@jaypie/constructs 1.1.62-rc.0 → 1.1.62-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/dist/cjs/JaypieLambda.d.ts +4 -4
  2. package/dist/cjs/index.cjs +35 -24
  3. package/dist/cjs/index.cjs.map +1 -1
  4. package/dist/esm/JaypieLambda.d.ts +4 -4
  5. package/dist/esm/index.js +32 -21
  6. package/dist/esm/index.js.map +1 -1
  7. package/package.json +1 -1
  8. package/dist/cjs/JaypieSsoGroups.d.ts +0 -121
  9. package/dist/cjs/__tests__/JaypieSsoGroups.spec.d.ts +0 -1
  10. package/dist/cjs/helpers/addDatadogLayer.d.ts +0 -5
  11. package/dist/cjs/helpers/addParamsAndSecrets.d.ts +0 -12
  12. package/dist/cjs/helpers/projectEnvName.d.ts +0 -5
  13. package/dist/cjs/helpers/stackTagger.d.ts +0 -4
  14. package/dist/esm/JaypieSsoGroups.d.ts +0 -121
  15. package/dist/esm/__tests__/JaypieSsoGroups.spec.d.ts +0 -1
  16. package/dist/esm/helpers/addDatadogLayer.d.ts +0 -5
  17. package/dist/esm/helpers/addParamsAndSecrets.d.ts +0 -12
  18. package/dist/esm/helpers/projectEnvName.d.ts +0 -5
  19. package/dist/esm/helpers/stackTagger.d.ts +0 -4
package/dist/cjs/JaypieLambda.d.ts CHANGED
@@ -1,9 +1,10 @@
1
1
  import { Construct } from "constructs";
2
2
  import { Duration, Stack, RemovalPolicy } from "aws-cdk-lib";
3
3
  import * as lambda from "aws-cdk-lib/aws-lambda";
4
- import * as iam from "aws-cdk-lib/aws-iam";
5
4
  import * as cloudwatch from "aws-cdk-lib/aws-cloudwatch";
6
5
  import * as ec2 from "aws-cdk-lib/aws-ec2";
6
+ import * as iam from "aws-cdk-lib/aws-iam";
7
+ import * as logs from "aws-cdk-lib/aws-logs";
7
8
  import * as secretsmanager from "aws-cdk-lib/aws-secretsmanager";
8
9
  import { JaypieEnvSecret } from "./JaypieEnvSecret.js";
9
10
  export interface JaypieLambdaProps {
@@ -27,9 +28,8 @@ export interface JaypieLambdaProps {
27
28
  handler: string;
28
29
  initialPolicy?: iam.PolicyStatement[];
29
30
  layers?: lambda.ILayerVersion[];
30
- logRetention?: number;
31
- logRetentionRole?: iam.IRole;
32
- logRetentionRetryOptions?: lambda.LogRetentionRetryOptions;
31
+ logGroup?: logs.ILogGroup;
32
+ logRetention?: logs.RetentionDays | number;
33
33
  maxEventAge?: Duration;
34
34
  memorySize?: number;
35
35
  paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion | boolean;
package/dist/cjs/index.cjs CHANGED
@@ -16,11 +16,11 @@ var logDestinations = require('aws-cdk-lib/aws-logs-destinations');
16
16
  var s3n = require('aws-cdk-lib/aws-s3-notifications');
17
17
  var sqs = require('aws-cdk-lib/aws-sqs');
18
18
  var lambdaEventSources = require('aws-cdk-lib/aws-lambda-event-sources');
19
+ var logs = require('aws-cdk-lib/aws-logs');
19
20
  var awsEvents = require('aws-cdk-lib/aws-events');
20
21
  var awsEventsTargets = require('aws-cdk-lib/aws-events-targets');
21
22
  var cloudfront = require('aws-cdk-lib/aws-cloudfront');
22
23
  var origins = require('aws-cdk-lib/aws-cloudfront-origins');
23
- var awsLogs = require('aws-cdk-lib/aws-logs');
24
24
  var cdkNextjsStandalone = require('cdk-nextjs-standalone');
25
25
  var path = require('path');
26
26
  var awsCloudtrail = require('aws-cdk-lib/aws-cloudtrail');
@@ -56,6 +56,7 @@ var logDestinations__namespace = /*#__PURE__*/_interopNamespaceDefault(logDestin
56
56
  var s3n__namespace = /*#__PURE__*/_interopNamespaceDefault(s3n);
57
57
  var sqs__namespace = /*#__PURE__*/_interopNamespaceDefault(sqs);
58
58
  var lambdaEventSources__namespace = /*#__PURE__*/_interopNamespaceDefault(lambdaEventSources);
59
+ var logs__namespace = /*#__PURE__*/_interopNamespaceDefault(logs);
59
60
  var cloudfront__namespace = /*#__PURE__*/_interopNamespaceDefault(cloudfront);
60
61
  var origins__namespace = /*#__PURE__*/_interopNamespaceDefault(origins);
61
62
  var path__namespace = /*#__PURE__*/_interopNamespaceDefault(path);
@@ -900,7 +901,7 @@ class JaypieAppStack extends JaypieStack {
900
901
  class JaypieLambda extends constructs.Construct {
