@quiltdata/benchling-webhook 0.9.0-20251129T071202Z → 0.9.0-20251204T020520Z
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +63 -47
- package/cdk.json +1 -0
- package/dist/bin/benchling-webhook.js +13 -0
- package/dist/bin/benchling-webhook.js.map +1 -1
- package/dist/bin/commands/deploy.d.ts.map +1 -1
- package/dist/bin/commands/deploy.js +61 -98
- package/dist/bin/commands/deploy.js.map +1 -1
- package/dist/bin/commands/destroy.d.ts +0 -1
- package/dist/bin/commands/destroy.d.ts.map +1 -1
- package/dist/bin/commands/destroy.js +0 -1
- package/dist/bin/commands/destroy.js.map +1 -1
- package/dist/bin/commands/infer-quilt-config.d.ts.map +1 -1
- package/dist/bin/commands/infer-quilt-config.js +13 -10
- package/dist/bin/commands/infer-quilt-config.js.map +1 -1
- package/dist/bin/commands/setup-profile.js +1 -1
- package/dist/bin/commands/setup-profile.js.map +1 -1
- package/dist/bin/commands/setup-wizard.d.ts.map +1 -1
- package/dist/bin/commands/setup-wizard.js +1 -0
- package/dist/bin/commands/setup-wizard.js.map +1 -1
- package/dist/lib/benchling-webhook-stack.d.ts +1 -0
- package/dist/lib/benchling-webhook-stack.d.ts.map +1 -1
- package/dist/lib/benchling-webhook-stack.js +77 -33
- package/dist/lib/benchling-webhook-stack.js.map +1 -1
- package/dist/lib/fargate-service.d.ts +5 -4
- package/dist/lib/fargate-service.d.ts.map +1 -1
- package/dist/lib/fargate-service.js +9 -19
- package/dist/lib/fargate-service.js.map +1 -1
- package/dist/lib/index.d.ts +1 -1
- package/dist/lib/index.js +3 -3
- package/dist/lib/network-load-balancer.d.ts +27 -0
- package/dist/lib/network-load-balancer.d.ts.map +1 -0
- package/dist/lib/network-load-balancer.js +109 -0
- package/dist/lib/network-load-balancer.js.map +1 -0
- package/dist/lib/rest-api-gateway.d.ts +22 -0
- package/dist/lib/rest-api-gateway.d.ts.map +1 -0
- package/dist/lib/rest-api-gateway.js +212 -0
- package/dist/lib/rest-api-gateway.js.map +1 -0
- package/dist/lib/types/config.d.ts +38 -5
- package/dist/lib/types/config.d.ts.map +1 -1
- package/dist/lib/types/config.js.map +1 -1
- package/dist/lib/utils/service-resolver.d.ts +1 -1
- package/dist/lib/utils/service-resolver.js +1 -1
- package/dist/lib/wizard/phase2-stack-query.d.ts.map +1 -1
- package/dist/lib/wizard/phase2-stack-query.js +46 -21
- package/dist/lib/wizard/phase2-stack-query.js.map +1 -1
- package/dist/lib/wizard/phase3-parameter-collection.d.ts.map +1 -1
- package/dist/lib/wizard/phase3-parameter-collection.js +101 -67
- package/dist/lib/wizard/phase3-parameter-collection.js.map +1 -1
- package/dist/lib/wizard/types.d.ts +11 -0
- package/dist/lib/wizard/types.d.ts.map +1 -1
- package/dist/package.json +4 -9
- package/dist/scripts/discover-vpc.js +12 -11
- package/dist/scripts/discover-vpc.js.map +1 -1
- package/package.json +4 -9
- package/dist/lib/http-api-gateway.d.ts +0 -21
- package/dist/lib/http-api-gateway.d.ts.map +0 -1
- package/dist/lib/http-api-gateway.js +0 -153
- package/dist/lib/http-api-gateway.js.map +0 -1
- package/dist/lib/waf-web-acl.d.ts +0 -51
- package/dist/lib/waf-web-acl.d.ts.map +0 -1
- package/dist/lib/waf-web-acl.js +0 -192
- package/dist/lib/waf-web-acl.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fargate-service.d.ts","sourceRoot":"","sources":["../../lib/fargate-service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"fargate-service.d.ts","sourceRoot":"","sources":["../../lib/fargate-service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,KAAK,MAAM,wCAAwC,CAAC;AAEhE,OAAO,KAAK,IAAI,MAAM,sBAAsB,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE/C;;;;;;;;;GASG;AACH,MAAM,WAAW,mBAAmB;IAChC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC;IACvB,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,GAAG,CAAC,WAAW,CAAC;IACxC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,mBAAmB,CAAC;IAChD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAI/B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IAGjC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAGtC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAG/B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,qBAAa,cAAe,SAAQ,SAAS;IACzC,SAAgB,OAAO,EAAE,GAAG,CAAC,cAAc,CAAC;IAC5C,SAAgB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC;IACrC,SAAgB,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;IACzC,SAAgB,aAAa,EAAE,GAAG,CAAC,cAAc,CAAC;IAElD;;;;;;;;;OASG;IACH,OAAO,CAAC,iBAAiB;gBAoBb,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB;CA4UvE"}
|
|
@@ -37,7 +37,6 @@ exports.FargateService = void 0;
|
|
|
37
37
|
const cdk = __importStar(require("aws-cdk-lib"));
|
|
38
38
|
const ec2 = __importStar(require("aws-cdk-lib/aws-ec2"));
|
|
39
39
|
const ecs = __importStar(require("aws-cdk-lib/aws-ecs"));
|
|
40
|
-
const servicediscovery = __importStar(require("aws-cdk-lib/aws-servicediscovery"));
|
|
41
40
|
const iam = __importStar(require("aws-cdk-lib/aws-iam"));
|
|
42
41
|
const logs = __importStar(require("aws-cdk-lib/aws-logs"));
|
|
43
42
|
const constructs_1 = require("constructs");
|
|
@@ -289,41 +288,32 @@ class FargateService extends constructs_1.Construct {
|
|
|
289
288
|
protocol: ecs.Protocol.TCP,
|
|
290
289
|
});
|
|
291
290
|
// Create Security Group for Fargate tasks
|
|
292
|
-
|
|
291
|
+
this.securityGroup = new ec2.SecurityGroup(this, "FargateSecurityGroup", {
|
|
293
292
|
vpc: props.vpc,
|
|
294
293
|
description: "Security group for Benchling webhook Fargate tasks",
|
|
295
294
|
allowAllOutbound: true,
|
|
296
295
|
});
|
|
297
|
-
// Allow
|
|
298
|
-
|
|
299
|
-
// Create Fargate Service
|
|
296
|
+
// Allow traffic from NLB to reach the service on 8080
|
|
297
|
+
this.securityGroup.addIngressRule(ec2.Peer.ipv4(props.vpc.vpcCidrBlock), ec2.Port.tcp(8080), "Allow VPC traffic to service");
|
|
298
|
+
// Create Fargate Service with NLB target group integration
|
|
299
|
+
// Replaced Cloud Map with NLB for reliable health checks
|
|
300
300
|
this.service = new ecs.FargateService(this, "Service", {
|
|
301
301
|
cluster: this.cluster,
|
|
302
302
|
taskDefinition: taskDefinition,
|
|
303
303
|
desiredCount: 2,
|
|
304
304
|
serviceName: "benchling-webhook-service",
