@jaypie/constructs 1.2.44 → 1.2.46
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -9,6 +9,15 @@ import * as wafv2 from "aws-cdk-lib/aws-wafv2";
|
|
|
9
9
|
import { Construct } from "constructs";
|
|
10
10
|
import { HostConfig } from "./helpers";
|
|
11
11
|
export interface JaypieWafConfig {
|
|
12
|
+
/**
|
|
13
|
+
* Unique name for this distribution's WAF resources. Required when passing a
|
|
14
|
+
* WAF config object. Injected into the WebACL name and WAF log bucket name
|
|
15
|
+
* so multiple JaypieDistribution instances can coexist in the same
|
|
16
|
+
* account/env without S3/WAFv2 name collisions.
|
|
17
|
+
*
|
|
18
|
+
* Pass `waf: true` (or omit) to retain the legacy, non-namespaced names.
|
|
19
|
+
*/
|
|
20
|
+
name: string;
|
|
12
21
|
/**
|
|
13
22
|
* Whether WAF is enabled
|
|
14
23
|
* @default true
|
package/dist/cjs/index.cjs
CHANGED
|
@@ -965,6 +965,13 @@ class JaypieEnvSecret extends constructs.Construct {
|
|
|
965
965
|
else {
|
|
966
966
|
exportName = cleanName$1(exportParam);
|
|
967
967
|
}
|
|
968
|
+
if (!consumer &&
|
|
969
|
+
envKey &&
|
|
970
|
+
!process.env[envKey] &&
|
|
971
|
+
value === undefined &&
|
|
972
|
+
!generateSecretString) {
|
|
973
|
+
throw new errors.ConfigurationError(`JaypieEnvSecret(${id}): envKey "${envKey}" is empty in process.env and no value or generateSecretString was provided`);
|
|
974
|
+
}
|
|
968
975
|
if (consumer) {
|
|
969
976
|
const secretName = cdk.Fn.importValue(exportName);
|
|
970
977
|
this._secret = secretsmanager__namespace.Secret.fromSecretNameV2(this, id, secretName);
|
|
@@ -2689,14 +2696,17 @@ class JaypieDistribution extends constructs.Construct {
|
|
|
2689
2696
|
sampledRequestsEnabled: true,
|
|
2690
2697
|
},
|
|
2691
2698
|
});
|
|
2699
|
+
const webAclName = wafConfig.name
|
|
2700
|
+
? constructEnvName(`${wafConfig.name}-WebAcl`)
|
|
2701
|
+
: constructEnvName("WebAcl");
|
|
2692
2702
|
const webAcl = new wafv2__namespace.CfnWebACL(this, "WebAcl", {
|
|
2693
2703
|
defaultAction: { allow: {} },
|
|
2694
|
-
name:
|
|
2704
|
+
name: webAclName,
|
|
2695
2705
|
rules,
|
|
2696
2706
|
scope: "CLOUDFRONT",
|
|
2697
2707
|
visibilityConfig: {
|
|
2698
2708
|
cloudWatchMetricsEnabled: true,
|
|
2699
|
-
metricName:
|
|
2709
|
+
metricName: webAclName,
|
|
2700
2710
|
sampledRequestsEnabled: true,
|
|
2701
2711
|
},
|
|
2702
2712
|
});
|
|
@@ -2712,8 +2722,14 @@ class JaypieDistribution extends constructs.Construct {
|
|
|
2712
2722
|
let wafLogBucket;
|
|
2713
2723
|
if (wafLogBucketProp === true) {
|
|
2714
2724
|
// Create inline WAF logging bucket with Datadog forwarding
|
|
2715
|
-
const
|
|
2716
|
-
|
|
2725
|
+
const wafLogBucketId = wafConfig.name
|
|
2726
|
+
? constructEnvName(`${wafConfig.name}-WafLogBucket`)
|
|
2727
|
+
: constructEnvName("WafLogBucket");
|
|
2728
|
+
const wafLogBucketName = wafConfig.name
|
|
2729
|
+
? `aws-waf-logs-${constructEnvName(`${wafConfig.name}-waf`).toLowerCase()}`
|
|
2730
|
+
: `aws-waf-logs-${constructEnvName("waf").toLowerCase()}`;
|
|
2731
|
+
const createdBucket = new s3__namespace.Bucket(this, wafLogBucketId, {
|
|
2732
|
+
bucketName: wafLogBucketName,
|
|
2717
2733
|
lifecycleRules: [
|
|
2718
2734
|
{
|
|
2719
2735
|
expiration: cdk.Duration.days(90),
|