bucket.s3UrlForObject(key);
540
+ }
541
+ transferAccelerationUrlForObject(key, options) {
542
+ return this._bucket.transferAccelerationUrlForObject(key, options);
543
+ }
544
+ urlForObject(key) {
545
+ return this._bucket.urlForObject(key);
546
+ }
547
+ virtualHostedUrlForObject(key, options) {
548
+ return this._bucket.virtualHostedUrlForObject(key, options);
549
+ }
550
+ // Bucket metrics
551
+ metricAllRequests(props) {
552
+ return this._bucket.metricAllRequests(props);
553
+ }
554
+ metricBucketSizeBytes(props) {
555
+ return this._bucket.metricBucketSizeBytes(props);
556
+ }
557
+ metricDeleteRequests(props) {
558
+ return this._bucket.metricDeleteRequests(props);
559
+ }
560
+ metricDownloadBytes(props) {
561
+ return this._bucket.metricDownloadBytes(props);
562
+ }
563
+ metricFirstByteLatency(props) {
564
+ return this._bucket.metricFirstByteLatency(props);
565
+ }
566
+ metricGetRequests(props) {
567
+ return this._bucket.metricGetRequests(props);
568
+ }
569
+ metricHeadRequests(props) {
570
+ return this._bucket.metricHeadRequests(props);
571
+ }
572
+ metricHttpRequests(props) {
573
+ return this._bucket.metricHttpRequests(props);
574
+ }
575
+ metricListRequests(props) {
576
+ return this._bucket.metricListRequests(props);
577
+ }
578
+ metricNumberOfObjects(props) {
579
+ return this._bucket.metricNumberOfObjects(props);
580
+ }
581
+ metricPostRequests(props) {
582
+ return this._bucket.metricPostRequests(props);
583
+ }
584
+ metricPutRequests(props) {
585
+ return this._bucket.metricPutRequests(props);
586
+ }
587
+ metricSelectRequests(props) {
588
+ return this._bucket.metricSelectRequests(props);
589
+ }
590
+ metricSelectScannedBytes(props) {
591
+ return this._bucket.metricSelectScannedBytes(props);
592
+ }
593
+ metricUploadBytes(props) {
594
+ return this._bucket.metricUploadBytes(props);
595
+ }
596
+ metricSelectReturnedBytes(props) {
597
+ return this._bucket.metricSelectReturnedBytes(props);
598
+ }
599
+ // Override applyRemovalPolicy to apply to all resources
600
+ applyRemovalPolicy(policy) {
601
+ super.applyRemovalPolicy(policy);
602
+ this._bucket.applyRemovalPolicy(policy);
603
+ }
604
+ }
605
+
606
+ // It is a consumer if the environment is ephemeral
607
+ function checkEnvIsConsumer(env = process.env) {
608
+ return (env.PROJECT_ENV === CDK.ENV.PERSONAL ||
609
+ !!env.CDK_ENV_PERSONAL ||
610
+ /** @deprecated */ env.PROJECT_ENV === "ephemeral" ||
611
+ /** @deprecated */ !!env.CDK_ENV_EPHEMERAL);
612
+ }
613
+ function checkEnvIsProvider(env = process.env) {
614
+ return env.PROJECT_ENV === CDK.ENV.SANDBOX;
615
+ }
616
+ function cleanName(name) {
617
+ return name.replace(/[^a-zA-Z0-9:-]/g, "");
618
+ }
619
+ function exportEnvName(name, env = process.env) {
620
+ let rawName;
621
+ if (checkEnvIsProvider(env)) {
622
+ rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
623
+ // Clean the entire name to only allow alphanumeric, colons, and hyphens
624
+ return cleanName(rawName);
625
+ }
626
+ else {
627
+ if (checkEnvIsConsumer(env)) {
628
+ rawName = `env-${CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;
