@jaypie/constructs 1.1.62-rc.0 → 1.1.62-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/dist/cjs/JaypieLambda.d.ts +4 -4
  2. package/dist/cjs/index.cjs +35 -24
  3. package/dist/cjs/index.cjs.map +1 -1
  4. package/dist/esm/JaypieLambda.d.ts +4 -4
  5. package/dist/esm/index.js +32 -21
  6. package/dist/esm/index.js.map +1 -1
  7. package/package.json +1 -1
  8. package/dist/cjs/JaypieSsoGroups.d.ts +0 -121
  9. package/dist/cjs/__tests__/JaypieSsoGroups.spec.d.ts +0 -1
  10. package/dist/cjs/helpers/addDatadogLayer.d.ts +0 -5
  11. package/dist/cjs/helpers/addParamsAndSecrets.d.ts +0 -12
  12. package/dist/cjs/helpers/projectEnvName.d.ts +0 -5
  13. package/dist/cjs/helpers/stackTagger.d.ts +0 -4
  14. package/dist/esm/JaypieSsoGroups.d.ts +0 -121
  15. package/dist/esm/__tests__/JaypieSsoGroups.spec.d.ts +0 -1
  16. package/dist/esm/helpers/addDatadogLayer.d.ts +0 -5
  17. package/dist/esm/helpers/addParamsAndSecrets.d.ts +0 -12
  18. package/dist/esm/helpers/projectEnvName.d.ts +0 -5
  19. package/dist/esm/helpers/stackTagger.d.ts +0 -4
package/dist/esm/JaypieLambda.d.ts CHANGED
@@ -1,9 +1,10 @@
1
1
  import { Construct } from "constructs";
2
2
  import { Duration, Stack, RemovalPolicy } from "aws-cdk-lib";
3
3
  import * as lambda from "aws-cdk-lib/aws-lambda";
4
- import * as iam from "aws-cdk-lib/aws-iam";
5
4
  import * as cloudwatch from "aws-cdk-lib/aws-cloudwatch";
6
5
  import * as ec2 from "aws-cdk-lib/aws-ec2";
6
+ import * as iam from "aws-cdk-lib/aws-iam";
7
+ import * as logs from "aws-cdk-lib/aws-logs";
7
8
  import * as secretsmanager from "aws-cdk-lib/aws-secretsmanager";
8
9
  import { JaypieEnvSecret } from "./JaypieEnvSecret.js";
9
10
  export interface JaypieLambdaProps {
@@ -27,9 +28,8 @@ export interface JaypieLambdaProps {
27
28
  handler: string;
28
29
  initialPolicy?: iam.PolicyStatement[];
29
30
  layers?: lambda.ILayerVersion[];
30
- logRetention?: number;
31
- logRetentionRole?: iam.IRole;
32
- logRetentionRetryOptions?: lambda.LogRetentionRetryOptions;
31
+ logGroup?: logs.ILogGroup;
32
+ logRetention?: logs.RetentionDays | number;
33
33
  maxEventAge?: Duration;
34
34
  memorySize?: number;
35
35
  paramsAndSecrets?: lambda.ParamsAndSecretsLayerVersion | boolean;
package/dist/esm/index.js CHANGED
@@ -18,11 +18,12 @@ import * as s3n from 'aws-cdk-lib/aws-s3-notifications';
18
18
  import { LambdaDestination } from 'aws-cdk-lib/aws-s3-notifications';
19
19
  import * as sqs from 'aws-cdk-lib/aws-sqs';
20
20
  import * as lambdaEventSources from 'aws-cdk-lib/aws-lambda-event-sources';
21
+ import * as logs from 'aws-cdk-lib/aws-logs';
22
+ import { LogGroup, RetentionDays, FilterPattern } from 'aws-cdk-lib/aws-logs';
21
23
  import { Rule, RuleTargetInput } from 'aws-cdk-lib/aws-events';
22
24
  import { LambdaFunction } from 'aws-cdk-lib/aws-events-targets';
23
25
  import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
24
26
  import * as origins from 'aws-cdk-lib/aws-cloudfront-origins';
25
- import { LogGroup, RetentionDays, FilterPattern } from 'aws-cdk-lib/aws-logs';
26
27
  import { Nextjs } from 'cdk-nextjs-standalone';
27
28
  import * as path from 'path';
28
29
  import { Trail, ReadWriteType } from 'aws-cdk-lib/aws-cloudtrail';
@@ -869,7 +870,7 @@ class JaypieAppStack extends JaypieStack {
869
870
  class JaypieLambda extends Construct {
