@pwrdrvr/microapps-cdk 0.2.4 → 0.2.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +308 -239
- package/API.md +138 -3
- package/README.md +282 -135
- package/lib/MicroApps.d.ts +69 -46
- package/lib/MicroApps.js +26 -13
- package/lib/MicroAppsAPIGwy.d.ts +34 -30
- package/lib/MicroAppsAPIGwy.js +10 -10
- package/lib/MicroAppsCF.d.ts +74 -54
- package/lib/MicroAppsCF.js +11 -11
- package/lib/MicroAppsS3.d.ts +43 -39
- package/lib/MicroAppsS3.js +16 -16
- package/lib/MicroAppsSvcs.d.ts +113 -35
- package/lib/MicroAppsSvcs.js +28 -18
- package/lib/microapps-deployer/index.js.map +2 -2
- package/lib/microapps-router/index.js.map +2 -2
- package/package.json +2 -2
package/lib/MicroAppsS3.d.ts
CHANGED
|
@@ -4,89 +4,93 @@ import * as cforigins from 'aws-cdk-lib/aws-cloudfront-origins';
|
|
|
4
4
|
import * as s3 from 'aws-cdk-lib/aws-s3';
|
|
5
5
|
import { Construct } from 'constructs';
|
|
6
6
|
/**
|
|
7
|
-
*
|
|
7
|
+
* (experimental) Represents a MicroApps S3.
|
|
8
|
+
*
|
|
9
|
+
* @experimental
|
|
8
10
|
*/
|
|
9
11
|
export interface IMicroAppsS3 {
|
|
10
12
|
/**
|
|
11
|
-
* S3 bucket for deployed applications.
|
|
13
|
+
* (experimental) S3 bucket for deployed applications.
|
|
12
14
|
*
|
|
13
|
-
* @
|
|
15
|
+
* @experimental
|
|
14
16
|
*/
|
|
15
17
|
readonly bucketApps: s3.IBucket;
|
|
16
18
|
/**
|
|
17
|
-
* CloudFront Origin Access Identity for the deployed applications bucket.
|
|
19
|
+
* (experimental) CloudFront Origin Access Identity for the deployed applications bucket.
|
|
18
20
|
*
|
|
19
|
-
* @
|
|
21
|
+
* @experimental
|
|
20
22
|
*/
|
|
21
23
|
readonly bucketAppsOAI: cf.OriginAccessIdentity;
|
|
22
24
|
/**
|
|
23
|
-
* CloudFront Origin for the deployed applications bucket.
|
|
25
|
+
* (experimental) CloudFront Origin for the deployed applications bucket.
|
|
24
26
|
*
|
|
25
|
-
* @
|
|
27
|
+
* @experimental
|
|
26
28
|
*/
|
|
27
29
|
readonly bucketAppsOrigin: cforigins.S3Origin;
|
|
28
30
|
/**
|
|
29
|
-
* S3 bucket for staged applications (prior to deploy).
|
|
31
|
+
* (experimental) S3 bucket for staged applications (prior to deploy).
|
|
30
32
|
*
|
|
31
|
-
* @
|
|
33
|
+
* @experimental
|
|
32
34
|
*/
|
|
33
35
|
readonly bucketAppsStaging: s3.IBucket;
|
|
34
36
|
/**
|
|
35
|
-
* S3 bucket for CloudFront logs.
|
|
37
|
+
* (experimental) S3 bucket for CloudFront logs.
|
|
36
38
|
*
|
|
37
|
-
* @
|
|
39
|
+
* @experimental
|
|
38
40
|
*/
|
|
39
41
|
readonly bucketLogs: s3.IBucket;
|
|
40
42
|
}
|
|
41
43
|
/**
|
|
42
|
-
*
|
|
44
|
+
* (experimental) Properties to initialize an instance of `MicroAppsS3`.
|
|
45
|
+
*
|
|
46
|
+
* @experimental
|
|
43
47
|
*/
|
|
44
48
|
export interface MicroAppsS3Props {
|
|
45
49
|
/**
|
|
46
|
-
* RemovalPolicy override for child resources.
|
|
50
|
+
* (experimental) RemovalPolicy override for child resources.
|
|
47
51
|
*
|
|
48
|
-
* Note: if set to DESTROY the S3
|
|
52
|
+
* Note: if set to DESTROY the S3 buckets will have `autoDeleteObjects` set to `true`
|
|
49
53
|
*
|
|
50
54
|
* @default - per resource default
|
|
51
|
-
* @
|
|
55
|
+
* @experimental
|
|
52
56
|
*/
|
|
53
57
|
readonly removalPolicy?: RemovalPolicy;
|
|
54
58
|
/**
|
|
55
|
-
* S3 deployed apps bucket name.
|
|
59
|
+
* (experimental) S3 deployed apps bucket name.
|
|
56
60
|
*
|
|
57
61
|
* @default auto-assigned
|
|
58
|
-
* @
|
|
62
|
+
* @experimental
|
|
59
63
|
*/
|
|
60
64
|
readonly bucketAppsName?: string;
|
|
61
65
|
/**
|
|
62
|
-
* S3 staging apps bucket name.
