@ndlib/ndlib-cdk2 1.0.30 → 1.0.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -15,6 +15,7 @@ export interface ServiceStackProps extends StackProps {
|
|
|
15
15
|
readonly amiId: string;
|
|
16
16
|
readonly availabilityZones: string[];
|
|
17
17
|
readonly backup?: string;
|
|
18
|
+
readonly backupAccountId?: string;
|
|
18
19
|
readonly instanceClass: InstanceClass;
|
|
19
20
|
readonly instanceSize: InstanceSize;
|
|
20
21
|
readonly instanceName: string;
|
|
@@ -5,10 +5,11 @@ const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
|
5
5
|
const aws_cdk_lib_2 = require("aws-cdk-lib");
|
|
6
6
|
const ssm = require("aws-cdk-lib/aws-ssm");
|
|
7
7
|
const aws_kms_1 = require("aws-cdk-lib/aws-kms");
|
|
8
|
+
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
8
9
|
const aws_route53_1 = require("aws-cdk-lib/aws-route53");
|
|
9
10
|
class EC2withDatabase extends aws_cdk_lib_1.Stack {
|
|
10
11
|
constructor(scope, id, props) {
|
|
11
|
-
var _a, _b, _c;
|
|
12
|
+
var _a, _b, _c, _d;
|
|
12
13
|
super(scope, id, props);
|
|
13
14
|
/*
|
|
14
15
|
* Security Group setup and usage are optional parameters
|
|
@@ -18,8 +19,9 @@ class EC2withDatabase extends aws_cdk_lib_1.Stack {
|
|
|
18
19
|
props = {
|
|
19
20
|
...props,
|
|
20
21
|
backup: (_a = props.backup) !== null && _a !== void 0 ? _a : 'False',
|
|
21
|
-
|
|
22
|
-
|
|
22
|
+
backupAccountId: (_b = props.backupAccountId) !== null && _b !== void 0 ? _b : '140023380087',
|
|
23
|
+
SGDBAccessRules: (_c = props.SGDBAccessRules) !== null && _c !== void 0 ? _c : [],
|
|
24
|
+
SGIngressRules: (_d = props.SGIngressRules) !== null && _d !== void 0 ? _d : [],
|
|
23
25
|
};
|
|
24
26
|
// Determine the VPC from the availability zone and subnet passed in. These are expected to align within the VPC
|
|
25
27
|
const vpc = aws_cdk_lib_1.aws_ec2.Vpc.fromVpcAttributes(this, 'Vpc', {
|
|
@@ -53,6 +55,45 @@ class EC2withDatabase extends aws_cdk_lib_1.Stack {
|
|
|
53
55
|
enableKeyRotation: true,
|
|
54
56
|
alias: props.instanceName,
|
|
55
57
|
});
|
|
58
|
+
const backupAccountId = props.backupAccountId; // Our backup account ID
|
|
59
|
+
const currentAccountId = this.account; // Current account ID
|
|
60
|
+
const policyStatement = new aws_iam_1.PolicyStatement({
|
|
61
|
+
actions: [
|
|
62
|
+
'kms:CreateGrant',
|
|
63
|
+
'kms:ListGrants',
|
|
64
|
+
'kms:RevokeGrant',
|
|
65
|
+
'kms:Encrypt',
|
|
66
|
+
'kms:Decrypt',
|
|
67
|
+
'kms:ReEncrypt*',
|
|
68
|
+
'kms:GenerateDataKey',
|
|
69
|
+
'kms:GenerateDataKeyPair',
|
|
70
|
+
'kms:DescribeKey',
|
|
71
|
+
'kms:GenerateDataKeyWithoutPlaintext',
|
|
72
|
+
'kms:GenerateDataKeyPairWithoutPlaintext',
|
|
73
|
+
],
|
|
74
|
+
principals: [
|
|
75
|
+
new aws_iam_1.AccountPrincipal(backupAccountId),
|
|
76
|
+
new aws_iam_1.AccountPrincipal(currentAccountId),
|
|
77
|
+
],
|
|
78
|
+
resources: ['*'],
|
|
79
|
+
});
|
|
80
|
+
backupKey.addToResourcePolicy(policyStatement);
|
|
81
|
+
// Allow attachment of persistent resources for cross-account backup
|
|
82
|
+
backupKey.addToResourcePolicy(new aws_iam_1.PolicyStatement({
|
|
83
|
+
sid: 'Allow attachment of persistent resources',
