@jaypie/constructs 1.1.47 → 1.1.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/cjs/index.cjs +74 -17
  2. package/dist/cjs/index.cjs.map +1 -1
  3. package/dist/esm/index.js +75 -18
  4. package/dist/esm/index.js.map +1 -1
  5. package/package.json +2 -2
package/dist/esm/index.js CHANGED
@@ -14,7 +14,7 @@ import * as s3 from 'aws-cdk-lib/aws-s3';
14
14
  import * as s3n from 'aws-cdk-lib/aws-s3-notifications';
15
15
  import * as sqs from 'aws-cdk-lib/aws-sqs';
16
16
  import * as lambdaEventSources from 'aws-cdk-lib/aws-lambda-event-sources';
17
- import { ServicePrincipal, Role, FederatedPrincipal, PolicyStatement, Effect } from 'aws-cdk-lib/aws-iam';
17
+ import { ServicePrincipal, ManagedPolicy, Role, FederatedPrincipal, PolicyStatement, Effect } from 'aws-cdk-lib/aws-iam';
18
18
  import { LogGroup, RetentionDays, FilterPattern } from 'aws-cdk-lib/aws-logs';
19
19
  import * as sso from 'aws-cdk-lib/aws-sso';
20
20
  import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
@@ -44,7 +44,7 @@ function addDatadogLayers(lambdaFunction, options = {}) {
44
44
  Object.entries(datadogEnvVars).forEach(([key, value]) => {
45
45
  lambdaFunction.addEnvironment(key, value);
46
46
  });
47
- const datadogApiKeySecret = secretsmanager.Secret.fromSecretNameV2(lambdaFunction, "DatadogApiKey", resolvedDatadogApiKeyArn);
47
+ const datadogApiKeySecret = secretsmanager.Secret.fromSecretCompleteArn(lambdaFunction, "DatadogApiKey", resolvedDatadogApiKeyArn);
48
48
  const datadogLambda = new DatadogLambda(lambdaFunction, "DatadogLambda", {
49
49
  apiKeySecret: datadogApiKeySecret, // apiKeySecret auto-grants secret access to the added lambdas
50
50
  nodeLayerVersion: CDK$2.DATADOG.LAYER.NODE,
@@ -1357,6 +1357,7 @@ class JaypieSsoGroups extends Construct {
1357
1357
  "budgets:*",
1358
1358
  "ce:*",
1359
1359
  "cost-optimization-hub:*",
1360
+ "cur:*",
1360
1361
  ],
1361
1362
  Resource: "*",
1362
1363
  },
@@ -1386,14 +1387,52 @@ class JaypieSsoGroups extends Construct {
1386
1387
  {
1387
1388
  Effect: "Allow",
1388
1389
  Action: [
1390
+ "aws-portal:ViewUsage",
1389
1391
  "aws-portal:ViewBilling",
1390
- "aws-portal:ViewAccount",
1391
- "budgets:ViewBudget",
1392
- "cloudwatch:PutDashboard",
1393
- "cloudwatch:PutMetricData",
1394
- "s3:PutObject",
1395
- "s3:GetObject",
1396
- "s3:ListBucket",
1392
+ "budgets:Describe*",
1393
+ "budgets:View*",
1394
+ "ce:Get*",
1395
+ "ce:List*",
1396
+ "cloudformation:Describe*",
1397
+ "cloudformation:Get*",
1398
+ "cloudformation:List*",
1399
+ "cloudwatch:BatchGet*",
1400
+ "cloudwatch:Get*",
1401
+ "cloudwatch:List*",
1402
+ "cost-optimization-hub:Get*",
1403
+ "cost-optimization-hub:List*",
1404
+ "ec2:Describe*",
1405
+ "ec2:Get*",
1406
+ "ec2:List*",
1407
+ "ec2:Search*",
1408
+ "iam:Get*",
1409
+ "iam:List*",
1410