|
|
66
|
+
* (experimental) S3 staging apps bucket name.
|
|
63
67
|
*
|
|
64
68
|
* @default auto-assigned
|
|
65
|
-
* @
|
|
69
|
+
* @experimental
|
|
66
70
|
*/
|
|
67
71
|
readonly bucketAppsStagingName?: string;
|
|
68
72
|
/**
|
|
69
|
-
* S3 logs bucket name.
|
|
73
|
+
* (experimental) S3 logs bucket name.
|
|
70
74
|
*
|
|
71
75
|
* @default auto-assigned
|
|
72
|
-
* @
|
|
76
|
+
* @experimental
|
|
73
77
|
*/
|
|
74
78
|
readonly bucketLogsName?: string;
|
|
75
79
|
/**
|
|
76
|
-
* Optional asset name root.
|
|
80
|
+
* (experimental) Optional asset name root.
|
|
77
81
|
*
|
|
78
82
|
* @default - resource names auto assigned
|
|
79
|
-
* @
|
|
83
|
+
* @experimental
|
|
80
84
|
* @example
|
|
81
85
|
*
|
|
82
86
|
* microapps
|
|
83
87
|
*/
|
|
84
88
|
readonly assetNameRoot?: string;
|
|
85
89
|
/**
|
|
86
|
-
* Optional asset name suffix.
|
|
90
|
+
* (experimental) Optional asset name suffix.
|
|
87
91
|
*
|
|
88
92
|
* @default none
|
|
89
|
-
* @
|
|
93
|
+
* @experimental
|
|
90
94
|
* @example
|
|
91
95
|
*
|
|
92
96
|
* -dev-pr-12
|
|
@@ -94,48 +98,48 @@ export interface MicroAppsS3Props {
|
|
|
94
98
|
readonly assetNameSuffix?: string;
|
|
95
99
|
}
|
|
96
100
|
/**
|
|
97
|
-
*
|
|
101
|
+
* (experimental) Create a new MicroApps S3 Bucket.
|
|
102
|
+
*
|
|
103
|
+
* @experimental
|
|
98
104
|
*/
|
|
99
105
|
export declare class MicroAppsS3 extends Construct implements IMicroAppsS3 {
|
|
100
106
|
private _bucketApps;
|
|
101
107
|
/**
|
|
102
|
-
* S3 bucket for deployed applications.
|
|
108
|
+
* (experimental) S3 bucket for deployed applications.
|
|
103
109
|
*
|
|
104
|
-
* @
|
|
110
|
+
* @experimental
|
|
105
111
|
*/
|
|
106
112
|
get bucketApps(): s3.IBucket;
|
|
107
113
|
private _bucketAppsOAI;
|
|
108
114
|
/**
|
|
109
|
-
* CloudFront Origin Access Identity for the deployed applications bucket.
|
|
115
|
+
* (experimental) CloudFront Origin Access Identity for the deployed applications bucket.
|
|
110
116
|
*
|
|
111
|
-
* @
|
|
117
|
+
* @experimental
|
|
112
118
|
*/
|
|
113
119
|
get bucketAppsOAI(): cf.OriginAccessIdentity;
|
|
114
120
|
private _bucketAppsOrigin;
|
|
115
121
|
/**
|
|
116
|
-
* CloudFront Origin for the deployed applications bucket.
|
|
122
|
+
* (experimental) CloudFront Origin for the deployed applications bucket.
|
|
117
123
|
*
|
|
118
|
-
* @
|
|
124
|
+
* @experimental
|
|
119
125
|
*/
|
|
120
126
|
get bucketAppsOrigin(): cforigins.S3Origin;
|
|
121
127
|
private _bucketAppsStaging;
|
|
122
128
|
/**
|
|
123
|
-
* S3 bucket for staged applications (prior to deploy).
|
|
129
|
+
* (experimental) S3 bucket for staged applications (prior to deploy).
|
|
124
130
|
*
|
|
125
|
-
* @
|
|
131
|
+
* @experimental
|
|
126
132
|
*/
|
|
127
133
|
get bucketAppsStaging(): s3.IBucket;
|
|
128
134
|
private _bucketLogs;
|
|
129
135
|
/**
|
|
130
|
-
* S3 bucket for CloudFront logs.
|
|
136
|
+
* (experimental) S3 bucket for CloudFront logs.
|
|
131
137
|
*
|
|
132
|
-
* @
|
|
138
|
+
* @experimental
|
|
133
139
|
*/
|
|
134
140
|
get bucketLogs(): s3.IBucket;
|
|
135
141
|
/**
|
|
136
|
-
*
|
|
137
|
-
*
|
|
138
|
-
* @stability stable
|
|
142
|
+
* @experimental
|
|
139
143
|
*/
|
|
140
144
|
constructor(scope: Construct, id: string, props?: MicroAppsS3Props);
|
|
141
145
|
}
|
package/lib/MicroAppsS3.js
CHANGED
|
@@ -9,13 +9,13 @@ const cforigins = require("aws-cdk-lib/aws-cloudfront-origins");
|
|
|
9
9
|
const s3 = require("aws-cdk-lib/aws-s3");
|
|
10
10
|
const constructs_1 = require("constructs");
|
|
11
11
|
/**
|
|
12
|
-
*
|
|
12
|
+
* (experimental) Create a new MicroApps S3 Bucket.
