@jaypie/constructs 1.1.40 → 1.1.42
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/helpers/__tests__/jaypieLambdaEnv.spec.d.ts +1 -0
- package/dist/cjs/helpers/addDatadogLayer.d.ts +5 -0
- package/dist/cjs/helpers/addParamsAndSecrets.d.ts +11 -0
- package/dist/cjs/helpers/envHostname.d.ts +1 -1
- package/dist/cjs/helpers/index.d.ts +4 -0
- package/dist/cjs/helpers/jaypieLambdaEnv.d.ts +8 -0
- package/dist/cjs/helpers/resolveHostedZone.d.ts +6 -0
- package/dist/cjs/index.cjs +178 -112
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/esm/helpers/__tests__/jaypieLambdaEnv.spec.d.ts +1 -0
- package/dist/esm/helpers/addDatadogLayer.d.ts +5 -0
- package/dist/esm/helpers/addParamsAndSecrets.d.ts +11 -0
- package/dist/esm/helpers/envHostname.d.ts +1 -1
- package/dist/esm/helpers/index.d.ts +4 -0
- package/dist/esm/helpers/jaypieLambdaEnv.d.ts +8 -0
- package/dist/esm/helpers/resolveHostedZone.d.ts +6 -0
- package/dist/esm/index.js +175 -113
- package/dist/esm/index.js.map +1 -1
- package/package.json +3 -3
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import * as lambda from "aws-cdk-lib/aws-lambda";
|
|
2
|
+
export interface AddParamsAndSecretsOptions {
|
|
3
|
+
paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion | boolean;
|
|
4
|
+
paramsAndSecretsOptions?: {
|
|
5
|
+
cacheSize?: number;
|
|
6
|
+
logLevel?: lambda.ParamsAndSecretsLogLevel;
|
|
7
|
+
parameterStoreTtl?: number;
|
|
8
|
+
secretsManagerTtl?: number;
|
|
9
|
+
};
|
|
10
|
+
}
|
|
11
|
+
export declare function addParamsAndSecrets(lambdaFunction: lambda.Function, options?: AddParamsAndSecretsOptions): boolean;
|
|
@@ -1,5 +1,9 @@
|
|
|
1
|
+
export { addDatadogLayer } from "./addDatadogLayer";
|
|
2
|
+
export { addParamsAndSecrets } from "./addParamsAndSecrets";
|
|
1
3
|
export { constructEnvName } from "./constructEnvName";
|
|
2
4
|
export { constructStackName } from "./constructStackName";
|
|
3
5
|
export { constructTagger } from "./constructTagger";
|
|
4
6
|
export { envHostname } from "./envHostname";
|
|
5
7
|
export { isEnv, isProductionEnv, isSandboxEnv } from "./isEnv";
|
|
8
|
+
export { jaypieLambdaEnv } from "./jaypieLambdaEnv";
|
|
9
|
+
export { resolveHostedZone } from "./resolveHostedZone";
|
package/dist/esm/index.js
CHANGED
|
@@ -1,24 +1,117 @@
|
|
|
1
1
|
import { Construct } from 'constructs';
|
|
2
2
|
import * as cdk from 'aws-cdk-lib';
|
|
3
|
-
import {
|
|
3
|
+
import { Stack, Tags, Duration, RemovalPolicy, Fn, CfnOutput, SecretValue } from 'aws-cdk-lib';
|
|
4
4
|
import * as acm from 'aws-cdk-lib/aws-certificatemanager';
|
|
5
5
|
import * as apiGateway from 'aws-cdk-lib/aws-apigateway';
|
|
6
6
|
import * as route53 from 'aws-cdk-lib/aws-route53';
|
|
7
7
|
import { HostedZone } from 'aws-cdk-lib/aws-route53';
|
|
8
8
|
import * as route53Targets from 'aws-cdk-lib/aws-route53-targets';
|
|
9
|
-
import {
|
|
9
|
+
import { CDK as CDK$2, ConfigurationError, mergeDomain, isValidSubdomain, isValidHostname } from '@jaypie/cdk';
|
|
10
|
+
import * as lambda from 'aws-cdk-lib/aws-lambda';
|
|
11
|
+
import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
|
|
10
12
|
import * as s3 from 'aws-cdk-lib/aws-s3';
|
|
11
13
|
