@jaypie/constructs 1.1.38 → 1.1.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/JaypieLambda.d.ts +3 -77
- package/dist/cjs/JaypieWebDeploymentBucket.d.ts +1 -0
- package/dist/cjs/helpers/__tests__/envHostname.spec.d.ts +1 -0
- package/dist/cjs/helpers/constructTagger.d.ts +4 -0
- package/dist/cjs/helpers/envHostname.d.ts +6 -0
- package/dist/cjs/helpers/index.d.ts +2 -1
- package/dist/cjs/index.cjs +164 -327
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/esm/JaypieLambda.d.ts +3 -77
- package/dist/esm/JaypieWebDeploymentBucket.d.ts +1 -0
- package/dist/esm/helpers/__tests__/envHostname.spec.d.ts +1 -0
- package/dist/esm/helpers/constructTagger.d.ts +4 -0
- package/dist/esm/helpers/envHostname.d.ts +6 -0
- package/dist/esm/helpers/index.d.ts +2 -1
- package/dist/esm/index.js +66 -229
- package/dist/esm/index.js.map +1 -1
- package/package.json +2 -2
- package/dist/cjs/helpers/stackTagger.d.ts +0 -4
- package/dist/esm/helpers/stackTagger.d.ts +0 -4
package/dist/cjs/index.cjs
CHANGED
|
@@ -1,18 +1,17 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var constructs = require('constructs');
|
|
4
|
-
var cdk
|
|
4
|
+
var cdk = require('aws-cdk-lib');
|
|
5
5
|
var acm = require('aws-cdk-lib/aws-certificatemanager');
|
|
6
6
|
var apiGateway = require('aws-cdk-lib/aws-apigateway');
|
|
7
7
|
var route53 = require('aws-cdk-lib/aws-route53');
|
|
8
8
|
var route53Targets = require('aws-cdk-lib/aws-route53-targets');
|
|
9
|
-
var cdk = require('@jaypie/cdk');
|
|
9
|
+
var cdk$1 = require('@jaypie/cdk');
|
|
10
10
|
var s3 = require('aws-cdk-lib/aws-s3');
|
|
11
11
|
var s3n = require('aws-cdk-lib/aws-s3-notifications');
|
|
12
12
|
var lambda = require('aws-cdk-lib/aws-lambda');
|
|
13
13
|
var sqs = require('aws-cdk-lib/aws-sqs');
|
|
14
14
|
var lambdaEventSources = require('aws-cdk-lib/aws-lambda-event-sources');
|
|
15
|
-
var cloudwatch = require('aws-cdk-lib/aws-cloudwatch');
|
|
16
15
|
var secretsmanager = require('aws-cdk-lib/aws-secretsmanager');
|
|
17
16
|
var awsIam = require('aws-cdk-lib/aws-iam');
|
|
18
17
|
var awsLogs = require('aws-cdk-lib/aws-logs');
|
|
@@ -37,7 +36,7 @@ function _interopNamespaceDefault(e) {
|
|
|
37
36
|
return Object.freeze(n);
|
|
38
37
|
}
|
|
39
38
|
|
|
40
|
-
var cdk__namespace = /*#__PURE__*/_interopNamespaceDefault(cdk
|
|
39
|
+
var cdk__namespace = /*#__PURE__*/_interopNamespaceDefault(cdk);
|
|
41
40
|
var acm__namespace = /*#__PURE__*/_interopNamespaceDefault(acm);
|
|
42
41
|
var apiGateway__namespace = /*#__PURE__*/_interopNamespaceDefault(apiGateway);
|
|
43
42
|
var route53__namespace = /*#__PURE__*/_interopNamespaceDefault(route53);
|
|
@@ -47,7 +46,6 @@ var s3n__namespace = /*#__PURE__*/_interopNamespaceDefault(s3n);
|
|
|
47
46
|
var lambda__namespace = /*#__PURE__*/_interopNamespaceDefault(lambda);
|
|
48
47
|
var sqs__namespace = /*#__PURE__*/_interopNamespaceDefault(sqs);
|
|
49
48
|
var lambdaEventSources__namespace = /*#__PURE__*/_interopNamespaceDefault(lambdaEventSources);
|
|
50
|
-
var cloudwatch__namespace = /*#__PURE__*/_interopNamespaceDefault(cloudwatch);
|
|
51
49
|
var secretsmanager__namespace = /*#__PURE__*/_interopNamespaceDefault(secretsmanager);
|
|
52
50
|
var sso__namespace = /*#__PURE__*/_interopNamespaceDefault(sso);
|
|
53
51
|
var cloudfront__namespace = /*#__PURE__*/_interopNamespaceDefault(cloudfront);
|
|
@@ -56,7 +54,7 @@ var origins__namespace = /*#__PURE__*/_interopNamespaceDefault(origins);
|
|
|
56
54
|
function constructEnvName(name, opts) {
|
|
57
55
|
const env = opts?.env ?? process.env.PROJECT_ENV ?? "build";
|
|
58
56
|
const key = opts?.key ?? process.env.PROJECT_KEY ?? "project";
|
|
59
|
-
const nonce = opts?.nonce ?? process.env.PROJECT_NONCE ?? "cfe2";
|
|
57
|
+
const nonce = opts?.nonce ?? process.env.PROJECT_NONCE ?? "cfe2"; // This default is intentionally short. It is not a special value but should not be changed.
|
|
60
58
|
return `${env}-${key}-${name}-${nonce}`;
|
|
61
59
|
}
|
|
62
60
|
|
|
@@ -69,25 +67,6 @@ function constructStackName(key) {
|
|
|
69
67
|
}
|
|
70
68
|
}
|
|
71
69
|
|
|
72
|
-
/**
|
|
73
|
-
* Check if the current environment matches the given environment
|
|
74
|
-
*/
|
|
75
|
-
function isEnv(env) {
|
|
76
|
-
return process.env.PROJECT_ENV === env;
|
|
77
|
-
}
|
|
78
|
-
/**
|
|
79
|
-
* Check if the current environment is production
|
|
80
|
-
*/
|
|
81
|
-
function isProductionEnv() {
|
|
82
|
-
return isEnv(cdk.CDK.ENV.PRODUCTION);
|
|
83
|
-
}
|
|
84
|
-
/**
|
|
85
|
-
* Check if the current environment is sandbox
|
|
86
|
-
*/
|
|
87
|
-
function isSandboxEnv() {
|
|
88
|
-
return isEnv(cdk.CDK.ENV.SANDBOX);
|
|
89
|
-
}
|
|
90
|
-
|
|
91
70
|
const CDK$1 = {
|
|
92
71
|
CREATION: {
|
|
93
72
|
CDK: "cdk",
|
|
@@ -111,39 +90,75 @@ const CDK$1 = {
|
|
|
111
90
|
VERSION: "version",
|
|
112
91
|
},
|
|
113
92
|
};
|
|
114
|
-
function
|
|
93
|
+
function constructTagger(construct, { name } = {}) {
|
|
115
94
|
const stackName = name || constructStackName();
|
|
116
95
|
const version = process.env.npm_package_version || process.env.PROJECT_VERSION || null;
|
|
117
96
|
if (process.env.PROJECT_COMMIT && process.env.PROJECT_COMMIT.length > 8) {
|
|
118
|
-
cdk
|
|
97
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.BUILD_HEX, process.env.PROJECT_COMMIT.slice(0, 8));
|
|
119
98
|
}
|
|
120
|
-
cdk
|
|
121
|
-
cdk
|
|
99
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.BUILD_DATE, new Date().toISOString());
|
|
100
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.BUILD_TIME, Date.now().toString());
|
|
122
101
|
if (process.env.PROJECT_COMMIT)
|
|
123
|
-
cdk
|
|
124
|
-
cdk
|
|
102
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.COMMIT, process.env.PROJECT_COMMIT);
|
|
103
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.CREATION, CDK$1.CREATION.CDK);
|
|
125
104
|
if (process.env.PROJECT_ENV)
|
|
126
|
-
cdk
|
|
105
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.ENV, process.env.PROJECT_ENV);
|
|
127
106
|
if (process.env.PROJECT_NONCE)
|
|
128
|
-
cdk
|
|
107
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.NONCE, process.env.PROJECT_NONCE);
|
|
129
108
|
if (process.env.PROJECT_KEY)
|
|
130
|
-
cdk
|
|
131
|
-
cdk
|
|
109
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.PROJECT, process.env.PROJECT_KEY);
|
|
110