|
|
13
|
+
*
|
|
14
|
+
* @experimental
|
|
13
15
|
*/
|
|
14
16
|
class MicroAppsS3 extends constructs_1.Construct {
|
|
15
17
|
/**
|
|
16
|
-
*
|
|
17
|
-
*
|
|
18
|
-
* @stability stable
|
|
18
|
+
* @experimental
|
|
19
19
|
*/
|
|
20
20
|
constructor(scope, id, props) {
|
|
21
21
|
super(scope, id);
|
|
@@ -59,41 +59,41 @@ class MicroAppsS3 extends constructs_1.Construct {
|
|
|
59
59
|
});
|
|
60
60
|
}
|
|
61
61
|
/**
|
|
62
|
-
* S3 bucket for deployed applications.
|
|
62
|
+
* (experimental) S3 bucket for deployed applications.
|
|
63
63
|
*
|
|
64
|
-
* @
|
|
64
|
+
* @experimental
|
|
65
65
|
*/
|
|
66
66
|
get bucketApps() {
|
|
67
67
|
return this._bucketApps;
|
|
68
68
|
}
|
|
69
69
|
/**
|
|
70
|
-
* CloudFront Origin Access Identity for the deployed applications bucket.
|
|
70
|
+
* (experimental) CloudFront Origin Access Identity for the deployed applications bucket.
|
|
71
71
|
*
|
|
72
|
-
* @
|
|
72
|
+
* @experimental
|
|
73
73
|
*/
|
|
74
74
|
get bucketAppsOAI() {
|
|
75
75
|
return this._bucketAppsOAI;
|
|
76
76
|
}
|
|
77
77
|
/**
|
|
78
|
-
* CloudFront Origin for the deployed applications bucket.
|
|
78
|
+
* (experimental) CloudFront Origin for the deployed applications bucket.
|
|
79
79
|
*
|
|
80
|
-
* @
|
|
80
|
+
* @experimental
|
|
81
81
|
*/
|
|
82
82
|
get bucketAppsOrigin() {
|
|
83
83
|
return this._bucketAppsOrigin;
|
|
84
84
|
}
|
|
85
85
|
/**
|
|
86
|
-
* S3 bucket for staged applications (prior to deploy).
|
|
86
|
+
* (experimental) S3 bucket for staged applications (prior to deploy).
|
|
87
87
|
*
|
|
88
|
-
* @
|
|
88
|
+
* @experimental
|
|
89
89
|
*/
|
|
90
90
|
get bucketAppsStaging() {
|
|
91
91
|
return this._bucketAppsStaging;
|
|
92
92
|
}
|
|
93
93
|
/**
|
|
94
|
-
* S3 bucket for CloudFront logs.
|
|
94
|
+
* (experimental) S3 bucket for CloudFront logs.
|
|
95
95
|
*
|
|
96
|
-
* @
|
|
96
|
+
* @experimental
|
|
97
97
|
*/
|
|
98
98
|
get bucketLogs() {
|
|
99
99
|
return this._bucketLogs;
|
|
@@ -101,5 +101,5 @@ class MicroAppsS3 extends constructs_1.Construct {
|
|
|
101
101
|
}
|
|
102
102
|
exports.MicroAppsS3 = MicroAppsS3;
|
|
103
103
|
_a = JSII_RTTI_SYMBOL_1;
|
|
104
|
-
MicroAppsS3[_a] = { fqn: "@pwrdrvr/microapps-cdk.MicroAppsS3", version: "0.2.
