@jaypie/constructs 1.1.40 → 1.1.42
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/helpers/__tests__/jaypieLambdaEnv.spec.d.ts +1 -0
- package/dist/cjs/helpers/addDatadogLayer.d.ts +5 -0
- package/dist/cjs/helpers/addParamsAndSecrets.d.ts +11 -0
- package/dist/cjs/helpers/envHostname.d.ts +1 -1
- package/dist/cjs/helpers/index.d.ts +4 -0
- package/dist/cjs/helpers/jaypieLambdaEnv.d.ts +8 -0
- package/dist/cjs/helpers/resolveHostedZone.d.ts +6 -0
- package/dist/cjs/index.cjs +178 -112
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/esm/helpers/__tests__/jaypieLambdaEnv.spec.d.ts +1 -0
- package/dist/esm/helpers/addDatadogLayer.d.ts +5 -0
- package/dist/esm/helpers/addParamsAndSecrets.d.ts +11 -0
- package/dist/esm/helpers/envHostname.d.ts +1 -1
- package/dist/esm/helpers/index.d.ts +4 -0
- package/dist/esm/helpers/jaypieLambdaEnv.d.ts +8 -0
- package/dist/esm/helpers/resolveHostedZone.d.ts +6 -0
- package/dist/esm/index.js +175 -113
- package/dist/esm/index.js.map +1 -1
- package/package.json +3 -3
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import * as lambda from "aws-cdk-lib/aws-lambda";
|
|
2
|
+
export interface AddParamsAndSecretsOptions {
|
|
3
|
+
paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion | boolean;
|
|
4
|
+
paramsAndSecretsOptions?: {
|
|
5
|
+
cacheSize?: number;
|
|
6
|
+
logLevel?: lambda.ParamsAndSecretsLogLevel;
|
|
7
|
+
parameterStoreTtl?: number;
|
|
8
|
+
secretsManagerTtl?: number;
|
|
9
|
+
};
|
|
10
|
+
}
|
|
11
|
+
export declare function addParamsAndSecrets(lambdaFunction: lambda.Function, options?: AddParamsAndSecretsOptions): boolean;
|
|
@@ -1,5 +1,9 @@
|
|
|
1
|
+
export { addDatadogLayer } from "./addDatadogLayer";
|
|
2
|
+
export { addParamsAndSecrets } from "./addParamsAndSecrets";
|
|
1
3
|
export { constructEnvName } from "./constructEnvName";
|
|
2
4
|
export { constructStackName } from "./constructStackName";
|
|
3
5
|
export { constructTagger } from "./constructTagger";
|
|
4
6
|
export { envHostname } from "./envHostname";
|
|
5
7
|
export { isEnv, isProductionEnv, isSandboxEnv } from "./isEnv";
|
|
8
|
+
export { jaypieLambdaEnv } from "./jaypieLambdaEnv";
|
|
9
|
+
export { resolveHostedZone } from "./resolveHostedZone";
|
package/dist/cjs/index.cjs
CHANGED
|
@@ -7,12 +7,12 @@ var apiGateway = require('aws-cdk-lib/aws-apigateway');
|
|
|
7
7
|
var route53 = require('aws-cdk-lib/aws-route53');
|
|
8
8
|
var route53Targets = require('aws-cdk-lib/aws-route53-targets');
|
|
9
9
|
var cdk$1 = require('@jaypie/cdk');
|
|
10
|
+
var lambda = require('aws-cdk-lib/aws-lambda');
|
|
11
|
+
var secretsmanager = require('aws-cdk-lib/aws-secretsmanager');
|
|
10
12
|
var s3 = require('aws-cdk-lib/aws-s3');
|
|
11
13
|
var s3n = require('aws-cdk-lib/aws-s3-notifications');
|
|
12
|
-
var lambda = require('aws-cdk-lib/aws-lambda');
|
|
13
14
|
var sqs = require('aws-cdk-lib/aws-sqs');
|
|
14
15
