@liflig/cdk 2.18.5 → 2.18.6

package/lib/ecs-update-image/start-deploy-handler.js

@@ -0,0 +1,104 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startDeployHandler = void 0;
+// This function is inline-compiled for the lambda.
+// It must be self-contained.
+const startDeployHandler = async (event) => {
+    const AWS = require("aws-sdk");
+    const ecs = new AWS.ECS();
+    const sm = new AWS.SecretsManager();
+    function requireEnv(name) {
+        const value = process.env[name];
+        if (value === undefined) {
+            throw new Error(`Missing ${name}`);
+        }
+        return value;
+    }
+    async function getService(clusterName, serviceName) {
+        var _a;
+        const services = await ecs
+            .describeServices({
+            cluster: clusterName,
+            services: [serviceName],
+        })
+            .promise();
+        if (((_a = services.services) === null || _a === void 0 ? void 0 : _a.length) !== 1) {
+            throw new Error(`Service not found: ${clusterName}/${serviceName}`);
+        }
+        return services.services[0];
+    }
+    async function getTaskDefinition(taskDefinition) {
+        return (await ecs
+            .describeTaskDefinition({
+            taskDefinition: taskDefinition,
+        })
+            .promise()).taskDefinition;
+    }
+    async function updateServiceToImage(clusterName, serviceName, image) {
+        console.log(`Cluster name: ${clusterName}`);
+        console.log(`Service name: ${serviceName}`);
+        const service = await getService(clusterName, serviceName);
+        const prevTaskDefinition = await getTaskDefinition(service.taskDefinition);
+        // Don't bother updating the service if the image is already the latest.
+        const prevImage = prevTaskDefinition.containerDefinitions[0].image;
+        if (prevImage === image) {
+            return;
+        }
+        console.log(`Updating image for service '${serviceName}' from '${prevImage}' to '${image}'`);
+        const exclude = [
+            "registeredAt",
+            "registeredBy",
+            "compatibilities",
+            "requiresAttributes",
+            "revision",
+            "status",
+            "taskDefinitionArn",
+        ];
+        const updatedSpec = {
+            ...Object.fromEntries(Object.entries(prevTaskDefinition).filter(([key]) => !exclude.includes(key))),
+            containerDefinitions: [
+                {
+                    ...prevTaskDefinition.containerDefinitions[0],
+                    image,
+                },
+            ],
+        };
+        const updatedTaskDefinition = (await ecs.registerTaskDefinition(updatedSpec).promise()).taskDefinition;
+        await ecs
+            .updateService({
+            cluster: clusterName,
+            service: serviceName,
+            taskDefinition: updatedTaskDefinition.taskDefinitionArn,
+        })
+            .promise();
+        console.log("Service is updated");
+    }
+    const clusterName = requireEnv("CLUSTER_NAME");
+    const serviceName = requireEnv("SERVICE_NAME");
+    const repositoryUrl = requireEnv("REPOSITORY_URL");
+    const ecrTagSecretArn = requireEnv("ECR_TAG_SECRET_ARN");
+    // Validate the input.
+    if (typeof event.tag !== "string") {
+        throw new Error("Input invalid: " + JSON.stringify(event, undefined, "  "));
+    }
+    // Register tag as current target.
+    // This is needed so that CloudFormation deployments, e.g.
+    // updates to the Task Definition, will use the same image.
+    await sm
+        .updateSecret({
+        SecretId: ecrTagSecretArn,
+        SecretString: JSON.stringify({
+            tag: event.tag,
+        }),
+    })
+        .promise();
+    // Update the service if we know the service name. This is unknown
+    // during initial deployment of the stack.
+    if (serviceName !== "") {
+        const image = `${repositoryUrl}:${event.tag}`;
+        await updateServiceToImage(clusterName, serviceName, image);
+    }
+    return {};
+};
+exports.startDeployHandler = startDeployHandler;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhcnQtZGVwbG95LWhhbmRsZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZWNzLXVwZGF0ZS1pbWFnZS9zdGFydC1kZXBsb3ktaGFuZGxlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFhQSxtREFBbUQ7QUFDbkQsNkJBQTZCO0FBQ3RCLE1BQU0sa0JBQWtCLEdBQW9DLEtBQUssRUFDdEUsS0FBSyxFQUNMLEVBQUU7SUFDRixNQUFNLEdBQUcsR0FBRyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUE7SUFDOUIsTUFBTSxHQUFHLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFjLENBQUE7SUFDckMsTUFBTSxFQUFFLEdBQUcsSUFBSSxHQUFHLENBQUMsY0FBYyxFQUF5QixDQUFBO0lBRTFELFNBQVMsVUFBVSxDQUFDLElBQVk7UUFDOUIsTUFBTSxLQUFLLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQTtRQUMvQixJQUFJLEtBQUssS0FBSyxTQUFTLEVBQUUsQ0FBQztZQUN4QixNQUFNLElBQUksS0FBSyxDQUFDLFdBQVcsSUFBSSxFQUFFLENBQUMsQ0FBQTtRQUNwQyxDQUFDO1FBQ0QsT0FBTyxLQUFLLENBQUE7SUFDZCxDQUFDO0lBRUQsS0FBSyxVQUFVLFVBQVUsQ0FDdkIsV0FBbUIsRUFDbkIsV0FBbUI7O1FBRW5CLE1BQU0sUUFBUSxHQUFHLE1BQU0sR0FBRzthQUN2QixnQkFBZ0IsQ0FBQztZQUNoQixPQUFPLEVBQUUsV0FBVztZQUNwQixRQUFRLEVBQUUsQ0FBQyxXQUFXLENBQUM7U0FDeEIsQ0FBQzthQUNELE9BQU8sRUFBRSxDQUFBO1FBRVosSUFBSSxDQUFBLE1BQUEsUUFBUSxDQUFDLFFBQVEsMENBQUUsTUFBTSxNQUFLLENBQUMsRUFBRSxDQUFDO1lBQ3BDLE1BQU0sSUFBSSxLQUFLLENBQUMsc0JBQXNCLFdBQVcsSUFBSSxXQUFXLEVBQUUsQ0FBQyxDQUFBO1FBQ3JFLENBQUM7UUFFRCxPQUFPLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUE7SUFDN0IsQ0FBQztJQUVELEtBQUssVUFBVSxpQkFBaUIsQ0FDOUIsY0FBc0I7UUFFdEIsT0FBTyxDQUNMLE1BQU0sR0FBRzthQUNOLHNCQUFzQixDQUFDO1lBQ3RCLGNBQWMsRUFBRSxjQUFjO1NBQy9CLENBQUM7YUFDRCxPQUFPLEVBQUUsQ0FDYixDQUFDLGNBQWUsQ0FBQTtJQUNuQixDQUFDO0lBRUQsS0FBSyxVQUFVLG9CQUFvQixDQUNqQyxXQUFtQixFQUNuQixXQUFtQixFQUNuQixLQUFhO1FBRWIsT0FBTyxDQUFDLEdBQUcsQ0FBQyxpQkFBaUIsV0FBVyxFQUFFLENBQUMsQ0FBQTtRQUMzQyxPQUFPLENBQUMsR0FBRyxDQUFDLGlCQUFpQixXQUFXLEVBQUUsQ0FBQyxDQUFBO1FBRTNDLE1BQU0sT0FBTyxHQUFHLE1BQU0sVUFBVSxDQUFDLFdBQVcsRUFBRSxXQUFXLENBQUMsQ0FBQTtRQUMxRCxNQUFNLGtCQUFrQixHQUFHLE1BQU0saUJBQWlCLENBQUMsT0FBTyxDQUFDLGNBQWUsQ0FBQyxDQUFBO1FBRTNFLHdFQUF3RTtRQUN4RSxNQUFNLFNBQVMsR0FBRyxrQkFBa0IsQ0FBQyxvQkFBcUIsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFNLENBQUE7UUFDcEUsSUFBSSxTQUFTLEtBQUssS0FBSyxFQUFFLENBQUM7WUFDeEIsT0FBTTtRQUNSLENBQUM7UUFFRCxPQUFPLENBQUMsR0FBRyxDQUNULCtCQUErQixXQUFXLFdBQVcsU0FBUyxTQUFTLEtBQUssR0FBRyxDQUNoRixDQUFBO1FBRUQsTUFBTSxPQUFPLEdBQUc7WUFDZCxjQUFjO1lBQ2QsY0FBYztZQUNkLGlCQUFpQjtZQUNqQixvQkFBb0I7WUFDcEIsVUFBVTtZQUNWLFFBQVE7WUFDUixtQkFBbUI7U0FDcEIsQ0FBQTtRQUVELE1BQU0sV0FBVyxHQUFrQztZQUNqRCxHQUFHLE1BQU0sQ0FBQyxXQUFXLENBQ25CLE1BQU0sQ0FBQyxPQUFPLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxNQUFNLENBQ3ZDLENBQUMsQ0FBQyxHQUFHLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUNsQyxDQUNGO1lBQ0Qsb0JBQW9CLEVBQUU7Z0JBQ3BCO29CQUNFLEdBQUcsa0JBQWtCLENBQUMsb0JBQXFCLENBQUMsQ0FBQyxDQUFDO29CQUM5QyxLQUFLO2lCQUNOO2FBQ0Y7U0FDK0IsQ0FBQTtRQUVsQyxNQUFNLHFCQUFxQixHQUFHLENBQzVCLE1BQU0sR0FBRyxDQUFDLHNCQUFzQixDQUFDLFdBQVcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUN4RCxDQUFDLGNBQWUsQ0FBQTtRQUVqQixNQUFNLEdBQUc7YUFDTixhQUFhLENBQUM7WUFDYixPQUFPLEVBQUUsV0FBVztZQUNwQixPQUFPLEVBQUUsV0FBVztZQUNwQixjQUFjLEVBQUUscUJBQXFCLENBQUMsaUJBQWlCO1NBQ3hELENBQUM7YUFDRCxPQUFPLEVBQUUsQ0FBQTtRQUVaLE9BQU8sQ0FBQyxHQUFHLENBQUMsb0JBQW9CLENBQUMsQ0FBQTtJQUNuQyxDQUFDO0lBRUQsTUFBTSxXQUFXLEdBQUcsVUFBVSxDQUFDLGNBQWMsQ0FBQyxDQUFBO0lBQzlDLE1BQU0sV0FBVyxHQUFHLFVBQVUsQ0FBQyxjQUFjLENBQUMsQ0FBQTtJQUM5QyxNQUFNLGFBQWEsR0FBRyxVQUFVLENBQUMsZ0JBQWdCLENBQUMsQ0FBQTtJQUNsRCxNQUFNLGVBQWUsR0FBRyxVQUFVLENBQUMsb0JBQW9CLENBQUMsQ0FBQTtJQUV4RCxzQkFBc0I7SUFDdEIsSUFBSSxPQUFPLEtBQUssQ0FBQyxHQUFHLEtBQUssUUFBUSxFQUFFLENBQUM7UUFDbEMsTUFBTSxJQUFJLEtBQUssQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQTtJQUM3RSxDQUFDO0lBRUQsa0NBQWtDO0lBQ2xDLDBEQUEwRDtJQUMxRCwyREFBMkQ7SUFDM0QsTUFBTSxFQUFFO1NBQ0wsWUFBWSxDQUFDO1FBQ1osUUFBUSxFQUFFLGVBQWU7UUFDekIsWUFBWSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUM7WUFDM0IsR0FBRyxFQUFFLEtBQUssQ0FBQyxHQUFHO1NBQ2YsQ0FBQztLQUNILENBQUM7U0FDRCxPQUFPLEVBQUUsQ0FBQTtJQUVaLGtFQUFrRTtJQUNsRSwwQ0FBMEM7SUFDMUMsSUFBSSxXQUFXLEtBQUssRUFBRSxFQUFFLENBQUM7UUFDdkIsTUFBTSxLQUFLLEdBQUcsR0FBRyxhQUFhLElBQUksS0FBSyxDQUFDLEdBQUcsRUFBRSxDQUFBO1FBQzdDLE1BQU0sb0JBQW9CLENBQUMsV0FBVyxFQUFFLFdBQVcsRUFBRSxLQUFLLENBQUMsQ0FBQTtJQUM3RCxDQUFDO0lBRUQsT0FBTyxFQUFFLENBQUE7QUFDWCxDQUFDLENBQUE7QUF2SVksUUFBQSxrQkFBa0Isc0JBdUk5QiIsInNvdXJjZXNDb250ZW50IjpbIi8qIGVzbGludC1kaXNhYmxlIEB0eXBlc2NyaXB0LWVzbGludC9uby11bnNhZmUtYXNzaWdubWVudCAqL1xuLyogZXNsaW50LWRpc2FibGUgQHR5cGVzY3JpcHQtZXNsaW50L25vLXVuc2FmZS1jYWxsICovXG4vKiBlc2xpbnQtZGlzYWJsZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tdW5zYWZlLW1lbWJlci1hY2Nlc3MgKi9cbi8qIGVzbGludC1kaXNhYmxlIEB0eXBlc2NyaXB0LWVzbGludC9uby11bnNhZmUtcmV0dXJuICovXG4vKiBlc2xpbnQtZGlzYWJsZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tdmFyLXJlcXVpcmVzICovXG5pbXBvcnQgdHlwZSB7IEhhbmRsZXIgfSBmcm9tIFwiYXdzLWxhbWJkYVwiXG5pbXBvcnQgdHlwZSAqIGFzIF9BV1MgZnJvbSBcImF3cy1zZGtcIlxuaW1wb3J0IHsgUmVnaXN0ZXJUYXNrRGVmaW5pdGlvblJlcXVlc3QgfSBmcm9tIFwiYXdzLXNkay9jbGllbnRzL2Vjc1wiXG5cbmludGVyZmFjZSBFeHBlY3RlZElucHV0IHtcbiAgdGFnOiBzdHJpbmdcbn1cblxuLy8gVGhpcyBmdW5jdGlvbiBpcyBpbmxpbmUtY29tcGlsZWQgZm9yIHRoZSBsYW1iZGEuXG4vLyBJdCBtdXN0IGJlIHNlbGYtY29udGFpbmVkLlxuZXhwb3J0IGNvbnN0IHN0YXJ0RGVwbG95SGFuZGxlcjogSGFuZGxlcjxQYXJ0aWFsPEV4cGVjdGVkSW5wdXQ+PiA9IGFzeW5jIChcbiAgZXZlbnQsXG4pID0+IHtcbiAgY29uc3QgQVdTID0gcmVxdWlyZShcImF3cy1zZGtcIilcbiAgY29uc3QgZWNzID0gbmV3IEFXUy5FQ1MoKSBhcyBfQVdTLkVDU1xuICBjb25zdCBzbSA9IG5ldyBBV1MuU2VjcmV0c01hbmFnZXIoKSBhcyBfQVdTLlNlY3JldHNNYW5hZ2VyXG5cbiAgZnVuY3Rpb24gcmVxdWlyZUVudihuYW1lOiBzdHJpbmcpOiBzdHJpbmcge1xuICAgIGNvbnN0IHZhbHVlID0gcHJvY2Vzcy5lbnZbbmFtZV1cbiAgICBpZiAodmFsdWUgPT09IHVuZGVmaW5lZCkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBNaXNzaW5nICR7bmFtZX1gKVxuICAgIH1cbiAgICByZXR1cm4gdmFsdWVcbiAgfVxuXG4gIGFzeW5jIGZ1bmN0aW9uIGdldFNlcnZpY2UoXG4gICAgY2x1c3Rlck5hbWU6IHN0cmluZyxcbiAgICBzZXJ2aWNlTmFtZTogc3RyaW5nLFxuICApOiBQcm9taXNlPEFXUy5FQ1MuU2VydmljZT4ge1xuICAgIGNvbnN0IHNlcnZpY2VzID0gYXdhaXQgZWNzXG4gICAgICAuZGVzY3JpYmVTZXJ2aWNlcyh7XG4gICAgICAgIGNsdXN0ZXI6IGNsdXN0ZXJOYW1lLFxuICAgICAgICBzZXJ2aWNlczogW3NlcnZpY2VOYW1lXSxcbiAgICAgIH0pXG4gICAgICAucHJvbWlzZSgpXG5cbiAgICBpZiAoc2VydmljZXMuc2VydmljZXM/Lmxlbmd0aCAhPT0gMSkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBTZXJ2aWNlIG5vdCBmb3VuZDogJHtjbHVzdGVyTmFtZX0vJHtzZXJ2aWNlTmFtZX1gKVxuICAgIH1cblxuICAgIHJldHVybiBzZXJ2aWNlcy5zZXJ2aWNlc1swXVxuICB9XG5cbiAgYXN5bmMgZnVuY3Rpb24gZ2V0VGFza0RlZmluaXRpb24oXG4gICAgdGFza0RlZmluaXRpb246IHN0cmluZyxcbiAgKTogUHJvbWlzZTxBV1MuRUNTLlRhc2tEZWZpbml0aW9uPiB7XG4gICAgcmV0dXJuIChcbiAgICAgIGF3YWl0IGVjc1xuICAgICAgICAuZGVzY3JpYmVUYXNrRGVmaW5pdGlvbih7XG4gICAgICAgICAgdGFza0RlZmluaXRpb246IHRhc2tEZWZpbml0aW9uLFxuICAgICAgICB9KVxuICAgICAgICAucHJvbWlzZSgpXG4gICAgKS50YXNrRGVmaW5pdGlvbiFcbiAgfVxuXG4gIGFzeW5jIGZ1bmN0aW9uIHVwZGF0ZVNlcnZpY2VUb0ltYWdlKFxuICAgIGNsdXN0ZXJOYW1lOiBzdHJpbmcsXG4gICAgc2VydmljZU5hbWU6IHN0cmluZyxcbiAgICBpbWFnZTogc3RyaW5nLFxuICApIHtcbiAgICBjb25zb2xlLmxvZyhgQ2x1c3RlciBuYW1lOiAke2NsdXN0ZXJOYW1lfWApXG4gICAgY29uc29sZS5sb2coYFNlcnZpY2UgbmFtZTogJHtzZXJ2aWNlTmFtZX1gKVxuXG4gICAgY29uc3Qgc2VydmljZSA9IGF3YWl0IGdldFNlcnZpY2UoY2x1c3Rlck5hbWUsIHNlcnZpY2VOYW1lKVxuICAgIGNvbnN0IHByZXZUYXNrRGVmaW5pdGlvbiA9IGF3YWl0IGdldFRhc2tEZWZpbml0aW9uKHNlcnZpY2UudGFza0RlZmluaXRpb24hKVxuXG4gICAgLy8gRG9uJ3QgYm90aGVyIHVwZGF0aW5nIHRoZSBzZXJ2aWNlIGlmIHRoZSBpbWFnZSBpcyBhbHJlYWR5IHRoZSBsYXRlc3QuXG4gICAgY29uc3QgcHJldkltYWdlID0gcHJldlRhc2tEZWZpbml0aW9uLmNvbnRhaW5lckRlZmluaXRpb25zIVswXS5pbWFnZSFcbiAgICBpZiAocHJldkltYWdlID09PSBpbWFnZSkge1xuICAgICAgcmV0dXJuXG4gICAgfVxuXG4gICAgY29uc29sZS5sb2coXG4gICAgICBgVXBkYXRpbmcgaW1hZ2UgZm9yIHNlcnZpY2UgJyR7c2VydmljZU5hbWV9JyBmcm9tICcke3ByZXZJbWFnZX0nIHRvICcke2ltYWdlfSdgLFxuICAgIClcblxuICAgIGNvbnN0IGV4Y2x1ZGUgPSBbXG4gICAgICBcInJlZ2lzdGVyZWRBdFwiLFxuICAgICAgXCJyZWdpc3RlcmVkQnlcIixcbiAgICAgIFwiY29tcGF0aWJpbGl0aWVzXCIsXG4gICAgICBcInJlcXVpcmVzQXR0cmlidXRlc1wiLFxuICAgICAgXCJyZXZpc2lvblwiLFxuICAgICAgXCJzdGF0dXNcIixcbiAgICAgIFwidGFza0RlZmluaXRpb25Bcm5cIixcbiAgICBdXG5cbiAgICBjb25zdCB1cGRhdGVkU3BlYzogUmVnaXN0ZXJUYXNrRGVmaW5pdGlvblJlcXVlc3QgPSB7XG4gICAgICAuLi5PYmplY3QuZnJvbUVudHJpZXMoXG4gICAgICAgIE9iamVjdC5lbnRyaWVzKHByZXZUYXNrRGVmaW5pdGlvbikuZmlsdGVyKFxuICAgICAgICAgIChba2V5XSkgPT4gIWV4Y2x1ZGUuaW5jbHVkZXMoa2V5KSxcbiAgICAgICAgKSxcbiAgICAgICksXG4gICAgICBjb250YWluZXJEZWZpbml0aW9uczogW1xuICAgICAgICB7XG4gICAgICAgICAgLi4ucHJldlRhc2tEZWZpbml0aW9uLmNvbnRhaW5lckRlZmluaXRpb25zIVswXSxcbiAgICAgICAgICBpbWFnZSxcbiAgICAgICAgfSxcbiAgICAgIF0sXG4gICAgfSBhcyBSZWdpc3RlclRhc2tEZWZpbml0aW9uUmVxdWVzdFxuXG4gICAgY29uc3QgdXBkYXRlZFRhc2tEZWZpbml0aW9uID0gKFxuICAgICAgYXdhaXQgZWNzLnJlZ2lzdGVyVGFza0RlZmluaXRpb24odXBkYXRlZFNwZWMpLnByb21pc2UoKVxuICAgICkudGFza0RlZmluaXRpb24hXG5cbiAgICBhd2FpdCBlY3NcbiAgICAgIC51cGRhdGVTZXJ2aWNlKHtcbiAgICAgICAgY2x1c3RlcjogY2x1c3Rlck5hbWUsXG4gICAgICAgIHNlcnZpY2U6IHNlcnZpY2VOYW1lLFxuICAgICAgICB0YXNrRGVmaW5pdGlvbjogdXBkYXRlZFRhc2tEZWZpbml0aW9uLnRhc2tEZWZpbml0aW9uQXJuLFxuICAgICAgfSlcbiAgICAgIC5wcm9taXNlKClcblxuICAgIGNvbnNvbGUubG9nKFwiU2VydmljZSBpcyB1cGRhdGVkXCIpXG4gIH1cblxuICBjb25zdCBjbHVzdGVyTmFtZSA9IHJlcXVpcmVFbnYoXCJDTFVTVEVSX05BTUVcIilcbiAgY29uc3Qgc2VydmljZU5hbWUgPSByZXF1aXJlRW52KFwiU0VSVklDRV9OQU1FXCIpXG4gIGNvbnN0IHJlcG9zaXRvcnlVcmwgPSByZXF1aXJlRW52KFwiUkVQT1NJVE9SWV9VUkxcIilcbiAgY29uc3QgZWNyVGFnU2VjcmV0QXJuID0gcmVxdWlyZUVudihcIkVDUl9UQUdfU0VDUkVUX0FSTlwiKVxuXG4gIC8vIFZhbGlkYXRlIHRoZSBpbnB1dC5cbiAgaWYgKHR5cGVvZiBldmVudC50YWcgIT09IFwic3RyaW5nXCIpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoXCJJbnB1dCBpbnZhbGlkOiBcIiArIEpTT04uc3RyaW5naWZ5KGV2ZW50LCB1bmRlZmluZWQsIFwiICBcIikpXG4gIH1cblxuICAvLyBSZWdpc3RlciB0YWcgYXMgY3VycmVudCB0YXJnZXQuXG4gIC8vIFRoaXMgaXMgbmVlZGVkIHNvIHRoYXQgQ2xvdWRGb3JtYXRpb24gZGVwbG95bWVudHMsIGUuZy5cbiAgLy8gdXBkYXRlcyB0byB0aGUgVGFzayBEZWZpbml0aW9uLCB3aWxsIHVzZSB0aGUgc2FtZSBpbWFnZS5cbiAgYXdhaXQgc21cbiAgICAudXBkYXRlU2VjcmV0KHtcbiAgICAgIFNlY3JldElkOiBlY3JUYWdTZWNyZXRBcm4sXG4gICAgICBTZWNyZXRTdHJpbmc6IEpTT04uc3RyaW5naWZ5KHtcbiAgICAgICAgdGFnOiBldmVudC50YWcsXG4gICAgICB9KSxcbiAgICB9KVxuICAgIC5wcm9taXNlKClcblxuICAvLyBVcGRhdGUgdGhlIHNlcnZpY2UgaWYgd2Uga25vdyB0aGUgc2VydmljZSBuYW1lLiBUaGlzIGlzIHVua25vd25cbiAgLy8gZHVyaW5nIGluaXRpYWwgZGVwbG95bWVudCBvZiB0aGUgc3RhY2suXG4gIGlmIChzZXJ2aWNlTmFtZSAhPT0gXCJcIikge1xuICAgIGNvbnN0IGltYWdlID0gYCR7cmVwb3NpdG9yeVVybH06JHtldmVudC50YWd9YFxuICAgIGF3YWl0IHVwZGF0ZVNlcnZpY2VUb0ltYWdlKGNsdXN0ZXJOYW1lLCBzZXJ2aWNlTmFtZSwgaW1hZ2UpXG4gIH1cblxuICByZXR1cm4ge31cbn1cbiJdfQ==

