@liflig/cdk 2.18.5 → 2.18.6

package/lib/alarms/service-alarms.d.ts

@@ -0,0 +1,145 @@
+import * as cdk from "aws-cdk-lib";
+import * as cloudwatch from "aws-cdk-lib/aws-cloudwatch";
+import * as logs from "aws-cdk-lib/aws-logs";
+import * as constructs from "constructs";
+export interface ServiceAlarmsProps extends cdk.StackProps {
+    /**
+     * The default action to use for CloudWatch alarm state changes
+     */
+    action: cloudwatch.IAlarmAction;
+    /**
+     * The name of the ECS service.
+     */
+    serviceName: string;
+}
+/**
+ * Various alarms and monitoring.
+ *
+ * By itself no alarms is created. Use the methods available
+ * to add alarms.
+ *
+ * See SlackAlarm construct for SNS Action.
+ */
+export declare class ServiceAlarms extends constructs.Construct {
+    private readonly action;
+    private readonly serviceName;
+    constructor(scope: constructs.Construct, id: string, props: ServiceAlarmsProps);
+    /**
+     * For logs stored as JSON, monitor log entries logged
+     * with level ERROR or higher, as well as any requests
+     * that causes 500 for logging with liflig-logging.
+     */
+    addJsonErrorAlarm(props: {
+        logGroup: logs.ILogGroup;
+        alarmDescription?: string;
+        /**
+         * Set to `false` to stop the alarm from sending OK events.
+         * @default true
+         * */
+        enableOkAction?: boolean;
+        /**
+         * An action to use for CloudWatch alarm state changes instead of the default action
+         */
+        action?: cloudwatch.IAlarmAction;
+    }): void;
+    /**
+     * Sets up three CloudWatch Alarms for monitoring an ECS service behind a target group:
+     * 1) one that triggers if the target is responding with too many 5xx errors.
+     * 2) one that triggers if the 95% percentile of response times from the target is too high.
+     * 3) one that triggers if there are no healthy targets or if the load balancer fails to connect to targets.
+     */
+    addTargetGroupAlarms(props: {
+        /**
+         * The full name of the target group.
+         */
+        targetGroupFullName: string;
+        /**
+         * The full name of the application load balancer.
+         */
+        loadBalancerFullName: string;
+        /**
+         * Configuration for a composite alarm.
+         *
+         * @default Configured with sane defaults.
+         */
+        targetHealthAlarm?: {
+            /**
+             * @default true
+             */
+            enabled?: boolean;
+            /**
+             * An action to use for CloudWatch alarm state changes instead of the default action
+             */
+            action?: cloudwatch.IAlarmAction;
+            /**
+             * @default 60 seconds
+             */
+            period?: cdk.Duration;
+            /**
+             * @default 1
+             */
+            evaluationPeriods?: number;
+            /**
+             * @default 1
+             */
+            threshold?: number;
+            description?: string;
+        };
+        /**
+         * Configuration for an alarm.
+         *
+         * @default Configured with sane defaults.
+         */
+        tooMany5xxResponsesFromTargetsAlarm?: {
+            /**
+             * @default true
+             */
+            enabled?: boolean;
+            /**
+             * An action to use for CloudWatch alarm state changes instead of the default action
+             */
+            action?: cloudwatch.IAlarmAction;
+            /**
+             * @default 60 seconds
+             */
+            period?: cdk.Duration;
+            /**
+             * @default 3
+             */
+            evaluationPeriods?: number;
+            /**
+             * @default 10
+             */
+            threshold?: number;
+            description?: string;
+        };
+        /**
+         * Configuration for an alarm.
+         *
+         * @default Configured with sane defaults.
+         */
+        targetResponseTimeAlarm?: {
+            /**
+             * @default true
+             */
+            enabled?: boolean;
+            /**
+             * An action to use for CloudWatch alarm state changes instead of the default action
+             */
+            action?: cloudwatch.IAlarmAction;
+            /**
+             * @default 5 minutes
+             */
+            period?: cdk.Duration;
+            /**
+             * @default 1
+             */
+            evaluationPeriods?: number;
+            /**
+             * @default 500 milliseconds
+             */
+            threshold?: cdk.Duration;
+            description?: string;
+        };
+    }): void;
+}

package/lib/alarms/service-alarms.js

@@ -0,0 +1,148 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ServiceAlarms = void 0;
+const cdk = require("aws-cdk-lib");
+const cloudwatch = require("aws-cdk-lib/aws-cloudwatch");
+const logs = require("aws-cdk-lib/aws-logs");
+const constructs = require("constructs");
+/**
+ * Various alarms and monitoring.
+ *
+ * By itself no alarms is created. Use the methods available
+ * to add alarms.
+ *
+ * See SlackAlarm construct for SNS Action.
+ */
+class ServiceAlarms extends constructs.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.action = props.action;
+        this.serviceName = props.serviceName;
+    }
+    /**
+     * For logs stored as JSON, monitor log entries logged
+     * with level ERROR or higher, as well as any requests
+     * that causes 500 for logging with liflig-logging.
+     */
+    addJsonErrorAlarm(props) {
+        var _a, _b, _c, _d;
+        const errorMetricFilter = props.logGroup.addMetricFilter("ErrorMetricFilter", {
+            filterPattern: logs.FilterPattern.any(logs.FilterPattern.stringValue("$.level", "=", "ERROR"), 
+            // FATAL covers some applications we run that uses log4j or
+            // other libraries. It is not existent in slf4j.
+            logs.FilterPattern.stringValue("$.level", "=", "FATAL"), logs.FilterPattern.stringValue(
+            // For liflig-logging.
+            "$.requestInfo.status.code", "=", "INTERNAL_SERVER_ERROR")),
+            metricName: "Errors",
+            metricNamespace: `stack/${cdk.Stack.of(this).stackName}/${this.serviceName}/Errors`,
+        });
+        const errorAlarm = errorMetricFilter
+            .metric()
+            .with({
+            statistic: "Sum",
+            period: cdk.Duration.seconds(60),
+        })
+            .createAlarm(this, "ErrorLogAlarm", {
+            alarmDescription: (_a = props.alarmDescription) !== null && _a !== void 0 ? _a : `${this.serviceName} logged an error`,
+            evaluationPeriods: 1,
+            threshold: 1,
+            treatMissingData: cloudwatch.TreatMissingData.NOT_BREACHING,
+        });
+        errorAlarm.addAlarmAction((_b = props.action) !== null && _b !== void 0 ? _b : this.action);
+        if ((_c = props.enableOkAction) !== null && _c !== void 0 ? _c : true) {
+            errorAlarm.addOkAction((_d = props.action) !== null && _d !== void 0 ? _d : this.action);
+        }
+    }
+    /**
+     * Sets up three CloudWatch Alarms for monitoring an ECS service behind a target group:
+     * 1) one that triggers if the target is responding with too many 5xx errors.
+     * 2) one that triggers if the 95% percentile of response times from the target is too high.
+     * 3) one that triggers if there are no healthy targets or if the load balancer fails to connect to targets.
+     */
+    addTargetGroupAlarms(props) {
