npm - @stacksjs/ts-cloud-core - Versions diffs - 0.1.1 - Mend

@stacksjs/ts-cloud-core 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (251) hide show

package/LICENSE.md +21 -0
package/README.md +321 -0
package/package.json +31 -0
package/src/advanced-features.test.ts +465 -0
package/src/aws/cloudformation.ts +421 -0
package/src/aws/cloudfront.ts +158 -0
package/src/aws/credentials.test.ts +132 -0
package/src/aws/credentials.ts +545 -0
package/src/aws/index.ts +87 -0
package/src/aws/s3.test.ts +188 -0
package/src/aws/s3.ts +1088 -0
package/src/aws/signature.test.ts +670 -0
package/src/aws/signature.ts +1155 -0
package/src/backup/disaster-recovery.test.ts +726 -0
package/src/backup/disaster-recovery.ts +500 -0
package/src/backup/index.ts +34 -0
package/src/backup/manager.test.ts +498 -0
package/src/backup/manager.ts +432 -0
package/src/cicd/circleci.ts +430 -0
package/src/cicd/github-actions.ts +424 -0
package/src/cicd/gitlab-ci.ts +255 -0
package/src/cicd/index.ts +8 -0
package/src/cli/history.ts +396 -0
package/src/cli/index.ts +10 -0
package/src/cli/progress.ts +458 -0
package/src/cli/repl.ts +454 -0
package/src/cli/suggestions.ts +327 -0
package/src/cli/table.test.ts +319 -0
package/src/cli/table.ts +332 -0
package/src/cloudformation/builder.test.ts +327 -0
package/src/cloudformation/builder.ts +378 -0
package/src/cloudformation/builders/api-gateway.ts +449 -0
package/src/cloudformation/builders/cache.ts +334 -0
package/src/cloudformation/builders/cdn.ts +278 -0
package/src/cloudformation/builders/compute.ts +485 -0
package/src/cloudformation/builders/database.ts +392 -0
package/src/cloudformation/builders/functions.ts +343 -0
package/src/cloudformation/builders/messaging.ts +140 -0
package/src/cloudformation/builders/monitoring.ts +300 -0
package/src/cloudformation/builders/network.ts +264 -0
package/src/cloudformation/builders/queue.ts +147 -0
package/src/cloudformation/builders/security.ts +399 -0
package/src/cloudformation/builders/storage.ts +285 -0
package/src/cloudformation/index.ts +30 -0
package/src/cloudformation/types.ts +173 -0
package/src/compliance/aws-config.ts +543 -0
package/src/compliance/cloudtrail.ts +376 -0
package/src/compliance/compliance.test.ts +423 -0
package/src/compliance/guardduty.ts +446 -0
package/src/compliance/index.ts +66 -0
package/src/compliance/security-hub.ts +456 -0
package/src/containers/build-optimization.ts +416 -0
package/src/containers/containers.test.ts +508 -0
package/src/containers/image-scanning.ts +360 -0
package/src/containers/index.ts +9 -0
package/src/containers/registry.ts +293 -0
package/src/containers/service-mesh.ts +520 -0
package/src/database/database.test.ts +762 -0
package/src/database/index.ts +9 -0
package/src/database/migrations.ts +444 -0
package/src/database/performance.ts +528 -0
package/src/database/replicas.ts +534 -0
package/src/database/users.ts +494 -0
package/src/dependency-graph.ts +143 -0
package/src/deployment/ab-testing.ts +582 -0
package/src/deployment/blue-green.ts +452 -0
package/src/deployment/canary.ts +500 -0
package/src/deployment/deployment.test.ts +526 -0
package/src/deployment/index.ts +61 -0
package/src/deployment/progressive.ts +62 -0
package/src/dns/dns.test.ts +641 -0
package/src/dns/dnssec.ts +315 -0