901
902
  constructor(scope, id, props) {
902
903
  super(scope, id);
903
- const { allowAllOutbound, allowPublicSubnet, architecture = lambda__namespace.Architecture.X86_64, code, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment: initialEnvironment = {}, envSecrets = {}, ephemeralStorageSize, filesystem, handler = "index.handler", initialPolicy, layers = [], logRetention = CDK$2.LAMBDA.LOG_RETENTION, logRetentionRole, logRetentionRetryOptions, maxEventAge, memorySize = CDK$2.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag = CDK$2.ROLE.PROCESSING, runtime = lambda__namespace.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = cdk.Duration.seconds(CDK$2.DURATION.LAMBDA_WORKER), tracing, vendorTag, vpc, vpcSubnets, } = props;
904
+ const { allowAllOutbound, allowPublicSubnet, architecture = lambda__namespace.Architecture.X86_64, code, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment: initialEnvironment = {}, envSecrets = {}, ephemeralStorageSize, filesystem, handler = "index.handler", initialPolicy, layers = [], logGroup, logRetention = CDK$2.LAMBDA.LOG_RETENTION, maxEventAge, memorySize = CDK$2.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag = CDK$2.ROLE.PROCESSING, runtime = lambda__namespace.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = cdk.Duration.seconds(CDK$2.DURATION.LAMBDA_WORKER), tracing, vendorTag, vpc, vpcSubnets, } = props;
904
905
  // Get base environment with defaults
905
906
  const environment = jaypieLambdaEnv({ initialEnvironment });
906
907
  const codeAsset = typeof code === "string" ? lambda__namespace.Code.fromAsset(code) : code;
@@ -926,6 +927,12 @@ class JaypieLambda extends constructs.Construct {
926
927
  paramsAndSecrets,
927
928
  options: paramsAndSecretsOptions,
928
929
  });
930
+ // Create LogGroup if not provided
931
+ const resolvedLogGroup = logGroup ??
932
+ new logs__namespace.LogGroup(this, "LogGroup", {
933
+ retention: logRetention,
934
+ removalPolicy: cdk.RemovalPolicy.DESTROY,
935
+ });
929
936
  // Create Lambda Function
930
937
  this._lambda = new lambda__namespace.Function(this, "Function", {
931
938
  allowAllOutbound,
@@ -946,9 +953,7 @@ class JaypieLambda extends constructs.Construct {
946
953
  handler,
947
954
  initialPolicy,
948
955
  layers: resolvedLayers,
949
- logRetention,
950
- logRetentionRole,
951
- logRetentionRetryOptions,
956
+ logGroup: resolvedLogGroup,
952
957
  maxEventAge,
953
958
  memorySize,
954
959
  paramsAndSecrets: resolvedParamsAndSecrets,
@@ -1119,7 +1124,7 @@ class JaypieLambda extends constructs.Construct {
1119
1124
  class JaypieQueuedLambda extends constructs.Construct {
1120
1125
  constructor(scope, id, props) {
1121
1126
  super(scope, id);
1122
- const { allowAllOutbound, allowPublicSubnet, architecture, batchSize = 1, code, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment = {}, envSecrets = {}, ephemeralStorageSize, fifo = true, filesystem, handler = "index.handler", initialPolicy, layers = [], logRetention = CDK$2.LAMBDA.LOG_RETENTION, logRetentionRole, logRetentionRetryOptions, maxEventAge, memorySize = CDK$2.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag, runtime = lambda__namespace.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = cdk.Duration.seconds(CDK$2.DURATION.LAMBDA_WORKER), tracing, vendorTag, visibilityTimeout = cdk.Duration.seconds(CDK$2.DURATION.LAMBDA_WORKER), vpc, vpcSubnets, } = props;
1127
+ const { allowAllOutbound, allowPublicSubnet, architecture, batchSize = 1, code, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment = {}, envSecrets = {}, ephemeralStorageSize, fifo = true, filesystem, handler = "index.handler", initialPolicy, layers = [], logGroup, logRetention = CDK$2.LAMBDA.LOG_RETENTION, maxEventAge, memorySize = CDK$2.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag, runtime = lambda__namespace.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = cdk.Duration.seconds(CDK$2.DURATION.LAMBDA_WORKER), tracing, vendorTag, visibilityTimeout = cdk.Duration.seconds(CDK$2.DURATION.LAMBDA_WORKER), vpc, vpcSubnets, } = props;