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t, _u, _v, _w, _x, _y, _z, _0, _1, _2, _3, _4, _5, _6, _7, _8, _9, _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _20, _21;
+        const targetConnectionErrorAlarm = new cloudwatch.Metric({
+            metricName: "TargetConnectionErrorCount",
+            namespace: "AWS/ApplicationELB",
+            statistic: "Sum",
+            period: (_b = (_a = props.targetHealthAlarm) === null || _a === void 0 ? void 0 : _a.period) !== null && _b !== void 0 ? _b : cdk.Duration.seconds(60),
+            dimensionsMap: {
+                TargetGroup: props.targetGroupFullName,
+                LoadBalancer: props.loadBalancerFullName,
+            },
+        }).createAlarm(this, "ConnectionAlarm", {
+            actionsEnabled: true,
+            alarmDescription: `Load balancer is failing to connect to target(s) in ECS service '${this.serviceName}'.`,
+            evaluationPeriods: (_d = (_c = props.targetHealthAlarm) === null || _c === void 0 ? void 0 : _c.evaluationPeriods) !== null && _d !== void 0 ? _d : 1,
+            threshold: 1,
+            treatMissingData: cloudwatch.TreatMissingData.NOT_BREACHING,
+        });
+        const healthAlarm = new cloudwatch.Metric({
+            metricName: "HealthyHostCount",
+            namespace: "AWS/ApplicationELB",
+            statistic: "Minimum",
+            period: (_f = (_e = props.targetHealthAlarm) === null || _e === void 0 ? void 0 : _e.period) !== null && _f !== void 0 ? _f : cdk.Duration.seconds(60),
+            dimensionsMap: {
+                TargetGroup: props.targetGroupFullName,
+                LoadBalancer: props.loadBalancerFullName,
+            },
+        }).createAlarm(this, "HealthAlarm", {
+            alarmDescription: `There are no healthy target(s) in ECS service '${this.serviceName}'.`,
+            comparisonOperator: cloudwatch.ComparisonOperator.LESS_THAN_THRESHOLD,
+            evaluationPeriods: (_h = (_g = props.targetHealthAlarm) === null || _g === void 0 ? void 0 : _g.evaluationPeriods) !== null && _h !== void 0 ? _h : 1,
+            threshold: 1,
+            treatMissingData: cloudwatch.TreatMissingData.BREACHING,
+        });
+        const targetHealthAlarm = new cloudwatch.CompositeAlarm(this, "TargetHealthAlarm", {
+            alarmRule: cdk.aws_cloudwatch.AlarmRule.anyOf(cdk.aws_cloudwatch.AlarmRule.fromAlarm(targetConnectionErrorAlarm, cloudwatch.AlarmState.ALARM), cdk.aws_cloudwatch.AlarmRule.fromAlarm(healthAlarm, cloudwatch.AlarmState.ALARM)),
+            alarmDescription: (_k = (_j = props.targetHealthAlarm) === null || _j === void 0 ? void 0 : _j.description) !== null && _k !== void 0 ? _k : `The load balancer is either receiving bad health checks from or is unable to connect to target(s) in ECS service '${this.serviceName}'`,
+            actionsEnabled: false,
+        });
+        if ((_m = (_l = props.targetHealthAlarm) === null || _l === void 0 ? void 0 : _l.enabled) !== null && _m !== void 0 ? _m : true) {
+            targetHealthAlarm.addAlarmAction((_p = (_o = props.targetHealthAlarm) === null || _o === void 0 ? void 0 : _o.action) !== null && _p !== void 0 ? _p : this.action);
+            targetHealthAlarm.addOkAction((_r = (_q = props.targetHealthAlarm) === null || _q === void 0 ? void 0 : _q.action) !== null && _r !== void 0 ? _r : this.action);
+        }
+        const tooMany5xxResponsesFromTargetsAlarm = new cloudwatch.Metric({
+            metricName: "HTTPCode_Target_5XX_Count",
+            namespace: "AWS/ApplicationELB",
+            statistic: "Sum",
+            period: (_t = (_s = props.tooMany5xxResponsesFromTargetsAlarm) === null || _s === void 0 ? void 0 : _s.period) !== null && _t !== void 0 ? _t : cdk.Duration.seconds(60),
+            dimensionsMap: {
+                TargetGroup: props.targetGroupFullName,
+                LoadBalancer: props.loadBalancerFullName,
+            },
+        }).createAlarm(this, "AlbTargets5xxAlarm", {
+            actionsEnabled: true,
+            alarmDescription: (_v = (_u = props.tooMany5xxResponsesFromTargetsAlarm) === null || _u === void 0 ? void 0 : _u.description) !== null && _v !== void 0 ? _v : `Load balancer received too many 5XX responses from target(s) in ECS service '${this.serviceName}'.`,
+            evaluationPeriods: (_x = (_w = props.tooMany5xxResponsesFromTargetsAlarm) === null || _w === void 0 ? void 0 : _w.evaluationPeriods) !== null && _x !== void 0 ? _x : 3,
+            threshold: (_z = (_y = props.tooMany5xxResponsesFromTargetsAlarm) === null || _y === void 0 ? void 0 : _y.threshold) !== null && _z !== void 0 ? _z : 10,
+            treatMissingData: cloudwatch.TreatMissingData.NOT_BREACHING,
+        });
+        if ((_1 = (_0 = props.tooMany5xxResponsesFromTargetsAlarm) === null || _0 === void 0 ? void 0 : _0.enabled) !== null && _1 !== void 0 ? _1 : true) {
+            tooMany5xxResponsesFromTargetsAlarm.addAlarmAction((_3 = (_2 = props.tooMany5xxResponsesFromTargetsAlarm) === null || _2 === void 0 ? void 0 : _2.action) !== null && _3 !== void 0 ? _3 : this.action);
+            tooMany5xxResponsesFromTargetsAlarm.addOkAction((_5 = (_4 = props.tooMany5xxResponsesFromTargetsAlarm) === null || _4 === void 0 ? void 0 : _4.action) !== null && _5 !== void 0 ? _5 : this.action);
+        }
+        const targetResponseTimeAlarm = new cloudwatch.Metric({
+            metricName: "TargetResponseTime",
+            namespace: "AWS/ApplicationELB",
+            statistic: "p95",
+            period: (_7 = (_6 = props.targetResponseTimeAlarm) === null || _6 === void 0 ? void 0 : _6.period) !== null && _7 !== void 0 ? _7 : cdk.Duration.minutes(5),
+            dimensionsMap: {
+                LoadBalancer: props.loadBalancerFullName,
+                TargetGroup: props.targetGroupFullName,
+            },
+        }).createAlarm(this, "TargetResponseTimeAlarm", {
+            alarmDescription: (_9 = (_8 = props.targetResponseTimeAlarm) === null || _8 === void 0 ? void 0 : _8.description) !== null && _9 !== void 0 ? _9 : `5% of responses from ECS service '${this.serviceName}' are taking longer than the expected duration of ${((_11 = (_10 = props.targetResponseTimeAlarm) === null || _10 === void 0 ? void 0 : _10.threshold) !== null && _11 !== void 0 ? _11 : cdk.Duration.millis(500)).toMilliseconds()} ms.`,
+            comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+            evaluationPeriods: (_13 = (_12 = props.targetResponseTimeAlarm) === null || _12 === void 0 ? void 0 : _12.evaluationPeriods) !== null && _13 !== void 0 ? _13 : 1,
+            threshold: ((_15 = (_14 = props.targetResponseTimeAlarm) === null || _14 === void 0 ? void 0 : _14.threshold) !== null && _15 !== void 0 ? _15 : cdk.Duration.millis(500)).toSeconds({ integral: false }),
+            treatMissingData: cloudwatch.TreatMissingData.IGNORE,
+        });
+        if ((_17 = (_16 = props.targetResponseTimeAlarm) === null || _16 === void 0 ? void 0 : _16.enabled) !== null && _17 !== void 0 ? _17 : true) {
+            targetResponseTimeAlarm.addAlarmAction((_19 = (_18 = props.targetResponseTimeAlarm) === null || _18 === void 0 ? void 0 : _18.action) !== null && _19 !== void 0 ? _19 : this.action);
+            targetResponseTimeAlarm.addOkAction((_21 = (_20 = props.targetResponseTimeAlarm) === null || _20 === void 0 ? void 0 : _20.action) !== null && _21 !== void 0 ? _21 : this.action);
+        }
+    }
+}