|
|
105
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
104
|
+
MicroAppsS3[_a] = { fqn: "@pwrdrvr/microapps-cdk.MicroAppsS3", version: "0.2.8" };
|
|
105
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTWljcm9BcHBzUzMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvTWljcm9BcHBzUzMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw2Q0FBNEM7QUFDNUMsaURBQWlEO0FBQ2pELGdFQUFnRTtBQUNoRSx5Q0FBeUM7QUFDekMsMkNBQXVDOzs7Ozs7QUEwQ3ZDLE1BQWEsV0FBWSxTQUFRLHNCQUFTOzs7O0lBMEJ4QyxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQXdCO1FBQ2hFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsSUFBSSxLQUFLLEtBQUssU0FBUyxFQUFFO1lBQ3ZCLE1BQU0sSUFBSSxLQUFLLENBQUMsbUJBQW1CLENBQUMsQ0FBQztTQUN0QztRQUVELE1BQU0sRUFBRSxhQUFhLEVBQUUsYUFBYSxFQUFFLGVBQWUsRUFBRSxHQUFHLEtBQUssQ0FBQztRQUVoRSx3REFBd0Q7UUFDeEQsTUFBTSxpQkFBaUIsR0FBRyxhQUFhLEtBQUssMkJBQWEsQ0FBQyxPQUFPLENBQUM7UUFFbEUsRUFBRTtRQUNGLGdEQUFnRDtRQUNoRCxFQUFFO1FBQ0YsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLE1BQU0sRUFBRTtZQUM3QyxVQUFVLEVBQUUsS0FBSyxDQUFDLGNBQWM7WUFDaEMsaUJBQWlCLEVBQUUsaUJBQWlCO1lBQ3BDLGFBQWE7U0FDZCxDQUFDLENBQUM7UUFFSCxFQUFFO1FBQ0Ysc0JBQXNCO1FBQ3RCLEVBQUU7UUFDRixJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsTUFBTSxFQUFFO1lBQzdDLFVBQVUsRUFBRSxLQUFLLENBQUMsY0FBYztZQUNoQyxpQkFBaUIsRUFBRSxpQkFBaUI7WUFDcEMsYUFBYTtTQUNkLENBQUMsQ0FBQztRQUNILElBQUksQ0FBQyxrQkFBa0IsR0FBRyxJQUFJLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLFNBQVMsRUFBRTtZQUN2RCxVQUFVLEVBQUUsS0FBSyxDQUFDLHFCQUFxQjtZQUN2QyxpQkFBaUIsRUFBRSxpQkFBaUI7WUFDcEMsYUFBYTtTQUNkLENBQUMsQ0FBQztRQUVILDRCQUE0QjtRQUM1QixJQUFJLENBQUMsY0FBYyxHQUFHLElBQUksRUFBRSxDQUFDLG9CQUFvQixDQUFDLElBQUksRUFBRSxLQUFLLEVBQUU7WUFDN0QsT0FBTyxFQUFFLGFBQWEsS0FBSyxTQUFTLENBQUMsQ0FBQyxDQUFDLEdBQUcsYUFBYSxHQUFHLGVBQWUsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTO1NBQ3hGLENBQUMsQ0FBQztRQUNILElBQUksYUFBYSxLQUFLLFNBQVMsRUFBRTtZQUMvQixJQUFJLENBQUMsY0FBYyxDQUFDLGtCQUFrQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1NBQ3ZEO1FBRUQsNEJBQTRCO1FBQzVCLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLFNBQVMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRTtZQUNoRSxvQkFBb0IsRUFBRSxJQUFJLENBQUMsYUFBYTtTQUN6QyxDQUFDLENBQUM7SUFDTCxDQUFDOzs7Ozs7SUF2RUQsSUFBVyxVQUFVO1FBQ25CLE9BQU8sSUFBSSxDQUFDLFdBQVcsQ0FBQztJQUMxQixDQUFDOzs7Ozs7SUFHRCxJQUFXLGFBQWE7UUFDdEIsT0FBTyxJQUFJLENBQUMsY0FBYyxDQUFDO0lBQzdCLENBQUM7Ozs7OztJQUdELElBQVcsZ0JBQWdCO1FBQ3pCLE9BQU8sSUFBSSxDQUFDLGlCQUFpQixDQUFDO0lBQ2hDLENBQUM7Ozs7OztJQUdELElBQVcsaUJBQWlCO1FBQzFCLE9BQU8sSUFBSSxDQUFDLGtCQUFrQixDQUFDO0lBQ2pDLENBQUM7Ozs7OztJQUdELElBQVcsVUFBVTtRQUNuQixPQUFPLElBQUksQ0FBQyxXQUFXLENBQUM7SUFDMUIsQ0FBQzs7QUF4Qkgsa0NBMEVDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgUmVtb3ZhbFBvbGljeSB9IGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCAqIGFzIGNmIGZyb20gJ2F3cy1jZGstbGliL2F3cy1jbG91ZGZyb250JztcbmltcG9ydCAqIGFzIGNmb3JpZ2lucyBmcm9tICdhd3MtY2RrLWxpYi9hd3MtY2xvdWRmcm9udC1vcmlnaW5zJztcbmltcG9ydCAqIGFzIHMzIGZyb20gJ2F3cy1jZGstbGliL2F3cy1zMyc7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcblxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG5leHBvcnQgaW50ZXJmYWNlIElNaWNyb0FwcHNTMyB7XG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gIHJlYWRvbmx5IGJ1Y2tldEFwcHM6IHMzLklCdWNrZXQ7XG5cbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFxuICByZWFkb25seSBidWNrZXRBcHBzT0FJOiBjZi5PcmlnaW5BY2Nlc3NJZGVudGl0eTtcblxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcbiAgcmVhZG9ubHkgYnVja2V0QXBwc09yaWdpbjogY2ZvcmlnaW5zLlMzT3JpZ2luO1xuXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFxuICByZWFkb25seSBidWNrZXRBcHBzU3RhZ2luZzogczMuSUJ1Y2tldDtcblxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFxuICByZWFkb25seSBidWNrZXRMb2dzOiBzMy5JQnVja2V0O1xufVxuXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFxuZXhwb3J0IGludGVyZmFjZSBNaWNyb0FwcHNTM1Byb3BzIHtcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gIHJlYWRvbmx5IHJlbW92YWxQb2xpY3k/OiBSZW1vdmFsUG9saWN5O1xuXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcbiAgcmVhZG9ubHkgYnVja2V0QXBwc05hbWU/OiBzdHJpbmc7XG5cbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gIHJlYWRvbmx5IGJ1Y2tldEFwcHNTdGFnaW5nTmFtZT86IHN0cmluZztcblxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gIHJlYWRvbmx5IGJ1Y2tldExvZ3NOYW1lPzogc3RyaW5nO1xuXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gIHJlYWRvbmx5IGFzc2V0TmFtZVJvb3Q/OiBzdHJpbmc7XG5cbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gIHJlYWRvbmx5IGFzc2V0TmFtZVN1ZmZpeD86IHN0cmluZztcbn1cblxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcbmV4cG9ydCBjbGFzcyBNaWNyb0FwcHNTMyBleHRlbmRzIENvbnN0cnVjdCBpbXBsZW1lbnRzIElNaWNyb0FwcHNTMyB7XG4gIHByaXZhdGUgX2J1Y2tldEFwcHM6IHMzLklCdWNrZXQ7XG4gIHB1YmxpYyBnZXQgYnVja2V0QXBwcygpOiBzMy5JQnVja2V0IHtcbiAgICByZXR1cm4gdGhpcy5fYnVja2V0QXBwcztcbiAgfVxuXG4gIHByaXZhdGUgX2J1Y2tldEFwcHNPQUk6IGNmLk9yaWdpbkFjY2Vzc0lkZW50aXR5O1xuICBwdWJsaWMgZ2V0IGJ1Y2tldEFwcHNPQUkoKTogY2YuT3JpZ2luQWNjZXNzSWRlbnRpdHkge1xuICAgIHJldHVybiB0aGlzLl9idWNrZXRBcHBzT0FJO1xuICB9XG5cbiAgcHJpdmF0ZSBfYnVja2V0QXBwc09yaWdpbjogY2ZvcmlnaW5zLlMzT3JpZ2luO1xuICBwdWJsaWMgZ2V0IGJ1Y2tldEFwcHNPcmlnaW4oKTogY2ZvcmlnaW5zLlMzT3JpZ2luIHtcbiAgICByZXR1cm4gdGhpcy5fYnVja2V0QXBwc09yaWdpbjtcbiAgfVxuXG4gIHByaXZhdGUgX2J1Y2tldEFwcHNTdGFnaW5nOiBzMy5JQnVja2V0O1xuICBwdWJsaWMgZ2V0IGJ1Y2tldEFwcHNTdGFnaW5nKCk6IHMzLklCdWNrZXQge1xuICAgIHJldHVybiB0aGlzLl9idWNrZXRBcHBzU3RhZ2luZztcbiAgfVxuXG4gIHByaXZhdGUgX2J1Y2tldExvZ3M6IHMzLklCdWNrZXQ7XG4gIHB1YmxpYyBnZXQgYnVja2V0TG9ncygpOiBzMy5JQnVja2V0IHtcbiAgICByZXR1cm4gdGhpcy5fYnVja2V0TG9ncztcbiAgfVxuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzPzogTWljcm9BcHBzUzNQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBpZiAocHJvcHMgPT09IHVuZGVmaW5lZCkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdwcm9wcyBtdXN0IGJlIHNldCcpO1xuICAgIH1cblxuICAgIGNvbnN0IHsgcmVtb3ZhbFBvbGljeSwgYXNzZXROYW1lUm9vdCwgYXNzZXROYW1lU3VmZml4IH0gPSBwcm9wcztcblxuICAgIC8vIFVzZSBBdXRvLURlbGV0ZSBTM0J1Y2tldCBpZiByZW1vdmFsIHBvbGljeSBpcyBERVNUUk9ZXG4gICAgY29uc3QgczNBdXRvRGVsZXRlSXRlbXMgPSByZW1vdmFsUG9saWN5ID09PSBSZW1vdmFsUG9saWN5LkRFU1RST1k7XG5cbiAgICAvL1xuICAgIC8vIFMzIEJ1Y2tldCBmb3IgTG9nZ2luZyAtIFVzYWJsZSBieSBtYW55IHN0YWNrc1xuICAgIC8vXG4gICAgdGhpcy5fYnVja2V0TG9ncyA9IG5ldyBzMy5CdWNrZXQodGhpcywgJ2xvZ3MnLCB7XG4gICAgICBidWNrZXROYW1lOiBwcm9wcy5idWNrZXRMb2