@jaypie/constructs 1.1.42 → 1.1.43
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/JaypieLambda.d.ts +2 -2
- package/dist/cjs/helpers/{addDatadogLayer.d.ts → addDatadogLayers.d.ts} +1 -1
- package/dist/cjs/helpers/index.d.ts +3 -2
- package/dist/cjs/helpers/resolveDatadogLayers.d.ts +7 -0
- package/dist/cjs/helpers/resolveParamsAndSecrets.d.ts +10 -0
- package/dist/cjs/index.cjs +179 -191
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/esm/JaypieLambda.d.ts +2 -2
- package/dist/esm/helpers/{addDatadogLayer.d.ts → addDatadogLayers.d.ts} +1 -1
- package/dist/esm/helpers/index.d.ts +3 -2
- package/dist/esm/helpers/resolveDatadogLayers.d.ts +7 -0
- package/dist/esm/helpers/resolveParamsAndSecrets.d.ts +10 -0
- package/dist/esm/index.js +66 -79
- package/dist/esm/index.js.map +1 -1
- package/package.json +4 -3
- package/dist/cjs/helpers/addParamsAndSecrets.d.ts +0 -11
- package/dist/esm/helpers/addParamsAndSecrets.d.ts +0 -11
package/dist/cjs/index.cjs
CHANGED
|
@@ -1,14 +1,15 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var constructs = require('constructs');
|
|
4
|
-
var cdk = require('aws-cdk-lib');
|
|
4
|
+
var cdk$1 = require('aws-cdk-lib');
|
|
5
5
|
var acm = require('aws-cdk-lib/aws-certificatemanager');
|
|
6
6
|
var apiGateway = require('aws-cdk-lib/aws-apigateway');
|
|
7
7
|
var route53 = require('aws-cdk-lib/aws-route53');
|
|
8
8
|
var route53Targets = require('aws-cdk-lib/aws-route53-targets');
|
|
9
|
-
var cdk
|
|
10
|
-
var lambda = require('aws-cdk-lib/aws-lambda');
|
|
9
|
+
var cdk = require('@jaypie/cdk');
|
|
11
10
|
var secretsmanager = require('aws-cdk-lib/aws-secretsmanager');
|
|
11
|
+
var datadogCdkConstructsV2 = require('datadog-cdk-constructs-v2');
|
|
12
|
+
var lambda = require('aws-cdk-lib/aws-lambda');
|
|
12
13
|
var s3 = require('aws-cdk-lib/aws-s3');
|
|
13
14
|
var s3n = require('aws-cdk-lib/aws-s3-notifications');
|
|
14
15
|
var sqs = require('aws-cdk-lib/aws-sqs');
|
|
@@ -36,13 +37,13 @@ function _interopNamespaceDefault(e) {
|
|
|
36
37
|
return Object.freeze(n);
|
|
37
38
|
}
|
|
38
39
|
|
|
39
|
-
var cdk__namespace = /*#__PURE__*/_interopNamespaceDefault(cdk);
|
|
40
|
+
var cdk__namespace = /*#__PURE__*/_interopNamespaceDefault(cdk$1);
|
|
40
41
|
var acm__namespace = /*#__PURE__*/_interopNamespaceDefault(acm);
|
|
41
42
|
var apiGateway__namespace = /*#__PURE__*/_interopNamespaceDefault(apiGateway);
|
|
42
43
|
var route53__namespace = /*#__PURE__*/_interopNamespaceDefault(route53);
|
|
43
44
|
var route53Targets__namespace = /*#__PURE__*/_interopNamespaceDefault(route53Targets);
|
|
44
|
-
var lambda__namespace = /*#__PURE__*/_interopNamespaceDefault(lambda);
|
|
45
45
|
var secretsmanager__namespace = /*#__PURE__*/_interopNamespaceDefault(secretsmanager);
|
|
46
|
+
var lambda__namespace = /*#__PURE__*/_interopNamespaceDefault(lambda);
|
|
46
47
|
var s3__namespace = /*#__PURE__*/_interopNamespaceDefault(s3);
|
|
47
48
|
var s3n__namespace = /*#__PURE__*/_interopNamespaceDefault(s3n);
|
|
48
49
|
var sqs__namespace = /*#__PURE__*/_interopNamespaceDefault(sqs);
|
|
@@ -51,23 +52,14 @@ var sso__namespace = /*#__PURE__*/_interopNamespaceDefault(sso);
|
|
|
51
52
|
var cloudfront__namespace = /*#__PURE__*/_interopNamespaceDefault(cloudfront);
|
|
52
53
|
var origins__namespace = /*#__PURE__*/_interopNamespaceDefault(origins);
|
|
53
54
|
|
|
54
|
-
function
|
|
55
|
-
const
|
|
56
|
-
// Resolve the Datadog API key ARN from multiple sources
|
|
55
|
+
function addDatadogLayers(lambdaFunction, options = {}) {
|
|
56
|
+
const datadogApiKeyArn = options?.datadogApiKeyArn;
|
|
57
57
|
const resolvedDatadogApiKeyArn = datadogApiKeyArn ||
|
|
58
58
|
process.env.DATADOG_API_KEY_ARN ||
|
|
59
59
|
process.env.CDK_ENV_DATADOG_API_KEY_ARN;
|
|
60
|
-
// Return false if no API key is found
|
|
61
60
|
if (!resolvedDatadogApiKeyArn) {
|
|
62
61
|
return false;
|
|
63
62
|
}
|
|
64
|
-
const stack = cdk.Stack.of(lambdaFunction);
|
|
65
|
-
// Create Datadog Node.js layer
|
|
66
|
-
const datadogNodeLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(stack, `DatadogNodeLayer-${lambdaFunction.node.id}`, `arn:aws:lambda:${stack.region}:464622532012:layer:Datadog-Node20-x:${cdk$1.CDK.DATADOG.LAYER.NODE}`);
|
|
67
|
-
// Create Datadog Extension layer
|
|
68
|
-
const datadogExtensionLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(stack, `DatadogExtensionLayer-${lambdaFunction.node.id}`, `arn:aws:lambda:${stack.region}:464622532012:layer:Datadog-Extension:${cdk$1.CDK.DATADOG.LAYER.EXTENSION}`);
|
|
69
|
-
// Add layers to the lambda function
|
|
70
|
-
lambdaFunction.addLayers(datadogNodeLayer, datadogExtensionLayer);
|
|
71
63
|
// Define Datadog environment variables
|
|
72
64
|
const datadogEnvVars = {
|
|
73
65
|
DD_API_KEY_SECRET_ARN: resolvedDatadogApiKeyArn,
|
|
@@ -76,74 +68,27 @@ function addDatadogLayer(lambdaFunction, options = {}) {
|
|
|
76
68
|
DD_PROFILING_ENABLED: "false",
|
|
77
69
|
DD_SERVERLESS_APPSEC_ENABLED: "false",
|
|
78
70
|
DD_SERVICE: process.env.PROJECT_SERVICE || "",
|
|
79
|
-
DD_SITE: cdk
|
|
80
|
-
DD_TAGS: `${cdk
|
|
71
|
+
DD_SITE: cdk.CDK.DATADOG.SITE,
|
|
72
|
+
DD_TAGS: `${cdk.CDK.TAG.SPONSOR}:${process.env.PROJECT_SPONSOR || ""}`,
|
|
81
73
|
DD_TRACE_OTEL_ENABLED: "false",
|
|
82
74
|
};
|
|
83
75
|
// Add environment variables only if they don't already exist
|
|
84
76
|
Object.entries(datadogEnvVars).forEach(([key, value]) => {
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
77
|
+
lambdaFunction.addEnvironment(key, value);
|
|
78
|
+
});
|
|
79
|
+
const datadogApiKeySecret = secretsmanager__namespace.Secret.fromSecretNameV2(lambdaFunction.stack, "DatadogApiKey", resolvedDatadogApiKeyArn);
|
|
80
|
+
const datadogLambda = new datadogCdkConstructsV2.DatadogLambda(lambdaFunction.stack, "DatadogLambda", {
|
|
81
|
+
apiKeySecret: datadogApiKeySecret, // apiKeySecret auto-grants secret access to the added lambdas
|
|
82
|
+
nodeLayerVersion: cdk.CDK.DATADOG.LAYER.NODE,
|
|
83
|
+
extensionLayerVersion: cdk.CDK.DATADOG.LAYER.EXTENSION,
|
|
84
|
+
env: process.env.PROJECT_ENV,
|
|
85
|
+
service: process.env.PROJECT_SERVICE,
|
|
86
|
