@liflig/cdk 2.18.5 → 2.18.7

package/lib/webapp/webapp.d.ts

@@ -0,0 +1,116 @@
+import * as constructs from "constructs";
+import * as certificatemanager from "aws-cdk-lib/aws-certificatemanager";
+import * as cloudfront from "aws-cdk-lib/aws-cloudfront";
+import * as origins from "aws-cdk-lib/aws-cloudfront-origins";
+import * as r53 from "aws-cdk-lib/aws-route53";
+import * as s3 from "aws-cdk-lib/aws-s3";
+import * as webappDeploy from "@capraconsulting/webapp-deploy-lambda";
+import { WebappSecurityHeadersProps } from "./security-headers";
+export interface WebappProps {
+    /**
+     * ACM certificate that covers the specifeid domain names.
+     *
+     * This certificate must be created in the region us-east-1.
+     *
+     * @default - The CloudFront wildcard certificate (*.cloudfront.net) will be used.
+     */
+    cloudfrontCertificate?: certificatemanager.ICertificate;
+    /**
+     * List of domain names the CloudFront distribution should use.
+     *
+     * @default - Generated name (e.g., d111111abcdef8.cloudfront.net)
+     */
+    domainNames?: string[];
+    /**
+     * AWS WAF web ACL to associate with the CloudFront distribution.
+     *
+     * To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example
+     * `arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a`.
+     * To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example `473e64fd-f30b-4765-81a0-62ad96dd167a`.
+     *
+     * @default - No AWS Web Application Firewall web access control list (web ACL).
+     */
+    webAclId?: string;
+    /**
+     * The path to the page that will be served for users not allowed to access
+     * the site when using WAF. E.g. "/4xx-errors/403-forbidden.html".
+     *
+     * Note that this wil catch any 403 errors from the origin(s), that might
+     * cover any other behaviors is added.
+     *
+     * @default - No custom page for 403 errors.
+     */
+    webAclErrorPagePath?: string;
+    /**
+     *  Enable, disable or configure security headers for the web application
+     * @default - a set of strict security headers are configured by default
+     */
+    securityHeaders?: {
+        /**
+         * Enable adding common security headers to CloudFront responses
+         *
+         * If enabled, the default behavior is to add the following headers with fairly strict defaults. Most of the headers can be customized:
+         * - Content-Security-Policy
+         * - Referrer-Policy
+         * - Strict-Transport-Security
+         * - X-Content-Type-Options
+         * - X-Frame-Options
+         * - X-XSS-Protection
+         *
+         *
+         * @default true
+         */
+        enabled?: boolean;
+        /**
+         * Security headers overrides.
+         *
+         * Used to override certain default security header values if the webapp requires different settings than the defaults.
+         *
+         * NOTE: If you need to disable certain headers, you must explicitly set them to undefined
+         *
+         * @default - A set of strict security header values will be used
+         */
+        behaviorOverrides?: WebappSecurityHeadersProps;
+    };
+    /**
+     * Cloudfront behavior overrides.
+     *
+     * Used to override cloudfront behavior
+     *
+     * NOTE: ResponseHeadersPolicy defined here will overwrite BOTH the default security headers policy and
+     * any values specified in securityHeaders.behaviorOverrides.
+     */
+    overrideCloudFrontBehaviourOptions?: Partial<cloudfront.BehaviorOptions>;
+}
+/**
+ * CloudFront for a Single-Page-Application.
+ *
+ * A bucket will be created and its prefix "web" is used to
+ * serve files. Use the addDeployment method to automatically
+ * deploy files as part the the CDK deployment.
+ */
+export declare class Webapp extends constructs.Construct {
+    readonly distribution: cloudfront.Distribution;
+    readonly webappBucket: s3.Bucket;
+    readonly webappOrigin: origins.S3Origin;
+    constructor(scope: constructs.Construct, id: string, props: WebappProps);
+    addDnsRecord(hostedZone: r53.IHostedZone, domainName: string): void;
+    /**
+     * Add a deployment using webapp-deploy-lambda.
+     *
+     * See https://github.com/capraconsulting/webapp-deploy-lambda
+     * for details about how this works.
+     */
+    addDeployment(
+    /**
+     * The deployment source.
+     */
+    source: webappDeploy.ISource, props?: {
+        /**
+         * Include source maps in the deployment.
+         *
+         * @default false
+         */
+        deploySourceMaps?: boolean;
+    }): void;
+}

package/lib/webapp/webapp.js

@@ -0,0 +1,118 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Webapp = void 0;
+const constructs = require("constructs");
+const cloudfront = require("aws-cdk-lib/aws-cloudfront");
+const origins = require("aws-cdk-lib/aws-cloudfront-origins");
+const iam = require("aws-cdk-lib/aws-iam");
+const r53 = require("aws-cdk-lib/aws-route53");
+const r53t = require("aws-cdk-lib/aws-route53-targets");
+const s3 = require("aws-cdk-lib/aws-s3");
+const webappDeploy = require("@capraconsulting/webapp-deploy-lambda");
+const security_headers_1 = require("./security-headers");
+/**
+ * CloudFront for a Single-Page-Application.
+ *
+ * A bucket will be created and its prefix "web" is used to
+ * serve files. Use the addDeployment method to automatically
+ * deploy files as part the the CDK deployment.
+ */
+class Webapp extends constructs.Construct {
+    constructor(scope, id, props) {
+        var _a, _b, _c, _d, _e;
+        super(scope, id);
+        if (props.webAclErrorPagePath != null && props.webAclId == null) {
+            throw new Error("webAclErrorPagePath set but webAclId is missing");
+        }
+        this.webappBucket = new s3.Bucket(this, "Bucket", {
+            encryption: s3.BucketEncryption.S3_MANAGED,
+        });
+        const originAccessIdentity = new cloudfront.OriginAccessIdentity(this, "OriginAccessIdentity");
+        this.webappBucket.addToResourcePolicy(new iam.PolicyStatement({
+            resources: [this.webappBucket.arnForObjects("*")],
+            actions: ["s3:GetObject"],
+            principals: [originAccessIdentity.grantPrincipal],
+        }));
+        this.webappBucket.addToResourcePolicy(new iam.PolicyStatement({
+            resources: [this.webappBucket.bucketArn],
+            // Grant s3:ListBucket so that CloudFront receives 404 from
+            // the origin rather than 403 when accessing files that
+            // does not exist. We cannot fallback to index.html for 403
+            // errors since it would also be served if using a WAF.