+exports.ServiceAlarms = ServiceAlarms;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VydmljZS1hbGFybXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvYWxhcm1zL3NlcnZpY2UtYWxhcm1zLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLG1DQUFrQztBQUNsQyx5REFBd0Q7QUFDeEQsNkNBQTRDO0FBQzVDLHlDQUF3QztBQWF4Qzs7Ozs7OztHQU9HO0FBQ0gsTUFBYSxhQUFjLFNBQVEsVUFBVSxDQUFDLFNBQVM7SUFJckQsWUFDRSxLQUEyQixFQUMzQixFQUFVLEVBQ1YsS0FBeUI7UUFFekIsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQTtRQUVoQixJQUFJLENBQUMsTUFBTSxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUE7UUFDMUIsSUFBSSxDQUFDLFdBQVcsR0FBRyxLQUFLLENBQUMsV0FBVyxDQUFBO0lBQ3RDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsaUJBQWlCLENBQUMsS0FZakI7O1FBQ0MsTUFBTSxpQkFBaUIsR0FBRyxLQUFLLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FDdEQsbUJBQW1CLEVBQ25CO1lBQ0UsYUFBYSxFQUFFLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUNuQyxJQUFJLENBQUMsYUFBYSxDQUFDLFdBQVcsQ0FBQyxTQUFTLEVBQUUsR0FBRyxFQUFFLE9BQU8sQ0FBQztZQUN2RCwyREFBMkQ7WUFDM0QsZ0RBQWdEO1lBQ2hELElBQUksQ0FBQyxhQUFhLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRSxHQUFHLEVBQUUsT0FBTyxDQUFDLEVBQ3ZELElBQUksQ0FBQyxhQUFhLENBQUMsV0FBVztZQUM1QixzQkFBc0I7WUFDdEIsMkJBQTJCLEVBQzNCLEdBQUcsRUFDSCx1QkFBdUIsQ0FDeEIsQ0FDRjtZQUNELFVBQVUsRUFBRSxRQUFRO1lBQ3BCLGVBQWUsRUFBRSxTQUFTLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLFNBQVMsSUFDcEQsSUFBSSxDQUFDLFdBQ1AsU0FBUztTQUNWLENBQ0YsQ0FBQTtRQUVELE1BQU0sVUFBVSxHQUFHLGlCQUFpQjthQUNqQyxNQUFNLEVBQUU7YUFDUixJQUFJLENBQUM7WUFDSixTQUFTLEVBQUUsS0FBSztZQUNoQixNQUFNLEVBQUUsR0FBRyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1NBQ2pDLENBQUM7YUFDRCxXQUFXLENBQUMsSUFBSSxFQUFFLGVBQWUsRUFBRTtZQUNsQyxnQkFBZ0IsRUFDZCxNQUFBLEtBQUssQ0FBQyxnQkFBZ0IsbUNBQUksR0FBRyxJQUFJLENBQUMsV0FBVyxrQkFBa0I7WUFDakUsaUJBQWlCLEVBQUUsQ0FBQztZQUNwQixTQUFTLEVBQUUsQ0FBQztZQUNaLGdCQUFnQixFQUFFLFVBQVUsQ0FBQyxnQkFBZ0IsQ0FBQyxhQUFhO1NBQzVELENBQUMsQ0FBQTtRQUVKLFVBQVUsQ0FBQyxjQUFjLENBQUMsTUFBQSxLQUFLLENBQUMsTUFBTSxtQ0FBSSxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUE7UUFDdEQsSUFBSSxNQUFBLEtBQUssQ0FBQyxjQUFjLG1DQUFJLElBQUksRUFBRSxDQUFDO1lBQ2pDLFVBQVUsQ0FBQyxXQUFXLENBQUMsTUFBQSxLQUFLLENBQUMsTUFBTSxtQ0FBSSxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUE7UUFDckQsQ0FBQztJQUNILENBQUM7SUFFRDs7Ozs7T0FLRztJQUNILG9CQUFvQixDQUFDLEtBNkZwQjs7UUFDQyxNQUFNLDBCQUEwQixHQUFHLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQztZQUN2RCxVQUFVLEVBQUUsNEJBQTRCO1lBQ3hDLFNBQVMsRUFBRSxvQkFBb0I7WUFDL0IsU0FBUyxFQUFFLEtBQUs7WUFDaEIsTUFBTSxFQUFFLE1BQUEsTUFBQSxLQUFLLENBQUMsaUJBQWlCLDBDQUFFLE1BQU0sbUNBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ25FLGFBQWEsRUFBRTtnQkFDYixXQUFXLEVBQUUsS0FBSyxDQUFDLG1CQUFtQjtnQkFDdEMsWUFBWSxFQUFFLEtBQUssQ0FBQyxvQkFBb0I7YUFDekM7U0FDRixDQUFDLENBQUMsV0FBVyxDQUFDLElBQUksRUFBRSxpQkFBaUIsRUFBRTtZQUN0QyxjQUFjLEVBQUUsSUFBSTtZQUNwQixnQkFBZ0IsRUFBRSxvRUFBb0UsSUFBSSxDQUFDLFdBQVcsSUFBSTtZQUMxRyxpQkFBaUIsRUFBRSxNQUFBLE1BQUEsS0FBSyxDQUFDLGlCQUFpQiwwQ0FBRSxpQkFBaUIsbUNBQUksQ0FBQztZQUNsRSxTQUFTLEVBQUUsQ0FBQztZQUNaLGdCQUFnQixFQUFFLFVBQVUsQ0FBQyxnQkFBZ0IsQ0FBQyxhQUFhO1NBQzVELENBQUMsQ0FBQTtRQUVGLE1BQU0sV0FBVyxHQUFHLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQztZQUN4QyxVQUFVLEVBQUUsa0JBQWtCO1lBQzlCLFNBQVMsRUFBRSxvQkFBb0I7WUFDL0IsU0FBUyxFQUFFLFNBQVM7WUFDcEIsTUFBTSxFQUFFLE1BQUEsTUFBQSxLQUFLLENBQUMsaUJBQWlCLDBDQUFFLE1BQU0sbUNBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ25FLGFBQWEsRUFBRTtnQkFDYixXQUFXLEVBQUUsS0FBSyxDQUFDLG1CQUFtQjtnQkFDdEMsWUFBWSxFQUFFLEtBQUssQ0FBQyxvQkFBb0I7YUFDekM7U0FDRixDQUFDLENBQUMsV0FBVyxDQUFDLElBQUksRUFBRSxhQUFhLEVBQUU7WUFDbEMsZ0JBQWdCLEVBQUUsa0RBQWtELElBQUksQ0FBQyxXQUFXLElBQUk7WUFDeEYsa0JBQWtCLEVBQUUsVUFBVSxDQUFDLGtCQUFrQixDQUFDLG1CQUFtQjtZQUNyRSxpQkFBaUIsRUFBRSxNQUFBLE1BQUEsS0FBSyxDQUFDLGlCQUFpQiwwQ0FBRSxpQkFBaUIsbUNBQUksQ0FBQztZQUNsRSxTQUFTLEVBQUUsQ0FBQztZQUNaLGdCQUFnQixFQUFFLFVBQVUsQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFTO1NBQ3hELENBQUMsQ0FBQTtRQUVGLE1BQU0saUJBQWlCLEdBQUcsSUFBSSxVQUFVLENBQUMsY0FBYyxDQUNyRCxJQUFJLEVBQ0osbUJBQW1CLEVBQ25CO1lBQ0UsU0FBUyxFQUFFLEdBQUcsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FDM0MsR0FBRyxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUNwQywwQkFBMEIsRUFDMUIsVUFBVSxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQzVCLEVBQ0QsR0FBRyxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUNwQyxXQUFXLEVBQ1gsVUFBVSxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQzVCLENBQ0Y7WUFDRCxnQkFBZ0IsRUFDZCxNQUFBLE1BQUEsS0FBSyxDQUFDLGlCQUFpQiwwQ0FBRSxXQUFXLG1DQUNwQyxxSEFBcUgsSUFBSSxDQUFDLFdBQVcsR0FBRztZQUMxSSxjQUFjLEVBQUUsS0FBSztTQUN0QixDQUNGLENBQUE7UUFDRCxJQUFJLE1BQUEsTUFBQSxLQUFLLENBQUMsaUJBQWlCLDBDQUFFLE9BQU8sbUNBQUksSUFBSSxFQUFFLENBQUM7WUFDN0MsaUJBQWlCLENBQUMsY0FBYyxDQUM5QixNQUFBLE1BQUEsS0FBSyxDQUFDLGlCQUFpQiwwQ0FBRSxNQUFNLG1DQUFJLElBQUksQ0FBQyxNQUFNLENBQy9DLENBQUE7WUFDRCxpQkFBaUIsQ0FBQyxXQUFXLENBQzNCLE1BQUEsTUFBQSxLQUFLLENBQUMsaUJBQWlCLDBDQUFFLE1BQU0sbUNBQUksSUFBSSxDQUFDLE1BQU0sQ0FDL0MsQ0FBQTtRQUNILENBQUM7UUFFRCxNQUFNLG1DQUFtQyxHQUFHLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQztZQUNoRSxVQUFVLEVBQUUsMkJBQTJCO1lBQ3ZDLFNBQVMsRUFBRSxvQkFBb0I7WUFDL0IsU0FBUyxFQUFFLEtBQUs7WUFDaEIsTUFBTSxFQUNKLE1BQUEsTUFBQSxLQUFLLENBQUMsbUNBQW1DLDBDQUFFLE1BQU0sbUNBQ2pELEdBQUcsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUMxQixhQUFhLEVBQUU7Z0JBQ2IsV0FBVyxFQUFFLEtBQUssQ0FBQyxtQkFBbUI7Z0JBQ3RDLFlBQVksRUFBRSxLQUFLLENBQUMsb0JBQW9CO2FBQ3pDO1NBQ0YsQ0FBQyxDQUFDLFdBQVcsQ0FBQyxJQUFJLEVBQUUsb0JBQW9CLEVBQUU7WUFDekMsY0FBYyxFQUFFLElBQUk7WUFDcEIsZ0JBQWdCLEVBQ2QsTUFBQSxNQUFBLEtBQUssQ0FBQyxtQ0FBbUMsMENBQUUsV0FBVyxtQ0FDdEQsZ0ZBQWdGLElBQUksQ0FBQyxXQUFXLElBQUk7WUFDdEcsaUJBQWlCLEVBQ2YsTUFBQSxNQUFBLEtBQUssQ0FBQyxtQ0FBbUMsMENBQUUsaUJBQWlCLG1DQUFJLENBQUM7WUFDbkUsU0FBUyxFQUFFLE1BQUEsTUFBQSxLQUFLLENBQUMsbUNBQW1DLDBDQUFFLFNBQVMsbUNBQUksRUFBRTtZQUNyRSxnQkFBZ0IsRUFBRSxVQUFVLENBQUMsZ0JBQWdCLENBQUMsYUFBYTtTQUM1RCxDQUFDLENBQUE7UUFDRixJQUFJLE1BQUEsTUFBQSxLQUFLLENBQUMsbUNBQW1DLDBDQUFFLE9BQU8sbUNBQUksSUFBSSxFQUFFLENBQUM7WUFDL0QsbUNBQW1DLENBQUMsY0FBYyxDQUNoRCxNQUFBLE1BQUEsS0FBSyxDQUFDLG1DQUFtQywwQ0FBRSxNQUFNLG1DQUFJLElBQUksQ0FBQyxNQUFNLENBQ2pFLENBQUE7WUFDRCxtQ0FBbUMsQ0FBQyxXQUFXLENBQzdDLE1BQUEsTUFBQSxLQUFLLENBQUMsbUNBQW1DLDBDQUFFLE1BQU0sbUNBQUksSUFBSSxDQUFDLE1BQU0sQ0FDakUsQ0FBQTtRQUNILENBQUM7UUFFRCxNQUFNLHVCQUF1QixHQUFHLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQztZQUNwRCxVQUFVLEVBQUUsb0JBQW9CO1lBQ2hDLFNBQVMsRUFBRSxvQkFBb0I7WUFDL0IsU0FBUyxFQUFFLEtBQUs7WUFDaEIsTUFBTSxFQUFFLE1BQUEsTUFBQSxLQUFLLENBQUMsdUJBQXVCLDBDQUFFLE1BQU0sbUNBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO1lBQ3hFLGFBQWEsRUFBRTtnQkFDYixZQUFZLEVBQUUsS0FBSyxDQUFDLG9CQUFvQjtnQkFDeEMsV0FBVyxFQUFFLEtBQUssQ0FBQyxtQkFBbUI7YUFDdkM7U0FDRixDQUFDLENBQUMsV0FBVyxDQUFDLElBQUksRUFBRSx5QkFBeUIsRUFBRTtZQUM5QyxnQkFBZ0IsRUFDZCxNQUFBLE1BQUEsS0FBSyxDQUFDLHVCQUF1QiwwQ0FBRSxXQUFXLG1DQUMxQyxxQ0FDRSxJQUFJLENBQUMsV0FDUCxxREFBcUQsQ0FDbkQsT0FBQSxPQUFBLEtBQUssQ0FBQyx1QkFBdUIsNENBQUUsU0FBUyxxQ0FBSSxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FDckUsQ0FBQyxjQUFjLEVBQUUsTUFBTTtZQUMxQixrQkFBa0IsRUFBRSxVQUFVLENBQUMsa0JBQWtCLENBQUMsc0JBQXNCO1lBQ3hFLGlCQUFpQixFQUFFLE9BQUEsT0FBQSxLQUFLLENBQUMsdUJBQXVCLDRDQUFFLGlCQUFpQixxQ0FBSSxDQUFDO1lBQ3hFLFNBQVMsRUFBRSxDQUNULE9BQUEsT0FBQSxLQUFLLENBQUMsdUJBQXVCLDRDQUFFLFNBQVMscUNBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQ3JFLENBQUMsU0FBUyxDQUFDLEVBQUUsUUFBUSxFQUFFLEtBQUssRUFBRSxDQUFDO1lBQ2hDLGdCQUFnQixFQUFFLFVBQVUsQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNO1NBQ3JELENBQUMsQ0FBQTtRQUNGLElBQUksT0FBQSxPQUFBLEtBQUssQ0FBQyx1QkFBdUIsNENBQUUsT0FBTyxxQ0FBSSxJQUFJLEVBQUUsQ0FBQztZQUNuRCx1QkFBdUIsQ0FBQyxjQUFjLENBQ3BDLE9BQUEsT0FBQSxLQUFLLENBQUMsdUJBQXVCLDRDQUFFLE1BQU0scUNBQUksSUFBSSxDQUFDLE1BQU0sQ0FDckQsQ0FBQTtZQUNELHVCQUF1QixDQUFDLFdBQVcsQ0FDakMsT0FBQSxPQUFBLEtBQUssQ0FBQyx1QkFBdUIsNENBQUUsTUFBTSxxQ0FBSSxJQUFJLENBQUMsTUFBTSxDQUNyRCxDQUFBO1FBQ0gsQ0FBQztJQUNILENBQUM7Q0FDRjtBQTdTRCxzQ0E2U0MiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBjZGsgZnJvbSBcImF3cy1jZGstbGliXCJcbmltcG9ydCAqIGFzIGNsb3Vkd2F0Y2ggZnJvbSBcImF3cy1jZGstbGliL2F3cy1jbG91ZHdhdGNoXCJcbmltcG9ydCAqIGFzIGxvZ3MgZnJvbSBcImF3cy1jZGstbGliL2F3cy1sb2dzXCJcbmltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSBcImNvbnN0cnVjdHNcIlxuXG5leHBvcnQgaW50ZXJmYWNlIFNlcnZpY2VBbGFybXNQcm9wcyBleHRlbmRzIGNkay5TdGFja1Byb3BzIHtcbiAgLyoqXG4gICAqIFRoZSBkZWZhdWx0IGFjdGlvbiB0byB1c2UgZm9yIENsb3VkV2F0Y2ggYWxhcm0gc3RhdGUgY2hhbmdlc1xuICAgKi9cbiAgYWN0aW9uOiBjbG91ZHdhdGNoLklBbGFybUFjdGlvblxuICAvKipcbiAgICogVGhlIG5hbWUgb2YgdGhlIEVDUyBzZXJ2aWNlLlxuICAgKi9cbiAgc2VydmljZU5hbWU6IHN0cmluZ1xufVxuXG4vKipcbiAqIFZhcmlvdXMgYWxhcm1zIGFuZCBtb25pdG9yaW5nLlxuICpcbiAqIEJ5IGl0c2VsZiBubyBhbGFybXMgaXMgY3JlYXRlZC4gVXNlIHRoZSBtZXRob2RzIGF2YWlsYWJsZVxuICogdG8gYWRkIGFsYXJtcy5cbiAqXG4gKiBTZWUgU2xhY2tBbGFybSBjb25zdHJ1Y3QgZm9yIFNOUyBBY3Rpb24uXG4gKi9cbmV4cG9ydCBjbGFzcyBTZXJ2aWNlQWxhcm1zIGV4dGVuZHMgY29uc3RydWN0cy5Db25zdHJ1Y3Qge1xuICBwcml2YXRlIHJlYWRvbmx5IGFjdGlvbjogY2xvdWR3YXRjaC5JQWxhcm1BY3Rpb25cbiAgcHJpdmF0ZSByZWFkb25seSBzZXJ2aWNlTmFtZTogc3RyaW5nXG5cbiAgY29uc3RydWN0b3IoXG4gICAgc2NvcGU6IGNvbnN0cnVjdHMuQ29uc3RydWN0LFxuICAgIGlkOiBzdHJpbmcsXG4gICAgcHJvcHM6IFNlcnZpY2VBbGFybXNQcm9wcyxcbiAgKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKVxuXG4gICAgdGhpcy5hY3Rpb24gPSBwcm9wcy5hY3Rpb25cbiAgICB0aGlzLnNlcnZpY2VOYW1lID0gcHJvcHMuc2VydmljZU5hbWVcbiAgfVxuXG4gIC8qKlxuICAgKiBGb3IgbG9ncyBzdG9yZWQgYXMgSlNPTiwgbW9uaXRvciBsb2cgZW50cmllcyBsb2dnZWRcbiAgICogd2l0aCBsZXZlbCBFUlJPUiBvciBoaWdoZXIsIGFzIHdlbGwgYXMgYW55IHJlcXVlc3RzXG4gICAqIHRoYXQgY2F1c2VzIDUwMCBmb3IgbG9nZ2luZyB3aXRoIGxpZmxpZy1sb2dnaW5nLlxuICAgKi9cbiAgYWRkSnNvbkVycm9yQWxhcm0ocHJvcHM6IHtcbiAgICBsb2dHcm91cDogbG9ncy5JTG9nR3JvdXBcbiAgICBhbGFybURlc2NyaXB0aW9uPzogc3RyaW5nXG4gICAgLyoqXG4gICAgICogU2V0IHRvIGBmYWxzZWAgdG8gc3RvcCB0aGUgYWxhcm0gZnJvbSBzZW5kaW5nIE9LIGV2ZW50cy5cbiAgICAgKiBAZGVmYXVsdCB0cnVlXG4gICAgICogKi9cbiAgICBlbmFibGVPa0FjdGlvbj86IGJvb2xlYW5cbiAgICAvKipcbiAgICAgKiBBbiBhY3Rpb24gdG8gdXNlIGZvciBDbG91ZFdhdGNoIGFsYXJtIHN0YXRlIGNoYW5nZXMgaW5zdGVhZCBvZiB0aGUgZGVmYXVsdCBhY3Rpb25cbiAgICAgKi9cbiAgICBhY3Rpb24/OiBjbG91ZHdhdGNoLklBbGFybUFjdGlvblxuICB9KTogdm9pZCB7XG4gICAgY29uc3QgZXJyb3JNZXRyaWNGaWx0ZXIgPSBwcm9wcy5sb2dHcm91cC5hZGRNZXRyaWNGaWx0ZXIoXG4gICAgICBcIkVycm9yTWV0cmljRmlsdGVyXCIsXG4gICAgICB7XG4gICAgICAgIGZpbHRlclBhdHRlcm46IGxvZ3MuRmlsdGVyUGF0dGVybi5hbnkoXG4gICAgICAgICAgbG9ncy5GaWx0ZXJQYXR0ZXJuLnN0cmluZ1ZhbHVlKFwiJC5sZXZlbFwiLCBcIj1cIiwgXCJFUlJPUlwiKSxcbiAgICAgICAgICAvLyBGQVRBTCBjb3ZlcnMgc29tZSBhcHBsaWNhdGlvbnMgd2UgcnVuIHRoYXQgdXNlcyBsb2c0aiBvclxuICAgICAgICAgIC8vIG90aGVyIGxpYnJhcmllcy4gSXQgaXMgbm90IGV4aXN0ZW50IGluIHNsZjRqLlxuICAgICAgICAgIGxvZ3MuRmlsdGVyUGF0dGVybi5zdHJpbmdWYWx1ZShcIiQubGV2ZWxcIiwgXCI9XCIsIFwiRkFUQUxcIiksXG4gICAgICAgICAgbG9ncy5GaWx0ZXJQYXR0ZXJuLnN0cmluZ1ZhbHVlKFxuICAgICAgICAgICAgLy8gRm9yIGxpZmxpZy1sb2dnaW5nLlxuICAgICAgICAgICAgXCIkLnJlcXVlc3RJbmZvLnN0YXR1cy5jb2RlXCIsXG4gICAgICAgICAgICBcIj1cIixcbiAgICAgICAgICAgIFwiSU5URVJOQUxfU0VSVkVSX0VSUk9SXCIsXG4gICAgICAgICAgKSxcbiAgICAgICAgKSxcbiAgICAgICAgbWV0cmljTmFtZTogXCJFcnJvcnNcIixcbiAgICAgICAgbWV0cmljTmFtZXNwYWNlOiBgc3RhY2svJHtjZGsuU3RhY2sub2YodGhpcykuc3RhY2tOYW1lfS8ke1xuICAgICAgICAgIHRoaXMuc2VydmljZU5hbWVcbiAgICAgICAgfS9FcnJvcnNgLFxuICAgICAgfSxcbiAgICApXG5cbiAgICBjb25zdCBlcnJvckFsYXJtID0gZXJyb3JNZXRyaWNGaWx0ZXJcbiAgICAgIC5tZXRyaWMoKVxuICAgICAgLndpdGgoe1xuICAgICAgICBzdGF0aXN0aWM6IFwiU3VtXCIsXG4gICAgICAgIHBlcmlvZDogY2RrLkR1cmF0aW9uLnNlY29uZHMoNjApLFxuICAgICAgfSlcbiAgICAgIC5jcmVhdGVBbGFybSh0aGlzLCBcIkVycm9yTG9nQWxhcm1cIiwge1xuICAgICAgICBhbGFybURlc2NyaXB0aW9uOlxuICAgICAgICAgIHByb3BzLmFsYXJtRGVzY3JpcHRpb24gPz8gYCR7dGhpcy5zZXJ2aWNlTmFtZX0gbG9nZ2VkIGFuIGVycm9yYCxcbiAgICAgICAgZXZhbHVhdGlvblBlcmlvZHM6IDEsXG4gICAgICAgIHRocmVzaG9sZDogMSxcbiAgICAgICAgdHJlYXRNaXNzaW5nRGF0YTogY2xvdWR3YXRjaC5UcmVhdE1pc3NpbmdEYXRhLk5PVF9CUkVBQ0hJTkcsXG4gICAgICB9KVxuXG4gICAgZXJyb3JBbGFybS5hZGRBbGFybUFjdGlvbihwcm9wcy5hY3Rpb24gPz8gdGhpcy5hY3Rpb24pXG4gICAgaWYgKHByb3BzLmVuYWJsZU9rQWN0aW9uID8/IHRydWUpIHtcbiAgICAgIGVycm9yQWxhcm0uYWRkT2tBY3Rpb24ocHJvcHMuYWN0aW9uID8/IHRoaXMuYWN0aW9uKVxuICAgIH1cbiAgfVxuXG4gIC8qKlxuICAgKiBTZXRzIHVwIHRocmVlIENsb3VkV2F0Y2ggQWxhcm1zIGZvciBtb25pdG9yaW5nIGFuIEVDUyBzZXJ2aWNlIGJlaGluZCBhIHRhcmdldCBncm91cDpcbiAgICogMSkgb25lIHRoYXQgdHJpZ2dlcnMgaWYgdGhlIHRhcmdldCBpcyByZXNwb25kaW5nIHdpdGggdG9vIG1hbnkgNXh4IGVycm9ycy5cbiAgICogMikgb25lIHRoYXQgdHJpZ2dlcnMgaWYgdGhlIDk1JSBwZXJjZW50aWxlIG9mIHJlc3BvbnNlIHRpbWVzIGZyb20gdGhlIHRhcmdldCBpcyB0b28gaGlnaC5cbiAgICogMykgb25lIHRoYXQgdHJpZ2dlcnMgaWYgdGhlcmUgYXJlIG5vIGhlYWx0aHkgdGFyZ2V0cyBvciBpZiB0aGUgbG9hZCBiYWxhbmNlciBmYWlscyB0byBjb25uZWN0IHRvIHRhcmdldHMuXG4gICAqL1xuICBhZGRUYXJnZXRHcm91cEFsYXJtcyhwcm9wczoge1xuICAgIC8qKlxuICAgICAqIFRoZSBmdWxsIG5hbWUgb2YgdGhlIHRhcmdldCBncm91cC5cbiAgICAgKi9cbiAgICB0YXJnZXRHcm91cEZ1bGxOYW1lOiBzdHJpbmdcbiAgICAvKipcbiAgICAgKiBUaGUgZnVsbCBuYW1lIG9mIHRoZSBhcHBsaWNhdGlvbiBsb2FkIGJhbGFuY2VyLlxuICAgICAqL1xuICAgIGxvYWRCYWxhbmNlckZ1bGxOYW1lOiBzdHJpbmdcbiAgICAvKipcbiAgICAgKiBDb25maWd1cmF0aW9uIGZvciBhIGNvbXBvc2l0ZSBhbGFybS5cbiAgICAgKlxuICAgICAqIEBkZWZhdWx0IENvbmZpZ3VyZWQgd2l0aCBzYW5lIGRlZmF1bHRzLlxuICAgICAqL1xuICAgIHRhcmdldEhlYWx0aEFsYXJtPzoge1xuICAgICAgLyoqXG4gICAgICAgKiBAZGVmYXVsdCB0cnVlXG4gICAgICAgKi9cbiAgICAgIGVuYWJsZWQ/OiBib29sZWFuXG4gICAgICAvKipcbiAgICAgICAqIEFuIGFjdGlvbiB0byB1c2UgZm9yIENsb3VkV2F0Y2ggYWxhcm0gc3RhdGUgY2hhbmdlcyBpbnN0ZWFkIG9mIHRoZSBkZWZhdWx0IGFjdGlvblxuICAgICAgICovXG4gICAgICBhY3Rpb24/OiBjbG91ZHdhdGNoLklBbGFybUFjdGlvblxuICAgICAgLyoqXG4gICAgICAgKiBAZGVmYXVsdCA2MCBzZWNvbmRzXG4gICAgICAgKi9cbiAgICAgIHBlcmlvZD86IGNkay5EdXJhdGlvblxuICAgICAgLyoqXG4gICAgICAgKiBAZGVmYXVsdCAxXG4gICAgICAgKi9cbiAgICAgIGV2YWx1YXRpb25QZXJpb2RzPzogbnVtYmVyXG4gICAgICAvKipcbiAgICAgICAqIEBkZWZhdWx0IDFcbiAgICAgICAqL1xuICAgICAgdGhyZXNob2xkPzogbnVtYmVyXG4gICAgICBkZXNjcmlwdGlvbj86IHN0cmluZ1xuICAgIH1cbiAgICAvKipcbiAgICAgKiBDb25maWd1cmF0aW9uIGZvciBhbiBhbGFybS5cbiAgICAgKlxuICAgICAqIEBkZWZhdWx0IENvbmZpZ3VyZWQgd2l0aCBzYW5lIGRlZmF1bHRzLlxuICAgICAqL1xuICAgIHRvb01hbnk1eHhSZXNwb25zZXNGcm9tVGFyZ2V0c0FsYXJtPzoge1xuICAgICAgLyoqXG4gICAgICAgKiBAZGVmYXVsdCB0cnVlXG4gICAgICAgKi9cbiAgICAgIGVuYWJsZWQ/OiBib29sZWFuXG4gICAgICAvKipcbiAgICAgICAqIEFuIGFjdGlvbiB0byB1c2UgZm9yIENsb3VkV2F0Y2ggYWxhcm0gc3RhdGUgY2hhbmdlcyBpbnN0ZWFkIG9mIHRoZSBkZWZhdWx0IGFjdGlvblxuICAgICAgICovXG4gICAgICBhY3Rpb24/OiBjbG91ZHdhdGNoLklBbGFybUFjdGlvblxuICAgICAgLyoqXG4gICAgICAgKiBAZGVmYXVsdCA2MCBzZWNvbmRzXG4gICAgICAgKi9cbiAgICAgIHBlcmlvZD86IGNkay5EdXJhdGlvblxuICAgICAgLyoqXG4gICAgICAgKiBAZGVmYXVsdCAzXG4gICAgICAgKi9cbiAgICAgIGV2YWx1YXRpb25QZXJpb2RzPzogbnVtYmVyXG4gICAgICAvKipcbiAgICAgICAqIEBkZWZhdWx0IDEwXG4gICAgICAgKi9cbiAgICAgIHRocmVzaG9sZD86IG51bWJlclxuICAgICAgZGVzY3JpcHRpb24/OiBzdHJpbmdcbiAgICB9XG4gICAgLyoqXG4gICAgICogQ29uZmlndXJhdGlvbiBmb3IgYW4gYWxhcm0uXG4gICAgICpcbiAgICAgKiBAZGVmYXVsdCBDb25maWd1cmVkIHdpdGggc2FuZSBkZWZhdWx0cy5cbiAgICAgKi9cbiAgICB0YXJnZXRSZXNwb25zZVRpbWVBbGFybT86IHtcbiAgICAgIC8qKlxuICAgICAgICogQGRlZmF1bHQgdHJ1ZVxuICAgICAgICovXG4gICAgICBlbmFibGVkPzogYm9vbGVhblxuICAgICAgLyoqXG4gICAgICAgKiBBbiBhY3Rpb24gdG8gdXNlIGZvciBDbG91ZFdhdGNoIGFsYXJtIHN0YXRlIGNoYW5nZXMgaW5zdGVhZCBvZiB0aGUgZGVmYXVsdCBhY3Rpb25cbiAgICAgICAqL1xuICAgICAgYWN0aW9uPzogY2xvdWR3YXRjaC5JQWxhcm1BY3Rpb25cbiAgICAgIC8qKlxuICAgICAgICogQGRlZmF1bHQgNSBtaW51dGVzXG4gICAgICAgKi9cbiAgICAgIHBlcmlvZD86IGNkay5EdXJhdGlvblxuICAgICAgLyoqXG4gICAgICAgKiBAZGVmYXVsdCAxXG4gICAgICAgKi9cbiAgICAgIGV2YWx1YXRpb25QZXJpb2RzPzogbnVtYmVyXG4gICAgICAvKipcbiAgICAgICAqIEBkZWZhdWx0IDUwMCBtaWxsaXNlY29uZHNcbiAgICAgICAqL1xuICAgICAgdGhyZXNob2xkPzogY2RrLkR1cmF0aW9uXG4gICAgICBkZXNjcmlwdGlvbj86IHN0cmluZ1xuICAgIH1cbiAgfSk6IHZvaWQge1xuICAgIGNvbnN0IHRhcmdldENvbm5lY3Rpb25FcnJvckFsYXJtID0gbmV3IGNsb3Vkd2F0Y2guTWV0cmljKHtcbiAgICAgIG1ldHJpY05hbWU6IFwiVGFyZ2V0Q29ubmVjdGlvbkVycm9yQ291bnRcIixcbiAgICAgIG5hbWVzcGFjZTogXCJBV1MvQXBwbGljYXRpb25FTEJcIixcbiAgICAgIHN0YXRpc3RpYzogXCJTdW1cIixcbiAgICAgIHBlcmlvZDogcHJvcHMudGFyZ2V0SGVhbHRoQWxhcm0/LnBlcmlvZCA/PyBjZGsuRHVyYXRpb24uc2Vjb25kcyg2MCksXG4gICAgICBkaW1lbnNpb25zTWFwOiB7XG4gICAgICAgIFRhcmdldEdyb3VwOiBwcm9wcy50YXJnZXRHcm91cEZ1bGxOYW1lLFxuICAgICAgICBMb2FkQmFsYW5jZXI6IHByb3BzLmxvYWRCYWxhbmNlckZ1bGxOYW1lLFxuICAgICAgfSxcbiAgICB9KS5jcmVhdGVBbGFybSh0aGlzLCBcIkNvbm5lY3Rpb25BbGFybVwiLCB7XG4gICAgICBhY3Rpb25zRW5hYmxlZDogdHJ1ZSxcbiAgICAgIGFsYXJtRGVzY3JpcHRpb246IGBMb2FkIGJhbGFuY2VyIGlzIGZhaWxpbmcgdG8gY29ubmVjdCB0byB0YXJnZXQocykgaW4gRUNTIHNlcnZpY2UgJyR7dGhpcy5zZXJ2aWNlTmFtZX0nLmAsXG4gICAgICBldmFsdWF0aW9uUGVyaW9kczogcHJvcHMudGFyZ2V0SGVhbHRoQWxhcm0/LmV2YWx1YXRpb25QZXJpb2RzID8/IDEsXG4gICAgICB0aHJlc2hvbGQ6IDEsXG4gICAgICB0cmVhdE1pc3NpbmdEYXRhOiBjbG91ZHdhdGNoLlRyZWF0TWlzc2luZ0RhdGEuTk9UX0JSRUFDSElORyxcbiAgICB9KVxuXG4gICAgY29uc3QgaGVhbHRoQWxhcm0gPSBuZXcgY2xvdWR3YXRjaC5NZXRyaWMoe1xuICAgICAgbWV0cmljTmFtZTogXCJIZWFsdGh5SG9zdENvdW50XCIsXG4gICAgICBuYW1lc3BhY2U6IFwiQVdTL0FwcGxpY2F0aW9uRUxCXCIsXG4gICAgICBzdGF0aXN0aWM6IFwiTWluaW11bVwiLFxuICAgICAgcGVyaW9kOiBwcm9wcy50YXJnZXRIZWFsdGhBbGFybT8ucGVyaW9kID8/IGNkay5EdXJhdGlvbi5zZWNvbmRzKDYwKSxcbiAgICAgIGRpbWVuc2lvbnNNYXA6IHtcbiAgICAgICAgVGFyZ2V0R3JvdXA6IHByb3BzLnRhcmdldEdyb3VwRnVsbE5hbWUsXG4gICAgICAgIExvYWRCYWxhbmNlcjogcHJvcHMubG9hZEJhbGFuY2VyRnVsbE5hbWUsXG4gICAgICB9LFxuICAgIH0pLmNyZWF0ZUFsYXJtKHRoaXMsIFwiSGVhbHRoQWxhcm1cIiwge1xuICAgICAgYWxhcm1EZXNjcmlwdGlvbjogYFRoZXJlIGFyZSBubyBoZWFsdGh5IHRhcmdldChzKSBpbiBFQ1Mgc2VydmljZSAnJHt0aGlzLnNlcnZpY2VOYW1lfScuYCxcbiAgICAgIGNvbXBhcmlzb25PcGVyYXRvcjogY2xvdWR3YXRjaC5Db21wYXJpc29uT3BlcmF0b3IuTEVTU19USEFOX1RIUkVTSE9MRCxcbiAgICAgIGV2YWx1YXRpb25QZXJpb2RzOiBwcm9wcy50YXJnZXRIZWFsdGhBbGFybT8uZXZhbHVhdGlvblBlcmlvZHMgPz8gMSxcbiAgICAgIHRocmVzaG9sZDogMSxcbiAgICAgIHRyZWF0TWlzc2luZ0RhdGE6IGNsb3Vkd2F0Y2guVHJlYXRNaXNzaW5nRGF0YS5CUkVBQ0hJTkcsXG4gICAgfSlcblxuICAgIGNvbnN0IHRhcmdldEhlYWx0aEFsYXJtID0gbmV3IGNsb3Vkd2F0Y2guQ29tcG9zaXRlQWxhcm0oXG4gICAgICB0aGlzLFxuICAgICAgXCJUYXJnZXRIZWFsdGhBbGFybVwiLFxuICAgICAge1xuICAgICAgICBhbGFybVJ1bGU6IGNkay5hd3NfY2xvdWR3YXRjaC5BbGFybVJ1bGUuYW55T2YoXG4gICAgICAgICAgY2RrLmF3c19jbG91ZHdhdGNoLkFsYXJtUnVsZS5mcm9tQWxhcm0oXG4gICAgICAgICAgICB0YXJnZXRDb25uZWN0aW9uRXJyb3JBbGFybSxcbiAgICAgICAgICAgIGNsb3Vkd2F0Y2guQWxhcm1TdGF0ZS5BTEFSTSxcbiAgICAgICAgICApLFxuICAgICAgICAgIGNkay5hd3NfY2xvdWR3YXRjaC5BbGFybVJ1bGUuZnJvbUFsYXJtKFxuICAgICAgICAgICAgaGVhbHRoQWxhcm0sXG4gICAgICAgICAgICBjbG91ZHdhdGNoLkFsYXJtU3RhdGUuQUxBUk0sXG4gICAgICAgICAgKSxcbiAgICAgICAgKSxcbiAgICAgICAgYWxhcm1EZXNjcmlwdGlvbjpcbiAgICAgICAgICBwcm9wcy50YXJnZXRIZWFsdGhBbGFybT8uZGVzY3JpcHRpb24gPz9cbiAgICAgICAgICBgVGhlIGxvYWQgYmFsYW5jZXIgaXMgZWl0aGVyIHJlY2VpdmluZyBiYWQgaGVhbHRoIGNoZWNrcyBmcm9tIG9yIGlzIHVuYWJsZSB0byBjb25uZWN0IHRvIHRhcmdldChzKSBpbiBFQ1Mgc2VydmljZSAnJHt0aGlzLnNlcnZpY2VOYW1lfSdgLFxuICAgICAgICBhY3Rpb25zRW5hYmxlZDogZmFsc2UsXG4gICAgICB9LFxuICAgIClcbiAgICBpZiAocHJvcHMudGFyZ2V0SGVhbHRoQWxhcm0/LmVuYWJsZWQgPz8gdHJ1ZSkge1xuICAgICAgdGFyZ2V0SGVhbHRoQWxhcm0uYWRkQWxhcm1BY3Rpb24oXG4gICAgICAgIHByb3BzLnRhcmdldEhlYWx0aEFsYXJtPy5hY3Rpb24gPz8gdGhpcy5hY3Rpb24sXG4gICAgICApXG4gICAgICB0YXJnZXRIZWFsdGhBbGFybS5hZGRPa0FjdGlvbihcbiAgICAgICAgcHJvcHMudGFyZ2V0SGVhbHRoQWxhcm0/LmFjdGlvbiA/PyB0aGlzLmFjdGlvbixcbiAgICAgIClcbiAgICB9XG5cbiAgICBjb25zdCB0b29NYW55NXh4UmVzcG9uc2VzRnJvbVRhcmdldHNBbGFybSA9IG5ldyBjbG91ZHdhdGNoLk1ldHJpYyh7XG4gICAgICBtZXRyaWNOYW1lOiBcIkhUVFBDb2RlX1RhcmdldF81WFhfQ291bnRcIixcbiAgICAgIG5hbWVzcGFjZTogXCJBV1MvQXBwbGljYXRpb25FTEJcIixcbiAgICAgIHN0YXRpc3RpYzogXCJTdW1cIixcbiAgICAgIHBlcmlvZDpcbiAgICAgICAgcHJvcHMudG9vTWFueTV4eFJlc3BvbnNlc0Zyb21UYXJnZXRzQWxhcm0/LnBlcmlvZCA/P1xuICAgICAgICBjZGsuRHVyYXRpb24uc2Vjb25kcyg2MCksXG4gICAgICBkaW1lbnNpb25zTWFwOiB7XG4gICAgICAgIFRhcmdldEdyb3VwOiBwcm9wcy50YXJnZXRHcm91cEZ1bGxOYW1lLFxuICAgICAgICBMb2FkQmFsYW5jZXI6IHByb3BzLmxvYWRCYWxhbmNlckZ1bGxOYW1lLFxuICAgICAgfSxcbiAgICB9KS5jcmVhdGVBbGFybSh0aGlzLCBcIkFsYlRhcmdldHM1eHhBbGFybVwiLCB7XG4gICAgICBhY3Rpb25zRW5hYmxlZDogdHJ1ZSxcbiAgICAgIGFsYXJtRGVzY3JpcHRpb246XG4gICAgICAgIHByb3BzLnRvb01hbnk1eHhSZXNwb25zZXNGcm9tVGFyZ2V0c0FsYXJtPy5kZXNjcmlwdGlvbiA/P1xuICAgICAgICBgTG9hZCBiYWxhbmNlciByZWNlaXZlZCB0b28gbWFueSA1WFggcmVzcG9uc2VzIGZyb20gdGFyZ2V0KHMpIGluIEVDUyBzZXJ2aWNlICcke3RoaXMuc2VydmljZU5hbWV9Jy5gLFxuICAgICAgZXZhbHVhdGlvblBlcmlvZHM6XG4gICAgICAgIHByb3BzLnRvb01hbnk1eHhSZXNwb25zZXNGcm9tVGFyZ2V0c0FsYXJtPy5ldmFsdWF0aW9uUGVyaW9kcyA/PyAzLFxuICAgICAgdGhyZXNob2xkOiBwcm9wcy50b29NYW55NXh4UmVzcG9uc2VzRnJvbVRhcmdldHNBbGFybT8udGhyZXNob2xkID8/IDEwLFxuICAgICAgdHJlYXRNaXNzaW5nRGF0YTogY2xvdWR3YXRjaC5UcmVhdE1pc3NpbmdEYXRhLk5PVF9CUkVBQ0hJTkcsXG4gICAgfSlcbiAgICBpZiAocHJvcHMudG9vTWFueTV4eFJlc3BvbnNlc0Zyb21UYXJnZXRzQWxhcm0/LmVuYWJsZWQgPz8gdHJ1ZSkge1xuICAgICAgdG9vTWFueTV4eFJlc3BvbnNlc0Zyb21UYXJnZXRzQWxhcm0uYWRkQWxhcm1BY3Rpb24oXG4gICAgICAgIHByb3BzLnRvb01hbnk1eHhSZXNwb25zZXNGcm9tVGFyZ2V0c0FsYXJtPy5hY3Rpb24gPz8gdGhpcy5hY3Rpb24sXG4gICAgICApXG4gICAgICB0b29NYW55NXh4UmVzcG9uc2VzRnJvbVRhcmdldHNBbGFybS5hZGRPa0FjdGlvbihcbiAgICAgICAgcHJvcHMudG9vTWFueTV4eFJlc3BvbnNlc0Zyb21UYXJnZXRzQWxhcm0/LmFjdGlvbiA/PyB0aGlzLmFjdGlvbixcbiAgICAgIClcbiAgICB9XG5cbiAgICBjb25zdCB0YXJnZXRSZXNwb25zZVRpbWVBbGFybSA9IG5ldyBjbG91ZHdhdGNoLk1ldHJpYyh7XG4gICAgICBtZXRyaWNOYW1lOiBcIlRhcmdldFJlc3BvbnNlVGltZVwiLFxuICAgICAgbmFtZXNwYWNlOiBcIkFXUy9BcHBsaWNhdGlvbkVMQlwiLFxuICAgICAgc3RhdGlzdGljOiBcInA5NVwiLFxuICAgICAgcGVyaW9kOiBwcm9wcy50YXJnZXRSZXNwb25zZVRpbWVBbGFybT8ucGVyaW9kID8/IGNkay5EdXJhdGlvbi5taW51dGVzKDUpLFxuICAgICAgZGltZW5zaW9uc01hcDoge1xuICAgICAgICBMb2FkQmFsYW5jZXI6IHByb3BzLmxvYWRCYWxhbmNlckZ1bGxOYW1lLFxuICAgICAgICBUYXJnZXRHcm91cDogcHJvcHMudGFyZ2V0R3JvdXBGdWxsTmFtZSxcbiAgICAgIH0sXG4gICAgfSkuY3JlYXRlQWxhcm0odGhpcywgXCJUYXJnZXRSZXNwb25zZVRpbWVBbGFybVwiLCB7XG4gICAgICBhbGFybURlc2NyaXB0aW9uOlxuICAgICAgICBwcm9wcy50YXJnZXRSZXNwb25zZVRpbWVBbGFybT8uZGVzY3JpcHRpb24gPz9cbiAgICAgICAgYDUlIG9mIHJlc3BvbnNlcyBmcm9tIEVDUyBzZXJ2aWNlICcke1xuICAgICAgICAgIHRoaXMuc2VydmljZU5hbWVcbiAgICAgICAgfScgYXJlIHRha2luZyBsb25nZXIgdGhhbiB0aGUgZXhwZWN0ZWQgZHVyYXRpb24gb2YgJHsoXG4gICAgICAgICAgcHJvcHMudGFyZ2V0UmVzcG9uc2VUaW1lQWxhcm0/LnRocmVzaG9sZCA/PyBjZGsuRHVyYXRpb24ubWlsbGlzKDUwMClcbiAgICAgICAgKS50b01pbGxpc2Vjb25kcygpfSBtcy5gLFxuICAgICAgY29tcGFyaXNvbk9wZXJhdG9yOiBjbG91ZHdhdGNoLkNvbXBhcmlzb25PcGVyYXRvci5HUkVBVEVSX1RIQU5fVEhSRVNIT0xELFxuICAgICAgZXZhbHVhdGlvblBlcmlvZHM6IHByb3BzLnRhcmdldFJlc3BvbnNlVGltZUFsYXJtPy5ldmFsdWF0aW9uUGVyaW9kcyA/PyAxLFxuICAgICAgdGhyZXNob2xkOiAoXG4gICAgICAgIHByb3BzLnRhcmdldFJlc3BvbnNlVGltZUFsYXJtPy50aHJlc2hvbGQgPz8gY2RrLkR1cmF0aW9uLm1pbGxpcyg1MDApXG4gICAgICApLnRvU2Vjb25kcyh7IGludGVncmFsOiBmYWxzZSB9KSxcbiAgICAgIHRyZWF0TWlzc2luZ0RhdGE6IGNsb3Vkd2F0Y2guVHJlYXRNaXNzaW5nRGF0YS5JR05PUkUsXG4gICAgfSlcbiAgICBpZiAocHJvcHMudGFyZ2V0UmVzcG9uc2VUaW1lQWxhcm0/LmVuYWJsZWQgPz8gdHJ1ZSkge1xuICAgICAgdGFyZ2V0UmVzcG9uc2VUaW1lQWxhcm0uYWRkQWxhcm1BY3Rpb24oXG4gICAgICAgIHByb3BzLnRhcmdldFJlc3BvbnNlVGltZUFsYXJtPy5hY3Rpb24gPz8gdGhpcy5hY3Rpb24sXG4gICAgICApXG4gICAgICB0YXJnZXRSZXNwb25zZVRpbWVBbGFybS5hZGRPa0FjdGlvbihcbiAgICAgICAgcHJvcHMudGFyZ2V0UmVzcG9uc2VUaW1lQWxhcm0/LmFjdGlvbiA/PyB0aGlzLmFjdGlvbixcbiAgICAgIClcbiAgICB9XG4gIH1cbn1cbiJdfQ==

package/lib/alarms/ses-alarms.d.ts

@@ -0,0 +1,67 @@
+import * as cdk from "aws-cdk-lib";
+import * as cloudwatch from "aws-cdk-lib/aws-cloudwatch";
+import * as constructs from "constructs";
+export interface SesAlarmsProps extends cdk.StackProps {
+    /**
+     * The default action to use for CloudWatch alarm state changes
+     */
+    action: cloudwatch.IAlarmAction;
+    /**
+     * Configuration for an alarm for high rate bounced messages.