|
var lambdaEventSources = require('aws-cdk-lib/aws-lambda-event-sources');
|
|
15
|
-
var secretsmanager = require('aws-cdk-lib/aws-secretsmanager');
|
|
16
16
|
var awsIam = require('aws-cdk-lib/aws-iam');
|
|
17
17
|
var awsLogs = require('aws-cdk-lib/aws-logs');
|
|
18
18
|
var sso = require('aws-cdk-lib/aws-sso');
|
|
@@ -41,16 +41,109 @@ var acm__namespace = /*#__PURE__*/_interopNamespaceDefault(acm);
|
|
|
41
41
|
var apiGateway__namespace = /*#__PURE__*/_interopNamespaceDefault(apiGateway);
|
|
42
42
|
var route53__namespace = /*#__PURE__*/_interopNamespaceDefault(route53);
|
|
43
43
|
var route53Targets__namespace = /*#__PURE__*/_interopNamespaceDefault(route53Targets);
|
|
44
|
+
var lambda__namespace = /*#__PURE__*/_interopNamespaceDefault(lambda);
|
|
45
|
+
var secretsmanager__namespace = /*#__PURE__*/_interopNamespaceDefault(secretsmanager);
|
|
44
46
|
var s3__namespace = /*#__PURE__*/_interopNamespaceDefault(s3);
|
|
45
47
|
var s3n__namespace = /*#__PURE__*/_interopNamespaceDefault(s3n);
|
|
46
|
-
var lambda__namespace = /*#__PURE__*/_interopNamespaceDefault(lambda);
|
|
47
48
|
var sqs__namespace = /*#__PURE__*/_interopNamespaceDefault(sqs);
|
|
48
49
|
var lambdaEventSources__namespace = /*#__PURE__*/_interopNamespaceDefault(lambdaEventSources);
|
|
49
|
-
var secretsmanager__namespace = /*#__PURE__*/_interopNamespaceDefault(secretsmanager);
|
|
50
50
|
var sso__namespace = /*#__PURE__*/_interopNamespaceDefault(sso);
|
|
51
51
|
var cloudfront__namespace = /*#__PURE__*/_interopNamespaceDefault(cloudfront);
|
|
52
52
|
var origins__namespace = /*#__PURE__*/_interopNamespaceDefault(origins);
|
|
53
53
|
|
|
54
|
+
function addDatadogLayer(lambdaFunction, options = {}) {
|
|
55
|
+
const { datadogApiKeyArn } = options;
|
|
56
|
+
// Resolve the Datadog API key ARN from multiple sources
|
|
57
|
+
const resolvedDatadogApiKeyArn = datadogApiKeyArn ||
|
|
58
|
+
process.env.DATADOG_API_KEY_ARN ||
|
|
59
|
+
process.env.CDK_ENV_DATADOG_API_KEY_ARN;
|
|
60
|
+
// Return false if no API key is found
|
|
61
|
+
if (!resolvedDatadogApiKeyArn) {
|
|
62
|
+
return false;
|
|
63
|
+
}
|
|
64
|
+
const stack = cdk.Stack.of(lambdaFunction);
|
|
65
|
+
// Create Datadog Node.js layer
|
|
66
|
+
const datadogNodeLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(stack, `DatadogNodeLayer-${lambdaFunction.node.id}`, `arn:aws:lambda:${stack.region}:464622532012:layer:Datadog-Node20-x:${cdk$1.CDK.DATADOG.LAYER.NODE}`);
|
|
67
|
+
// Create Datadog Extension layer
|
|
68
|
+
const datadogExtensionLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(stack, `DatadogExtensionLayer-${lambdaFunction.node.id}`, `arn:aws:lambda:${stack.region}:464622532012:layer:Datadog-Extension:${cdk$1.CDK.DATADOG.LAYER.EXTENSION}`);
|
|
69
|
+
// Add layers to the lambda function
|
|
70
|
+
lambdaFunction.addLayers(datadogNodeLayer, datadogExtensionLayer);
|
|
71
|
+