870
871
  constructor(scope, id, props) {
871
872
  super(scope, id);
872
- const { allowAllOutbound, allowPublicSubnet, architecture = lambda.Architecture.X86_64, code, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment: initialEnvironment = {}, envSecrets = {}, ephemeralStorageSize, filesystem, handler = "index.handler", initialPolicy, layers = [], logRetention = CDK$2.LAMBDA.LOG_RETENTION, logRetentionRole, logRetentionRetryOptions, maxEventAge, memorySize = CDK$2.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag = CDK$2.ROLE.PROCESSING, runtime = lambda.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = Duration.seconds(CDK$2.DURATION.LAMBDA_WORKER), tracing, vendorTag, vpc, vpcSubnets, } = props;
873
+ const { allowAllOutbound, allowPublicSubnet, architecture = lambda.Architecture.X86_64, code, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment: initialEnvironment = {}, envSecrets = {}, ephemeralStorageSize, filesystem, handler = "index.handler", initialPolicy, layers = [], logGroup, logRetention = CDK$2.LAMBDA.LOG_RETENTION, maxEventAge, memorySize = CDK$2.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag = CDK$2.ROLE.PROCESSING, runtime = lambda.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = Duration.seconds(CDK$2.DURATION.LAMBDA_WORKER), tracing, vendorTag, vpc, vpcSubnets, } = props;
873
874
  // Get base environment with defaults
874
875
  const environment = jaypieLambdaEnv({ initialEnvironment });
875
876
  const codeAsset = typeof code === "string" ? lambda.Code.fromAsset(code) : code;
@@ -895,6 +896,12 @@ class JaypieLambda extends Construct {
895
896
  paramsAndSecrets,
896
897
  options: paramsAndSecretsOptions,
897
898
  });
899
+ // Create LogGroup if not provided
900
+ const resolvedLogGroup = logGroup ??
901
+ new logs.LogGroup(this, "LogGroup", {
902
+ retention: logRetention,
903
+ removalPolicy: RemovalPolicy.DESTROY,
904
+ });
898
905
  // Create Lambda Function
899
906
  this._lambda = new lambda.Function(this, "Function", {
900
907
  allowAllOutbound,
@@ -915,9 +922,7 @@ class JaypieLambda extends Construct {
915
922
  handler,
916
923
  initialPolicy,
917
924
  layers: resolvedLayers,
918
- logRetention,
919
- logRetentionRole,
920
- logRetentionRetryOptions,
925
+ logGroup: resolvedLogGroup,
921
926
  maxEventAge,
922
927
  memorySize,
923
928
  paramsAndSecrets: resolvedParamsAndSecrets,
@@ -1088,7 +1093,7 @@ class JaypieLambda extends Construct {
1088
1093
  class JaypieQueuedLambda extends Construct {
1089
1094
  constructor(scope, id, props) {
1090
1095
  super(scope, id);
1091
- const { allowAllOutbound, allowPublicSubnet, architecture, batchSize = 1, code, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment = {}, envSecrets = {}, ephemeralStorageSize, fifo = true, filesystem, handler = "index.handler", initialPolicy, layers = [], logRetention = CDK$2.LAMBDA.LOG_RETENTION, logRetentionRole, logRetentionRetryOptions, maxEventAge, memorySize = CDK$2.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag, runtime = lambda.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = Duration.seconds(CDK$2.DURATION.LAMBDA_WORKER), tracing, vendorTag, visibilityTimeout = Duration.seconds(CDK$2.DURATION.LAMBDA_WORKER), vpc, vpcSubnets, } = props;
1096