package/lib/ecs-update-image/status-handler.d.ts

@@ -0,0 +1,11 @@
+import type { Handler } from "aws-lambda";
+interface Response {
+    /**
+     * The tag is unknown when the stack is not yet fully set up
+     * during initial account/service deployment.
+     */
+    currentTag: string | null;
+    stabilized: boolean;
+}
+export declare const statusHandler: Handler<unknown, Response>;
+export {};

package/lib/ecs-update-image/status-handler.js

@@ -0,0 +1,74 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.statusHandler = void 0;
+// This function is inline-compiled for the lambda.
+// It must be self-contained.
+const statusHandler = async () => {
+    var _a;
+    const AWS = require("aws-sdk");
+    const ecs = new AWS.ECS();
+    function requireEnv(name) {
+        const value = process.env[name];
+        if (value === undefined) {
+            throw new Error(`Missing ${name}`);
+        }
+        return value;
+    }
+    async function getService(clusterName, serviceName) {
+        var _a;
+        const services = await ecs
+            .describeServices({
+            cluster: clusterName,
+            services: [serviceName],
+        })
+            .promise();
+        if (((_a = services.services) === null || _a === void 0 ? void 0 : _a.length) !== 1) {
+            throw new Error(`Service not found: ${clusterName}/${serviceName}`);
+        }
+        return services.services[0];
+    }
+    async function getTaskDefinition(taskDefinition) {
+        return (await ecs
+            .describeTaskDefinition({
+            taskDefinition: taskDefinition,
+        })
+            .promise()).taskDefinition;
+    }
+    /**
+     * Check if the service is considered to be stabilized.
+     *
+     * Uses the logic described at
+     * https://docs.aws.amazon.com/cli/latest/reference/ecs/wait/services-stable.html
+     */
+    function isStabilized(service) {
+        var _a;
+        return (((_a = service.deployments) === null || _a === void 0 ? void 0 : _a.length) == 1 &&
+            service.runningCount == service.desiredCount);
+    }
+    function extractTag(image) {
+        if (!image.includes(":")) {
+            return null;
+        }
+        return image.replace(/.*:/, "");
+    }
+    const clusterName = requireEnv("CLUSTER_NAME");
+    const serviceName = requireEnv("SERVICE_NAME");
+    // The service name is unknown during initial deployment of the stack.
+    // In this case we return stabilized status as true.
+    if (serviceName === "") {
+        return {
+            currentTag: null,
+            stabilized: true,
+        };
+    }
+    const service = await getService(clusterName, serviceName);
+    const mainDeployment = (_a = service.deployments) === null || _a === void 0 ? void 0 : _a.find((it) => it.status === "PRIMARY");
+    const taskDefinition = await getTaskDefinition(mainDeployment.taskDefinition);
+    // Only one container is supported for the task definition.
+    return {
+        currentTag: extractTag(taskDefinition.containerDefinitions[0].image),
+        stabilized: isStabilized(service),
+    };
+};
+exports.statusHandler = statusHandler;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdHVzLWhhbmRsZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZWNzLXVwZGF0ZS1pbWFnZS9zdGF0dXMtaGFuZGxlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFnQkEsbURBQW1EO0FBQ25ELDZCQUE2QjtBQUN0QixNQUFNLGFBQWEsR0FBK0IsS0FBSyxJQUFJLEVBQUU7O0lBQ2xFLE1BQU0sR0FBRyxHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQTtJQUM5QixNQUFNLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxHQUFHLEVBQWMsQ0FBQTtJQUVyQyxTQUFTLFVBQVUsQ0FBQyxJQUFZO1FBQzlCLE1BQU0sS0FBSyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUE7UUFDL0IsSUFBSSxLQUFLLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDeEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxXQUFXLElBQUksRUFBRSxDQUFDLENBQUE7UUFDcEMsQ0FBQztRQUNELE9BQU8sS0FBSyxDQUFBO0lBQ2QsQ0FBQztJQUVELEtBQUssVUFBVSxVQUFVLENBQ3ZCLFdBQW1CLEVBQ25CLFdBQW1COztRQUVuQixNQUFNLFFBQVEsR0FBRyxNQUFNLEdBQUc7YUFDdkIsZ0JBQWdCLENBQUM7WUFDaEIsT0FBTyxFQUFFLFdBQVc7WUFDcEIsUUFBUSxFQUFFLENBQUMsV0FBVyxDQUFDO1NBQ3hCLENBQUM7YUFDRCxPQUFPLEVBQUUsQ0FBQTtRQUVaLElBQUksQ0FBQSxNQUFBLFFBQVEsQ0FBQyxRQUFRLDBDQUFFLE1BQU0sTUFBSyxDQUFDLEVBQUUsQ0FBQztZQUNwQyxNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQixXQUFXLElBQUksV0FBVyxFQUFFLENBQUMsQ0FBQTtRQUNyRSxDQUFDO1FBRUQsT0FBTyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFBO0lBQzdCLENBQUM7SUFFRCxLQUFLLFVBQVUsaUJBQWlCLENBQzlCLGNBQXNCO1FBRXRCLE9BQU8sQ0FDTCxNQUFNLEdBQUc7YUFDTixzQkFBc0IsQ0FBQztZQUN0QixjQUFjLEVBQUUsY0FBYztTQUMvQixDQUFDO2FBQ0QsT0FBTyxFQUFFLENBQ2IsQ0FBQyxjQUFlLENBQUE7SUFDbkIsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0gsU0FBUyxZQUFZLENBQUMsT0FBd0I7O1FBQzVDLE9BQU8sQ0FDTCxDQUFBLE1BQUEsT0FBTyxDQUFDLFdBQVcsMENBQUUsTUFBTSxLQUFJLENBQUM7WUFDaEMsT0FBTyxDQUFDLFlBQVksSUFBSSxPQUFPLENBQUMsWUFBWSxDQUM3QyxDQUFBO0lBQ0gsQ0FBQztJQUVELFNBQVMsVUFBVSxDQUFDLEtBQWE7UUFDL0IsSUFBSSxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN6QixPQUFPLElBQUksQ0FBQTtRQUNiLENBQUM7UUFDRCxPQUFPLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFBO0lBQ2pDLENBQUM7SUFFRCxNQUFNLFdBQVcsR0FBRyxVQUFVLENBQUMsY0FBYyxDQUFDLENBQUE7SUFDOUMsTUFBTSxXQUFXLEdBQUcsVUFBVSxDQUFDLGNBQWMsQ0FBQyxDQUFBO0lBRTlDLHNFQUFzRTtJQUN0RSxvREFBb0Q7SUFDcEQsSUFBSSxXQUFXLEtBQUssRUFBRSxFQUFFLENBQUM7UUFDdkIsT0FBTztZQUNMLFVBQVUsRUFBRSxJQUFJO1lBQ2hCLFVBQVUsRUFBRSxJQUFJO1NBQ2pCLENBQUE7SUFDSCxDQUFDO0lBRUQsTUFBTSxPQUFPLEdBQUcsTUFBTSxVQUFVLENBQUMsV0FBVyxFQUFFLFdBQVcsQ0FBQyxDQUFBO0lBQzFELE1BQU0sY0FBYyxHQUFHLE1BQUEsT0FBTyxDQUFDLFdBQVcsMENBQUUsSUFBSSxDQUM5QyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsRUFBRSxDQUFDLE1BQU0sS0FBSyxTQUFTLENBQ2hDLENBQUE7SUFFRCxNQUFNLGNBQWMsR0FBRyxNQUFNLGlCQUFpQixDQUM1QyxjQUFlLENBQUMsY0FBZSxDQUNoQyxDQUFBO0lBRUQsMkRBQTJEO0lBRTNELE9BQU87UUFDTCxVQUFVLEVBQUUsVUFBVSxDQUFDLGNBQWMsQ0FBQyxvQkFBcUIsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFNLENBQUM7UUFDdEUsVUFBVSxFQUFFLFlBQVksQ0FBQyxPQUFPLENBQUM7S0FDbEMsQ0FBQTtBQUNILENBQUMsQ0FBQTtBQXpGWSxRQUFBLGFBQWEsaUJBeUZ6QiIsInNvdXJjZXNDb250ZW50IjpbIi8qIGVzbGludC1kaXNhYmxlIEB0eXBlc2NyaXB0LWVzbGludC9uby11bnNhZmUtYXNzaWdubWVudCAqL1xuLyogZXNsaW50LWRpc2FibGUgQHR5cGVzY3JpcHQtZXNsaW50L25vLXVuc2FmZS1jYWxsICovXG4vKiBlc2xpbnQtZGlzYWJsZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tdW5zYWZlLW1lbWJlci1hY2Nlc3MgKi9cbi8qIGVzbGludC1kaXNhYmxlIEB0eXBlc2NyaXB0LWVzbGludC9uby12YXItcmVxdWlyZXMgKi9cbmltcG9ydCB0eXBlIHsgSGFuZGxlciB9IGZyb20gXCJhd3MtbGFtYmRhXCJcbmltcG9ydCB0eXBlICogYXMgX0FXUyBmcm9tIFwiYXdzLXNka1wiXG5cbmludGVyZmFjZSBSZXNwb25zZSB7XG4gIC8qKlxuICAgKiBUaGUgdGFnIGlzIHVua25vd24gd2hlbiB0aGUgc3RhY2sgaXMgbm90IHlldCBmdWxseSBzZXQgdXBcbiAgICogZHVyaW5nIGluaXRpYWwgYWNjb3VudC9zZXJ2aWNlIGRlcGxveW1lbnQuXG4gICAqL1xuICBjdXJyZW50VGFnOiBzdHJpbmcgfCBudWxsXG4gIHN0YWJpbGl6ZWQ6IGJvb2xlYW5cbn1cblxuLy8gVGhpcyBmdW5jdGlvbiBpcyBpbmxpbmUtY29tcGlsZWQgZm9yIHRoZSBsYW1iZGEuXG4vLyBJdCBtdXN0IGJlIHNlbGYtY29udGFpbmVkLlxuZXhwb3J0IGNvbnN0IHN0YXR1c0hhbmRsZXI6IEhhbmRsZXI8dW5rbm93biwgUmVzcG9uc2U+ID0gYXN5bmMgKCkgPT4ge1xuICBjb25zdCBBV1MgPSByZXF1aXJlKFwiYXdzLXNka1wiKVxuICBjb25zdCBlY3MgPSBuZXcgQVdTLkVDUygpIGFzIF9BV1MuRUNTXG5cbiAgZnVuY3Rpb24gcmVxdWlyZUVudihuYW1lOiBzdHJpbmcpOiBzdHJpbmcge1xuICAgIGNvbnN0IHZhbHVlID0gcHJvY2Vzcy5lbnZbbmFtZV1cbiAgICBpZiAodmFsdWUgPT09IHVuZGVmaW5lZCkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBNaXNzaW5nICR7bmFtZX1gKVxuICAgIH1cbiAgICByZXR1cm4gdmFsdWVcbiAgfVxuXG4gIGFzeW5jIGZ1bmN0aW9uIGdldFNlcnZpY2UoXG4gICAgY2x1c3Rlck5hbWU6IHN0cmluZyxcbiAgICBzZXJ2aWNlTmFtZTogc3RyaW5nLFxuICApOiBQcm9taXNlPEFXUy5FQ1MuU2VydmljZT4ge1xuICAgIGNvbnN0IHNlcnZpY2VzID0gYXdhaXQgZWNzXG4gICAgICAuZGVzY3JpYmVTZXJ2aWNlcyh7XG4gICAgICAgIGNsdXN0ZXI6IGNsdXN0ZXJOYW1lLFxuICAgICAgICBzZXJ2aWNlczogW3NlcnZpY2VOYW1lXSxcbiAgICAgIH0pXG4gICAgICAucHJvbWlzZSgpXG5cbiAgICBpZiAoc2VydmljZXMuc2VydmljZXM/Lmxlbmd0aCAhPT0gMSkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBTZXJ2aWNlIG5vdCBmb3VuZDogJHtjbHVzdGVyTmFtZX0vJHtzZXJ2aWNlTmFtZX1gKVxuICAgIH1cblxuICAgIHJldHVybiBzZXJ2aWNlcy5zZXJ2aWNlc1swXVxuICB9XG5cbiAgYXN5bmMgZnVuY3Rpb24gZ2V0VGFza0RlZmluaXRpb24oXG4gICAgdGFza0RlZmluaXRpb246IHN0cmluZyxcbiAgKTogUHJvbWlzZTxBV1MuRUNTLlRhc2tEZWZpbml0aW9uPiB7XG4gICAgcmV0dXJuIChcbiAgICAgIGF3YWl0IGVjc1xuICAgICAgICAuZGVzY3JpYmVUYXNrRGVmaW5pdGlvbih7XG4gICAgICAgICAgdGFza0RlZmluaXRpb246IHRhc2tEZWZpbml0aW9uLFxuICAgICAgICB9KVxuICAgICAgICAucHJvbWlzZSgpXG4gICAgKS50YXNrRGVmaW5pdGlvbiFcbiAgfVxuXG4gIC8qKlxuICAgKiBDaGVjayBpZiB0aGUgc2VydmljZSBpcyBjb25zaWRlcmVkIHRvIGJlIHN0YWJpbGl6ZWQuXG4gICAqXG4gICAqIFVzZXMgdGhlIGxvZ2ljIGRlc2NyaWJlZCBhdFxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vY2xpL2xhdGVzdC9yZWZlcmVuY2UvZWNzL3dhaXQvc2VydmljZXMtc3RhYmxlLmh0bWxcbiAgICovXG4gIGZ1bmN0aW9uIGlzU3RhYmlsaXplZChzZXJ2aWNlOiBBV1MuRUNTLlNlcnZpY2UpOiBib29sZWFuIHtcbiAgICByZXR1cm4gKFxuICAgICAgc2VydmljZS5kZXBsb3ltZW50cz8ubGVuZ3RoID09IDEgJiZcbiAgICAgIHNlcnZpY2UucnVubmluZ0NvdW50ID09IHNlcnZpY2UuZGVzaXJlZENvdW50XG4gICAgKVxuICB9XG5cbiAgZnVuY3Rpb24gZXh0cmFjdFRhZyhpbWFnZTogc3RyaW5nKTogc3RyaW5nIHwgbnVsbCB7XG4gICAgaWYgKCFpbWFnZS5pbmNsdWRlcyhcIjpcIikpIHtcbiAgICAgIHJldHVybiBudWxsXG4gICAgfVxuICAgIHJldHVybiBpbWFnZS5yZXBsYWNlKC8uKjovLCBcIlwiKVxuICB9XG5cbiAgY29uc3QgY2x1c3Rlck5hbWUgPSByZXF1aXJlRW52KFwiQ0xVU1RFUl9OQU1FXCIpXG4gIGNvbnN0IHNlcnZpY2VOYW1lID0gcmVxdWlyZUVudihcIlNFUlZJQ0VfTkFNRVwiKVxuXG4gIC8vIFRoZSBzZXJ2aWNlIG5hbWUgaXMgdW5rbm93biBkdXJpbmcgaW5pdGlhbCBkZXBsb3ltZW50IG9mIHRoZSBzdGFjay5cbiAgLy8gSW4gdGhpcyBjYXNlIHdlIHJldHVybiBzdGFiaWxpemVkIHN0YXR1cyBhcyB0cnVlLlxuICBpZiAoc2VydmljZU5hbWUgPT09IFwiXCIpIHtcbiAgICByZXR1cm4ge1xuICAgICAgY3VycmVudFRhZzogbnVsbCxcbiAgICAgIHN0YWJpbGl6ZWQ6IHRydWUsXG4gICAgfVxuICB9XG5cbiAgY29uc3Qgc2VydmljZSA9IGF3YWl0IGdldFNlcnZpY2UoY2x1c3Rlck5hbWUsIHNlcnZpY2VOYW1lKVxuICBjb25zdCBtYWluRGVwbG95bWVudCA9IHNlcnZpY2UuZGVwbG95bWVudHM/LmZpbmQoXG4gICAgKGl0KSA9PiBpdC5zdGF0dXMgPT09IFwiUFJJTUFSWVwiLFxuICApXG5cbiAgY29uc3QgdGFza0RlZmluaXRpb24gPSBhd2FpdCBnZXRUYXNrRGVmaW5pdGlvbihcbiAgICBtYWluRGVwbG95bWVudCEudGFza0RlZmluaXRpb24hLFxuICApXG5cbiAgLy8gT25seSBvbmUgY29udGFpbmVyIGlzIHN1cHBvcnRlZCBmb3IgdGhlIHRhc2sgZGVmaW5pdGlvbi5cblxuICByZXR1cm4ge1xuICAgIGN1cnJlbnRUYWc6IGV4dHJhY3RUYWcodGFza0RlZmluaXRpb24uY29udGFpbmVyRGVmaW5pdGlvbnMhWzBdLmltYWdlISksXG4gICAgc3RhYmlsaXplZDogaXNTdGFiaWxpemVkKHNlcnZpY2UpLFxuICB9XG59XG4iXX0=