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.ROLE, CDK$1.ROLE.STACK);
|
|
132
111
|
if (process.env.PROJECT_SERVICE)
|
|
133
|
-
cdk
|
|
112
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.SERVICE, process.env.PROJECT_SERVICE);
|
|
134
113
|
if (process.env.PROJECT_SPONSOR)
|
|
135
|
-
cdk
|
|
114
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.SPONSOR, process.env.PROJECT_SPONSOR);
|
|
136
115
|
if (stackName)
|
|
137
|
-
cdk
|
|
116
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.STACK, stackName);
|
|
138
117
|
if (version)
|
|
139
|
-
cdk
|
|
118
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.VERSION, version);
|
|
140
119
|
return true;
|
|
141
120
|
}
|
|
142
121
|
|
|
122
|
+
function envHostname({ component, domain, env, subdomain, }) {
|
|
123
|
+
const resolvedDomain = domain || process.env.CDK_ENV_DOMAIN || process.env.CDK_ENV_HOSTED_ZONE;
|
|
124
|
+
if (!resolvedDomain) {
|
|
125
|
+
throw new cdk$1.ConfigurationError("No hostname `domain` provided. Set CDK_ENV_DOMAIN or CDK_ENV_HOSTED_ZONE to use environment domain");
|
|
126
|
+
}
|
|
127
|
+
const resolvedComponent = component === "@" || component === "" ? undefined : component;
|
|
128
|
+
const resolvedSubdomain = subdomain || process.env.CDK_ENV_SUBDOMAIN;
|
|
129
|
+
const resolvedEnv = env || process.env.PROJECT_ENV;
|
|
130
|
+
const parts = [
|
|
131
|
+
resolvedComponent,
|
|
132
|
+
resolvedSubdomain,
|
|
133
|
+
resolvedEnv,
|
|
134
|
+
resolvedDomain,
|
|
135
|
+
].filter((part) => part);
|
|
136
|
+
return parts.join(".");
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
/**
|
|
140
|
+
* Check if the current environment matches the given environment
|
|
141
|
+
*/
|
|
142
|
+
function isEnv(env) {
|
|
143
|
+
return process.env.PROJECT_ENV === env;
|
|
144
|
+
}
|
|
145
|
+
/**
|
|
146
|
+
* Check if the current environment is production
|
|
147
|
+
*/
|
|
148
|
+
function isProductionEnv() {
|
|
149
|
+
return isEnv(cdk$1.CDK.ENV.PRODUCTION);
|
|
150
|
+
}
|
|
151
|
+
/**
|
|
152
|
+
* Check if the current environment is sandbox
|
|
153
|
+
*/
|
|
154
|
+
function isSandboxEnv() {
|
|
155
|
+
return isEnv(cdk$1.CDK.ENV.SANDBOX);
|
|
156
|
+
}
|
|
157
|
+
|
|
143
158
|
class JaypieApiGateway extends constructs.Construct {
|
|
144
159
|
constructor(scope, id, props) {
|
|
145
160
|
super(scope, id);
|
|
146
|
-
const { certificate = true, handler, host: propsHost, name, roleTag = cdk.CDK.ROLE.API, zone: propsZone, } = props;
|
|
161
|
+
const { certificate = true, handler, host: propsHost, name, roleTag = cdk$1.CDK.ROLE.API, zone: propsZone, } = props;
|
|
147
162
|
// Determine zone from props or environment
|
|
148
163
|
let zone = propsZone;
|
|
149
164
|
if (!zone && process.env.CDK_ENV_API_HOSTED_ZONE) {
|
|
@@ -157,7 +172,7 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
157
172
|
}
|
|
158
173
|
else if (process.env.CDK_ENV_API_SUBDOMAIN &&
|
|
159
174
|
process.env.CDK_ENV_API_HOSTED_ZONE) {
|
|
160
|
-
host = cdk.mergeDomain(process.env.CDK_ENV_API_SUBDOMAIN, process.env.CDK_ENV_API_HOSTED_ZONE);
|
|
175
|
+
host = cdk$1.mergeDomain(process.env.CDK_ENV_API_SUBDOMAIN, process.env.CDK_ENV_API_HOSTED_ZONE);
|
|
161
176
|
}
|
|
162
177
|
}
|
|
163
178
|
const apiGatewayName = name || constructEnvName("ApiGateway");
|
|
@@ -179,7 +194,7 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
179
194
|
domainName: host,
|
|
180
195
|
validation: acm__namespace.CertificateValidation.fromDns(hostedZone),
|
|
181
196
|
});
|
|
182
|
-
cdk
|
|
197
|
+
cdk.Tags.of(certificateToUse).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.HOSTING);
|
|
183
198
|
}
|
|
184
199
|
else if (typeof certificate === "object") {
|
|
185
200
|
certificateToUse = certificate;
|
|
@@ -198,19 +213,19 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
198
213
|
handler,
|
|
199
214
|
...lambdaRestApiProps,
|
|
200
215
|
});
|
|
201
|
-
cdk
|
|
216
|
+
cdk.Tags.of(this._api).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
202
217
|
if (host && certificateToUse && hostedZone) {
|
|
203
218
|
this._domainName = this._api.addDomainName(apiDomainName, {
|
|
204
219
|
domainName: host,
|
|
205
220
|
certificate: certificateToUse,
|
|
206
221
|
});
|
|
207
|
-
cdk
|
|
222
|
+
cdk.Tags.of(this._domainName).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
208
223
|
const record = new route53__namespace.ARecord(this, "AliasRecord", {
|
|
209
224
|
recordName: host,
|
|
210
225
|
target: route53__namespace.RecordTarget.fromAlias(new route53Targets__namespace.ApiGatewayDomain(this._domainName)),
|
|
211
226
|
zone: hostedZone,
|
|
212
227
|
});
|
|
213
|
-
cdk
|
|
228
|
+
cdk.Tags.of(record).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
|
|
214
229
|
}
|
|
215
230
|
}
|
|
216
231
|
get api() {
|
|
@@ -251,8 +266,8 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
251
266
|
}
|
|
252
267
|
get env() {
|
|
253
268
|
return {
|
|
254
|
-
account: cdk
|
|
255
|
-
region: cdk
|
|
269
|
+
account: cdk.Stack.of(this).account,
|
|
270
|
+
region: cdk.Stack.of(this).region,
|
|
256
271
|
};
|
|
257
272
|
}
|
|
258
273
|
get stack() {
|
|
@@ -290,7 +305,7 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
290
305
|
}
|
|
291
306
|
}
|
|
292
307
|
|
|
293
|
-
class JaypieStack extends cdk
|
|
308
|
+
class JaypieStack extends cdk.Stack {
|
|
294
309
|
constructor(scope, id, props = {}) {
|
|
295
310
|
const { key, ...stackProps } = props;
|
|
296
311
|
// Handle stackName
|
|
@@ -305,7 +320,7 @@ class JaypieStack extends cdk$1.Stack {
|
|
|
305
320
|
};
|
|
306
321
|
super(scope, id, stackProps);
|
|
307
322
|
// Apply tags
|
|
308
|
-
|
|
323
|
+
constructTagger(this, { name: stackProps.stackName });
|
|
309
324
|
}
|
|
310
325
|
}
|
|
311
326
|
|
|
@@ -323,7 +338,7 @@ class JaypieAppStack extends JaypieStack {
|
|
|
323
338
|
class JaypieLambda extends constructs.Construct {
|
|
324
339
|
constructor(scope, id, props) {
|
|
325
340
|
super(scope, id);
|
|
326
|
-
const { allowAllOutbound, allowPublicSubnet, architecture = lambda__namespace.Architecture.X86_64, code, codeSigningConfig, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment: initialEnvironment = {}, environmentEncryption, envSecrets = {}, ephemeralStorageSize, filesystem, handler = "index.handler", initialPolicy, layers = [], logRetention = cdk.CDK.LAMBDA.LOG_RETENTION, logRetentionRole, logRetentionRetryOptions, maxEventAge, memorySize = cdk.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag = cdk.CDK.ROLE.PROCESSING, runtime = lambda__namespace.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = cdk