package/src/dns/index.ts +8 -0
package/src/dns/resolver.ts +496 -0
package/src/dns/routing.ts +593 -0
package/src/email/advanced/analytics.ts +445 -0
package/src/email/advanced/index.ts +11 -0
package/src/email/advanced/rules.ts +465 -0
package/src/email/advanced/scheduling.ts +352 -0
package/src/email/advanced/search.ts +412 -0
package/src/email/advanced/shared-mailboxes.ts +404 -0
package/src/email/advanced/templates.ts +455 -0
package/src/email/advanced/threading.ts +281 -0
package/src/email/analytics.ts +467 -0
package/src/email/bounce-handling.ts +425 -0
package/src/email/email.test.ts +431 -0
package/src/email/handlers/__tests__/inbound.test.ts +38 -0
package/src/email/handlers/__tests__/outbound.test.ts +37 -0
package/src/email/handlers/converter.ts +227 -0
package/src/email/handlers/feedback.ts +228 -0
package/src/email/handlers/inbound.ts +169 -0
package/src/email/handlers/outbound.ts +178 -0
package/src/email/index.ts +15 -0
package/src/email/reputation.ts +303 -0
package/src/email/templates.ts +352 -0
package/src/errors/index.test.ts +434 -0
package/src/errors/index.ts +416 -0
package/src/health-checks/index.ts +40 -0
package/src/index.ts +360 -0
package/src/intrinsic-functions.ts +118 -0
package/src/lambda/concurrency.ts +330 -0
package/src/lambda/destinations.ts +345 -0
package/src/lambda/dlq.ts +425 -0
package/src/lambda/index.ts +11 -0
package/src/lambda/lambda.test.ts +840 -0
package/src/lambda/layers.ts +263 -0
package/src/lambda/versions.ts +376 -0
package/src/lambda/vpc.ts +399 -0
package/src/local/config.ts +114 -0
package/src/local/index.ts +6 -0
package/src/local/mock-aws.ts +351 -0
package/src/modules/ai.ts +340 -0
package/src/modules/api.ts +478 -0
package/src/modules/auth.ts +805 -0
package/src/modules/cache.ts +417 -0
package/src/modules/cdn.ts +1062 -0
package/src/modules/communication.ts +1094 -0
package/src/modules/compute.ts +3348 -0
package/src/modules/database.ts +554 -0
package/src/modules/deployment.ts +1079 -0
package/src/modules/dns.ts +337 -0
package/src/modules/email.ts +1538 -0
package/src/modules/filesystem.ts +515 -0
package/src/modules/index.ts +32 -0
package/src/modules/messaging.ts +486 -0
package/src/modules/monitoring.ts +2086 -0
package/src/modules/network.ts +664 -0
package/src/modules/parameter-store.ts +325 -0
package/src/modules/permissions.ts +1081 -0
package/src/modules/phone.ts +494 -0
package/src/modules/queue.ts +1260 -0
package/src/modules/redirects.ts +464 -0
package/src/modules/registry.ts +699 -0
package/src/modules/search.ts +401 -0
package/src/modules/secrets.ts +416 -0
package/src/modules/security.ts +731 -0
package/src/modules/sms.ts +389 -0
package/src/modules/storage.ts +1120 -0
package/src/modules/workflow.ts +680 -0
package/src/multi-account/config.ts +521 -0
package/src/multi-account/index.ts +7 -0
package/src/multi-account/manager.ts +427 -0
package/src/multi-region/cross-region.ts +410 -0
package/src/multi-region/index.ts +8 -0
package/src/multi-region/manager.ts +483 -0
package/src/multi-region/regions.ts +435 -0
package/src/network-security/index.ts +48 -0
package/src/observability/index.ts +9 -0
package/src/observability/logs.ts +522 -0
package/src/observability/metrics.ts +460 -0
package/src/observability/observability.test.ts +782 -0