package/lib/ecs-update-image/tag.d.ts

@@ -0,0 +1,47 @@
+import * as constructs from "constructs";
+import * as iam from "aws-cdk-lib/aws-iam";
+import { EcsUpdateImageArtifactStatus } from "./artifact-status";
+interface Props {
+    artifactStatus: EcsUpdateImageArtifactStatus;
+    secretName: string;
+}
+/**
+ * Container used for holding the current ECR tag for a ECS service.
+ *
+ * Since we are deploying our ECS services from both CloudFormation
+ * (by having the TaskDefinition defined), as well as directly from
+ * our CD pipeline by UpdateService call to ECS, we need to ensure
+ * the referenced ECR image is kept in sync.
+ *
+ * To do this we use a container to hold the current ECR tag. This
+ * is then looked up during deployment from CloudFormation, and
+ * when deploying from CD pipeline it is updated before UpdateService
+ * call.
+ *
+ * A secret is used as it can be dynamically resolved as part of the
+ * CloudFormation template.
+ *
+ * We do not keep any default value for the container, as that might
+ * lead us to later deploy a very old version of the build. It is
+ * better if the deployment fails in this scenario. If this happens
+ * the stack update will fail with:
+ *
+ *   Could not find a value associated with JSONKey in SecretString
+ */
+export declare class EcsUpdateImageTag extends constructs.Construct {
+    private readonly secret;
+    private readonly artifactStatus;
+    readonly secretArn: string;
+    constructor(scope: constructs.Construct, id: string, props: Props);
+    grantUpdate(grantee: iam.IGrantable): iam.Grant;
+    /**
+     * A CloudFormation dynamic reference that will be resolved
+     * during deployment.
+     *
+     * If we have not yet flagged the artifact as deployed,
+     * we do not allow resolving the value. See the documentation
+     * of {@link EcsUpdateImageArtifactStatus}.
+     */
+    getEcrTag(): string | null;
+}
+export {};