import * as s3n from 'aws-cdk-lib/aws-s3-notifications';
|
|
12
|
-
import * as lambda from 'aws-cdk-lib/aws-lambda';
|
|
13
14
|
import * as sqs from 'aws-cdk-lib/aws-sqs';
|
|
14
15
|
import * as lambdaEventSources from 'aws-cdk-lib/aws-lambda-event-sources';
|
|
15
|
-
import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
|
|
16
16
|
import { ServicePrincipal, Role, FederatedPrincipal, PolicyStatement, Effect } from 'aws-cdk-lib/aws-iam';
|
|
17
17
|
import { LogGroup, RetentionDays, FilterPattern } from 'aws-cdk-lib/aws-logs';
|
|
18
18
|
import * as sso from 'aws-cdk-lib/aws-sso';
|
|
19
19
|
import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
|
|
20
20
|
import * as origins from 'aws-cdk-lib/aws-cloudfront-origins';
|
|
21
21
|
|
|
22
|
+
function addDatadogLayer(lambdaFunction, options = {}) {
|
|
23
|
+
const { datadogApiKeyArn } = options;
|
|
24
|
+
// Resolve the Datadog API key ARN from multiple sources
|
|
25
|
+
const resolvedDatadogApiKeyArn = datadogApiKeyArn ||
|
|
26
|
+
process.env.DATADOG_API_KEY_ARN ||
|
|
27
|
+
process.env.CDK_ENV_DATADOG_API_KEY_ARN;
|
|
28
|
+
// Return false if no API key is found
|
|
29
|
+
if (!resolvedDatadogApiKeyArn) {
|
|
30
|
+
return false;
|
|
31
|
+
}
|
|
32
|
+
const stack = Stack.of(lambdaFunction);
|
|
33
|
+
// Create Datadog Node.js layer
|
|
34
|
+
const datadogNodeLayer = lambda.LayerVersion.fromLayerVersionArn(stack, `DatadogNodeLayer-${lambdaFunction.node.id}`, `arn:aws:lambda:${stack.region}:464622532012:layer:Datadog-Node20-x:${CDK$2.DATADOG.LAYER.NODE}`);
|
|
35
|
+
// Create Datadog Extension layer
|
|
36
|
+
const datadogExtensionLayer = lambda.LayerVersion.fromLayerVersionArn(stack, `DatadogExtensionLayer-${lambdaFunction.node.id}`, `arn:aws:lambda:${stack.region}:464622532012:layer:Datadog-Extension:${CDK$2.DATADOG.LAYER.EXTENSION}`);
|
|
37
|
+
// Add layers to the lambda function
|
|
38
|
+
lambdaFunction.addLayers(datadogNodeLayer, datadogExtensionLayer);
|
|
39
|
+
// Define Datadog environment variables
|
|
40
|
+
const datadogEnvVars = {
|
|
41
|
+
DD_API_KEY_SECRET_ARN: resolvedDatadogApiKeyArn,
|
|
42
|
+
DD_ENHANCED_METRICS: "true",
|
|
43
|
+
DD_ENV: process.env.PROJECT_ENV || "",
|
|
44
|
+
DD_PROFILING_ENABLED: "false",
|
|
45
|
+
DD_SERVERLESS_APPSEC_ENABLED: "false",
|
|
46
|
+
DD_SERVICE: process.env.PROJECT_SERVICE || "",
|
|
47
|
+
DD_SITE: CDK$2.DATADOG.SITE,
|
|
48
|
+
DD_TAGS: `${CDK$2.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
|
|
49
|
+
DD_TRACE_OTEL_ENABLED: "false",
|
|
50
|
+
};
|
|
51
|
+
// Add environment variables only if they don't already exist
|
|
52
|
+
Object.entries(datadogEnvVars).forEach(([key, value]) => {
|
|
53
|
+
if (lambdaFunction.environment[key] === undefined) {
|
|
54
|
+
lambdaFunction.addEnvironment(key, value);
|
|
55
|
+
}
|
|
56
|
+
});
|
|
57
|
+
// Grant Datadog API key read permission
|
|
58
|
+
const datadogApiKey = secretsmanager.Secret.fromSecretCompleteArn(stack, `DatadogApiKeyGrant-${lambdaFunction.node.id}`, resolvedDatadogApiKeyArn);
|
|
59
|
+
datadogApiKey.grantRead(lambdaFunction);
|
|
60
|
+
return true;
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
function addParamsAndSecrets(lambdaFunction, options = {}) {
|
