@jaypie/constructs 1.1.39 → 1.1.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/JaypieWebDeploymentBucket.d.ts +1 -0
- package/dist/cjs/helpers/__tests__/envHostname.spec.d.ts +1 -0
- package/dist/cjs/helpers/constructTagger.d.ts +4 -0
- package/dist/cjs/helpers/envHostname.d.ts +6 -0
- package/dist/cjs/helpers/index.d.ts +2 -1
- package/dist/cjs/index.cjs +155 -134
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/esm/JaypieWebDeploymentBucket.d.ts +1 -0
- package/dist/esm/helpers/__tests__/envHostname.spec.d.ts +1 -0
- package/dist/esm/helpers/constructTagger.d.ts +4 -0
- package/dist/esm/helpers/envHostname.d.ts +6 -0
- package/dist/esm/helpers/index.d.ts +2 -1
- package/dist/esm/index.js +57 -37
- package/dist/esm/index.js.map +1 -1
- package/package.json +2 -2
- package/dist/cjs/helpers/stackTagger.d.ts +0 -4
- package/dist/esm/helpers/stackTagger.d.ts +0 -4
package/dist/cjs/index.cjs
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var constructs = require('constructs');
|
|
4
|
-
var cdk
|
|
4
|
+
var cdk = require('aws-cdk-lib');
|
|
5
5
|
var acm = require('aws-cdk-lib/aws-certificatemanager');
|
|
6
6
|
var apiGateway = require('aws-cdk-lib/aws-apigateway');
|
|
7
7
|
var route53 = require('aws-cdk-lib/aws-route53');
|
|
8
8
|
var route53Targets = require('aws-cdk-lib/aws-route53-targets');
|
|
9
|
-
var cdk = require('@jaypie/cdk');
|
|
9
|
+
var cdk$1 = require('@jaypie/cdk');
|
|
10
10
|
var s3 = require('aws-cdk-lib/aws-s3');
|
|
11
11
|
var s3n = require('aws-cdk-lib/aws-s3-notifications');
|
|
12
12
|
var lambda = require('aws-cdk-lib/aws-lambda');
|
|
@@ -36,7 +36,7 @@ function _interopNamespaceDefault(e) {
|
|
|
36
36
|
return Object.freeze(n);
|
|
37
37
|
}
|
|
38
38
|
|
|
39
|
-
var cdk__namespace = /*#__PURE__*/_interopNamespaceDefault(cdk
|
|
39
|
+
var cdk__namespace = /*#__PURE__*/_interopNamespaceDefault(cdk);
|
|
40
40
|
var acm__namespace = /*#__PURE__*/_interopNamespaceDefault(acm);
|
|
41
41
|
var apiGateway__namespace = /*#__PURE__*/_interopNamespaceDefault(apiGateway);
|
|
42
42
|
var route53__namespace = /*#__PURE__*/_interopNamespaceDefault(route53);
|
|
@@ -54,7 +54,7 @@ var origins__namespace = /*#__PURE__*/_interopNamespaceDefault(origins);
|
|
|
54
54
|
function constructEnvName(name, opts) {
|
|
55
55
|
const env = opts?.env ?? process.env.PROJECT_ENV ?? "build";
|
|
56
56
|
const key = opts?.key ?? process.env.PROJECT_KEY ?? "project";
|
|
57
|
-
const nonce = opts?.nonce ?? process.env.PROJECT_NONCE ?? "cfe2";
|
|
57
|
+
const nonce = opts?.nonce ?? process.env.PROJECT_NONCE ?? "cfe2"; // This default is intentionally short. It is not a special value but should not be changed.
|
|
58
58
|
return `${env}-${key}-${name}-${nonce}`;
|
|
59
59
|
}
|
|
60
60
|
|
|
@@ -67,25 +67,6 @@ function constructStackName(key) {
|
|
|
67
67
|
}
|
|
68
68
|
}
|
|
69
69
|
|
|
70
|
-
/**
|
|
71
|
-
* Check if the current environment matches the given environment
|
|
72
|
-
*/
|
|
73
|
-
function isEnv(env) {
|
|
74
|
-
return process.env.PROJECT_ENV === env;
|
|
75
|
-
}
|
|
76
|
-
/**
|
|
77
|
-
* Check if the current environment is production
|
|
78
|
-
*/
|
|
79
|
-
function isProductionEnv() {
|
|
80
|
-
return isEnv(cdk.CDK.ENV.PRODUCTION);
|
|
81
|
-
}
|
|
82
|
-
/**
|
|
83
|
-
* Check if the current environment is sandbox
|
|
84
|
-
*/
|
|
85
|
-
function isSandboxEnv() {
|
|
86
|
-
return isEnv(cdk.CDK.ENV.SANDBOX);
|
|
87
|
-
}
|
|
88
|
-
|
|
89
70
|
const CDK$1 = {
|
|
90
71
|
CREATION: {
|
|
91
72
|
CDK: "cdk",
|
|
@@ -109,39 +90,75 @@ const CDK$1 = {
|
|
|
109
90
|
VERSION: "version",
|
|
110
91
|
},
|
|
111
92
|
};
|
|
112
|
-
function
|
|
93
|
+
function constructTagger(construct, { name } = {}) {
|
|
113
94
|
const stackName = name || constructStackName();
|
|
114
95
|
const version = process.env.npm_package_version || process.env.PROJECT_VERSION || null;
|
|
115
96
|
if (process.env.PROJECT_COMMIT && process.env.PROJECT_COMMIT.length > 8) {
|
|
116
|
-
cdk
|
|
97
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.BUILD_HEX, process.env.PROJECT_COMMIT.slice(0, 8));
|
|
117
98
|
}
|
|
118
|
-
cdk
|
|
119
|
-
cdk
|
|
99
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.BUILD_DATE, new Date().toISOString());
|
|
100
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.BUILD_TIME, Date.now().toString());
|
|
120
101
|
if (process.env.PROJECT_COMMIT)
|
|
121
|
-
cdk
|
|
122
|
-
cdk
|
|
102
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.COMMIT, process.env.PROJECT_COMMIT);
|
|
103
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.CREATION, CDK$1.CREATION.CDK);
|
|
123
104
|
if (process.env.PROJECT_ENV)
|
|
124
|
-
cdk
|
|
105
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.ENV, process.env.PROJECT_ENV);
|
|
125
106
|
if (process.env.PROJECT_NONCE)
|
|
126
|
-
cdk
|
|
107
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.NONCE, process.env.PROJECT_NONCE);
|
|
127
108
|
if (process.env.PROJECT_KEY)
|
|
128
|
-
cdk
|
|
129
|
-
cdk
|
|
109