+ const { allowAllOutbound, allowPublicSubnet, architecture, batchSize = 1, code, datadogApiKeyArn, deadLetterQueue, deadLetterQueueEnabled, deadLetterTopic, description, environment = {}, envSecrets = {}, ephemeralStorageSize, fifo = true, filesystem, handler = "index.handler", initialPolicy, layers = [], logGroup, logRetention = CDK$2.LAMBDA.LOG_RETENTION, maxEventAge, memorySize = CDK$2.LAMBDA.MEMORY_SIZE, paramsAndSecrets, paramsAndSecretsOptions, profiling, profilingGroup, provisionedConcurrentExecutions, reservedConcurrentExecutions, retryAttempts, roleTag, runtime = lambda.Runtime.NODEJS_22_X, runtimeManagementMode, secrets = [], securityGroups, timeout = Duration.seconds(CDK$2.DURATION.LAMBDA_WORKER), tracing, vendorTag, visibilityTimeout = Duration.seconds(CDK$2.DURATION.LAMBDA_WORKER), vpc, vpcSubnets, } = props;
1092
1097
  // Create SQS Queue
1093
1098
  this._queue = new sqs.Queue(this, "Queue", {
1094
1099
  fifo,
@@ -1123,9 +1128,8 @@ class JaypieQueuedLambda extends Construct {
1123
1128
  handler,
1124
1129
  initialPolicy,
1125
1130
  layers,
1131
+ logGroup,
1126
1132
  logRetention,
1127
- logRetentionRole,
1128
- logRetentionRetryOptions,
1129
1133
  maxEventAge,
1130
1134
  memorySize,
1131
1135
  paramsAndSecrets,
@@ -1631,7 +1635,7 @@ class JaypieDatadogForwarder extends Construct {
1631
1635
  class JaypieDistribution extends Construct {
1632
1636
  constructor(scope, id, props) {
1633
1637
  super(scope, id);
1634
- const { certificate: certificateProp = true, handler, host: propsHost, invokeMode = lambda.InvokeMode.BUFFERED, roleTag = CDK$2.ROLE.HOSTING, zone: propsZone, defaultBehavior: propsDefaultBehavior, ...distributionProps } = props;
1638
+ const { certificate: certificateProp = true, handler, host: propsHost, invokeMode = lambda.InvokeMode.BUFFERED, roleTag = CDK$2.ROLE.API, zone: propsZone, defaultBehavior: propsDefaultBehavior, ...distributionProps } = props;
1635
1639
  // Validate environment variables
1636
1640
  if (process.env.CDK_ENV_API_SUBDOMAIN &&
1637
1641
  !isValidSubdomain(process.env.CDK_ENV_API_SUBDOMAIN)) {
@@ -1667,9 +1671,7 @@ class JaypieDistribution extends Construct {
1667
1671
  }
1668
1672
  this.host = host;
1669
1673
  // Determine zone from props or environment
1670
- const zone = propsZone ||
1671
- process.env.CDK_ENV_API_HOSTED_ZONE ||
1672
- process.env.CDK_ENV_HOSTED_ZONE;
1674
+ const zone = propsZone || process.env.CDK_ENV_HOSTED_ZONE;
1673
1675
  // Resolve the origin from handler
1674
1676
  // Check order matters: IFunctionUrl before IOrigin (FunctionUrl also has bind method)
1675
1677
  // IFunction before IFunctionUrl (IFunction doesn't have functionUrlId)
@@ -1701,7 +1703,7 @@ class JaypieDistribution extends Construct {
1701
1703
  defaultBehavior = {
1702
1704
  cachePolicy: cloudfront.CachePolicy.CACHING_DISABLED,
1703
1705
  origin,
1704
- originRequestPolicy: cloudfront.OriginRequestPolicy.ALL_VIEWER_EXCEPT_HOST_HEADER,
1706
+ originRequestPolicy: cloudfront.OriginRequestPolicy.ALL_VIEWER,
1705
1707
  viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
1706
1708
  };
1707
1709
  }
@@ -1742,14 +1744,20 @@ class JaypieDistribution extends Construct {
1742
1744
  this.distributionDomainName = this.distribution.distributionDomainName;
1743
1745
  this.distributionId = this.distribution.distributionId;
1744
1746
  this.domainName = this.distribution.domainName;
1745