|
|
341
|
+
const { allowAllOutbound, allowPublicSubnet, architecture = lambda__namespace.Architecture.X86_64, code, codeSigningConfig, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment: initialEnvironment = {}, environmentEncryption, envSecrets = {}, ephemeralStorageSize, filesystem, handler = "index.handler", initialPolicy, layers = [], logRetention = cdk$1.CDK.LAMBDA.LOG_RETENTION, logRetentionRole, logRetentionRetryOptions, maxEventAge, memorySize = cdk$1.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag = cdk$1.CDK.ROLE.PROCESSING, runtime = lambda__namespace.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), tracing, vendorTag, vpc, vpcSubnets, } = props;
|
|
327
342
|
// Create a mutable copy of the environment variables
|
|
328
343
|
let environment = { ...initialEnvironment };
|
|
329
344
|
// Default environment values
|
|
@@ -369,7 +384,7 @@ class JaypieLambda extends constructs.Construct {
|
|
|
369
384
|
environment[envVar] = process.env[envVar];
|
|
370
385
|
}
|
|
371
386
|
});
|
|
372
|
-
|
|
387
|
+
const codeAsset = typeof code === "string" ? lambda__namespace.Code.fromAsset(code) : code;
|
|
373
388
|
// Create a working copy of layers
|
|
374
389
|
const resolvedLayers = [...layers];
|
|
375
390
|
// Determine if we should add Datadog integration
|
|
@@ -380,10 +395,10 @@ class JaypieLambda extends constructs.Construct {
|
|
|
380
395
|
// Add Datadog integration if API key is available
|
|
381
396
|
if (resolvedDatadogApiKeyArn) {
|
|
382
397
|
// Add Datadog Node.js layer
|
|
383
|
-
const datadogNodeLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogNodeLayer", `arn:aws:lambda:${cdk
|
|
398
|
+
const datadogNodeLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogNodeLayer", `arn:aws:lambda:${cdk.Stack.of(this).region}:464622532012:layer:Datadog-Node20-x:${cdk$1.CDK.DATADOG.LAYER.NODE}`);
|
|
384
399
|
resolvedLayers.push(datadogNodeLayer);
|
|
385
400
|
// Add Datadog Extension layer
|
|
386
|
-
const datadogExtensionLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogExtensionLayer", `arn:aws:lambda:${cdk
|
|
401
|
+
const datadogExtensionLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogExtensionLayer", `arn:aws:lambda:${cdk.Stack.of(this).region}:464622532012:layer:Datadog-Extension:${cdk$1.CDK.DATADOG.LAYER.EXTENSION}`);
|
|
387
402
|
resolvedLayers.push(datadogExtensionLayer);
|
|
388
403
|
// Set Datadog environment variables
|
|
389
404
|
Object.assign(environment, {
|
|
@@ -393,8 +408,8 @@ class JaypieLambda extends constructs.Construct {
|
|
|
393
408
|
DD_PROFILING_ENABLED: "false",
|
|
394
409
|
DD_SERVERLESS_APPSEC_ENABLED: "false",
|
|
395
410
|
DD_SERVICE: process.env.PROJECT_SERVICE || "",
|
|
396
|
-
DD_SITE: cdk.CDK.DATADOG.SITE,
|
|
397
|
-
DD_TAGS: `${cdk.CDK.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
|
|
411
|
+
DD_SITE: cdk$1.CDK.DATADOG.SITE,
|
|
412
|
+
DD_TAGS: `${cdk$1.CDK.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
|
|
398
413
|
DD_TRACE_OTEL_ENABLED: "false",
|
|
399
414
|
});
|
|
400
415
|
}
|
|
@@ -412,10 +427,10 @@ class JaypieLambda extends constructs.Construct {
|
|
|
412
427
|
logLevel: paramsAndSecretsOptions?.logLevel ||
|
|
413
428
|
lambda__namespace.ParamsAndSecretsLogLevel.WARN,
|
|
414
429
|
parameterStoreTtl: paramsAndSecretsOptions?.parameterStoreTtl
|
|
415
|
-
? cdk
|
|
430
|
+
? cdk.Duration.seconds(paramsAndSecretsOptions.parameterStoreTtl)
|
|
416
431
|
: undefined,
|
|
417
432
|
secretsManagerTtl: paramsAndSecretsOptions?.secretsManagerTtl
|
|
418
|
-
? cdk
|
|
433
|
+
? cdk.Duration.seconds(paramsAndSecretsOptions.secretsManagerTtl)
|
|
419
434
|
: undefined,
|
|
420
435
|
});
|
|
421
436
|
}
|
|
@@ -440,7 +455,7 @@ class JaypieLambda extends constructs.Construct {
|
|
|
440
455
|
allowAllOutbound,
|
|
441
456
|
allowPublicSubnet,
|
|
442
457
|
architecture,
|
|
443
|
-
code:
|
|
458
|
+
code: codeAsset,
|
|
444
459
|
codeSigningConfig,
|
|
445
460
|
deadLetterQueue,
|
|
446
461
|
deadLetterQueueEnabled,
|
|
@@ -453,7 +468,7 @@ class JaypieLambda extends constructs.Construct {
|
|
|
453
468
|
},
|
|
454
469
|
environmentEncryption,
|
|
455
470
|
ephemeralStorageSize,
|
|
456
|
-
filesystem
|
|
471
|
+
filesystem,
|
|
457
472
|
handler,
|
|
458
473
|
initialPolicy,
|
|
459
474
|
layers: resolvedLayers,
|
|
@@ -470,14 +485,14 @@ class JaypieLambda extends constructs.Construct {
|
|
|
470
485
|
runtime,
|
|
471
486
|
runtimeManagementMode,
|
|
472
487
|
securityGroups,
|
|
473
|
-
timeout: typeof timeout === "number" ? cdk
|
|
488
|
+
timeout: typeof timeout === "number" ? cdk.Duration.seconds(timeout) : timeout,
|
|
474
489
|
tracing,
|
|
475
490
|
vpc,
|
|
476
491
|
vpcSubnets,
|
|
477
492
|
// Enable auto-publishing of versions when using provisioned concurrency
|
|
478
493
|
currentVersionOptions: provisionedConcurrentExecutions !== undefined
|
|
479
494
|
? {
|
|
480
|
-
removalPolicy: cdk
|
|
495
|
+
removalPolicy: cdk.RemovalPolicy.RETAIN,
|
|
481
496
|
description: "Auto-published version for provisioned concurrency",
|
|
482
497
|
// Don't set provisioned concurrency here - it will be set on the alias
|
|
483
498
|
}
|
|
@@ -510,45 +525,11 @@ class JaypieLambda extends constructs.Construct {
|
|
|
510
525
|
this._provisioned.node.addDependency(version);
|
|
511
526
|
}
|
|
512
527
|
if (roleTag) {
|
|
513
|
-
cdk
|
|
528
|
+
cdk.Tags.of(this._lambda).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
514
529
|
}
|
|
515
530
|
if (vendorTag) {
|
|
516
|
-
cdk
|
|
531
|
+
cdk.Tags.of(this._lambda).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
|
|
517
532
|
}
|
|
518
|
-
// Store constructor props for later access
|
|
519
|
-
this._handler = handler;
|
|
520
|
-
this._memorySize = memorySize;
|
|
521
|
-
this._timeout =
|
|
522
|
-
typeof timeout === "number" ? cdk$1.Duration.seconds(timeout) : timeout;
|
|
523
|
-
this._runtime = runtime;
|
|
524
|
-
this._environment = {
|
|
525
|
-
...environment,
|
|
526
|
-
...secretsEnvironment,
|
|
527
|
-
...jaypieSecretsEnvironment,
|
|
