@jaypie/constructs 1.2.38 → 1.2.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/JaypieDistribution.d.ts +11 -0
- package/dist/cjs/JaypieMigration.d.ts +2 -0
- package/dist/cjs/index.cjs +11 -3
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/esm/JaypieDistribution.d.ts +11 -0
- package/dist/esm/JaypieMigration.d.ts +2 -0
- package/dist/esm/index.js +11 -3
- package/dist/esm/index.js.map +1 -1
- package/package.json +1 -1
|
@@ -22,6 +22,17 @@ export interface JaypieWafConfig {
|
|
|
22
22
|
* @default true
|
|
23
23
|
*/
|
|
24
24
|
logBucket?: boolean | s3.IBucket;
|
|
25
|
+
/**
|
|
26
|
+
* Override actions for specific rules within managed rule groups.
|
|
27
|
+
* Key is the managed rule group name; value is an array of rule action overrides.
|
|
28
|
+
* @example
|
|
29
|
+
* managedRuleOverrides: {
|
|
30
|
+
* AWSManagedRulesCommonRuleSet: [
|
|
31
|
+
* { name: "SizeRestrictions_BODY", actionToUse: { count: {} } },
|
|
32
|
+
* ],
|
|
33
|
+
* }
|
|
34
|
+
*/
|
|
35
|
+
managedRuleOverrides?: Record<string, wafv2.CfnWebACL.RuleActionOverrideProperty[]>;
|
|
25
36
|
/**
|
|
26
37
|
* Managed rule group names to apply
|
|
27
38
|
* @default ["AWSManagedRulesCommonRuleSet", "AWSManagedRulesKnownBadInputsRuleSet"]
|
|
@@ -8,6 +8,8 @@ export interface JaypieMigrationProps {
|
|
|
8
8
|
code: lambda.Code | string;
|
|
9
9
|
/** Constructs that must be created before the migration runs */
|
|
10
10
|
dependencies?: Construct[];
|
|
11
|
+
/** Environment variables for the migration Lambda */
|
|
12
|
+
environment?: Record<string, string> | (Record<string, string> | string)[];
|
|
11
13
|
/** Lambda handler entry point */
|
|
12
14
|
handler?: string;
|
|
13
15
|
/** Secrets to make available to the migration Lambda */
|
package/dist/cjs/index.cjs
CHANGED
|
@@ -2648,11 +2648,12 @@ class JaypieDistribution extends constructs.Construct {
|
|
|
2648
2648
|
}
|
|
2649
2649
|
else {
|
|
2650
2650
|
// Create new WebACL
|
|
2651
|
-
const { managedRules = DEFAULT_MANAGED_RULES, rateLimitPerIp = DEFAULT_RATE_LIMIT, } = wafConfig;
|
|
2651
|
+
const { managedRuleOverrides, managedRules = DEFAULT_MANAGED_RULES, rateLimitPerIp = DEFAULT_RATE_LIMIT, } = wafConfig;
|
|
2652
2652
|
let priority = 0;
|
|
2653
2653
|
const rules = [];
|
|
2654
2654
|
// Add managed rule groups
|
|
2655
2655
|
for (const ruleName of managedRules) {
|
|
2656
|
+
const ruleActionOverrides = managedRuleOverrides?.[ruleName];
|
|
2656
2657
|
rules.push({
|
|
2657
2658
|
name: ruleName,
|
|
2658
2659
|
priority: priority++,
|
|
@@ -2661,6 +2662,7 @@ class JaypieDistribution extends constructs.Construct {
|
|
|
2661
2662
|
managedRuleGroupStatement: {
|
|
2662
2663
|
name: ruleName,
|
|
2663
2664
|
vendorName: "AWS",
|
|
2665
|
+
...(ruleActionOverrides && { ruleActionOverrides }),
|
|
2664
2666
|
},
|
|
2665
2667
|
},
|
|
2666
2668
|
visibilityConfig: {
|
|
@@ -3431,11 +3433,12 @@ class JaypieInfrastructureStack extends JaypieStack {
|
|
|
3431
3433
|
class JaypieMigration extends constructs.Construct {
|
|
3432
3434
|
constructor(scope, id, props) {
|
|
3433
3435
|
super(scope, id);
|
|
3434
|
-
const { code, dependencies = [], handler = "index.handler", secrets = [], tables = [], } = props;
|
|
3436
|
+
const { code, dependencies = [], environment, handler = "index.handler", secrets = [], tables = [], } = props;
|
|
3435
3437
|
// Migration Lambda — 5 minute timeout for long-running migrations
|
|
3436
3438
|
this.lambda = new JaypieLambda(this, "MigrationLambda", {
|
|
3437
3439
|
code,
|
|
3438
3440
|
description: "DynamoDB migration custom resource",
|
|
3441
|
+
environment,
|
|
3439
3442
|
handler,
|
|
3440
3443
|
roleTag: CDK$2.ROLE.PROCESSING,
|
|
3441
3444
|
secrets,
|
|
@@ -3446,8 +3449,13 @@ class JaypieMigration extends constructs.Construct {
|
|
|
3446
3449
|
const provider = new cr__namespace.Provider(this, "MigrationProvider", {
|
|
3447
3450
|
onEventHandler: this.lambda,
|
|
3448
3451
|
});
|
|
3449
|
-
// Custom Resource that triggers on every deploy
|
|
3452
|
+
// Custom Resource that triggers on every deploy.
|
|
3453
|
+
// deployNonce forces CloudFormation to re-invoke the custom resource
|
|
3454
|
+
// even when only Lambda code changes (issue #261).
|
|
3450
3455
|
const resource = new cdk__namespace.CustomResource(this, "MigrationResource", {
|
|
3456
|
+
properties: {
|
|
3457
|
+
deployNonce: Date.now().toString(),
|
|
3458
|
+
},
|
|
3451
3459
|
serviceToken: provider.serviceToken,
|
|
3452
3460
|
});
|
|
3453
3461
|
// Ensure dependencies are created before the migration runs
|