@jaypie/constructs 1.1.48 → 1.1.50

package/dist/cjs/JaypieApiGateway.d.ts

@@ -43,4 +43,5 @@ export declare class JaypieApiGateway extends Construct implements apiGateway.IR
     metricLatency(props?: import("aws-cdk-lib/aws-cloudwatch").MetricOptions): import("aws-cdk-lib/aws-cloudwatch").Metric;
     metricServerError(props?: import("aws-cdk-lib/aws-cloudwatch").MetricOptions): import("aws-cdk-lib/aws-cloudwatch").Metric;
     applyRemovalPolicy(policy: RemovalPolicy): void;
+    get restApiRef(): apiGateway.RestApiReference;
 }

package/dist/cjs/JaypieBucketQueuedLambda.d.ts

@@ -2,7 +2,6 @@ import { Construct } from "constructs";
 import { RemovalPolicy } from "aws-cdk-lib";
 import * as s3 from "aws-cdk-lib/aws-s3";
 import * as iam from "aws-cdk-lib/aws-iam";
-import * as cloudwatch from "aws-cdk-lib/aws-cloudwatch";
 import { JaypieQueuedLambda, JaypieQueuedLambdaProps } from "./JaypieQueuedLambda.js";
 export interface JaypieBucketQueuedLambdaProps extends JaypieQueuedLambdaProps {
     bucketName?: string;
@@ -22,13 +21,12 @@ export declare class JaypieBucketQueuedLambda extends JaypieQueuedLambda impleme
     get encryptionKey(): undefined | import("aws-cdk-lib/aws-kms").IKey;
     get isWebsite(): boolean;
     get policy(): s3.BucketPolicy | undefined;
-    addEventNotification(event: s3.EventType, dest: s3.IBucketNotificationDestination, filters?: s3.NotificationKeyFilter[]): void;
+    addEventNotification(event: s3.EventType, dest: s3.IBucketNotificationDestination, ...filters: s3.NotificationKeyFilter[]): void;
     addObjectCreatedNotification(dest: s3.IBucketNotificationDestination, ...filters: s3.NotificationKeyFilter[]): void;
     addObjectRemovedNotification(dest: s3.IBucketNotificationDestination, ...filters: s3.NotificationKeyFilter[]): void;
     addToResourcePolicy(permission: iam.PolicyStatement): iam.AddToResourcePolicyResult;
     arnForObjects(objectKeyPattern: string): string;
     enableEventBridgeNotification(): void;
-    grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
     grantDelete(grantee: iam.IGrantable, objectsKeyPattern?: any): iam.Grant;
     grantPublicAccess(keyPrefix?: string, ...allowedActions: string[]): iam.Grant;
     grantPut(grantee: iam.IGrantable, objectsKeyPattern?: any): iam.Grant;
@@ -43,21 +41,8 @@ export declare class JaypieBucketQueuedLambda extends JaypieQueuedLambda impleme
     transferAccelerationUrlForObject(key?: string, options?: s3.TransferAccelerationUrlOptions): string;
     urlForObject(key?: string): string;
     virtualHostedUrlForObject(key?: string, options?: s3.VirtualHostedStyleUrlOptions): string;
-    metricAllRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricBucketSizeBytes(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricDeleteRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricDownloadBytes(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricFirstByteLatency(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricGetRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricHeadRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricHttpRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricListRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricNumberOfObjects(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricPostRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricPutRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricSelectRequests(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricSelectScannedBytes(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricUploadBytes(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
-    metricSelectReturnedBytes(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
+    grantReplicationPermission(identity: iam.IGrantable, props: any): iam.Grant;
+    addReplicationPolicy(policy: any): void;
+    get bucketRef(): s3.BucketReference;
     applyRemovalPolicy(policy: RemovalPolicy): void;
 }