+     *
+     * @default Configured with reasonable defaults.
+     */
+    bouncedMessagesAlarm?: {
+        /**
+         * @default true
+         */
+        enabled?: boolean;
+        /**
+         * An action to use for CloudWatch alarm state changes instead of the default action
+         */
+        action?: cloudwatch.IAlarmAction;
+        /**
+         * @default 10 minutes
+         */
+        period?: cdk.Duration;
+        /**
+         * Threshold value for alarm as a percent
+         * @default 2.5(%)
+         * 5% is the threshold at which AWS considers putting an account under review
+         */
+        threshold?: number;
+    };
+    /**
+     * Configuration for an alarm for high complaint rate.
+     *
+     * @default Configured with sane defaults.
+     */
+    complaintRateAlarm?: {
+        /**
+         * @default true
+         */
+        enabled?: boolean;
+        /**
+         * An action to use for CloudWatch alarm state changes instead of the default action
+         */
+        action?: cloudwatch.IAlarmAction;
+        /**
+         * @default 10 minutes
+         */
+        period?: cdk.Duration;
+        /**
+         * Threshold value for alarm as a percent
+         * @default 0.05(%)
+         * 0.10% is the threshold at which AWS considers putting an account under review
+         */
+        threshold?: number;
+    };
+}
+/**
+ *
+ * Construct that configures various sensible CloudWatch alarms for AWS SES
+ */
+export declare class SesAlarms extends constructs.Construct {
+    private readonly action;
+    constructor(scope: constructs.Construct, id: string, props: SesAlarmsProps);
+}

package/lib/alarms/ses-alarms.js

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SesAlarms = void 0;
+const cdk = require("aws-cdk-lib");
+const cloudwatch = require("aws-cdk-lib/aws-cloudwatch");
+const constructs = require("constructs");
+/**
+ *
+ * Construct that configures various sensible CloudWatch alarms for AWS SES
+ */
+class SesAlarms extends constructs.Construct {
+    constructor(scope, id, props) {
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t;
+        super(scope, id);
+        this.action = props.action;
+        const bouncedMessagesAlarm = new cloudwatch.Metric({
+            metricName: "Reputation.BounceRate",
+            namespace: "AWS/SES",
+            statistic: "Maximum",
+            period: (_b = (_a = props === null || props === void 0 ? void 0 : props.bouncedMessagesAlarm) === null || _a === void 0 ? void 0 : _a.period) !== null && _b !== void 0 ? _b : cdk.Duration.minutes(10),
+        }).createAlarm(this, "BouncedMessagesAlarm", {
+            alarmDescription: `The SES bounce rate is over ${(_d = (_c = props === null || props === void 0 ? void 0 : props.bouncedMessagesAlarm) === null || _c === void 0 ? void 0 : _c.threshold) !== null && _d !== void 0 ? _d : 2.5}%`,
+            comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+            evaluationPeriods: 1,
+            treatMissingData: cloudwatch.TreatMissingData.IGNORE,
+            threshold: ((_f = (_e = props === null || props === void 0 ? void 0 : props.bouncedMessagesAlarm) === null || _e === void 0 ? void 0 : _e.threshold) !== null && _f !== void 0 ? _f : 2.5) / 100,
+        });
+        if ((_h = (_g = props === null || props === void 0 ? void 0 : props.bouncedMessagesAlarm) === null || _g === void 0 ? void 0 : _g.enabled) !== null && _h !== void 0 ? _h : true) {
+            bouncedMessagesAlarm.addAlarmAction(((_j = props === null || props === void 0 ? void 0 : props.bouncedMessagesAlarm) === null || _j === void 0 ? void 0 : _j.action) || this.action);
+        }
+        const complaintMessagesAlarm = new cloudwatch.Metric({
+            metricName: "Reputation.ComplaintRate",
+            namespace: "AWS/SES",
+            statistic: "Maximum",
+            period: (_l = (_k = props === null || props === void 0 ? void 0 : props.complaintRateAlarm) === null || _k === void 0 ? void 0 : _k.period) !== null && _l !== void 0 ? _l : cdk.Duration.minutes(10),
+        }).createAlarm(this, "ComplaintMessagesAlarm", {
+            alarmDescription: `The SES complaint rate is over ${(_o = (_m = props === null || props === void 0 ? void 0 : props.complaintRateAlarm) === null || _m === void 0 ? void 0 : _m.threshold) !== null && _o !== void 0 ? _o : 0.05}%`,
+            comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+            evaluationPeriods: 1,
+            threshold: ((_q = (_p = props === null || props === void 0 ? void 0 : props.complaintRateAlarm) === null || _p === void 0 ? void 0 : _p.threshold) !== null && _q !== void 0 ? _q : 0.05) / 100,
+            treatMissingData: cloudwatch.TreatMissingData.IGNORE,
+        });
+        if ((_s = (_r = props === null || props === void 0 ? void 0 : props.complaintRateAlarm) === null || _r === void 0 ? void 0 : _r.enabled) !== null && _s !== void 0 ? _s : true) {
+            complaintMessagesAlarm.addAlarmAction(((_t = props === null || props === void 0 ? void 0 : props.complaintRateAlarm) === null || _t === void 0 ? void 0 : _t.action) || this.action);
+        }
+    }
+}
+exports.SesAlarms = SesAlarms;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VzLWFsYXJtcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9hbGFybXMvc2VzLWFsYXJtcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxtQ0FBa0M7QUFDbEMseURBQXdEO0FBQ3hELHlDQUF3QztBQTJEeEM7OztHQUdHO0FBQ0gsTUFBYSxTQUFVLFNBQVEsVUFBVSxDQUFDLFNBQVM7SUFHakQsWUFBWSxLQUEyQixFQUFFLEVBQVUsRUFBRSxLQUFxQjs7UUFDeEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQTtRQUVoQixJQUFJLENBQUMsTUFBTSxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUE7UUFFMUIsTUFBTSxvQkFBb0IsR0FBRyxJQUFJLFVBQVUsQ0FBQyxNQUFNLENBQUM7WUFDakQsVUFBVSxFQUFFLHVCQUF1QjtZQUNuQyxTQUFTLEVBQUUsU0FBUztZQUNwQixTQUFTLEVBQUUsU0FBUztZQUNwQixNQUFNLEVBQUUsTUFBQSxNQUFBLEtBQUssYUFBTCxLQUFLLHVCQUFMLEtBQUssQ0FBRSxvQkFBb0IsMENBQUUsTUFBTSxtQ0FBSSxHQUFHLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7U0FDeEUsQ0FBQyxDQUFDLFdBQVcsQ0FBQyxJQUFJLEVBQUUsc0JBQXNCLEVBQUU7WUFDM0MsZ0JBQWdCLEVBQUUsK0JBQ2hCLE1BQUEsTUFBQSxLQUFLLGFBQUwsS0FBSyx1QkFBTCxLQUFLLENBQUUsb0JBQW9CLDBDQUFFLFNBQVMsbUNBQUksR0FDNUMsR0FBRztZQUNILGtCQUFrQixFQUFFLFVBQVUsQ0FBQyxrQkFBa0IsQ0FBQyxzQkFBc0I7WUFDeEUsaUJBQWlCLEVBQUUsQ0FBQztZQUNwQixnQkFBZ0IsRUFBRSxVQUFVLENBQUMsZ0JBQWdCLENBQUMsTUFBTTtZQUNwRCxTQUFTLEVBQUUsQ0FBQyxNQUFBLE1BQUEsS0FBSyxhQUFMLEtBQUssdUJBQUwsS0FBSyxDQUFFLG9CQUFvQiwwQ0FBRSxTQUFTLG1DQUFJLEdBQUcsQ0FBQyxHQUFHLEdBQUc7U0FDakUsQ0FBQyxDQUFBO1FBRUYsSUFBSSxNQUFBLE1BQUEsS0FBSyxhQUFMLEtBQUssdUJBQUwsS0FBSyxDQUFFLG9CQUFvQiwwQ0FBRSxPQUFPLG1DQUFJLElBQUksRUFBRSxDQUFDO1lBQ2pELG9CQUFvQixDQUFDLGNBQWMsQ0FDakMsQ0FBQSxNQUFBLEtBQUssYUFBTCxLQUFLLHVCQUFMLEtBQUssQ0FBRSxvQkFBb0IsMENBQUUsTUFBTSxLQUFJLElBQUksQ0FBQyxNQUFNLENBQ25ELENBQUE7UUFDSCxDQUFDO1FBRUQsTUFBTSxzQkFBc0IsR0FBRyxJQUFJLFVBQVUsQ0FBQyxNQUFNLENBQUM7WUFDbkQsVUFBVSxFQUFFLDBCQUEwQjtZQUN0QyxTQUFTLEVBQUUsU0FBUztZQUNwQixTQUFTLEVBQUUsU0FBUztZQUNwQixNQUFNLEVBQUUsTUFBQSxNQUFBLEtBQUssYUFBTCxLQUFLLHVCQUFMLEtBQUssQ0FBRSxrQkFBa0IsMENBQUUsTUFBTSxtQ0FBSSxHQUFHLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7U0FDdEUsQ0FBQyxDQUFDLFdBQVcsQ0FBQyxJQUFJLEVBQUUsd0JBQXdCLEVBQUU7WUFDN0MsZ0JBQWdCLEVBQUUsa0NBQ2hCLE1BQUEsTUFBQSxLQUFLLGFBQUwsS0FBSyx1QkFBTCxLQUFLLENBQUUsa0JBQWtCLDBDQUFFLFNBQVMsbUNBQUksSUFDMUMsR0FBRztZQUNILGtCQUFrQixFQUFFLFVBQVUsQ0FBQyxrQkFBa0IsQ0FBQyxzQkFBc0I7WUFDeEUsaUJBQWlCLEVBQUUsQ0FBQztZQUNwQixTQUFTLEVBQUUsQ0FBQyxNQUFBLE1BQUEsS0FBSyxhQUFMLEtBQUssdUJBQUwsS0FBSyxDQUFFLGtCQUFrQiwwQ0FBRSxTQUFTLG1DQUFJLElBQUksQ0FBQyxHQUFHLEdBQUc7WUFDL0QsZ0JBQWdCLEVBQUUsVUFBVSxDQUFDLGdCQUFnQixDQUFDLE1BQU07U0FDckQsQ0FBQyxDQUFBO1FBRUYsSUFBSSxNQUFBLE1BQUEsS0FBSyxhQUFMLEtBQUssdUJBQUwsS0FBSyxDQUFFLGtCQUFrQiwwQ0FBRSxPQUFPLG1DQUFJLElBQUksRUFBRSxDQUFDO1lBQy9DLHNCQUFzQixDQUFDLGNBQWMsQ0FDbkMsQ0FBQSxNQUFBLEtBQUssYUFBTCxLQUFLLHVCQUFMLEtBQUssQ0FBRSxrQkFBa0IsMENBQUUsTUFBTSxLQUFJLElBQUksQ0FBQyxNQUFNLENBQ2pELENBQUE7UUFDSCxDQUFDO0lBQ0gsQ0FBQztDQUNGO0FBbERELDhCQWtEQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNkayBmcm9tIFwiYXdzLWNkay1saWJcIlxuaW1wb3J0ICogYXMgY2xvdWR3YXRjaCBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWNsb3Vkd2F0Y2hcIlxuaW1wb3J0ICogYXMgY29uc3RydWN0cyBmcm9tIFwiY29uc3RydWN0c1wiXG5cbmV4cG9ydCBpbnRlcmZhY2UgU2VzQWxhcm1zUHJvcHMgZXh0ZW5kcyBjZGsuU3RhY2tQcm9wcyB7XG4gIC8qKlxuICAgKiBUaGUgZGVmYXVsdCBhY3Rpb24gdG8gdXNlIGZvciBDbG91ZFdhdGNoIGFsYXJtIHN0YXRlIGNoYW5nZXNcbiAgICovXG4gIGFjdGlvbjogY2xvdWR3YXRjaC5JQWxhcm1BY3Rpb25cbiAgLyoqXG4gICAqIENvbmZpZ3VyYXRpb24gZm9yIGFuIGFsYXJtIGZvciBoaWdoIHJhdGUgYm91bmNlZCBtZXNzYWdlcy5cbiAgICpcbiAgICogQGRlZmF1bHQgQ29uZmlndXJlZCB3aXRoIHJlYXNvbmFibGUgZGVmYXVsdHMuXG4gICAqL1xuICBib3VuY2VkTWVzc2FnZXNBbGFybT86IHtcbiAgICAvKipcbiAgICAgKiBAZGVmYXVsdCB0cnVlXG4gICAgICovXG4gICAgZW5hYmxlZD86IGJvb2xlYW5cbiAgICAvKipcbiAgICAgKiBBbiBhY3Rpb24gdG8gdXNlIGZvciBDbG91ZFdhdGNoIGFsYXJtIHN0YXRlIGNoYW5nZXMgaW5zdGVhZCBvZiB0aGUgZGVmYXVsdCBhY3Rpb25cbiAgICAgKi9cbiAgICBhY3Rpb24/OiBjbG91ZHdhdGNoLklBbGFybUFjdGlvblxuICAgIC8qKlxuICAgICAqIEBkZWZhdWx0IDEwIG1pbnV0ZXNcbiAgICAgKi9cbiAgICBwZXJpb2Q/OiBjZGsuRHVyYXRpb25cbiAgICAvKipcbiAgICAgKiBUaHJlc2hvbGQgdmFsdWUgZm9yIGFsYXJtIGFzIGEgcGVyY2VudFxuICAgICAqIEBkZWZhdWx0IDIuNSglKVxuICAgICAqIDUlIGlzIHRoZSB0aHJlc2hvbGQgYXQgd2hpY2ggQVdTIGNvbnNpZGVycyBwdXR0aW5nIGFuIGFjY291bnQgdW5kZXIgcmV2aWV3XG4gICAgICovXG4gICAgdGhyZXNob2xkPzogbnVtYmVyXG4gIH1cbiAgLyoqXG4gICAqIENvbmZpZ3VyYXRpb24gZm9yIGFuIGFsYXJtIGZvciBoaWdoIGNvbXBsYWludCByYXRlLlxuICAgKlxuICAgKiBAZGVmYXVsdCBDb25maWd1cmVkIHdpdGggc2FuZSBkZWZhdWx0cy5cbiAgICovXG4gIGNvbXBsYWludFJhdGVBbGFybT86IHtcbiAgICAvKipcbiAgICAgKiBAZGVmYXVsdCB0cnVlXG4gICAgICovXG4gICAgZW5hYmxlZD86IGJvb2xlYW5cbiAgICAvKipcbiAgICAgKiBBbiBhY3Rpb24gdG8gdXNlIGZvciBDbG91ZFdhdGNoIGFsYXJtIHN0YXRlIGNoYW5nZXMgaW5zdGVhZCBvZiB0aGUgZGVmYXVsdCBhY3Rpb25cbiAgICAgKi9cbiAgICBhY3Rpb24/OiBjbG91ZHdhdGNoLklBbGFybUFjdGlvblxuICAgIC8qKlxuICAgICAqIEBkZWZhdWx0IDEwIG1pbnV0ZXNcbiAgICAgKi9cbiAgICBwZXJpb2Q/OiBjZGsuRHVyYXRpb25cbiAgICAvKipcbiAgICAgKiBUaHJlc2hvbGQgdmFsdWUgZm9yIGFsYXJtIGFzIGEgcGVyY2VudFxuICAgICAqIEBkZWZhdWx0IDAuMDUoJSlcbiAgICAgKiAwLjEwJSBpcyB0aGUgdGhyZXNob2xkIGF0IHdoaWNoIEFXUyBjb25zaWRlcnMgcHV0dGluZyBhbiBhY2NvdW50IHVuZGVyIHJldmlld1xuICAgICAqL1xuICAgIHRocmVzaG9sZD86IG51bWJlclxuICB9XG59XG5cbi8qKlxuICpcbiAqIENvbnN0cnVjdCB0aGF0IGNvbmZpZ3VyZXMgdmFyaW91cyBzZW5zaWJsZSBDbG91ZFdhdGNoIGFsYXJtcyBmb3IgQVdTIFNFU1xuICovXG5leHBvcnQgY2xhc3MgU2VzQWxhcm1zIGV4dGVuZHMgY29uc3RydWN0cy5Db25zdHJ1Y3Qge1xuICBwcml2YXRlIHJlYWRvbmx5IGFjdGlvbjogY2xvdWR3YXRjaC5JQWxhcm1BY3Rpb25cblxuICBjb25zdHJ1Y3RvcihzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBTZXNBbGFybXNQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZClcblxuICAgIHRoaXMuYWN0aW9uID0gcHJvcHMuYWN0aW9uXG5cbiAgICBjb25zdCBib3VuY2VkTWVzc2FnZXNBbGFybSA9IG5ldyBjbG91ZHdhdGNoLk1ldHJpYyh7XG4gICAgICBtZXRyaWNOYW1lOiBcIlJlcHV0YXRpb24uQm91bmNlUmF0ZVwiLFxuICAgICAgbmFtZXNwYWNlOiBcIkFXUy9TRVNcIixcbiAgICAgIHN0YXRpc3RpYzogXCJNYXhpbXVtXCIsXG4gICAgICBwZXJpb2Q6IHByb3BzPy5ib3VuY2VkTWVzc2FnZXNBbGFybT8ucGVyaW9kID8/IGNkay5EdXJhdGlvbi5taW51dGVzKDEwKSxcbiAgICB9KS5jcmVhdGVBbGFybSh0aGlzLCBcIkJvdW5jZWRNZXNzYWdlc0FsYXJtXCIsIHtcbiAgICAgIGFsYXJtRGVzY3JpcHRpb246IGBUaGUgU0VTIGJvdW5jZSByYXRlIGlzIG92ZXIgJHtcbiAgICAgICAgcHJvcHM/LmJvdW5jZWRNZXNzYWdlc0FsYXJtPy50aHJlc2hvbGQgPz8gMi41XG4gICAgICB9JWAsXG4gICAgICBjb21wYXJpc29uT3BlcmF0b3I6IGNsb3Vkd2F0Y2guQ29tcGFyaXNvbk9wZXJhdG9yLkdSRUFURVJfVEhBTl9USFJFU0hPTEQsXG4gICAgICBldmFsdWF0aW9uUGVyaW9kczogMSxcbiAgICAgIHRyZWF0TWlzc2luZ0RhdGE6IGNsb3Vkd2F0Y2guVHJlYXRNaXNzaW5nRGF0YS5JR05PUkUsXG4gICAgICB0aHJlc2hvbGQ6IChwcm9wcz8uYm91bmNlZE1lc3NhZ2VzQWxhcm0/LnRocmVzaG9sZCA/PyAyLjUpIC8gMTAwLFxuICAgIH0pXG5cbiAgICBpZiAocHJvcHM/LmJvdW5jZWRNZXNzYWdlc0FsYXJtPy5lbmFibGVkID8/IHRydWUpIHtcbiAgICAgIGJvdW5jZWRNZXNzYWdlc0FsYXJtLmFkZEFsYXJtQWN0aW9uKFxuICAgICAgICBwcm9wcz8uYm91bmNlZE1lc3NhZ2VzQWxhcm0/LmFjdGlvbiB8fCB0aGlzLmFjdGlvbixcbiAgICAgIClcbiAgICB9XG5cbiAgICBjb25zdCBjb21wbGFpbnRNZXNzYWdlc0FsYXJtID0gbmV3IGNsb3Vkd2F0Y2guTWV0cmljKHtcbiAgICAgIG1ldHJpY05hbWU6IFwiUmVwdXRhdGlvbi5Db21wbGFpbnRSYXRlXCIsXG4gICAgICBuYW1lc3BhY2U6IFwiQVdTL1NFU1wiLFxuICAgICAgc3RhdGlzdGljOiBcIk1heGltdW1cIixcbiAgICAgIHBlcmlvZDogcHJvcHM/LmNvbXBsYWludFJhdGVBbGFybT8ucGVyaW9kID8/IGNkay5EdXJhdGlvbi5taW51dGVzKDEwKSxcbiAgICB9KS5jcmVhdGVBbGFybSh0aGlzLCBcIkNvbXBsYWludE1lc3NhZ2VzQWxhcm1cIiwge1xuICAgICAgYWxhcm1EZXNjcmlwdGlvbjogYFRoZSBTRVMgY29tcGxhaW50IHJhdGUgaXMgb3ZlciAke1xuICAgICAgICBwcm9wcz8uY29tcGxhaW50UmF0ZUFsYXJtPy50aHJlc2hvbGQgPz8gMC4wNVxuICAgICAgfSVgLFxuICAgICAgY29tcGFyaXNvbk9wZXJhdG9yOiBjbG91ZHdhdGNoLkNvbXBhcmlzb25PcGVyYXRvci5HUkVBVEVSX1RIQU5fVEhSRVNIT0xELFxuICAgICAgZXZhbHVhdGlvblBlcmlvZHM6IDEsXG4gICAgICB0aHJlc2hvbGQ6IChwcm9wcz8uY29tcGxhaW50UmF0ZUFsYXJtPy50aHJlc2hvbGQgPz8gMC4wNSkgLyAxMDAsXG4gICAgICB0cmVhdE1pc3NpbmdEYXRhOiBjbG91ZHdhdGNoLlRyZWF0TWlzc2luZ0RhdGEuSUdOT1JFLFxuICAgIH0pXG5cbiAgICBpZiAocHJvcHM/LmNvbXBsYWludFJhdGVBbGFybT8uZW5hYmxlZCA/PyB0cnVlKSB7XG4gICAgICBjb21wbGFpbnRNZXNzYWdlc0FsYXJtLmFkZEFsYXJtQWN0aW9uKFxuICAgICAgICBwcm9wcz8uY29tcGxhaW50UmF0ZUFsYXJtPy5hY3Rpb24gfHwgdGhpcy5hY3Rpb24sXG4gICAgICApXG4gICAgfVxuICB9XG59XG4iXX0=

package/lib/alarms/slack-alarm.d.ts

@@ -0,0 +1,25 @@
+import * as constructs from "constructs";
+import * as cloudwatchActions from "aws-cdk-lib/aws-cloudwatch-actions";
+import * as sns from "aws-cdk-lib/aws-sns";
+import * as secretsmanager from "aws-cdk-lib/aws-secretsmanager";
+export interface SlackAlarmProps {
+    projectName: string;
+    envName: string;
+    /**
+     * A plaintext secret containing the URL of a Slack incoming webhook.
+     * The webhook should be created through a Slack app, and only allows posting to one specific Slack channel.
+     * See Slack's official documentation (e.g., https://api.slack.com/messaging/webhooks) for more details.
+     *
+     * NOTE: Incoming webhooks created through legacy custom integrations in Slack are not supported.
+     */
+    slackWebhookUrlSecret: secretsmanager.ISecret;
+}
+/**
+ * SNS Topic that can be used to action alarms, with a Lambda
+ * that will send a message to Slack for the alarm.
+ */
+export declare class SlackAlarm extends constructs.Construct {
+    readonly alarmTopic: sns.Topic;
+    readonly snsAction: cloudwatchActions.SnsAction;
+    constructor(scope: constructs.Construct, id: string, props: SlackAlarmProps);
+}

package/lib/alarms/slack-alarm.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SlackAlarm = void 0;
+const constructs = require("constructs");
+const cloudwatchActions = require("aws-cdk-lib/aws-cloudwatch-actions");
+const iam = require("aws-cdk-lib/aws-iam");
+const lambda = require("aws-cdk-lib/aws-lambda");
+const sns = require("aws-cdk-lib/aws-sns");
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const path = require("path");
+/**
+ * SNS Topic that can be used to action alarms, with a Lambda
+ * that will send a message to Slack for the alarm.