|
|
305
305
|
assignPublicIp: false,
|
|
306
|
-
securityGroups: [
|
|
306
|
+
securityGroups: [this.securityGroup],
|
|
307
307
|
healthCheckGracePeriod: cdk.Duration.seconds(60),
|
|
308
308
|
minHealthyPercent: 50,
|
|
309
309
|
maxHealthyPercent: 200,
|
|
310
310
|
circuitBreaker: {
|
|
311
311
|
rollback: true,
|
|
312
312
|
},
|
|
313
|
-
cloudMapOptions: {
|
|
314
|
-
name: "benchling-webhook",
|
|
315
|
-
cloudMapNamespace: new servicediscovery.PrivateDnsNamespace(this, "ServiceDiscoveryNamespace", {
|
|
316
|
-
name: "benchling.local",
|
|
317
|
-
vpc: props.vpc,
|
|
318
|
-
description: "Service discovery namespace for Benchling webhook",
|
|
319
|
-
}),
|
|
320
|
-
dnsRecordType: servicediscovery.DnsRecordType.A,
|
|
321
|
-
dnsTtl: cdk.Duration.seconds(30),
|
|
322
|
-
container,
|
|
323
|
-
containerPort: 8080,
|
|
324
|
-
},
|
|
325
313
|
});
|
|
326
|
-
|
|
314
|
+
// Register ECS service with NLB target group
|
|
315
|
+
// The NLB will perform HTTP health checks on /health endpoint
|
|
316
|
+
this.service.attachToNetworkTargetGroup(props.targetGroup);
|
|
327
317
|
// Configure auto-scaling
|
|
328
318
|
const scaling = this.service.autoScaleTaskCount({
|
|
329
319
|
minCapacity: 2,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fargate-service.js","sourceRoot":"","sources":["../../lib/fargate-service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,yDAA2C;AAE3C,yDAA2C;
|
|
1
|
+
{"version":3,"file":"fargate-service.js","sourceRoot":"","sources":["../../lib/fargate-service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,yDAA2C;AAE3C,yDAA2C;AAE3C,yDAA2C;AAC3C,2DAA6C;AAC7C,2CAAuC;AA2CvC,MAAa,cAAe,SAAQ,sBAAS;IAMzC;;;;;;;;;OASG;IACK,iBAAiB,CAAC,GAAW;QACjC,IAAI,CAAC,GAAG,EAAE,CAAC;YACP,OAAO,EAAE,CAAC;QACd,CAAC;QACD,uEAAuE;QACvE,2DAA2D;QAC3D,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,OAAO,GAAG,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE1B,gEAAgE;QAChE,sEAAsE;QACtE,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;QAE/D,OAAO,aAAa,CAAC;IACzB,CAAC;IAED,YAAY,KAAgB,EAAE,EAAU,EAAE,KAA0B;QAChE,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;QAEzB,qBAAqB;QACrB,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,yBAAyB,EAAE;YAC5D,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,WAAW,EAAE,2BAA2B;YACxC,8BAA8B,EAAE,IAAI;SACvC,CAAC,CAAC;QAEH,2CAA2C;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAA8B,CAAC;QACpE,UAAU,CAAC,eAAe,GAAG;YACzB;gBACI,IAAI,EAAE,mBAAmB;gBACzB,KAAK,EAAE,SAAS;aACnB;SACJ,CAAC;QAEF,iDAAiD;QACjD,yEAAyE;QACzE,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC;QAC/C,IAAI,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,mBAAmB,EAAE;YACzD,YAAY,EAAE,SAAS;YACvB,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ;YACtC,aAAa,EAAE,GAAG,CAAC,aAAa,CAAC,OAAO;SAC3C,CAAC,CAAC;QAEH,yEAAyE;QACzE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,mBAAmB,EAAE;YAC9D,SAAS,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC,yBAAyB,CAAC;YAC9D,eAAe,EAAE;gBACb,GAAG,CAAC,aAAa,CAAC,wBAAwB,CACtC,+CAA+C,CAClD;aACJ;SACJ,CAAC,CAAC;QAEH,kEAAkE;QAClE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE;YAC5C,SAAS,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC,yBAAyB,CAAC;SACjE,CAAC,CAAC;QAEH,qEAAqE;QACrE,4DAA4D;QAC5D,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,SAAS,IAAI,KAAK,CAAC,eAAe,CAAC;QACtE,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,+BAA+B;gBAC/B,+BAA+B;aAClC;YACD,SAAS,EAAE;gBACP,SAAS;gBACT,GAAG,SAAS,GAAG,EAAE,2BAA2B;aAC/C;SACJ,CAAC,CACL,CAAC;QAEF,kDAAkD;QAClD,2DAA2D;QAC3D,MAAM,gBAAgB,GAAG,gBAAgB,KAAK,CAAC,aAAa,EAAE,CAAC;QAC/D,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,cAAc;gBACd,wBAAwB;gBACxB,qBAAqB;gBACrB,qBAAqB;gBACrB,+BAA+B;gBAC/B,4BAA4B;gBAC5B,eAAe;gBACf,uBAAuB;gBACvB,iBAAiB;gBACjB,wBAAwB;gBACxB,cAAc;gBACd,qBAAqB;gBACrB,0BAA0B;gBAC1B,0BAA0B;aAC7B;YACD,SAAS,EAAE;gBACP,gBAAgB;gBAChB,GAAG,gBAAgB,IAAI;aAC1B;SACJ,CAAC,CACL,CAAC;QAEF,8EAA8E;QAC9E,sEAAsE;QACtE,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;YACrB,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;gBACpB,OAAO,EAAE,CAAC,gBAAgB,CAAC;gBAC3B,SAAS,EAAE;oBACP,uDAAuD;oBACvD,oEAAoE;oBACpE,2CAA2C;iBAC9C;aACJ,CAAC,CACL,CAAC;QACN,CAAC;QAED,oEAAoE;QACpE,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,iBAAiB;gBACjB,iBAAiB;gBACjB,wBAAwB;aAC3B;YACD,SAAS,EAAE;gBACP,eAAe,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI;aACjG;SACJ,CAAC,CACL,CAAC;QAEF,oDAAoD;QACpD,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;QAChE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;QACxC,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,kBAAkB;gBAClB,eAAe;gBACf,oBAAoB;aACvB;YACD,SAAS,EAAE;gBACP,gBAAgB,MAAM,IAAI,OAAO,UAAU;gBAC3C,gBAAgB,MAAM,IAAI,OAAO,aAAa,KAAK,CAAC,aAAa,EAAE;gBACnE,gBAAgB,MAAM,IAAI,OAAO,UAAU,KAAK,CAAC,aAAa,IAAI;aACrE;SACJ,CAAC,CACL,CAAC;QAEF,wDAAwD;QACxD,+EAA+E;QAC/E,MAAM,gBAAgB,GAAG,KAAK,CAAC,mBAAmB;YAC9C,CAAC,CAAC;gBACE,wCAAwC;gBACxC,kBAAkB,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,cAAc,KAAK,CAAC,mBAAmB,EAAE;gBACtI,gCAAgC;gBAChC,kBAAkB,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,oBAAoB;aACpH;YACD,CAAC,CAAC;gBACE,oDAAoD;gBACpD,kBAAkB,MAAM,CAAC,UAAU,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,oBAAoB;aACpH,CAAC;QAEN,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,4BAA4B;gBAC5B,0BAA0B;gBAC1B,wBAAwB;gBACxB,2BAA2B;gBAC3B,qBAAqB;aACxB;YACD,SAAS,EAAE,gBAAgB;SAC9B,CAAC,CACL,CAAC;QAEF,2CAA2C;QAC3C,oFAAoF;QACpF,MAAM,oBAAoB,GAAG,KAAK,CAAC,mBAAmB;YAClD,CAAC,CAAC;gBACE,6CAA6C;gBAC7C,gBAAgB,KAAK,CAAC,mBAAmB,EAAE;gBAC3C,gBAAgB,KAAK,CAAC,mBAAmB,IAAI;gBAC7C,6BAA6B;gBAC7B,yCAAyC,OAAO,IAAI,MAAM,EAAE;gBAC5D,yCAAyC,OAAO,IAAI,MAAM,IAAI;aACjE;YACD,CAAC,CAAC;gBACE,8CAA8C;gBAC9C,yCAAyC,OAAO,IAAI,MAAM,EAAE;gBAC5D,yCAAyC,OAAO,IAAI,MAAM,IAAI;aACjE,CAAC;QAEN,QAAQ,CAAC,WAAW,CAChB,IAAI,GAAG,CAAC,eAAe,CAAC;YACpB,OAAO,EAAE;gBACL,sBAAsB;gBACtB,cAAc;gBACd,eAAe;gBACf,uBAAuB;gBACvB,cAAc;gBACd,+BAA+B;gBAC/B,iBAAiB;aACpB;YACD,SAAS,EAAE,oBAAoB;SAClC,CAAC,CACL,CAAC;QAEF,iCAAiC;QACjC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,qBAAqB,CAAC,IAAI,EAAE,gBAAgB,EAAE;YACzE,cAAc,EAAE,IAAI;YACpB,GAAG,EAAE,IAAI;YACT,aAAa,EAAE,iBAAiB;YAChC,