package/lib/ecs-update-image/tag.js

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EcsUpdateImageTag = void 0;
+const constructs = require("constructs");
+const iam = require("aws-cdk-lib/aws-iam");
+const secretsmanager = require("aws-cdk-lib/aws-secretsmanager");
+/**
+ * Container used for holding the current ECR tag for a ECS service.
+ *
+ * Since we are deploying our ECS services from both CloudFormation
+ * (by having the TaskDefinition defined), as well as directly from
+ * our CD pipeline by UpdateService call to ECS, we need to ensure
+ * the referenced ECR image is kept in sync.
+ *
+ * To do this we use a container to hold the current ECR tag. This
+ * is then looked up during deployment from CloudFormation, and
+ * when deploying from CD pipeline it is updated before UpdateService
+ * call.
+ *
+ * A secret is used as it can be dynamically resolved as part of the
+ * CloudFormation template.
+ *
+ * We do not keep any default value for the container, as that might
+ * lead us to later deploy a very old version of the build. It is
+ * better if the deployment fails in this scenario. If this happens
+ * the stack update will fail with:
+ *
+ *   Could not find a value associated with JSONKey in SecretString
+ */
+class EcsUpdateImageTag extends constructs.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.artifactStatus = props.artifactStatus;
+        this.secret = new secretsmanager.Secret(this, "Secret", {
+            secretName: props.secretName,
+            generateSecretString: {
+                // Do not modify this, as it would cause the secret to regenerate.
+                secretStringTemplate: "{}",
+                generateStringKey: "unusedField",
+            },
+        });
+        this.secretArn = this.secret.secretArn;
+    }
+    grantUpdate(grantee) {
+        return iam.Grant.addToPrincipal({
+            grantee,
+            actions: ["secretsmanager:UpdateSecret"],
+            resourceArns: [this.secretArn],
+        });
+    }
+    /**
+     * A CloudFormation dynamic reference that will be resolved
+     * during deployment.
+     *
+     * If we have not yet flagged the artifact as deployed,
+     * we do not allow resolving the value. See the documentation
+     * of {@link EcsUpdateImageArtifactStatus}.
+     */
+    getEcrTag() {
+        if (!this.artifactStatus.artifactPushedAndTagUpdated) {
+            return null;
+        }
+        return this.secret.secretValueFromJson("tag").toString();
+    }
+}
+exports.EcsUpdateImageTag = EcsUpdateImageTag;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGFnLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2Vjcy11cGRhdGUtaW1hZ2UvdGFnLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHlDQUF3QztBQUN4QywyQ0FBMEM7QUFDMUMsaUVBQWdFO0FBUWhFOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBc0JHO0FBQ0gsTUFBYSxpQkFBa0IsU0FBUSxVQUFVLENBQUMsU0FBUztJQUt6RCxZQUFZLEtBQTJCLEVBQUUsRUFBVSxFQUFFLEtBQVk7UUFDL0QsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQTtRQUVoQixJQUFJLENBQUMsY0FBYyxHQUFHLEtBQUssQ0FBQyxjQUFjLENBQUE7UUFFMUMsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLGNBQWMsQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLFFBQVEsRUFBRTtZQUN0RCxVQUFVLEVBQUUsS0FBSyxDQUFDLFVBQVU7WUFDNUIsb0JBQW9CLEVBQUU7Z0JBQ3BCLGtFQUFrRTtnQkFDbEUsb0JBQW9CLEVBQUUsSUFBSTtnQkFDMUIsaUJBQWlCLEVBQUUsYUFBYTthQUNqQztTQUNGLENBQUMsQ0FBQTtRQUVGLElBQUksQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUE7SUFDeEMsQ0FBQztJQUVNLFdBQVcsQ0FBQyxPQUF1QjtRQUN4QyxPQUFPLEdBQUcsQ0FBQyxLQUFLLENBQUMsY0FBYyxDQUFDO1lBQzlCLE9BQU87WUFDUCxPQUFPLEVBQUUsQ0FBQyw2QkFBNkIsQ0FBQztZQUN4QyxZQUFZLEVBQUUsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDO1NBQy9CLENBQUMsQ0FBQTtJQUNKLENBQUM7SUFFRDs7Ozs7OztPQU9HO0lBQ0ksU0FBUztRQUNkLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLDJCQUEyQixFQUFFLENBQUM7WUFDckQsT0FBTyxJQUFJLENBQUE7UUFDYixDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLG1CQUFtQixDQUFDLEtBQUssQ0FBQyxDQUFDLFFBQVEsRUFBRSxDQUFBO0lBQzFELENBQUM7Q0FDRjtBQTVDRCw4Q0E0Q0MiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBjb25zdHJ1Y3RzIGZyb20gXCJjb25zdHJ1Y3RzXCJcbmltcG9ydCAqIGFzIGlhbSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiXG5pbXBvcnQgKiBhcyBzZWNyZXRzbWFuYWdlciBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXNlY3JldHNtYW5hZ2VyXCJcbmltcG9ydCB7IEVjc1VwZGF0ZUltYWdlQXJ0aWZhY3RTdGF0dXMgfSBmcm9tIFwiLi9hcnRpZmFjdC1zdGF0dXNcIlxuXG5pbnRlcmZhY2UgUHJvcHMge1xuICBhcnRpZmFjdFN0YXR1czogRWNzVXBkYXRlSW1hZ2VBcnRpZmFjdFN0YXR1c1xuICBzZWNyZXROYW1lOiBzdHJpbmdcbn1cblxuLyoqXG4gKiBDb250YWluZXIgdXNlZCBmb3IgaG9sZGluZyB0aGUgY3VycmVudCBFQ1IgdGFnIGZvciBhIEVDUyBzZXJ2aWNlLlxuICpcbiAqIFNpbmNlIHdlIGFyZSBkZXBsb3lpbmcgb3VyIEVDUyBzZXJ2aWNlcyBmcm9tIGJvdGggQ2xvdWRGb3JtYXRpb25cbiAqIChieSBoYXZpbmcgdGhlIFRhc2tEZWZpbml0aW9uIGRlZmluZWQpLCBhcyB3ZWxsIGFzIGRpcmVjdGx5IGZyb21cbiAqIG91ciBDRCBwaXBlbGluZSBieSBVcGRhdGVTZXJ2aWNlIGNhbGwgdG8gRUNTLCB3ZSBuZWVkIHRvIGVuc3VyZVxuICogdGhlIHJlZmVyZW5jZWQgRUNSIGltYWdlIGlzIGtlcHQgaW4gc3luYy5cbiAqXG4gKiBUbyBkbyB0aGlzIHdlIHVzZSBhIGNvbnRhaW5lciB0byBob2xkIHRoZSBjdXJyZW50IEVDUiB0YWcuIFRoaXNcbiAqIGlzIHRoZW4gbG9va2VkIHVwIGR1cmluZyBkZXBsb3ltZW50IGZyb20gQ2xvdWRGb3JtYXRpb24sIGFuZFxuICogd2hlbiBkZXBsb3lpbmcgZnJvbSBDRCBwaXBlbGluZSBpdCBpcyB1cGRhdGVkIGJlZm9yZSBVcGRhdGVTZXJ2aWNlXG4gKiBjYWxsLlxuICpcbiAqIEEgc2VjcmV0IGlzIHVzZWQgYXMgaXQgY2FuIGJlIGR5bmFtaWNhbGx5IHJlc29sdmVkIGFzIHBhcnQgb2YgdGhlXG4gKiBDbG91ZEZvcm1hdGlvbiB0ZW1wbGF0ZS5cbiAqXG4gKiBXZSBkbyBub3Qga2VlcCBhbnkgZGVmYXVsdCB2YWx1ZSBmb3IgdGhlIGNvbnRhaW5lciwgYXMgdGhhdCBtaWdodFxuICogbGVhZCB1cyB0byBsYXRlciBkZXBsb3kgYSB2ZXJ5IG9sZCB2ZXJzaW9uIG9mIHRoZSBidWlsZC4gSXQgaXNcbiAqIGJldHRlciBpZiB0aGUgZGVwbG95bWVudCBmYWlscyBpbiB0aGlzIHNjZW5hcmlvLiBJZiB0aGlzIGhhcHBlbnNcbiAqIHRoZSBzdGFjayB1cGRhdGUgd2lsbCBmYWlsIHdpdGg6XG4gKlxuICogICBDb3VsZCBub3QgZmluZCBhIHZhbHVlIGFzc29jaWF0ZWQgd2l0aCBKU09OS2V5IGluIFNlY3JldFN0cmluZ1xuICovXG5leHBvcnQgY2xhc3MgRWNzVXBkYXRlSW1hZ2VUYWcgZXh0ZW5kcyBjb25zdHJ1Y3RzLkNvbnN0cnVjdCB7XG4gIHByaXZhdGUgcmVhZG9ubHkgc2VjcmV0OiBzZWNyZXRzbWFuYWdlci5TZWNyZXRcbiAgcHJpdmF0ZSByZWFkb25seSBhcnRpZmFjdFN0YXR1czogRWNzVXBkYXRlSW1hZ2VBcnRpZmFjdFN0YXR1c1xuICByZWFkb25seSBzZWNyZXRBcm46IHN0cmluZ1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBjb25zdHJ1Y3RzLkNvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IFByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKVxuXG4gICAgdGhpcy5hcnRpZmFjdFN0YXR1cyA9IHByb3BzLmFydGlmYWN0U3RhdHVzXG5cbiAgICB0aGlzLnNlY3JldCA9IG5ldyBzZWNyZXRzbWFuYWdlci5TZWNyZXQodGhpcywgXCJTZWNyZXRcIiwge1xuICAgICAgc2VjcmV0TmFtZTogcHJvcHMuc2VjcmV0TmFtZSxcbiAgICAgIGdlbmVyYXRlU2VjcmV0U3RyaW5nOiB7XG4gICAgICAgIC8vIERvIG5vdCBtb2RpZnkgdGhpcywgYXMgaXQgd291bGQgY2F1c2UgdGhlIHNlY3JldCB0byByZWdlbmVyYXRlLlxuICAgICAgICBzZWNyZXRTdHJpbmdUZW1wbGF0ZTogXCJ7fVwiLFxuICAgICAgICBnZW5lcmF0ZVN0cmluZ0tleTogXCJ1bnVzZWRGaWVsZFwiLFxuICAgICAgfSxcbiAgICB9KVxuXG4gICAgdGhpcy5zZWNyZXRBcm4gPSB0aGlzLnNlY3JldC5zZWNyZXRBcm5cbiAgfVxuXG4gIHB1YmxpYyBncmFudFVwZGF0ZShncmFudGVlOiBpYW0uSUdyYW50YWJsZSk6IGlhbS5HcmFudCB7XG4gICAgcmV0dXJuIGlhbS5HcmFudC5hZGRUb1ByaW5jaXBhbCh7XG4gICAgICBncmFudGVlLFxuICAgICAgYWN0aW9uczogW1wic2VjcmV0c21hbmFnZXI6VXBkYXRlU2VjcmV0XCJdLFxuICAgICAgcmVzb3VyY2VBcm5zOiBbdGhpcy5zZWNyZXRBcm5dLFxuICAgIH0pXG4gIH1cblxuICAvKipcbiAgICogQSBDbG91ZEZvcm1hdGlvbiBkeW5hbWljIHJlZmVyZW5jZSB0aGF0IHdpbGwgYmUgcmVzb2x2ZWRcbiAgICogZHVyaW5nIGRlcGxveW1lbnQuXG4gICAqXG4gICAqIElmIHdlIGhhdmUgbm90IHlldCBmbGFnZ2VkIHRoZSBhcnRpZmFjdCBhcyBkZXBsb3llZCxcbiAgICogd2UgZG8gbm90IGFsbG93IHJlc29sdmluZyB0aGUgdmFsdWUuIFNlZSB0aGUgZG9jdW1lbnRhdGlvblxuICAgKiBvZiB7QGxpbmsgRWNzVXBkYXRlSW1hZ2VBcnRpZmFjdFN0YXR1c30uXG4gICAqL1xuICBwdWJsaWMgZ2V0RWNyVGFnKCk6IHN0cmluZyB8IG51bGwge1xuICAgIGlmICghdGhpcy5hcnRpZmFjdFN0YXR1cy5hcnRpZmFjdFB1c2hlZEFuZFRhZ1VwZGF0ZWQpIHtcbiAgICAgIHJldHVybiBudWxsXG4gICAgfVxuICAgIHJldHVybiB0aGlzLnNlY3JldC5zZWNyZXRWYWx1ZUZyb21Kc29uKFwidGFnXCIpLnRvU3RyaW5nKClcbiAgfVxufVxuIl19

package/lib/feature-flags.d.ts

@@ -0,0 +1,18 @@
+import * as constructs from "constructs";
+export declare const FEATURE_FLAG_CDK_PIPELINES_SPEED_UP = "@liflig-cdk/cdk-pipelines:enableExperimentalSpeedUp";
+/**
+ * Exposes feature flags we can use in liflig-cdk to allow consumers to opt-in
+ * to experimental functionality without affecting current consumers and having
+ * to pollute the official library API with experimental properties and behavior.
+ *
+ * NOTE: We should only use these flags temporarily and very sparingly as they lead
+ * to a brittle and more complex codebase with a lot of branching logic.
+ * Once an experiment has concluded we should remove them and update the
+ * official library API.
+ */
+export declare class FeatureFlags {
+    private readonly scope;
+    private constructor();
+    static of(scope: constructs.Construct): FeatureFlags;
+    isEnabled(flagName: string): boolean;
+}