1123
1128
  // Create SQS Queue
1124
1129
  this._queue = new sqs__namespace.Queue(this, "Queue", {
1125
1130
  fifo,
@@ -1154,9 +1159,8 @@ class JaypieQueuedLambda extends constructs.Construct {
1154
1159
  handler,
1155
1160
  initialPolicy,
1156
1161
  layers,
1162
+ logGroup,
1157
1163
  logRetention,
1158
- logRetentionRole,
1159
- logRetentionRetryOptions,
1160
1164
  maxEventAge,
1161
1165
  memorySize,
1162
1166
  paramsAndSecrets,
@@ -1662,7 +1666,7 @@ class JaypieDatadogForwarder extends constructs.Construct {
1662
1666
  class JaypieDistribution extends constructs.Construct {
1663
1667
  constructor(scope, id, props) {
1664
1668
  super(scope, id);
1665
- const { certificate: certificateProp = true, handler, host: propsHost, invokeMode = lambda__namespace.InvokeMode.BUFFERED, roleTag = CDK$2.ROLE.HOSTING, zone: propsZone, defaultBehavior: propsDefaultBehavior, ...distributionProps } = props;
1669
+ const { certificate: certificateProp = true, handler, host: propsHost, invokeMode = lambda__namespace.InvokeMode.BUFFERED, roleTag = CDK$2.ROLE.API, zone: propsZone, defaultBehavior: propsDefaultBehavior, ...distributionProps } = props;
1666
1670
  // Validate environment variables
1667
1671
  if (process.env.CDK_ENV_API_SUBDOMAIN &&
1668
1672
  !isValidSubdomain(process.env.CDK_ENV_API_SUBDOMAIN)) {
@@ -1698,9 +1702,7 @@ class JaypieDistribution extends constructs.Construct {
1698
1702
  }
1699
1703
  this.host = host;
1700
1704
  // Determine zone from props or environment
1701
- const zone = propsZone ||
1702
- process.env.CDK_ENV_API_HOSTED_ZONE ||
1703
- process.env.CDK_ENV_HOSTED_ZONE;
1705
+ const zone = propsZone || process.env.CDK_ENV_HOSTED_ZONE;
1704
1706
  // Resolve the origin from handler
1705
1707
  // Check order matters: IFunctionUrl before IOrigin (FunctionUrl also has bind method)
1706
1708
  // IFunction before IFunctionUrl (IFunction doesn't have functionUrlId)
@@ -1732,7 +1734,7 @@ class JaypieDistribution extends constructs.Construct {
1732
1734
  defaultBehavior = {
1733
1735
  cachePolicy: cloudfront__namespace.CachePolicy.CACHING_DISABLED,
1734
1736
  origin,
1735
- originRequestPolicy: cloudfront__namespace.OriginRequestPolicy.ALL_VIEWER_EXCEPT_HOST_HEADER,
1737
+ originRequestPolicy: cloudfront__namespace.OriginRequestPolicy.ALL_VIEWER,
1736
1738
  viewerProtocolPolicy: cloudfront__namespace.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
1737
1739
  };
1738
1740
  }
@@ -1773,14 +1775,20 @@ class JaypieDistribution extends constructs.Construct {
1773
1775
  this.distributionDomainName = this.distribution.distributionDomainName;
1774
1776
  this.distributionId = this.distribution.distributionId;
1775
1777
  this.domainName = this.distribution.domainName;
1776
- // Create DNS record if we have host and zone
1778
+ // Create DNS records if we have host and zone
1777
1779
  if (host && hostedZone) {
1778
- const record = new route53__namespace.ARecord(this, "AliasRecord", {
1780
+ const aRecord = new route53__namespace.ARecord(this, "AliasRecord", {
1779
1781
  recordName: host,
1780
1782
  target: route53__namespace.RecordTarget.fromAlias(new route53Targets__namespace.CloudFrontTarget(this.distribution)),
1781
1783
  zone: hostedZone,
1782
1784
  });
1783
- cdk.Tags.of(record).add(CDK$2.TAG.ROLE, CDK$2.ROLE.NETWORKING);
1785
+ cdk.Tags.of(aRecord).add(CDK$2.TAG.ROLE, CDK$2.ROLE.NETWORKING);
1786
+ const aaaaRecord = new route53__namespace.AaaaRecord(this, "AaaaAliasRecord", {
1787
+ recordName: host,
1788
+ target: route53__namespace.RecordTarget.fromAlias(new route53Targets__namespace.CloudFrontTarget(this.distribution)),
1789
+ zone: hostedZone,
1790
+ });
1791