// Define Datadog environment variables
|
|
72
|
+
const datadogEnvVars = {
|
|
73
|
+
DD_API_KEY_SECRET_ARN: resolvedDatadogApiKeyArn,
|
|
74
|
+
DD_ENHANCED_METRICS: "true",
|
|
75
|
+
DD_ENV: process.env.PROJECT_ENV || "",
|
|
76
|
+
DD_PROFILING_ENABLED: "false",
|
|
77
|
+
DD_SERVERLESS_APPSEC_ENABLED: "false",
|
|
78
|
+
DD_SERVICE: process.env.PROJECT_SERVICE || "",
|
|
79
|
+
DD_SITE: cdk$1.CDK.DATADOG.SITE,
|
|
80
|
+
DD_TAGS: `${cdk$1.CDK.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
|
|
81
|
+
DD_TRACE_OTEL_ENABLED: "false",
|
|
82
|
+
};
|
|
83
|
+
// Add environment variables only if they don't already exist
|
|
84
|
+
Object.entries(datadogEnvVars).forEach(([key, value]) => {
|
|
85
|
+
if (lambdaFunction.environment[key] === undefined) {
|
|
86
|
+
lambdaFunction.addEnvironment(key, value);
|
|
87
|
+
}
|
|
88
|
+
});
|
|
89
|
+
// Grant Datadog API key read permission
|
|
90
|
+
const datadogApiKey = secretsmanager__namespace.Secret.fromSecretCompleteArn(stack, `DatadogApiKeyGrant-${lambdaFunction.node.id}`, resolvedDatadogApiKeyArn);
|
|
91
|
+
datadogApiKey.grantRead(lambdaFunction);
|
|
92
|
+
return true;
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
function addParamsAndSecrets(lambdaFunction, options = {}) {
|
|
96
|
+
const { paramsAndSecrets, paramsAndSecretsOptions } = options;
|
|
97
|
+
// Return false if explicitly disabled
|
|
98
|
+
if (paramsAndSecrets === false) {
|
|
99
|
+
return false;
|
|
100
|
+
}
|
|
101
|
+
const stack = cdk.Stack.of(lambdaFunction);
|
|
102
|
+
let resolvedLayer = undefined;
|
|
103
|
+
if (paramsAndSecrets instanceof lambda__namespace.ParamsAndSecretsLayerVersion) {
|
|
104
|
+
// For custom ParamsAndSecretsLayerVersion, we need to extract the ARN
|
|
105
|
+
// This is a workaround since ParamsAndSecretsLayerVersion doesn't implement ILayerVersion
|
|
106
|
+
const layerArn = `arn:aws:lambda:${stack.region}:017000801446:layer:AWSLambdaParametersAndSecrets:${lambda__namespace.ParamsAndSecretsVersions.V1_0_103}`;
|
|
107
|
+
resolvedLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(stack, `ParamsAndSecretsLayer-${lambdaFunction.node.id}`, layerArn);
|
|
108
|
+
// Set environment variables for configuration
|
|
109
|
+
if (paramsAndSecretsOptions?.cacheSize) {
|
|
110
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_CACHE_SIZE", paramsAndSecretsOptions.cacheSize.toString());
|
|
111
|
+
}
|
|
112
|
+
if (paramsAndSecretsOptions?.logLevel) {
|
|
113
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL", paramsAndSecretsOptions.logLevel);
|
|
114
|
+
}
|
|
115
|
+
if (paramsAndSecretsOptions?.parameterStoreTtl) {
|
|
116
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_PARAMETER_STORE_TTL", paramsAndSecretsOptions.parameterStoreTtl.toString());
|
|
117
|
+
}
|
|
118
|
+
if (paramsAndSecretsOptions?.secretsManagerTtl) {
|
|
119
