@jaypie/constructs 1.2.66 → 1.2.68

package/dist/cjs/JaypieDistribution.d.ts

@@ -213,6 +213,19 @@ export interface JaypieDistributionProps extends Omit<cloudfront.DistributionPro
      * @default CDK.ROLE.HOSTING
      */
     roleTag?: string;
+    /**
+     * Service tag for attributing this distribution to a service (parallel to
+     * `roleTag`, matching `JaypieLambda`). When set, the distribution is tagged
+     * with `CDK.TAG.SERVICE` (so metrics carry `service:<value>` instead of
+     * `service:N/A`) and the created access-log and WAF-log buckets are tagged
+     * with the same value, so the Datadog forwarder attributes their forwarded
+     * logs to the service instead of the generic `cloudfront`/source default.
+     *
+     * Omit to preserve current behavior (no service tag). Has no effect on
+     * external/imported log buckets, which this construct does not own.
+     * @default undefined (no service tag)
+     */
+    serviceTag?: string;
     /**
      * WAF WebACL configuration for the CloudFront distribution.
      * - true/undefined: create and attach a WebACL with sensible defaults

package/dist/cjs/helpers/__tests__/extendDatadogRole.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/cjs/helpers/extendDatadogRole.d.ts

@@ -23,6 +23,7 @@ export interface ExtendDatadogRoleOptions {
  * If found, creates a custom policy with:
  * - budgets:ViewBudget
  * - logs:DescribeLogGroups
+ * - trustedadvisor:ListRecommendations
  *
  * @param scope - The construct scope
  * @param options - Configuration options

package/dist/cjs/index.cjs

@@ -465,6 +465,7 @@ function envHostname({ component, domain, env, subdomain, } = {}) {
  * If found, creates a custom policy with:
  * - budgets:ViewBudget
  * - logs:DescribeLogGroups
+ * - trustedadvisor:ListRecommendations
  *
  * @param scope - The construct scope
  * @param options - Configuration options
@@ -491,6 +492,11 @@ function extendDatadogRole(scope, options) {
             actions: ["logs:DescribeLogGroups"],
             resources: ["*"],
         }),
+        // Allow list trusted advisor recommendations
+        new iam.PolicyStatement({
+            actions: ["trustedadvisor:ListRecommendations"],
+            resources: ["*"],
+        }),
     ];
     // Create the custom policy
     const datadogCustomPolicy = new iam.Policy(scope, id, {
@@ -2708,7 +2714,7 @@ const DEFAULT_MANAGED_RULES$1 = [
 class JaypieDistribution extends constructs.Construct {
     constructor(scope, id, props) {
         super(scope, id);
-        const { certificate: certificateProp = true, defaultBehavior: propsDefaultBehavior, deleteExistingRecord = false, destination: destinationProp = true, handler, host: propsHost, logBucket: logBucketProp, originReadTimeout = cdk.Duration.seconds(CDK$2.DURATION.CLOUDFRONT_API), responseHeadersPolicy: responseHeadersPolicyProp, roleTag = CDK$2.ROLE.API, securityHeaders: securityHeadersProp, streaming = false, waf: wafProp = true, zone: propsZone, ...distributionProps } = props;
+        const { certificate: certificateProp = true, defaultBehavior: propsDefaultBehavior, deleteExistingRecord = false, destination: destinationProp = true, handler, host: propsHost, logBucket: logBucketProp, originReadTimeout = cdk.Duration.seconds(CDK$2.DURATION.CLOUDFRONT_API), responseHeadersPolicy: responseHeadersPolicyProp, roleTag = CDK$2.ROLE.API, securityHeaders: securityHeadersProp, serviceTag, streaming = false, waf: wafProp = true, zone: propsZone, ...distributionProps } = props;
         // Validate environment variables
         if (process.env.CDK_ENV_API_SUBDOMAIN &&
             !isValidSubdomain(process.env.CDK_ENV_API_SUBDOMAIN)) {
@@ -2917,6 +2923,9 @@ class JaypieDistribution extends constructs.Construct {
                 removalPolicy: cdk.RemovalPolicy.DESTROY,
             });
             cdk.Tags.of(createdBucket).add(CDK$2.TAG.ROLE, CDK$2.ROLE.STORAGE);
+            if (serviceTag) {
+                cdk.Tags.of(createdBucket).add(CDK$2.TAG.SERVICE, serviceTag);
+            }
             logBucket = createdBucket;
         }
         // Add S3 notifications if we have a bucket and destination is not false
@@ -2947,6 +2956,9 @@ class JaypieDistribution extends constructs.Construct {
             ...distributionProps,
         });
         cdk.Tags.of(this.distribution).add(CDK$2.TAG.ROLE, roleTag);
+        if (serviceTag) {
+            cdk.Tags.of(this.distribution).add(CDK$2.TAG.SERVICE, serviceTag);
+        }
         this.distributionArn = `arn:aws:cloudfront::${cdk.Stack.of(this).account}:distribution/${this.distribution.distributionId}`;
         this.distributionDomainName = this.distribution.distributionDomainName;
         this.distributionId = this.distribution.distributionId;
@@ -3151,6 +3163,9 @@ class JaypieDistribution extends constructs.Construct {
                     removalPolicy: cdk.RemovalPolicy.RETAIN,
                 });
                 cdk.Tags.of(createdBucket).add(CDK$2.TAG.ROLE, CDK$2.ROLE.MONITORING);
+                if (serviceTag) {
+                    cdk.Tags.of(createdBucket).add(CDK$2.TAG.SERVICE, serviceTag);
+                }
                 // Add Datadog forwarder notification
                 if (destinationProp !== false) {
                     const lambdaDestination = destinationProp === true