+            // See https://aws.amazon.com/premiumsupport/knowledge-center/s3-website-cloudfront-error-403/#The_requested_objects_must_exist_in_the_bucket
+            actions: ["s3:ListBucket"],
+            principals: [originAccessIdentity.grantPrincipal],
+        }));
+        this.webappOrigin = new origins.S3Origin(this.webappBucket, {
+            // webapp-deploy-lambda will upload files to this folder
+            // since it keeps some other administrative files outside.
+            originPath: "/web",
+            originAccessIdentity,
+        });
+        const errorResponses = [
+            {
+                httpStatus: 404,
+                responseHttpStatus: 200,
+                responsePagePath: "/index.html",
+            },
+        ];
+        if (props.webAclErrorPagePath != null) {
+            errorResponses.push({
+                httpStatus: 403,
+                responseHttpStatus: 403,
+                responsePagePath: props.webAclErrorPagePath,
+            });
+        }
+        let responseHeadersPolicy;
+        if (((_b = (_a = props.securityHeaders) === null || _a === void 0 ? void 0 : _a.enabled) !== null && _b !== void 0 ? _b : true) &&
+            !((_d = (_c = props.overrideCloudFrontBehaviourOptions) === null || _c === void 0 ? void 0 : _c.responseHeadersPolicy) === null || _d === void 0 ? void 0 : _d.responseHeadersPolicyId)) {
+            const securityHeaders = new security_headers_1.WebappSecurityHeaders(this, "SecurityHeaders", {
+                ...(_e = props.securityHeaders) === null || _e === void 0 ? void 0 : _e.behaviorOverrides,
+            });
+            responseHeadersPolicy = securityHeaders.responseHeadersPolicy;
+        }
+        this.distribution = new cloudfront.Distribution(this, "Distribution", {
+            defaultBehavior: {
+                origin: this.webappOrigin,
+                viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+                responseHeadersPolicy: responseHeadersPolicy,
+                ...props.overrideCloudFrontBehaviourOptions,
+            },
+            defaultRootObject: "index.html",
+            priceClass: cloudfront.PriceClass.PRICE_CLASS_100,
+            certificate: props.cloudfrontCertificate,
+            domainNames: props.domainNames,
+            errorResponses,
+            webAclId: props.webAclId,
+        });
+    }
+    addDnsRecord(hostedZone, domainName) {
+        new r53.ARecord(this, `DnsRecord${domainName}`, {
+            zone: hostedZone,
+            recordName: `${domainName}.`,
+            target: r53.RecordTarget.fromAlias(new r53t.CloudFrontTarget(this.distribution)),
+        });
+    }
+    /**
+     * Add a deployment using webapp-deploy-lambda.
+     *
+     * See https://github.com/capraconsulting/webapp-deploy-lambda
+     * for details about how this works.
+     */
+    addDeployment(
+    /**
+     * The deployment source.
+     */
+    source, props) {
+        var _a;
+        const deploySourceMaps = (_a = props === null || props === void 0 ? void 0 : props.deploySourceMaps) !== null && _a !== void 0 ? _a : false;
+        new webappDeploy.WebappDeploy(this, "Deploy", {
+            source: source,
+            webBucket: this.webappBucket,
+            distribution: this.distribution,
+            excludePattern: deploySourceMaps ? undefined : "\\.map$",
+        });