629
+ }
630
+ else {
631
+ rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
632
+ }
633
+ }
634
+ return cleanName(rawName);
635
+ }
636
+ class JaypieEnvSecret extends Construct {
637
+ constructor(scope, id, props) {
638
+ super(scope, id);
639
+ const { consumer = checkEnvIsConsumer(), envKey, export: exportParam, provider = checkEnvIsProvider(), roleTag, vendorTag, value, } = props || {};
640
+ this._envKey = envKey;
641
+ let exportName;
642
+ if (!exportParam) {
643
+ exportName = exportEnvName(id);
644
+ }
645
+ else {
646
+ exportName = cleanName(exportParam);
647
+ }
648
+ if (consumer) {
649
+ const secretName = Fn.importValue(exportName);
650
+ this._secret = secretsmanager.Secret.fromSecretNameV2(this, id, secretName);
651
+ // Add CfnOutput for consumer secrets
652
+ new CfnOutput(this, `ConsumedName`, {
653
+ value: this._secret.secretName,
654
+ });
655
+ }
656
+ else {
657
+ const secretValue = envKey && process.env[envKey] ? process.env[envKey] : value;
658
+ const secretProps = {
659
+ secretStringValue: secretValue
660
+ ? SecretValue.unsafePlainText(secretValue)
661
+ : undefined,
662
+ };
663
+ this._secret = new secretsmanager.Secret(this, id, secretProps);
664
+ if (roleTag) {
665
+ Tags.of(this._secret).add(CDK.TAG.ROLE, roleTag);
666
+ }
667
+ if (vendorTag) {
668
+ Tags.of(this._secret).add(CDK.TAG.VENDOR, vendorTag);
669
+ }
670
+ if (provider) {
671
+ new CfnOutput(this, `ProvidedName`, {
672
+ value: this._secret.secretName,
673
+ exportName,
674
+ });
675
+ }
676
+ else {
677
+ new CfnOutput(this, `CreatedName`, {
678
+ value: this._secret.secretName,
679
+ });
680
+ }
681
+ }
682
+ }
683
+ // IResource implementation
684
+ get stack() {
685
+ return Stack.of(this);
686
+ }
687
+ get env() {
688
+ return {
689
+ account: Stack.of(this).account,
690
+ region: Stack.of(this).region,
691
+ };
692
+ }
693
+ applyRemovalPolicy(policy) {
694
+ this._secret.applyRemovalPolicy(policy);
695
+ }
696
+ // ISecret implementation
697
+ get secretArn() {
698
+ return this._secret.secretArn;
699
+ }
700
+ get secretName() {
701
+ return this._secret.secretName;
702
+ }
703
+ get secretFullArn() {
704
+ return this._secret.secretFullArn;
705
+ }
706
+ get encryptionKey() {
707
+ return this._secret.encryptionKey;
708
+ }
709
+ get secretValue() {
710
+ return this._secret.secretValue;
711
+ }
712
+ secretValueFromJson(key) {
713
+ return this._secret.secretValueFromJson(key);
714
+ }
715
+ grantRead(grantee, versionStages) {
716
+ return this._secret.grantRead(grantee, versionStages);
717
+ }
718
+ grantWrite(grantee) {
719
+ return this._secret.grantWrite(grantee);
720
+ }
721
+ addRotationSchedule(id, options) {
722
+ return this._secret.addRotationSchedule(id, options);
723
+ }
724
+ addToResourcePolicy(statement) {
725
+ return this._secret.addToResourcePolicy(statement);
726
+ }
727
+ denyAccountRootDelete() {
728
+ this._secret.denyAccountRootDelete();
729
+ }
730
+ attach(target) {
731
+ return this._secret.attach(target);
732
+ }
733
+ get envKey() {
734
+ return this._envKey;