528
|
-
};
|
|
529
|
-
this._vpc = vpc;
|
|
530
|
-
this._vpcSubnets = vpcSubnets;
|
|
531
|
-
this._securityGroups = securityGroups;
|
|
532
|
-
this._reservedConcurrentExecutions = reservedConcurrentExecutions;
|
|
533
|
-
this._layers = resolvedLayers;
|
|
534
|
-
this._architecture = architecture;
|
|
535
|
-
this._ephemeralStorageSize = ephemeralStorageSize?.toMebibytes();
|
|
536
|
-
this._codeSigningConfig = codeSigningConfig;
|
|
537
|
-
this._filesystemConfigs = filesystem ? [filesystem] : undefined;
|
|
538
|
-
this._environmentEncryption = environmentEncryption;
|
|
539
|
-
this._tracing = tracing;
|
|
540
|
-
this._profiling = profiling;
|
|
541
|
-
this._profilingGroup = profilingGroup;
|
|
542
|
-
this._logRetentionRole = logRetentionRole;
|
|
543
|
-
this._logRetentionRetryOptions = logRetentionRetryOptions;
|
|
544
|
-
this._initialPolicy = initialPolicy;
|
|
545
|
-
this._description = description;
|
|
546
|
-
this._maxEventAge = maxEventAge;
|
|
547
|
-
this._retryAttempts = retryAttempts;
|
|
548
|
-
this._runtimeManagementMode = runtimeManagementMode;
|
|
549
|
-
this._allowAllOutbound = allowAllOutbound;
|
|
550
|
-
this._allowPublicSubnet = allowPublicSubnet;
|
|
551
|
-
this._deadLetterQueueEnabled = deadLetterQueueEnabled;
|
|
552
533
|
// Assign _reference based on provisioned state
|
|
553
534
|
this._reference =
|
|
554
535
|
this._provisioned !== undefined ? this._provisioned : this._lambda;
|
|
@@ -560,9 +541,6 @@ class JaypieLambda extends constructs.Construct {
|
|
|
560
541
|
get provisioned() {
|
|
561
542
|
return this._provisioned;
|
|
562
543
|
}
|
|
563
|
-
get code() {
|
|
564
|
-
return this._code;
|
|
565
|
-
}
|
|
566
544
|
get reference() {
|
|
567
545
|
return this._reference;
|
|
568
546
|
}
|
|
@@ -612,9 +590,6 @@ class JaypieLambda extends constructs.Construct {
|
|
|
612
590
|
addToRolePolicy(statement) {
|
|
613
591
|
this._reference.addToRolePolicy(statement);
|
|
614
592
|
}
|
|
615
|
-
addEnvironment(key, value, options) {
|
|
616
|
-
return this._lambda.addEnvironment(key, value, options);
|
|
617
|
-
}
|
|
618
593
|
configureAsyncInvoke(options) {
|
|
619
594
|
this._reference.configureAsyncInvoke(options);
|
|
620
595
|
}
|
|
@@ -627,6 +602,12 @@ class JaypieLambda extends constructs.Construct {
|
|
|
627
602
|
grantInvokeUrl(grantee) {
|
|
628
603
|
return this._reference.grantInvokeUrl(grantee);
|
|
629
604
|
}
|
|
605
|
+
grantInvokeLatestVersion(grantee) {
|
|
606
|
+
return this._reference.grantInvokeLatestVersion(grantee);
|
|
607
|
+
}
|
|
608
|
+
grantInvokeVersion(grantee, version) {
|
|
609
|
+
return this._reference.grantInvokeVersion(grantee, version);
|
|
610
|
+
}
|
|
630
611
|
metric(metricName, props) {
|
|
631
612
|
return this._reference.metric(metricName, props);
|
|
632
613
|
}
|
|
@@ -642,17 +623,10 @@ class JaypieLambda extends constructs.Construct {
|
|
|
642
623
|
metricThrottles(props) {
|
|
643
624
|
return this._reference.metricThrottles(props);
|
|
644
625
|
}
|
|
645
|
-
// Additional IFunction implementation
|
|
646
|
-
grantInvokeLatestVersion(grantee) {
|
|
647
|
-
return this._reference.grantInvokeLatestVersion(grantee);
|
|
648
|
-
}
|
|
649
|
-
grantInvokeVersion(grantee, version) {
|
|
650
|
-
return this._reference.grantInvokeVersion(grantee, version);
|
|
651
|
-
}
|
|
652
626
|
get env() {
|
|
653
627
|
return {
|
|
654
|
-
account: cdk
|
|
655
|
-
region: cdk
|
|
628
|
+
account: cdk.Stack.of(this).account,
|
|
629
|
+
region: cdk.Stack.of(this).region,
|
|
656
630
|
};
|
|
657
631
|
}
|
|
658
632
|
get stack() {
|
|
@@ -661,165 +635,24 @@ class JaypieLambda extends constructs.Construct {
|
|
|
661
635
|
applyRemovalPolicy(policy) {
|
|
662
636
|
this._reference.applyRemovalPolicy(policy);
|
|
663
637
|
}
|
|
664
|
-
// Additional Lambda Function specific methods
|
|
665
|
-
get currentVersion() {
|
|
666
|
-
return this._lambda.currentVersion;
|
|
667
|
-
}
|
|
668
|
-
get deadLetterQueue() {
|
|
669
|
-
return this._lambda.deadLetterQueue;
|
|
670
|
-
}
|
|
671
|
-
get deadLetterTopic() {
|
|
672
|
-
return this._lambda.deadLetterTopic;
|
|
673
|
-
}
|
|
674
|
-
get logGroup() {
|
|
675
|
-
return this._lambda.logGroup;
|
|
676
|
-
}
|
|
677
|
-
get runtime() {
|
|
678
|
-
return this._runtime;
|
|
679
|
-
}
|
|
680
|
-
get timeout() {
|
|
681
|
-
return this._timeout;
|
|
682
|
-
}
|
|
683
|
-
addAlias(aliasName, options) {
|
|
684
|
-
return this._lambda.addAlias(aliasName, options);
|
|
685
|
-
}
|
|
686
|
-
addLayers(...layers) {
|
|
687
|
-
this._lambda.addLayers(...layers);
|
|
688
|
-
}
|
|
689
|
-
invalidateVersionBasedOn(x) {
|
|
690
|
-
this._lambda.invalidateVersionBasedOn(x);
|
|
691
|
-
}
|
|
692
|
-
metricConcurrentExecutions(props) {
|
|
693
|
-
return new cloudwatch__namespace.Metric({
|
|
694
|
-
namespace: "AWS/Lambda",
|
|
695
|
-
metricName: "ConcurrentExecutions",
|
|
696
|
-
dimensionsMap: {
|
|
697
|
-
FunctionName: this.functionName,
|
|
698
|
-
},
|
|
699
|
-
...props,
|
|
700
|
-
});
|
|
701
|
-
}
|
|
702
|
-
metricUnreservedConcurrentExecutions(props) {
|
|
703
|
-
return new cloudwatch__namespace.Metric({
|
|
704
|
-
namespace: "AWS/Lambda",
|
|
705
|
-
metricName: "UnreservedConcurrentExecutions",
|
|
706
|
-
...props,
|
|
707
|
-
});
|
|
708
|
-
}
|
|
709
|
-
addVersion(name, codeSha256, description, provisionedExecutions, asyncInvokeConfig) {
|
|
710
|
-
return new lambda__namespace.Version(this, name, {
|
|
711
|
-
lambda: this._lambda,
|
|
712
|
-
codeSha256,
|
|
713
|
-
description,
|
|
714
|
-
provisionedConcurrentExecutions: provisionedExecutions,
|
|
715
|
-
...asyncInvokeConfig,
|
|
716
|
-
});
|
|
717
|
-
}
|
|
718
|
-
get memorySize() {
|
|
719
|
-
return this._memorySize;
|
|
720
|
-
}
|
|
721
|
-
get handler() {
|
|
722
|
-
return this._handler;
|
|
723
|
-
}
|
|
724
|
-
get environment() {
|
|
725
|
-
return this._environment;
|
|
726
|
-
}
|
|
727
|
-
get layers() {
|
|
728
|
-
return this._layers;
|
|
729
|
-
}
|
|
730
|
-
get maxEventAge() {
|
|
731
|
-
return this._maxEventAge;
|
|
732
|
-
}
|
|
733
|
-
get retryAttempts() {
|
|
734
|
-
return this._retryAttempts;
|
|
735
|
-
}
|
|
736
|
-
get reservedConcurrentExecutions() {
|
|
737
|
-
return this._reservedConcurrentExecutions;
|
|
738
|
-
}
|
|
739
|
-
get description() {
|
|
740
|
-
return this._description;
|