package/lib/feature-flags.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FeatureFlags = exports.FEATURE_FLAG_CDK_PIPELINES_SPEED_UP = void 0;
+// Custom feature flags for liflig-cdk
+exports.FEATURE_FLAG_CDK_PIPELINES_SPEED_UP = "@liflig-cdk/cdk-pipelines:enableExperimentalSpeedUp";
+const FLAGS = {
+    [exports.FEATURE_FLAG_CDK_PIPELINES_SPEED_UP]: {
+        default: false,
+        description: "Reduce execution time of CDK Pipelines by making various tweaks (e.g., skip creation of CloudFormation changesets, disable CodePipeline S3 polling).",
+    },
+};
+const getFeatureFlagDefault = (flagName) => {
+    var _a, _b;
+    return (_b = (_a = FLAGS[flagName]) === null || _a === void 0 ? void 0 : _a.default) !== null && _b !== void 0 ? _b : false;
+};
+/**
+ * Exposes feature flags we can use in liflig-cdk to allow consumers to opt-in
+ * to experimental functionality without affecting current consumers and having
+ * to pollute the official library API with experimental properties and behavior.
+ *
+ * NOTE: We should only use these flags temporarily and very sparingly as they lead
+ * to a brittle and more complex codebase with a lot of branching logic.
+ * Once an experiment has concluded we should remove them and update the
+ * official library API.
+ */
+class FeatureFlags {
+    constructor(scope) {
+        this.scope = scope;
+    }
+    static of(scope) {
+        return new FeatureFlags(scope);
+    }
+    isEnabled(flagName) {
+        if (!Object.keys(FLAGS).includes(flagName)) {
+            throw new Error(`Unsupported feature flag ${flagName}`);
+        }
+        const contextValue = this.scope.node.tryGetContext(flagName);
+        if (contextValue === undefined) {
+            return getFeatureFlagDefault(flagName);
+        }
+        else if (Object.prototype.toString.call(contextValue) === "[object Boolean]") {
+            return Boolean(contextValue);
+        }
+        throw new Error(`Unsupported value for feature flag ${flagName}. Only boolean values are supported.`);
+    }
+}
+exports.FeatureFlags = FeatureFlags;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZmVhdHVyZS1mbGFncy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9mZWF0dXJlLWZsYWdzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQWtCQSxzQ0FBc0M7QUFDekIsUUFBQSxtQ0FBbUMsR0FDOUMscURBQXFELENBQUE7QUFFdkQsTUFBTSxLQUFLLEdBQXVDO0lBQ2hELENBQUMsMkNBQW1DLENBQUMsRUFBRTtRQUNyQyxPQUFPLEVBQUUsS0FBSztRQUNkLFdBQVcsRUFDVCxzSkFBc0o7S0FDeko7Q0FDRixDQUFBO0FBRUQsTUFBTSxxQkFBcUIsR0FBRyxDQUFDLFFBQWdCLEVBQUUsRUFBRTs7SUFDakQsT0FBTyxNQUFBLE1BQUEsS0FBSyxDQUFDLFFBQVEsQ0FBQywwQ0FBRSxPQUFPLG1DQUFJLEtBQUssQ0FBQTtBQUMxQyxDQUFDLENBQUE7QUFFRDs7Ozs7Ozs7O0dBU0c7QUFDSCxNQUFhLFlBQVk7SUFDdkIsWUFBcUMsS0FBNEI7UUFBNUIsVUFBSyxHQUFMLEtBQUssQ0FBdUI7SUFBRyxDQUFDO0lBQzlELE1BQU0sQ0FBQyxFQUFFLENBQUMsS0FBMkI7UUFDMUMsT0FBTyxJQUFJLFlBQVksQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUNoQyxDQUFDO0lBQ00sU0FBUyxDQUFDLFFBQWdCO1FBQy9CLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1lBQzNDLE1BQU0sSUFBSSxLQUFLLENBQUMsNEJBQTRCLFFBQVEsRUFBRSxDQUFDLENBQUE7UUFDekQsQ0FBQztRQUNELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQVksQ0FBQTtRQUN2RSxJQUFJLFlBQVksS0FBSyxTQUFTLEVBQUUsQ0FBQztZQUMvQixPQUFPLHFCQUFxQixDQUFDLFFBQVEsQ0FBQyxDQUFBO1FBQ3hDLENBQUM7YUFBTSxJQUNMLE1BQU0sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsS0FBSyxrQkFBa0IsRUFDbkUsQ0FBQztZQUNELE9BQU8sT0FBTyxDQUFDLFlBQVksQ0FBQyxDQUFBO1FBQzlCLENBQUM7UUFDRCxNQUFNLElBQUksS0FBSyxDQUNiLHNDQUFzQyxRQUFRLHNDQUFzQyxDQUNyRixDQUFBO0lBQ0gsQ0FBQztDQUNGO0FBckJELG9DQXFCQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSBcImNvbnN0cnVjdHNcIlxuXG5pbnRlcmZhY2UgRmVhdHVyZUZsYWdJbmZvIHtcbiAgLyoqXG4gICAqIFRoZSBkZWZhdWx0IHZhbHVlIGZvciB0aGUgZmVhdHVyZSBmbGFnLlxuICAgKlxuICAgKiBOT1RFOiBUaGlzIHdpbGwgYmUgdGhlIHZhbHVlIHVzZWQgZm9yIGNvbnN1bWVycyB0aGF0IGhhdmUgbm90XG4gICAqIGV4cGxpY2l0bHkgc2V0IHRoZSBmZWF0dXJlIGZsYWcgKHdoaWNoIHdpbGwgYmUgbW9zdCBvZiB0aGVtISksXG4gICAqIHNvIHdlIHNob3VsZCBtYWtlIHN1cmUgdGhhdCB0aGUgZGVmYXVsdCB2YWx1ZSBkb2VzIE5PVCBsZWFkXG4gICAqIHRvIGFueSBicmVha2luZyBiZWhhdmlvci5cbiAgICovXG4gIGRlZmF1bHQ6IGJvb2xlYW5cbiAgLyoqXG4gICAqIEEgc2hvcnQgZGVzY3JpcHRpb24gb2YgdGhlIGZlYXR1cmUgZmxhZy5cbiAgICovXG4gIGRlc2NyaXB0aW9uOiBzdHJpbmdcbn1cblxuLy8gQ3VzdG9tIGZlYXR1cmUgZmxhZ3MgZm9yIGxpZmxpZy1jZGtcbmV4cG9ydCBjb25zdCBGRUFUVVJFX0ZMQUdfQ0RLX1BJUEVMSU5FU19TUEVFRF9VUCA9XG4gIFwiQGxpZmxpZy1jZGsvY2RrLXBpcGVsaW5lczplbmFibGVFeHBlcmltZW50YWxTcGVlZFVwXCJcblxuY29uc3QgRkxBR1M6IHsgW2tleTogc3RyaW5nXTogRmVhdHVyZUZsYWdJbmZvIH0gPSB7XG4gIFtGRUFUVVJFX0ZMQUdfQ0RLX1BJUEVMSU5FU19TUEVFRF9VUF06IHtcbiAgICBkZWZhdWx0OiBmYWxzZSxcbiAgICBkZXNjcmlwdGlvbjpcbiAgICAgIFwiUmVkdWNlIGV4ZWN1dGlvbiB0aW1lIG9mIENESyBQaXBlbGluZXMgYnkgbWFraW5nIHZhcmlvdXMgdHdlYWtzIChlLmcuLCBza2lwIGNyZWF0aW9uIG9mIENsb3VkRm9ybWF0aW9uIGNoYW5nZXNldHMsIGRpc2FibGUgQ29kZVBpcGVsaW5lIFMzIHBvbGxpbmcpLlwiLFxuICB9LFxufVxuXG5jb25zdCBnZXRGZWF0dXJlRmxhZ0RlZmF1bHQgPSAoZmxhZ05hbWU6IHN0cmluZykgPT4ge1xuICByZXR1cm4gRkxBR1NbZmxhZ05hbWVdPy5kZWZhdWx0ID8/IGZhbHNlXG59XG5cbi8qKlxuICogRXhwb3NlcyBmZWF0dXJlIGZsYWdzIHdlIGNhbiB1c2UgaW4gbGlmbGlnLWNkayB0byBhbGxvdyBjb25zdW1lcnMgdG8gb3B0LWluXG4gKiB0byBleHBlcmltZW50YWwgZnVuY3Rpb25hbGl0eSB3aXRob3V0IGFmZmVjdGluZyBjdXJyZW50IGNvbnN1bWVycyBhbmQgaGF2aW5nXG4gKiB0byBwb2xsdXRlIHRoZSBvZmZpY2lhbCBsaWJyYXJ5IEFQSSB3aXRoIGV4cGVyaW1lbnRhbCBwcm9wZXJ0aWVzIGFuZCBiZWhhdmlvci5cbiAqXG4gKiBOT1RFOiBXZSBzaG91bGQgb25seSB1c2UgdGhlc2UgZmxhZ3MgdGVtcG9yYXJpbHkgYW5kIHZlcnkgc3BhcmluZ2x5IGFzIHRoZXkgbGVhZFxuICogdG8gYSBicml0dGxlIGFuZCBtb3JlIGNvbXBsZXggY29kZWJhc2Ugd2l0aCBhIGxvdCBvZiBicmFuY2hpbmcgbG9naWMuXG4gKiBPbmNlIGFuIGV4cGVyaW1lbnQgaGFzIGNvbmNsdWRlZCB3ZSBzaG91bGQgcmVtb3ZlIHRoZW0gYW5kIHVwZGF0ZSB0aGVcbiAqIG9mZmljaWFsIGxpYnJhcnkgQVBJLlxuICovXG5leHBvcnQgY2xhc3MgRmVhdHVyZUZsYWdzIHtcbiAgcHJpdmF0ZSBjb25zdHJ1Y3Rvcihwcml2YXRlIHJlYWRvbmx5IHNjb3BlOiBjb25zdHJ1Y3RzLklDb25zdHJ1Y3QpIHt9XG4gIHB1YmxpYyBzdGF0aWMgb2Yoc2NvcGU6IGNvbnN0cnVjdHMuQ29uc3RydWN0KSB7XG4gICAgcmV0dXJuIG5ldyBGZWF0dXJlRmxhZ3Moc2NvcGUpXG4gIH1cbiAgcHVibGljIGlzRW5hYmxlZChmbGFnTmFtZTogc3RyaW5nKSB7XG4gICAgaWYgKCFPYmplY3Qua2V5cyhGTEFHUykuaW5jbHVkZXMoZmxhZ05hbWUpKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoYFVuc3VwcG9ydGVkIGZlYXR1cmUgZmxhZyAke2ZsYWdOYW1lfWApXG4gICAgfVxuICAgIGNvbnN0IGNvbnRleHRWYWx1ZSA9IHRoaXMuc2NvcGUubm9kZS50cnlHZXRDb250ZXh0KGZsYWdOYW1lKSBhcyB1bmtub3duXG4gICAgaWYgKGNvbnRleHRWYWx1ZSA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICByZXR1cm4gZ2V0RmVhdHVyZUZsYWdEZWZhdWx0KGZsYWdOYW1lKVxuICAgIH0gZWxzZSBpZiAoXG4gICAgICBPYmplY3QucHJvdG90eXBlLnRvU3RyaW5nLmNhbGwoY29udGV4dFZhbHVlKSA9PT0gXCJbb2JqZWN0IEJvb2xlYW5dXCJcbiAgICApIHtcbiAgICAgIHJldHVybiBCb29sZWFuKGNvbnRleHRWYWx1ZSlcbiAgICB9XG4gICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgYFVuc3VwcG9ydGVkIHZhbHVlIGZvciBmZWF0dXJlIGZsYWcgJHtmbGFnTmFtZX0uIE9ubHkgYm9vbGVhbiB2YWx1ZXMgYXJlIHN1cHBvcnRlZC5gLFxuICAgIClcbiAgfVxufVxuIl19

package/lib/griid/artefact-bucket.d.ts

@@ -0,0 +1,7 @@
+import * as constructs from "constructs";
+import * as s3 from "aws-cdk-lib/aws-s3";
+/**
+ * Retrieve a Bucket instance based on Griid conventions for
+ * the provided build account.
+ */
+export declare function getGriidArtefactBucket(scope: constructs.Construct): s3.IBucket;

package/lib/griid/artefact-bucket.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getGriidArtefactBucket = void 0;
+const kms = require("aws-cdk-lib/aws-kms");
+const s3 = require("aws-cdk-lib/aws-s3");
+const ssm = require("aws-cdk-lib/aws-ssm");
+const cdk = require("aws-cdk-lib");
+/**
+ * Retrieve a Bucket instance based on Griid conventions for
+ * the provided build account.
+ */
+function getGriidArtefactBucket(scope) {
+    const buildAccountId = ssm.StringParameter.valueForStringParameter(scope, 
+    // Convention from Griid.
+    "/ccas/global/build");
+    const artefactKey = kms.Key.fromKeyArn(scope, "ArtefactKey", cdk.Arn.format({
+        service: "kms",
+        resource: "key",
+        resourceName: ssm.StringParameter.valueForStringParameter(scope, 
+        // Convention from Griid.
+        "/ccas/global/key"),
+    }, cdk.Stack.of(scope)));
+    return s3.Bucket.fromBucketAttributes(scope, "ArtefactBucket", {
+        // Convention from Griid: Name of S3 bucket for build data.
+        bucketName: `artefact.eu-west-1.${buildAccountId}`,
+        encryptionKey: artefactKey,
+    });
+}
+exports.getGriidArtefactBucket = getGriidArtefactBucket;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXJ0ZWZhY3QtYnVja2V0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2dyaWlkL2FydGVmYWN0LWJ1Y2tldC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFDQSwyQ0FBMEM7QUFDMUMseUNBQXdDO0FBQ3hDLDJDQUEwQztBQUMxQyxtQ0FBa0M7QUFFbEM7OztHQUdHO0FBQ0gsU0FBZ0Isc0JBQXNCLENBQ3BDLEtBQTJCO0lBRTNCLE1BQU0sY0FBYyxHQUFHLEdBQUcsQ0FBQyxlQUFlLENBQUMsdUJBQXVCLENBQ2hFLEtBQUs7SUFDTCx5QkFBeUI7SUFDekIsb0JBQW9CLENBQ3JCLENBQUE7SUFFRCxNQUFNLFdBQVcsR0FBRyxHQUFHLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FDcEMsS0FBSyxFQUNMLGFBQWEsRUFDYixHQUFHLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FDWjtRQUNFLE9BQU8sRUFBRSxLQUFLO1FBQ2QsUUFBUSxFQUFFLEtBQUs7UUFDZixZQUFZLEVBQUUsR0FBRyxDQUFDLGVBQWUsQ0FBQyx1QkFBdUIsQ0FDdkQsS0FBSztRQUNMLHlCQUF5QjtRQUN6QixrQkFBa0IsQ0FDbkI7S0FDRixFQUNELEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUNwQixDQUNGLENBQUE7SUFFRCxPQUFPLEVBQUUsQ0FBQyxNQUFNLENBQUMsb0JBQW9CLENBQUMsS0FBSyxFQUFFLGdCQUFnQixFQUFFO1FBQzdELDJEQUEyRDtRQUMzRCxVQUFVLEVBQUUsc0JBQXNCLGNBQWMsRUFBRTtRQUNsRCxhQUFhLEVBQUUsV0FBVztLQUMzQixDQUFDLENBQUE7QUFDSixDQUFDO0FBL0JELHdEQStCQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSBcImNvbnN0cnVjdHNcIlxuaW1wb3J0ICogYXMga21zIGZyb20gXCJhd3MtY2RrLWxpYi9hd3Mta21zXCJcbmltcG9ydCAqIGFzIHMzIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczNcIlxuaW1wb3J0ICogYXMgc3NtIGZyb20gXCJhd3MtY2RrLWxpYi9hd3Mtc3NtXCJcbmltcG9ydCAqIGFzIGNkayBmcm9tIFwiYXdzLWNkay1saWJcIlxuXG4vKipcbiAqIFJldHJpZXZlIGEgQnVja2V0IGluc3RhbmNlIGJhc2VkIG9uIEdyaWlkIGNvbnZlbnRpb25zIGZvclxuICogdGhlIHByb3ZpZGVkIGJ1aWxkIGFjY291bnQuXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBnZXRHcmlpZEFydGVmYWN0QnVja2V0KFxuICBzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsXG4pOiBzMy5JQnVja2V0IHtcbiAgY29uc3QgYnVpbGRBY2NvdW50SWQgPSBzc20uU3RyaW5nUGFyYW1ldGVyLnZhbHVlRm9yU3RyaW5nUGFyYW1ldGVyKFxuICAgIHNjb3BlLFxuICAgIC8vIENvbnZlbnRpb24gZnJvbSBHcmlpZC5cbiAgICBcIi9jY2FzL2dsb2JhbC9idWlsZFwiLFxuICApXG5cbiAgY29uc3QgYXJ0ZWZhY3RLZXkgPSBrbXMuS2V5LmZyb21LZXlBcm4oXG4gICAgc2NvcGUsXG4gICAgXCJBcnRlZmFjdEtleVwiLFxuICAgIGNkay5Bcm4uZm9ybWF0KFxuICAgICAge1xuICAgICAgICBzZXJ2aWNlOiBcImttc1wiLFxuICAgICAgICByZXNvdXJjZTogXCJrZXlcIixcbiAgICAgICAgcmVzb3VyY2VOYW1lOiBzc20uU3RyaW5nUGFyYW1ldGVyLnZhbHVlRm9yU3RyaW5nUGFyYW1ldGVyKFxuICAgICAgICAgIHNjb3BlLFxuICAgICAgICAgIC8vIENvbnZlbnRpb24gZnJvbSBHcmlpZC5cbiAgICAgICAgICBcIi9jY2FzL2dsb2JhbC9rZXlcIixcbiAgICAgICAgKSxcbiAgICAgIH0sXG4gICAgICBjZGsuU3RhY2sub2Yoc2NvcGUpLFxuICAgICksXG4gIClcblxuICByZXR1cm4gczMuQnVja2V0LmZyb21CdWNrZXRBdHRyaWJ1dGVzKHNjb3BlLCBcIkFydGVmYWN0QnVja2V0XCIsIHtcbiAgICAvLyBDb252ZW50aW9uIGZyb20gR3JpaWQ6IE5hbWUgb2YgUzMgYnVja2V0IGZvciBidWlsZCBkYXRhLlxuICAgIGJ1Y2tldE5hbWU6IGBhcnRlZmFjdC5ldS13ZXN0LTEuJHtidWlsZEFjY291bnRJZH1gLFxuICAgIGVuY3J5cHRpb25LZXk6IGFydGVmYWN0S2V5LFxuICB9KVxufVxuIl19