package/dist/cjs/JaypieDnsRecord.d.ts

@@ -0,0 +1,45 @@
+import * as cdk from "aws-cdk-lib";
+import { ARecord, CnameRecord, IHostedZone, MxRecord, NsRecord, TxtRecord } from "aws-cdk-lib/aws-route53";
+import { Construct } from "constructs";
+export interface JaypieDnsRecordProps {
+    /**
+     * Optional comment to add to the DNS record
+     */
+    comment?: string;
+    /**
+     * Optional record name (subdomain). If not provided, creates record at zone apex
+     */
+    recordName?: string;
+    /**
+     * Time to live for the DNS record
+     * @default CDK.DNS.CONFIG.TTL (5 minutes)
+     */
+    ttl?: cdk.Duration;
+    /**
+     * The DNS record type (A, CNAME, MX, NS, TXT)
+     */
+    type: string;
+    /**
+     * Values for the DNS record. Format depends on record type:
+     * - A: Array of IPv4 addresses (e.g., ["1.2.3.4", "5.6.7.8"])
+     * - CNAME: Single domain name as first element (e.g., ["example.com"])
+     * - MX: Array of objects with priority and hostName (e.g., [{priority: 10, hostName: "mail.example.com"}])
+     * - NS: Array of name server addresses (e.g., ["ns1.example.com", "ns2.example.com"])
+     * - TXT: Array of text values (e.g., ["v=spf1 include:example.com ~all"])
+     */
+    values: string[] | Array<{
+        hostName: string;
+        priority: number;
+    }>;
+    /**
+     * The hosted zone where the record will be created.
+     * Can be either:
+     * - A string (zone name) - will lookup the hosted zone by domain name
+     * - An IHostedZone object - will use the provided zone directly
+     */
+    zone: string | IHostedZone;
+}
+export declare class JaypieDnsRecord extends Construct {
+    readonly record: ARecord | CnameRecord | MxRecord | NsRecord | TxtRecord;
+    constructor(scope: Construct, id: string, props: JaypieDnsRecordProps);
+}

package/dist/cjs/JaypieGitHubDeployRole.d.ts

@@ -0,0 +1,15 @@
+import { Role } from "aws-cdk-lib/aws-iam";
+import { Construct } from "constructs";
+export interface JaypieGitHubDeployRoleProps {
+    accountId: string;
+    oidcProviderArn?: string;
+    output?: boolean | string;
+    repoRestriction?: string;
+}
+export declare class JaypieGitHubDeployRole extends Construct {
+    private readonly _role;
+    constructor(scope: Construct, id: string, props: JaypieGitHubDeployRoleProps);
+    get role(): Role;
+    get roleArn(): string;
+    get roleName(): string;
+}

package/dist/cjs/JaypieHostedZone.d.ts

@@ -1,7 +1,19 @@
 import { ILogGroup } from "aws-cdk-lib/aws-logs";
+import { LambdaDestination } from "aws-cdk-lib/aws-logs-destinations";
 import { IHostedZone } from "aws-cdk-lib/aws-route53";
 import { Construct } from "constructs";
-import { LambdaDestination } from "aws-cdk-lib/aws-logs-destinations";
+import { JaypieDnsRecord, JaypieDnsRecordProps } from "./JaypieDnsRecord";
+/**
+ * DNS record configuration for JaypieHostedZone
+ * Omits 'zone' since it will be automatically set to the created hosted zone
+ */
+export interface JaypieHostedZoneRecordProps extends Omit<JaypieDnsRecordProps, "zone"> {
+    /**
+     * Optional ID for the DNS record construct
+     * @default Generated from record type and name
+     */
+    id?: string;
+}
 interface JaypieHostedZoneProps {
     /**
      * The domain name for the hosted zone
@@ -17,15 +29,25 @@ interface JaypieHostedZoneProps {
      */
     project?: string;
     /**
-     * Optional log destination
+     * Log destination configuration
+     * - LambdaDestination: Use a specific Lambda destination
+     * - true: Use Datadog logging destination (default)
+     * - false: Do not use a destination
+     * @default true
+     */
+    destination?: LambdaDestination | boolean;
+    /**
+     * Optional DNS records to create for this hosted zone
+     * Each record will be created as a JaypieDnsRecord construct
      */
-    destination?: LambdaDestination;
+    records?: JaypieHostedZoneRecordProps[];
 }
 export declare class JaypieHostedZone extends Construct {
     readonly hostedZone: IHostedZone;
     readonly logGroup: ILogGroup;
+    readonly dnsRecords: JaypieDnsRecord[];
     /**
-     * Create a new hosted zone with query logging
+     * Create a new hosted zone with query logging and optional DNS records
      */
     constructor(scope: Construct, id: string, props: JaypieHostedZoneProps);
 }