package/src/observability/synthetics.ts +568 -0
package/src/observability/xray.ts +358 -0
package/src/phone/advanced/analytics.ts +349 -0
package/src/phone/advanced/callbacks.ts +428 -0
package/src/phone/advanced/index.ts +8 -0
package/src/phone/advanced/ivr-builder.ts +504 -0
package/src/phone/advanced/recording.ts +310 -0
package/src/phone/handlers/__tests__/incoming-call.test.ts +40 -0
package/src/phone/handlers/incoming-call.ts +117 -0
package/src/phone/handlers/missed-call.ts +116 -0
package/src/phone/handlers/voicemail.ts +179 -0
package/src/phone/index.ts +9 -0
package/src/presets/api-backend.ts +134 -0
package/src/presets/data-pipeline.ts +204 -0
package/src/presets/extend.test.ts +295 -0
package/src/presets/extend.ts +297 -0
package/src/presets/fullstack-app.ts +144 -0
package/src/presets/index.ts +27 -0
package/src/presets/jamstack.ts +135 -0
package/src/presets/microservices.ts +167 -0
package/src/presets/ml-api.ts +208 -0
package/src/presets/nodejs-server.ts +104 -0
package/src/presets/nodejs-serverless.ts +114 -0
package/src/presets/realtime-app.ts +184 -0
package/src/presets/static-site.ts +64 -0
package/src/presets/traditional-web-app.ts +339 -0
package/src/presets/wordpress.ts +138 -0
package/src/preview/github.test.ts +249 -0
package/src/preview/github.ts +297 -0
package/src/preview/index.ts +37 -0
package/src/preview/manager.test.ts +440 -0
package/src/preview/manager.ts +326 -0
package/src/preview/notifications.test.ts +582 -0
package/src/preview/notifications.ts +341 -0
package/src/queue/batch-processing.ts +402 -0
package/src/queue/dlq-monitoring.ts +402 -0
package/src/queue/fifo.ts +342 -0
package/src/queue/index.ts +9 -0
package/src/queue/management.ts +428 -0
package/src/queue/queue.test.ts +429 -0
package/src/resource-mgmt/index.ts +39 -0
package/src/resource-naming.ts +62 -0
package/src/s3/index.ts +523 -0
package/src/schema/cloud-config.schema.json +554 -0
package/src/schema/index.ts +68 -0
package/src/security/certificate-manager.ts +492 -0
package/src/security/index.ts +9 -0
package/src/security/scanning.ts +545 -0
package/src/security/secrets-manager.ts +476 -0
package/src/security/secrets-rotation.ts +456 -0
package/src/security/security.test.ts +738 -0
package/src/sms/advanced/ab-testing.ts +389 -0
package/src/sms/advanced/analytics.ts +336 -0
package/src/sms/advanced/campaigns.ts +523 -0
package/src/sms/advanced/chatbot.ts +224 -0
package/src/sms/advanced/index.ts +10 -0
package/src/sms/advanced/link-tracking.ts +248 -0
package/src/sms/advanced/mms.ts +308 -0
package/src/sms/handlers/__tests__/send.test.ts +40 -0
package/src/sms/handlers/delivery-status.ts +133 -0
package/src/sms/handlers/receive.ts +162 -0
package/src/sms/handlers/send.ts +174 -0
package/src/sms/index.ts +9 -0
package/src/stack-diff.ts +389 -0
package/src/static-site/index.ts +85 -0
package/src/template-builder.ts +110 -0
package/src/template-validator.ts +574 -0
package/src/utils/cache.ts +291 -0
package/src/utils/diff.ts +269 -0
package/src/utils/hash.ts +227 -0
package/src/utils/index.ts +8 -0
package/src/utils/parallel.ts +294 -0
package/src/validators/credentials.test.ts +274 -0
package/src/validators/credentials.ts +233 -0
package/src/validators/quotas.test.ts +434 -0