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_SECRETS_MANAGER_TTL", paramsAndSecretsOptions.secretsManagerTtl.toString());
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
else {
|
|
123
|
+
// Create default ParamsAndSecrets layer using LayerVersion.fromLayerVersionArn
|
|
124
|
+
const layerArn = `arn:aws:lambda:${stack.region}:017000801446:layer:AWSLambdaParametersAndSecrets:${lambda__namespace.ParamsAndSecretsVersions.V1_0_103}`;
|
|
125
|
+
resolvedLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(stack, `ParamsAndSecretsLayer-${lambdaFunction.node.id}`, layerArn);
|
|
126
|
+
// Set default environment variables
|
|
127
|
+
if (paramsAndSecretsOptions?.cacheSize) {
|
|
128
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_CACHE_SIZE", paramsAndSecretsOptions.cacheSize.toString());
|
|
129
|
+
}
|
|
130
|
+
const logLevel = paramsAndSecretsOptions?.logLevel || lambda__namespace.ParamsAndSecretsLogLevel.WARN;
|
|
131
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL", logLevel);
|
|
132
|
+
if (paramsAndSecretsOptions?.parameterStoreTtl) {
|
|
133
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_PARAMETER_STORE_TTL", paramsAndSecretsOptions.parameterStoreTtl.toString());
|
|
134
|
+
}
|
|
135
|
+
if (paramsAndSecretsOptions?.secretsManagerTtl) {
|
|
136
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_SECRETS_MANAGER_TTL", paramsAndSecretsOptions.secretsManagerTtl.toString());
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
// Add the layer to the lambda function
|
|
140
|
+
if (resolvedLayer) {
|
|
141
|
+
lambdaFunction.addLayers(resolvedLayer);
|
|
142
|
+
return true;
|
|
143
|
+
}
|
|
144
|
+
return false;
|
|
145
|
+
}
|
|
146
|
+
|
|
54
147
|
function constructEnvName(name, opts) {
|
|
55
148
|
const env = opts?.env ?? process.env.PROJECT_ENV ?? "build";
|
|
56
149
|
const key = opts?.key ?? process.env.PROJECT_KEY ?? "project";
|
|
@@ -119,7 +212,7 @@ function constructTagger(construct, { name } = {}) {
|
|
|
119
212
|
return true;
|
|
120
213
|
}
|
|
121
214
|
|
|
122
|
-
function envHostname({ component, domain, env, subdomain, }) {
|
|
215
|
+
function envHostname({ component, domain, env, subdomain, } = {}) {
|
|
123
216
|
const resolvedDomain = domain || process.env.CDK_ENV_DOMAIN || process.env.CDK_ENV_HOSTED_ZONE;
|
|
124
217
|
if (!resolvedDomain) {
|
|
125
218
|
throw new cdk$1.ConfigurationError("No hostname `domain` provided. Set CDK_ENV_DOMAIN or CDK_ENV_HOSTED_ZONE to use environment domain");
|
|
@@ -155,6 +248,72 @@ function isSandboxEnv() {
|
|
|
155
248
|
return isEnv(cdk$1.CDK.ENV.SANDBOX);
|
|
156
249
|
}
|
|
157
250
|
|
|
251
|
+
function jaypieLambdaEnv(options = {}) {
|
|
252
|
+
const { initialEnvironment = {} } = options;
|
|
253
|
+
// Start with empty environment - we'll only add valid values
|
|
254
|
+
let environment = {};
|
|
255
|
+
// First, add all valid string values from initialEnvironment
|
|
256
|
+