+
version: process.env.PROJECT_VERSION,
|
|
88
87
|
});
|
|
89
|
-
|
|
90
|
-
const datadogApiKey = secretsmanager__namespace.Secret.fromSecretCompleteArn(stack, `DatadogApiKeyGrant-${lambdaFunction.node.id}`, resolvedDatadogApiKeyArn);
|
|
91
|
-
datadogApiKey.grantRead(lambdaFunction);
|
|
88
|
+
datadogLambda.addLambdaFunctions([lambdaFunction]);
|
|
92
89
|
return true;
|
|
93
90
|
}
|
|
94
91
|
|
|
95
|
-
function addParamsAndSecrets(lambdaFunction, options = {}) {
|
|
96
|
-
const { paramsAndSecrets, paramsAndSecretsOptions } = options;
|
|
97
|
-
// Return false if explicitly disabled
|
|
98
|
-
if (paramsAndSecrets === false) {
|
|
99
|
-
return false;
|
|
100
|
-
}
|
|
101
|
-
const stack = cdk.Stack.of(lambdaFunction);
|
|
102
|
-
let resolvedLayer = undefined;
|
|
103
|
-
if (paramsAndSecrets instanceof lambda__namespace.ParamsAndSecretsLayerVersion) {
|
|
104
|
-
// For custom ParamsAndSecretsLayerVersion, we need to extract the ARN
|
|
105
|
-
// This is a workaround since ParamsAndSecretsLayerVersion doesn't implement ILayerVersion
|
|
106
|
-
const layerArn = `arn:aws:lambda:${stack.region}:017000801446:layer:AWSLambdaParametersAndSecrets:${lambda__namespace.ParamsAndSecretsVersions.V1_0_103}`;
|
|
107
|
-
resolvedLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(stack, `ParamsAndSecretsLayer-${lambdaFunction.node.id}`, layerArn);
|
|
108
|
-
// Set environment variables for configuration
|
|
109
|
-
if (paramsAndSecretsOptions?.cacheSize) {
|
|
110
|
-
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_CACHE_SIZE", paramsAndSecretsOptions.cacheSize.toString());
|
|
111
|
-
}
|
|
112
|
-
if (paramsAndSecretsOptions?.logLevel) {
|
|
113
|
-
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL", paramsAndSecretsOptions.logLevel);
|
|
114
|
-
}
|
|
115
|
-
if (paramsAndSecretsOptions?.parameterStoreTtl) {
|
|
116
|
-
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_PARAMETER_STORE_TTL", paramsAndSecretsOptions.parameterStoreTtl.toString());
|
|
117
|
-
}
|
|
118
|
-
if (paramsAndSecretsOptions?.secretsManagerTtl) {
|
|
119
|
-
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_SECRETS_MANAGER_TTL", paramsAndSecretsOptions.secretsManagerTtl.toString());
|
|
120
|
-
}
|
|
121
|
-
}
|
|
122
|
-
else {
|
|
123
|
-
// Create default ParamsAndSecrets layer using LayerVersion.fromLayerVersionArn
|
|
124
|
-
const layerArn = `arn:aws:lambda:${stack.region}:017000801446:layer:AWSLambdaParametersAndSecrets:${lambda__namespace.ParamsAndSecretsVersions.V1_0_103}`;
|
|
125
|
-
resolvedLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(stack, `ParamsAndSecretsLayer-${lambdaFunction.node.id}`, layerArn);
|
|
126
|
-
// Set default environment variables
|
|
127
|
-
if (paramsAndSecretsOptions?.cacheSize) {
|
|
128
|
-
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_CACHE_SIZE", paramsAndSecretsOptions.cacheSize.toString());
|
|
129
|
-
}
|
|
130
|
-
const logLevel = paramsAndSecretsOptions?.logLevel || lambda__namespace.ParamsAndSecretsLogLevel.WARN;
|
|
131
|
-
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_LOG_LEVEL", logLevel);
|
|
132
|
-
if (paramsAndSecretsOptions?.parameterStoreTtl) {
|
|
133
|
-
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_PARAMETER_STORE_TTL", paramsAndSecretsOptions.parameterStoreTtl.toString());
|
|
134
|
-
}
|
|
135
|
-
if (paramsAndSecretsOptions?.secretsManagerTtl) {
|
|
136
|
-
lambdaFunction.addEnvironment("PARAMETERS_SECRETS_EXTENSION_SECRETS_MANAGER_TTL", paramsAndSecretsOptions.secretsManagerTtl.toString());
|
|
137
|
-
}
|
|
138
|
-
}
|
|
139
|
-
// Add the layer to the lambda function
|
|
140
|
-
if (resolvedLayer) {
|
|
141
|
-
lambdaFunction.addLayers(resolvedLayer);
|
|
142
|
-
return true;
|
|
143
|
-
}
|
|
144
|
-
return false;
|
|
145
|
-
}
|
|
146
|
-
|
|
147
92
|
function constructEnvName(name, opts) {
|
|
148
93
|
const env = opts?.env ?? process.env.PROJECT_ENV ?? "build";
|
|
149
94
|
const key = opts?.key ?? process.env.PROJECT_KEY ?? "project";
|
|
@@ -187,35 +132,35 @@ function constructTagger(construct, { name } = {}) {
|
|
|
187
132
|
const stackName = name || constructStackName();
|
|
188
133
|
const version = process.env.npm_package_version || process.env.PROJECT_VERSION || null;
|
|
189
134
|
if (process.env.PROJECT_COMMIT && process.env.PROJECT_COMMIT.length > 8) {
|
|
190
|
-
cdk.Tags.of(construct).add(CDK$1.TAG.BUILD_HEX, process.env.PROJECT_COMMIT.slice(0, 8));
|
|
135
|
+
cdk$1.Tags.of(construct).add(CDK$1.TAG.BUILD_HEX, process.env.PROJECT_COMMIT.slice(0, 8));
|
|
191
136
|
}
|
|
192
|
-
cdk.Tags.of(construct).add(CDK$1.TAG.BUILD_DATE, new Date().toISOString());
|
|
193
|
-
cdk.Tags.of(construct).add(CDK$1.TAG.BUILD_TIME, Date.now().toString());
|
|
137
|
+
cdk$1.Tags.of(construct).add(CDK$1.TAG.BUILD_DATE, new Date().toISOString());
|
|
138
|
+
cdk$1.Tags.of(construct).add(CDK$1.TAG.BUILD_TIME, Date.now().toString());
|
|
194
139
|
if (process.env.PROJECT_COMMIT)
|
|
195
|
-
cdk.Tags.of(construct).add(CDK$1.TAG.COMMIT, process.env.PROJECT_COMMIT);
|
|
196
|
-
cdk.Tags.of(construct).add(CDK$1.TAG.CREATION, CDK$1.CREATION.CDK);
|
|
140
|
+
cdk$1.Tags.of(construct).add(CDK$1.TAG.COMMIT, process.env.PROJECT_COMMIT);
|
|
141
|
+
cdk$1.Tags.of(construct).add(CDK$1.TAG.CREATION, CDK$1.CREATION.CDK);
|
|
197
142
|
if (process.env.PROJECT_ENV)
|
|
198
|
-
cdk.Tags.of(construct).add(CDK$1.TAG.ENV, process.env.PROJECT_ENV);
|
|
143
|
+
cdk$1.Tags.of(construct).add(CDK$1.TAG.ENV, process.env.PROJECT_ENV);
|
|
199
144
|
if (process.env.PROJECT_NONCE)
|
|
200
|
-
cdk.Tags.of(construct).add(CDK$1.TAG.NONCE, process.env.PROJECT_NONCE);
|
|
145
|
+
cdk$1.Tags.of(construct).add(CDK$1.TAG.NONCE, process.env.PROJECT_NONCE);
|
|
201
146
|
if (process.env.PROJECT_KEY)
|
|
202
|
-
cdk.Tags.of(construct).add(CDK$1.TAG.PROJECT, process.env.PROJECT_KEY);
|
|
203
|
-
cdk.Tags.of(construct).add(CDK$1.TAG.ROLE, CDK$1.ROLE.STACK);
|
|
147
|
+
cdk$1.Tags.of(construct).add(CDK$1.TAG.PROJECT, process.env.PROJECT_KEY);
|
|
148
|
+
cdk$1.Tags.of(construct).add(CDK$1.TAG.ROLE, CDK$1.ROLE.STACK);
|
|
204
149
|
if (process.env.PROJECT_SERVICE)
|
|
205
|
-