dzTmFtZSxcbiAgICAgIGF1dG9EZWxldGVPYmplY3RzOiBzM0F1dG9EZWxldGVJdGVtcyxcbiAgICAgIHJlbW92YWxQb2xpY3ksXG4gICAgfSk7XG5cbiAgICAvL1xuICAgIC8vIFMzIEJ1Y2tldHMgZm9yIEFwcHNcbiAgICAvL1xuICAgIHRoaXMuX2J1Y2tldEFwcHMgPSBuZXcgczMuQnVja2V0KHRoaXMsICdhcHBzJywge1xuICAgICAgYnVja2V0TmFtZTogcHJvcHMuYnVja2V0QXBwc05hbWUsXG4gICAgICBhdXRvRGVsZXRlT2JqZWN0czogczNBdXRvRGVsZXRlSXRlbXMsXG4gICAgICByZW1vdmFsUG9saWN5LFxuICAgIH0pO1xuICAgIHRoaXMuX2J1Y2tldEFwcHNTdGFnaW5nID0gbmV3IHMzLkJ1Y2tldCh0aGlzLCAnc3RhZ2luZycsIHtcbiAgICAgIGJ1Y2tldE5hbWU6IHByb3BzLmJ1Y2tldEFwcHNTdGFnaW5nTmFtZSxcbiAgICAgIGF1dG9EZWxldGVPYmplY3RzOiBzM0F1dG9EZWxldGVJdGVtcyxcbiAgICAgIHJlbW92YWxQb2xpY3ksXG4gICAgfSk7XG5cbiAgICAvLyBDcmVhdGUgUzMgT3JpZ2luIElkZW50aXR5XG4gICAgdGhpcy5fYnVja2V0QXBwc09BSSA9IG5ldyBjZi5PcmlnaW5BY2Nlc3NJZGVudGl0eSh0aGlzLCAnb2FpJywge1xuICAgICAgY29tbWVudDogYXNzZXROYW1lUm9vdCAhPT0gdW5kZWZpbmVkID8gYCR7YXNzZXROYW1lUm9vdH0ke2Fzc2V0TmFtZVN1ZmZpeH1gIDogdW5kZWZpbmVkLFxuICAgIH0pO1xuICAgIGlmIChyZW1vdmFsUG9saWN5ICE9PSB1bmRlZmluZWQpIHtcbiAgICAgIHRoaXMuX2J1Y2tldEFwcHNPQUkuYXBwbHlSZW1vdmFsUG9saWN5KHJlbW92YWxQb2xpY3kpO1xuICAgIH1cblxuICAgIC8vIEFkZCBPcmlnaW4gZm9yIENsb3VkRnJvbnRcbiAgICB0aGlzLl9idWNrZXRBcHBzT3JpZ2luID0gbmV3IGNmb3JpZ2lucy5TM09yaWdpbih0aGlzLl9idWNrZXRBcHBzLCB7XG4gICAgICBvcmlnaW5BY2Nlc3NJZGVudGl0eTogdGhpcy5idWNrZXRBcHBzT0FJLFxuICAgIH0pO1xuICB9XG59XG4iXX0=
|
package/lib/MicroAppsSvcs.d.ts
CHANGED
|
@@ -6,83 +6,146 @@ import * as lambda from 'aws-cdk-lib/aws-lambda';
|
|
|
6
6
|
import * as s3 from 'aws-cdk-lib/aws-s3';
|
|
7
7
|
import { Construct } from 'constructs';
|
|
8
8
|
/**
|
|
9
|
-
*
|
|
9
|
+
* (experimental) Properties to initialize an instance of `MicroAppsSvcs`.
|
|
10
|
+
*
|
|
11
|
+
* @experimental
|
|
10
12
|
*/
|
|
11
13
|
export interface MicroAppsSvcsProps {
|
|
12
14
|
/**
|
|
13
|
-
* RemovalPolicy override for child resources.
|
|
15
|
+
* (experimental) RemovalPolicy override for child resources.
|
|
14
16
|
*
|
|
15
17
|
* Note: if set to DESTROY the S3 buckes will have `autoDeleteObjects` set to `true`
|
|
16
18
|
*
|
|
17
19
|
* @default - per resource default
|
|
18
|
-
* @
|
|
20
|
+
* @experimental
|
|
19
21
|
*/
|
|
20
22
|
readonly removalPolicy?: RemovalPolicy;
|
|
21
23
|
/**
|
|
22
|
-
* S3 bucket for deployed applications.
|
|
24
|
+
* (experimental) S3 bucket for deployed applications.
|
|
23
25
|
*
|
|
24
|
-
* @
|
|
26
|
+
* @experimental
|
|
25
27
|
*/
|
|
26
28
|
readonly bucketApps: s3.IBucket;
|
|
27
29
|
/**
|
|
28
|
-
* CloudFront Origin Access Identity for the deployed applications bucket.
|
|
30
|
+
* (experimental) CloudFront Origin Access Identity for the deployed applications bucket.
|
|
29
31
|
*
|
|
30
|
-
* @
|
|
32
|
+
* @experimental
|
|
31
33
|
*/
|
|
32
34
|
readonly bucketAppsOAI: cf.OriginAccessIdentity;
|
|
33
35
|
/**
|
|
34
|
-
* S3 bucket for staged applications (prior to deploy).
|
|
36
|
+
* (experimental) S3 bucket for staged applications (prior to deploy).
|
|
35
37
|
*
|
|
36
|
-
* @
|
|
38
|
+
* @experimental
|
|
37
39
|
*/
|
|
38
40
|
readonly bucketAppsStaging: s3.IBucket;
|
|
39
41
|
/**
|
|
40
|
-
* API Gateway v2 HTTP for Router and app.