Object.entries(initialEnvironment).forEach(([key, value]) => {
|
|
257
|
+
if (typeof value === "string") {
|
|
258
|
+
environment[key] = value;
|
|
259
|
+
}
|
|
260
|
+
});
|
|
261
|
+
// Default environment values
|
|
262
|
+
const defaultEnvValues = {
|
|
263
|
+
AWS_LAMBDA_NODEJS_DISABLE_CALLBACK_WARNING: "true",
|
|
264
|
+
};
|
|
265
|
+
// Apply default environment values with user overrides
|
|
266
|
+
Object.entries(defaultEnvValues).forEach(([key, defaultValue]) => {
|
|
267
|
+
if (key in initialEnvironment) {
|
|
268
|
+
const userValue = initialEnvironment[key];
|
|
269
|
+
// If user passes a string, it's already added above
|
|
270
|
+
// If user passes non-string falsy value, omit the key
|
|
271
|
+
if (!userValue) {
|
|
272
|
+
delete environment[key];
|
|
273
|
+
}
|
|
274
|
+
// Ignore non-string truthy values (key not added)
|
|
275
|
+
}
|
|
276
|
+
else {
|
|
277
|
+
// No user override, use default value
|
|
278
|
+
environment[key] = defaultValue;
|
|
279
|
+
}
|
|
280
|
+
});
|
|
281
|
+
// Default environment variables from process.env if present
|
|
282
|
+
const defaultEnvVars = [
|
|
283
|
+
"DATADOG_API_KEY_ARN",
|
|
284
|
+
"LOG_LEVEL",
|
|
285
|
+
"MODULE_LOGGER",
|
|
286
|
+
"MODULE_LOG_LEVEL",
|
|
287
|
+
"PROJECT_CHAOS",
|
|
288
|
+
"PROJECT_COMMIT",
|
|
289
|
+
"PROJECT_ENV",
|
|
290
|
+
"PROJECT_KEY",
|
|
291
|
+
"PROJECT_SECRET",
|
|
292
|
+
"PROJECT_SERVICE",
|
|
293
|
+
"PROJECT_SPONSOR",
|
|
294
|
+
"PROJECT_VERSION",
|
|
295
|
+
];
|
|
296
|
+
// Add default environment variables if they exist in process.env
|
|
297
|
+
defaultEnvVars.forEach((envVar) => {
|
|
298
|
+
if (process.env[envVar] && !environment[envVar]) {
|
|
299
|
+
environment[envVar] = process.env[envVar];
|
|
300
|
+
}
|
|
301
|
+
});
|
|
302
|
+
return environment;
|
|
303
|
+
}
|
|
304
|
+
|
|
305
|
+
function resolveHostedZone(scope, { name = "HostedZone", zone = process.env.CDK_ENV_HOSTED_ZONE, } = {}) {
|
|
306
|
+
if (!zone) {
|
|
307
|
+
throw new cdk$1.ConfigurationError("No `zone` provided. Set CDK_ENV_HOSTED_ZONE to use environment zone");
|
|
308
|
+
}
|
|
309
|
+
if (typeof zone === "string") {
|
|
310
|
+
return route53__namespace.HostedZone.fromLookup(scope, name, {
|
|
311
|
+
domainName: zone,
|
|
312
|
+
});
|
|
313
|
+
}
|
|
314
|
+
return zone;
|
|
315
|
+
}
|
|
316
|
+
|
|
158
317
|
class JaypieApiGateway extends constructs.Construct {
|
|
159
318
|
constructor(scope, id, props) {
|
|
160
319
|
super(scope, id);
|
|
@@ -181,14 +340,7 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
181
340
|
let hostedZone;
|
|
182
341
|
let certificateToUse;
|
|
183
342
|
if (host && zone) {
|
|
184
|
-
|
|
185
|
-
hostedZone = route53__namespace.HostedZone.fromLookup(this, "HostedZone", {
|
|
186
|
-
domainName: zone,
|
|
187
|
-
});
|
|
188
|
-
}
|
|
189
|
-
else {
|
|
190
|
-
hostedZone = zone;
|
|
191
|
-
}
|
|
343
|
+