package/src/validators/quotas.ts +217 -0
package/test/ai.test.ts +327 -0
package/test/api.test.ts +511 -0
package/test/auth.test.ts +632 -0
package/test/cache.test.ts +406 -0
package/test/cdn.test.ts +247 -0
package/test/compute.test.ts +861 -0
package/test/database.test.ts +523 -0
package/test/deployment.test.ts +499 -0
package/test/dns.test.ts +270 -0
package/test/email.test.ts +439 -0
package/test/filesystem.test.ts +382 -0
package/test/integration.test.ts +350 -0
package/test/messaging.test.ts +514 -0
package/test/monitoring.test.ts +634 -0
package/test/network.test.ts +425 -0
package/test/permissions.test.ts +488 -0
package/test/queue.test.ts +484 -0
package/test/registry.test.ts +306 -0
package/test/security.test.ts +462 -0
package/test/storage.test.ts +463 -0
package/test/template-validator.test.ts +559 -0
package/test/workflow.test.ts +592 -0
package/tsconfig.json +16 -0
package/tsconfig.tsbuildinfo +1 -0

package/src/cloudformation/types.ts ADDED Viewed

@@ -0,0 +1,173 @@
+/**
+ * CloudFormation Template Types
+ * Based on AWS CloudFormation Resource Specification
+ */
+export interface CloudFormationTemplate {
+  AWSTemplateFormatVersion: '2010-09-09'
+  Description?: string
+  Metadata?: Record<string, any>
+  Parameters?: Record<string, CloudFormationParameter>
+  Mappings?: Record<string, Record<string, Record<string, string>>>
+  Conditions?: Record<string, CloudFormationCondition>
+  Resources: Record<string, CloudFormationResource>
+  Outputs?: Record<string, CloudFormationOutput>
+}
+export interface CloudFormationParameter {
+  Type: 'String' | 'Number' | 'List<Number>' | 'CommaDelimitedList' | 'AWS::EC2::AvailabilityZone::Name' | 'AWS::EC2::Image::Id' | 'AWS::EC2::Instance::Id' | 'AWS::EC2::KeyPair::KeyName' | 'AWS::EC2::SecurityGroup::GroupName' | 'AWS::EC2::SecurityGroup::Id' | 'AWS::EC2::Subnet::Id' | 'AWS::EC2::Volume::Id' | 'AWS::EC2::VPC::Id' | 'AWS::Route53::HostedZone::Id' | 'List<AWS::EC2::AvailabilityZone::Name>' | 'List<AWS::EC2::Image::Id>' | 'List<AWS::EC2::Instance::Id>' | 'List<AWS::EC2::SecurityGroup::GroupName>' | 'List<AWS::EC2::SecurityGroup::Id>' | 'List<AWS::EC2::Subnet::Id>' | 'List<AWS::EC2::Volume::Id>' | 'List<AWS::EC2::VPC::Id>' | 'List<AWS::Route53::HostedZone::Id>'
+  Default?: string | number
+  Description?: string
+  AllowedValues?: string[]
+  AllowedPattern?: string
+  MinLength?: number
+  MaxLength?: number
+  MinValue?: number
+  MaxValue?: number
+  ConstraintDescription?: string
+  NoEcho?: boolean
+}
+export interface CloudFormationResource {
+  Type: string
+  Properties?: Record<string, any>
+  DependsOn?: string | string[]
+  Condition?: string
+  Metadata?: Record<string, any>
+  CreationPolicy?: Record<string, any>
+  UpdatePolicy?: Record<string, any>
+  DeletionPolicy?: 'Delete' | 'Retain' | 'Snapshot'
+  UpdateReplacePolicy?: 'Delete' | 'Retain' | 'Snapshot'
+}
+export interface CloudFormationOutput {
+  Value: any
+  Description?: string
+  Export?: {
+    Name: any
+  }
+  Condition?: string
+}
+export type CloudFormationCondition =
+  | CloudFormationIntrinsicFunction
+  | boolean
+/**
+ * CloudFormation Intrinsic Functions
+ */
+export type CloudFormationIntrinsicFunction =
+  | { Ref: string }
+  | { 'Fn::GetAtt': [string, string] }