cdk.Tags.of(construct).add(CDK$1.TAG.SERVICE, process.env.PROJECT_SERVICE);
|
|
150
|
+
cdk$1.Tags.of(construct).add(CDK$1.TAG.SERVICE, process.env.PROJECT_SERVICE);
|
|
206
151
|
if (process.env.PROJECT_SPONSOR)
|
|
207
|
-
cdk.Tags.of(construct).add(CDK$1.TAG.SPONSOR, process.env.PROJECT_SPONSOR);
|
|
152
|
+
cdk$1.Tags.of(construct).add(CDK$1.TAG.SPONSOR, process.env.PROJECT_SPONSOR);
|
|
208
153
|
if (stackName)
|
|
209
|
-
cdk.Tags.of(construct).add(CDK$1.TAG.STACK, stackName);
|
|
154
|
+
cdk$1.Tags.of(construct).add(CDK$1.TAG.STACK, stackName);
|
|
210
155
|
if (version)
|
|
211
|
-
cdk.Tags.of(construct).add(CDK$1.TAG.VERSION, version);
|
|
156
|
+
cdk$1.Tags.of(construct).add(CDK$1.TAG.VERSION, version);
|
|
212
157
|
return true;
|
|
213
158
|
}
|
|
214
159
|
|
|
215
160
|
function envHostname({ component, domain, env, subdomain, } = {}) {
|
|
216
161
|
const resolvedDomain = domain || process.env.CDK_ENV_DOMAIN || process.env.CDK_ENV_HOSTED_ZONE;
|
|
217
162
|
if (!resolvedDomain) {
|
|
218
|
-
throw new cdk
|
|
163
|
+
throw new cdk.ConfigurationError("No hostname `domain` provided. Set CDK_ENV_DOMAIN or CDK_ENV_HOSTED_ZONE to use environment domain");
|
|
219
164
|
}
|
|
220
165
|
const resolvedComponent = component === "@" || component === "" ? undefined : component;
|
|
221
166
|
const resolvedSubdomain = subdomain || process.env.CDK_ENV_SUBDOMAIN;
|
|
@@ -239,13 +184,13 @@ function isEnv(env) {
|
|
|
239
184
|
* Check if the current environment is production
|
|
240
185
|
*/
|
|
241
186
|
function isProductionEnv() {
|
|
242
|
-
return isEnv(cdk
|
|
187
|
+
return isEnv(cdk.CDK.ENV.PRODUCTION);
|
|
243
188
|
}
|
|
244
189
|
/**
|
|
245
190
|
* Check if the current environment is sandbox
|
|
246
191
|
*/
|
|
247
192
|
function isSandboxEnv() {
|
|
248
|
-
return isEnv(cdk
|
|
193
|
+
return isEnv(cdk.CDK.ENV.SANDBOX);
|
|
249
194
|
}
|
|
250
195
|
|
|
251
196
|
function jaypieLambdaEnv(options = {}) {
|
|
@@ -302,9 +247,28 @@ function jaypieLambdaEnv(options = {}) {
|
|
|
302
247
|
return environment;
|
|
303
248
|
}
|
|
304
249
|
|
|
250
|
+
function resolveDatadogLayers(scope, options = {}) {
|
|
251
|
+
const { datadogApiKeyArn, uniqueId } = options;
|
|
252
|
+
let resolvedRegion = cdk$1.Stack.of(scope).region || "us-east-1";
|
|
253
|
+
// Resolve the Datadog API key ARN from multiple sources
|
|
254
|
+
const resolvedDatadogApiKeyArn = datadogApiKeyArn ||
|
|
255
|
+
process.env.DATADOG_API_KEY_ARN ||
|
|
256
|
+
process.env.CDK_ENV_DATADOG_API_KEY_ARN;
|
|
257
|
+
// Return null if no API key is found
|
|
258
|
+
if (!resolvedDatadogApiKeyArn) {
|
|
259
|
+
return undefined;
|
|
260
|
+
}
|
|
261
|
+
const layerIdSuffix = uniqueId || process.env.PROJECT_NONCE || Date.now().toString();
|
|
262
|
+
// Create Datadog Node.js layer
|
|
263
|
+
const datadogNodeLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(scope, `DatadogNodeLayer-${layerIdSuffix}`, `arn:aws:lambda:${resolvedRegion}:464622532012:layer:Datadog-Node20-x:${cdk.CDK.DATADOG.LAYER.NODE}`);
|
|
264
|
+
// Create Datadog Extension layer
|
|
265
|
+
const datadogExtensionLayer = lambda__namespace.LayerVersion.fromLayerVersionArn(scope, `DatadogExtensionLayer-${layerIdSuffix}`, `arn:aws:lambda:${resolvedRegion}:464622532012:layer:Datadog-Extension:${cdk.CDK.DATADOG.LAYER.EXTENSION}`);
|
|
266
|
+
return [datadogNodeLayer, datadogExtensionLayer];
|
|
267
|
+
}
|
|
268
|
+
|
|
305
269
|
function resolveHostedZone(scope, { name = "HostedZone", zone = process.env.CDK_ENV_HOSTED_ZONE, } = {}) {
|
|
306
270
|
if (!zone) {
|
|
307
|
-
throw new cdk
|
|
271
|
+
throw new cdk.ConfigurationError("No `zone` provided. Set CDK_ENV_HOSTED_ZONE to use environment zone");
|
|
308
272
|
}
|
|
309
273
|
if (typeof zone === "string") {
|
|
310
274
|
return route53__namespace.HostedZone.fromLookup(scope, name, {
|
|
@@ -314,10 +278,34 @@ function resolveHostedZone(scope, { name = "HostedZone", zone = process.env.CDK_
|
|
|
314
278
|
return zone;
|
|
315
279
|
}
|
|
316
280
|
|
|
281
|
+
const resolveParamsAndSecrets = (paramsAndSecretsOptions) => {
|
|
282
|
+
if (paramsAndSecretsOptions === false) {
|
|
283
|
+
return;
|
|
284
|
+
}
|
|
285
|
+
let resolvedParamsAndSecrets;
|
|
286
|
+
if (paramsAndSecretsOptions instanceof lambda__namespace.ParamsAndSecretsLayerVersion) {
|
|
287
|
+
resolvedParamsAndSecrets = paramsAndSecretsOptions;
|
|
288
|
+
}
|
|
289
|
+
else {
|
|
290
|
+
if (paramsAndSecretsOptions === true ||
|
|
291
|
+
paramsAndSecretsOptions === undefined) {
|
|
292
|
+
paramsAndSecretsOptions = {};
|
|
293
|
+
}
|
|
294
|
+
resolvedParamsAndSecrets = lambda__namespace.ParamsAndSecretsLayerVersion.fromVersion(lambda__namespace.ParamsAndSecretsVersions.V1_0_103, {
|
|
295
|
+
cacheSize: paramsAndSecretsOptions?.cacheSize,
|
|
296
|
+
logLevel: paramsAndSecretsOptions?.logLevel ||
|
|
297
|
+
lambda__namespace.ParamsAndSecretsLogLevel.WARN,
|
|
298
|
+
parameterStoreTtl: paramsAndSecretsOptions?.parameterStoreTtl,
|
|
299
|
+
secretsManagerTtl: paramsAndSecretsOptions?.secretsManagerTtl,
|
|
300
|
+
});
|
|
301
|
+
}
|
|
302
|
+
return resolvedParamsAndSecrets;
|
|
303
|
+
};
|
|
304
|
+
|
|
317
305
|
class JaypieApiGateway extends constructs.Construct {
|
|
318
306
|
constructor(scope, id, props) {
|
|
319
307
|
super(scope, id);
|
|
320
|
-
const { certificate = true, handler, host: propsHost, name, roleTag = cdk
|
|
308
|
+
const { certificate = true, handler, host: propsHost, name, roleTag = cdk.CDK.ROLE.API, zone: propsZone, } = props;
|
|
321
309
|
// Determine zone from props or environment
|
|
322
310
|
let zone = propsZone;
|
|
323
311
|
if (!zone && process.env.CDK_ENV_API_HOSTED_ZONE) {
|
|
@@ -331,7 +319,7 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
331
319
|
}
|
|
332
320
|
else if (process.env.CDK_ENV_API_SUBDOMAIN &&
|
|
333
321
|
process.env.CDK_ENV_API_HOSTED_ZONE) {
|
|
334
|
-
host = cdk
|
|
322
|
+
host = cdk.mergeDomain(process.env.CDK_ENV_API_SUBDOMAIN, process.env.CDK_ENV_API_HOSTED_ZONE);
|
|
335
323
|
}
|
|
336
324
|
}
|
|
337
325
|
const apiGatewayName = name || constructEnvName("ApiGateway");
|
|
@@ -346,7 +334,7 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