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.PROJECT, process.env.PROJECT_KEY);
|
|
110
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.ROLE, CDK$1.ROLE.STACK);
|
|
130
111
|
if (process.env.PROJECT_SERVICE)
|
|
131
|
-
cdk
|
|
112
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.SERVICE, process.env.PROJECT_SERVICE);
|
|
132
113
|
if (process.env.PROJECT_SPONSOR)
|
|
133
|
-
cdk
|
|
114
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.SPONSOR, process.env.PROJECT_SPONSOR);
|
|
134
115
|
if (stackName)
|
|
135
|
-
cdk
|
|
116
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.STACK, stackName);
|
|
136
117
|
if (version)
|
|
137
|
-
cdk
|
|
118
|
+
cdk.Tags.of(construct).add(CDK$1.TAG.VERSION, version);
|
|
138
119
|
return true;
|
|
139
120
|
}
|
|
140
121
|
|
|
122
|
+
function envHostname({ component, domain, env, subdomain, }) {
|
|
123
|
+
const resolvedDomain = domain || process.env.CDK_ENV_DOMAIN || process.env.CDK_ENV_HOSTED_ZONE;
|
|
124
|
+
if (!resolvedDomain) {
|
|
125
|
+
throw new cdk$1.ConfigurationError("No hostname `domain` provided. Set CDK_ENV_DOMAIN or CDK_ENV_HOSTED_ZONE to use environment domain");
|
|
126
|
+
}
|
|
127
|
+
const resolvedComponent = component === "@" || component === "" ? undefined : component;
|
|
128
|
+
const resolvedSubdomain = subdomain || process.env.CDK_ENV_SUBDOMAIN;
|
|
129
|
+
const resolvedEnv = env || process.env.PROJECT_ENV;
|
|
130
|
+
const parts = [
|
|
131
|
+
resolvedComponent,
|
|
132
|
+
resolvedSubdomain,
|
|
133
|
+
resolvedEnv,
|
|
134
|
+
resolvedDomain,
|
|
135
|
+
].filter((part) => part);
|
|
136
|
+
return parts.join(".");
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
/**
|
|
140
|
+
* Check if the current environment matches the given environment
|
|
141
|
+
*/
|
|
142
|
+
function isEnv(env) {
|
|
143
|
+
return process.env.PROJECT_ENV === env;
|
|
144
|
+
}
|
|
145
|
+
/**
|
|
146
|
+
* Check if the current environment is production
|
|
147
|
+
*/
|
|
148
|
+
function isProductionEnv() {
|
|
149
|
+
return isEnv(cdk$1.CDK.ENV.PRODUCTION);
|
|
150
|
+
}
|
|
151
|
+
/**
|
|
152
|
+
* Check if the current environment is sandbox
|
|
153
|
+
*/
|
|
154
|
+
function isSandboxEnv() {
|
|
155
|
+
return isEnv(cdk$1.CDK.ENV.SANDBOX);
|
|
156
|
+
}
|
|
157
|
+
|
|
141
158
|
class JaypieApiGateway extends constructs.Construct {
|
|
142
159
|
constructor(scope, id, props) {
|
|
143
160
|
super(scope, id);
|
|
144
|
-
const { certificate = true, handler, host: propsHost, name, roleTag = cdk.CDK.ROLE.API, zone: propsZone, } = props;
|
|
161
|
+
const { certificate = true, handler, host: propsHost, name, roleTag = cdk$1.CDK.ROLE.API, zone: propsZone, } = props;
|
|
145
162
|
// Determine zone from props or environment
|
|
146
163
|
let zone = propsZone;
|
|
147
164
|
if (!zone && process.env.CDK_ENV_API_HOSTED_ZONE) {
|
|
@@ -155,7 +172,7 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
155
172
|
}
|
|
156
173
|
else if (process.env.CDK_ENV_API_SUBDOMAIN &&
|
|
157
174
|
process.env.CDK_ENV_API_HOSTED_ZONE) {
|
|
158
|
-
host = cdk.mergeDomain(process.env.CDK_ENV_API_SUBDOMAIN, process.env.CDK_ENV_API_HOSTED_ZONE);
|
|
175
|
+
host = cdk$1.mergeDomain(process.env.CDK_ENV_API_SUBDOMAIN, process.env.CDK_ENV_API_HOSTED_ZONE);
|
|
159
176
|
}
|
|
160
177
|
}
|
|
161
178
|
const apiGatewayName = name || constructEnvName("ApiGateway");
|
|
@@ -177,7 +194,7 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
177
194
|
domainName: host,
|
|
178
195
|
validation: acm__namespace.CertificateValidation.fromDns(hostedZone),
|
|
179
196
|
});
|
|
180
|
-
cdk
|
|
197
|
+
cdk.Tags.of(certificateToUse).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.HOSTING);
|
|
181
198
|
}
|
|
182
199
|
else if (typeof certificate === "object") {
|
|
183
200
|
certificateToUse = certificate;
|
|
@@ -196,19 +213,19 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
196
213
|
handler,
|
|
197
214
|
...lambdaRestApiProps,
|
|
198
215
|
});
|
|
199
|
-
cdk
|
|
216
|
+
cdk.Tags.of(this._api).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
200
217
|
if (host && certificateToUse && hostedZone) {
|
|
201
218
|
this._domainName = this._api.addDomainName(apiDomainName, {
|
|
202
219
|
domainName: host,
|
|
203
220
|
certificate: certificateToUse,
|
|
204
221
|
});
|
|
205
|
-
cdk
|
|
222
|
+
cdk.Tags.of(this._domainName).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
206
223
|
const record = new route53__namespace.ARecord(this, "AliasRecord", {
|
|
207
224
|
recordName: host,
|
|
208
225
|
target: route53__namespace.RecordTarget.fromAlias(new route53Targets__namespace.ApiGatewayDomain(this._domainName)),
|
|
209
226
|
zone: hostedZone,
|
|
210
227
|
});
|
|
211
|
-
cdk
|
|
228
|
+
cdk.Tags.of(record).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
|
|
212
229
|
}
|
|
213
230
|
}
|
|
214
231
|
get api() {
|
|
@@ -249,8 +266,8 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
249
266
|
}
|
|
250
267
|
get env() {
|
|
251