|
64
|
+
const { paramsAndSecrets, paramsAndSecretsOptions } = options;
|
|
65
|
+
// Return false if explicitly disabled
|
|
66
|
+
if (paramsAndSecrets === false) {
|
|
67
|
+
return false;
|
|
68
|
+
}
|
|
69
|
+
const stack = Stack.of(lambdaFunction);
|
|
70
|
+
let resolvedLayer = undefined;
|
|
71
|
+
if (paramsAndSecrets instanceof lambda.ParamsAndSecretsLayerVersion) {
|
|
72
|
+
// For custom ParamsAndSecretsLayerVersion, we need to extract the ARN
|
|
73
|
+
// This is a workaround since ParamsAndSecretsLayerVersion doesn't implement ILayerVersion
|
|
74
|
+
const layerArn = `arn:aws:lambda:${stack.region}:017000801446:layer:AWSLambdaParametersAndSecrets:${lambda.ParamsAndSecretsVersions.V1_0_103}`;
|
|
75
|
+
resolvedLayer = lambda.LayerVersion.fromLayerVersionArn(stack, `ParamsAndSecretsLayer-${lambdaFunction.node.id}`, layerArn);
|
|
76
|
+
// Set environment variables for configuration
|
|
77
|
+
if (paramsAndSecretsOptions?.cacheSize) {
|
|
78
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_CACHE_SIZE", paramsAndSecretsOptions.cacheSize.toString());
|
|
79
|
+
}
|
|
80
|
+
if (paramsAndSecretsOptions?.logLevel) {
|
|
81
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL", paramsAndSecretsOptions.logLevel);
|
|
82
|
+
}
|
|
83
|
+
if (paramsAndSecretsOptions?.parameterStoreTtl) {
|
|
84
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_PARAMETER_STORE_TTL", paramsAndSecretsOptions.parameterStoreTtl.toString());
|
|
85
|
+
}
|
|
86
|
+
if (paramsAndSecretsOptions?.secretsManagerTtl) {
|
|
87
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_SECRETS_MANAGER_TTL", paramsAndSecretsOptions.secretsManagerTtl.toString());
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
else {
|
|
91
|
+
// Create default ParamsAndSecrets layer using LayerVersion.fromLayerVersionArn
|
|
92
|
+
const layerArn = `arn:aws:lambda:${stack.region}:017000801446:layer:AWSLambdaParametersAndSecrets:${lambda.ParamsAndSecretsVersions.V1_0_103}`;
|
|
93
|
+
resolvedLayer = lambda.LayerVersion.fromLayerVersionArn(stack, `ParamsAndSecretsLayer-${lambdaFunction.node.id}`, layerArn);
|
|
94
|
+
// Set default environment variables
|
|
95
|
+
if (paramsAndSecretsOptions?.cacheSize) {
|
|
96
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_CACHE_SIZE", paramsAndSecretsOptions.cacheSize.toString());
|
|
97
|
+
}
|
|
98
|
+
const logLevel = paramsAndSecretsOptions?.logLevel || lambda.ParamsAndSecretsLogLevel.WARN;
|
|
99
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL", logLevel);
|
|
100
|
+
if (paramsAndSecretsOptions?.parameterStoreTtl) {
|
|
101
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_PARAMETER_STORE_TTL", paramsAndSecretsOptions.parameterStoreTtl.toString());
|
|
102
|
+
}
|
|
103
|
+
if (paramsAndSecretsOptions?.secretsManagerTtl) {
|
|
104
|
+
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_SECRETS_MANAGER_TTL", paramsAndSecretsOptions.secretsManagerTtl.toString());
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
// Add the layer to the lambda function
|
|
108
|
+
if (resolvedLayer) {
|
|
109
|
+
lambdaFunction.addLayers(resolvedLayer);
|
|
110
|
+
return true;
|
|
111
|
+
}
|
|
112
|
+
return false;
|
|
113
|
+
}
|
|