346
334
|
domainName: host,
|
|
347
335
|
validation: acm__namespace.CertificateValidation.fromDns(hostedZone),
|
|
348
336
|
});
|
|
349
|
-
cdk.Tags.of(certificateToUse).add(cdk
|
|
337
|
+
cdk$1.Tags.of(certificateToUse).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.HOSTING);
|
|
350
338
|
}
|
|
351
339
|
else if (typeof certificate === "object") {
|
|
352
340
|
certificateToUse = certificate;
|
|
@@ -365,19 +353,19 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
365
353
|
handler,
|
|
366
354
|
...lambdaRestApiProps,
|
|
367
355
|
});
|
|
368
|
-
cdk.Tags.of(this._api).add(cdk
|
|
356
|
+
cdk$1.Tags.of(this._api).add(cdk.CDK.TAG.ROLE, roleTag);
|
|
369
357
|
if (host && certificateToUse && hostedZone) {
|
|
370
358
|
this._domainName = this._api.addDomainName(apiDomainName, {
|
|
371
359
|
domainName: host,
|
|
372
360
|
certificate: certificateToUse,
|
|
373
361
|
});
|
|
374
|
-
cdk.Tags.of(this._domainName).add(cdk
|
|
362
|
+
cdk$1.Tags.of(this._domainName).add(cdk.CDK.TAG.ROLE, roleTag);
|
|
375
363
|
const record = new route53__namespace.ARecord(this, "AliasRecord", {
|
|
376
364
|
recordName: host,
|
|
377
365
|
target: route53__namespace.RecordTarget.fromAlias(new route53Targets__namespace.ApiGatewayDomain(this._domainName)),
|
|
378
366
|
zone: hostedZone,
|
|
379
367
|
});
|
|
380
|
-
cdk.Tags.of(record).add(cdk
|
|
368
|
+
cdk$1.Tags.of(record).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
|
|
381
369
|
}
|
|
382
370
|
}
|
|
383
371
|
get api() {
|
|
@@ -418,8 +406,8 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
418
406
|
}
|
|
419
407
|
get env() {
|
|
420
408
|
return {
|
|
421
|
-
account: cdk.Stack.of(this).account,
|
|
422
|
-
region: cdk.Stack.of(this).region,
|
|
409
|
+
account: cdk$1.Stack.of(this).account,
|
|
410
|
+
region: cdk$1.Stack.of(this).region,
|
|
423
411
|
};
|
|
424
412
|
}
|
|
425
413
|
get stack() {
|
|
@@ -457,7 +445,7 @@ class JaypieApiGateway extends constructs.Construct {
|
|
|
457
445
|
}
|
|
458
446
|
}
|
|
459
447
|
|
|
460
|
-
class JaypieStack extends cdk.Stack {
|
|
448
|
+
class JaypieStack extends cdk$1.Stack {
|
|
461
449
|
constructor(scope, id, props = {}) {
|
|
462
450
|
const { key, ...stackProps } = props;
|
|
463
451
|
// Handle stackName
|
|
@@ -490,7 +478,7 @@ class JaypieAppStack extends JaypieStack {
|
|
|
490
478
|
class JaypieLambda extends constructs.Construct {
|
|
491
479
|
constructor(scope, id, props) {
|
|
492
480
|
super(scope, id);
|
|
493
|
-
const { allowAllOutbound, allowPublicSubnet, architecture = lambda__namespace.Architecture.X86_64, code, codeSigningConfig, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment: initialEnvironment = {}, environmentEncryption, envSecrets = {}, ephemeralStorageSize, filesystem, handler = "index.handler", initialPolicy, layers = [], logRetention = cdk
|
|
481
|
+
const { allowAllOutbound, allowPublicSubnet, architecture = lambda__namespace.Architecture.X86_64, code, codeSigningConfig, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment: initialEnvironment = {}, environmentEncryption, envSecrets = {}, ephemeralStorageSize, filesystem, handler = "index.handler", initialPolicy, layers = [], logRetention = cdk.CDK.LAMBDA.LOG_RETENTION, logRetentionRole, logRetentionRetryOptions, maxEventAge, memorySize = cdk.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag = cdk.CDK.ROLE.PROCESSING, runtime = lambda__namespace.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = cdk$1.Duration.seconds(cdk.CDK.DURATION.LAMBDA_WORKER), tracing, vendorTag, vpc, vpcSubnets, } = props;
|
|
494
482
|
// Get base environment with defaults
|
|
495
483
|
const environment = jaypieLambdaEnv({ initialEnvironment });
|
|
496
484
|
const codeAsset = typeof code === "string" ? lambda__namespace.Code.fromAsset(code) : code;
|
|
@@ -511,6 +499,10 @@ class JaypieLambda extends constructs.Construct {
|
|
|
511
499
|
}
|
|
512
500
|
return acc;
|
|
513
501
|
}, {});
|
|
502
|
+
// Add ParamsAndSecrets layer if configured
|
|
503
|
+
const resolvedParamsAndSecrets = paramsAndSecrets
|
|
504
|
+
? resolveParamsAndSecrets(paramsAndSecretsOptions)
|
|
505
|
+
: undefined;
|
|
514
506
|
// Create Lambda Function
|
|
515
507
|
this._lambda = new lambda__namespace.Function(this, "Function", {
|
|
516
508
|
allowAllOutbound,
|
|
@@ -538,6 +530,7 @@ class JaypieLambda extends constructs.Construct {
|
|
|
538
530
|
logRetentionRetryOptions,
|
|
539
531
|
maxEventAge,
|
|
540
532
|
memorySize,
|
|
533
|
+
paramsAndSecrets: resolvedParamsAndSecrets,
|
|
541
534
|
profiling,
|
|
542
535
|
profilingGroup,
|
|
543
536
|
reservedConcurrentExecutions,
|
|
@@ -545,26 +538,20 @@ class JaypieLambda extends constructs.Construct {
|
|
|
545
538
|
runtime,
|
|
546
539
|
runtimeManagementMode,
|
|
547
540
|
securityGroups,
|
|
548
|
-
timeout: typeof timeout === "number" ? cdk.Duration.seconds(timeout) : timeout,
|
|
541
|
+
timeout: typeof timeout === "number" ? cdk$1.Duration.seconds(timeout) : timeout,
|
|
549
542
|
tracing,
|
|
550
543
|
vpc,
|
|
551
544
|
vpcSubnets,
|
|
552
545
|
// Enable auto-publishing of versions when using provisioned concurrency
|
|
553
546
|
currentVersionOptions: provisionedConcurrentExecutions !== undefined
|
|
554
547
|
? {
|
|
555
|
-
removalPolicy: cdk.RemovalPolicy.RETAIN,
|
|
548
|
+
removalPolicy: cdk$1.RemovalPolicy.RETAIN,
|
|
556
549
|
description: "Auto-published version for provisioned concurrency",
|
|
557
550
|
// Don't set provisioned concurrency here - it will be set on the alias
|
|
558
551
|
}
|
|
559
552
|
: undefined,
|
|
560
553
|
});
|
|
561
|
-
|
|
562
|
-
addParamsAndSecrets(this._lambda, {
|
|
563
|
-
paramsAndSecrets,
|
|
564
|
-
paramsAndSecretsOptions,
|
|
565
|
-
});
|
|
566
|
-
// Add Datadog layers and environment variables if configured
|
|
567
|
-
addDatadogLayer(this._lambda, { datadogApiKeyArn });
|
|
554
|
+
addDatadogLayers(this._lambda, { datadogApiKeyArn });
|
|
568
555
|
// Grant secret read permissions
|
|
569
556
|
Object.values(envSecrets).forEach((secret) => {
|
|
570
557
|
secret.grantRead(this._lambda);
|
|