268
|
return {
|
|
252
|
-
account: cdk
|
|
253
|
-
region: cdk
|
|
269
|
+
account: cdk.Stack.of(this).account,
|
|
270
|
+
region: cdk.Stack.of(this).region,
|
|
254
271
|
};
|
|
255
272
|
}
|
|
256
273
|
get stack() {
|
|
@@ -288,7 +305,7 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
288
305
|
}
|
|
289
306
|
}
|
|
290
307
|
|
|
291
|
-
class JaypieStack extends cdk
|
|
308
|
+
class JaypieStack extends cdk.Stack {
|
|
292
309
|
constructor(scope, id, props = {}) {
|
|
293
310
|
const { key, ...stackProps } = props;
|
|
294
311
|
// Handle stackName
|
|
@@ -303,7 +320,7 @@ class JaypieStack extends cdk$1.Stack {
|
|
|
303
320
|
};
|
|
304
321
|
super(scope, id, stackProps);
|
|
305
322
|
// Apply tags
|
|
306
|
-
|
|
323
|
+
constructTagger(this, { name: stackProps.stackName });
|
|
307
324
|
}
|
|
308
325
|
}
|
|
309
326
|
|
|
@@ -321,7 +338,7 @@ class JaypieAppStack extends JaypieStack {
|
|
|
321
338
|
class JaypieLambda extends constructs.Construct {
|
|
322
339
|
constructor(scope, id, props) {
|
|
323
340
|
super(scope, id);
|
|
324
|
-
const { allowAllOutbound, allowPublicSubnet, architecture = lambda__namespace.Architecture.X86_64, code, codeSigningConfig, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment: initialEnvironment = {}, environmentEncryption, envSecrets = {}, ephemeralStorageSize, filesystem, handler = "index.handler", initialPolicy, layers = [], logRetention = cdk.CDK.LAMBDA.LOG_RETENTION, logRetentionRole, logRetentionRetryOptions, maxEventAge, memorySize = cdk.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag = cdk.CDK.ROLE.PROCESSING, runtime = lambda__namespace.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = cdk
|
|
341
|
+
const { allowAllOutbound, allowPublicSubnet, architecture = lambda__namespace.Architecture.X86_64, code, codeSigningConfig, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment: initialEnvironment = {}, environmentEncryption, envSecrets = {}, ephemeralStorageSize, filesystem, handler = "index.handler", initialPolicy, layers = [], logRetention = cdk$1.CDK.LAMBDA.LOG_RETENTION, logRetentionRole, logRetentionRetryOptions, maxEventAge, memorySize = cdk$1.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag = cdk$1.CDK.ROLE.PROCESSING, runtime = lambda__namespace.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), tracing, vendorTag, vpc, vpcSubnets, } = props;
|
|
325
342
|
// Create a mutable copy of the environment variables
|
|
326
343
|
let environment = { ...initialEnvironment };
|
|
327
344
|
// Default environment values
|
|
@@ -378,10 +395,10 @@ class JaypieLambda extends constructs.Construct {
|
|
|
378
395
|
// Add Datadog integration if API key is available
|
|
379
396
|
if (resolvedDatadogApiKeyArn) {
|
|
380
397
|
// Add Datadog Node.js layer
|
|
381
|
-
const datadogNodeLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogNodeLayer", `arn:aws:lambda:${cdk
|
|
398
|
+
const datadogNodeLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogNodeLayer", `arn:aws:lambda:${cdk.Stack.of(this).region}:464622532012:layer:Datadog-Node20-x:${cdk$1.CDK.DATADOG.LAYER.NODE}`);
|
|
382
399
|
resolvedLayers.push(datadogNodeLayer);
|
|
383
400
|
// Add Datadog Extension layer
|
|
384
|
-
const datadogExtensionLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogExtensionLayer", `arn:aws:lambda:${cdk
|
|
401
|
+
const datadogExtensionLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogExtensionLayer", `arn:aws:lambda:${cdk.Stack.of(this).region}:464622532012:layer:Datadog-Extension:${cdk$1.CDK.DATADOG.LAYER.EXTENSION}`);
|
|
385
402
|
resolvedLayers.push(datadogExtensionLayer);
|
|
386
403
|
// Set Datadog environment variables
|
|
387
404
|
Object.assign(environment, {
|
|
@@ -391,8 +408,8 @@ class JaypieLambda extends constructs.Construct {
|
|
|
391
408
|
DD_PROFILING_ENABLED: "false",
|
|
392
409
|
DD_SERVERLESS_APPSEC_ENABLED: "false",
|
|
393
410
|
DD_SERVICE: process.env.PROJECT_SERVICE || "",
|
|
394
|
-
DD_SITE: cdk.CDK.DATADOG.SITE,
|
|
395
|
-
DD_TAGS: `${cdk.CDK.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
|
|
411
|
+
DD_SITE: cdk$1.CDK.DATADOG.SITE,
|
|
412
|
+
DD_TAGS: `${cdk$1.CDK.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
|
|
396
413
|
DD_TRACE_OTEL_ENABLED: "false",
|
|
397
414
|
});
|
|
398
415
|
}
|
|
@@ -410,10 +427,10 @@ class JaypieLambda extends constructs.Construct {
|
|
|
410
427
|
logLevel: paramsAndSecretsOptions?.logLevel ||
|
|
411
428
|
lambda__namespace.ParamsAndSecretsLogLevel.WARN,
|
|
412
429
|
parameterStoreTtl: paramsAndSecretsOptions?.parameterStoreTtl
|
|
413
|
-
? cdk
|
|
430
|
+
? cdk.Duration.seconds(paramsAndSecretsOptions.parameterStoreTtl)
|
|
414
431
|
: undefined,
|
|
415
432
|
secretsManagerTtl: paramsAndSecretsOptions?.secretsManagerTtl
|
|
416
|
-
? cdk
|
|
433
|
+
? cdk.Duration.seconds(paramsAndSecretsOptions.secretsManagerTtl)
|
|
417
434
|
: undefined,
|
|
418
435
|
});
|
|
419
436
|
}
|
|
@@ -468,14 +485,14 @@ class JaypieLambda extends constructs.Construct {