+  | { 'Fn::Join': [string, any[]] }
+  | { 'Fn::Sub': string | [string, Record<string, any>] }
+  | { 'Fn::Select': [number, any[] | CloudFormationIntrinsicFunction] }
+  | { 'Fn::Split': [string, string] }
+  | { 'Fn::GetAZs': string }
+  | { 'Fn::ImportValue': any }
+  | { 'Fn::FindInMap': [string, any, any] }
+  | { 'Fn::Base64': any }
+  | { 'Fn::Cidr': [any, number, number] }
+  | { 'Fn::Equals': [any, any] }
+  | { 'Fn::If': [string, any, any] }
+  | { 'Fn::Not': [any] }
+  | { 'Fn::And': any[] }
+  | { 'Fn::Or': any[] }
+/**
+ * Helper functions for creating CloudFormation intrinsic functions
+ */
+export const Fn = {
+  ref: (logicalId: string): { Ref: string } => ({ Ref: logicalId }),
+  getAtt: (logicalId: string, attribute: string): { 'Fn::GetAtt': [string, string] } =>
+    ({ 'Fn::GetAtt': [logicalId, attribute] as [string, string] }),
+  join: (delimiter: string, values: any[]): { 'Fn::Join': [string, any[]] } =>
+    ({ 'Fn::Join': [delimiter, values] as [string, any[]] }),
+  sub: (template: string, variables?: Record<string, any>): { 'Fn::Sub': string | [string, Record<string, any>] } =>
+    variables ? { 'Fn::Sub': [template, variables] as [string, Record<string, any>] } : { 'Fn::Sub': template },
+  select: (index: number, list: any[] | CloudFormationIntrinsicFunction): { 'Fn::Select': [number, any[] | CloudFormationIntrinsicFunction] } =>
+    ({ 'Fn::Select': [index, list] as [number, any[] | CloudFormationIntrinsicFunction] }),
+  split: (delimiter: string, source: string): { 'Fn::Split': [string, string] } =>
+    ({ 'Fn::Split': [delimiter, source] as [string, string] }),
+  getAZs: (region: string = ''): { 'Fn::GetAZs': string } => ({ 'Fn::GetAZs': region }),
+  importValue: (name: any): { 'Fn::ImportValue': any } => ({ 'Fn::ImportValue': name }),
+  findInMap: (mapName: string, topLevelKey: any, secondLevelKey: any): { 'Fn::FindInMap': [string, any, any] } =>
+    ({ 'Fn::FindInMap': [mapName, topLevelKey, secondLevelKey] as [string, any, any] }),
+  base64: (value: any): { 'Fn::Base64': any } => ({ 'Fn::Base64': value }),
+  cidr: (ipBlock: any, count: number, cidrBits: number): { 'Fn::Cidr': [any, number, number] } =>
+    ({ 'Fn::Cidr': [ipBlock, count, cidrBits] as [any, number, number] }),
+  equals: (value1: any, value2: any): { 'Fn::Equals': [any, any] } =>
+    ({ 'Fn::Equals': [value1, value2] as [any, any] }),
+  if: (conditionName: string, trueValue: any, falseValue: any): { 'Fn::If': [string, any, any] } =>
+    ({ 'Fn::If': [conditionName, trueValue, falseValue] as [string, any, any] }),
+  not: (condition: any): { 'Fn::Not': [any] } => ({ 'Fn::Not': [condition] as [any] }),
+  and: (...conditions: any[]): { 'Fn::And': any[] } => ({ 'Fn::And': conditions }),
+  or: (...conditions: any[]): { 'Fn::Or': any[] } => ({ 'Fn::Or': conditions }),
+}
+/**
+ * Common AWS resource ARN patterns
+ */
+export const Arn = {
+  s3Bucket: (bucketName: any): { 'Fn::Sub': string | [string, Record<string, any>] } =>
+    Fn.sub(`arn:aws:s3:::${bucketName}`),
+  s3Object: (bucketName: any, key: string = '*'): { 'Fn::Sub': string | [string, Record<string, any>] } =>
+    Fn.sub(`arn:aws:s3:::${bucketName}/${key}`),