735
+ }
736
+ }
737
+
738
+ const SERVICE = {
739
+ ROUTE53: "route53.amazonaws.com",
740
+ };
741
+ class JaypieHostedZone extends Construct {
742
+ /**
743
+ * Create a new hosted zone with query logging
744
+ */
745
+ constructor(scope, id, props) {
746
+ super(scope, id);
747
+ const { destination, zoneName, project } = props;
748
+ const service = props.service || CDK.SERVICE.INFRASTRUCTURE;
749
+ // Create the log group
750
+ this.logGroup = new LogGroup(this, "LogGroup", {
751
+ logGroupName: process.env.PROJECT_NONCE
752
+ ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`
753
+ : `/aws/route53/${zoneName}`,
754
+ retention: RetentionDays.ONE_WEEK,
755
+ });
756
+ // Add tags
757
+ cdk.Tags.of(this.logGroup).add(CDK.TAG.SERVICE, service);
758
+ cdk.Tags.of(this.logGroup).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);
759
+ if (project) {
760
+ cdk.Tags.of(this.logGroup).add(CDK.TAG.PROJECT, project);
761
+ }
762
+ // Grant Route 53 permissions to write to the log group
763
+ this.logGroup.grantWrite(new ServicePrincipal(SERVICE.ROUTE53));
764
+ // Add destination if provided
765
+ if (destination) {
766
+ this.logGroup.addSubscriptionFilter("DatadogLambdaDestination", {
767
+ destination,
768
+ filterPattern: FilterPattern.allEvents(),
769
+ });
770
+ }
771
+ // Create the hosted zone
772
+ this.hostedZone = new HostedZone(this, "HostedZone", {
773
+ queryLogsLogGroupArn: this.logGroup.logGroupArn,
774
+ zoneName,
775
+ });
776
+ // Add tags
777
+ cdk.Tags.of(this.hostedZone).add(CDK.TAG.SERVICE, service);
778
+ cdk.Tags.of(this.hostedZone).add(CDK.TAG.ROLE, CDK.ROLE.NETWORKING);
779
+ if (project) {
780
+ cdk.Tags.of(this.hostedZone).add(CDK.TAG.PROJECT, project);
781
+ }
782
+ }
783
+ }
784
+
785
+ class JaypieMongoDbSecret extends JaypieEnvSecret {
786
+ constructor(scope, id = "MongoConnectionString", props) {
787
+ const defaultProps = {
788
+ envKey: "MONGODB_URI",
789
+ roleTag: CDK.ROLE.STORAGE,
790
+ vendorTag: CDK.VENDOR.MONGODB,
791
+ ...props,
792
+ };
793
+ super(scope, id, defaultProps);
794
+ }
795
+ }
796
+
797
+ class JaypieOpenAiSecret extends JaypieEnvSecret {
798
+ constructor(scope, id = "OpenAiApiKey", props) {
799
+ const defaultProps = {
800
+ envKey: "OPENAI_API_KEY",
801
+ roleTag: CDK.ROLE.PROCESSING,
802
+ vendorTag: CDK.VENDOR.OPENAI,
803
+ ...props,
804
+ };
805
+ super(scope, id, defaultProps);
806
+ }
807
+ }
808
+
628
809
  /**
629
810
  * Permission set types with corresponding AWS managed policies
630
811
  */
@@ -911,5 +1092,5 @@ class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
911
1092
  }
912
1093
  }
913
1094
 
914
- export { JaypieEnvSecret, JaypieHostedZone, JaypieLambda, JaypieMongoDbSecret, JaypieOpenAiSecret, JaypieQueuedLambda, JaypieSsoGroups, JaypieTraceSigningKeySecret, PermissionSetType };
1095
+ export { JaypieBucketQueuedLambda, JaypieEnvSecret, JaypieHostedZone, JaypieLambda, JaypieMongoDbSecret, JaypieOpenAiSecret, JaypieQueuedLambda, JaypieSsoGroups, JaypieTraceSigningKeySecret, PermissionSetType };
915
1096
  //# sourceMappingURL=index.js.map