+    }
+}
+exports.Webapp = Webapp;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoid2ViYXBwLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3dlYmFwcC93ZWJhcHAudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEseUNBQXdDO0FBRXhDLHlEQUF3RDtBQUN4RCw4REFBNkQ7QUFDN0QsMkNBQTBDO0FBQzFDLCtDQUE4QztBQUM5Qyx3REFBdUQ7QUFDdkQseUNBQXdDO0FBQ3hDLHNFQUFxRTtBQUNyRSx5REFHMkI7QUErRTNCOzs7Ozs7R0FNRztBQUNILE1BQWEsTUFBTyxTQUFRLFVBQVUsQ0FBQyxTQUFTO0lBSzlDLFlBQVksS0FBMkIsRUFBRSxFQUFVLEVBQUUsS0FBa0I7O1FBQ3JFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUE7UUFFaEIsSUFBSSxLQUFLLENBQUMsbUJBQW1CLElBQUksSUFBSSxJQUFJLEtBQUssQ0FBQyxRQUFRLElBQUksSUFBSSxFQUFFLENBQUM7WUFDaEUsTUFBTSxJQUFJLEtBQUssQ0FBQyxpREFBaUQsQ0FBQyxDQUFBO1FBQ3BFLENBQUM7UUFFRCxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsUUFBUSxFQUFFO1lBQ2hELFVBQVUsRUFBRSxFQUFFLENBQUMsZ0JBQWdCLENBQUMsVUFBVTtTQUMzQyxDQUFDLENBQUE7UUFFRixNQUFNLG9CQUFvQixHQUFHLElBQUksVUFBVSxDQUFDLG9CQUFvQixDQUM5RCxJQUFJLEVBQ0osc0JBQXNCLENBQ3ZCLENBQUE7UUFFRCxJQUFJLENBQUMsWUFBWSxDQUFDLG1CQUFtQixDQUNuQyxJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQUM7WUFDdEIsU0FBUyxFQUFFLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDakQsT0FBTyxFQUFFLENBQUMsY0FBYyxDQUFDO1lBQ3pCLFVBQVUsRUFBRSxDQUFDLG9CQUFvQixDQUFDLGNBQWMsQ0FBQztTQUNsRCxDQUFDLENBQ0gsQ0FBQTtRQUVELElBQUksQ0FBQyxZQUFZLENBQUMsbUJBQW1CLENBQ25DLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQztZQUN0QixTQUFTLEVBQUUsQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQztZQUN4QywyREFBMkQ7WUFDM0QsdURBQXVEO1lBQ3ZELDJEQUEyRDtZQUMzRCx1REFBdUQ7WUFDdkQsNklBQTZJO1lBQzdJLE9BQU8sRUFBRSxDQUFDLGVBQWUsQ0FBQztZQUMxQixVQUFVLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxjQUFjLENBQUM7U0FDbEQsQ0FBQyxDQUNILENBQUE7UUFFRCxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsWUFBWSxFQUFFO1lBQzFELHdEQUF3RDtZQUN4RCwwREFBMEQ7WUFDMUQsVUFBVSxFQUFFLE1BQU07WUFDbEIsb0JBQW9CO1NBQ3JCLENBQUMsQ0FBQTtRQUVGLE1BQU0sY0FBYyxHQUErQjtZQUNqRDtnQkFDRSxVQUFVLEVBQUUsR0FBRztnQkFDZixrQkFBa0IsRUFBRSxHQUFHO2dCQUN2QixnQkFBZ0IsRUFBRSxhQUFhO2FBQ2hDO1NBQ0YsQ0FBQTtRQUVELElBQUksS0FBSyxDQUFDLG1CQUFtQixJQUFJLElBQUksRUFBRSxDQUFDO1lBQ3RDLGNBQWMsQ0FBQyxJQUFJLENBQUM7Z0JBQ2xCLFVBQVUsRUFBRSxHQUFHO2dCQUNmLGtCQUFrQixFQUFFLEdBQUc7Z0JBQ3ZCLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxtQkFBbUI7YUFDNUMsQ0FBQyxDQUFBO1FBQ0osQ0FBQztRQUVELElBQUkscUJBQW9FLENBQUE7UUFFeEUsSUFDRSxDQUFDLE1BQUEsTUFBQSxLQUFLLENBQUMsZUFBZSwwQ0FBRSxPQUFPLG1DQUFJLElBQUksQ0FBQztZQUN4QyxDQUFDLENBQUEsTUFBQSxNQUFBLEtBQUssQ0FBQyxrQ0FBa0MsMENBQUUscUJBQXFCLDBDQUM1RCx1QkFBdUIsQ0FBQSxFQUMzQixDQUFDO1lBQ0QsTUFBTSxlQUFlLEdBQUcsSUFBSSx3Q0FBcUIsQ0FDL0MsSUFBSSxFQUNKLGlCQUFpQixFQUNqQjtnQkFDRSxHQUFHLE1BQUEsS0FBSyxDQUFDLGVBQWUsMENBQUUsaUJBQWlCO2FBQzVDLENBQ0YsQ0FBQTtZQUNELHFCQUFxQixHQUFHLGVBQWUsQ0FBQyxxQkFBcUIsQ0FBQTtRQUMvRCxDQUFDO1FBRUQsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLFVBQVUsQ0FBQyxZQUFZLENBQUMsSUFBSSxFQUFFLGNBQWMsRUFBRTtZQUNwRSxlQUFlLEVBQUU7Z0JBQ2YsTUFBTSxFQUFFLElBQUksQ0FBQyxZQUFZO2dCQUN6QixvQkFBb0IsRUFBRSxVQUFVLENBQUMsb0JBQW9CLENBQUMsaUJBQWlCO2dCQUN2RSxxQkFBcUIsRUFBRSxxQkFBcUI7Z0JBQzVDLEdBQUcsS0FBSyxDQUFDLGtDQUFrQzthQUM1QztZQUNELGlCQUFpQixFQUFFLFlBQVk7WUFDL0IsVUFBVSxFQUFFLFVBQVUsQ0FBQyxVQUFVLENBQUMsZUFBZTtZQUNqRCxXQUFXLEVBQUUsS0FBSyxDQUFDLHFCQUFxQjtZQUN4QyxXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7WUFDOUIsY0FBYztZQUNkLFFBQVEsRUFBRSxLQUFLLENBQUMsUUFBUTtTQUN6QixDQUFDLENBQUE7SUFDSixDQUFDO0lBRUQsWUFBWSxDQUFDLFVBQTJCLEVBQUUsVUFBa0I7UUFDMUQsSUFBSSxHQUFHLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxZQUFZLFVBQVUsRUFBRSxFQUFFO1lBQzlDLElBQUksRUFBRSxVQUFVO1lBQ2hCLFVBQVUsRUFBRSxHQUFHLFVBQVUsR0FBRztZQUM1QixNQUFNLEVBQUUsR0FBRyxDQUFDLFlBQVksQ0FBQyxTQUFTLENBQ2hDLElBQUksSUFBSSxDQUFDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FDN0M7U0FDRixDQUFDLENBQUE7SUFDSixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxhQUFhO0lBQ1g7O09BRUc7SUFDSCxNQUE0QixFQUM1QixLQU9DOztRQUVELE1BQU0sZ0JBQWdCLEdBQUcsTUFBQSxLQUFLLGFBQUwsS0FBSyx1QkFBTCxLQUFLLENBQUUsZ0JBQWdCLG1DQUFJLEtBQUssQ0FBQTtRQUV6RCxJQUFJLFlBQVksQ0FBQyxZQUFZLENBQUMsSUFBSSxFQUFFLFFBQVEsRUFBRTtZQUM1QyxNQUFNLEVBQUUsTUFBTTtZQUNkLFNBQVMsRUFBRSxJQUFJLENBQUMsWUFBWTtZQUM1QixZQUFZLEVBQUUsSUFBSSxDQUFDLFlBQVk7WUFDL0IsY0FBYyxFQUFFLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLFNBQVM7U0FDekQsQ0FBQyxDQUFBO0lBQ0osQ0FBQztDQUNGO0FBeklELHdCQXlJQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSBcImNvbnN0cnVjdHNcIlxuaW1wb3J0ICogYXMgY2VydGlmaWNhdGVtYW5hZ2VyIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtY2VydGlmaWNhdGVtYW5hZ2VyXCJcbmltcG9ydCAqIGFzIGNsb3VkZnJvbnQgZnJvbSBcImF3cy1jZGstbGliL2F3cy1jbG91ZGZyb250XCJcbmltcG9ydCAqIGFzIG9yaWdpbnMgZnJvbSBcImF3cy1jZGstbGliL2F3cy1jbG91ZGZyb250LW9yaWdpbnNcIlxuaW1wb3J0ICogYXMgaWFtIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCJcbmltcG9ydCAqIGFzIHI1MyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXJvdXRlNTNcIlxuaW1wb3J0ICogYXMgcjUzdCBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXJvdXRlNTMtdGFyZ2V0c1wiXG5pbXBvcnQgKiBhcyBzMyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXMzXCJcbmltcG9ydCAqIGFzIHdlYmFwcERlcGxveSBmcm9tIFwiQGNhcHJhY29uc3VsdGluZy93ZWJhcHAtZGVwbG95LWxhbWJkYVwiXG5pbXBvcnQge1xuICBXZWJhcHBTZWN1cml0eUhlYWRlcnMsXG4gIFdlYmFwcFNlY3VyaXR5SGVhZGVyc1Byb3BzLFxufSBmcm9tIFwiLi9zZWN1cml0eS1oZWFkZXJzXCJcblxuZXhwb3J0IGludGVyZmFjZSBXZWJhcHBQcm9wcyB7XG4gIC8qKlxuICAgKiBBQ00gY2VydGlmaWNhdGUgdGhhdCBjb3ZlcnMgdGhlIHNwZWNpZmVpZCBkb21haW4gbmFtZXMuXG4gICAqXG4gICAqIFRoaXMgY2VydGlmaWNhdGUgbXVzdCBiZSBjcmVhdGVkIGluIHRoZSByZWdpb24gdXMtZWFzdC0xLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIFRoZSBDbG91ZEZyb250IHdpbGRjYXJkIGNlcnRpZmljYXRlICgqLmNsb3VkZnJvbnQubmV0KSB3aWxsIGJlIHVzZWQuXG4gICAqL1xuICBjbG91ZGZyb250Q2VydGlmaWNhdGU/OiBjZXJ0aWZpY2F0ZW1hbmFnZXIuSUNlcnRpZmljYXRlXG4gIC8qKlxuICAgKiBMaXN0IG9mIGRvbWFpbiBuYW1lcyB0aGUgQ2xvdWRGcm9udCBkaXN0cmlidXRpb24gc2hvdWxkIHVzZS5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBHZW5lcmF0ZWQgbmFtZSAoZS5nLiwgZDExMTExMWFiY2RlZjguY2xvdWRmcm9udC5uZXQpXG4gICAqL1xuICBkb21haW5OYW1lcz86IHN0cmluZ1tdXG4gIC8qKlxuICAgKiBBV1MgV0FGIHdlYiBBQ0wgdG8gYXNzb2NpYXRlIHdpdGggdGhlIENsb3VkRnJvbnQgZGlzdHJpYnV0aW9uLlxuICAgKlxuICAgKiBUbyBzcGVjaWZ5IGEgd2ViIEFDTCBjcmVhdGVkIHVzaW5nIHRoZSBsYXRlc3QgdmVyc2lvbiBvZiBBV1MgV0FGLCB1c2UgdGhlIEFDTCBBUk4sIGZvciBleGFtcGxlXG4gICAqIGBhcm46YXdzOndhZnYyOnVzLWVhc3QtMToxMjM0NTY3ODkwMTI6Z2xvYmFsL3dlYmFjbC9FeGFtcGxlV2ViQUNMLzQ3M2U2NGZkLWYzMGItNDc2NS04MWEwLTYyYWQ5NmRkMTY3YWAuXG4gICAqIFRvIHNwZWNpZnkgYSB3ZWIgQUNMIGNyZWF0ZWQgdXNpbmcgQVdTIFdBRiBDbGFzc2ljLCB1c2UgdGhlIEFDTCBJRCwgZm9yIGV4YW1wbGUgYDQ3M2U2NGZkLWYzMGItNDc2NS04MWEwLTYyYWQ5NmRkMTY3YWAuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gTm8gQVdTIFdlYiBBcHBsaWNhdGlvbiBGaXJld2FsbCB3ZWIgYWNjZXNzIGNvbnRyb2wgbGlzdCAod2ViIEFDTCkuXG4gICAqL1xuICB3ZWJBY2xJZD86IHN0cmluZ1xuICAvKipcbiAgICogVGhlIHBhdGggdG8gdGhlIHBhZ2UgdGhhdCB3aWxsIGJlIHNlcnZlZCBmb3IgdXNlcnMgbm90IGFsbG93ZWQgdG8gYWNjZXNzXG4gICAqIHRoZSBzaXRlIHdoZW4gdXNpbmcgV0FGLiBFLmcuIFwiLzR4eC1lcnJvcnMvNDAzLWZvcmJpZGRlbi5odG1sXCIuXG4gICAqXG4gICAqIE5vdGUgdGhhdCB0aGlzIHdpbCBjYXRjaCBhbnkgNDAzIGVycm9ycyBmcm9tIHRoZSBvcmlnaW4ocyksIHRoYXQgbWlnaHRcbiAgICogY292ZXIgYW55IG90aGVyIGJlaGF2aW9ycyBpcyBhZGRlZC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBObyBjdXN0b20gcGFnZSBmb3IgNDAzIGVycm9ycy5cbiAgICovXG4gIHdlYkFjbEVycm9yUGFnZVBhdGg/OiBzdHJpbmdcbiAgLyoqXG4gICAqICBFbmFibGUsIGRpc2FibGUgb3IgY29uZmlndXJlIHNlY3VyaXR5IGhlYWRlcnMgZm9yIHRoZSB3ZWIgYXBwbGljYXRpb25cbiAgICogQGRlZmF1bHQgLSBhIHNldCBvZiBzdHJpY3Qgc2VjdXJpdHkgaGVhZGVycyBhcmUgY29uZmlndXJlZCBieSBkZWZhdWx0XG4gICAqL1xuICBzZWN1cml0eUhlYWRlcnM/OiB7XG4gICAgLyoqXG4gICAgICogRW5hYmxlIGFkZGluZyBjb21tb24gc2VjdXJpdHkgaGVhZGVycyB0byBDbG91ZEZyb250IHJlc3BvbnNlc1xuICAgICAqXG4gICAgICogSWYgZW5hYmxlZCwgdGhlIGRlZmF1bHQgYmVoYXZpb3IgaXMgdG8gYWRkIHRoZSBmb2xsb3dpbmcgaGVhZGVycyB3aXRoIGZhaXJseSBzdHJpY3QgZGVmYXVsdHMuIE1vc3Qgb2YgdGhlIGhlYWRlcnMgY2FuIGJlIGN1c3RvbWl6ZWQ6XG4gICAgICogLSBDb250ZW50LVNlY3VyaXR5LVBvbGljeVxuICAgICAqIC0gUmVmZXJyZXItUG9saWN5XG4gICAgICogLSBTdHJpY3QtVHJhbnNwb3J0LVNlY3VyaXR5XG4gICAgICogLSBYLUNvbnRlbnQtVHlwZS1PcHRpb25zXG4gICAgICogLSBYLUZyYW1lLU9wdGlvbnNcbiAgICAgKiAtIFgtWFNTLVByb3RlY3Rpb25cbiAgICAgKlxuICAgICAqXG4gICAgICogQGRlZmF1bHQgdHJ1ZVxuICAgICAqL1xuICAgIGVuYWJsZWQ/OiBib29sZWFuXG4gICAgLyoqXG4gICAgICogU2VjdXJpdHkgaGVhZGVycyBvdmVycmlkZXMuXG4gICAgICpcbiAgICAgKiBVc2VkIHRvIG92ZXJyaWRlIGNlcnRhaW4gZGVmYXVsdCBzZWN1cml0eSBoZWFkZXIgdmFsdWVzIGlmIHRoZSB3ZWJhcHAgcmVxdWlyZXMgZGlmZmVyZW50IHNldHRpbmdzIHRoYW4gdGhlIGRlZmF1bHRzLlxuICAgICAqXG4gICAgICogTk9URTogSWYgeW91IG5lZWQgdG8gZGlzYWJsZSBjZXJ0YWluIGhlYWRlcnMsIHlvdSBtdXN0IGV4cGxpY2l0bHkgc2V0IHRoZW0gdG8gdW5kZWZpbmVkXG4gICAgICpcbiAgICAgKiBAZGVmYXVsdCAtIEEgc2V0IG9mIHN0cmljdCBzZWN1cml0eSBoZWFkZXIgdmFsdWVzIHdpbGwgYmUgdXNlZFxuICAgICAqL1xuICAgIGJlaGF2aW9yT3ZlcnJpZGVzPzogV2ViYXBwU2VjdXJpdHlIZWFkZXJzUHJvcHNcbiAgfVxuICAvKipcbiAgICogQ2xvdWRmcm9udCBiZWhhdmlvciBvdmVycmlkZXMuXG4gICAqXG4gICAqIFVzZWQgdG8gb3ZlcnJpZGUgY2xvdWRmcm9udCBiZWhhdmlvclxuICAgKlxuICAgKiBOT1RFOiBSZXNwb25zZUhlYWRlcnNQb2xpY3kgZGVmaW5lZCBoZXJlIHdpbGwgb3ZlcndyaXRlIEJPVEggdGhlIGRlZmF1bHQgc2VjdXJpdHkgaGVhZGVycyBwb2xpY3kgYW5kXG4gICAqIGFueSB2YWx1ZXMgc3BlY2lmaWVkIGluIHNlY3VyaXR5SGVhZGVycy5iZWhhdmlvck92ZXJyaWRlcy5cbiAgICovXG4gIG92ZXJyaWRlQ2xvdWRGcm9udEJlaGF2aW91ck9wdGlvbnM/OiBQYXJ0aWFsPGNsb3VkZnJvbnQuQmVoYXZpb3JPcHRpb25zPlxufVxuXG4vKipcbiAqIENsb3VkRnJvbnQgZm9yIGEgU2luZ2xlLVBhZ2UtQXBwbGljYXRpb24uXG4gKlxuICogQSBidWNrZXQgd2lsbCBiZSBjcmVhdGVkIGFuZCBpdHMgcHJlZml4IFwid2ViXCIgaXMgdXNlZCB0b1xuICogc2VydmUgZmlsZXMuIFVzZSB0aGUgYWRkRGVwbG95bWVudCBtZXRob2QgdG8gYXV0b21hdGljYWxseVxuICogZGVwbG95IGZpbGVzIGFzIHBhcnQgdGhlIHRoZSBDREsgZGVwbG95bWVudC5cbiAqL1xuZXhwb3J0IGNsYXNzIFdlYmFwcCBleHRlbmRzIGNvbnN0cnVjdHMuQ29uc3RydWN0IHtcbiAgcHVibGljIHJlYWRvbmx5IGRpc3RyaWJ1dGlvbjogY2xvdWRmcm9udC5EaXN0cmlidXRpb25cbiAgcHVibGljIHJlYWRvbmx5IHdlYmFwcEJ1Y2tldDogczMuQnVja2V0XG4gIHB1YmxpYyByZWFkb25seSB3ZWJhcHBPcmlnaW46IG9yaWdpbnMuUzNPcmlnaW5cblxuICBjb25zdHJ1Y3RvcihzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBXZWJhcHBQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZClcblxuICAgIGlmIChwcm9wcy53ZWJBY2xFcnJvclBhZ2VQYXRoICE9IG51bGwgJiYgcHJvcHMud2ViQWNsSWQgPT0gbnVsbCkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKFwid2ViQWNsRXJyb3JQYWdlUGF0aCBzZXQgYnV0IHdlYkFjbElkIGlzIG1pc3NpbmdcIilcbiAgICB9XG5cbiAgICB0aGlzLndlYmFwcEJ1Y2tldCA9IG5ldyBzMy5CdWNrZXQodGhpcywgXCJCdWNrZXRcIiwge1xuICAgICAgZW5jcnlwdGlvbjogczMuQnVja2V0RW5jcnlwdGlvbi5TM19NQU5BR0VELFxuICAgIH0pXG5cbiAgICBjb25zdCBvcmlnaW5BY2Nlc3NJZGVudGl0eSA9IG5ldyBjbG91ZGZyb250Lk9yaWdpbkFjY2Vzc0lkZW50aXR5KFxuICAgICAgdGhpcyxcbiAgICAgIFwiT3JpZ2luQWNjZXNzSWRlbnRpdHlcIixcbiAgICApXG5cbiAgICB0aGlzLndlYmFwcEJ1Y2tldC5hZGRUb1Jlc291cmNlUG9saWN5KFxuICAgICAgbmV3IGlhbS5Qb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICByZXNvdXJjZXM6IFt0aGlzLndlYmFwcEJ1Y2tldC5hcm5Gb3JPYmplY3RzKFwiKlwiKV0sXG4gICAgICAgIGFjdGlvbnM6IFtcInMzOkdldE9iamVjdFwiXSxcbiAgICAgICAgcHJpbmNpcGFsczogW29yaWdpbkFjY2Vzc0lkZW50aXR5LmdyYW50UHJpbmNpcGFsXSxcbiAgICAgIH0pLFxuICAgIClcblxuICAgIHRoaXMud2ViYXBwQnVja2V0LmFkZFRvUmVzb3VyY2VQb2xpY3koXG4gICAgICBuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgIHJlc291cmNlczogW3RoaXMud2ViYXBwQnVja2V0LmJ1Y2tldEFybl0sXG4gICAgICAgIC8vIEdyYW50IHMzOkxpc3RCdWNrZXQgc28gdGhhdCBDbG91ZEZyb250IHJlY2VpdmVzIDQwNCBmcm9tXG4gICAgICAgIC8vIHRoZSBvcmlnaW4gcmF0aGVyIHRoYW4gNDAzIHdoZW4gYWNjZXNzaW5nIGZpbGVzIHRoYXRcbiAgICAgICAgLy8gZG9lcyBub3QgZXhpc3QuIFdlIGNhbm5vdCBmYWxsYmFjayB0byBpbmRleC5odG1sIGZvciA0MDNcbiAgICAgICAgLy8gZXJyb3JzIHNpbmNlIGl0IHdvdWxkIGFsc28gYmUgc2VydmVkIGlmIHVzaW5nIGEgV0FGLlxuICAgICAgICAvLyBTZWUgaHR0cHM6Ly9hd3MuYW1hem9uLmNvbS9wcmVtaXVtc3VwcG9ydC9rbm93bGVkZ2UtY2VudGVyL3MzLXdlYnNpdGUtY2xvdWRmcm9udC1lcnJvci00MDMvI1RoZV9yZXF1ZXN0ZWRfb2JqZWN0c19tdXN0X2V4aXN0X2luX3RoZV9idWNrZXRcbiAgICAgICAgYWN0aW9uczogW1wiczM6TGlzdEJ1Y2tldFwiXSxcbiAgICAgICAgcHJpbmNpcGFsczogW29yaWdpbkFjY2Vzc0lkZW50aXR5LmdyYW50UHJpbmNpcGFsXSxcbiAgICAgIH0pLFxuICAgIClcblxuICAgIHRoaXMud2ViYXBwT3JpZ2luID0gbmV3IG9yaWdpbnMuUzNPcmlnaW4odGhpcy53ZWJhcHBCdWNrZXQsIHtcbiAgICAgIC8vIHdlYmFwcC1kZXBsb3ktbGFtYmRhIHdpbGwgdXBsb2FkIGZpbGVzIHRvIHRoaXMgZm9sZGVyXG4gICAgICAvLyBzaW5jZSBpdCBrZWVwcyBzb21lIG90aGVyIGFkbWluaXN0cmF0aXZlIGZpbGVzIG91dHNpZGUuXG4gICAgICBvcmlnaW5QYXRoOiBcIi93ZWJcIixcbiAgICAgIG9yaWdpbkFjY2Vzc0lkZW50aXR5LFxuICAgIH0pXG5cbiAgICBjb25zdCBlcnJvclJlc3BvbnNlczogY2xvdWRmcm9udC5FcnJvclJlc3BvbnNlW10gPSBbXG4gICAgICB7XG4gICAgICAgIGh0dHBTdGF0dXM6IDQwNCxcbiAgICAgICAgcmVzcG9uc2VIdHRwU3RhdHVzOiAyMDAsXG4gICAgICAgIHJlc3BvbnNlUGFnZVBhdGg6IFwiL2luZGV4Lmh0bWxcIixcbiAgICAgIH0sXG4gICAgXVxuXG4gICAgaWYgKHByb3BzLndlYkFjbEVycm9yUGFnZVBhdGggIT0gbnVsbCkge1xuICAgICAgZXJyb3JSZXNwb25zZXMucHVzaCh7XG4gICAgICAgIGh0dHBTdGF0dXM6IDQwMyxcbiAgICAgICAgcmVzcG9uc2VIdHRwU3RhdHVzOiA0MDMsXG4gICAgICAgIHJlc3BvbnNlUGFnZVBhdGg6IHByb3BzLndlYkFjbEVycm9yUGFnZVBhdGgsXG4gICAgICB9KVxuICAgIH1cblxuICAgIGxldCByZXNwb25zZUhlYWRlcnNQb2xpY3k6IGNsb3VkZnJvbnQuSVJlc3BvbnNlSGVhZGVyc1BvbGljeSB8IHVuZGVmaW5lZFxuXG4gICAgaWYgKFxuICAgICAgKHByb3BzLnNlY3VyaXR5SGVhZGVycz8uZW5hYmxlZCA/PyB0cnVlKSAmJlxuICAgICAgIXByb3BzLm92ZXJyaWRlQ2xvdWRGcm9udEJlaGF2aW91ck9wdGlvbnM/LnJlc3BvbnNlSGVhZGVyc1BvbGljeVxuICAgICAgICA/LnJlc3BvbnNlSGVhZGVyc1BvbGljeUlkXG4gICAgKSB7XG4gICAgICBjb25zdCBzZWN1cml0eUhlYWRlcnMgPSBuZXcgV2ViYXBwU2VjdXJpdHlIZWFkZXJzKFxuICAgICAgICB0aGlzLFxuICAgICAgICBcIlNlY3VyaXR5SGVhZGVyc1wiLFxuICAgICAgICB7XG4gICAgICAgICAgLi4ucHJvcHMuc2VjdXJpdHlIZWFkZXJzPy5iZWhhdmlvck92ZXJyaWRlcyxcbiAgICAgICAgfSxcbiAgICAgIClcbiAgICAgIHJlc3BvbnNlSGVhZGVyc1BvbGljeSA9IHNlY3VyaXR5SGVhZGVycy5yZXNwb25zZUhlYWRlcnNQb2xpY3lcbiAgICB9XG5cbiAgICB0aGlzLmRpc3RyaWJ1dGlvbiA9IG5ldyBjbG91ZGZyb250LkRpc3RyaWJ1dGlvbih0aGlzLCBcIkRpc3RyaWJ1dGlvblwiLCB7XG4gICAgICBkZWZhdWx0QmVoYXZpb3I6IHtcbiAgICAgICAgb3JpZ2luOiB0aGlzLndlYmFwcE9yaWdpbixcbiAgICAgICAgdmlld2VyUHJvdG9jb2xQb2xpY3k6IGNsb3VkZnJvbnQuVmlld