|
|
|
468
485
|
runtime,
|
|
469
486
|
runtimeManagementMode,
|
|
470
487
|
securityGroups,
|
|
471
|
-
timeout: typeof timeout === "number" ? cdk
|
|
488
|
+
timeout: typeof timeout === "number" ? cdk.Duration.seconds(timeout) : timeout,
|
|
472
489
|
tracing,
|
|
473
490
|
vpc,
|
|
474
491
|
vpcSubnets,
|
|
475
492
|
// Enable auto-publishing of versions when using provisioned concurrency
|
|
476
493
|
currentVersionOptions: provisionedConcurrentExecutions !== undefined
|
|
477
494
|
? {
|
|
478
|
-
removalPolicy: cdk
|
|
495
|
+
removalPolicy: cdk.RemovalPolicy.RETAIN,
|
|
479
496
|
description: "Auto-published version for provisioned concurrency",
|
|
480
497
|
// Don't set provisioned concurrency here - it will be set on the alias
|
|
481
498
|
}
|
|
@@ -508,10 +525,10 @@ class JaypieLambda extends constructs.Construct {
|
|
|
508
525
|
this._provisioned.node.addDependency(version);
|
|
509
526
|
}
|
|
510
527
|
if (roleTag) {
|
|
511
|
-
cdk
|
|
528
|
+
cdk.Tags.of(this._lambda).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
512
529
|
}
|
|
513
530
|
if (vendorTag) {
|
|
514
|
-
cdk
|
|
531
|
+
cdk.Tags.of(this._lambda).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
|
|
515
532
|
}
|
|
516
533
|
// Assign _reference based on provisioned state
|
|
517
534
|
this._reference =
|
|
@@ -608,8 +625,8 @@ class JaypieLambda extends constructs.Construct {
|
|
|
608
625
|
}
|
|
609
626
|
get env() {
|
|
610
627
|
return {
|
|
611
|
-
account: cdk
|
|
612
|
-
region: cdk
|
|
628
|
+
account: cdk.Stack.of(this).account,
|
|
629
|
+
region: cdk.Stack.of(this).region,
|
|
613
630
|
};
|
|
614
631
|
}
|
|
615
632
|
get stack() {
|
|
@@ -623,19 +640,19 @@ class JaypieLambda extends constructs.Construct {
|
|
|
623
640
|
class JaypieQueuedLambda extends constructs.Construct {
|
|
624
641
|
constructor(scope, id, props) {
|
|
625
642
|
super(scope, id);
|
|
626
|
-
const { batchSize = 1, code, environment = {}, envSecrets = {}, fifo = true, handler = "index.handler", layers = [], logRetention = cdk.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_22_X, secrets = [], timeout = cdk
|
|
643
|
+
const { batchSize = 1, code, environment = {}, envSecrets = {}, fifo = true, handler = "index.handler", layers = [], logRetention = cdk$1.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk$1.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_22_X, secrets = [], timeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), vendorTag, visibilityTimeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), } = props;
|
|
627
644
|
// Create SQS Queue
|
|
628
645
|
this._queue = new sqs__namespace.Queue(this, "Queue", {
|
|
629
646
|
fifo,
|
|
630
647
|
visibilityTimeout: typeof visibilityTimeout === "number"
|
|
631
|
-
? cdk
|
|
648
|
+
? cdk.Duration.seconds(visibilityTimeout)
|
|
632
649
|
: visibilityTimeout,
|
|
633
650
|
});
|
|
634
651
|
if (roleTag) {
|
|
635
|
-
cdk
|
|
652
|
+
cdk.Tags.of(this._queue).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
636
653
|
}
|
|
637
654
|
if (vendorTag) {
|
|
638
|
-
cdk
|
|
655
|
+
cdk.Tags.of(this._queue).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
|
|
639
656
|
}
|
|
640
657
|
// Create Lambda with JaypieLambda
|
|
641
658
|
this._lambdaConstruct = new JaypieLambda(this, "Function", {
|
|
@@ -756,12 +773,12 @@ class JaypieQueuedLambda extends constructs.Construct {
|
|
|
756
773
|
}
|
|
757
774
|
get env() {
|
|
758
775
|
return {
|
|
759
|
-
account: cdk
|
|
760
|
-
region: cdk
|
|
776
|
+
account: cdk.Stack.of(this).account,
|
|
777
|
+
region: cdk.Stack.of(this).region,
|
|
761
778
|
};
|
|
762
779
|
}
|
|
763
780
|
get stack() {
|
|
764
|
-
return cdk
|
|
781
|
+
return cdk.Stack.of(this);
|
|
765
782
|
}
|
|
766
783
|
applyRemovalPolicy(policy) {
|
|
767
784
|
this._lambdaConstruct.applyRemovalPolicy(policy);
|
|
@@ -836,15 +853,15 @@ class JaypieBucketQueuedLambda extends JaypieQueuedLambda {
|
|
|
836
853
|
// Create S3 Bucket
|
|
837
854
|
this._bucket = new s3__namespace.Bucket(this, "Bucket", {
|
|
838
855
|
bucketName: bucketOptions.bucketName || bucketName,
|
|
839
|
-
removalPolicy: bucketOptions.removalPolicy || cdk
|
|
856
|
+
removalPolicy: bucketOptions.removalPolicy || cdk.RemovalPolicy.RETAIN,
|
|
840
857
|
...bucketOptions,
|
|
841
858
|
});
|
|
842
859
|
// Add tags to bucket
|
|
843
860
|
if (roleTag) {
|
|
844
|
-
cdk
|
|
861
|
+
cdk.Tags.of(this._bucket).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
845
862
|
}
|
|
846
863
|
if (vendorTag) {
|
|
847
|
-
cdk
|
|
864
|
+
cdk.Tags.of(this._bucket).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
|
|
848
865
|
}
|
|
849
866
|
// Add an event notification from the bucket to the queue
|
|
850
867
|
this._bucket.addEventNotification(s3__namespace.EventType.OBJECT_CREATED, new s3n__namespace.SqsDestination(this.queue));
|
|
@@ -1009,13 +1026,13 @@ class JaypieBucketQueuedLambda extends JaypieQueuedLambda {
|
|
|
1009
1026
|
|
|
1010
1027
|