@@ -587,10 +574,10 @@ class JaypieLambda extends constructs.Construct {
|
|
|
587
574
|
this._provisioned.node.addDependency(version);
|
|
588
575
|
}
|
|
589
576
|
if (roleTag) {
|
|
590
|
-
cdk.Tags.of(this._lambda).add(cdk
|
|
577
|
+
cdk$1.Tags.of(this._lambda).add(cdk.CDK.TAG.ROLE, roleTag);
|
|
591
578
|
}
|
|
592
579
|
if (vendorTag) {
|
|
593
|
-
cdk.Tags.of(this._lambda).add(cdk
|
|
580
|
+
cdk$1.Tags.of(this._lambda).add(cdk.CDK.TAG.VENDOR, vendorTag);
|
|
594
581
|
}
|
|
595
582
|
// Assign _reference based on provisioned state
|
|
596
583
|
this._reference =
|
|
@@ -687,8 +674,8 @@ class JaypieLambda extends constructs.Construct {
|
|
|
687
674
|
}
|
|
688
675
|
get env() {
|
|
689
676
|
return {
|
|
690
|
-
account: cdk.Stack.of(this).account,
|
|
691
|
-
region: cdk.Stack.of(this).region,
|
|
677
|
+
account: cdk$1.Stack.of(this).account,
|
|
678
|
+
region: cdk$1.Stack.of(this).region,
|
|
692
679
|
};
|
|
693
680
|
}
|
|
694
681
|
get stack() {
|
|
@@ -702,19 +689,19 @@ class JaypieLambda extends constructs.Construct {
|
|
|
702
689
|
class JaypieQueuedLambda extends constructs.Construct {
|
|
703
690
|
constructor(scope, id, props) {
|
|
704
691
|
super(scope, id);
|
|
705
|
-
const { batchSize = 1, code, environment = {}, envSecrets = {}, fifo = true, handler = "index.handler", layers = [], logRetention = cdk
|
|
692
|
+
const { batchSize = 1, code, environment = {}, envSecrets = {}, fifo = true, handler = "index.handler", layers = [], logRetention = cdk.CDK.LAMBDA.LOG_RETENTION, memorySize = cdk.CDK.LAMBDA.MEMORY_SIZE, paramsAndSecrets, reservedConcurrentExecutions, roleTag, runtime = lambda__namespace.Runtime.NODEJS_22_X, secrets = [], timeout = cdk$1.Duration.seconds(cdk.CDK.DURATION.LAMBDA_WORKER), vendorTag, visibilityTimeout = cdk$1.Duration.seconds(cdk.CDK.DURATION.LAMBDA_WORKER), } = props;
|
|
706
693
|
// Create SQS Queue
|
|
707
694
|
this._queue = new sqs__namespace.Queue(this, "Queue", {
|
|
708
695
|
fifo,
|
|
709
696
|
visibilityTimeout: typeof visibilityTimeout === "number"
|
|
710
|
-
? cdk.Duration.seconds(visibilityTimeout)
|
|
697
|
+
? cdk$1.Duration.seconds(visibilityTimeout)
|
|
711
698
|
: visibilityTimeout,
|
|
712
699
|
});
|
|
713
700
|
if (roleTag) {
|
|
714
|
-
cdk.Tags.of(this._queue).add(cdk
|
|
701
|
+
cdk$1.Tags.of(this._queue).add(cdk.CDK.TAG.ROLE, roleTag);
|
|
715
702
|
}
|
|
716
703
|
if (vendorTag) {
|
|
717
|
-
cdk.Tags.of(this._queue).add(cdk
|
|
704
|
+
cdk$1.Tags.of(this._queue).add(cdk.CDK.TAG.VENDOR, vendorTag);
|
|
718
705
|
}
|
|
719
706
|
// Create Lambda with JaypieLambda
|
|
720
707
|
this._lambdaConstruct = new JaypieLambda(this, "Function", {
|
|
@@ -835,12 +822,12 @@ class JaypieQueuedLambda extends constructs.Construct {
|
|
|
835
822
|
}
|
|
836
823
|
get env() {
|
|
837
824
|
return {
|
|
838
|
-
account: cdk.Stack.of(this).account,
|
|
839
|
-
region: cdk.Stack.of(this).region,
|
|
825
|
+
account: cdk$1.Stack.of(this).account,
|
|
826
|
+
region: cdk$1.Stack.of(this).region,
|
|
840
827
|
};
|
|
841
828
|
}
|
|
842
829
|
get stack() {
|
|
843
|
-
return cdk.Stack.of(this);
|
|
830
|
+
return cdk$1.Stack.of(this);
|
|
844
831
|
}
|
|
845
832
|
applyRemovalPolicy(policy) {
|
|
846
833
|
this._lambdaConstruct.applyRemovalPolicy(policy);
|
|
@@ -915,15 +902,15 @@ class JaypieBucketQueuedLambda extends JaypieQueuedLambda {
|
|
|
915
902
|
// Create S3 Bucket
|
|
916
903
|
this._bucket = new s3__namespace.Bucket(this, "Bucket", {
|
|
917
904
|
bucketName: bucketOptions.bucketName || bucketName,
|
|
918
|
-
removalPolicy: bucketOptions.removalPolicy || cdk.RemovalPolicy.RETAIN,
|
|
905
|
+
removalPolicy: bucketOptions.removalPolicy || cdk$1.RemovalPolicy.RETAIN,
|
|
919
906
|
...bucketOptions,
|
|
920
907
|
});
|
|
921
908
|
// Add tags to bucket
|
|
922
909
|
if (roleTag) {
|
|
923
|
-
cdk.Tags.of(this._bucket).add(cdk
|
|
910
|
+
cdk$1.Tags.of(this._bucket).add(cdk.CDK.TAG.ROLE, roleTag);
|
|
924
911
|
}
|
|
925
912
|
if (vendorTag) {
|
|
926
|
-
cdk.Tags.of(this._bucket).add(cdk
|
|
913
|
+
cdk$1.Tags.of(this._bucket).add(cdk.CDK.TAG.VENDOR, vendorTag);
|
|
927
914
|
}
|
|
928
915
|
// Add an event notification from the bucket to the queue
|
|
929
916
|
this._bucket.addEventNotification(s3__namespace.EventType.OBJECT_CREATED, new s3n__namespace.SqsDestination(this.queue));
|
|
@@ -1088,13 +1075,13 @@ class JaypieBucketQueuedLambda extends JaypieQueuedLambda {
|
|
|
1088
1075
|
|
|
1089
1076
|
// It is a consumer if the environment is ephemeral
|
|
1090
1077
|
function checkEnvIsConsumer(env = process.env) {
|
|
1091
|
-
return (env.PROJECT_ENV === cdk
|
|
1078
|
+
return (env.PROJECT_ENV === cdk.CDK.ENV.PERSONAL ||
|
|
1092
1079
|
!!env.CDK_ENV_PERSONAL ||
|
|
1093
1080
|
/** @deprecated */ env.PROJECT_ENV === "ephemeral" ||
|
|
1094
1081
|
/** @deprecated */ !!env.CDK_ENV_EPHEMERAL);
|
|
1095
1082
|
}
|
|
1096
1083
|
function checkEnvIsProvider(env = process.env) {
|
|
1097
|
-
return env.PROJECT_ENV === cdk
|
|
1084
|
+
return env.PROJECT_ENV === cdk.CDK.ENV.SANDBOX;
|
|
1098
1085
|
}
|
|
1099
1086
|
function cleanName(name) {
|
|
1100
1087
|
return name.replace(/[^a-zA-Z0-9:-]/g, "");
|
|
@@ -1108,7 +1095,7 @@ function exportEnvName(name, env = process.env) {
|
|
|
1108
1095
|
}
|
|
1109
1096
|
else {
|
|
1110
1097
|
if (checkEnvIsConsumer(env)) {
|
|
1111
|
-
rawName = `env-${cdk
|
|
1098
|
+
rawName = `env-${cdk.CDK.ENV.SANDBOX}-${env.PROJECT_KEY}-${name}`;
|
|
1112
1099
|
}
|
|
1113
1100
|
else {
|
|
1114
1101
|
rawName = `env-${env.PROJECT_ENV}-${env.PROJECT_KEY}-${name}`;
|
|
@@ -1129,10 +1116,10 @@ class JaypieEnvSecret extends constructs.Construct {
|
|
|
1129
1116
|
exportName = cleanName(exportParam);
|
|
1130
1117
|
}
|
|
1131
1118
|
if (consumer) {
|
|
1132
|
-
const secretName = cdk.Fn.importValue(exportName);
|
|
1119
|
+
const secretName = cdk$1.Fn.importValue(exportName);
|
|
1133
1120
|
this._secret = secretsmanager__namespace.Secret.fromSecretNameV2(this, id, secretName);
|
|
1134
1121
|
// Add CfnOutput for consumer secrets
|
|
1135
|
-
new cdk.CfnOutput(this, `ConsumedName`, {
|
|
1122
|
+
new cdk$1.CfnOutput(this, `ConsumedName`, {
|
|
1136
1123
|
value: this._secret.secretName,