|
741
|
-
}
|
|
742
|
-
get initialPolicy() {
|
|
743
|
-
return this._initialPolicy;
|
|
744
|
-
}
|
|
745
|
-
get logRetentionRole() {
|
|
746
|
-
return this._logRetentionRole;
|
|
747
|
-
}
|
|
748
|
-
get logRetentionRetryOptions() {
|
|
749
|
-
return this._logRetentionRetryOptions;
|
|
750
|
-
}
|
|
751
|
-
get tracing() {
|
|
752
|
-
return this._tracing;
|
|
753
|
-
}
|
|
754
|
-
get profiling() {
|
|
755
|
-
return this._profiling;
|
|
756
|
-
}
|
|
757
|
-
get profilingGroup() {
|
|
758
|
-
return this._profilingGroup;
|
|
759
|
-
}
|
|
760
|
-
get environmentEncryption() {
|
|
761
|
-
return this._environmentEncryption;
|
|
762
|
-
}
|
|
763
|
-
get codeSigningConfig() {
|
|
764
|
-
return this._codeSigningConfig;
|
|
765
|
-
}
|
|
766
|
-
get filesystemConfig() {
|
|
767
|
-
return this._filesystemConfigs?.[0];
|
|
768
|
-
}
|
|
769
|
-
get filesystemConfigs() {
|
|
770
|
-
return this._filesystemConfigs;
|
|
771
|
-
}
|
|
772
|
-
get ephemeralStorageSize() {
|
|
773
|
-
return this._ephemeralStorageSize;
|
|
774
|
-
}
|
|
775
|
-
get runtimeManagementMode() {
|
|
776
|
-
return this._runtimeManagementMode;
|
|
777
|
-
}
|
|
778
|
-
get architectureLabel() {
|
|
779
|
-
return this._lambda.architecture.name;
|
|
780
|
-
}
|
|
781
|
-
get vpc() {
|
|
782
|
-
return this._vpc;
|
|
783
|
-
}
|
|
784
|
-
get vpcSubnets() {
|
|
785
|
-
return this._vpcSubnets;
|
|
786
|
-
}
|
|
787
|
-
get securityGroups() {
|
|
788
|
-
return this._securityGroups;
|
|
789
|
-
}
|
|
790
|
-
get allowAllOutbound() {
|
|
791
|
-
return this._allowAllOutbound;
|
|
792
|
-
}
|
|
793
|
-
get allowPublicSubnet() {
|
|
794
|
-
return this._allowPublicSubnet;
|
|
795
|
-
}
|
|
796
|
-
get canCreateLambdaLogGroup() {
|
|
797
|
-
return true;
|
|
798
|
-
}
|
|
799
|
-
get canCreatePermissions() {
|
|
800
|
-
return true;
|
|
801
|
-
}
|
|
802
|
-
get deadLetterQueueEnabled() {
|
|
803
|
-
return this._lambda.deadLetterQueue !== undefined || this._lambda.deadLetterTopic !== undefined;
|
|
804
|
-
}
|
|
805
638
|
}
|
|
806
639
|
|
|
807
640
|
class JaypieQueuedLambda extends constructs.Construct {
|
|
808
641
|
constructor(scope, id, props) {
|
|
809
642
|
super(scope, id);
|
|
810
|
-
const { batchSize = 1, code, environment = {}, envSecrets = {}, fifo = true, handler = "index.handler", layers = [], logRetention = cdk.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_22_X, secrets = [], timeout = cdk
|
|
643
|
+
const { batchSize = 1, code, environment = {}, envSecrets = {}, fifo = true, handler = "index.handler", layers = [], logRetention = cdk$1.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk$1.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_22_X, secrets = [], timeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), vendorTag, visibilityTimeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), } = props;
|
|
811
644
|
// Create SQS Queue
|
|
812
645
|
this._queue = new sqs__namespace.Queue(this, "Queue", {
|
|
813
646
|
fifo,
|
|
814
647
|
visibilityTimeout: typeof visibilityTimeout === "number"
|
|
815
|
-
? cdk
|
|
648
|
+
? cdk.Duration.seconds(visibilityTimeout)
|
|
816
649
|
: visibilityTimeout,
|
|
817
650
|
});
|
|
818
651
|
if (roleTag) {
|
|
819
|
-
cdk
|
|
652
|
+
cdk.Tags.of(this._queue).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
820
653
|
}
|
|
821
654
|
if (vendorTag) {
|
|
822
|
-
cdk
|
|
655
|
+
cdk.Tags.of(this._queue).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
|
|
823
656
|
}
|
|
824
657
|
// Create Lambda with JaypieLambda
|
|
825
658
|
this._lambdaConstruct = new JaypieLambda(this, "Function", {
|
|
@@ -940,12 +773,12 @@ class JaypieQueuedLambda extends constructs.Construct {
|
|
|
940
773
|
}
|
|
941
774
|
get env() {
|
|
942
775
|
return {
|
|
943
|
-
account: cdk
|
|
944
|
-
region: cdk
|
|
776
|
+
account: cdk.Stack.of(this).account,
|
|
777
|
+
region: cdk.Stack.of(this).region,
|
|
945
778
|
};
|
|
946
779
|
}
|
|
947
780
|
get stack() {
|
|
948
|
-
return cdk
|
|
781
|
+
return cdk.Stack.of(this);
|
|
949
782
|
}
|
|
950
783
|
applyRemovalPolicy(policy) {
|
|
951
784
|
this._lambdaConstruct.applyRemovalPolicy(policy);
|
|
@@ -1020,15 +853,15 @@ class JaypieBucketQueuedLambda extends JaypieQueuedLambda {
|
|
|
1020
853
|
// Create S3 Bucket
|
|
1021
854
|
this._bucket = new s3__namespace.Bucket(this, "Bucket", {
|
|
1022
855
|
bucketName: bucketOptions.bucketName || bucketName,
|
|
1023
|
-
removalPolicy: bucketOptions.removalPolicy || cdk
|
|
856
|
+
removalPolicy: bucketOptions.removalPolicy || cdk.RemovalPolicy.RETAIN,
|
|
1024
857
|
...bucketOptions,
|
|
1025
858
|
});
|
|
1026
859
|
// Add tags to bucket
|
|
1027
860
|
if (roleTag) {
|
|
1028
|
-
cdk
|
|
861
|
+
cdk.Tags.of(this._bucket).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
1029
862
|
}
|
|
1030
863
|
if (vendorTag) {
|
|
1031
|
-
cdk
|
|
864
|
+
cdk.Tags.of(this._bucket).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
|
|
1032
865
|
}
|
|
1033
866
|
// Add an event notification from the bucket to the queue
|
|
1034
867
|
this._bucket.addEventNotification(s3__namespace.EventType.OBJECT_CREATED, new s3n__namespace.SqsDestination(this.queue));
|
|
@@ -1193,13 +1026,13 @@ class JaypieBucketQueuedLambda extends JaypieQueuedLambda {
|
|
|
1193
1026
|
|
|
1194
1027
|
// It is a consumer if the environment is ephemeral
|
|
1195
1028
|
function checkEnvIsConsumer(env = process.env) {
|
|
1196
|
-
return (env.PROJECT_ENV === cdk.CDK.ENV.PERSONAL ||
|
|
1029
|
+
return (env.PROJECT_ENV === cdk$1.CDK.ENV.PERSONAL ||
|
|
1197
1030
|
!!env.CDK_ENV_PERSONAL ||
|
|
1198
1031
|
/** @deprecated */ env.PROJECT_ENV === "ephemeral" ||
|
|
1199
1032
|
/** @deprecated */ !!env.CDK_ENV_EPHEMERAL);
|
|
1200
1033
|
}
|
|
1201
1034
|
function checkEnvIsProvider(env = process.env) {
|
|
1202
|
-
return env.PROJECT_ENV === cdk.CDK.ENV.SANDBOX;
|
|
1035
|
+
return env.PROJECT_ENV === cdk$1.CDK.ENV.SANDBOX;
|
|
1203
1036
|
}
|
|
1204
1037
|
function cleanName(name) {
|
|
1205
1038
|
return name.replace(/[^a-zA-Z0-9:-]/g, "");
|
|
@@ -1213,7 +1046,7 @@ function exportEnvName(name, env = process.env) {
|
|
|
1213
1046
|
}
|
|
1214
1047
|
else {
|
|
1215
1048
|
if (checkEnvIsConsumer(env)) {
|
|
1216
|
-
rawName = `env-${cdk.CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;
|
|
1049
|
+