package/dist/cjs/JaypieLambda.d.ts

@@ -73,7 +73,7 @@ export declare class JaypieLambda extends Construct implements lambda.IFunction
     get latestVersion(): lambda.IVersion;
     get permissionsNode(): import("constructs").Node;
     get resourceArnsForGrantInvoke(): string[];
-    get functionRef(): lambda.FunctionRef;
+    get functionRef(): lambda.FunctionReference;
     addEventSource(source: lambda.IEventSource): void;
     addEventSourceMapping(id: string, options: lambda.EventSourceMappingOptions): lambda.EventSourceMapping;
     addFunctionUrl(options?: lambda.FunctionUrlOptions): lambda.FunctionUrl;

package/dist/cjs/JaypieQueuedLambda.d.ts

@@ -27,7 +27,7 @@ export declare class JaypieQueuedLambda extends Construct implements lambda.IFun
     get latestVersion(): lambda.IVersion;
     get permissionsNode(): import("constructs").Node;
     get resourceArnsForGrantInvoke(): string[];
-    get functionRef(): lambda.FunctionRef;
+    get functionRef(): lambda.FunctionReference;
     addEventSource(source: lambda.IEventSource): void;
     addEventSourceMapping(id: string, options: lambda.EventSourceMappingOptions): lambda.EventSourceMapping;
     addFunctionUrl(options?: lambda.FunctionUrlOptions): lambda.FunctionUrl;

package/dist/cjs/JaypieSsoPermissions.d.ts

@@ -0,0 +1,95 @@
+import { Construct } from "constructs";
+import { CfnPermissionSet } from "aws-cdk-lib/aws-sso";
+/**
+ * Mapping of account IDs to permission set names
+ * Key: AWS account ID
+ * Value: Array of permission set names to assign to this account
+ */
+export interface AccountAssignments {
+    [accountId: string]: string[];
+}
+/**
+ * Properties for the JaypieSsoPermissions construct
+ */
+export interface JaypieSsoPermissionsProps {
+    /**
+     * ARN of the IAM Identity Center instance
+     * If not provided, SSO setup will be skipped
+     */
+    iamIdentityCenterArn?: string;
+    /**
+     * Google Workspace group GUID for administrators
+     * Example: "b4c8b438-4031-7000-782d-5046945fb956"
+     */
+    administratorGroupId?: string;
+    /**
+     * Google Workspace group GUID for analysts
+     * Example: "2488f4e8-d061-708e-abe1-c315f0e30005"
+     */
+    analystGroupId?: string;
+    /**
+     * Google Workspace group GUID for developers
+     * Example: "b438a4f8-e0e1-707c-c6e8-21841daf9ad1"
+     */
+    developerGroupId?: string;
+    /**
+     * Account assignments for administrator group
+     * Maps account IDs to arrays of permission set names
+     * Example:
+     * {
+     *   "211125635435": ["Administrator", "Analyst"],
+     *   "381492033431": ["Administrator"],
+     * }
+     */
+    administratorAccountAssignments?: AccountAssignments;
+    /**
+     * Account assignments for analyst group
+     * Maps account IDs to arrays of permission set names
+     * Example:
+     * {
+     *   "211125635435": ["Analyst"],
+     *   "381492033431": ["Analyst"],
+     * }
+     */
+    analystAccountAssignments?: AccountAssignments;
+    /**
+     * Account assignments for developer group
+     * Maps account IDs to arrays of permission set names
+     * Example:
+     * {
+     *   "211125635435": ["Developer"],
+     * }
+     */
+    developerAccountAssignments?: AccountAssignments;
+}
+/**
+ * JaypieSsoPermissions Construct
+ *
+ * Creates and manages AWS IAM Identity Center (SSO) permission sets and assignments
+ *
+ * @example
+ * const permissionSets = new JaypieSsoPermissions(this, "PermissionSets", {
+ *   iamIdentityCenterArn: "arn:aws:sso:::instance/...",
+ *   administratorGroupId: "b4c8b438-4031-7000-782d-5046945fb956",
+ *   analystGroupId: "2488f4e8-d061-708e-abe1-c315f0e30005",
+ *   developerGroupId: "b438a4f8-e0e1-707c-c6e8-21841daf9ad1",
+ *   administratorAccountAssignments: {
+ *     "211125635435": ["Administrator", "Analyst", "Developer"],
+ *     "381492033431": ["Administrator", "Analyst"],
+ *   },
+ *   analystAccountAssignments: {
+ *     "211125635435": ["Analyst", "Developer"],
+ *     "381492033431": [],
+ *   },
+ *   developerAccountAssignments: {
+ *     "211125635435": ["Analyst", "Developer"],
+ *     "381492033431": [],
+ *   },
+ * });
+ */
+export declare class JaypieSsoPermissions extends Construct {
+    readonly administratorPermissionSet?: CfnPermissionSet;
+    readonly analystPermissionSet?: CfnPermissionSet;
+    readonly developerPermissionSet?: CfnPermissionSet;
+    constructor(scope: Construct, id: string, props: JaypieSsoPermissionsProps);
+}