|
|
1137
1124
|
});
|
|
1138
1125
|
}
|
|
@@ -1141,24 +1128,24 @@ class JaypieEnvSecret extends constructs.Construct {
|
|
|
1141
1128
|
const secretProps = {
|
|
1142
1129
|
generateSecretString,
|
|
1143
1130
|
secretStringValue: !generateSecretString && secretValue
|
|
1144
|
-
? cdk.SecretValue.unsafePlainText(secretValue)
|
|
1131
|
+
? cdk$1.SecretValue.unsafePlainText(secretValue)
|
|
1145
1132
|
: undefined,
|
|
1146
1133
|
};
|
|
1147
1134
|
this._secret = new secretsmanager__namespace.Secret(this, id, secretProps);
|
|
1148
1135
|
if (roleTag) {
|
|
1149
|
-
cdk.Tags.of(this._secret).add(cdk
|
|
1136
|
+
cdk$1.Tags.of(this._secret).add(cdk.CDK.TAG.ROLE, roleTag);
|
|
1150
1137
|
}
|
|
1151
1138
|
if (vendorTag) {
|
|
1152
|
-
cdk.Tags.of(this._secret).add(cdk
|
|
1139
|
+
cdk$1.Tags.of(this._secret).add(cdk.CDK.TAG.VENDOR, vendorTag);
|
|
1153
1140
|
}
|
|
1154
1141
|
if (provider) {
|
|
1155
|
-
new cdk.CfnOutput(this, `ProvidedName`, {
|
|
1142
|
+
new cdk$1.CfnOutput(this, `ProvidedName`, {
|
|
1156
1143
|
value: this._secret.secretName,
|
|
1157
1144
|
exportName,
|
|
1158
1145
|
});
|
|
1159
1146
|
}
|
|
1160
1147
|
else {
|
|
1161
|
-
new cdk.CfnOutput(this, `CreatedName`, {
|
|
1148
|
+
new cdk$1.CfnOutput(this, `CreatedName`, {
|
|
1162
1149
|
value: this._secret.secretName,
|
|
1163
1150
|
});
|
|
1164
1151
|
}
|
|
@@ -1166,12 +1153,12 @@ class JaypieEnvSecret extends constructs.Construct {
|
|
|
1166
1153
|
}
|
|
1167
1154
|
// IResource implementation
|
|
1168
1155
|
get stack() {
|
|
1169
|
-
return cdk.Stack.of(this);
|
|
1156
|
+
return cdk$1.Stack.of(this);
|
|
1170
1157
|
}
|
|
1171
1158
|
get env() {
|
|
1172
1159
|
return {
|
|
1173
|
-
account: cdk.Stack.of(this).account,
|
|
1174
|
-
region: cdk.Stack.of(this).region,
|
|
1160
|
+
account: cdk$1.Stack.of(this).account,
|
|
1161
|
+
region: cdk$1.Stack.of(this).region,
|
|
1175
1162
|
};
|
|
1176
1163
|
}
|
|
1177
1164
|
applyRemovalPolicy(policy) {
|
|
@@ -1223,8 +1210,8 @@ class JaypieDatadogSecret extends JaypieEnvSecret {
|
|
|
1223
1210
|
constructor(scope, id = "MongoConnectionString", props) {
|
|
1224
1211
|
const defaultProps = {
|
|
1225
1212
|
envKey: "DATADOG_API_KEY",
|
|
1226
|
-
roleTag: cdk
|
|
1227
|
-
vendorTag: cdk
|
|
1213
|
+
roleTag: cdk.CDK.ROLE.MONITORING,
|
|
1214
|
+
vendorTag: cdk.CDK.VENDOR.DATADOG,
|
|
1228
1215
|
...props,
|
|
1229
1216
|
};
|
|
1230
1217
|
super(scope, id, defaultProps);
|
|
@@ -1234,8 +1221,8 @@ class JaypieDatadogSecret extends JaypieEnvSecret {
|
|
|
1234
1221
|
class JaypieExpressLambda extends JaypieLambda {
|
|
1235
1222
|
constructor(scope, id, props) {
|
|
1236
1223
|
super(scope, id, {
|
|
1237
|
-
timeout: cdk.Duration.seconds(cdk
|
|
1238
|
-
roleTag: cdk
|
|
1224
|
+
timeout: cdk$1.Duration.seconds(cdk.CDK.DURATION.EXPRESS_API),
|
|
1225
|
+
roleTag: cdk.CDK.ROLE.API,
|
|
1239
1226
|
...props,
|
|
1240
1227
|
});
|
|
1241
1228
|
}
|
|
@@ -1251,7 +1238,7 @@ class JaypieHostedZone extends constructs.Construct {
|
|
|
1251
1238
|
constructor(scope, id, props) {
|
|
1252
1239
|
super(scope, id);
|
|
1253
1240
|
const { destination, zoneName, project } = props;
|
|
1254
|
-
const service = props.service || cdk
|
|
1241
|
+
const service = props.service || cdk.CDK.SERVICE.INFRASTRUCTURE;
|
|
1255
1242
|
// Create the log group
|
|
1256
1243
|
this.logGroup = new awsLogs.LogGroup(this, "LogGroup", {
|
|
1257
1244
|
logGroupName: process.env.PROJECT_NONCE
|
|
@@ -1260,10 +1247,10 @@ class JaypieHostedZone extends constructs.Construct {
|
|
|
1260
1247
|
retention: awsLogs.RetentionDays.ONE_WEEK,
|
|
1261
1248
|
});
|
|
1262
1249
|
// Add tags
|
|
1263
|
-
cdk__namespace.Tags.of(this.logGroup).add(cdk
|
|
1264
|
-
cdk__namespace.Tags.of(this.logGroup).add(cdk
|
|
1250
|
+
cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.SERVICE, service);
|
|
1251
|
+
cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
|
|
1265
1252
|
if (project) {
|
|
1266
|
-
cdk__namespace.Tags.of(this.logGroup).add(cdk
|
|
1253
|
+
cdk__namespace.Tags.of(this.logGroup).add(cdk.CDK.TAG.PROJECT, project);
|
|
1267
1254
|
}
|
|
1268
1255
|
// Grant Route 53 permissions to write to the log group
|
|
1269
1256
|
this.logGroup.grantWrite(new awsIam.ServicePrincipal(SERVICE.ROUTE53));
|
|
@@ -1280,10 +1267,10 @@ class JaypieHostedZone extends constructs.Construct {
|
|
|
1280
1267
|
zoneName,
|
|
1281
1268
|
});
|
|
1282
1269
|
// Add tags
|
|
1283
|
-
cdk__namespace.Tags.of(this.hostedZone).add(cdk
|
|
1284
|
-
cdk__namespace.Tags.of(this.hostedZone).add(cdk
|
|
1270
|
+
cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.SERVICE, service);
|
|
1271
|
+
cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
|
|
1285
1272
|
if (project) {
|
|
1286
|
-
cdk__namespace.Tags.of(this.hostedZone).add(cdk
|
|
1273
|
+
cdk__namespace.Tags.of(this.hostedZone).add(cdk.CDK.TAG.PROJECT, project);
|
|
1287
1274
|
}
|
|
1288
1275
|
}
|
|
1289
1276
|
}
|
|
@@ -1303,7 +1290,7 @@ class JaypieInfrastructureStack extends JaypieStack {
|
|
|
1303
1290
|
super(scope, id, { key, ...stackProps });
|
|
1304
1291
|
// Add infrastructure-specific tag
|
|
1305
1292
|
if (process.env.CDK_ENV_INFRASTRUCTURE_STACK_SHA) {
|
|
1306
|
-
cdk.Tags.of(this).add(CDK.TAG.STACK_SHA, process.env.CDK_ENV_INFRASTRUCTURE_STACK_SHA);
|
|
1293
|
+
cdk$1.Tags.of(this).add(CDK.TAG.STACK_SHA, process.env.CDK_ENV_INFRASTRUCTURE_STACK_SHA);
|
|
1307
1294
|
}
|
|
1308
1295
|
}
|
|
1309
1296
|
}
|
|
@@ -1312,8 +1299,8 @@ class JaypieMongoDbSecret extends JaypieEnvSecret {
|
|
|
1312
1299
|
constructor(scope, id = "MongoConnectionString", props) {
|
|
1313
1300
|
const defaultProps = {
|
|
1314
1301
|
envKey: "MONGODB_URI",
|
|
1315
|
-
roleTag: cdk
|
|
1316
|
-
vendorTag: cdk
|
|
1302
|
+
roleTag: cdk.CDK.ROLE.STORAGE,
|
|
1303
|
+
vendorTag: cdk.CDK.VENDOR.MONGODB,
|
|
1317
1304
|
...props,
|
|
1318
1305
|
};
|
|
1319
1306
|
super(scope, id, defaultProps);
|
|
@@ -1324,8 +1311,8 @@ class JaypieOpenAiSecret extends JaypieEnvSecret {
|
|
|
1324
1311
|
constructor(scope, id = "OpenAiApiKey", props) {
|
|
1325
1312
|
const defaultProps = {
|
|
1326
1313
|