- // Create DNS record if we have host and zone
1747
+ // Create DNS records if we have host and zone
1746
1748
  if (host && hostedZone) {
1747
- const record = new route53.ARecord(this, "AliasRecord", {
1749
+ const aRecord = new route53.ARecord(this, "AliasRecord", {
1748
1750
  recordName: host,
1749
1751
  target: route53.RecordTarget.fromAlias(new route53Targets.CloudFrontTarget(this.distribution)),
1750
1752
  zone: hostedZone,
1751
1753
  });
1752
- Tags.of(record).add(CDK$2.TAG.ROLE, CDK$2.ROLE.NETWORKING);
1754
+ Tags.of(aRecord).add(CDK$2.TAG.ROLE, CDK$2.ROLE.NETWORKING);
1755
+ const aaaaRecord = new route53.AaaaRecord(this, "AaaaAliasRecord", {
1756
+ recordName: host,
1757
+ target: route53.RecordTarget.fromAlias(new route53Targets.CloudFrontTarget(this.distribution)),
1758
+ zone: hostedZone,
1759
+ });
1760
+ Tags.of(aaaaRecord).add(CDK$2.TAG.ROLE, CDK$2.ROLE.NETWORKING);
1753
1761
  }
1754
1762
  }
1755
1763
  // Type guards for handler types
@@ -2943,7 +2951,7 @@ class JaypieWebDeploymentBucket extends Construct {
2943
2951
  this.bucket = new s3.Bucket(this, "DestinationBucket", {
2944
2952
  accessControl: s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL,
2945
2953
  autoDeleteObjects: true,
2946
- blockPublicAccess: s3.BlockPublicAccess.BLOCK_ACLS,
2954
+ blockPublicAccess: s3.BlockPublicAccess.BLOCK_ACLS_ONLY,
2947
2955
  bucketName: props.name || constructEnvName("web"),
2948
2956
  publicReadAccess: true,
2949
2957
  removalPolicy: RemovalPolicy.DESTROY,
@@ -2996,11 +3004,14 @@ class JaypieWebDeploymentBucket extends Construct {
2996
3004
  actions: ["s3:ListBucket"],
2997
3005
  resources: [this.bucket.bucketArn],
2998
3006
  }));
2999
- // Allow the role to deploy CDK apps
3007
+ // Allow the role to describe the current stack
3008
+ const stack = Stack.of(this);
3000
3009
  bucketDeployRole.addToPolicy(new PolicyStatement({
3001
3010
  actions: ["cloudformation:DescribeStacks"],
3002
3011
  effect: Effect.ALLOW,
3003
- resources: ["*"], // TODO: restrict to this stack
3012
+ resources: [
3013
+ `arn:aws:cloudformation:${stack.region}:${stack.account}:stack/${stack.stackName}/*`,
3014
+ ],
3004
3015
  }));
3005
3016
  this.deployRoleArn = bucketDeployRole.roleArn;
3006
3017
  // Output the deploy role ARN
@@ -3033,7 +3044,7 @@ class JaypieWebDeploymentBucket extends Construct {
3033
3044
  this.distribution = new cloudfront.Distribution(this, "Distribution", {
3034
3045
  defaultBehavior: {
3035
3046
  cachePolicy: cloudfront.CachePolicy.CACHING_DISABLED,
3036
- origin: new origins.S3Origin(this.bucket),
3047
+ origin: new origins.S3StaticWebsiteOrigin(this.bucket),
3037
3048
  viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
3038
3049
  },
3039
3050
  certificate: this.certificate,
@@ -3042,7 +3053,7 @@ class JaypieWebDeploymentBucket extends Construct {
3042
3053
  Tags.of(this.distribution).add(CDK$2.TAG.ROLE, roleTag);
3043
3054
  // If this is production, enable caching on everything but index.html
3044
3055
  if (isProductionEnv()) {
3045
- this.distribution.addBehavior("/*", new origins.S3Origin(this.bucket), {
3056
+ this.distribution.addBehavior("/*", new origins.S3StaticWebsiteOrigin(this.bucket), {
3046
3057
  viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
3047
3058
  cachePolicy: cloudfront.CachePolicy.CACHING_OPTIMIZED,
3048
3059
  });