114
|
+
|
|
22
115
|
function constructEnvName(name, opts) {
|
|
23
116
|
const env = opts?.env ?? process.env.PROJECT_ENV ?? "build";
|
|
24
117
|
const key = opts?.key ?? process.env.PROJECT_KEY ?? "project";
|
|
@@ -87,7 +180,7 @@ function constructTagger(construct, { name } = {}) {
|
|
|
87
180
|
return true;
|
|
88
181
|
}
|
|
89
182
|
|
|
90
|
-
function envHostname({ component, domain, env, subdomain, }) {
|
|
183
|
+
function envHostname({ component, domain, env, subdomain, } = {}) {
|
|
91
184
|
const resolvedDomain = domain || process.env.CDK_ENV_DOMAIN || process.env.CDK_ENV_HOSTED_ZONE;
|
|
92
185
|
if (!resolvedDomain) {
|
|
93
186
|
throw new ConfigurationError("No hostname `domain` provided. Set CDK_ENV_DOMAIN or CDK_ENV_HOSTED_ZONE to use environment domain");
|
|
@@ -123,6 +216,72 @@ function isSandboxEnv() {
|
|
|
123
216
|
return isEnv(CDK$2.ENV.SANDBOX);
|
|
124
217
|
}
|
|
125
218
|
|
|
219
|
+
function jaypieLambdaEnv(options = {}) {
|
|
220
|
+
const { initialEnvironment = {} } = options;
|
|
221
|
+
// Start with empty environment - we'll only add valid values
|
|
222
|
+
let environment = {};
|
|
223
|
+
// First, add all valid string values from initialEnvironment
|
|
224
|
+
Object.entries(initialEnvironment).forEach(([key, value]) => {
|
|
225
|
+
if (typeof value === "string") {
|
|
226
|
+
environment[key] = value;
|
|
227
|
+
}
|
|
228
|
+
});
|
|
229
|
+
// Default environment values
|
|
230
|
+
const defaultEnvValues = {
|
|
231
|
+
AWS_LAMBDA_NODEJS_DISABLE_CALLBACK_WARNING: "true",
|
|
232
|
+
};
|
|
233
|
+
// Apply default environment values with user overrides
|
|
234
|
+
Object.entries(defaultEnvValues).forEach(([key, defaultValue]) => {
|
|
235
|
+
if (key in initialEnvironment) {
|
|
236
|
+
const userValue = initialEnvironment[key];
|
|
237
|
+
// If user passes a string, it's already added above
|
|
238
|
+
// If user passes non-string falsy value, omit the key
|
|
239
|
+
if (!userValue) {
|
|
240
|
+
delete environment[key];
|
|
241
|
+
}
|
|
242
|
+
// Ignore non-string truthy values (key not added)
|
|
243
|
+
}
|
|
244
|
+
else {
|
|
245
|
+
// No user override, use default value
|
|
246
|
+
environment[key] = defaultValue;
|
|
247
|
+
}
|
|
248
|
+
});
|
|
249
|
+
// Default environment variables from process.env if present
|
|
250
|
+
const defaultEnvVars = [
|
|
251
|
+
"DATADOG_API_KEY_ARN",
|
|
252
|
+
"LOG_LEVEL",
|
|
253
|
+
"MODULE_LOGGER",
|
|
254
|
+
"MODULE_LOG_LEVEL",
|
|
255
|
+
"PROJECT_CHAOS",
|
|
256
|
+
"PROJECT_COMMIT",
|
|
257
|
+
"PROJECT_ENV",
|
|
258
|
+
"PROJECT_KEY",
|
|
259
|
+
"PROJECT_SECRET",
|
|
260
|
+
"PROJECT_SERVICE",
|
|
261
|
+
"PROJECT_SPONSOR",
|
|
262
|
+
"PROJECT_VERSION",
|
|
263
|
+
];
|
|
264
|
+
// Add default environment variables if they exist in process.env
|
|
265
|
+
defaultEnvVars.forEach((envVar) => {
|
|
266
|
+
if (process.env[envVar] && !environment[envVar]) {
|
|
267
|
+
environment[envVar] = process.env[envVar];
|
|
268
|
+
}
|
|
269
|
+
});
|
|
270
|
+
return environment;
|
|
271
|
+
}
|
|
272
|
+
|
|
273
|
+
function resolveHostedZone(scope, { name = "HostedZone", zone = process.env.CDK_ENV_HOSTED_ZONE, } = {}) {
|
|
274
|
+
if (!zone) {
|
|
275
|
+