// It is a consumer if the environment is ephemeral
|
|
1011
1028
|
function checkEnvIsConsumer(env = process.env) {
|
|
1012
|
-
return (env.PROJECT_ENV === cdk.CDK.ENV.PERSONAL ||
|
|
1029
|
+
return (env.PROJECT_ENV === cdk$1.CDK.ENV.PERSONAL ||
|
|
1013
1030
|
!!env.CDK_ENV_PERSONAL ||
|
|
1014
1031
|
/** @deprecated */ env.PROJECT_ENV === "ephemeral" ||
|
|
1015
1032
|
/** @deprecated */ !!env.CDK_ENV_EPHEMERAL);
|
|
1016
1033
|
}
|
|
1017
1034
|
function checkEnvIsProvider(env = process.env) {
|
|
1018
|
-
return env.PROJECT_ENV === cdk.CDK.ENV.SANDBOX;
|
|
1035
|
+
return env.PROJECT_ENV === cdk$1.CDK.ENV.SANDBOX;
|
|
1019
1036
|
}
|
|
1020
1037
|
function cleanName(name) {
|
|
1021
1038
|
return name.replace(/[^a-zA-Z0-9:-]/g, "");
|
|
@@ -1029,7 +1046,7 @@ function exportEnvName(name, env = process.env) {
|
|
|
1029
1046
|
}
|
|
1030
1047
|
else {
|
|
1031
1048
|
if (checkEnvIsConsumer(env)) {
|
|
1032
|
-
rawName = `env-${cdk.CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;
|
|
1049
|
+
rawName = `env-${cdk$1.CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;
|
|
1033
1050
|
}
|
|
1034
1051
|
else {
|
|
1035
1052
|
rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
|
|
@@ -1050,10 +1067,10 @@ class JaypieEnvSecret extends constructs.Construct {
|
|
|
1050
1067
|
exportName = cleanName(exportParam);
|
|
1051
1068
|
}
|
|
1052
1069
|
if (consumer) {
|
|
1053
|
-
const secretName = cdk
|
|
1070
|
+
const secretName = cdk.Fn.importValue(exportName);
|
|
1054
1071
|
this._secret = secretsmanager__namespace.Secret.fromSecretNameV2(this, id, secretName);
|
|
1055
1072
|
// Add CfnOutput for consumer secrets
|
|
1056
|
-
new cdk
|
|
1073
|
+
new cdk.CfnOutput(this, `ConsumedName`, {
|
|
1057
1074
|
value: this._secret.secretName,
|
|
1058
1075
|
});
|
|
1059
1076
|
}
|
|
@@ -1062,24 +1079,24 @@ class JaypieEnvSecret extends constructs.Construct {
|
|
|
1062
1079
|
const secretProps = {
|
|
1063
1080
|
generateSecretString,
|
|
1064
1081
|
secretStringValue: !generateSecretString && secretValue
|
|
1065
|
-
? cdk
|
|
1082
|
+
? cdk.SecretValue.unsafePlainText(secretValue)
|
|
1066
1083
|
: undefined,
|
|
1067
1084
|
};
|
|
1068
1085
|
this._secret = new secretsmanager__namespace.Secret(this, id, secretProps);
|
|
1069
1086
|
if (roleTag) {
|
|
1070
|
-
cdk
|
|
1087
|
+
cdk.Tags.of(this._secret).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
1071
1088
|
}
|
|
1072
1089
|
if (vendorTag) {
|
|
1073
|
-
cdk
|
|
1090
|
+
cdk.Tags.of(this._secret).add(cdk$1.CDK.TAG.VENDOR, vendorTag);
|
|
1074
1091
|
}
|
|
1075
1092
|
if (provider) {
|
|
1076
|
-
new cdk
|
|
1093
|
+
new cdk.CfnOutput(this, `ProvidedName`, {
|
|
1077
1094
|
value: this._secret.secretName,
|
|
1078
1095
|
exportName,
|
|
1079
1096
|
});
|
|
1080
1097
|
}
|
|
1081
1098
|
else {
|
|
1082
|
-
new cdk
|
|
1099
|
+
new cdk.CfnOutput(this, `CreatedName`, {
|
|
1083
1100
|
value: this._secret.secretName,
|
|
1084
1101
|
});
|
|
1085
1102
|
}
|
|
@@ -1087,12 +1104,12 @@ class JaypieEnvSecret extends constructs.Construct {
|
|
|
1087
1104
|
}
|
|
1088
1105
|
// IResource implementation
|
|
1089
1106
|
get stack() {
|
|
1090
|
-
return cdk
|
|
1107
|
+
return cdk.Stack.of(this);
|
|
1091
1108
|
}
|
|
1092
1109
|
get env() {
|
|
1093
1110
|
return {
|
|
1094
|
-
account: cdk
|
|
1095
|
-
region: cdk
|
|
1111
|
+
account: cdk.Stack.of(this).account,
|
|
1112
|
+
region: cdk.Stack.of(this).region,
|
|
1096
1113
|
};
|
|
1097
1114
|
}
|
|
1098
1115
|
applyRemovalPolicy(policy) {
|
|
@@ -1144,8 +1161,8 @@ class JaypieDatadogSecret extends JaypieEnvSecret {
|
|
|
1144
1161
|
constructor(scope, id = "MongoConnectionString", props) {
|
|
1145
1162
|
const defaultProps = {
|
|
1146
1163
|
envKey: "DATADOG_API_KEY",
|
|
1147
|
-
roleTag: cdk.CDK.ROLE.MONITORING,
|
|
1148
|
-
vendorTag: cdk.CDK.VENDOR.DATADOG,
|
|
1164
|
+
roleTag: cdk$1.CDK.ROLE.MONITORING,
|
|
1165
|
+
vendorTag: cdk$1.CDK.VENDOR.DATADOG,
|
|
1149
1166
|
...props,
|
|
1150
1167
|
};
|
|
1151
1168
|
super(scope, id, defaultProps);
|
|
@@ -1155,8 +1172,8 @@ class JaypieDatadogSecret extends JaypieEnvSecret {
|
|
|
1155
1172
|
class JaypieExpressLambda extends JaypieLambda {
|
|
1156
1173
|
constructor(scope, id, props) {
|
|
1157
1174
|
super(scope, id, {
|
|
1158
|
-
timeout: cdk
|
|
1159
|
-
roleTag: cdk.CDK.ROLE.API,
|
|
1175
|
+
timeout: cdk.Duration.seconds(cdk$1.CDK.DURATION.EXPRESS_API),
|
|
1176
|
+
roleTag: cdk$1.CDK.ROLE.API,
|
|
1160
1177
|
...props,
|
|
1161
1178
|
});
|
|
1162
1179
|
}
|
|
@@ -1172,7 +1189,7 @@ class JaypieHostedZone extends constructs.Construct {
|
|
|
1172
1189
|
constructor(scope, id, props) {
|
|
1173
1190
|
super(scope, id);
|
|
1174
1191
|
const { destination, zoneName, project } = props;
|
|
1175
|
-
const service = props.service || cdk.CDK.SERVICE.INFRASTRUCTURE;
|
|
1192
|
+
const service = props.service || cdk$1.CDK.SERVICE.INFRASTRUCTURE;
|
|
1176
1193
|
// Create the log group
|
|
1177
1194
|
this.logGroup = new awsLogs.LogGroup(this, "LogGroup", {
|
|