rawName = `env-${cdk$1.CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;
|
|
1217
1050
|
}
|
|
1218
1051
|
else {
|
|
1219
1052
|
rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
|
|
@@ -1234,10 +1067,10 @@ class JaypieEnvSecret extends constructs.Construct {
|
|
|
1234
1067
|
exportName = cleanName(exportParam);
|
|
1235
1068
|
}
|
|
1236
1069
|
if (consumer) {
|
|
1237
|
-
const secretName = cdk
|
|
1070
|
+
const secretName = cdk.Fn.importValue(exportName);
|
|
1238
1071
|
this._secret = secretsmanager__namespace.Secret.fromSecretNameV2(this, id, secretName);
|
|
1239
1072
|
// Add CfnOutput for consumer secrets
|
|
1240
|
-
new cdk
|
|
1073
|
+
new cdk.CfnOutput(this, `ConsumedName`, {
|
|
1241
1074
|
value: this._secret.secretName,
|
|
1242
1075
|
});
|
|
1243
1076
|
}
|
|
@@ -1246,24 +1079,24 @@ class JaypieEnvSecret extends constructs.Construct {
|
|
|
1246
1079
|
const secretProps = {
|
|
1247
1080
|
generateSecretString,
|
|
1248
1081
|
secretStringValue: !generateSecretString && secretValue
|
|
1249
|
-
? cdk
|
|
1082
|
+
? cdk.SecretValue.unsafePlainText(secretValue)
|
|
1250
1083
|
: undefined,
|
|
1251
1084
|
};
|
|
1252
1085
|
this._secret = new secretsmanager__namespace.Secret(this, id, secretProps);
|
|
1253
1086
|
if (roleTag) {
|
|
1254
|
-
cdk
|
|
1087
|
+
cdk.Tags.of(this._secret).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
1255
1088
|
}
|
|
1256
1089
|
if (vendorTag) {
|
|
1257
|
-
cdk
|
|
1090
|
+
cdk.Tags.of(this._secret).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
|
|
1258
1091
|
}
|
|
1259
1092
|
if (provider) {
|
|
1260
|
-
new cdk
|
|
1093
|
+
new cdk.CfnOutput(this, `ProvidedName`, {
|
|
1261
1094
|
value: this._secret.secretName,
|
|
1262
1095
|
exportName,
|
|
1263
1096
|
});
|
|
1264
1097
|
}
|
|
1265
1098
|
else {
|
|
1266
|
-
new cdk
|
|
1099
|
+
new cdk.CfnOutput(this, `CreatedName`, {
|
|
1267
1100
|
value: this._secret.secretName,
|
|
1268
1101
|
});
|
|
1269
1102
|
}
|
|
@@ -1271,12 +1104,12 @@ class JaypieEnvSecret extends constructs.Construct {
|
|
|
1271
1104
|
}
|
|
1272
1105
|
// IResource implementation
|
|
1273
1106
|
get stack() {
|
|
1274
|
-
return cdk
|
|
1107
|
+
return cdk.Stack.of(this);
|
|
1275
1108
|
}
|
|
1276
1109
|
get env() {
|
|
1277
1110
|
return {
|
|
1278
|
-
account: cdk
|
|
1279
|
-
region: cdk
|
|
1111
|
+
account: cdk.Stack.of(this).account,
|
|
1112
|
+
region: cdk.Stack.of(this).region,
|
|
1280
1113
|
};
|
|
1281
1114
|
}
|
|
1282
1115
|
applyRemovalPolicy(policy) {
|
|
@@ -1328,8 +1161,8 @@ class JaypieDatadogSecret extends JaypieEnvSecret {
|
|
|
1328
1161
|
constructor(scope, id = "MongoConnectionString", props) {
|
|
1329
1162
|
const defaultProps = {
|
|
1330
1163
|
envKey: "DATADOG_API_KEY",
|
|
1331
|
-
roleTag: cdk.CDK.ROLE.MONITORING,
|
|
1332
|
-
vendorTag: cdk.CDK.VENDOR.DATADOG,
|
|
1164
|
+
roleTag: cdk$1.CDK.ROLE.MONITORING,
|
|
1165
|
+
vendorTag: cdk$1.CDK.VENDOR.DATADOG,
|
|
1333
1166
|
...props,
|
|
1334
1167
|
};
|
|
1335
1168
|
super(scope, id, defaultProps);
|
|
@@ -1339,8 +1172,8 @@ class JaypieDatadogSecret extends JaypieEnvSecret {
|
|
|
1339
1172
|
class JaypieExpressLambda extends JaypieLambda {
|
|
1340
1173
|
constructor(scope, id, props) {
|
|
1341
1174
|
super(scope, id, {
|
|
1342
|
-
timeout: cdk
|
|
1343
|
-
roleTag: cdk.CDK.ROLE.API,
|
|
1175
|
+
timeout: cdk.Duration.seconds(cdk$1.CDK.DURATION.EXPRESS_API),
|
|
1176
|
+
roleTag: cdk$1.CDK.ROLE.API,
|
|
1344
1177
|
...props,
|
|
1345
1178
|
});
|
|
1346
1179
|
}
|
|
@@ -1356,7 +1189,7 @@ class JaypieHostedZone extends constructs.Construct {
|
|
|
1356
1189
|
constructor(scope, id, props) {
|
|
1357
1190
|
super(scope, id);
|
|
1358
1191
|
const { destination, zoneName, project } = props;
|
|
1359
|
-
const service = props.service || cdk.CDK.SERVICE.INFRASTRUCTURE;
|
|
1192
|
+
const service = props.service || cdk$1.CDK.SERVICE.INFRASTRUCTURE;
|
|
1360
1193
|
// Create the log group
|
|
1361
1194
|
this.logGroup = new awsLogs.LogGroup(this, "LogGroup", {
|
|
1362
1195
|
logGroupName: process.env.PROJECT_NONCE
|
|
@@ -1365,10 +1198,10 @@ class JaypieHostedZone extends constructs.Construct {
|
|
|
1365
1198
|
retention: awsLogs.RetentionDays.ONE_WEEK,
|
|
1366
1199
|
});
|
|
1367
1200
|
// Add tags
|
|
1368
|
-
cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.SERVICE, service);
|
|
1369
|
-
cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
|
|
1201
|
+
cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.SERVICE, service);
|
|
1202
|
+
cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
|
|
1370
1203
|
if (project) {
|
|
1371
|
-
cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.PROJECT, project);
|
|
1204
|
+
cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.PROJECT, project);
|
|
1372
1205
|
}
|
|
1373
1206
|
// Grant Route 53 permissions to write to the log group
|
|
1374
1207
|
this.logGroup.grantWrite(new awsIam.ServicePrincipal(SERVICE.ROUTE53));
|
|
@@ -1385,10 +1218,10 @@ class JaypieHostedZone extends constructs.Construct {
|
|
|
1385
1218
|
zoneName,
|
|
1386
1219
|
});
|
|
1387
1220
|
// Add tags
|
|
1388
|
-
cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.SERVICE, service);
|
|
1389
|
-
cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
|
|
1221
|
+
cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.SERVICE, service);
|
|
1222
|
+
cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
|
|
1390
1223
|
if (project) {
|
|
1391
|
-
cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.PROJECT, project);
|
|
1224
|
+
cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.PROJECT, project);
|
|
1392
1225
|
}
|
|
1393
1226
|
}
|
|
1394
1227
|
}
|
|
@@ -1408,7 +1241,7 @@ class JaypieInfrastructureStack extends JaypieStack {
|
|
|
1408
1241
|
super(scope, id, { key, ...stackProps });
|
|
1409
1242
|
// Add infrastructure-specific tag
|
|
1410
1243
|
if (process.env.CDK_ENV_INFRASTRUCTURE_STACK_SHA) {
|
|
1411
|
-
cdk
|
|
1244
|
+
cdk.Tags.of(this).add(CDK.TAG.STACK_SHA, process.env.CDK_ENV_INFRASTRUCTURE_STACK_SHA);
|
|
1412
1245
|
}
|
|
1413
1246
|
}
|
|
1414
1247
|
}
|
|
@@ -1417,8 +1250,8 @@ class JaypieMongoDbSecret extends JaypieEnvSecret {
|
|
|
1417
1250
|
constructor(scope, id = "MongoConnectionString", props) {
|
|
1418
1251
|
const defaultProps = {
|
|
1419
1252
|
envKey: "MONGODB_URI",