hostedZone = resolveHostedZone(this, { zone });
|
|
192
344
|
if (certificate === true) {
|
|
193
345
|
certificateToUse = new acm__namespace.Certificate(this, certificateName, {
|
|
194
346
|
domainName: host,
|
|
@@ -339,102 +491,11 @@ class JaypieLambda extends constructs.Construct {
|
|
|
339
491
|
constructor(scope, id, props) {
|
|
340
492
|
super(scope, id);
|
|
341
493
|
const { allowAllOutbound, allowPublicSubnet, architecture = lambda__namespace.Architecture.X86_64, code, codeSigningConfig, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment: initialEnvironment = {}, environmentEncryption, envSecrets = {}, ephemeralStorageSize, filesystem, handler = "index.handler", initialPolicy, layers = [], logRetention = cdk$1.CDK.LAMBDA.LOG_RETENTION, logRetentionRole, logRetentionRetryOptions, maxEventAge, memorySize = cdk$1.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag = cdk$1.CDK.ROLE.PROCESSING, runtime = lambda__namespace.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = cdk.Duration.seconds(cdk$1.CDK.DURATION.LAMBDA_WORKER), tracing, vendorTag, vpc, vpcSubnets, } = props;
|
|
342
|
-
//
|
|
343
|
-
|
|
344
|
-
// Default environment values
|
|
345
|
-
const defaultEnvValues = {
|
|
346
|
-
AWS_LAMBDA_NODEJS_DISABLE_CALLBACK_WARNING: "true",
|
|
347
|
-
};
|
|
348
|
-
// Apply default environment values with user overrides
|
|
349
|
-
Object.entries(defaultEnvValues).forEach(([key, defaultValue]) => {
|
|
350
|
-
if (key in initialEnvironment) {
|
|
351
|
-
const userValue = initialEnvironment[key];
|
|
352
|
-
// If user passes a string, use that value
|
|
353
|
-
if (typeof userValue === "string") {
|
|
354
|
-
environment[key] = userValue;
|
|
355
|
-
}
|
|
356
|
-
// If user passes non-string falsy value, omit the key
|
|
357
|
-
else if (!userValue) {
|
|
358
|
-
delete environment[key];
|
|
359
|
-
}
|
|
360
|
-
// Ignore non-string truthy values (key already not present)
|
|
361
|
-
}
|
|
362
|
-
else {
|
|
363
|
-
// No user override, use default value
|
|
364
|
-
environment[key] = defaultValue;
|
|
365
|
-
}
|
|
366
|
-
});
|
|
367
|
-
// Default environment variables from process.env if present
|
|
368
|
-
const defaultEnvVars = [
|
|
369
|
-
"DATADOG_API_KEY_ARN",
|
|
370
|
-
"LOG_LEVEL",
|
|
371
|
-
"MODULE_LOGGER",
|
|
372
|
-
"MODULE_LOG_LEVEL",
|
|
373
|
-
"PROJECT_COMMIT",
|
|
374
|
-
"PROJECT_ENV",
|
|
375
|
-
"PROJECT_KEY",
|
|
376
|
-
"PROJECT_SECRET",
|
|
377
|
-
"PROJECT_SERVICE",
|
|
378
|
-
"PROJECT_SPONSOR",
|
|
379
|
-
"PROJECT_VERSION",
|
|
380
|
-
];
|
|
381
|
-
// Add default environment variables if they exist in process.env
|
|
382
|
-
defaultEnvVars.forEach((envVar) => {
|
|
383
|
-
if (process.env[envVar] && !environment[envVar]) {
|
|
384
|
-
environment[envVar] = process.env[envVar];
|
|
385
|
-
}
|
|
386
|
-
});
|
|
494
|
+
// Get base environment with defaults
|
|
495
|
+
const environment = jaypieLambdaEnv({ initialEnvironment });