1178
1195
|
logGroupName: process.env.PROJECT_NONCE
|
|
@@ -1181,10 +1198,10 @@ class JaypieHostedZone extends constructs.Construct {
|
|
|
1181
1198
|
retention: awsLogs.RetentionDays.ONE_WEEK,
|
|
1182
1199
|
});
|
|
1183
1200
|
// Add tags
|
|
1184
|
-
cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.SERVICE, service);
|
|
1185
|
-
cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
|
|
1201
|
+
cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.SERVICE, service);
|
|
1202
|
+
cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
|
|
1186
1203
|
if (project) {
|
|
1187
|
-
cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.PROJECT, project);
|
|
1204
|
+
cdk__namespace.Tags.of(this.logGroup).add(cdk$1.CDK.TAG.PROJECT, project);
|
|
1188
1205
|
}
|
|
1189
1206
|
// Grant Route 53 permissions to write to the log group
|
|
1190
1207
|
this.logGroup.grantWrite(new awsIam.ServicePrincipal(SERVICE.ROUTE53));
|
|
@@ -1201,10 +1218,10 @@ class JaypieHostedZone extends constructs.Construct {
|
|
|
1201
1218
|
zoneName,
|
|
1202
1219
|
});
|
|
1203
1220
|
// Add tags
|
|
1204
|
-
cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.SERVICE, service);
|
|
1205
|
-
cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
|
|
1221
|
+
cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.SERVICE, service);
|
|
1222
|
+
cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
|
|
1206
1223
|
if (project) {
|
|
1207
|
-
cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.PROJECT, project);
|
|
1224
|
+
cdk__namespace.Tags.of(this.hostedZone).add(cdk$1.CDK.TAG.PROJECT, project);
|
|
1208
1225
|
}
|
|
1209
1226
|
}
|
|
1210
1227
|
}
|
|
@@ -1224,7 +1241,7 @@ class JaypieInfrastructureStack extends JaypieStack {
|
|
|
1224
1241
|
super(scope, id, { key, ...stackProps });
|
|
1225
1242
|
// Add infrastructure-specific tag
|
|
1226
1243
|
if (process.env.CDK_ENV_INFRASTRUCTURE_STACK_SHA) {
|
|
1227
|
-
cdk
|
|
1244
|
+
cdk.Tags.of(this).add(CDK.TAG.STACK_SHA, process.env.CDK_ENV_INFRASTRUCTURE_STACK_SHA);
|
|
1228
1245
|
}
|
|
1229
1246
|
}
|
|
1230
1247
|
}
|
|
@@ -1233,8 +1250,8 @@ class JaypieMongoDbSecret extends JaypieEnvSecret {
|
|
|
1233
1250
|
constructor(scope, id = "MongoConnectionString", props) {
|
|
1234
1251
|
const defaultProps = {
|
|
1235
1252
|
envKey: "MONGODB_URI",
|
|
1236
|
-
roleTag: cdk.CDK.ROLE.STORAGE,
|
|
1237
|
-
vendorTag: cdk.CDK.VENDOR.MONGODB,
|
|
1253
|
+
roleTag: cdk$1.CDK.ROLE.STORAGE,
|
|
1254
|
+
vendorTag: cdk$1.CDK.VENDOR.MONGODB,
|
|
1238
1255
|
...props,
|
|
1239
1256
|
};
|
|
1240
1257
|
super(scope, id, defaultProps);
|
|
@@ -1245,8 +1262,8 @@ class JaypieOpenAiSecret extends JaypieEnvSecret {
|
|
|
1245
1262
|
constructor(scope, id = "OpenAiApiKey", props) {
|
|
1246
1263
|
const defaultProps = {
|
|
1247
1264
|
envKey: "OPENAI_API_KEY",
|
|
1248
|
-
roleTag: cdk.CDK.ROLE.PROCESSING,
|
|
1249
|
-
vendorTag: cdk.CDK.VENDOR.OPENAI,
|
|
1265
|
+
roleTag: cdk$1.CDK.ROLE.PROCESSING,
|
|
1266
|
+
vendorTag: cdk$1.CDK.VENDOR.OPENAI,
|
|
1250
1267
|
...props,
|
|
1251
1268
|
};
|
|
1252
1269
|
super(scope, id, defaultProps);
|
|
@@ -1306,11 +1323,11 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1306
1323
|
instanceArn: this.instanceArn,
|
|
1307
1324
|
name: exports.PermissionSetType.ADMINISTRATOR,
|
|
1308
1325
|
description: "Full administrative access to all AWS services and resources",
|
|
1309
|
-
sessionDuration: cdk
|
|
1326
|
+
sessionDuration: cdk.Duration.hours(8).toIsoString(),
|
|
1310
1327
|
managedPolicies: ["arn:aws:iam::aws:policy/AdministratorAccess"],
|
|
1311
1328
|
inlinePolicy: mergedPolicy,
|
|
1312
1329
|
});
|
|
1313
|
-
cdk
|
|
1330
|
+
cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
|
|
1314
1331
|
this.permissionSets[exports.PermissionSetType.ADMINISTRATOR] = permissionSet;
|
|
1315
1332
|
}
|
|
1316
1333
|
/**
|
|
@@ -1343,11 +1360,11 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1343
1360
|
instanceArn: this.instanceArn,
|
|
1344
1361
|
name: exports.PermissionSetType.ANALYST,
|
|
1345
1362
|
description: "Read-only access with billing visibility and limited write access",
|
|
1346
|
-
sessionDuration: cdk
|
|
1363
|
+
sessionDuration: cdk.Duration.hours(4).toIsoString(),
|
|
1347
1364
|
managedPolicies: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
|
|
1348
1365
|
inlinePolicy: mergedPolicy,
|
|
1349
1366
|
});
|
|
1350
|
-
cdk
|
|
1367
|
+
cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
|
|
1351
1368
|
this.permissionSets[exports.PermissionSetType.ANALYST] = permissionSet;
|
|
1352
1369
|
}
|
|
1353
1370
|
/**
|
|
@@ -1395,13 +1412,13 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1395
1412
|
instanceArn: this.instanceArn,
|
|
1396
1413
|
name: exports.PermissionSetType.DEVELOPER,
|
|
1397
1414
|
description: "System administrator access with expanded write permissions",
|
|
1398
|
-
sessionDuration: cdk
|
|
1415
|
+
sessionDuration: cdk.Duration.hours(8).toIsoString(),
|
|
1399
1416
|
managedPolicies: [