|
|
42
|
+
* (experimental) API Gateway v2 HTTP for Router and app.
|
|
41
43
|
*
|
|
42
|
-
* @
|
|
44
|
+
* @experimental
|
|
43
45
|
*/
|
|
44
46
|
readonly httpApi: apigwy.HttpApi;
|
|
45
47
|
/**
|
|
46
|
-
*
|
|
48
|
+
* (experimental) Application environment, passed as `NODE_ENV` to the Router and Deployer Lambda functions.
|
|
49
|
+
*
|
|
50
|
+
* @experimental
|
|
47
51
|
*/
|
|
48
52
|
readonly appEnv: string;
|
|
49
53
|
/**
|
|
50
|
-
* Optional asset name root.
|
|
54
|
+
* (experimental) Optional asset name root.
|
|
51
55
|
*
|
|
52
56
|
* @default - resource names auto assigned
|
|
53
|
-
* @
|
|
57
|
+
* @experimental
|
|
54
58
|
* @example
|
|
55
59
|
*
|
|
56
60
|
* microapps
|
|
57
61
|
*/
|
|
58
62
|
readonly assetNameRoot?: string;
|
|
59
63
|
/**
|
|
60
|
-
* Optional asset name suffix.
|
|
64
|
+
* (experimental) Optional asset name suffix.
|
|
61
65
|
*
|
|
62
66
|
* @default none
|
|
63
|
-
* @
|
|
67
|
+
* @experimental
|
|
64
68
|
* @example
|
|
65
69
|
*
|
|
66
70
|
* -dev-pr-12
|
|
67
71
|
*/
|
|
68
72
|
readonly assetNameSuffix?: string;
|
|
69
73
|
/**
|
|
70
|
-
*
|
|
74
|
+
* (experimental) Use a strict S3 Bucket Policy that prevents applications from reading/writing/modifying/deleting files in the S3 Bucket outside of the path that is specific to their app/version.
|
|
75
|
+
*
|
|
76
|
+
* This setting should be used when applications are less than
|
|
77
|
+
* fully trusted.
|
|
78
|
+
*
|
|
79
|
+
* @default false
|
|
80
|
+
* @experimental
|
|
71
81
|
*/
|
|
72
82
|
readonly s3StrictBucketPolicy?: boolean;
|
|
73
83
|
/**
|
|
74
|
-
*
|
|
84
|
+
* (experimental) Applies when using s3StrictBucketPolicy = true.
|
|
85
|
+
*
|
|
86
|
+
* IAM Role or IAM User names to exclude from the DENY rules on the S3 Bucket Policy.
|
|
87
|
+
*
|
|
88
|
+
* Roles that are Assumed must instead have their AROA added to `s3PolicyBypassAROAs`.
|
|
89
|
+
*
|
|
90
|
+
* Typically any admin roles / users that need to view or manage the S3 Bucket
|
|
91
|
+
* would be added to this list.
|
|
92
|
+
*
|
|
93
|
+
* @see s3PolicyBypassAROAs
|
|
94
|
+
* @experimental
|
|
95
|
+
* @example
|
|
96
|
+
*
|
|
97
|
+
* ['arn:aws:iam::1234567890123:role/AdminAccess', 'arn:aws:iam::1234567890123:user/MyAdminUser']
|
|
75
98
|
*/
|
|
76
|
-
readonly
|
|
99
|
+
readonly s3PolicyBypassPrincipalARNs?: string[];
|
|
77
100
|
/**
|
|
78
|
-
*
|
|
101
|
+
* (experimental) Applies when using s3StrictBucketPolicy = true.
|
|
102
|
+
*
|
|
103
|
+
* AROAs of the IAM Role to exclude from the DENY rules on the S3 Bucket Policy.
|
|
104
|
+
* This allows sessions that assume the IAM Role to be excluded from the
|
|
105
|
+
* DENY rules on the S3 Bucket Policy.
|
|
106
|
+
*
|
|
107
|
+
* Typically any admin roles / users that need to view or manage the S3 Bucket
|
|
108
|
+
* would be added to this list.
|
|
109
|
+
*
|
|
110
|
+
* Roles / users that are used directly, not assumed, can be added to `s3PolicyBypassRoleNames` instead.
|
|
111
|
+
*
|
|
112
|
+
* Note: This AROA must be specified to prevent this policy from locking
|
|
113
|
+
* out non-root sessions that have assumed the admin role.
|
|
114
|
+
*
|
|
115
|
+
* The notPrincipals will only match the role name exactly and will not match
|
|
116
|
+
* any session that has assumed the role since notPrincipals does not allow
|
|
117
|
+
* wildcard matches and does not do wildcard matches implicitly either.