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,wBAAwB;SACnC,CAAC,CAAC;QAEH,yDAAyD;QACzD,8EAA8E;QAC9E,sFAAsF;QACtF,kFAAkF;QAClF,MAAM,eAAe,GAA8B;YAC/C,oBAAoB;YACpB,UAAU,EAAE,MAAM;YAClB,kBAAkB,EAAE,MAAM;YAC1B,IAAI,EAAE,MAAM;YAEZ,iEAAiE;YACjE,cAAc,EAAE,KAAK,CAAC,YAAY;YAClC,oBAAoB,EAAE,KAAK,CAAC,kBAAkB;YAC9C,qBAAqB,EAAE,KAAK,CAAC,mBAAmB,IAAI,SAAS;YAC7D,6EAA6E;YAC7E,GAAG,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,KAAK,CAAC,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1F,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,KAAK,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7E,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,iBAAiB,EAAE,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChF,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;YAExC,sDAAsD;YACtD,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,KAAK,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAE3E,8EAA8E;YAC9E,eAAe,EAAE,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,eAAe,CAAC;YAE9D,qEAAqE;YACrE,2BAA2B,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,kBAAkB,KAAK,KAAK,CAAC;YAElF,4BAA4B;YAC5B,OAAO,EAAE,YAAY;YACrB,SAAS,EAAE,KAAK,CAAC,QAAQ,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,IAAI,MAAM;SAC/D,CAAC;QAEF,4CAA4C;QAC5C,MAAM,SAAS,GAAG,cAAc,CAAC,YAAY,CAAC,2BAA2B,EAAE;YACvE,KAAK,EAAE,GAAG,CAAC,cAAc,CAAC,iBAAiB,CACvC,KAAK,CAAC,aAAa,EACnB,KAAK,CAAC,QAAQ,IAAI,QAAQ,CAC7B;YACD,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC;gBAC3B,YAAY,EAAE,mBAAmB;gBACjC,QAAQ,EAAE,IAAI,CAAC,QAAQ;aAC1B,CAAC;YACF,WAAW,EAAE,eAAe;YAC5B,WAAW,EAAE;gBACT,OAAO,EAAE,CAAC,WAAW,EAAE,gDAAgD,CAAC;gBACxE,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClC,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjC,OAAO,EAAE,CAAC;gBACV,WAAW,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;aACxC;SACJ,CAAC,CAAC;QAEH,qBAAqB;QACrB,SAAS,CAAC,eAAe,CAAC;YACtB,aAAa,EAAE,IAAI;YACnB,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,GAAG;SAC7B,CAAC,CAAC;QAEH,0CAA0C;QAC1C,IAAI,CAAC,aAAa,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,sBAAsB,EAAE;YACrE,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,WAAW,EAAE,oDAAoD;YACjE,gBAAgB,EAAE,IAAI;SACzB,CAAC,CAAC;QAEH,sDAAsD;QACtD,IAAI,CAAC,aAAa,CAAC,cAAc,CAC7B,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,EACrC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAClB,8BAA8B,CACjC,CAAC;QAEF,2DAA2D;QAC3D,yDAAyD;QACzD,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,SAAS,EAAE;YACnD,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,cAAc,EAAE,cAAc;YAC9B,YAAY,EAAE,CAAC;YACf,WAAW,EAAE,2BAA2B;YACxC,cAAc,EAAE,KAAK;YACrB,cAAc,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC;YACpC,sBAAsB,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAChD,iBAAiB,EAAE,EAAE;YACrB,iBAAiB,EAAE,GAAG;YACtB,cAAc,EAAE;gBACZ,QAAQ,EAAE,IAAI;aACjB;SACJ,CAAC,CAAC;QAEH,6CAA6C;QAC7C,8DAA8D;QAC9D,IAAI,CAAC,OAAO,CAAC,0BAA0B,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAE3D,yBAAyB;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC;YAC5C,WAAW,EAAE,CAAC;YACd,WAAW,EAAE,EAAE;SAClB,CAAC,CAAC;QAEH,iCAAiC;QACjC,OAAO,CAAC,qBAAqB,CAAC,YAAY,EAAE;YACxC,wBAAwB,EAAE,EAAE;YAC5B,eAAe,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC;YAC1C,gBAAgB,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;SAC7C,CAAC,CAAC;QAEH,oCAAoC;QACpC,OAAO,CAAC,wBAAwB,CAAC,eAAe,EAAE;YAC9C,wBAAwB,EAAE,EAAE;YAC5B,eAAe,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC;YAC1C,gBAAgB,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;SAC7C,CAAC,CAAC;QAEH,UAAU;QACV,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;YACnC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;YAC/B,WAAW,EAAE,kBAAkB;YAC/B,UAAU,EAAE,6BAA6B;SAC5C,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;YACnC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;YAC/B,WAAW,EAAE,kBAAkB;YAC/B,UAAU,EAAE,6BAA6B;SAC5C,CAAC,CAAC;IACP,CAAC;CACJ;AAhXD,wCAgXC"}
|
package/dist/lib/index.d.ts
CHANGED
|
@@ -26,6 +26,6 @@
|
|
|
26
26
|
*/
|
|
27
27
|
export { BenchlingWebhookStack, type BenchlingWebhookStackProps } from "./benchling-webhook-stack";
|
|
28
28
|
export { FargateService } from "./fargate-service";
|
|
29
|
-
export {
|
|
29
|
+
export { RestApiGateway } from "./rest-api-gateway";
|
|
30
30
|
export { EcrRepository } from "./ecr-repository";
|
|
31
31
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/lib/index.js
CHANGED
|
@@ -26,13 +26,13 @@
|
|
|
26
26
|
* @module quilt-benchling-webhook
|
|
27
27
|
*/
|
|
28
28
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
|
-
exports.EcrRepository = exports.
|
|
29
|
+
exports.EcrRepository = exports.RestApiGateway = exports.FargateService = exports.BenchlingWebhookStack = void 0;
|
|
30
30
|
var benchling_webhook_stack_1 = require("./benchling-webhook-stack");
|
|
31
31
|
Object.defineProperty(exports, "BenchlingWebhookStack", { enumerable: true, get: function () { return benchling_webhook_stack_1.BenchlingWebhookStack; } });
|
|
32
32
|
var fargate_service_1 = require("./fargate-service");
|
|
33
33
|
Object.defineProperty(exports, "FargateService", { enumerable: true, get: function () { return fargate_service_1.FargateService; } });
|
|
34
|
-
var
|
|
35
|
-
Object.defineProperty(exports, "
|
|
34
|
+
var rest_api_gateway_1 = require("./rest-api-gateway");
|
|
35
|
+
Object.defineProperty(exports, "RestApiGateway", { enumerable: true, get: function () { return rest_api_gateway_1.RestApiGateway; } });
|
|
36
36
|
var ecr_repository_1 = require("./ecr-repository");
|
|
37
37
|
Object.defineProperty(exports, "EcrRepository", { enumerable: true, get: function () { return ecr_repository_1.EcrRepository; } });
|
|
38
38
|
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import * as ec2 from "aws-cdk-lib/aws-ec2";
|
|
2
|
+
import * as elbv2 from "aws-cdk-lib/aws-elasticloadbalancingv2";
|
|
3
|
+
import { Construct } from "constructs";
|
|
4
|
+
export interface NetworkLoadBalancerProps {
|
|
5
|
+
readonly vpc: ec2.IVpc;
|
|
6
|
+
}
|
|
7
|
+
/**
|
|
8
|
+
* Network Load Balancer for ECS Fargate service
|
|
9
|
+
*
|
|
10
|
+
* Provides reliable health checks and routing for ECS tasks.