throw new ConfigurationError("No `zone` provided. Set CDK_ENV_HOSTED_ZONE to use environment zone");
|
|
276
|
+
}
|
|
277
|
+
if (typeof zone === "string") {
|
|
278
|
+
return route53.HostedZone.fromLookup(scope, name, {
|
|
279
|
+
domainName: zone,
|
|
280
|
+
});
|
|
281
|
+
}
|
|
282
|
+
return zone;
|
|
283
|
+
}
|
|
284
|
+
|
|
126
285
|
class JaypieApiGateway extends Construct {
|
|
127
286
|
constructor(scope, id, props) {
|
|
128
287
|
super(scope, id);
|
|
@@ -149,14 +308,7 @@ class JaypieApiGateway extends Construct {
|
|
|
149
308
|
let hostedZone;
|
|
150
309
|
let certificateToUse;
|
|
151
310
|
if (host && zone) {
|
|
152
|
-
|
|
153
|
-
hostedZone = route53.HostedZone.fromLookup(this, "HostedZone", {
|
|
154
|
-
domainName: zone,
|
|
155
|
-
});
|
|
156
|
-
}
|
|
157
|
-
else {
|
|
158
|
-
hostedZone = zone;
|
|
159
|
-
}
|
|
311
|
+
hostedZone = resolveHostedZone(this, { zone });
|
|
160
312
|
if (certificate === true) {
|
|
161
313
|
certificateToUse = new acm.Certificate(this, certificateName, {
|
|
162
314
|
domainName: host,
|
|
@@ -307,102 +459,11 @@ class JaypieLambda extends Construct {
|
|
|
307
459
|
constructor(scope, id, props) {
|
|
308
460
|
super(scope, id);
|
|
309
461
|
const { allowAllOutbound, allowPublicSubnet, architecture = lambda.Architecture.X86_64, code, codeSigningConfig, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment: initialEnvironment = {}, environmentEncryption, envSecrets = {}, ephemeralStorageSize, filesystem, handler = "index.handler", initialPolicy, layers = [], logRetention = CDK$2.LAMBDA.LOG_RETENTION, logRetentionRole, logRetentionRetryOptions, maxEventAge, memorySize = CDK$2.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag = CDK$2.ROLE.PROCESSING, runtime = lambda.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = Duration.seconds(CDK$2.DURATION.LAMBDA_WORKER), tracing, vendorTag, vpc, vpcSubnets, } = props;
|
|
310
|
-
//
|
|
311
|
-
|
|
312
|
-
// Default environment values
|
|
313
|
-
const defaultEnvValues = {
|
|
314
|
-
AWS_LAMBDA_NODEJS_DISABLE_CALLBACK_WARNING: "true",
|
|
315
|
-
};
|
|
316
|
-
// Apply default environment values with user overrides
|
|
317
|
-
Object.entries(defaultEnvValues).forEach(([key, defaultValue]) => {
|
|
318
|
-
if (key in initialEnvironment) {
|
|
319
|
-
const userValue = initialEnvironment[key];
|
|
320
|
-
// If user passes a string, use that value
|
|
321
|
-
if (typeof userValue === "string") {
|
|
322
|
-
environment[key] = userValue;
|
|
323
|
-
}
|
|
324
|
-
// If user passes non-string falsy value, omit the key
|
|
325
|
-
else if (!userValue) {
|
|
326
|
-
delete environment[key];
|
|
327
|
-
}
|
|
328
|
-
// Ignore non-string truthy values (key already not present)
|
|
329
|
-
}
|
|
330
|
-
else {
|
|
331
|
-
// No user override, use default value
|
|
332
|
-
environment[key] = defaultValue;
|
|
333
|
-
}
|
|
334
|
-
});
|
|
335
|
-
// Default environment variables from process.env if present
|
|
336
|
-
const defaultEnvVars = [
|
|
337
|
-
"DATADOG_API_KEY_ARN",
|
|
338
|
-
"LOG_LEVEL",
|
|
339
|
-
"MODULE_LOGGER",
|
|
340
|
-
"MODULE_LOG_LEVEL",
|
|
341
|
-
"PROJECT_COMMIT",
|
|
342
|
-
"PROJECT_ENV",
|
|
343
|
-
"PROJECT_KEY",
|
|