+ "iam:PassRole",
1411
+ "lambda:Get*",
1412
+ "lambda:List*",
1413
+ "logs:Describe*",
1414
+ "logs:Get*",
1415
+ "logs:List*",
1416
+ "pipes:Describe*",
1417
+ "pipes:List*",
1418
+ "s3:Get*",
1419
+ "s3:List*",
1420
+ "secretsmanager:GetRandomPassword",
1421
+ "secretsmanager:GetResourcePolicy",
1422
+ "secretsmanager:List*",
1423
+ "securityhub:Describe*",
1424
+ "securityhub:Get*",
1425
+ "securityhub:List*",
1426
+ "servicecatalog:Describe*",
1427
+ "sns:Get*",
1428
+ "sns:List*",
1429
+ "sqs:Get*",
1430
+ "sqs:List*",
1431
+ "states:Describe*",
1432
+ "states:Get*",
1433
+ "states:List*",
1434
+ "tag:*",
1435
+ "xray:*",
1397
1436
  ],
1398
1437
  Resource: "*",
1399
1438
  },
@@ -1406,7 +1445,12 @@ class JaypieSsoGroups extends Construct {
1406
1445
  name: PermissionSetType.ANALYST,
1407
1446
  description: "Read-only access with billing visibility and limited write access",
1408
1447
  sessionDuration: Duration.hours(4).toIsoString(),
1409
- managedPolicies: ["arn:aws:iam::aws:policy/ReadOnlyAccess"],
1448
+ managedPolicies: [
1449
+ ManagedPolicy.fromAwsManagedPolicyName("AmazonQDeveloperAccess")
1450
+ .managedPolicyArn,
1451
+ ManagedPolicy.fromAwsManagedPolicyName("ReadOnlyAccess")
1452
+ .managedPolicyArn,
1453
+ ],
1410
1454
  inlinePolicy: mergedPolicy,
1411
1455
  });
1412
1456
  Tags.of(permissionSet).add(CDK$2.TAG.SERVICE, CDK$2.SERVICE.SSO);
@@ -1423,18 +1467,27 @@ class JaypieSsoGroups extends Construct {
1423
1467
  {
1424
1468
  Effect: "Allow",
1425
1469
  Action: [
1470
+ "budgets:*",
1471
+ "ce:*",
1472
+ "cloudformation:*",
1426
1473
  "cloudwatch:*",
1427
- "logs:*",
1474
+ "cost-optimization-hub:*",
1475
+ "ec2:*",
1476
+ "iam:Get*",
1477
+ "iam:List*",
1478
+ "iam:PassRole",
1428
1479
  "lambda:*",
1429
- "apigateway:*",
1430
- "dynamodb:*",
1480
+ "logs:*",
1481
+ "pipes:*",
1431
1482
  "s3:*",
1483
+ "secretsmanager:*",
1484
+ "securityhub:*",
1485
+ "servicecatalog:*",
1432
1486
  "sns:*",
1433
1487
  "sqs:*",
1434
- "events:*",
1435
- "ecr:*",
1436
- "ecs:*",
1437
- "codebuild:*",
1488
+ "states:*",
1489
+ "tag:*",
1490
+ "xray:*",
1438
1491
  ],
1439
1492
  Resource: "*",
1440
1493
  },
@@ -1459,7 +1512,11 @@ class JaypieSsoGroups extends Construct {
1459
1512
  description: "System administrator access with expanded write permissions",
1460
1513
  sessionDuration: Duration.hours(8).toIsoString(),
1461
1514
  managedPolicies: [
1462
- "arn:aws:iam::aws:policy/job-function/SystemAdministrator",
1515
+ ManagedPolicy.fromAwsManagedPolicyName("AmazonQDeveloperAccess")
1516
+ .managedPolicyArn,
1517
+ ManagedPolicy.fromAwsManagedPolicyName("ReadOnlyAccess")
1518
+ .managedPolicyArn,
1519
+ ManagedPolicy.fromAwsManagedPolicyName("job-function/SystemAdministrator").managedPolicyArn,
1463
1520
  ],
1464
1521
  inlinePolicy: mergedPolicy,
1465
1522
  });