package/lib/griid/index.d.ts

@@ -0,0 +1,4 @@
+import * as constructs from "constructs";
+import * as iam from "aws-cdk-lib/aws-iam";
+export { getGriidArtefactBucket } from "./artefact-bucket";
+export declare function getGriidCiRole(scope: constructs.Construct): iam.IRole;

package/lib/griid/index.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getGriidCiRole = exports.getGriidArtefactBucket = void 0;
+const iam = require("aws-cdk-lib/aws-iam");
+const cdk = require("aws-cdk-lib");
+var artefact_bucket_1 = require("./artefact-bucket");
+Object.defineProperty(exports, "getGriidArtefactBucket", { enumerable: true, get: function () { return artefact_bucket_1.getGriidArtefactBucket; } });
+function getGriidCiRole(scope) {
+    return iam.Role.fromRoleArn(scope, "GriidCiRole", cdk.Arn.format({
+        service: "iam",
+        resource: "role",
+        region: "",
+        // Convention from Griid.
+        resourceName: "CIExternalAccessRole",
+    }, cdk.Stack.of(scope)));
+}
+exports.getGriidCiRole = getGriidCiRole;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZ3JpaWQvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQ0EsMkNBQTBDO0FBQzFDLG1DQUFrQztBQUVsQyxxREFBMEQ7QUFBakQseUhBQUEsc0JBQXNCLE9BQUE7QUFFL0IsU0FBZ0IsY0FBYyxDQUFDLEtBQTJCO0lBQ3hELE9BQU8sR0FBRyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQ3pCLEtBQUssRUFDTCxhQUFhLEVBQ2IsR0FBRyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQ1o7UUFDRSxPQUFPLEVBQUUsS0FBSztRQUNkLFFBQVEsRUFBRSxNQUFNO1FBQ2hCLE1BQU0sRUFBRSxFQUFFO1FBQ1YseUJBQXlCO1FBQ3pCLFlBQVksRUFBRSxzQkFBc0I7S0FDckMsRUFDRCxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FDcEIsQ0FDRixDQUFBO0FBQ0gsQ0FBQztBQWZELHdDQWVDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY29uc3RydWN0cyBmcm9tIFwiY29uc3RydWN0c1wiXG5pbXBvcnQgKiBhcyBpYW0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIlxuaW1wb3J0ICogYXMgY2RrIGZyb20gXCJhd3MtY2RrLWxpYlwiXG5cbmV4cG9ydCB7IGdldEdyaWlkQXJ0ZWZhY3RCdWNrZXQgfSBmcm9tIFwiLi9hcnRlZmFjdC1idWNrZXRcIlxuXG5leHBvcnQgZnVuY3Rpb24gZ2V0R3JpaWRDaVJvbGUoc2NvcGU6IGNvbnN0cnVjdHMuQ29uc3RydWN0KTogaWFtLklSb2xlIHtcbiAgcmV0dXJuIGlhbS5Sb2xlLmZyb21Sb2xlQXJuKFxuICAgIHNjb3BlLFxuICAgIFwiR3JpaWRDaVJvbGVcIixcbiAgICBjZGsuQXJuLmZvcm1hdChcbiAgICAgIHtcbiAgICAgICAgc2VydmljZTogXCJpYW1cIixcbiAgICAgICAgcmVzb3VyY2U6IFwicm9sZVwiLFxuICAgICAgICByZWdpb246IFwiXCIsXG4gICAgICAgIC8vIENvbnZlbnRpb24gZnJvbSBHcmlpZC5cbiAgICAgICAgcmVzb3VyY2VOYW1lOiBcIkNJRXh0ZXJuYWxBY2Nlc3NSb2xlXCIsXG4gICAgICB9LFxuICAgICAgY2RrLlN0YWNrLm9mKHNjb3BlKSxcbiAgICApLFxuICApXG59XG4iXX0=

package/lib/hosted-zone-with-param.d.ts

@@ -0,0 +1,29 @@
+import * as constructs from "constructs";
+import * as route53 from "aws-cdk-lib/aws-route53";
+interface Props extends route53.HostedZoneProps {
+    /**
+     * We don't expect a hosted zone to be recreated while it is being
+     * referenced in other stacks, but in case it is, this value can be
+     * used to force consumers to refresh the value.
+     *
+     * @default 1
+     */
+    nonce?: string;
+}
+/**
+ * A Hosted Zone that writes its ID to SSM Parameter Store and provides
+ * a helper to easily retrieve the Hosted Zone cross-region.
+ */
+export declare class HostedZoneWithParam extends constructs.Construct {
+    private readonly nonce;
+    private readonly hostedZone;
+    readonly name: string;
+    readonly idParamName: string;
+    constructor(scope: constructs.Construct, id: string, props: Props);
+    /**
+     * Get the Hosted Zone by resolving the zone id from SSM Parameter Store
+     * in case we are cross-region.
+     */
+    getHostedZone(scope: constructs.Construct, id: string): route53.IHostedZone;
+}
+export {};