|
|
1400
1417
|
"arn:aws:iam::aws:policy/job-function/SystemAdministrator",
|
|
1401
1418
|
],
|
|
1402
1419
|
inlinePolicy: mergedPolicy,
|
|
1403
1420
|
});
|
|
1404
|
-
cdk
|
|
1421
|
+
cdk.Tags.of(permissionSet).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
|
|
1405
1422
|
this.permissionSets[exports.PermissionSetType.DEVELOPER] = permissionSet;
|
|
1406
1423
|
}
|
|
1407
1424
|
/**
|
|
@@ -1468,8 +1485,8 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1468
1485
|
targetId: accountId,
|
|
1469
1486
|
targetType: "AWS_ACCOUNT",
|
|
1470
1487
|
});
|
|
1471
|
-
cdk
|
|
1472
|
-
cdk
|
|
1488
|
+
cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
|
|
1489
|
+
cdk.Tags.of(assignment).add("Group", "administrators");
|
|
1473
1490
|
});
|
|
1474
1491
|
}
|
|
1475
1492
|
/**
|
|
@@ -1495,8 +1512,8 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1495
1512
|
targetId: accountId,
|
|
1496
1513
|
targetType: "AWS_ACCOUNT",
|
|
1497
1514
|
});
|
|
1498
|
-
cdk
|
|
1499
|
-
cdk
|
|
1515
|
+
cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
|
|
1516
|
+
cdk.Tags.of(assignment).add("Group", "analysts");
|
|
1500
1517
|
});
|
|
1501
1518
|
}
|
|
1502
1519
|
/**
|
|
@@ -1521,8 +1538,8 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1521
1538
|
targetId: accountId,
|
|
1522
1539
|
targetType: "AWS_ACCOUNT",
|
|
1523
1540
|
});
|
|
1524
|
-
cdk
|
|
1525
|
-
cdk
|
|
1541
|
+
cdk.Tags.of(assignment).add(cdk$1.CDK.TAG.SERVICE, cdk$1.CDK.SERVICE.SSO);
|
|
1542
|
+
cdk.Tags.of(assignment).add("Group", "developers");
|
|
1526
1543
|
});
|
|
1527
1544
|
}
|
|
1528
1545
|
}
|
|
@@ -1531,8 +1548,8 @@ class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
|
|
|
1531
1548
|
constructor(scope, id = "TraceSigningKey", props) {
|
|
1532
1549
|
const defaultProps = {
|
|
1533
1550
|
envKey: "TRACE_SIGNING_KEY",
|
|
1534
|
-
roleTag: cdk.CDK.ROLE.API,
|
|
1535
|
-
vendorTag: cdk.CDK.VENDOR.KNOWTRACE,
|
|
1551
|
+
roleTag: cdk$1.CDK.ROLE.API,
|
|
1552
|
+
vendorTag: cdk$1.CDK.VENDOR.KNOWTRACE,
|
|
1536
1553
|
...props,
|
|
1537
1554
|
};
|
|
1538
1555
|
super(scope, id, defaultProps);
|
|
@@ -1542,19 +1559,19 @@ class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
|
|
|
1542
1559
|
class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
1543
1560
|
constructor(scope, id, props = {}) {
|
|
1544
1561
|
super(scope, id);
|
|
1545
|
-
const roleTag = props.roleTag || cdk.CDK.ROLE.HOSTING;
|
|
1562
|
+
const roleTag = props.roleTag || cdk$1.CDK.ROLE.HOSTING;
|
|
1546
1563
|
// Environment variable validation
|
|
1547
1564
|
if (process.env.CDK_ENV_WEB_SUBDOMAIN &&
|
|
1548
|
-
!cdk.isValidSubdomain(process.env.CDK_ENV_WEB_SUBDOMAIN)) {
|
|
1549
|
-
throw new cdk.ConfigurationError("CDK_ENV_WEB_SUBDOMAIN is not a valid subdomain");
|
|
1565
|
+
!cdk$1.isValidSubdomain(process.env.CDK_ENV_WEB_SUBDOMAIN)) {
|
|
1566
|
+
throw new cdk$1.ConfigurationError("CDK_ENV_WEB_SUBDOMAIN is not a valid subdomain");
|
|
1550
1567
|
}
|
|
1551
1568
|
if (process.env.CDK_ENV_WEB_HOSTED_ZONE &&
|
|
1552
|
-
!cdk.isValidHostname(process.env.CDK_ENV_WEB_HOSTED_ZONE)) {
|
|
1553
|
-
throw new cdk.ConfigurationError("CDK_ENV_WEB_HOSTED_ZONE is not a valid hostname");
|
|
1569
|
+
!cdk$1.isValidHostname(process.env.CDK_ENV_WEB_HOSTED_ZONE)) {
|
|
1570
|
+
throw new cdk$1.ConfigurationError("CDK_ENV_WEB_HOSTED_ZONE is not a valid hostname");
|
|
1554
1571
|
}
|
|
1555
1572
|
if (process.env.CDK_ENV_HOSTED_ZONE &&
|
|
1556
|
-
!cdk.isValidHostname(process.env.CDK_ENV_HOSTED_ZONE)) {
|
|
1557
|
-
throw new cdk.ConfigurationError("CDK_ENV_HOSTED_ZONE is not a valid hostname");
|
|
1573
|
+
!cdk$1.isValidHostname(process.env.CDK_ENV_HOSTED_ZONE)) {
|
|
1574
|
+
throw new cdk$1.ConfigurationError("CDK_ENV_HOSTED_ZONE is not a valid hostname");
|
|
1558
1575
|
}
|
|
1559
1576
|
// Determine host from props or environment
|
|
1560
1577
|
let host = props.host;
|
|
@@ -1562,7 +1579,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1562
1579
|
try {
|
|
1563
1580
|
host =
|
|
1564
1581
|
process.env.CDK_ENV_WEB_HOST ||
|
|
1565
|
-
cdk.mergeDomain(process.env.CDK_ENV_WEB_SUBDOMAIN || "", process.env.CDK_ENV_WEB_HOSTED_ZONE ||
|
|
1582
|
+
cdk$1.mergeDomain(process.env.CDK_ENV_WEB_SUBDOMAIN || "", process.env.CDK_ENV_WEB_HOSTED_ZONE ||
|
|
1566
1583
|
process.env.CDK_ENV_HOSTED_ZONE ||
|
|
1567
1584
|
"");
|
|
1568
1585
|
}
|
|
@@ -1570,8 +1587,8 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1570
1587
|
host = undefined;
|
|
1571
1588
|
}
|
|
1572
1589
|
}
|
|
1573
|
-
if (host && !cdk.isValidHostname(host)) {
|
|
1574
|
-
throw new cdk.ConfigurationError("Host is not a valid hostname");
|
|
1590
|
+
if (host && !cdk$1.isValidHostname(host)) {
|
|
1591
|
+
throw new cdk$1.ConfigurationError("Host is not a valid hostname");
|
|
1575
1592
|
}
|
|
1576
1593
|
// Determine zone from props or environment
|
|
1577
1594
|
const zone = props.zone ||
|
|
@@ -1584,7 +1601,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1584