+ */
+class SlackAlarm extends constructs.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.alarmTopic = new sns.Topic(this, "Topic");
+        this.snsAction = new cloudwatchActions.SnsAction(this.alarmTopic);
+        const slackLambda = new lambda.Function(this, "Function", {
+            code: lambda.Code.fromAsset(path.join(__dirname, "../../assets/slack-alarm-lambda")),
+            description: "Receives CloudWatch Alarms through SNS and sends a formatted version to Slack",
+            handler: "index.handler",
+            memorySize: 128,
+            runtime: lambda.Runtime.PYTHON_3_11,
+            timeout: aws_cdk_lib_1.Duration.seconds(6),
+            environment: {
+                SLACK_URL_SECRET_NAME: props.slackWebhookUrlSecret.secretName,
+                PROJECT_NAME: props.projectName,
+                ENVIRONMENT_NAME: props.envName,
+            },
+        });
+        props.slackWebhookUrlSecret.grantRead(slackLambda);
+        slackLambda.addPermission("InvokePermission", {
+            action: "lambda:InvokeFunction",
+            principal: new iam.ServicePrincipal("sns.amazonaws.com"),
+            sourceArn: this.alarmTopic.topicArn,
+        });
+        new sns.Subscription(this, "Subscription", {
+            endpoint: slackLambda.functionArn,
+            protocol: sns.SubscriptionProtocol.LAMBDA,
+            topic: this.alarmTopic,
+        });
+    }
+}
+exports.SlackAlarm = SlackAlarm;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2xhY2stYWxhcm0uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvYWxhcm1zL3NsYWNrLWFsYXJtLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHlDQUF3QztBQUN4Qyx3RUFBdUU7QUFDdkUsMkNBQTBDO0FBQzFDLGlEQUFnRDtBQUNoRCwyQ0FBMEM7QUFDMUMsNkNBQXNDO0FBQ3RDLDZCQUE0QjtBQWdCNUI7OztHQUdHO0FBQ0gsTUFBYSxVQUFXLFNBQVEsVUFBVSxDQUFDLFNBQVM7SUFJbEQsWUFBWSxLQUEyQixFQUFFLEVBQVUsRUFBRSxLQUFzQjtRQUN6RSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFBO1FBRWhCLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxHQUFHLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQTtRQUU5QyxJQUFJLENBQUMsU0FBUyxHQUFHLElBQUksaUJBQWlCLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQTtRQUVqRSxNQUFNLFdBQVcsR0FBRyxJQUFJLE1BQU0sQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRTtZQUN4RCxJQUFJLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQ3pCLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLGlDQUFpQyxDQUFDLENBQ3hEO1lBQ0QsV0FBVyxFQUNULCtFQUErRTtZQUNqRixPQUFPLEVBQUUsZUFBZTtZQUN4QixVQUFVLEVBQUUsR0FBRztZQUNmLE9BQU8sRUFBRSxNQUFNLENBQUMsT0FBTyxDQUFDLFdBQVc7WUFDbkMsT0FBTyxFQUFFLHNCQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUM1QixXQUFXLEVBQUU7Z0JBQ1gscUJBQXFCLEVBQUUsS0FBSyxDQUFDLHFCQUFxQixDQUFDLFVBQVU7Z0JBQzdELFlBQVksRUFBRSxLQUFLLENBQUMsV0FBVztnQkFDL0IsZ0JBQWdCLEVBQUUsS0FBSyxDQUFDLE9BQU87YUFDaEM7U0FDRixDQUFDLENBQUE7UUFFRixLQUFLLENBQUMscUJBQXFCLENBQUMsU0FBUyxDQUFDLFdBQVcsQ0FBQyxDQUFBO1FBRWxELFdBQVcsQ0FBQyxhQUFhLENBQUMsa0JBQWtCLEVBQUU7WUFDNUMsTUFBTSxFQUFFLHVCQUF1QjtZQUMvQixTQUFTLEVBQUUsSUFBSSxHQUFHLENBQUMsZ0JBQWdCLENBQUMsbUJBQW1CLENBQUM7WUFDeEQsU0FBUyxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUTtTQUNwQyxDQUFDLENBQUE7UUFFRixJQUFJLEdBQUcsQ0FBQyxZQUFZLENBQUMsSUFBSSxFQUFFLGNBQWMsRUFBRTtZQUN6QyxRQUFRLEVBQUUsV0FBVyxDQUFDLFdBQVc7WUFDakMsUUFBUSxFQUFFLEdBQUcsQ0FBQyxvQkFBb0IsQ0FBQyxNQUFNO1lBQ3pDLEtBQUssRUFBRSxJQUFJLENBQUMsVUFBVTtTQUN2QixDQUFDLENBQUE7SUFDSixDQUFDO0NBQ0Y7QUExQ0QsZ0NBMENDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY29uc3RydWN0cyBmcm9tIFwiY29uc3RydWN0c1wiXG5pbXBvcnQgKiBhcyBjbG91ZHdhdGNoQWN0aW9ucyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWNsb3Vkd2F0Y2gtYWN0aW9uc1wiXG5pbXBvcnQgKiBhcyBpYW0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIlxuaW1wb3J0ICogYXMgbGFtYmRhIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtbGFtYmRhXCJcbmltcG9ydCAqIGFzIHNucyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXNuc1wiXG5pbXBvcnQgeyBEdXJhdGlvbiB9IGZyb20gXCJhd3MtY2RrLWxpYlwiXG5pbXBvcnQgKiBhcyBwYXRoIGZyb20gXCJwYXRoXCJcbmltcG9ydCAqIGFzIHNlY3JldHNtYW5hZ2VyIGZyb20gXCJhd3MtY2RrLWxpYi9hd3Mtc2VjcmV0c21hbmFnZXJcIlxuXG5leHBvcnQgaW50ZXJmYWNlIFNsYWNrQWxhcm1Qcm9wcyB7XG4gIHByb2plY3ROYW1lOiBzdHJpbmdcbiAgZW52TmFtZTogc3RyaW5nXG4gIC8qKlxuICAgKiBBIHBsYWludGV4dCBzZWNyZXQgY29udGFpbmluZyB0aGUgVVJMIG9mIGEgU2xhY2sgaW5jb21pbmcgd2ViaG9vay5cbiAgICogVGhlIHdlYmhvb2sgc2hvdWxkIGJlIGNyZWF0ZWQgdGhyb3VnaCBhIFNsYWNrIGFwcCwgYW5kIG9ubHkgYWxsb3dzIHBvc3RpbmcgdG8gb25lIHNwZWNpZmljIFNsYWNrIGNoYW5uZWwuXG4gICAqIFNlZSBTbGFjaydzIG9mZmljaWFsIGRvY3VtZW50YXRpb24gKGUuZy4sIGh0dHBzOi8vYXBpLnNsYWNrLmNvbS9tZXNzYWdpbmcvd2ViaG9va3MpIGZvciBtb3JlIGRldGFpbHMuXG4gICAqXG4gICAqIE5PVEU6IEluY29taW5nIHdlYmhvb2tzIGNyZWF0ZWQgdGhyb3VnaCBsZWdhY3kgY3VzdG9tIGludGVncmF0aW9ucyBpbiBTbGFjayBhcmUgbm90IHN1cHBvcnRlZC5cbiAgICovXG4gIHNsYWNrV2ViaG9va1VybFNlY3JldDogc2VjcmV0c21hbmFnZXIuSVNlY3JldFxufVxuXG4vKipcbiAqIFNOUyBUb3BpYyB0aGF0IGNhbiBiZSB1c2VkIHRvIGFjdGlvbiBhbGFybXMsIHdpdGggYSBMYW1iZGFcbiAqIHRoYXQgd2lsbCBzZW5kIGEgbWVzc2FnZSB0byBTbGFjayBmb3IgdGhlIGFsYXJtLlxuICovXG5leHBvcnQgY2xhc3MgU2xhY2tBbGFybSBleHRlbmRzIGNvbnN0cnVjdHMuQ29uc3RydWN0IHtcbiAgcHVibGljIHJlYWRvbmx5IGFsYXJtVG9waWM6IHNucy5Ub3BpY1xuICBwdWJsaWMgcmVhZG9ubHkgc25zQWN0aW9uOiBjbG91ZHdhdGNoQWN0aW9ucy5TbnNBY3Rpb25cblxuICBjb25zdHJ1Y3RvcihzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBTbGFja0FsYXJtUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpXG5cbiAgICB0aGlzLmFsYXJtVG9waWMgPSBuZXcgc25zLlRvcGljKHRoaXMsIFwiVG9waWNcIilcblxuICAgIHRoaXMuc25zQWN0aW9uID0gbmV3IGNsb3Vkd2F0Y2hBY3Rpb25zLlNuc0FjdGlvbih0aGlzLmFsYXJtVG9waWMpXG5cbiAgICBjb25zdCBzbGFja0xhbWJkYSA9IG5ldyBsYW1iZGEuRnVuY3Rpb24odGhpcywgXCJGdW5jdGlvblwiLCB7XG4gICAgICBjb2RlOiBsYW1iZGEuQ29kZS5mcm9tQXNzZXQoXG4gICAgICAgIHBhdGguam9pbihfX2Rpcm5hbWUsIFwiLi4vLi4vYXNzZXRzL3NsYWNrLWFsYXJtLWxhbWJkYVwiKSxcbiAgICAgICksXG4gICAgICBkZXNjcmlwdGlvbjpcbiAgICAgICAgXCJSZWNlaXZlcyBDbG91ZFdhdGNoIEFsYXJtcyB0aHJvdWdoIFNOUyBhbmQgc2VuZHMgYSBmb3JtYXR0ZWQgdmVyc2lvbiB0byBTbGFja1wiLFxuICAgICAgaGFuZGxlcjogXCJpbmRleC5oYW5kbGVyXCIsXG4gICAgICBtZW1vcnlTaXplOiAxMjgsXG4gICAgICBydW50aW1lOiBsYW1iZGEuUnVudGltZS5QWVRIT05fM18xMSxcbiAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLnNlY29uZHMoNiksXG4gICAgICBlbnZpcm9ubWVudDoge1xuICAgICAgICBTTEFDS19VUkxfU0VDUkVUX05BTUU6IHByb3BzLnNsYWNrV2ViaG9va1VybFNlY3JldC5zZWNyZXROYW1lLFxuICAgICAgICBQUk9KRUNUX05BTUU6IHByb3BzLnByb2plY3ROYW1lLFxuICAgICAgICBFTlZJUk9OTUVOVF9OQU1FOiBwcm9wcy5lbnZOYW1lLFxuICAgICAgfSxcbiAgICB9KVxuXG4gICAgcHJvcHMuc2xhY2tXZWJob29rVXJsU2VjcmV0LmdyYW50UmVhZChzbGFja0xhbWJkYSlcblxuICAgIHNsYWNrTGFtYmRhLmFkZFBlcm1pc3Npb24oXCJJbnZva2VQZXJtaXNzaW9uXCIsIHtcbiAgICAgIGFjdGlvbjogXCJsYW1iZGE6SW52b2tlRnVuY3Rpb25cIixcbiAgICAgIHByaW5jaXBhbDogbmV3IGlhbS5TZXJ2aWNlUHJpbmNpcGFsKFwic25zLmFtYXpvbmF3cy5jb21cIiksXG4gICAgICBzb3VyY2VBcm46IHRoaXMuYWxhcm1Ub3BpYy50b3BpY0FybixcbiAgICB9KVxuXG4gICAgbmV3IHNucy5TdWJzY3JpcHRpb24odGhpcywgXCJTdWJzY3JpcHRpb25cIiwge1xuICAgICAgZW5kcG9pbnQ6IHNsYWNrTGFtYmRhLmZ1bmN0aW9uQXJuLFxuICAgICAgcHJvdG9jb2w6IHNucy5TdWJzY3JpcHRpb25Qcm90b2NvbC5MQU1CREEsXG4gICAgICB0b3BpYzogdGhpcy5hbGFybVRvcGljLFxuICAgIH0pXG4gIH1cbn1cbiJdfQ==

package/lib/bastion-host.d.ts

@@ -0,0 +1,41 @@
+import * as constructs from "constructs";
+import * as ec2 from "aws-cdk-lib/aws-ec2";
+interface Props {
+    vpc: ec2.IVpc;
+    /**
+     * The security group used for the EC2 instance.
+     *
+     * @default - a security group will be created
+     */
+    securityGroup?: ec2.ISecurityGroup;
+    /**
+     * The subnets to place the bastion host.
+     *
+     * Note that if placed inside private subnet, the VPC must have
+     * VPC endpoints to access relevant AWS services for Systems Manager
+     * to work in order to be able to connect to the instance.
+     *
+     * See https://aws.amazon.com/premiumsupport/knowledge-center/ec2-systems-manager-vpc-endpoints/
+     *
+     * @default - public subnets
+     */
+    subnetSelection?: ec2.SubnetSelection;
+}
+/**
+ * This creates a EC2 bastion host that can be used to connect
+ * to database instances and other internal resources.
+ *
+ * The instance is supposed to have no open ingress ports, and users
+ * are supposed to connect only through SSM Session Manager.
+ *
+ * The resources that the bastion host should be allowed to access
+ * must have the bastion host security group as allowed ingress.
+ *
+ * For more internal details, see
+ * https://confluence.capraconsulting.no/x/q8UBC
+ */
+export declare class BastionHost extends constructs.Construct {
+    readonly securityGroup: ec2.ISecurityGroup;
+    constructor(scope: constructs.Construct, id: string, props: Props);
+}
+export {};