|
|
1420
|
-
roleTag: cdk.CDK.ROLE.STORAGE,
|
|
1421
|
-
vendorTag: cdk.CDK.VENDOR.MONGODB,
|
|
1253
|
+
roleTag: cdk$1.CDK.ROLE.STORAGE,
|
|
1254
|
+
vendorTag: cdk$1.CDK.VENDOR.MONGODB,
|
|
1422
1255
|
...props,
|
|
1423
1256
|
};
|
|
1424
1257
|
super(scope, id, defaultProps);
|
|
@@ -1429,8 +1262,8 @@ class JaypieOpenAiSecret extends JaypieEnvSecret {
|
|
|
1429
1262
|
constructor(scope, id = "OpenAiApiKey", props) {
|
|
1430
1263
|
const defaultProps = {
|
|
1431
1264
|
envKey: "OPENAI_API_KEY",
|
|
1432
|
-
roleTag: cdk.CDK.ROLE.PROCESSING,
|
|
1433
|
-
vendorTag: cdk.CDK.VENDOR.OPENAI,
|
|
1265
|
+
roleTag: cdk$1.CDK.ROLE.PROCESSING,
|
|
1266
|
+
vendorTag: cdk$1.CDK.VENDOR.OPENAI,
|
|
1434
1267
|
...props,
|
|
1435
1268
|
};
|
|
1436
1269
|
super(scope, id, defaultProps);
|
|
@@ -1490,11 +1323,11 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1490
1323
|
instanceArn: this.instanceArn,
|
|
1491
1324
|
name: exports.PermissionSetType.ADMINISTRATOR,
|
|
1492
1325
|
description: "Full administrative access to all AWS services and resources",
|
|
1493
|
-
sessionDuration: cdk
|
|
1326
|
+
sessionDuration: cdk.Duration.hours(8).toIsoString(),
|
|
1494
1327
|
managedPolicies: ["arn:aws:iam::aws:policy/AdministratorAccess"],
|
|
1495
1328
|
inlinePolicy: mergedPolicy,
|
|
1496
1329
|
});
|
|
1497
|
-
cdk
|
|
1330
|
+
cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
|
|
1498
1331
|
this.permissionSets[exports.PermissionSetType.ADMINISTRATOR] = permissionSet;
|
|
1499
1332
|
}
|
|
1500
1333
|
/**
|
|
@@ -1527,11 +1360,11 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1527
1360
|
instanceArn: this.instanceArn,
|
|
1528
1361
|
name: exports.PermissionSetType.ANALYST,
|
|
1529
1362
|
description: "Read-only access with billing visibility and limited write access",
|
|
1530
|
-
sessionDuration: cdk
|
|
1363
|
+
sessionDuration: cdk.Duration.hours(4).toIsoString(),
|
|
1531
1364
|
managedPolicies: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
|
|
1532
1365
|
inlinePolicy: mergedPolicy,
|
|
1533
1366
|
});
|
|
1534
|
-
cdk
|
|
1367
|
+
cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
|
|
1535
1368
|
this.permissionSets[exports.PermissionSetType.ANALYST] = permissionSet;
|
|
1536
1369
|
}
|
|
1537
1370
|
/**
|
|
@@ -1579,13 +1412,13 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1579
1412
|
instanceArn: this.instanceArn,
|
|
1580
1413
|
name: exports.PermissionSetType.DEVELOPER,
|
|
1581
1414
|
description: "System administrator access with expanded write permissions",
|
|
1582
|
-
sessionDuration: cdk
|
|
1415
|
+
sessionDuration: cdk.Duration.hours(8).toIsoString(),
|
|
1583
1416
|
managedPolicies: [
|
|
1584
1417
|
"arn:aws:iam::aws:policy/job-function/SystemAdministrator",
|
|
1585
1418
|
],
|
|
1586
1419
|
inlinePolicy: mergedPolicy,
|
|
1587
1420
|
});
|
|
1588
|
-
cdk
|
|
1421
|
+
cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
|
|
1589
1422
|
this.permissionSets[exports.PermissionSetType.DEVELOPER] = permissionSet;
|
|
1590
1423
|
}
|
|
1591
1424
|
/**
|
|
@@ -1652,8 +1485,8 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1652
1485
|
targetId: accountId,
|
|
1653
1486
|
targetType: "AWS_ACCOUNT",
|
|
1654
1487
|
});
|
|
1655
|
-
cdk
|
|
1656
|
-
cdk
|
|
1488
|
+
cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
|
|
1489
|
+
cdk.Tags.of(assignment).add("Group", "administrators");
|
|
1657
1490
|
});
|
|
1658
1491
|
}
|
|
1659
1492
|
/**
|
|
@@ -1679,8 +1512,8 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1679
1512
|
targetId: accountId,
|
|
1680
1513
|
targetType: "AWS_ACCOUNT",
|
|
1681
1514
|
});
|
|
1682
|
-
cdk
|
|
1683
|
-
cdk
|
|
1515
|
+
cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
|
|
1516
|
+
cdk.Tags.of(assignment).add("Group", "analysts");
|
|
1684
1517
|
});
|
|
1685
1518
|
}
|
|
1686
1519
|
/**
|
|
@@ -1705,8 +1538,8 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1705
1538
|
targetId: accountId,
|
|
1706
1539
|
targetType: "AWS_ACCOUNT",
|
|
1707
1540
|
});
|
|
1708
|
-
cdk
|
|
1709
|
-
cdk
|
|
1541
|
+
cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
|
|
1542
|
+
cdk.Tags.of(assignment).add("Group", "developers");
|
|
1710
1543
|
});
|
|
1711
1544
|
}
|
|
1712
1545
|
}
|
|
@@ -1715,8 +1548,8 @@ class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
|
|
|
1715
1548
|
constructor(scope, id = "TraceSigningKey", props) {
|
|
1716
1549
|
const defaultProps = {
|
|
1717
1550
|
envKey: "TRACE_SIGNING_KEY",
|
|
1718
|
-
roleTag: cdk.CDK.ROLE.API,
|
|
1719
|
-
vendorTag: cdk.CDK.VENDOR.KNOWTRACE,
|
|
1551
|
+
roleTag: cdk$1.CDK.ROLE.API,
|
|
1552
|
+
vendorTag: cdk$1.CDK.VENDOR.KNOWTRACE,
|
|
1720
1553
|
...props,
|
|
1721
1554
|
};
|
|
1722
1555
|
super(scope, id, defaultProps);
|
|
@@ -1726,19 +1559,19 @@ class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
|
|
|
1726
1559
|
class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
1727
1560
|
constructor(scope, id, props = {}) {
|
|
1728
1561
|
super(scope, id);
|
|
1729
|
-
const roleTag = props.roleTag || cdk.CDK.ROLE.HOSTING;
|
|
1562
|
+
const roleTag = props.roleTag || cdk$1.CDK.ROLE.HOSTING;
|
|
1730
1563
|
// Environment variable validation
|
|
1731
1564
|
if (process.env.CDK_ENV_WEB_SUBDOMAIN &&
|
|
1732
|
-
!cdk.isValidSubdomain(process.env.CDK_ENV_WEB_SUBDOMAIN)) {
|
|
1733
|
-
throw new cdk.ConfigurationError("CDK_ENV_WEB_SUBDOMAIN is not a valid subdomain");
|
|
1565
|
+
!cdk$1.isValidSubdomain(process.env.CDK_ENV_WEB_SUBDOMAIN)) {
|
|
1566
|
+
throw new cdk$1.ConfigurationError("CDK_ENV_WEB_SUBDOMAIN is not a valid subdomain");
|
|
1734
1567
|
}
|
|
1735
1568
|
if (process.env.CDK_ENV_WEB_HOSTED_ZONE &&
|
|
1736
|
-
!cdk.isValidHostname(process.env.CDK_ENV_WEB_HOSTED_ZONE)) {
|
|
1737
|
-
throw new cdk.ConfigurationError("CDK_ENV_WEB_HOSTED_ZONE is not a valid hostname");
|
|
1569
|
+
!cdk$1.isValidHostname(process.env.CDK_ENV_WEB_HOSTED_ZONE)) {
|
|
1570
|
+
throw new cdk$1.ConfigurationError("CDK_ENV_WEB_HOSTED_ZONE is not a valid hostname");
|
|
1738
1571
|
}
|
|
1739
1572
|
if (process.env.CDK_ENV_HOSTED_ZONE &&
|
|
1740
|
-
!cdk.isValidHostname(process.env.CDK_ENV_HOSTED_ZONE)) {
|
|
1741
|
-
throw new cdk.ConfigurationError("CDK_ENV_HOSTED_ZONE is not a valid hostname");
|
|
1573
|
+
!cdk$1.isValidHostname(process.env.CDK_ENV_HOSTED_ZONE)) {