|
|
118
|
+
*
|
|
119
|
+
* The AROA must be used because there are only 3 Principal variables available:
|
|
120
|
+
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable
|
|
121
|
+
* aws:username, aws:userid, aws:PrincipalTag
|
|
122
|
+
*
|
|
123
|
+
* For an assumed role, aws:username is blank, aws:userid is:
|
|
124
|
+
* [unique id AKA AROA for Role]:[session name]
|
|
125
|
+
*
|
|
126
|
+
* Table of unique ID prefixes such as AROA:
|
|
127
|
+
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-prefixes
|
|
128
|
+
*
|
|
129
|
+
* The name of the role is simply not available for an assumed role and, if it was,
|
|
130
|
+
* a complicated comparison would be requierd to prevent exclusion
|
|
131
|
+
* of applying the Deny Rule to roles from other accounts.
|
|
132
|
+
*
|
|
133
|
+
* To get the AROA with the AWS CLI:
|
|
134
|
+
* aws iam get-role --role-name ROLE-NAME
|
|
135
|
+
* aws iam get-user -–user-name USER-NAME
|
|
136
|
+
*
|
|
137
|
+
* @see s3StrictBucketPolicy
|
|
138
|
+
* @experimental
|
|
139
|
+
* @example
|
|
140
|
+
*
|
|
141
|
+
* [ 'AROA1234567890123' ]
|
|
79
142
|
*/
|
|
80
|
-
readonly
|
|
143
|
+
readonly s3PolicyBypassAROAs?: string[];
|
|
81
144
|
/**
|
|
82
|
-
* Path prefix on the root of the deployment.
|
|
145
|
+
* (experimental) Path prefix on the root of the deployment.
|
|
83
146
|
*
|
|
84
147
|
* @default none
|
|
85
|
-
* @
|
|
148
|
+
* @experimental
|
|
86
149
|
* @example
|
|
87
150
|
*
|
|
88
151
|
* dev/
|
|
@@ -90,44 +153,59 @@ export interface MicroAppsSvcsProps {
|
|
|
90
153
|
readonly rootPathPrefix?: string;
|
|
91
154
|
}
|
|
92
155
|
/**
|
|
93
|
-
*
|
|
156
|
+
* (experimental) Represents a MicroApps Services.
|
|
157
|
+
*
|
|
158
|
+
* @experimental
|
|
94
159
|
*/
|
|
95
160
|
export interface IMicroAppsSvcs {
|
|
96
161
|
/**
|
|
97
|
-
* DynamoDB table used by Router, Deployer, and Release console app.
|
|
162
|
+
* (experimental) DynamoDB table used by Router, Deployer, and Release console app.
|
|
98
163
|
*
|
|
99
|
-
* @
|
|
164
|
+
* @experimental
|
|
100
165
|
*/
|
|
101
166
|
readonly table: dynamodb.ITable;
|
|
102
167
|
/**
|
|
103
|
-
* Lambda function for the Deployer.
|
|
168
|
+
* (experimental) Lambda function for the Deployer.
|
|
104
169
|
*
|
|
105
|
-
* @
|
|
170
|
+
* @experimental
|
|
106
171
|
*/
|
|
107
172
|
readonly deployerFunc: lambda.IFunction;
|
|
173
|
+
/**
|
|
174
|
+
* (experimental) Lambda function for the Router.
|
|
175
|
+
*
|
|
176
|
+
* @experimental
|
|
177
|
+
*/
|
|
178
|
+
readonly routerFunc: lambda.IFunction;
|
|
108
179
|
}
|
|
109
180
|
/**
|
|
110
|
-
*
|
|
181
|
+
* (experimental) Create a new MicroApps Services construct, including the Deployer and Router Lambda Functions, and the DynamoDB Table used by both.
|
|
182
|
+
*
|
|
183
|
+
* @experimental
|
|
111
184
|
*/
|
|
112
185
|
export declare class MicroAppsSvcs extends Construct implements IMicroAppsSvcs {
|
|
113
186
|
private _table;
|
|
114
187
|
/**
|
|
115
|
-
* DynamoDB table used by Router, Deployer, and Release console app.
|
|
188
|
+
* (experimental) DynamoDB table used by Router, Deployer, and Release console app.
|
|
116
189
|
*
|
|
117
|
-
* @
|
|
190
|
+
* @experimental
|
|
118
191
|
*/
|
|
119
192
|
get table(): dynamodb.ITable;
|
|
120
193
|
private _deployerFunc;
|
|
121
194
|
/**
|
|
122
|
-
* Lambda function for the Deployer.
|
|
195
|
+
* (experimental) Lambda function for the Deployer.
|
|
123
196
|
*
|
|
124
|
-
* @
|
|
197
|
+
* @experimental
|
|
125
198
|
*/
|
|
126
199
|
get deployerFunc(): lambda.IFunction;
|
|
200
|
+
private _routerFunc;
|
|
127
201
|
/**
|
|
128
|
-
*
|
|
202
|
+
* (experimental) Lambda function for the Router.
|
|
129
203
|
*
|
|
130
|
-
* @
|
|
204
|
+
* @experimental
|
|
205
|
+
*/
|
|
206
|
+
get routerFunc(): lambda.IFunction;
|
|
207
|
+
/**
|
|
208
|
+
* @experimental
|
|
131
209
|
*/
|
|
132
210
|
constructor(scope: Construct, id: string, props?: MicroAppsSvcsProps);
|
|
133
211
|
}
|