package/dist/cjs/JaypieSsoSyncApplication.d.ts

@@ -0,0 +1,27 @@
+import { Construct } from "constructs";
+import { CfnApplication } from "aws-cdk-lib/aws-sam";
+export interface JaypieSsoSyncApplicationProps {
+    googleAdminEmail?: string;
+    googleAdminEmailEnvKey?: string;
+    googleCredentials?: string;
+    googleCredentialsEnvKey?: string;
+    googleGroupMatch?: string;
+    googleGroupMatchEnvKey?: string;
+    identityStoreId?: string;
+    identityStoreIdEnvKey?: string;
+    scimEndpointAccessToken?: string;
+    scimEndpointAccessTokenEnvKey?: string;
+    scimEndpointUrl?: string;
+    scimEndpointUrlEnvKey?: string;
+    semanticVersion?: string;
+    semanticVersionEnvKey?: string;
+    ssoSyncApplicationId?: string;
+    tags?: {
+        [key: string]: string;
+    };
+}
+export declare class JaypieSsoSyncApplication extends Construct {
+    private readonly _application;
+    constructor(scope: Construct, id?: string, props?: JaypieSsoSyncApplicationProps);
+    get application(): CfnApplication;
+}

package/dist/cjs/JaypieWebDeploymentBucket.d.ts

@@ -79,4 +79,5 @@ export declare class JaypieWebDeploymentBucket extends Construct implements s3.I
     get stack(): any;
     get env(): any;
     applyRemovalPolicy(policy: RemovalPolicy): void;
+    get bucketRef(): s3.BucketReference;
 }

package/dist/cjs/__tests__/JaypieSsoSyncApplication.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/cjs/helpers/__tests__/resolveDatadogForwarderFunction.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/cjs/helpers/__tests__/resolveDatadogLoggingDestination.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/cjs/helpers/index.d.ts

@@ -5,6 +5,8 @@ export { constructTagger } from "./constructTagger";
 export { envHostname } from "./envHostname";
 export { isEnv, isProductionEnv, isSandboxEnv } from "./isEnv";
 export { jaypieLambdaEnv } from "./jaypieLambdaEnv";
+export { resolveDatadogForwarderFunction } from "./resolveDatadogForwarderFunction";
 export { resolveDatadogLayers } from "./resolveDatadogLayers";
+export { resolveDatadogLoggingDestination } from "./resolveDatadogLoggingDestination";
 export { resolveHostedZone } from "./resolveHostedZone";
 export { resolveParamsAndSecrets } from "./resolveParamsAndSecrets";

package/dist/cjs/helpers/resolveDatadogForwarderFunction.d.ts

@@ -0,0 +1,7 @@
+import * as lambda from "aws-cdk-lib/aws-lambda";
+import { Construct } from "constructs";
+export interface ResolveDatadogForwarderFunctionOptions {
+    import?: string;
+    name?: string;
+}
+export declare function resolveDatadogForwarderFunction(scope: Construct, options?: ResolveDatadogForwarderFunctionOptions): lambda.IFunction;

package/dist/cjs/helpers/resolveDatadogLoggingDestination.d.ts

@@ -0,0 +1,4 @@
+import * as logDestinations from "aws-cdk-lib/aws-logs-destinations";
+import { Construct } from "constructs";
+import { ResolveDatadogForwarderFunctionOptions } from "./resolveDatadogForwarderFunction";
+export declare function resolveDatadogLoggingDestination(scope: Construct, options?: ResolveDatadogForwarderFunctionOptions): logDestinations.LambdaDestination;