|
|
387
496
|
const codeAsset = typeof code === "string" ? lambda__namespace.Code.fromAsset(code) : code;
|
|
388
497
|
// Create a working copy of layers
|
|
389
498
|
const resolvedLayers = [...layers];
|
|
390
|
-
// Determine if we should add Datadog integration
|
|
391
|
-
// Check for datadog API key ARN in different sources
|
|
392
|
-
const resolvedDatadogApiKeyArn = datadogApiKeyArn ||
|
|
393
|
-
process.env.DATADOG_API_KEY_ARN ||
|
|
394
|
-
process.env.CDK_ENV_DATADOG_API_KEY_ARN;
|
|
395
|
-
// Add Datadog integration if API key is available
|
|
396
|
-
if (resolvedDatadogApiKeyArn) {
|
|
397
|
-
// Add Datadog Node.js layer
|
|
398
|
-
const datadogNodeLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogNodeLayer", `arn:aws:lambda:${cdk.Stack.of(this).region}:464622532012:layer:Datadog-Node20-x:${cdk$1.CDK.DATADOG.LAYER.NODE}`);
|
|
399
|
-
resolvedLayers.push(datadogNodeLayer);
|
|
400
|
-
// Add Datadog Extension layer
|
|
401
|
-
const datadogExtensionLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(this, "DatadogExtensionLayer", `arn:aws:lambda:${cdk.Stack.of(this).region}:464622532012:layer:Datadog-Extension:${cdk$1.CDK.DATADOG.LAYER.EXTENSION}`);
|
|
402
|
-
resolvedLayers.push(datadogExtensionLayer);
|
|
403
|
-
// Set Datadog environment variables
|
|
404
|
-
Object.assign(environment, {
|
|
405
|
-
DD_API_KEY_SECRET_ARN: resolvedDatadogApiKeyArn,
|
|
406
|
-
DD_ENHANCED_METRICS: "true",
|
|
407
|
-
DD_ENV: process.env.PROJECT_ENV || "",
|
|
408
|
-
DD_PROFILING_ENABLED: "false",
|
|
409
|
-
DD_SERVERLESS_APPSEC_ENABLED: "false",
|
|
410
|
-
DD_SERVICE: process.env.PROJECT_SERVICE || "",
|
|
411
|
-
DD_SITE: cdk$1.CDK.DATADOG.SITE,
|
|
412
|
-
DD_TAGS: `${cdk$1.CDK.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
|
|
413
|
-
DD_TRACE_OTEL_ENABLED: "false",
|
|
414
|
-
});
|
|
415
|
-
}
|
|
416
|
-
// Configure ParamsAndSecrets layer
|
|
417
|
-
let resolvedParamsAndSecrets = undefined;
|
|
418
|
-
if (paramsAndSecrets !== false) {
|
|
419
|
-
if (paramsAndSecrets instanceof lambda__namespace.ParamsAndSecretsLayerVersion) {
|
|
420
|
-
resolvedParamsAndSecrets = paramsAndSecrets;
|
|
421
|
-
}
|
|
422
|
-
else {
|
|
423
|
-
// Create default ParamsAndSecrets layer
|
|
424
|
-
resolvedParamsAndSecrets =
|
|
425
|
-
lambda__namespace.ParamsAndSecretsLayerVersion.fromVersion(lambda__namespace.ParamsAndSecretsVersions.V1_0_103, {
|
|
426
|
-
cacheSize: paramsAndSecretsOptions?.cacheSize,
|
|
427
|
-
logLevel: paramsAndSecretsOptions?.logLevel ||
|
|
428
|
-
lambda__namespace.ParamsAndSecretsLogLevel.WARN,
|
|
429
|
-
parameterStoreTtl: paramsAndSecretsOptions?.parameterStoreTtl
|
|
430
|
-
? cdk.Duration.seconds(paramsAndSecretsOptions.parameterStoreTtl)
|
|
431
|
-
: undefined,
|
|
432
|
-
secretsManagerTtl: paramsAndSecretsOptions?.secretsManagerTtl
|
|
433
|
-
? cdk.Duration.seconds(paramsAndSecretsOptions.secretsManagerTtl)
