@jaypie/constructs 1.2.33 → 1.2.34

package/dist/cjs/JaypieDynamoDb.d.ts

@@ -89,6 +89,7 @@ export declare class JaypieDynamoDb extends Construct implements dynamodb.ITable
     get tableRef(): dynamodb.TableReference;
     get tableStreamArn(): string | undefined;
     get encryptionKey(): import("aws-cdk-lib/aws-kms").IKey | undefined;
+    get grants(): dynamodb.TableGrants;
     applyRemovalPolicy(policy: RemovalPolicy): void;
     grant(grantee: import("aws-cdk-lib/aws-iam").IGrantable, ...actions: string[]): import("aws-cdk-lib/aws-iam").Grant;
     grantFullAccess(grantee: import("aws-cdk-lib/aws-iam").IGrantable): import("aws-cdk-lib/aws-iam").Grant;

package/dist/cjs/JaypieMigration.d.ts

@@ -0,0 +1,21 @@
+import { Construct } from "constructs";
+import * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import * as lambda from "aws-cdk-lib/aws-lambda";
+import { JaypieLambda } from "./JaypieLambda";
+import type { SecretsArrayItem } from "./helpers/index.js";
+export interface JaypieMigrationProps {
+    /** Path to the bundled migration code (esbuild output directory) */
+    code: lambda.Code | string;
+    /** Constructs that must be created before the migration runs */
+    dependencies?: Construct[];
+    /** Lambda handler entry point */
+    handler?: string;
+    /** Secrets to make available to the migration Lambda */
+    secrets?: SecretsArrayItem[];
+    /** DynamoDB tables to grant read/write access */
+    tables?: dynamodb.ITable[];
+}
+export declare class JaypieMigration extends Construct {
+    readonly lambda: JaypieLambda;
+    constructor(scope: Construct, id: string, props: JaypieMigrationProps);
+}

package/dist/cjs/__tests__/JaypieMigration.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/cjs/index.cjs

@@ -24,6 +24,7 @@ var origins = require('aws-cdk-lib/aws-cloudfront-origins');
 var wafv2 = require('aws-cdk-lib/aws-wafv2');
 var dynamodb = require('aws-cdk-lib/aws-dynamodb');
 var fabric = require('@jaypie/fabric');
+var cr = require('aws-cdk-lib/custom-resources');
 var cdkNextjsStandalone = require('cdk-nextjs-standalone');
 var path = require('path');
 var awsAccessanalyzer = require('aws-cdk-lib/aws-accessanalyzer');
@@ -67,6 +68,7 @@ var cloudfront__namespace = /*#__PURE__*/_interopNamespaceDefault(cloudfront);
 var origins__namespace = /*#__PURE__*/_interopNamespaceDefault(origins);
 var wafv2__namespace = /*#__PURE__*/_interopNamespaceDefault(wafv2);
 var dynamodb__namespace = /*#__PURE__*/_interopNamespaceDefault(dynamodb);
+var cr__namespace = /*#__PURE__*/_interopNamespaceDefault(cr);
 var path__namespace = /*#__PURE__*/_interopNamespaceDefault(path);
 var apigatewayv2__namespace = /*#__PURE__*/_interopNamespaceDefault(apigatewayv2);
 var apigatewayv2Integrations__namespace = /*#__PURE__*/_interopNamespaceDefault(apigatewayv2Integrations);
@@ -2702,7 +2704,6 @@ class JaypieDistribution extends constructs.Construct {
             if (wafLogBucketProp === true) {
                 // Create inline WAF logging bucket with Datadog forwarding
                 const createdBucket = new s3__namespace.Bucket(this, constructEnvName("WafLogBucket"), {
-                    autoDeleteObjects: true,
                     bucketName: `aws-waf-logs-${constructEnvName("waf").toLowerCase()}`,
                     lifecycleRules: [
                         {
@@ -2716,7 +2717,7 @@ class JaypieDistribution extends constructs.Construct {
                         },
                     ],
                     objectOwnership: s3__namespace.ObjectOwnership.OBJECT_WRITER,
-                    removalPolicy: cdk.RemovalPolicy.DESTROY,
+                    removalPolicy: cdk.RemovalPolicy.RETAIN,
                 });
                 cdk.Tags.of(createdBucket).add(CDK$2.TAG.ROLE, CDK$2.ROLE.MONITORING);
                 // Add Datadog forwarder notification
@@ -3059,6 +3060,9 @@ class JaypieDynamoDb extends constructs.Construct {
     get encryptionKey() {
         return this._table.encryptionKey;
     }
+    get grants() {
+        return this._table.grants;
+    }
     applyRemovalPolicy(policy) {
         this._table.applyRemovalPolicy(policy);
     }
@@ -3417,6 +3421,35 @@ class JaypieInfrastructureStack extends JaypieStack {
     }
 }
 
+class JaypieMigration extends constructs.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const { code, dependencies = [], handler = "index.handler", secrets = [], tables = [], } = props;
+        // Migration Lambda — 5 minute timeout for long-running migrations
+        this.lambda = new JaypieLambda(this, "MigrationLambda", {
+            code,
+            description: "DynamoDB migration custom resource",
+            handler,
+            roleTag: CDK$2.ROLE.PROCESSING,
+            secrets,
+            tables,
+            timeout: cdk__namespace.Duration.minutes(5),
+        });
+        // Custom Resource provider wrapping the Lambda
+        const provider = new cr__namespace.Provider(this, "MigrationProvider", {
+            onEventHandler: this.lambda,
+        });
+        // Custom Resource that triggers on every deploy
+        const resource = new cdk__namespace.CustomResource(this, "MigrationResource", {
+            serviceToken: provider.serviceToken,
+        });
+        // Ensure dependencies are created before the migration runs
+        for (const dep of dependencies) {
+            resource.node.addDependency(dep);
+        }
+    }
+}
+
 class JaypieMongoDbSecret extends JaypieEnvSecret {
     constructor(scope, id = "MongoConnectionString", props) {
         const defaultProps = {
@@ -4785,6 +4818,7 @@ exports.JaypieGitHubDeployRole = JaypieGitHubDeployRole;
 exports.JaypieHostedZone = JaypieHostedZone;
 exports.JaypieInfrastructureStack = JaypieInfrastructureStack;
 exports.JaypieLambda = JaypieLambda;
+exports.JaypieMigration = JaypieMigration;
 exports.JaypieMongoDbSecret = JaypieMongoDbSecret;
 exports.JaypieNextJs = JaypieNextJs;
 exports.JaypieOpenAiSecret = JaypieOpenAiSecret;