envKey: "OPENAI_API_KEY",
|
|
1327
|
-
roleTag: cdk
|
|
1328
|
-
vendorTag: cdk
|
|
1314
|
+
roleTag: cdk.CDK.ROLE.PROCESSING,
|
|
1315
|
+
vendorTag: cdk.CDK.VENDOR.OPENAI,
|
|
1329
1316
|
...props,
|
|
1330
1317
|
};
|
|
1331
1318
|
super(scope, id, defaultProps);
|
|
@@ -1385,11 +1372,11 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1385
1372
|
instanceArn: this.instanceArn,
|
|
1386
1373
|
name: exports.PermissionSetType.ADMINISTRATOR,
|
|
1387
1374
|
description: "Full administrative access to all AWS services and resources",
|
|
1388
|
-
sessionDuration: cdk.Duration.hours(8).toIsoString(),
|
|
1375
|
+
sessionDuration: cdk$1.Duration.hours(8).toIsoString(),
|
|
1389
1376
|
managedPolicies: ["arn:aws:iam::aws:policy/AdministratorAccess"],
|
|
1390
1377
|
inlinePolicy: mergedPolicy,
|
|
1391
1378
|
});
|
|
1392
|
-
cdk.Tags.of(permissionSet).add(cdk
|
|
1379
|
+
cdk$1.Tags.of(permissionSet).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
|
|
1393
1380
|
this.permissionSets[exports.PermissionSetType.ADMINISTRATOR] = permissionSet;
|
|
1394
1381
|
}
|
|
1395
1382
|
/**
|
|
@@ -1422,11 +1409,11 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1422
1409
|
instanceArn: this.instanceArn,
|
|
1423
1410
|
name: exports.PermissionSetType.ANALYST,
|
|
1424
1411
|
description: "Read-only access with billing visibility and limited write access",
|
|
1425
|
-
sessionDuration: cdk.Duration.hours(4).toIsoString(),
|
|
1412
|
+
sessionDuration: cdk$1.Duration.hours(4).toIsoString(),
|
|
1426
1413
|
managedPolicies: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
|
|
1427
1414
|
inlinePolicy: mergedPolicy,
|
|
1428
1415
|
});
|
|
1429
|
-
cdk.Tags.of(permissionSet).add(cdk
|
|
1416
|
+
cdk$1.Tags.of(permissionSet).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
|
|
1430
1417
|
this.permissionSets[exports.PermissionSetType.ANALYST] = permissionSet;
|
|
1431
1418
|
}
|
|
1432
1419
|
/**
|
|
@@ -1474,13 +1461,13 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1474
1461
|
instanceArn: this.instanceArn,
|
|
1475
1462
|
name: exports.PermissionSetType.DEVELOPER,
|
|
1476
1463
|
description: "System administrator access with expanded write permissions",
|
|
1477
|
-
sessionDuration: cdk.Duration.hours(8).toIsoString(),
|
|
1464
|
+
sessionDuration: cdk$1.Duration.hours(8).toIsoString(),
|
|
1478
1465
|
managedPolicies: [
|
|
1479
1466
|
"arn:aws:iam::aws:policy/job-function/SystemAdministrator",
|
|
1480
1467
|
],
|
|
1481
1468
|
inlinePolicy: mergedPolicy,
|
|
1482
1469
|
});
|
|
1483
|
-
cdk.Tags.of(permissionSet).add(cdk
|
|
1470
|
+
cdk$1.Tags.of(permissionSet).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
|
|
1484
1471
|
this.permissionSets[exports.PermissionSetType.DEVELOPER] = permissionSet;
|
|
1485
1472
|
}
|
|
1486
1473
|
/**
|
|
@@ -1547,8 +1534,8 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1547
1534
|
targetId: accountId,
|
|
1548
1535
|
targetType: "AWS_ACCOUNT",
|
|
1549
1536
|
});
|
|
1550
|
-
cdk.Tags.of(assignment).add(cdk
|
|
1551
|
-
cdk.Tags.of(assignment).add("Group", "administrators");
|
|
1537
|
+
cdk$1.Tags.of(assignment).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
|
|
1538
|
+
cdk$1.Tags.of(assignment).add("Group", "administrators");
|
|
1552
1539
|
});
|
|
1553
1540
|
}
|
|
1554
1541
|
/**
|
|
@@ -1574,8 +1561,8 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1574
1561
|
targetId: accountId,
|
|
1575
1562
|
targetType: "AWS_ACCOUNT",
|
|
1576
1563
|
});
|
|
1577
|
-
cdk.Tags.of(assignment).add(cdk
|
|
1578
|
-
cdk.Tags.of(assignment).add("Group", "analysts");
|
|
1564
|
+
cdk$1.Tags.of(assignment).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
|
|
1565
|
+
cdk$1.Tags.of(assignment).add("Group", "analysts");
|
|
1579
1566
|
});
|
|
1580
1567
|
}
|
|
1581
1568
|
/**
|
|
@@ -1600,8 +1587,8 @@ class JaypieSsoGroups extends constructs.Construct {
|
|
|
1600
1587
|
targetId: accountId,
|
|
1601
1588
|
targetType: "AWS_ACCOUNT",
|
|
1602
1589
|
});
|
|
1603
|
-
cdk.Tags.of(assignment).add(cdk
|
|
1604
|
-
cdk.Tags.of(assignment).add("Group", "developers");
|
|
1590
|
+
cdk$1.Tags.of(assignment).add(cdk.CDK.TAG.SERVICE, cdk.CDK.SERVICE.SSO);
|
|
1591
|
+
cdk$1.Tags.of(assignment).add("Group", "developers");
|
|
1605
1592
|
});
|
|
1606
1593
|
}
|
|
1607
1594
|
}
|
|
@@ -1610,8 +1597,8 @@ class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
|
|
|
1610
1597
|
constructor(scope, id = "TraceSigningKey", props) {
|
|
1611
1598
|
const defaultProps = {
|
|
1612
1599
|
envKey: "TRACE_SIGNING_KEY",
|
|
1613
|
-
roleTag: cdk
|
|
1614
|
-
vendorTag: cdk
|
|
1600
|
+
roleTag: cdk.CDK.ROLE.API,
|
|
1601
|
+
vendorTag: cdk.CDK.VENDOR.KNOWTRACE,
|
|
1615
1602
|
...props,
|
|
1616
1603
|
};
|
|
1617
1604
|
super(scope, id, defaultProps);
|
|
@@ -1621,19 +1608,19 @@ class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
|
|
|
1621
1608
|
class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
1622
1609
|
constructor(scope, id, props = {}) {
|
|
1623
1610
|
super(scope, id);
|
|
1624
|
-
const roleTag = props.roleTag || cdk
|
|
1611
|
+
const roleTag = props.roleTag || cdk.CDK.ROLE.HOSTING;
|
|
1625
1612
|
// Environment variable validation
|
|
1626
1613
|
if (process.env.CDK_ENV_WEB_SUBDOMAIN &&
|
|
1627
|
-
!cdk
|
|
1628
|
-
throw new cdk
|
|
1614
|
+
!cdk.isValidSubdomain(process.env.CDK_ENV_WEB_SUBDOMAIN)) {
|
|
1615
|
+
throw new cdk.ConfigurationError("CDK_ENV_WEB_SUBDOMAIN is not a valid subdomain");
|
|
1629
1616
|
}
|
|
1630
1617
|
if (process.env.CDK_ENV_WEB_HOSTED_ZONE &&
|
|
1631
|
-
!cdk
|
|
1632
|
-
throw new cdk
|
|
1618
|
+
!cdk.isValidHostname(process.env.CDK_ENV_WEB_HOSTED_ZONE)) {
|
|
1619
|
+
throw new cdk.ConfigurationError("CDK_ENV_WEB_HOSTED_ZONE is not a valid hostname");
|
|
1633
1620
|
}
|
|
1634
1621
|
if (process.env.CDK_ENV_HOSTED_ZONE &&
|
|
1635
|
-
!cdk
|
|
1636
|
-
throw new cdk
|
|
1622
|
+
!cdk.isValidHostname(process.env.CDK_ENV_HOSTED_ZONE)) {
|
|
1623
|
+
throw new cdk.ConfigurationError("CDK_ENV_HOSTED_ZONE is not a valid hostname");
|
|
1637
1624
|
}
|
|
1638
1625
|
// Determine host from props or environment
|
|
1639
1626
|
let host = props.host;