+ cdk.Tags.of(aaaaRecord).add(CDK$2.TAG.ROLE, CDK$2.ROLE.NETWORKING);
1784
1792
  }
1785
1793
  }
1786
1794
  // Type guards for handler types
@@ -2292,11 +2300,11 @@ class JaypieHostedZone extends constructs.Construct {
2292
2300
  const destination = props.destination ?? true;
2293
2301
  const service = props.service || CDK$2.SERVICE.INFRASTRUCTURE;
2294
2302
  // Create the log group
2295
- this.logGroup = new awsLogs.LogGroup(this, "LogGroup", {
2303
+ this.logGroup = new logs.LogGroup(this, "LogGroup", {
2296
2304
  logGroupName: process.env.PROJECT_NONCE
2297
2305
  ? `/aws/route53/${zoneName}-${process.env.PROJECT_NONCE}`
2298
2306
  : `/aws/route53/${zoneName}`,
2299
- retention: awsLogs.RetentionDays.ONE_WEEK,
2307
+ retention: logs.RetentionDays.ONE_WEEK,
2300
2308
  });
2301
2309
  // Add tags
2302
2310
  cdk__namespace.Tags.of(this.logGroup).add(CDK$2.TAG.SERVICE, service);
@@ -2313,7 +2321,7 @@ class JaypieHostedZone extends constructs.Construct {
2313
2321
  : destination;
2314
2322
  this.logGroup.addSubscriptionFilter("DatadogLambdaDestination", {
2315
2323
  destination: lambdaDestination,
2316
- filterPattern: awsLogs.FilterPattern.allEvents(),
2324
+ filterPattern: logs.FilterPattern.allEvents(),
2317
2325
  });
2318
2326
  }
2319
2327
  // Create the hosted zone
@@ -2974,7 +2982,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
2974
2982
  this.bucket = new s3__namespace.Bucket(this, "DestinationBucket", {
2975
2983
  accessControl: s3__namespace.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL,
2976
2984
  autoDeleteObjects: true,
2977
- blockPublicAccess: s3__namespace.BlockPublicAccess.BLOCK_ACLS,
2985
+ blockPublicAccess: s3__namespace.BlockPublicAccess.BLOCK_ACLS_ONLY,
2978
2986
  bucketName: props.name || constructEnvName("web"),
2979
2987
  publicReadAccess: true,
2980
2988
  removalPolicy: cdk.RemovalPolicy.DESTROY,
@@ -3027,11 +3035,14 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
3027
3035
  actions: ["s3:ListBucket"],
3028
3036
  resources: [this.bucket.bucketArn],
3029
3037
  }));
3030
- // Allow the role to deploy CDK apps
3038
+ // Allow the role to describe the current stack
3039
+ const stack = cdk.Stack.of(this);
3031
3040
  bucketDeployRole.addToPolicy(new awsIam.PolicyStatement({
3032
3041
  actions: ["cloudformation:DescribeStacks"],
3033
3042
  effect: awsIam.Effect.ALLOW,
3034
- resources: ["*"], // TODO: restrict to this stack
3043
+ resources: [
3044
+ `arn:aws:cloudformation:${stack.region}:${stack.account}:stack/${stack.stackName}/*`,
3045
+ ],
3035
3046
  }));
3036
3047
  this.deployRoleArn = bucketDeployRole.roleArn;
3037
3048
  // Output the deploy role ARN
@@ -3064,7 +3075,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
3064
3075
  this.distribution = new cloudfront__namespace.Distribution(this, "Distribution", {
3065
3076
  defaultBehavior: {
3066
3077
  cachePolicy: cloudfront__namespace.CachePolicy.CACHING_DISABLED,
3067
- origin: new origins__namespace.S3Origin(this.bucket),
3078
+ origin: new origins__namespace.S3StaticWebsiteOrigin(this.bucket),
3068
3079
  viewerProtocolPolicy: cloudfront__namespace.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
3069
3080
  },
3070
3081
  certificate: this.certificate,
@@ -3073,7 +3084,7 @@ class JaypieWebDeploymentBucket extends constructs.Construct {
3073
3084
  cdk.Tags.of(this.distribution).add(CDK$2.TAG.ROLE, roleTag);
3074
3085
  // If this is production, enable caching on everything but index.html
3075
3086
  if (isProductionEnv()) {
3076
- this.distribution.addBehavior("/*", new origins__namespace.S3Origin(this.bucket), {
3087
+ this.distribution.addBehavior("/*", new origins__namespace.S3StaticWebsiteOrigin(this.bucket), {
3077
3088
  viewerProtocolPolicy: cloudfront__namespace.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
3078
3089
  cachePolicy: cloudfront__namespace.CachePolicy.CACHING_OPTIMIZED,
3079
3090
  });