|
|
11
|
+
* Replaces Cloud Map service discovery which has issues with custom health checks.
|
|
12
|
+
*
|
|
13
|
+
* Architecture:
|
|
14
|
+
* - Internal NLB (not internet-facing)
|
|
15
|
+
* - TCP listener on port 80
|
|
16
|
+
* - Target Group with IP targets for ECS Fargate tasks
|
|
17
|
+
* - HTTP health checks on /health endpoint
|
|
18
|
+
*
|
|
19
|
+
* @since v0.9.0
|
|
20
|
+
*/
|
|
21
|
+
export declare class NetworkLoadBalancer extends Construct {
|
|
22
|
+
readonly loadBalancer: elbv2.NetworkLoadBalancer;
|
|
23
|
+
readonly targetGroup: elbv2.NetworkTargetGroup;
|
|
24
|
+
readonly listener: elbv2.NetworkListener;
|
|
25
|
+
constructor(scope: Construct, id: string, props: NetworkLoadBalancerProps);
|
|
26
|
+
}
|
|
27
|
+
//# sourceMappingURL=network-load-balancer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"network-load-balancer.d.ts","sourceRoot":"","sources":["../../lib/network-load-balancer.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,KAAK,MAAM,wCAAwC,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,MAAM,WAAW,wBAAwB;IACrC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC;CAC1B;AAED;;;;;;;;;;;;;GAaG;AACH,qBAAa,mBAAoB,SAAQ,SAAS;IAC9C,SAAgB,YAAY,EAAE,KAAK,CAAC,mBAAmB,CAAC;IACxD,SAAgB,WAAW,EAAE,KAAK,CAAC,kBAAkB,CAAC;IACtD,SAAgB,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC;gBAEpC,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,wBAAwB;CA0D5E"}
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.NetworkLoadBalancer = void 0;
|
|
37
|
+
const cdk = __importStar(require("aws-cdk-lib"));
|
|
38
|
+
const elbv2 = __importStar(require("aws-cdk-lib/aws-elasticloadbalancingv2"));
|
|
39
|
+
const constructs_1 = require("constructs");
|
|
40
|
+
/**
|
|
41
|
+
* Network Load Balancer for ECS Fargate service
|
|
42
|
+
*
|
|
43
|
+
* Provides reliable health checks and routing for ECS tasks.
|
|
44
|
+
* Replaces Cloud Map service discovery which has issues with custom health checks.
|
|
45
|
+
*
|
|
46
|
+
* Architecture:
|
|
47
|
+
* - Internal NLB (not internet-facing)
|
|
48
|
+
* - TCP listener on port 80
|
|
49
|
+
* - Target Group with IP targets for ECS Fargate tasks
|
|
50
|
+
* - HTTP health checks on /health endpoint
|
|
51
|
+
*
|
|
52
|
+
* @since v0.9.0
|
|
53
|
+
*/
|
|
54
|
+
class NetworkLoadBalancer extends constructs_1.Construct {
|
|
55
|
+
constructor(scope, id, props) {
|
|
56
|
+
super(scope, id);
|
|
57
|
+
// Create internal Network Load Balancer
|
|
58
|
+
// Internal = only accessible within VPC (not from internet)
|
|
59
|
+
this.loadBalancer = new elbv2.NetworkLoadBalancer(this, "LoadBalancer", {
|
|
60
|
+
vpc: props.vpc,
|
|
61
|
+
internetFacing: false,
|
|
62
|
+
vpcSubnets: {
|
|
63
|
+
subnets: props.vpc.privateSubnets,
|
|
64
|
+
},
|
|
65
|
+
crossZoneEnabled: true, // Distribute traffic evenly across AZs
|
|
66
|
+
});
|
|
67
|
+
// Create Target Group for ECS tasks
|
|
68
|
+
// IP target type is required for Fargate tasks
|
|
69
|
+
this.targetGroup = new elbv2.NetworkTargetGroup(this, "TargetGroup", {
|
|
70
|
+
vpc: props.vpc,
|
|
71
|
+
port: 8080,
|
|
72
|
+
protocol: elbv2.Protocol.TCP,
|
|
73
|
+
targetType: elbv2.TargetType.IP, // Required for Fargate
|
|
74
|
+
deregistrationDelay: cdk.Duration.seconds(30), // Quick deregistration
|
|
75
|
+
// HTTP health checks for application health
|
|
76
|
+
// NLB supports HTTP health checks even with TCP listener
|
|
77
|
+
healthCheck: {
|
|
78
|
+
enabled: true,
|
|
79
|
+
protocol: elbv2.Protocol.HTTP,
|
|
80
|
+
path: "/health",
|
|
81
|
+
interval: cdk.Duration.seconds(30),
|
|
82
|
+
timeout: cdk.Duration.seconds(10),
|
|
83
|
+
healthyThresholdCount: 2, // 2 successful checks = healthy
|
|
84
|
+
unhealthyThresholdCount: 3, // 3 failed checks = unhealthy
|
|
85
|
+
healthyHttpCodes: "200",
|
|
86
|
+
},
|
|
87
|
+
});
|
|
88
|
+
// Create TCP listener on port 80
|
|
89
|
+
// API Gateway will connect to this via VPC Link
|
|
90
|
+
this.listener = this.loadBalancer.addListener("Listener", {
|
|
91
|
+
port: 80,
|
|
92
|
+
protocol: elbv2.Protocol.TCP,
|
|
93
|
+
defaultTargetGroups: [this.targetGroup],
|
|
94
|
+
});
|
|
95
|
+
// Outputs for debugging
|
|
96
|
+
new cdk.CfnOutput(this, "LoadBalancerDnsName", {
|
|
97
|
+
value: this.loadBalancer.loadBalancerDnsName,
|
|
98
|
+
description: "Network Load Balancer DNS name",
|
|
99
|
+
exportName: "BenchlingWebhookNLBDnsName",
|
|
100
|
+
});
|
|
101
|
+
new cdk.CfnOutput(this, "TargetGroupArn", {
|
|
102
|
+
value: this.targetGroup.targetGroupArn,
|
|
103
|
+
description: "Target Group ARN for ECS tasks",
|
|
104
|
+
exportName: "BenchlingWebhookTargetGroupArn",
|
|
105
|
+
});
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
exports.NetworkLoadBalancer = NetworkLoadBalancer;
|
|
109
|
+
//# sourceMappingURL=network-load-balancer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"network-load-balancer.js","sourceRoot":"","sources":["../../lib/network-load-balancer.