|
|
84
|
+
principals: [
|
|
85
|
+
new aws_iam_1.AccountPrincipal(`${backupAccountId}`),
|
|
86
|
+
new aws_iam_1.AccountPrincipal(`${currentAccountId}`),
|
|
87
|
+
],
|
|
88
|
+
actions: [
|
|
89
|
+
'kms:CreateGrant',
|
|
90
|
+
'kms:ListGrants',
|
|
91
|
+
'kms:RevokeGrant',
|
|
92
|
+
],
|
|
93
|
+
effect: aws_iam_1.Effect.ALLOW,
|
|
94
|
+
resources: ['*'],
|
|
95
|
+
conditions: { 'Bool': { 'kms:GrantIsForAWSResource': 'true' } },
|
|
96
|
+
}));
|
|
56
97
|
/*
|
|
57
98
|
* Add connections from the new security group to the RDS which will be used by this server using
|
|
58
99
|
* SGDBAccessRules passed in
|
|
@@ -37,7 +37,7 @@ class PostgresRDSConstruct extends constructs_1.Construct {
|
|
|
37
37
|
},
|
|
38
38
|
});
|
|
39
39
|
const parameterGroupDescription = `Parameter Group for ${props.dbClusterIdentifier}`;
|
|
40
|
-
|
|
40
|
+
const auroraParameters = {};
|
|
41
41
|
auroraParameters['timezone'] = 'US/Eastern';
|
|
42
42
|
auroraParameters['idle_session_timeout'] = '60000'; // 1 minute idle timeout for any given session
|
|
43
43
|
const libParameterGroup = new aws_rds_1.ParameterGroup(this, 'LibParameterGroup', {
|
|
@@ -87,6 +87,7 @@ class PostgresRDSConstruct extends constructs_1.Construct {
|
|
|
87
87
|
storageEncrypted: true,
|
|
88
88
|
parameterGroup: libParameterGroup,
|
|
89
89
|
vpc: vpc,
|
|
90
|
+
enableDataApi: true,
|
|
90
91
|
storageType: aws_rds_1.DBClusterStorageType.AURORA_IOPT1,
|
|
91
92
|
deletionProtection: true,
|
|
92
93
|
writer: aws_rds_1.ClusterInstance.serverlessV2('writer'),
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ndlib/ndlib-cdk2",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.31",
|
|
4
4
|
"description": "Reusable CDK2 modules used within Hesburgh Libraries of Notre Dame",
|
|
5
5
|
"main": "lib/index.js",
|
|
6
6
|
"types": "lib/index.d.ts",
|
|
@@ -41,20 +41,20 @@
|
|
|
41
41
|
},
|
|
42
42
|
"devDependencies": {
|
|
43
43
|
"@types/jest": "^29.5.14",
|
|
44
|
-
"@types/node": "^22.10.
|
|
45
|
-
"@typescript-eslint/eslint-plugin": "^8.
|
|
46
|
-
"@typescript-eslint/parser": "^8.
|
|
44
|
+
"@types/node": "^22.10.2",
|
|
45
|
+
"@typescript-eslint/eslint-plugin": "^8.18.1",
|
|
46
|
+
"@typescript-eslint/parser": "^8.18.1",
|
|
47
47
|
"aws-sdk-client-mock": "^4.1.0",
|
|
48
|
-
"eslint": "^9.
|
|
48
|
+
"eslint": "^9.17.0",
|
|
49
49
|
"eslint-plugin-import": "^2.31.0",
|
|
50
50
|
"eslint-plugin-jest": "^28.9.0",
|
|
51
|
-
"eslint-plugin-n": "^17.
|
|
51
|
+
"eslint-plugin-n": "^17.15.0",
|
|
52
52
|
"eslint-plugin-node": "^11.1.0",
|
|
53
53
|
"eslint-plugin-promise": "^7.2.1",
|
|
54
54
|
"github-changes": "^2.0.3",
|
|
55
55
|
"jest": "^29.7.0",
|
|
56
56
|
"jest-mock": "^29.7.0",
|
|
57
|
-
"prettier": "^3.4.
|
|
57
|
+
"prettier": "^3.4.2",
|
|
58
58
|
"subpackage": "^1.1.0",
|
|
59
59
|
"ts-jest": "^29.2.5",
|
|
60
60
|
"tsc-watch": "^6.2.1",
|
|
@@ -64,7 +64,7 @@
|
|
|
64
64
|
"lib/**/*"
|
|
65
65
|
],
|
|
66
66
|
"dependencies": {
|
|
67
|
-
"aws-cdk-lib": "^2.
|
|
67
|
+
"aws-cdk-lib": "^2.173.2",
|
|
68
68
|
"constructs": "^10.4.2",
|
|
69
69
|
"node-fetch": "^3.3.2"
|
|
70
70
|
},
|