1601
|
blockPublicAccess: s3__namespace.BlockPublicAccess.BLOCK_ACLS,
|
|
1585
1602
|
bucketName: props.name || constructEnvName("web"),
|
|
1586
1603
|
publicReadAccess: true,
|
|
1587
|
-
removalPolicy: cdk
|
|
1604
|
+
removalPolicy: cdk.RemovalPolicy.DESTROY,
|
|
1588
1605
|
versioned: false,
|
|
1589
1606
|
websiteErrorDocument: "index.html",
|
|
1590
1607
|
websiteIndexDocument: "index.html",
|
|
@@ -1602,7 +1619,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1602
1619
|
this.isWebsite = this.bucket.isWebsite;
|
|
1603
1620
|
this.notificationsHandlerRole = undefined;
|
|
1604
1621
|
this.policy = this.bucket.policy;
|
|
1605
|
-
cdk
|
|
1622
|
+
cdk.Tags.of(this.bucket).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
1606
1623
|
// Create deployment role if repository is configured
|
|
1607
1624
|
let repo;
|
|
1608
1625
|
if (process.env.CDK_ENV_REPO) {
|
|
@@ -1610,14 +1627,14 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1610
1627
|
}
|
|
1611
1628
|
if (repo) {
|
|
1612
1629
|
const bucketDeployRole = new awsIam.Role(this, "DestinationBucketDeployRole", {
|
|
1613
|
-
assumedBy: new awsIam.FederatedPrincipal(cdk
|
|
1630
|
+
assumedBy: new awsIam.FederatedPrincipal(cdk.Fn.importValue(cdk$1.CDK.IMPORT.OIDC_PROVIDER), {
|
|
1614
1631
|
StringLike: {
|
|
1615
1632
|
"token.actions.githubusercontent.com:sub": repo,
|
|
1616
1633
|
},
|
|
1617
1634
|
}, "sts:AssumeRoleWithWebIdentity"),
|
|
1618
|
-
maxSessionDuration: cdk
|
|
1635
|
+
maxSessionDuration: cdk.Duration.hours(1),
|
|
1619
1636
|
});
|
|
1620
|
-
cdk
|
|
1637
|
+
cdk.Tags.of(bucketDeployRole).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.DEPLOY);
|
|
1621
1638
|
// Allow the role to write to the bucket
|
|
1622
1639
|
bucketDeployRole.addToPolicy(new awsIam.PolicyStatement({
|
|
1623
1640
|
effect: awsIam.Effect.ALLOW,
|
|
@@ -1642,7 +1659,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1642
1659
|
}));
|
|
1643
1660
|
this.deployRoleArn = bucketDeployRole.roleArn;
|
|
1644
1661
|
// Output the deploy role ARN
|
|
1645
|
-
new cdk
|
|
1662
|
+
new cdk.CfnOutput(this, "DestinationBucketDeployRoleArn", {
|
|
1646
1663
|
value: bucketDeployRole.roleArn,
|
|
1647
1664
|
});
|
|
1648
1665
|
}
|
|
@@ -1662,10 +1679,10 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1662
1679
|
domainName: host,
|
|
1663
1680
|
validation: acm__namespace.CertificateValidation.fromDns(hostedZone),
|
|
1664
1681
|
});
|
|
1665
|
-
new cdk
|
|
1682
|
+
new cdk.CfnOutput(this, "CertificateArn", {
|
|
1666
1683
|
value: this.certificate.certificateArn,
|
|
1667
1684
|
});
|
|
1668
|
-
cdk
|
|
1685
|
+
cdk.Tags.of(this.certificate).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
1669
1686
|
}
|
|
1670
1687
|
// Create CloudFront distribution
|
|
1671
1688
|
this.distribution = new cloudfront__namespace.Distribution(this, "Distribution", {
|
|
@@ -1677,7 +1694,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1677
1694
|
certificate: this.certificate,
|
|
1678
1695
|
domainNames: [host],
|
|
1679
1696
|
});
|
|
1680
|
-
cdk
|
|
1697
|
+
cdk.Tags.of(this.distribution).add(cdk$1.CDK.TAG.ROLE, roleTag);
|
|
1681
1698
|
// If this is production, enable caching on everything but index.html
|
|
1682
1699
|
if (isProductionEnv()) {
|
|
1683
1700
|
this.distribution.addBehavior("/*", new origins__namespace.S3Origin(this.bucket), {
|
|
@@ -1691,7 +1708,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1691
1708
|
target: route53__namespace.RecordTarget.fromAlias(new route53Targets__namespace.CloudFrontTarget(this.distribution)),
|
|
1692
1709
|
zone: hostedZone,
|
|
1693
1710
|
});
|
|
1694
|
-
cdk
|
|
1711
|
+
cdk.Tags.of(record).add(cdk$1.CDK.TAG.ROLE, cdk$1.CDK.ROLE.NETWORKING);
|
|
1695
1712
|
this.distributionDomainName = this.distribution.distributionDomainName;
|
|
1696
1713
|
}
|
|
1697
1714
|
}
|
|
@@ -1734,6 +1751,9 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1734
1751
|
grantWrite(identity, objectsKeyPattern) {
|
|
1735
1752
|
return this.bucket.grantWrite(identity, objectsKeyPattern);
|
|
1736
1753
|
}
|
|
1754
|
+
grantReplicationPermission(identity, props) {
|
|
1755
|
+
return this.bucket.grantReplicationPermission(identity, props);
|
|
1756
|
+
}
|
|
1737
1757
|
s3UrlForObject(key) {
|
|
1738
1758
|
return this.bucket.s3UrlForObject(key);
|
|
1739
1759
|
}
|
|
@@ -1802,8 +1822,9 @@ exports.JaypieTraceSigningKeySecret = JaypieTraceSigningKeySecret;
|
|
|
1802
1822
|
exports.JaypieWebDeploymentBucket = JaypieWebDeploymentBucket;
|
|
1803
1823
|
exports.constructEnvName = constructEnvName;
|
|
1804
1824
|
exports.constructStackName = constructStackName;
|
|
1825
|
+
exports.constructTagger = constructTagger;
|
|
1826
|
+
exports.envHostname = envHostname;
|
|
1805
1827
|
exports.isEnv = isEnv;
|
|
1806
1828
|
exports.isProductionEnv = isProductionEnv;
|
|
1807
1829
|
exports.isSandboxEnv = isSandboxEnv;
|
|
1808
|
-
exports.stackTagger = stackTagger;
|
|
1809
1830
|
//# sourceMappingURL=index.cjs.map
|