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AAEnC,8EAAgE;AAChE,2CAAuC;AAMvC;;;;;;;;;;;;;GAaG;AACH,MAAa,mBAAoB,SAAQ,sBAAS;IAK9C,YAAY,KAAgB,EAAE,EAAU,EAAE,KAA+B;QACrE,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAEjB,wCAAwC;QACxC,4DAA4D;QAC5D,IAAI,CAAC,YAAY,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,IAAI,EAAE,cAAc,EAAE;YACpE,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,cAAc,EAAE,KAAK;YACrB,UAAU,EAAE;gBACR,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,cAAc;aACpC;YACD,gBAAgB,EAAE,IAAI,EAAE,uCAAuC;SAClE,CAAC,CAAC;QAEH,oCAAoC;QACpC,+CAA+C;QAC/C,IAAI,CAAC,WAAW,GAAG,IAAI,KAAK,CAAC,kBAAkB,CAAC,IAAI,EAAE,aAAa,EAAE;YACjE,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,IAAI,EAAE,IAAI;YACV,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,GAAG;YAC5B,UAAU,EAAE,KAAK,CAAC,UAAU,CAAC,EAAE,EAAE,uBAAuB;YACxD,mBAAmB,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,uBAAuB;YAEtE,4CAA4C;YAC5C,yDAAyD;YACzD,WAAW,EAAE;gBACT,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,IAAI;gBAC7B,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClC,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjC,qBAAqB,EAAE,CAAC,EAAG,gCAAgC;gBAC3D,uBAAuB,EAAE,CAAC,EAAE,8BAA8B;gBAC1D,gBAAgB,EAAE,KAAK;aAC1B;SACJ,CAAC,CAAC;QAEH,iCAAiC;QACjC,gDAAgD;QAChD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,UAAU,EAAE;YACtD,IAAI,EAAE,EAAE;YACR,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,GAAG;YAC5B,mBAAmB,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC;SAC1C,CAAC,CAAC;QAEH,wBAAwB;QACxB,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,qBAAqB,EAAE;YAC3C,KAAK,EAAE,IAAI,CAAC,YAAY,CAAC,mBAAmB;YAC5C,WAAW,EAAE,gCAAgC;YAC7C,UAAU,EAAE,4BAA4B;SAC3C,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,gBAAgB,EAAE;YACtC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,cAAc;YACtC,WAAW,EAAE,gCAAgC;YAC7C,UAAU,EAAE,gCAAgC;SAC/C,CAAC,CAAC;IACP,CAAC;CACJ;AA/DD,kDA+DC"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import * as apigateway from "aws-cdk-lib/aws-apigateway";
|
|
2
|
+
import * as ec2 from "aws-cdk-lib/aws-ec2";
|
|
3
|
+
import * as elbv2 from "aws-cdk-lib/aws-elasticloadbalancingv2";
|
|
4
|
+
import * as logs from "aws-cdk-lib/aws-logs";
|
|
5
|
+
import { Construct } from "constructs";
|
|
6
|
+
import { ProfileConfig } from "./types/config";
|
|
7
|
+
export interface RestApiGatewayProps {
|
|
8
|
+
readonly vpc: ec2.IVpc;
|
|
9
|
+
readonly networkLoadBalancer: elbv2.INetworkLoadBalancer;
|
|
10
|
+
readonly nlbListener: elbv2.INetworkListener;
|
|
11
|
+
readonly serviceSecurityGroup: ec2.ISecurityGroup;
|
|
12
|
+
readonly config: ProfileConfig;
|
|
13
|
+
readonly stage: string;
|
|
14
|
+
}
|
|
15
|
+
export declare class RestApiGateway {
|
|
16
|
+
readonly api: apigateway.RestApi;
|
|
17
|
+
readonly vpcLink: apigateway.VpcLink;
|
|
18
|
+
readonly logGroup: logs.ILogGroup;
|
|
19
|
+
readonly stage: string;
|
|
20
|
+
constructor(scope: Construct, id: string, props: RestApiGatewayProps);
|
|
21
|
+
}
|
|
22
|
+
//# sourceMappingURL=rest-api-gateway.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rest-api-gateway.d.ts","sourceRoot":"","sources":["../../lib/rest-api-gateway.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,UAAU,MAAM,4BAA4B,CAAC;AACzD,OAAO,KAAK,GAAG,MAAM,qBAAqB,CAAC;AAC3C,OAAO,KAAK,KAAK,MAAM,wCAAwC,CAAC;AAChE,OAAO,KAAK,IAAI,MAAM,sBAAsB,CAAC;AAE7C,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE/C,MAAM,WAAW,mBAAmB;IAChC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC;IACvB,QAAQ,CAAC,mBAAmB,EAAE,KAAK,CAAC,oBAAoB,CAAC;IACzD,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,gBAAgB,CAAC;IAC7C,QAAQ,CAAC,oBAAoB,EAAE,GAAG,CAAC,cAAc,CAAC;IAClD,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CAC1B;AAED,qBAAa,cAAc;IACvB,SAAgB,GAAG,EAAE,UAAU,CAAC,OAAO,CAAC;IACxC,SAAgB,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC;IAC5C,SAAgB,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;IACzC,SAAgB,KAAK,EAAE,MAAM,CAAC;gBAElB,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB;CAgMvE"}
|
|
@@ -0,0 +1,212 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.RestApiGateway = void 0;
|
|
37
|
+
const cdk = __importStar(require("aws-cdk-lib"));
|
|
38
|
+
const apigateway = __importStar(require("aws-cdk-lib/aws-apigateway"));
|
|
39
|
+
const logs = __importStar(require("aws-cdk-lib/aws-logs"));
|
|
40
|
+
const iam = __importStar(require("aws-cdk-lib/aws-iam"));
|
|
41
|
+
class RestApiGateway {
|
|
42
|
+
constructor(scope, id, props) {
|
|
43
|
+
this.stage = props.stage;
|
|
44
|
+
// Access logs for REST API
|
|
45
|
+
this.logGroup = new logs.LogGroup(scope, "ApiGatewayAccessLogs", {
|
|
46
|
+
logGroupName: "/aws/apigateway/benchling-webhook-rest",
|
|
47
|
+
retention: logs.RetentionDays.ONE_WEEK,
|
|
48
|
+
removalPolicy: cdk.RemovalPolicy.DESTROY,
|
|
49
|
+
});
|
|
50
|
+
// Create IAM role for API Gateway to push logs to CloudWatch
|
|
51
|
+
// This role is required for REST API access logging to work
|
|
52
|
+
const cloudWatchRole = new iam.Role(scope, "ApiGatewayCloudWatchRole", {
|
|
53
|
+
assumedBy: new iam.ServicePrincipal("apigateway.amazonaws.com"),
|
|
54
|
+
managedPolicies: [
|
|
55
|
+
iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AmazonAPIGatewayPushToCloudWatchLogs"),
|
|
56
|
+
],
|
|
57
|
+
description: "IAM role for API Gateway to push access logs to CloudWatch",
|
|
58
|
+
});
|
|
59
|
+
// Set account-level CloudWatch role (required for REST API logging)
|
|
60
|
+
// Note: This is a one-time account-level setting shared across all REST APIs
|
|
61
|
+
// Without this, API Gateway silently fails to write access logs
|
|
62
|
+
const cfnAccount = new apigateway.CfnAccount(scope, "ApiGatewayAccount", {
|
|
63
|
+
cloudWatchRoleArn: cloudWatchRole.roleArn,
|
|
64
|
+
});
|
|
65
|
+
// Ensure role is created before setting account config
|
|
66
|
+
cfnAccount.node.addDependency(cloudWatchRole);
|
|
67
|
+
// Parse IP allowlist from config
|
|
68
|
+
const webhookAllowList = props.config.security?.webhookAllowList || "";
|
|
69
|
+
const allowedIps = webhookAllowList
|
|
70
|
+
.split(",")
|
|
71
|
+
.map(ip => ip.trim())
|
|
72
|
+
.filter(ip => ip.length > 0);
|
|
73
|
+
// Build resource policy document with IP filtering
|
|
74
|
+
// Resource ARN format: execute-api:/*/<stage>/<method>/<path>
|
|
75
|
+
// When no allowlist: Single statement allowing all IPs
|
|
76
|
+
// When allowlist configured: Two statements (health exempt, webhooks restricted)
|
|
77
|
+
const policyStatements = [];
|
|
78
|
+
if (allowedIps.length === 0) {
|
|
79
|
+
// No IP filtering - allow all requests from anywhere
|
|
80
|
+