2VyUHJvdG9jb2xQb2xpY3kuUkVESVJFQ1RfVE9fSFRUUFMsXG4gICAgICAgIHJlc3BvbnNlSGVhZGVyc1BvbGljeTogcmVzcG9uc2VIZWFkZXJzUG9saWN5LFxuICAgICAgICAuLi5wcm9wcy5vdmVycmlkZUNsb3VkRnJvbnRCZWhhdmlvdXJPcHRpb25zLFxuICAgICAgfSxcbiAgICAgIGRlZmF1bHRSb290T2JqZWN0OiBcImluZGV4Lmh0bWxcIixcbiAgICAgIHByaWNlQ2xhc3M6IGNsb3VkZnJvbnQuUHJpY2VDbGFzcy5QUklDRV9DTEFTU18xMDAsXG4gICAgICBjZXJ0aWZpY2F0ZTogcHJvcHMuY2xvdWRmcm9udENlcnRpZmljYXRlLFxuICAgICAgZG9tYWluTmFtZXM6IHByb3BzLmRvbWFpbk5hbWVzLFxuICAgICAgZXJyb3JSZXNwb25zZXMsXG4gICAgICB3ZWJBY2xJZDogcHJvcHMud2ViQWNsSWQsXG4gICAgfSlcbiAgfVxuXG4gIGFkZERuc1JlY29yZChob3N0ZWRab25lOiByNTMuSUhvc3RlZFpvbmUsIGRvbWFpbk5hbWU6IHN0cmluZyk6IHZvaWQge1xuICAgIG5ldyByNTMuQVJlY29yZCh0aGlzLCBgRG5zUmVjb3JkJHtkb21haW5OYW1lfWAsIHtcbiAgICAgIHpvbmU6IGhvc3RlZFpvbmUsXG4gICAgICByZWNvcmROYW1lOiBgJHtkb21haW5OYW1lfS5gLFxuICAgICAgdGFyZ2V0OiByNTMuUmVjb3JkVGFyZ2V0LmZyb21BbGlhcyhcbiAgICAgICAgbmV3IHI1M3QuQ2xvdWRGcm9udFRhcmdldCh0aGlzLmRpc3RyaWJ1dGlvbiksXG4gICAgICApLFxuICAgIH0pXG4gIH1cblxuICAvKipcbiAgICogQWRkIGEgZGVwbG95bWVudCB1c2luZyB3ZWJhcHAtZGVwbG95LWxhbWJkYS5cbiAgICpcbiAgICogU2VlIGh0dHBzOi8vZ2l0aHViLmNvbS9jYXByYWNvbnN1bHRpbmcvd2ViYXBwLWRlcGxveS1sYW1iZGFcbiAgICogZm9yIGRldGFpbHMgYWJvdXQgaG93IHRoaXMgd29ya3MuXG4gICAqL1xuICBhZGREZXBsb3ltZW50KFxuICAgIC8qKlxuICAgICAqIFRoZSBkZXBsb3ltZW50IHNvdXJjZS5cbiAgICAgKi9cbiAgICBzb3VyY2U6IHdlYmFwcERlcGxveS5JU291cmNlLFxuICAgIHByb3BzPzoge1xuICAgICAgLyoqXG4gICAgICAgKiBJbmNsdWRlIHNvdXJjZSBtYXBzIGluIHRoZSBkZXBsb3ltZW50LlxuICAgICAgICpcbiAgICAgICAqIEBkZWZhdWx0IGZhbHNlXG4gICAgICAgKi9cbiAgICAgIGRlcGxveVNvdXJjZU1hcHM/OiBib29sZWFuXG4gICAgfSxcbiAgKTogdm9pZCB7XG4gICAgY29uc3QgZGVwbG95U291cmNlTWFwcyA9IHByb3BzPy5kZXBsb3lTb3VyY2VNYXBzID8/IGZhbHNlXG5cbiAgICBuZXcgd2ViYXBwRGVwbG95LldlYmFwcERlcGxveSh0aGlzLCBcIkRlcGxveVwiLCB7XG4gICAgICBzb3VyY2U6IHNvdXJjZSxcbiAgICAgIHdlYkJ1Y2tldDogdGhpcy53ZWJhcHBCdWNrZXQsXG4gICAgICBkaXN0cmlidXRpb246IHRoaXMuZGlzdHJpYnV0aW9uLFxuICAgICAgZXhjbHVkZVBhdHRlcm46IGRlcGxveVNvdXJjZU1hcHMgPyB1bmRlZmluZWQgOiBcIlxcXFwubWFwJFwiLFxuICAgIH0pXG4gIH1cbn1cbiJdfQ==

package/lib/webapp-deploy-via-role.d.ts

@@ -0,0 +1,25 @@
+import * as constructs from "constructs";
+import { WebappDeployProps } from "@capraconsulting/webapp-deploy-lambda";
+interface Props {
+    /**
+     * Reference to the IAM Role that will be granted permission to
+     * assume the CI role. This role must have permission to assume
+     * the CI role.
+     */
+    externalRoleArn: string;
+    /**
+     * The name of the role that will be created.
+     */
+    roleName: string;
+    webappDeploy: WebappDeployProps;
+}
+/**
+ * Provide the construct described at
+ * https://github.com/capraconsulting/webapp-deploy-lambda
+ * in combination with a separate role to be used to
+ * trigger the process.
+ */
+export declare class WebappDeployViaRole extends constructs.Construct {
+    constructor(scope: constructs.Construct, id: string, props: Props);
+}
+export {};

package/lib/webapp-deploy-via-role.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebappDeployViaRole = void 0;
+const constructs = require("constructs");
+const iam = require("aws-cdk-lib/aws-iam");
+const cdk = require("aws-cdk-lib");
+const webapp_deploy_lambda_1 = require("@capraconsulting/webapp-deploy-lambda");
+/**
+ * Provide the construct described at
+ * https://github.com/capraconsulting/webapp-deploy-lambda
+ * in combination with a separate role to be used to
+ * trigger the process.