|
|
@@ -1641,7 +1628,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1641
1628
|
try {
|
|
1642
1629
|
host =
|
|
1643
1630
|
process.env.CDK_ENV_WEB_HOST ||
|
|
1644
|
-
cdk
|
|
1631
|
+
cdk.mergeDomain(process.env.CDK_ENV_WEB_SUBDOMAIN || "", process.env.CDK_ENV_WEB_HOSTED_ZONE ||
|
|
1645
1632
|
process.env.CDK_ENV_HOSTED_ZONE ||
|
|
1646
1633
|
"");
|
|
1647
1634
|
}
|
|
@@ -1649,8 +1636,8 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1649
1636
|
host = undefined;
|
|
1650
1637
|
}
|
|
1651
1638
|
}
|
|
1652
|
-
if (host && !cdk
|
|
1653
|
-
throw new cdk
|
|
1639
|
+
if (host && !cdk.isValidHostname(host)) {
|
|
1640
|
+
throw new cdk.ConfigurationError("Host is not a valid hostname");
|
|
1654
1641
|
}
|
|
1655
1642
|
// Determine zone from props or environment
|
|
1656
1643
|
const zone = props.zone ||
|
|
@@ -1663,7 +1650,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1663
1650
|
blockPublicAccess: s3__namespace.BlockPublicAccess.BLOCK_ACLS,
|
|
1664
1651
|
bucketName: props.name || constructEnvName("web"),
|
|
1665
1652
|
publicReadAccess: true,
|
|
1666
|
-
removalPolicy: cdk.RemovalPolicy.DESTROY,
|
|
1653
|
+
removalPolicy: cdk$1.RemovalPolicy.DESTROY,
|
|
1667
1654
|
versioned: false,
|
|
1668
1655
|
websiteErrorDocument: "index.html",
|
|
1669
1656
|
websiteIndexDocument: "index.html",
|
|
@@ -1681,7 +1668,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1681
1668
|
this.isWebsite = this.bucket.isWebsite;
|
|
1682
1669
|
this.notificationsHandlerRole = undefined;
|
|
1683
1670
|
this.policy = this.bucket.policy;
|
|
1684
|
-
cdk.Tags.of(this.bucket).add(cdk
|
|
1671
|
+
cdk$1.Tags.of(this.bucket).add(cdk.CDK.TAG.ROLE, roleTag);
|
|
1685
1672
|
// Create deployment role if repository is configured
|
|
1686
1673
|
let repo;
|
|
1687
1674
|
if (process.env.CDK_ENV_REPO) {
|
|
@@ -1689,14 +1676,14 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1689
1676
|
}
|
|
1690
1677
|
if (repo) {
|
|
1691
1678
|
const bucketDeployRole = new awsIam.Role(this, "DestinationBucketDeployRole", {
|
|
1692
|
-
assumedBy: new awsIam.FederatedPrincipal(cdk.Fn.importValue(cdk
|
|
1679
|
+
assumedBy: new awsIam.FederatedPrincipal(cdk$1.Fn.importValue(cdk.CDK.IMPORT.OIDC_PROVIDER), {
|
|
1693
1680
|
StringLike: {
|
|
1694
1681
|
"token.actions.githubusercontent.com:sub": repo,
|
|
1695
1682
|
},
|
|
1696
1683
|
}, "sts:AssumeRoleWithWebIdentity"),
|
|
1697
|
-
maxSessionDuration: cdk.Duration.hours(1),
|
|
1684
|
+
maxSessionDuration: cdk$1.Duration.hours(1),
|
|
1698
1685
|
});
|
|
1699
|
-
cdk.Tags.of(bucketDeployRole).add(cdk
|
|
1686
|
+
cdk$1.Tags.of(bucketDeployRole).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.DEPLOY);
|
|
1700
1687
|
// Allow the role to write to the bucket
|
|
1701
1688
|
bucketDeployRole.addToPolicy(new awsIam.PolicyStatement({
|
|
1702
1689
|
effect: awsIam.Effect.ALLOW,
|
|
@@ -1721,7 +1708,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1721
1708
|
}));
|
|
1722
1709
|
this.deployRoleArn = bucketDeployRole.roleArn;
|
|
1723
1710
|
// Output the deploy role ARN
|
|
1724
|
-
new cdk.CfnOutput(this, "DestinationBucketDeployRoleArn", {
|
|
1711
|
+
new cdk$1.CfnOutput(this, "DestinationBucketDeployRoleArn", {
|
|
1725
1712
|
value: bucketDeployRole.roleArn,
|
|
1726
1713
|
});
|
|
1727
1714
|
}
|
|
@@ -1741,10 +1728,10 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1741
1728
|
domainName: host,
|
|
1742
1729
|
validation: acm__namespace.CertificateValidation.fromDns(hostedZone),
|
|
1743
1730
|
});
|
|
1744
|
-
new cdk.CfnOutput(this, "CertificateArn", {
|
|
1731
|
+
new cdk$1.CfnOutput(this, "CertificateArn", {
|
|
1745
1732
|
value: this.certificate.certificateArn,
|
|
1746
1733
|
});
|
|
1747
|
-
cdk.Tags.of(this.certificate).add(cdk
|
|
1734
|
+
cdk$1.Tags.of(this.certificate).add(cdk.CDK.TAG.ROLE, roleTag);
|
|
1748
1735
|
}
|
|
1749
1736
|
// Create CloudFront distribution
|
|
1750
1737
|
this.distribution = new cloudfront__namespace.Distribution(this, "Distribution", {
|
|
@@ -1756,7 +1743,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1756
1743
|
certificate: this.certificate,
|
|
1757
1744
|
domainNames: [host],
|
|
1758
1745
|
});
|
|
1759
|
-
cdk.Tags.of(this.distribution).add(cdk
|
|
1746
|
+
cdk$1.Tags.of(this.distribution).add(cdk.CDK.TAG.ROLE, roleTag);
|
|
1760
1747
|
// If this is production, enable caching on everything but index.html
|
|
1761
1748
|
if (isProductionEnv()) {
|
|
1762
1749
|
this.distribution.addBehavior("/*", new origins__namespace.S3Origin(this.bucket), {
|
|
@@ -1770,7 +1757,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
|
|
|
1770
1757
|
target: route53__namespace.RecordTarget.fromAlias(new route53Targets__namespace.CloudFrontTarget(this.distribution)),
|
|
1771
1758
|
zone: hostedZone,
|
|
1772
1759
|
});
|
|
1773
|
-
cdk.Tags.of(record).add(cdk
|
|
1760
|
+
cdk$1.Tags.of(record).add(cdk.CDK.TAG.ROLE, cdk.CDK.ROLE.NETWORKING);
|
|
1774
1761
|
this.distributionDomainName = this.distribution.distributionDomainName;
|
|
1775
1762
|
}
|
|
1776
1763
|
}
|
|
@@ -1882,8 +1869,7 @@ exports.JaypieSsoGroups = JaypieSsoGroups;
|
|
|
1882
1869
|
exports.JaypieStack = JaypieStack;
|
|
1883
1870
|
exports.JaypieTraceSigningKeySecret = JaypieTraceSigningKeySecret;
|
|
1884
1871
|
exports.JaypieWebDeploymentBucket = JaypieWebDeploymentBucket;
|
|
1885
|
-
exports.
|
|
1886
|
-
exports.addParamsAndSecrets = addParamsAndSecrets;
|
|
1872
|
+
exports.addDatadogLayers = addDatadogLayers;
|
|
1887
1873
|
exports.constructEnvName = constructEnvName;
|
|
1888
1874
|
exports.constructStackName = constructStackName;
|
|
1889
1875
|
exports.constructTagger = constructTagger;
|
|
@@ -1892,5 +1878,7 @@ exports.isEnv = isEnv;
|
|
|
1892
1878
|
exports.isProductionEnv = isProductionEnv;
|
|
1893
1879
|
exports.isSandboxEnv = isSandboxEnv;
|
|
1894
1880
|
exports.jaypieLambdaEnv = jaypieLambdaEnv;
|
|
1881
|
+
exports.resolveDatadogLayers = resolveDatadogLayers;
|
|
1895
1882
|
exports.resolveHostedZone = resolveHostedZone;
|
|
1883
|
+
exports.resolveParamsAndSecrets = resolveParamsAndSecrets;
|
|
1896
1884
|
//# sourceMappingURL=index.cjs.map
|