+  lambda: (functionName: string, region?: string, account?: string): { 'Fn::Sub': string | [string, Record<string, any>] } =>
+    Fn.sub(
+      `arn:aws:lambda:\${AWS::Region}:\${AWS::AccountId}:function:${functionName}`,
+      region && account ? { 'AWS::Region': region, 'AWS::AccountId': account } : undefined,
+    ),
+  dynamodb: (tableName: string): { 'Fn::Sub': string | [string, Record<string, any>] } =>
+    Fn.sub(`arn:aws:dynamodb:\${AWS::Region}:\${AWS::AccountId}:table/${tableName}`),
+  sqs: (queueName: string): { 'Fn::Sub': string | [string, Record<string, any>] } =>
+    Fn.sub(`arn:aws:sqs:\${AWS::Region}:\${AWS::AccountId}:${queueName}`),
+  sns: (topicName: string): { 'Fn::Sub': string | [string, Record<string, any>] } =>
+    Fn.sub(`arn:aws:sns:\${AWS::Region}:\${AWS::AccountId}:${topicName}`),
+  kinesis: (streamName: string): { 'Fn::Sub': string | [string, Record<string, any>] } =>
+    Fn.sub(`arn:aws:kinesis:\${AWS::Region}:\${AWS::AccountId}:stream/${streamName}`),
+  iam: (resourceType: 'role' | 'policy' | 'user' | 'group', name: string): { 'Fn::Sub': string | [string, Record<string, any>] } =>
+    Fn.sub(`arn:aws:iam::\${AWS::AccountId}:${resourceType}/${name}`),
+  secretsManager: (secretName: string): { 'Fn::Sub': string | [string, Record<string, any>] } =>
+    Fn.sub(`arn:aws:secretsmanager:\${AWS::Region}:\${AWS::AccountId}:secret:${secretName}`),
+  cloudwatch: (logGroup: string): { 'Fn::Sub': string | [string, Record<string, any>] } =>
+    Fn.sub(`arn:aws:logs:\${AWS::Region}:\${AWS::AccountId}:log-group:${logGroup}`),
+}
+/**
+ * Common CloudFormation pseudo parameters
+ */
+export const AWS_PSEUDO_PARAMETERS = {
+  ACCOUNT_ID: { Ref: 'AWS::AccountId' },
+  NOTIFICATION_ARNS: { Ref: 'AWS::NotificationARNs' },
+  NO_VALUE: { Ref: 'AWS::NoValue' },
+  PARTITION: { Ref: 'AWS::Partition' },
+  REGION: { Ref: 'AWS::Region' },
+  STACK_ID: { Ref: 'AWS::StackId' },
+  STACK_NAME: { Ref: 'AWS::StackName' },
+  URL_SUFFIX: { Ref: 'AWS::URLSuffix' },
+}

package/src/compliance/aws-config.ts ADDED Viewed

@@ -0,0 +1,543 @@
+/**
+ * AWS Config Rules
+ * Automated compliance checking and configuration management
+ */
+export interface ConfigRule {
+  id: string
+  name: string
+  description: string
+  source: 'AWS_MANAGED' | 'CUSTOM_LAMBDA'
+  identifier?: string
+  lambdaFunctionArn?: string
+  inputParameters?: Record<string, any>
+  scope?: ConfigScope
+  maxExecutionFrequency?: 'One_Hour' | 'Three_Hours' | 'Six_Hours' | 'Twelve_Hours' | 'TwentyFour_Hours'
+}
+export interface ConfigScope {
+  complianceResourceTypes?: string[]
+  tagKey?: string
+  tagValue?: string
+}
+export interface ConfigRecorder {
+  name: string
+  roleArn: string
+  recordingGroup?: RecordingGroup
+}
+export interface RecordingGroup {
+  allSupported?: boolean
+  includeGlobalResourceTypes?: boolean
+  resourceTypes?: string[]
+}
+export interface DeliveryChannel {
+  name: string
+  s3BucketName: string
+  s3KeyPrefix?: string
+  snsTopicArn?: string
+  configSnapshotDeliveryProperties?: {
+    deliveryFrequency?: 'One_Hour' | 'Three_Hours' | 'Six_Hours' | 'Twelve_Hours' | 'TwentyFour_Hours'
+  }
+}
+/**
+ * AWS Config manager
+ */
+export class AWSConfigManager {
+  private configRules: Map<string, ConfigRule> = new Map()