|
|
434
|
-
: undefined,
|
|
435
|
-
});
|
|
436
|
-
}
|
|
437
|
-
}
|
|
438
499
|
// Process secrets environment variables
|
|
439
500
|
const secretsEnvironment = Object.entries(envSecrets).reduce((acc, [key, secret]) => ({
|
|
440
501
|
...acc,
|
|
@@ -477,7 +538,6 @@ class JaypieLambda extends constructs.Construct {
|
|
|
477
538
|
logRetentionRetryOptions,
|
|
478
539
|
maxEventAge,
|
|
479
540
|
memorySize,
|
|
480
|
-
paramsAndSecrets: resolvedParamsAndSecrets,
|
|
481
541
|
profiling,
|
|
482
542
|
profilingGroup,
|
|
483
543
|
reservedConcurrentExecutions,
|
|
@@ -498,6 +558,13 @@ class JaypieLambda extends constructs.Construct {
|
|
|
498
558
|
}
|
|
499
559
|
: undefined,
|
|
500
560
|
});
|
|
561
|
+
// Add ParamsAndSecrets layer if configured
|
|
562
|
+
addParamsAndSecrets(this._lambda, {
|
|
563
|
+
paramsAndSecrets,
|
|
564
|
+
paramsAndSecretsOptions,
|
|
565
|
+
});
|
|
566
|
+
// Add Datadog layers and environment variables if configured
|
|
567
|
+
addDatadogLayer(this._lambda, { datadogApiKeyArn });
|
|
501
568
|
// Grant secret read permissions
|
|
502
569
|
Object.values(envSecrets).forEach((secret) => {
|
|
503
570
|
secret.grantRead(this._lambda);
|
|
@@ -506,11 +573,6 @@ class JaypieLambda extends constructs.Construct {
|
|
|
506
573
|
secrets.forEach((secret) => {
|
|
507
574
|
secret.grantRead(this._lambda);
|
|
508
575
|
});
|
|
509
|
-
// Grant Datadog API key read permission if applicable
|
|
510
|
-
if (resolvedDatadogApiKeyArn) {
|
|
511
|
-
const datadogApiKey = secretsmanager__namespace.Secret.fromSecretCompleteArn(this, "DatadogApiKeyGrant", resolvedDatadogApiKeyArn);
|
|
512
|
-
datadogApiKey.grantRead(this._lambda);
|
|
513
|
-
}
|
|
514
576
|
// Configure provisioned concurrency if specified
|
|
515
577
|
if (provisionedConcurrentExecutions !== undefined) {
|
|
516
578
|
// Use currentVersion which is auto-published with proper configuration
|
|
@@ -1820,6 +1882,8 @@ exports.JaypieSsoGroups = JaypieSsoGroups;
|
|
|
1820
1882
|
exports.JaypieStack = JaypieStack;
|
|
1821
1883
|
exports.JaypieTraceSigningKeySecret = JaypieTraceSigningKeySecret;
|
|
1822
1884
|
exports.JaypieWebDeploymentBucket = JaypieWebDeploymentBucket;
|
|
1885
|
+
exports.addDatadogLayer = addDatadogLayer;
|
|
1886
|
+
exports.addParamsAndSecrets = addParamsAndSecrets;
|
|
1823
1887
|
exports.constructEnvName = constructEnvName;
|
|
1824
1888
|
exports.constructStackName = constructStackName;
|
|
1825
1889
|
exports.constructTagger = constructTagger;
|
|
@@ -1827,4 +1891,6 @@ exports.envHostname = envHostname;
|
|
|
1827
1891
|
exports.isEnv = isEnv;
|
|
1828
1892
|
exports.isProductionEnv = isProductionEnv;
|
|
1829
1893
|
exports.isSandboxEnv = isSandboxEnv;
|
|
1894
|
+
exports.jaypieLambdaEnv = jaypieLambdaEnv;
|
|
1895
|
+
exports.resolveHostedZone = resolveHostedZone;
|
|
1830
1896
|
//# sourceMappingURL=index.cjs.map
|