policyStatements.push(new iam.PolicyStatement({
|
|
81
|
+
effect: iam.Effect.ALLOW,
|
|
82
|
+
principals: [new iam.AnyPrincipal()],
|
|
83
|
+
actions: ["execute-api:Invoke"],
|
|
84
|
+
resources: ["execute-api:/*"],
|
|
85
|
+
}));
|
|
86
|
+
console.log("Resource Policy IP filtering: DISABLED (no webhookAllowList configured)");
|
|
87
|
+
console.log("All endpoints accessible from any IP");
|
|
88
|
+
}
|
|
89
|
+
else {
|
|
90
|
+
// IP filtering enabled - create two statements
|
|
91
|
+
// Statement 1: Health endpoints always accessible (no IP restriction)
|
|
92
|
+
policyStatements.push(new iam.PolicyStatement({
|
|
93
|
+
effect: iam.Effect.ALLOW,
|
|
94
|
+
principals: [new iam.AnyPrincipal()],
|
|
95
|
+
actions: ["execute-api:Invoke"],
|
|
96
|
+
resources: [
|
|
97
|
+
// Health check endpoints are always accessible
|
|
98
|
+
"execute-api:/*/GET/health",
|
|
99
|
+
"execute-api:/*/GET/health/ready",
|
|
100
|
+
"execute-api:/*/GET/health/live",
|
|
101
|
+
// Stage-prefixed health endpoints
|
|
102
|
+
"execute-api:/*/GET/*/health",
|
|
103
|
+
"execute-api:/*/GET/*/health/ready",
|
|
104
|
+
"execute-api:/*/GET/*/health/live",
|
|
105
|
+
],
|
|
106
|
+
}));
|
|
107
|
+
// Statement 2: Webhook endpoints with IP restrictions
|
|
108
|
+
policyStatements.push(new iam.PolicyStatement({
|
|
109
|
+
effect: iam.Effect.ALLOW,
|
|
110
|
+
principals: [new iam.AnyPrincipal()],
|
|
111
|
+
actions: ["execute-api:Invoke"],
|
|
112
|
+
resources: [
|
|
113
|
+
// Webhook endpoints
|
|
114
|
+
"execute-api:/*/POST/event",
|
|
115
|
+
"execute-api:/*/POST/lifecycle",
|
|
116
|
+
"execute-api:/*/POST/canvas",
|
|
117
|
+
// Stage-prefixed webhook endpoints
|
|
118
|
+
"execute-api:/*/POST/*/event",
|
|
119
|
+
"execute-api:/*/POST/*/lifecycle",
|
|
120
|
+
"execute-api:/*/POST/*/canvas",
|
|
121
|
+
],
|
|
122
|
+
conditions: {
|
|
123
|
+
IpAddress: {
|
|
124
|
+
"aws:SourceIp": allowedIps,
|
|
125
|
+
},
|
|
126
|
+
},
|
|
127
|
+
}));
|
|
128
|
+
console.log("Resource Policy IP filtering: ENABLED");
|
|
129
|
+
console.log(`Allowed IPs: ${allowedIps.join(", ")}`);
|
|
130
|
+
console.log("Health endpoints exempt from IP filtering (always accessible)");
|
|
131
|
+
console.log(`Created ${policyStatements.length} resource policy statements`);
|
|
132
|
+
console.log(" - Statement 1: Health endpoints (no IP restriction)");
|
|
133
|
+
console.log(" - Statement 2: Webhook endpoints (IP restricted)");
|
|
134
|
+
}
|
|
135
|
+
const policyDoc = new iam.PolicyDocument({
|
|
136
|
+
statements: policyStatements,
|
|
137
|
+
});
|
|
138
|
+
// Create REST API v1 with resource policy
|
|
139
|
+
this.api = new apigateway.RestApi(scope, "BenchlingWebhookRestAPI", {
|
|
140
|
+
restApiName: "BenchlingWebhookRestAPI",
|
|
141
|
+
description: "REST API v1 for Benchling webhook integration with resource policy IP filtering",
|
|
142
|
+
policy: policyDoc,
|
|
143
|
+
deployOptions: {
|
|
144
|
+
stageName: props.stage,
|
|
145
|
+
accessLogDestination: new apigateway.LogGroupLogDestination(this.logGroup),
|
|
146
|
+
accessLogFormat: apigateway.AccessLogFormat.jsonWithStandardFields({
|
|
147
|
+
ip: true,
|
|
148
|
+
caller: false,
|
|
149
|
+
user: false,
|
|
150
|
+
requestTime: true,
|
|
151
|
+
httpMethod: true,
|
|
152
|
+
resourcePath: true,
|
|
153
|
+
status: true,
|
|
154
|
+
protocol: true,
|
|
155
|
+
responseLength: true,
|
|
156
|
+
}),
|
|
157
|
+
},
|
|
158
|
+
endpointConfiguration: {
|
|
159
|
+
types: [apigateway.EndpointType.REGIONAL],
|
|
160
|
+
},
|
|
161
|
+
});
|
|
162
|
+
// VPC Link for private integration with Network Load Balancer
|
|
163
|
+
this.vpcLink = new apigateway.VpcLink(scope, "VpcLink", {
|
|
164
|
+
targets: [props.networkLoadBalancer],
|
|
165
|
+
description: "VPC Link to Network Load Balancer for private ECS integration",
|
|
166
|
+
});
|
|
167
|
+
// HTTP Integration to NLB via VPC Link
|
|
168
|
+
// Set timeout to 29 seconds (maximum for REST API) to handle slow JWKS fetches
|
|
169
|
+
// on cold starts. The Benchling SDK caches JWKS after first fetch.
|
|
170
|
+
//
|
|
171
|
+
// Simple HTTP_PROXY integration that forwards ALL requests with complete paths
|
|
172
|
+
// API Gateway Request: GET https://api-id.execute-api.region.amazonaws.com/prod/health
|
|
173
|
+
// Forwarded to NLB: GET http://nlb:80/prod/health
|
|
174
|
+
//
|
|
175
|
+
// FastAPI implements flexible routes:
|
|
176
|
+
// - Stage-prefixed: /{stage}/health, /{stage}/event (matches API Gateway requests)
|
|
177
|
+
// - Direct paths: /health (matches NLB health checks)
|
|
178
|
+
const integration = new apigateway.Integration({
|
|
179
|
+
type: apigateway.IntegrationType.HTTP_PROXY,
|
|
180
|
+
integrationHttpMethod: "ANY",
|
|
181
|
+
uri: `http://${props.networkLoadBalancer.loadBalancerDnsName}:80/{proxy}`,
|
|
182
|
+
options: {
|
|
183
|
+
connectionType: apigateway.ConnectionType.VPC_LINK,
|
|
184
|
+
vpcLink: this.vpcLink,
|
|
185
|
+
timeout: cdk.Duration.seconds(29),
|
|
186
|
+
requestParameters: {
|
|
187
|
+
"integration.request.path.proxy": "method.request.path.proxy",
|
|
188
|
+
},
|
|
189
|
+
},
|
|
190
|
+
});
|
|
191
|
+
// Greedy proxy that captures the COMPLETE path including stage
|
|
192
|
+
// API Gateway doesn't strip the stage when using root-level {proxy+}
|
|
193
|
+
const proxyResource = this.api.root.addResource("{proxy+}");
|
|
194
|
+
proxyResource.addMethod("ANY", integration, {
|
|
195
|
+
requestParameters: {
|
|
196
|
+
"method.request.path.proxy": true,
|
|
197
|
+
},
|
|
198
|
+
});
|
|
199
|
+
// Webhook verification status
|
|
200
|
+
const verificationEnabled = props.config.security?.enableVerification !== false;
|
|
201
|
+
if (verificationEnabled) {
|
|
202
|
+
console.log("Webhook signature verification: ENABLED (FastAPI application)");
|
|
203
|
+
}
|
|
204
|
+