+ */
+class WebappDeployViaRole extends constructs.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const roleToBeAssumedForDeploy = new iam.Role(this, "Role", {
+            assumedBy: new iam.ArnPrincipal(props.externalRoleArn),
+            roleName: props.roleName,
+        });
+        const webappDeploy = new webapp_deploy_lambda_1.WebappDeploy(this, "Resource", props.webappDeploy);
+        webappDeploy.deployFn.grantInvoke(roleToBeAssumedForDeploy);
+        new cdk.CfnOutput(this, "FunctionArnOutput", {
+            value: webappDeploy.deployFn.functionArn,
+        });
+        new cdk.CfnOutput(this, "RoleArnOutput", {
+            value: roleToBeAssumedForDeploy.roleArn,
+        });
+    }
+}
+exports.WebappDeployViaRole = WebappDeployViaRole;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoid2ViYXBwLWRlcGxveS12aWEtcm9sZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy93ZWJhcHAtZGVwbG95LXZpYS1yb2xlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHlDQUF3QztBQUN4QywyQ0FBMEM7QUFDMUMsbUNBQWtDO0FBQ2xDLGdGQUc4QztBQWdCOUM7Ozs7O0dBS0c7QUFDSCxNQUFhLG1CQUFvQixTQUFRLFVBQVUsQ0FBQyxTQUFTO0lBQzNELFlBQVksS0FBMkIsRUFBRSxFQUFVLEVBQUUsS0FBWTtRQUMvRCxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFBO1FBRWhCLE1BQU0sd0JBQXdCLEdBQUcsSUFBSSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxNQUFNLEVBQUU7WUFDMUQsU0FBUyxFQUFFLElBQUksR0FBRyxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDO1lBQ3RELFFBQVEsRUFBRSxLQUFLLENBQUMsUUFBUTtTQUN6QixDQUFDLENBQUE7UUFFRixNQUFNLFlBQVksR0FBRyxJQUFJLG1DQUFZLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUE7UUFFM0UsWUFBWSxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUMsd0JBQXdCLENBQUMsQ0FBQTtRQUUzRCxJQUFJLEdBQUcsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLG1CQUFtQixFQUFFO1lBQzNDLEtBQUssRUFBRSxZQUFZLENBQUMsUUFBUSxDQUFDLFdBQVc7U0FDekMsQ0FBQyxDQUFBO1FBQ0YsSUFBSSxHQUFHLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxlQUFlLEVBQUU7WUFDdkMsS0FBSyxFQUFFLHdCQUF3QixDQUFDLE9BQU87U0FDeEMsQ0FBQyxDQUFBO0lBQ0osQ0FBQztDQUNGO0FBcEJELGtEQW9CQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSBcImNvbnN0cnVjdHNcIlxuaW1wb3J0ICogYXMgaWFtIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCJcbmltcG9ydCAqIGFzIGNkayBmcm9tIFwiYXdzLWNkay1saWJcIlxuaW1wb3J0IHtcbiAgV2ViYXBwRGVwbG95LFxuICBXZWJhcHBEZXBsb3lQcm9wcyxcbn0gZnJvbSBcIkBjYXByYWNvbnN1bHRpbmcvd2ViYXBwLWRlcGxveS1sYW1iZGFcIlxuXG5pbnRlcmZhY2UgUHJvcHMge1xuICAvKipcbiAgICogUmVmZXJlbmNlIHRvIHRoZSBJQU0gUm9sZSB0aGF0IHdpbGwgYmUgZ3JhbnRlZCBwZXJtaXNzaW9uIHRvXG4gICAqIGFzc3VtZSB0aGUgQ0kgcm9sZS4gVGhpcyByb2xlIG11c3QgaGF2ZSBwZXJtaXNzaW9uIHRvIGFzc3VtZVxuICAgKiB0aGUgQ0kgcm9sZS5cbiAgICovXG4gIGV4dGVybmFsUm9sZUFybjogc3RyaW5nXG4gIC8qKlxuICAgKiBUaGUgbmFtZSBvZiB0aGUgcm9sZSB0aGF0IHdpbGwgYmUgY3JlYXRlZC5cbiAgICovXG4gIHJvbGVOYW1lOiBzdHJpbmdcbiAgd2ViYXBwRGVwbG95OiBXZWJhcHBEZXBsb3lQcm9wc1xufVxuXG4vKipcbiAqIFByb3ZpZGUgdGhlIGNvbnN0cnVjdCBkZXNjcmliZWQgYXRcbiAqIGh0dHBzOi8vZ2l0aHViLmNvbS9jYXByYWNvbnN1bHRpbmcvd2ViYXBwLWRlcGxveS1sYW1iZGFcbiAqIGluIGNvbWJpbmF0aW9uIHdpdGggYSBzZXBhcmF0ZSByb2xlIHRvIGJlIHVzZWQgdG9cbiAqIHRyaWdnZXIgdGhlIHByb2Nlc3MuXG4gKi9cbmV4cG9ydCBjbGFzcyBXZWJhcHBEZXBsb3lWaWFSb2xlIGV4dGVuZHMgY29uc3RydWN0cy5Db25zdHJ1Y3Qge1xuICBjb25zdHJ1Y3RvcihzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZClcblxuICAgIGNvbnN0IHJvbGVUb0JlQXNzdW1lZEZvckRlcGxveSA9IG5ldyBpYW0uUm9sZSh0aGlzLCBcIlJvbGVcIiwge1xuICAgICAgYXNzdW1lZEJ5OiBuZXcgaWFtLkFyblByaW5jaXBhbChwcm9wcy5leHRlcm5hbFJvbGVBcm4pLFxuICAgICAgcm9sZU5hbWU6IHByb3BzLnJvbGVOYW1lLFxuICAgIH0pXG5cbiAgICBjb25zdCB3ZWJhcHBEZXBsb3kgPSBuZXcgV2ViYXBwRGVwbG95KHRoaXMsIFwiUmVzb3VyY2VcIiwgcHJvcHMud2ViYXBwRGVwbG95KVxuXG4gICAgd2ViYXBwRGVwbG95LmRlcGxveUZuLmdyYW50SW52b2tlKHJvbGVUb0JlQXNzdW1lZEZvckRlcGxveSlcblxuICAgIG5ldyBjZGsuQ2ZuT3V0cHV0KHRoaXMsIFwiRnVuY3Rpb25Bcm5PdXRwdXRcIiwge1xuICAgICAgdmFsdWU6IHdlYmFwcERlcGxveS5kZXBsb3lGbi5mdW5jdGlvbkFybixcbiAgICB9KVxuICAgIG5ldyBjZGsuQ2ZuT3V0cHV0KHRoaXMsIFwiUm9sZUFybk91dHB1dFwiLCB7XG4gICAgICB2YWx1ZTogcm9sZVRvQmVBc3N1bWVkRm9yRGVwbG95LnJvbGVBcm4sXG4gICAgfSlcbiAgfVxufVxuIl19

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@liflig/cdk",
-  "version": "2.18.5",
+  "version": "2.18.7",
   "description": "CDK library for Liflig",
   "repository": {
     "type": "git",
@@ -35,7 +35,8 @@
   },
   "overrides": {
     "semantic-release": {
-      "@semantic-release/npm": "11.0.1"
+      "@semantic-release/npm": "10.0.6",
+      "@semantic-release/github": "9.2.5"
     }
   },
   "devDependencies": {
@@ -57,7 +58,7 @@
     "jest": "29.7.0",
     "jest-cdk-snapshot": "2.0.1",
     "prettier": "3.1.1",
-    "semantic-release": "22.0.8",
+    "semantic-release": "22.0.12",
     "ts-jest": "29.1.1",
     "ts-node": "10.9.2",
     "typescript": "5.3.3"