344
|
-
"PROJECT_SECRET",
|
|
345
|
-
"PROJECT_SERVICE",
|
|
346
|
-
"PROJECT_SPONSOR",
|
|
347
|
-
"PROJECT_VERSION",
|
|
348
|
-
];
|
|
349
|
-
// Add default environment variables if they exist in process.env
|
|
350
|
-
defaultEnvVars.forEach((envVar) => {
|
|
351
|
-
if (process.env[envVar] && !environment[envVar]) {
|
|
352
|
-
environment[envVar] = process.env[envVar];
|
|
353
|
-
}
|
|
354
|
-
});
|
|
462
|
+
// Get base environment with defaults
|
|
463
|
+
const environment = jaypieLambdaEnv({ initialEnvironment });
|
|
355
464
|
const codeAsset = typeof code === "string" ? lambda.Code.fromAsset(code) : code;
|
|
356
465
|
// Create a working copy of layers
|
|
357
466
|
const resolvedLayers = [...layers];
|
|
358
|
-
// Determine if we should add Datadog integration
|
|
359
|
-
// Check for datadog API key ARN in different sources
|
|
360
|
-
const resolvedDatadogApiKeyArn = datadogApiKeyArn ||
|
|
361
|
-
process.env.DATADOG_API_KEY_ARN ||
|
|
362
|
-
process.env.CDK_ENV_DATADOG_API_KEY_ARN;
|
|
363
|
-
// Add Datadog integration if API key is available
|
|
364
|
-
if (resolvedDatadogApiKeyArn) {
|
|
365
|
-
// Add Datadog Node.js layer
|
|
366
|
-
const datadogNodeLayer = lambda.LayerVersion.fromLayerVersionArn(this, "DatadogNodeLayer", `arn:aws:lambda:${Stack.of(this).region}:464622532012:layer:Datadog-Node20-x:${CDK$2.DATADOG.LAYER.NODE}`);
|
|
367
|
-
resolvedLayers.push(datadogNodeLayer);
|
|
368
|
-
// Add Datadog Extension layer
|
|
369
|
-
const datadogExtensionLayer = lambda.LayerVersion.fromLayerVersionArn(this, "DatadogExtensionLayer", `arn:aws:lambda:${Stack.of(this).region}:464622532012:layer:Datadog-Extension:${CDK$2.DATADOG.LAYER.EXTENSION}`);
|
|
370
|
-
resolvedLayers.push(datadogExtensionLayer);
|
|
371
|
-
// Set Datadog environment variables
|
|
372
|
-
Object.assign(environment, {
|
|
373
|
-
DD_API_KEY_SECRET_ARN: resolvedDatadogApiKeyArn,
|
|
374
|
-
DD_ENHANCED_METRICS: "true",
|
|
375
|
-
DD_ENV: process.env.PROJECT_ENV || "",
|
|
376
|
-
DD_PROFILING_ENABLED: "false",
|
|
377
|
-
DD_SERVERLESS_APPSEC_ENABLED: "false",
|
|
378
|
-
DD_SERVICE: process.env.PROJECT_SERVICE || "",
|
|
379
|
-
DD_SITE: CDK$2.DATADOG.SITE,
|
|
380
|
-
DD_TAGS: `${CDK$2.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
|
|
381
|
-
DD_TRACE_OTEL_ENABLED: "false",
|
|
382
|
-
});
|
|
383
|
-
}
|
|
384
|
-
// Configure ParamsAndSecrets layer
|
|
385
|
-
let resolvedParamsAndSecrets = undefined;
|
|
386
|
-
if (paramsAndSecrets !== false) {
|
|
387
|
-
if (paramsAndSecrets instanceof lambda.ParamsAndSecretsLayerVersion) {
|
|
388
|
-
resolvedParamsAndSecrets = paramsAndSecrets;
|
|
389
|
-
}
|
|
390
|
-
else {
|
|
391
|
-
// Create default ParamsAndSecrets layer
|
|
392
|
-
resolvedParamsAndSecrets =
|
|
393
|
-
lambda.ParamsAndSecretsLayerVersion.fromVersion(lambda.ParamsAndSecretsVersions.V1_0_103, {
|
|
394
|
-
cacheSize: paramsAndSecretsOptions?.cacheSize,
|
|
395
|
-
logLevel: paramsAndSecretsOptions?.logLevel ||
|
|
396
|
-
lambda.ParamsAndSecretsLogLevel.WARN,
|
|
397
|
-
parameterStoreTtl: paramsAndSecretsOptions?.parameterStoreTtl
|
|
398
|
-
? Duration.seconds(paramsAndSecretsOptions.parameterStoreTtl)
|
|
399
|
-
: undefined,
|
|
400