else {
|
|
205
|
+
console.warn("WARNING: Webhook signature verification is DISABLED. " +
|
|
206
|
+
"This should only be used for testing. Enable it in production by setting " +
|
|
207
|
+
"config.security.enableVerification = true");
|
|
208
|
+
}
|
|
209
|
+
}
|
|
210
|
+
}
|
|
211
|
+
exports.RestApiGateway = RestApiGateway;
|
|
212
|
+
//# sourceMappingURL=rest-api-gateway.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rest-api-gateway.js","sourceRoot":"","sources":["../../lib/rest-api-gateway.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,uEAAyD;AAGzD,2DAA6C;AAC7C,yDAA2C;AAa3C,MAAa,cAAc;IAMvB,YAAY,KAAgB,EAAE,EAAU,EAAE,KAA0B;QAChE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;QAEzB,2BAA2B;QAC3B,IAAI,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,sBAAsB,EAAE;YAC7D,YAAY,EAAE,wCAAwC;YACtD,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ;YACtC,aAAa,EAAE,GAAG,CAAC,aAAa,CAAC,OAAO;SAC3C,CAAC,CAAC;QAEH,6DAA6D;QAC7D,4DAA4D;QAC5D,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,0BAA0B,EAAE;YACnE,SAAS,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC,0BAA0B,CAAC;YAC/D,eAAe,EAAE;gBACb,GAAG,CAAC,aAAa,CAAC,wBAAwB,CACtC,mDAAmD,CACtD;aACJ;YACD,WAAW,EAAE,4DAA4D;SAC5E,CAAC,CAAC;QAEH,oEAAoE;QACpE,6EAA6E;QAC7E,gEAAgE;QAChE,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,EAAE,mBAAmB,EAAE;YACrE,iBAAiB,EAAE,cAAc,CAAC,OAAO;SAC5C,CAAC,CAAC;QAEH,uDAAuD;QACvD,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;QAE9C,iCAAiC;QACjC,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,IAAI,EAAE,CAAC;QACvE,MAAM,UAAU,GAAG,gBAAgB;aAC9B,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEjC,mDAAmD;QACnD,8DAA8D;QAC9D,uDAAuD;QACvD,iFAAiF;QACjF,MAAM,gBAAgB,GAA0B,EAAE,CAAC;QAEnD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,qDAAqD;YACrD,gBAAgB,CAAC,IAAI,CACjB,IAAI,GAAG,CAAC,eAAe,CAAC;gBACpB,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;gBACxB,UAAU,EAAE,CAAC,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;gBACpC,OAAO,EAAE,CAAC,oBAAoB,CAAC;gBAC/B,SAAS,EAAE,CAAC,gBAAgB,CAAC;aAChC,CAAC,CACL,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,yEAAyE,CAAC,CAAC;YACvF,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;QACxD,CAAC;aAAM,CAAC;YACJ,+CAA+C;YAE/C,sEAAsE;YACtE,gBAAgB,CAAC,IAAI,CACjB,IAAI,GAAG,CAAC,eAAe,CAAC;gBACpB,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;gBACxB,UAAU,EAAE,CAAC,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;gBACpC,OAAO,EAAE,CAAC,oBAAoB,CAAC;gBAC/B,SAAS,EAAE;oBACP,+CAA+C;oBAC/C,2BAA2B;oBAC3B,iCAAiC;oBACjC,gCAAgC;oBAChC,kCAAkC;oBAClC,6BAA6B;oBAC7B,mCAAmC;oBACnC,kCAAkC;iBACrC;aACJ,CAAC,CACL,CAAC;YAEF,sDAAsD;YACtD,gBAAgB,CAAC,IAAI,CACjB,IAAI,GAAG,CAAC,eAAe,CAAC;gBACpB,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;gBACxB,UAAU,EAAE,CAAC,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;gBACpC,OAAO,EAAE,CAAC,oBAAoB,CAAC;gBAC/B,SAAS,EAAE;oBACP,oBAAoB;oBACpB,2BAA2B;oBAC3B,+BAA+B;oBAC/B,4BAA4B;oBAC5B,mCAAmC;oBACnC,6BAA6B;oBAC7B,iCAAiC;oBACjC,8BAA8B;iBACjC;gBACD,UAAU,EAAE;oBACR,SAAS,EAAE;wBACP,cAAc,EAAE,UAAU;qBAC7B;iBACJ;aACJ,CAAC,CACL,CAAC;YAEF,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,gBAAgB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;YAC7E,OAAO,CAAC,GAAG,CAAC,WAAW,gBAAgB,CAAC,MAAM,6BAA6B,CAAC,CAAC;YAC7E,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;YACrE,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC;YACrC,UAAU,EAAE,gBAAgB;SAC/B,CAAC,CAAC;QAEH,0CAA0C;QAC1C,IAAI,CAAC,GAAG,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,yBAAyB,EAAE;YAChE,WAAW,EAAE,yBAAyB;YACtC,WAAW,EAAE,iFAAiF;YAC9F,MAAM,EAAE,SAAS;YACjB,aAAa,EAAE;gBACX,SAAS,EAAE,KAAK,CAAC,KAAK;gBACtB,oBAAoB,EAAE,IAAI,UAAU,CAAC,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAC1E,eAAe,EAAE,UAAU,CAAC,eAAe,CAAC,sBAAsB,CAAC;oBAC/D,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,KAAK;oBACb,IAAI,EAAE,KAAK;oBACX,WAAW,EAAE,IAAI;oBACjB,UAAU,EAAE,IAAI;oBAChB,YAAY,EAAE,IAAI;oBAClB,MAAM,EAAE,IAAI;oBACZ,QAAQ,EAAE,IAAI;oBACd,cAAc,EAAE,IAAI;iBACvB,CAAC;aACL;YACD,qBAAqB,EAAE;gBACnB,KAAK,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,QAAQ,CAAC;aAC5C;SACJ,CAAC,CAAC;QAEH,8DAA8D;QAC9D,IAAI,CAAC,OAAO,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE;YACpD,OAAO,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC;YACpC,WAAW,EAAE,+DAA+D;SAC/E,CAAC,CAAC;QAEH,uCAAuC;QACvC,+EAA+E;QAC/E,mEAAmE;QACnE,EAAE;QACF,+EAA+E;QAC/E,uFAAuF;QACvF,kDAAkD;QAClD,EAAE;QACF,sCAAsC;QACtC,qFAAqF;QACrF,wDAAwD;QACxD,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC;YAC3C,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,UAAU;YAC3C,qBAAqB,EAAE,KAAK;YAC5B,GAAG,EAAE,UAAU,KAAK,CAAC,mBAAmB,CAAC,mBAAmB,aAAa;YACzE,OAAO,EAAE;gBACL,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,QAAQ;gBAClD,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjC,iBAAiB,EAAE;oBACf,gCAAgC,EAAE,2BAA2B;iBAChE;aACJ;SACJ,CAAC,CAAC;QAEH,+DAA+D;QAC/D,qEAAqE;QACrE,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAC5D,aAAa,CAAC,SAAS,CAAC,KAAK,EAAE,WAAW,EAAE;YACxC,iBAAiB,EAAE;gBACf,2BAA2B,EAAE,IAAI;aACpC;SACJ,CAAC,CAAC;QAEH,8BAA8B;QAC9B,MAAM,mBAAmB,GAAG,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,kBAAkB,KAAK,KAAK,CAAC;QAChF,IAAI,mBAAmB,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;QACjF,CAAC;aAAM,CAAC;YACJ,OAAO,CAAC,IAAI,CACR,uDAAuD;gBACvD,2EAA2E;gBAC3E,2CAA2C,CAC9C,CAAC;QACN,CAAC;IACL,CAAC;CACJ;AAtMD,wCAsMC"}
|
|
@@ -112,7 +112,7 @@ export interface ProfileConfig {
|
|
|
112
112
|
* Configuration for Quilt data catalog integration, including service endpoints
|
|
113
113
|
* and SQS queue for package creation.
|
|
114
114
|
*
|
|
115
|
-
* **Breaking Change (
|
|
115
|
+
* **Breaking Change (v0.9.0)**: `stackArn` is used at deployment time only to resolve services.
|
|
116
116
|
* Services are passed as explicit environment variables to the container.