|
|
1574
|
+
throw new cdk$1.ConfigurationError("CDK_ENV_HOSTED_ZONE is not a valid hostname");
|
|
1742
1575
|
}
|
|
1743
1576
|
// Determine host from props or environment
|
|
1744
1577
|
let host = props.host;
|
|
@@ -1746,7 +1579,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1746
1579
|
try {
|
|
1747
1580
|
host =
|
|
1748
1581
|
process.env.CDK_ENV_WEB_HOST ||
|
|
1749
|
-
cdk.mergeDomain(process.env.CDK_ENV_WEB_SUBDOMAIN || "", process.env.CDK_ENV_WEB_HOSTED_ZONE ||
|
|
1582
|
+
cdk$1.mergeDomain(process.env.CDK_ENV_WEB_SUBDOMAIN || "", process.env.CDK_ENV_WEB_HOSTED_ZONE ||
|
|
1750
1583
|
process.env.CDK_ENV_HOSTED_ZONE ||
|
|
1751
1584
|
"");
|
|
1752
1585
|
}
|
|
@@ -1754,8 +1587,8 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1754
1587
|
host = undefined;
|
|
1755
1588
|
}
|
|
1756
1589
|
}
|
|
1757
|
-
if (host && !cdk.isValidHostname(host)) {
|
|
1758
|
-
throw new cdk.ConfigurationError("Host is not a valid hostname");
|
|
1590
|
+
if (host && !cdk$1.isValidHostname(host)) {
|
|
1591
|
+
throw new cdk$1.ConfigurationError("Host is not a valid hostname");
|
|
1759
1592
|
}
|
|
1760
1593
|
// Determine zone from props or environment
|
|
1761
1594
|
const zone = props.zone ||
|
|
@@ -1768,7 +1601,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1768
1601
|
blockPublicAccess: s3__namespace.BlockPublicAccess.BLOCK_ACLS,
|
|
1769
1602
|
bucketName: props.name || constructEnvName("web"),
|
|
1770
1603
|
publicReadAccess: true,
|
|
1771
|
-
removalPolicy: cdk
|
|
1604
|
+
removalPolicy: cdk.RemovalPolicy.DESTROY,
|
|
1772
1605
|
versioned: false,
|
|
1773
1606
|
websiteErrorDocument: "index.html",
|
|
1774
1607
|
websiteIndexDocument: "index.html",
|
|
@@ -1786,7 +1619,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1786
1619
|
this.isWebsite = this.bucket.isWebsite;
|
|
1787
1620
|
this.notificationsHandlerRole = undefined;
|
|
1788
1621
|
this.policy = this.bucket.policy;
|
|
1789
|
-
cdk
|
|
1622
|
+
cdk.Tags.of(this.bucket).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
1790
1623
|
// Create deployment role if repository is configured
|
|
1791
1624
|
let repo;
|
|
1792
1625
|
if (process.env.CDK_ENV_REPO) {
|
|
@@ -1794,14 +1627,14 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1794
1627
|
}
|
|
1795
1628
|
if (repo) {
|
|
1796
1629
|
const bucketDeployRole = new awsIam.Role(this, "DestinationBucketDeployRole", {
|
|
1797
|
-
assumedBy: new awsIam.FederatedPrincipal(cdk
|
|
1630
|
+
assumedBy: new awsIam.FederatedPrincipal(cdk.Fn.importValue(cdk$1.CDK.IMPORT.OIDC_PROVIDER), {
|
|
1798
1631
|
StringLike: {
|
|
1799
1632
|
"token.actions.githubusercontent.com:sub": repo,
|
|
1800
1633
|
},
|
|
1801
1634
|
}, "sts:AssumeRoleWithWebIdentity"),
|
|
1802
|
-
maxSessionDuration: cdk
|
|
1635
|
+
maxSessionDuration: cdk.Duration.hours(1),
|
|
1803
1636
|
});
|
|
1804
|
-
cdk
|
|
1637
|
+
cdk.Tags.of(bucketDeployRole).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.DEPLOY);
|
|
1805
1638
|
// Allow the role to write to the bucket
|
|
1806
1639
|
bucketDeployRole.addToPolicy(new awsIam.PolicyStatement({
|
|
1807
1640
|
effect: awsIam.Effect.ALLOW,
|
|
@@ -1826,7 +1659,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1826
1659
|
}));
|
|
1827
1660
|
this.deployRoleArn = bucketDeployRole.roleArn;
|
|
1828
1661
|
// Output the deploy role ARN
|
|
1829
|
-
new cdk
|
|
1662
|
+
new cdk.CfnOutput(this, "DestinationBucketDeployRoleArn", {
|
|
1830
1663
|
value: bucketDeployRole.roleArn,
|
|
1831
1664
|
});
|
|
1832
1665
|
}
|
|
@@ -1846,10 +1679,10 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1846
1679
|
domainName: host,
|
|
1847
1680
|
validation: acm__namespace.CertificateValidation.fromDns(hostedZone),
|
|
1848
1681
|
});
|
|
1849
|
-
new cdk
|
|
1682
|
+
new cdk.CfnOutput(this, "CertificateArn", {
|
|
1850
1683
|
value: this.certificate.certificateArn,
|
|
1851
1684
|
});
|
|
1852
|
-
cdk
|
|
1685
|
+
cdk.Tags.of(this.certificate).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
1853
1686
|
}
|
|
1854
1687
|
// Create CloudFront distribution
|
|
1855
1688
|
this.distribution = new cloudfront__namespace.Distribution(this, "Distribution", {
|
|
@@ -1861,7 +1694,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1861
1694
|
certificate: this.certificate,
|
|
1862
1695
|
domainNames: [host],
|
|
1863
1696
|
});
|
|
1864
|
-
cdk
|
|
1697
|
+
cdk.Tags.of(this.distribution).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
1865
1698
|
// If this is production, enable caching on everything but index.html
|
|
1866
1699
|
if (isProductionEnv()) {
|
|
1867
1700
|
this.distribution.addBehavior("/*", new origins__namespace.S3Origin(this.bucket), {
|
|
@@ -1875,7 +1708,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1875
1708
|
target: route53__namespace.RecordTarget.fromAlias(new route53Targets__namespace.CloudFrontTarget(this.distribution)),
|
|
1876
1709
|
zone: hostedZone,
|
|
1877
1710
|
});
|
|
1878
|
-
cdk
|
|
1711
|
+
cdk.Tags.of(record).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
|
|
1879
1712
|
this.distributionDomainName = this.distribution.distributionDomainName;
|
|
1880
1713
|
}
|
|
1881
1714
|
}
|
|
@@ -1918,6 +1751,9 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1918
1751
|
grantWrite(identity, objectsKeyPattern) {
|
|
1919
1752
|
return this.bucket.grantWrite(identity, objectsKeyPattern);
|
|
1920
1753
|
}
|
|
1754
|
+
grantReplicationPermission(identity, props) {
|
|
1755
|
+
return this.bucket.grantReplicationPermission(identity, props);
|
|
1756
|
+
}
|
|
1921
1757
|
s3UrlForObject(key) {
|
|
1922
1758
|
return this.bucket.s3UrlForObject(key);
|
|
1923
1759
|
}
|
|
@@ -1986,8 +1822,9 @@ exports.JaypieTraceSigningKeySecret = JaypieTraceSigningKeySecret;
|
|
|
1986
1822
|
exports.JaypieWebDeploymentBucket = JaypieWebDeploymentBucket;
|
|
1987
1823
|
exports.constructEnvName = constructEnvName;
|
|
1988
1824
|
exports.constructStackName = constructStackName;
|
|
1825
|
+
exports.constructTagger = constructTagger;
|
|
1826
|
+
exports.envHostname = envHostname;
|
|
1989
1827
|
exports.isEnv = isEnv;
|
|
1990
1828
|
exports.isProductionEnv = isProductionEnv;
|
|
1991
1829
|
exports.isSandboxEnv = isSandboxEnv;
|
|
1992
|
-
exports.stackTagger = stackTagger;
|
|
1993
1830
|
//# sourceMappingURL=index.cjs.map
|