package/lib/hosted-zone-with-param.js

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HostedZoneWithParam = void 0;
+const constructs = require("constructs");
+const route53 = require("aws-cdk-lib/aws-route53");
+const ssm = require("aws-cdk-lib/aws-ssm");
+const cdk = require("aws-cdk-lib");
+const ssm_parameter_reader_1 = require("./ssm-parameter-reader");
+const utils_1 = require("./utils");
+/**
+ * A Hosted Zone that writes its ID to SSM Parameter Store and provides
+ * a helper to easily retrieve the Hosted Zone cross-region.
+ */
+class HostedZoneWithParam extends constructs.Construct {
+    constructor(scope, id, props) {
+        var _a;
+        super(scope, id);
+        this.nonce = (_a = props.nonce) !== null && _a !== void 0 ? _a : "1";
+        this.name = props.zoneName;
+        this.idParamName = `/cf/hosted-zone-id/${props.zoneName}-${props.vpcs ? "private" : "public"}`;
+        this.hostedZone = new route53.HostedZone(this, "Resource", props);
+        new ssm.CfnParameter(this, "IdParam", {
+            type: "String",
+            name: this.idParamName,
+            value: this.hostedZone.hostedZoneId,
+        });
+        if (this.hostedZone.hostedZoneNameServers) {
+            new cdk.CfnOutput(this, "Nameservers", {
+                value: cdk.Fn.join(", ", this.hostedZone.hostedZoneNameServers),
+            });
+        }
+        new cdk.CfnOutput(this, "Id", {
+            value: this.hostedZone.hostedZoneId,
+        });
+    }
+    /**
+     * Get the Hosted Zone by resolving the zone id from SSM Parameter Store
+     * in case we are cross-region.
+     */
+    getHostedZone(scope, id) {
+        const hostedZoneRegion = cdk.Stack.of(this).region;
+        const consumerRegion = cdk.Stack.of(scope).region;
+        const sameStageOrApp = (0, utils_1.getStageOrApp)(this) === (0, utils_1.getStageOrApp)(scope);
+        // Fast-path: Same region and parent stage/app.
+        if (hostedZoneRegion === consumerRegion && sameStageOrApp) {
+            return this.hostedZone;
+        }
+        // Only add dependency if within same app/stage. If not it
+        // is the caller responsibility to ensure deployment order.
+        if (sameStageOrApp) {
+            scope.node.addDependency(this);
+        }
+        const hostedZoneId = new ssm_parameter_reader_1.SsmParameterReader(scope, `${id}Param`, {
+            parameterName: this.idParamName,
+            region: cdk.Stack.of(this).region,
+            nonce: this.nonce,
+        }).getParameterValue();
+        return route53.HostedZone.fromHostedZoneAttributes(scope, id, {
+            hostedZoneId,
+            zoneName: this.name,
+        });
+    }
+}
+exports.HostedZoneWithParam = HostedZoneWithParam;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaG9zdGVkLXpvbmUtd2l0aC1wYXJhbS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9ob3N0ZWQtem9uZS13aXRoLXBhcmFtLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHlDQUF3QztBQUN4QyxtREFBa0Q7QUFDbEQsMkNBQTBDO0FBQzFDLG1DQUFrQztBQUNsQyxpRUFBMkQ7QUFDM0QsbUNBQXVDO0FBYXZDOzs7R0FHRztBQUNILE1BQWEsbUJBQW9CLFNBQVEsVUFBVSxDQUFDLFNBQVM7SUFNM0QsWUFBWSxLQUEyQixFQUFFLEVBQVUsRUFBRSxLQUFZOztRQUMvRCxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFBO1FBRWhCLElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBQSxLQUFLLENBQUMsS0FBSyxtQ0FBSSxHQUFHLENBQUE7UUFDL0IsSUFBSSxDQUFDLElBQUksR0FBRyxLQUFLLENBQUMsUUFBUSxDQUFBO1FBQzFCLElBQUksQ0FBQyxXQUFXLEdBQUcsc0JBQXNCLEtBQUssQ0FBQyxRQUFRLElBQ3JELEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsUUFDM0IsRUFBRSxDQUFBO1FBRUYsSUFBSSxDQUFDLFVBQVUsR0FBRyxJQUFJLE9BQU8sQ0FBQyxVQUFVLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FBQTtRQUVqRSxJQUFJLEdBQUcsQ0FBQyxZQUFZLENBQUMsSUFBSSxFQUFFLFNBQVMsRUFBRTtZQUNwQyxJQUFJLEVBQUUsUUFBUTtZQUNkLElBQUksRUFBRSxJQUFJLENBQUMsV0FBVztZQUN0QixLQUFLLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxZQUFZO1NBQ3BDLENBQUMsQ0FBQTtRQUVGLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO1lBQzFDLElBQUksR0FBRyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsYUFBYSxFQUFFO2dCQUNyQyxLQUFLLEVBQUUsR0FBRyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMscUJBQXFCLENBQUM7YUFDaEUsQ0FBQyxDQUFBO1FBQ0osQ0FBQztRQUVELElBQUksR0FBRyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFO1lBQzVCLEtBQUssRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVk7U0FDcEMsQ0FBQyxDQUFBO0lBQ0osQ0FBQztJQUVEOzs7T0FHRztJQUNJLGFBQWEsQ0FDbEIsS0FBMkIsRUFDM0IsRUFBVTtRQUVWLE1BQU0sZ0JBQWdCLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUMsTUFBTSxDQUFBO1FBQ2xELE1BQU0sY0FBYyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLE1BQU0sQ0FBQTtRQUVqRCxNQUFNLGNBQWMsR0FBRyxJQUFBLHFCQUFhLEVBQUMsSUFBSSxDQUFDLEtBQUssSUFBQSxxQkFBYSxFQUFDLEtBQUssQ0FBQyxDQUFBO1FBRW5FLCtDQUErQztRQUMvQyxJQUFJLGdCQUFnQixLQUFLLGNBQWMsSUFBSSxjQUFjLEVBQUUsQ0FBQztZQUMxRCxPQUFPLElBQUksQ0FBQyxVQUFVLENBQUE7UUFDeEIsQ0FBQztRQUVELDBEQUEwRDtRQUMxRCwyREFBMkQ7UUFDM0QsSUFBSSxjQUFjLEVBQUUsQ0FBQztZQUNuQixLQUFLLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsQ0FBQTtRQUNoQyxDQUFDO1FBRUQsTUFBTSxZQUFZLEdBQUcsSUFBSSx5Q0FBa0IsQ0FBQyxLQUFLLEVBQUUsR0FBRyxFQUFFLE9BQU8sRUFBRTtZQUMvRCxhQUFhLEVBQUUsSUFBSSxDQUFDLFdBQVc7WUFDL0IsTUFBTSxFQUFFLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLE1BQU07WUFDakMsS0FBSyxFQUFFLElBQUksQ0FBQyxLQUFLO1NBQ2xCLENBQUMsQ0FBQyxpQkFBaUIsRUFBRSxDQUFBO1FBQ3RCLE9BQU8sT0FBTyxDQUFDLFVBQVUsQ0FBQyx3QkFBd0IsQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFO1lBQzVELFlBQVk7WUFDWixRQUFRLEVBQUUsSUFBSSxDQUFDLElBQUk7U0FDcEIsQ0FBQyxDQUFBO0lBQ0osQ0FBQztDQUNGO0FBcEVELGtEQW9FQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSBcImNvbnN0cnVjdHNcIlxuaW1wb3J0ICogYXMgcm91dGU1MyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXJvdXRlNTNcIlxuaW1wb3J0ICogYXMgc3NtIGZyb20gXCJhd3MtY2RrLWxpYi9hd3Mtc3NtXCJcbmltcG9ydCAqIGFzIGNkayBmcm9tIFwiYXdzLWNkay1saWJcIlxuaW1wb3J0IHsgU3NtUGFyYW1ldGVyUmVhZGVyIH0gZnJvbSBcIi4vc3NtLXBhcmFtZXRlci1yZWFkZXJcIlxuaW1wb3J0IHsgZ2V0U3RhZ2VPckFwcCB9IGZyb20gXCIuL3V0aWxzXCJcblxuaW50ZXJmYWNlIFByb3BzIGV4dGVuZHMgcm91dGU1My5Ib3N0ZWRab25lUHJvcHMge1xuICAvKipcbiAgICogV2UgZG9uJ3QgZXhwZWN0IGEgaG9zdGVkIHpvbmUgdG8gYmUgcmVjcmVhdGVkIHdoaWxlIGl0IGlzIGJlaW5nXG4gICAqIHJlZmVyZW5jZWQgaW4gb3RoZXIgc3RhY2tzLCBidXQgaW4gY2FzZSBpdCBpcywgdGhpcyB2YWx1ZSBjYW4gYmVcbiAgICogdXNlZCB0byBmb3JjZSBjb25zdW1lcnMgdG8gcmVmcmVzaCB0aGUgdmFsdWUuXG4gICAqXG4gICAqIEBkZWZhdWx0IDFcbiAgICovXG4gIG5vbmNlPzogc3RyaW5nXG59XG5cbi8qKlxuICogQSBIb3N0ZWQgWm9uZSB0aGF0IHdyaXRlcyBpdHMgSUQgdG8gU1NNIFBhcmFtZXRlciBTdG9yZSBhbmQgcHJvdmlkZXNcbiAqIGEgaGVscGVyIHRvIGVhc2lseSByZXRyaWV2ZSB0aGUgSG9zdGVkIFpvbmUgY3Jvc3MtcmVnaW9uLlxuICovXG5leHBvcnQgY2xhc3MgSG9zdGVkWm9uZVdpdGhQYXJhbSBleHRlbmRzIGNvbnN0cnVjdHMuQ29uc3RydWN0IHtcbiAgcHJpdmF0ZSByZWFkb25seSBub25jZTogc3RyaW5nXG4gIHByaXZhdGUgcmVhZG9ubHkgaG9zdGVkWm9uZTogcm91dGU1My5Ib3N0ZWRab25lXG4gIHJlYWRvbmx5IG5hbWU6IHN0cmluZ1xuICByZWFkb25seSBpZFBhcmFtTmFtZTogc3RyaW5nXG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IGNvbnN0cnVjdHMuQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpXG5cbiAgICB0aGlzLm5vbmNlID0gcHJvcHMubm9uY2UgPz8gXCIxXCJcbiAgICB0aGlzLm5hbWUgPSBwcm9wcy56b25lTmFtZVxuICAgIHRoaXMuaWRQYXJhbU5hbWUgPSBgL2NmL2hvc3RlZC16b25lLWlkLyR7cHJvcHMuem9uZU5hbWV9LSR7XG4gICAgICBwcm9wcy52cGNzID8gXCJwcml2YXRlXCIgOiBcInB1YmxpY1wiXG4gICAgfWBcblxuICAgIHRoaXMuaG9zdGVkWm9uZSA9IG5ldyByb3V0ZTUzLkhvc3RlZFpvbmUodGhpcywgXCJSZXNvdXJjZVwiLCBwcm9wcylcblxuICAgIG5ldyBzc20uQ2ZuUGFyYW1ldGVyKHRoaXMsIFwiSWRQYXJhbVwiLCB7XG4gICAgICB0eXBlOiBcIlN0cmluZ1wiLFxuICAgICAgbmFtZTogdGhpcy5pZFBhcmFtTmFtZSxcbiAgICAgIHZhbHVlOiB0aGlzLmhvc3RlZFpvbmUuaG9zdGVkWm9uZUlkLFxuICAgIH0pXG5cbiAgICBpZiAodGhpcy5ob3N0ZWRab25lLmhvc3RlZFpvbmVOYW1lU2VydmVycykge1xuICAgICAgbmV3IGNkay5DZm5PdXRwdXQodGhpcywgXCJOYW1lc2VydmVyc1wiLCB7XG4gICAgICAgIHZhbHVlOiBjZGsuRm4uam9pbihcIiwgXCIsIHRoaXMuaG9zdGVkWm9uZS5ob3N0ZWRab25lTmFtZVNlcnZlcnMpLFxuICAgICAgfSlcbiAgICB9XG5cbiAgICBuZXcgY2RrLkNmbk91dHB1dCh0aGlzLCBcIklkXCIsIHtcbiAgICAgIHZhbHVlOiB0aGlzLmhvc3RlZFpvbmUuaG9zdGVkWm9uZUlkLFxuICAgIH0pXG4gIH1cblxuICAvKipcbiAgICogR2V0IHRoZSBIb3N0ZWQgWm9uZSBieSByZXNvbHZpbmcgdGhlIHpvbmUgaWQgZnJvbSBTU00gUGFyYW1ldGVyIFN0b3JlXG4gICAqIGluIGNhc2Ugd2UgYXJlIGNyb3NzLXJlZ2lvbi5cbiAgICovXG4gIHB1YmxpYyBnZXRIb3N0ZWRab25lKFxuICAgIHNjb3BlOiBjb25zdHJ1Y3RzLkNvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICApOiByb3V0ZTUzLklIb3N0ZWRab25lIHtcbiAgICBjb25zdCBob3N0ZWRab25lUmVnaW9uID0gY2RrLlN0YWNrLm9mKHRoaXMpLnJlZ2lvblxuICAgIGNvbnN0IGNvbnN1bWVyUmVnaW9uID0gY2RrLlN0YWNrLm9mKHNjb3BlKS5yZWdpb25cblxuICAgIGNvbnN0IHNhbWVTdGFnZU9yQXBwID0gZ2V0U3RhZ2VPckFwcCh0aGlzKSA9PT0gZ2V0U3RhZ2VPckFwcChzY29wZSlcblxuICAgIC8vIEZhc3QtcGF0aDogU2FtZSByZWdpb24gYW5kIHBhcmVudCBzdGFnZS9hcHAuXG4gICAgaWYgKGhvc3RlZFpvbmVSZWdpb24gPT09IGNvbnN1bWVyUmVnaW9uICYmIHNhbWVTdGFnZU9yQXBwKSB7XG4gICAgICByZXR1cm4gdGhpcy5ob3N0ZWRab25lXG4gICAgfVxuXG4gICAgLy8gT25seSBhZGQgZGVwZW5kZW5jeSBpZiB3aXRoaW4gc2FtZSBhcHAvc3RhZ2UuIElmIG5vdCBpdFxuICAgIC8vIGlzIHRoZSBjYWxsZXIgcmVzcG9uc2liaWxpdHkgdG8gZW5zdXJlIGRlcGxveW1lbnQgb3JkZXIuXG4gICAgaWYgKHNhbWVTdGFnZU9yQXBwKSB7XG4gICAgICBzY29wZS5ub2RlLmFkZERlcGVuZGVuY3kodGhpcylcbiAgICB9XG5cbiAgICBjb25zdCBob3N0ZWRab25lSWQgPSBuZXcgU3NtUGFyYW1ldGVyUmVhZGVyKHNjb3BlLCBgJHtpZH1QYXJhbWAsIHtcbiAgICAgIHBhcmFtZXRlck5hbWU6IHRoaXMuaWRQYXJhbU5hbWUsXG4gICAgICByZWdpb246IGNkay5TdGFjay5vZih0aGlzKS5yZWdpb24sXG4gICAgICBub25jZTogdGhpcy5ub25jZSxcbiAgICB9KS5nZXRQYXJhbWV0ZXJWYWx1ZSgpXG4gICAgcmV0dXJuIHJvdXRlNTMuSG9zdGVkWm9uZS5mcm9tSG9zdGVkWm9uZUF0dHJpYnV0ZXMoc2NvcGUsIGlkLCB7XG4gICAgICBob3N0ZWRab25lSWQsXG4gICAgICB6b25lTmFtZTogdGhpcy5uYW1lLFxuICAgIH0pXG4gIH1cbn1cbiJdfQ==

package/lib/index.d.ts

@@ -0,0 +1,32 @@
+import * as alarms from "./alarms";
+import * as cdkPipelines from "./cdk-pipelines";
+import * as griid from "./griid";
+import * as pipelines from "./pipelines";
+import * as ses from "./ses";
+import * as webapp from "./webapp";
+import * as configureParameters from "./configure-parameters";
+import * as ecs from "./ecs";
+import * as loadBalancer from "./load-balancer";
+import * as cloudTrailSlackIntegration from "./cloudtrail-slack-integration";
+import * as rds from "./rds";
+import * as platform from "./platform";
+export { BastionHost } from "./bastion-host";
+export * from "./build-artifacts";
+export * from "./cdk-deploy";
+export { CrossRegionSsmParameter } from "./cross-region-ssm-parameter";
+export * from "./ecs-update-image";
+export { HostedZoneWithParam } from "./hosted-zone-with-param";
+export { createCloudAssemblySnapshot } from "./snapshots";
+export { SsmParameterBackedResource } from "./ssm-parameter-backed-resource";
+export { SsmParameterReader } from "./ssm-parameter-reader";
+export { tagResources } from "./tags";
+export { WebappDeployViaRole } from "./webapp-deploy-via-role";
+export { alarms, cdkPipelines, griid, pipelines, ses, webapp, configureParameters, ecs, loadBalancer, rds, platform, cloudTrailSlackIntegration, };
+/**
+ * Check if we are synthesizing a snapshot by setting IS_SNAPSHOT
+ * environment variable to true.
+ *
+ * This allows for special conditional logic that should only
+ * happen during snapshot creation.
+ */
+export declare const isSnapshot: boolean;

package/lib/kinesis/index.d.ts

@@ -0,0 +1 @@
+export { KinesisToDatadogStream, KinesisToDatadogStreamProps, } from "./kinesis-to-datadog-stream";