|
-
secretsManagerTtl: paramsAndSecretsOptions?.secretsManagerTtl
|
|
401
|
-
? Duration.seconds(paramsAndSecretsOptions.secretsManagerTtl)
|
|
402
|
-
: undefined,
|
|
403
|
-
});
|
|
404
|
-
}
|
|
405
|
-
}
|
|
406
467
|
// Process secrets environment variables
|
|
407
468
|
const secretsEnvironment = Object.entries(envSecrets).reduce((acc, [key, secret]) => ({
|
|
408
469
|
...acc,
|
|
@@ -445,7 +506,6 @@ class JaypieLambda extends Construct {
|
|
|
445
506
|
logRetentionRetryOptions,
|
|
446
507
|
maxEventAge,
|
|
447
508
|
memorySize,
|
|
448
|
-
paramsAndSecrets: resolvedParamsAndSecrets,
|
|
449
509
|
profiling,
|
|
450
510
|
profilingGroup,
|
|
451
511
|
reservedConcurrentExecutions,
|
|
@@ -466,6 +526,13 @@ class JaypieLambda extends Construct {
|
|
|
466
526
|
}
|
|
467
527
|
: undefined,
|
|
468
528
|
});
|
|
529
|
+
// Add ParamsAndSecrets layer if configured
|
|
530
|
+
addParamsAndSecrets(this._lambda, {
|
|
531
|
+
paramsAndSecrets,
|
|
532
|
+
paramsAndSecretsOptions,
|
|
533
|
+
});
|
|
534
|
+
// Add Datadog layers and environment variables if configured
|
|
535
|
+
addDatadogLayer(this._lambda, { datadogApiKeyArn });
|
|
469
536
|
// Grant secret read permissions
|
|
470
537
|
Object.values(envSecrets).forEach((secret) => {
|
|
471
538
|
secret.grantRead(this._lambda);
|
|
@@ -474,11 +541,6 @@ class JaypieLambda extends Construct {
|
|
|
474
541
|
secrets.forEach((secret) => {
|
|
475
542
|
secret.grantRead(this._lambda);
|
|
476
543
|
});
|
|
477
|
-
// Grant Datadog API key read permission if applicable
|
|
478
|
-
if (resolvedDatadogApiKeyArn) {
|
|
479
|
-
const datadogApiKey = secretsmanager.Secret.fromSecretCompleteArn(this, "DatadogApiKeyGrant", resolvedDatadogApiKeyArn);
|
|
480
|
-
datadogApiKey.grantRead(this._lambda);
|
|
481
|
-
}
|
|
482
544
|
// Configure provisioned concurrency if specified
|
|
483
545
|
if (provisionedConcurrentExecutions !== undefined) {
|
|
484
546
|
// Use currentVersion which is auto-published with proper configuration
|
|
@@ -1772,5 +1834,5 @@ class JaypieWebDeploymentBucket extends Construct {
|
|
|
1772
1834
|
}
|
|
1773
1835
|
}
|
|
1774
1836
|
|
|
1775
|
-
export { JaypieApiGateway, JaypieAppStack, JaypieBucketQueuedLambda, JaypieDatadogSecret, JaypieEnvSecret, JaypieExpressLambda, JaypieHostedZone, JaypieInfrastructureStack, JaypieLambda, JaypieMongoDbSecret, JaypieOpenAiSecret, JaypieQueuedLambda, JaypieSsoGroups, JaypieStack, JaypieTraceSigningKeySecret, JaypieWebDeploymentBucket, PermissionSetType, constructEnvName, constructStackName, constructTagger, envHostname, isEnv, isProductionEnv, isSandboxEnv };
|
|
1837
|
+
export { JaypieApiGateway, JaypieAppStack, JaypieBucketQueuedLambda, JaypieDatadogSecret, JaypieEnvSecret, JaypieExpressLambda, JaypieHostedZone, JaypieInfrastructureStack, JaypieLambda, JaypieMongoDbSecret, JaypieOpenAiSecret, JaypieQueuedLambda, JaypieSsoGroups, JaypieStack, JaypieTraceSigningKeySecret, JaypieWebDeploymentBucket, PermissionSetType, addDatadogLayer, addParamsAndSecrets, constructEnvName, constructStackName, constructTagger, envHostname, isEnv, isProductionEnv, isSandboxEnv, jaypieLambdaEnv, resolveHostedZone };
|
|
1776
1838
|
//# sourceMappingURL=index.js.map
|