|
|
117
117
|
* No runtime CloudFormation API calls are made.
|
|
118
118
|
*
|
|
@@ -128,7 +128,7 @@ export interface QuiltConfig {
|
|
|
128
128
|
* The resolved services are then passed as explicit environment variables to the container.
|
|
129
129
|
*
|
|
130
130
|
* **Deployment usage only** - not passed to container runtime.
|
|
131
|
-
* **Breaking Change (
|
|
131
|
+
* **Breaking Change (v0.9.0)**: No longer passed as environment variable or CloudFormation parameter.
|
|
132
132
|
*
|
|
133
133
|
* @example "arn:aws:cloudformation:us-east-1:123456789012:stack/quilt-stack/..."
|
|
134
134
|
*/
|
|
@@ -375,6 +375,37 @@ export interface VpcConfig {
|
|
|
375
375
|
* @example "vpc-0123456789abcdef0"
|
|
376
376
|
*/
|
|
377
377
|
vpcId?: string;
|
|
378
|
+
/**
|
|
379
|
+
* Private subnet IDs for ECS tasks and NLB
|
|
380
|
+
* Required when vpcId is specified
|
|
381
|
+
* Must have ≥2 subnets in different AZs
|
|
382
|
+
*
|
|
383
|
+
* Discovered by scripts/discover-vpc.ts during setup wizard.
|
|
384
|
+
* Subnets are classified as private by analyzing route tables
|
|
385
|
+
* for NAT Gateway routes (not IGW routes).
|
|
386
|
+
*
|
|
387
|
+
* @example ["subnet-0aaa", "subnet-0bbb"]
|
|
388
|
+
*/
|
|
389
|
+
privateSubnetIds?: string[];
|
|
390
|
+
/**
|
|
391
|
+
* Public subnet IDs (optional)
|
|
392
|
+
* Only needed if creating resources that require public subnets
|
|
393
|
+
* @example ["subnet-0ccc", "subnet-0ddd"]
|
|
394
|
+
*/
|
|
395
|
+
publicSubnetIds?: string[];
|
|
396
|
+
/**
|
|
397
|
+
* Availability zones for the subnets
|
|
398
|
+
* Must match the order and count of privateSubnetIds
|
|
399
|
+
* @example ["us-east-1a", "us-east-1b"]
|
|
400
|
+
*/
|
|
401
|
+
availabilityZones?: string[];
|
|
402
|
+
/**
|
|
403
|
+
* VPC CIDR block
|
|
404
|
+
* Required when vpcId is specified for CDK synthesis
|
|
405
|
+
* Discovered by scripts/discover-vpc.ts during setup wizard
|
|
406
|
+
* @example "10.0.0.0/16"
|
|
407
|
+
*/
|
|
408
|
+
vpcCidrBlock?: string;
|
|
378
409
|
/**
|
|
379
410
|
* Whether to create a new VPC if vpcId is not specified
|
|
380
411
|
*
|
|
@@ -402,16 +433,18 @@ export interface LoggingConfig {
|
|
|
402
433
|
*/
|
|
403
434
|
export interface SecurityConfig {
|
|
404
435
|
/**
|
|
405
|
-
* Comma-separated list of allowed IP addresses/CIDR blocks
|
|
436
|
+
* Comma-separated list of allowed IP addresses/CIDR blocks for webhook endpoints
|
|
406
437
|
*
|
|
407
|
-
*
|
|
438
|
+
* v1.0.0+: Enforced via REST API Gateway resource policy (free).
|
|
439
|
+
* Empty string means no IP filtering (all IPs allowed).
|
|
440
|
+
* Health endpoints are always accessible from any IP.
|
|
408
441
|
*
|
|
409
442
|
* @example "192.168.1.0/24,10.0.0.0/8"
|
|
410
443
|
* @default ""
|
|
411
444
|
*/
|
|
412
445
|
webhookAllowList?: string;
|
|
413
446
|
/**
|
|
414
|
-
* Enable webhook signature verification
|
|
447
|
+
* Enable webhook signature verification in FastAPI application
|
|
415
448
|
*
|
|
416
449
|
* @default true
|
|
417
450
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../lib/types/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC;AAGjC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AACH,MAAM,WAAW,aAAa;IAC1B;;OAEG;IACH,KAAK,EAAE,WAAW,CAAC;IAEnB;;OAEG;IACH,SAAS,EAAE,eAAe,CAAC;IAE3B;;OAEG;IACH,QAAQ,EAAE,aAAa,CAAC;IAExB;;OAEG;IACH,UAAU,EAAE,gBAAgB,CAAC;IAE7B;;;;;;;OAOG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;OAEG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC;IAExB;;OAEG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B;;OAEG;IACH,SAAS,EAAE,cAAc,CAAC;IAE1B;;;;;;;OAOG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,WAAW;IACxB;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;OAWG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;;;;;;OAOG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;;;OAOG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;;;;;OASG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB;;;;;;;OAOG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B;;;;;;;OAOG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;;;;OAOG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;;;;OAOG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B;;;;;;;OAOG;IACH,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC;;;;;;;;;;;;;OAaG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC5B;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;OAIG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;OAIG;IACH,eAAe,EAAE,MAAM,CAAC;IAExB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC1B;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;OAKG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;OAKG;IACH,WAAW,EAAE,MAAM,CAAC;CACvB;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC7B;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;OAKG;IACH,GAAG,CAAC,EAAE,SAAS,CAAC;CACnB;AAED;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACtB;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;;OAIG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC1B;;;;OAIG;IACH,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC;CACjD;AAED;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC3B
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../lib/types/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC;AAGjC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AACH,MAAM,WAAW,aAAa;IAC1B;;OAEG;IACH,KAAK,EAAE,WAAW,CAAC;IAEnB;;OAEG;IACH,SAAS,EAAE,eAAe,CAAC;IAE3B;;OAEG;IACH,QAAQ,EAAE,aAAa,CAAC;IAExB;;OAEG;IACH,UAAU,EAAE,gBAAgB,CAAC;IAE7B;;;;;;;OAOG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;OAEG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC;IAExB;;OAEG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B;;OAEG;IACH,SAAS,EAAE,cAAc,CAAC;IAE1B;;;;;;;OAOG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,WAAW;IACxB;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;OAWG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;;;;;;OAOG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;;;OAOG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;;;;;OASG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB;;;;;;;OAOG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B;;;;;;;OAOG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;;;;OAOG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;;;;OAOG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B;;;;;;;OAOG;IACH,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC;;;;;;;;;;;;;OAaG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC5B;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;OAIG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;OAIG;IACH,eAAe,EAAE,MAAM,CAAC;IAExB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC1B;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;OAKG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;OAKG;IACH,WAAW,EAAE,MAAM,CAAC;CACvB;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC7B;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;OAKG;IACH,GAAG,CAAC,EAAE,SAAS,CAAC;CACnB;AAED;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACtB;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;;;;;;;;OAUG;IACH,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE5B;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAE3B;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE7B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;;OAIG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC1B;;;;OAIG;IACH,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC;CACjD;AAED;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC3B;;;;;;;;;OASG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC3B;;;;OAIG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;;;OAMG;IACH,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,KAAK,CAAC;IAEpC;;OAEG;IACH,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACrC;AAED;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAC9B;;;;;;;;;;;;OAYG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAEzC;;;;OAIG;IACH,OAAO,EAAE,gBAAgB,EAAE,CAAC;CAC/B;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC7B;;;;;OAKG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;;OAKG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B;;OAEG;IACH,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACrC;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC7B;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;IAEjB;;OAEG;IACH,MAAM,EAAE,MAAM,EAAE,CAAC;IAEjB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IAEpB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC5B;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;IAEjB;;OAEG;IACH,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAE3B;;OAEG;IACH,MAAM,EAAE,MAAM,EAAE,CAAC;IAEjB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IAEpB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC3B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;;;;GAIG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgFtB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2C1B,CAAC"}
|