@jaypie/constructs 1.2.44 → 1.2.46
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -9,6 +9,15 @@ import * as wafv2 from "aws-cdk-lib/aws-wafv2";
|
|
|
9
9
|
import { Construct } from "constructs";
|
|
10
10
|
import { HostConfig } from "./helpers";
|
|
11
11
|
export interface JaypieWafConfig {
|
|
12
|
+
/**
|
|
13
|
+
* Unique name for this distribution's WAF resources. Required when passing a
|
|
14
|
+
* WAF config object. Injected into the WebACL name and WAF log bucket name
|
|
15
|
+
* so multiple JaypieDistribution instances can coexist in the same
|
|
16
|
+
* account/env without S3/WAFv2 name collisions.
|
|
17
|
+
*
|
|
18
|
+
* Pass `waf: true` (or omit) to retain the legacy, non-namespaced names.
|
|
19
|
+
*/
|
|
20
|
+
name: string;
|
|
12
21
|
/**
|
|
13
22
|
* Whether WAF is enabled
|
|
14
23
|
* @default true
|
package/dist/esm/index.js
CHANGED
|
@@ -929,6 +929,13 @@ class JaypieEnvSecret extends Construct {
|
|
|
929
929
|
else {
|
|
930
930
|
exportName = cleanName$1(exportParam);
|
|
931
931
|
}
|
|
932
|
+
if (!consumer &&
|
|
933
|
+
envKey &&
|
|
934
|
+
!process.env[envKey] &&
|
|
935
|
+
value === undefined &&
|
|
936
|
+
!generateSecretString) {
|
|
937
|
+
throw new ConfigurationError(`JaypieEnvSecret(${id}): envKey "${envKey}" is empty in process.env and no value or generateSecretString was provided`);
|
|
938
|
+
}
|
|
932
939
|
if (consumer) {
|
|
933
940
|
const secretName = Fn.importValue(exportName);
|
|
934
941
|
this._secret = secretsmanager.Secret.fromSecretNameV2(this, id, secretName);
|
|
@@ -2653,14 +2660,17 @@ class JaypieDistribution extends Construct {
|
|
|
2653
2660
|
sampledRequestsEnabled: true,
|
|
2654
2661
|
},
|
|
2655
2662
|
});
|
|
2663
|
+
const webAclName = wafConfig.name
|
|
2664
|
+
? constructEnvName(`${wafConfig.name}-WebAcl`)
|
|
2665
|
+
: constructEnvName("WebAcl");
|
|
2656
2666
|
const webAcl = new wafv2.CfnWebACL(this, "WebAcl", {
|
|
2657
2667
|
defaultAction: { allow: {} },
|
|
2658
|
-
name:
|
|
2668
|
+
name: webAclName,
|
|
2659
2669
|
rules,
|
|
2660
2670
|
scope: "CLOUDFRONT",
|
|
2661
2671
|
visibilityConfig: {
|
|
2662
2672
|
cloudWatchMetricsEnabled: true,
|
|
2663
|
-
metricName:
|
|
2673
|
+
metricName: webAclName,
|
|
2664
2674
|
sampledRequestsEnabled: true,
|
|
2665
2675
|
},
|
|
2666
2676
|
});
|
|
@@ -2676,8 +2686,14 @@ class JaypieDistribution extends Construct {
|
|
|
2676
2686
|
let wafLogBucket;
|
|
2677
2687
|
if (wafLogBucketProp === true) {
|
|
2678
2688
|
// Create inline WAF logging bucket with Datadog forwarding
|
|
2679
|
-
const
|
|
2680
|
-
|
|
2689
|
+
const wafLogBucketId = wafConfig.name
|
|
2690
|
+
? constructEnvName(`${wafConfig.name}-WafLogBucket`)
|
|
2691
|
+
: constructEnvName("WafLogBucket");
|
|
2692
|
+
const wafLogBucketName = wafConfig.name
|
|
2693
|
+
? `aws-waf-logs-${constructEnvName(`${wafConfig.name}-waf`).toLowerCase()}`
|
|
2694
|
+
: `aws-waf-logs-${constructEnvName("waf").toLowerCase()}`;
|
|
2695
|
+
const createdBucket = new s3.Bucket(this, wafLogBucketId, {
|
|
2696
|
+
bucketName: wafLogBucketName,
|
|
2681
2697
|
lifecycleRules: [
|
|
2682
2698
|
{
|
|
2683
2699
|
expiration: Duration.days(90),
|