+  private configRecorders: Map<string, ConfigRecorder> = new Map()
+  private deliveryChannels: Map<string, DeliveryChannel> = new Map()
+  private ruleCounter = 0
+  /**
+   * Create config recorder
+   */
+  createConfigRecorder(recorder: ConfigRecorder): ConfigRecorder {
+    this.configRecorders.set(recorder.name, recorder)
+    return recorder
+  }
+  /**
+   * Create delivery channel
+   */
+  createDeliveryChannel(channel: DeliveryChannel): DeliveryChannel {
+    this.deliveryChannels.set(channel.name, channel)
+    return channel
+  }
+  /**
+   * Create config rule
+   */
+  createConfigRule(rule: Omit<ConfigRule, 'id'>): ConfigRule {
+    const id = `config-rule-${Date.now()}-${this.ruleCounter++}`
+    const configRule: ConfigRule = {
+      id,
+      ...rule,
+    }
+    this.configRules.set(id, configRule)
+    return configRule
+  }
+  /**
+   * Create S3 bucket encryption rule
+   */
+  createS3EncryptionRule(): ConfigRule {
+    return this.createConfigRule({
+      name: 's3-bucket-server-side-encryption-enabled',
+      description: 'Checks that S3 buckets have server-side encryption enabled',
+      source: 'AWS_MANAGED',
+      identifier: 'S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED',
+      scope: {
+        complianceResourceTypes: ['AWS::S3::Bucket'],
+      },
+    })
+  }
+  /**
+   * Create S3 bucket public access block rule
+   */
+  createS3PublicAccessBlockRule(): ConfigRule {
+    return this.createConfigRule({
+      name: 's3-bucket-public-read-prohibited',
+      description: 'Checks that S3 buckets do not allow public read access',
+      source: 'AWS_MANAGED',
+      identifier: 'S3_BUCKET_PUBLIC_READ_PROHIBITED',
+      scope: {
+        complianceResourceTypes: ['AWS::S3::Bucket'],
+      },
+    })
+  }
+  /**
+   * Create S3 bucket versioning rule
+   */
+  createS3VersioningRule(): ConfigRule {
+    return this.createConfigRule({
+      name: 's3-bucket-versioning-enabled',
+      description: 'Checks whether versioning is enabled for S3 buckets',
+      source: 'AWS_MANAGED',
+      identifier: 'S3_BUCKET_VERSIONING_ENABLED',
+      scope: {
+        complianceResourceTypes: ['AWS::S3::Bucket'],
+      },
+    })
+  }
+  /**
+   * Create RDS encryption rule
+   */
+  createRdsEncryptionRule(): ConfigRule {
+    return this.createConfigRule({
+      name: 'rds-storage-encrypted',
+      description: 'Checks whether storage encryption is enabled for RDS DB instances',
+      source: 'AWS_MANAGED',
+      identifier: 'RDS_STORAGE_ENCRYPTED',
+      scope: {
+        complianceResourceTypes: ['AWS::RDS::DBInstance'],
+      },
+    })
+  }
+  /**
+   * Create RDS snapshot encryption rule
+   */
+  createRdsSnapshotEncryptionRule(): ConfigRule {
+    return this.createConfigRule({
+      name: 'rds-snapshots-public-prohibited',
+      description: 'Checks if RDS snapshots are public',
+      source: 'AWS_MANAGED',
+      identifier: 'RDS_SNAPSHOTS_PUBLIC_PROHIBITED',
+      scope: {
+        complianceResourceTypes: ['AWS::RDS::DBSnapshot', 'AWS::RDS::DBClusterSnapshot'],
+      },
+    })
+  }
+  /**
+   * Create RDS backup rule
+   */
+  createRdsBackupRule(retentionPeriod: number = 7): ConfigRule {
+    return this.createConfigRule({
+      name: 'db-backup-enabled',
+      description: 'Checks whether RDS DB instances have backups enabled',
+      source: 'AWS_MANAGED',
+      identifier: 'DB_BACKUP_ENABLED',
+      inputParameters: {
+        backupRetentionPeriod: retentionPeriod,
+      },
+      scope: {
+        complianceResourceTypes: ['AWS::RDS::DBInstance'],
+      },
+    })
+  }
+  /**
+   * Create EC2 instance profile rule
+   */
+  createEc2InstanceProfileRule(): ConfigRule {
+    return this.createConfigRule({
+      name: 'ec2-instance-managed-by-systems-manager',
+      description: 'Checks if EC2 instances are managed by Systems Manager',
+      source: 'AWS_MANAGED',
+      identifier: 'EC2_INSTANCE_MANAGED_BY_SSM',
+      scope: {
+        complianceResourceTypes: ['AWS::EC2::Instance'],
+      },
+    })
+  }
+  /**
+   * Create EBS encryption rule
+   */
+  createEbsEncryptionRule(): ConfigRule {
+    return this.createConfigRule({
+      name: 'encrypted-volumes',
+      description: 'Checks whether EBS volumes are encrypted',
+      source: 'AWS_MANAGED',
+      identifier: 'ENCRYPTED_VOLUMES',
+      scope: {
+        complianceResourceTypes: ['AWS::EC2::Volume'],
+      },
+    })
+  }
+  /**
+   * Create IAM password policy rule
+   */
+  createIamPasswordPolicyRule(): ConfigRule {
+    return this.createConfigRule({
+      name: 'iam-password-policy',
+      description: 'Checks whether the IAM password policy meets specified requirements',
+      source: 'AWS_MANAGED',
+      identifier: 'IAM_PASSWORD_POLICY',
+      inputParameters: {
+        RequireUppercaseCharacters: true,
+        RequireLowercaseCharacters: true,
+        RequireSymbols: true,
+        RequireNumbers: true,
+        MinimumPasswordLength: 14,
+        PasswordReusePrevention: 24,
+        MaxPasswordAge: 90,
+      },
+    })
+  }
+  /**
+   * Create IAM MFA rule
+   */
+  createIamMfaRule(): ConfigRule {
+    return this.createConfigRule({
+      name: 'iam-user-mfa-enabled',
+      description: 'Checks whether IAM users have MFA enabled',
+      source: 'AWS_MANAGED',
+      identifier: 'IAM_USER_MFA_ENABLED',
+    })
+  }
+  /**
+   * Create IAM root account MFA rule
+   */
+  createRootAccountMfaRule(): ConfigRule {
+    return this.createConfigRule({
+      name: 'root-account-mfa-enabled',
+      description: 'Checks whether the root account has MFA enabled',
+      source: 'AWS_MANAGED',
+      identifier: 'ROOT_ACCOUNT_MFA_ENABLED',
+    })
+  }
+  /**
+   * Create VPC flow logs rule
+   */
+  createVpcFlowLogsRule(): ConfigRule {
+    return this.createConfigRule({
+      name: 'vpc-flow-logs-enabled',
+      description: 'Checks whether VPC Flow Logs is enabled',
+      source: 'AWS_MANAGED',
+      identifier: 'VPC_FLOW_LOGS_ENABLED',
+      scope: {
+        complianceResourceTypes: ['AWS::EC2::VPC'],
+      },
+    })
+  }
+  /**
+   * Create CloudTrail enabled rule
+   */
+  createCloudTrailEnabledRule(): ConfigRule {
+    return this.createConfigRule({
+      name: 'cloudtrail-enabled',
+      description: 'Checks whether CloudTrail is enabled',
+      source: 'AWS_MANAGED',
+      identifier: 'CLOUD_TRAIL_ENABLED',
+      maxExecutionFrequency: 'TwentyFour_Hours',
+    })
+  }
+  /**
+   * Create CloudWatch alarm rule
+   */
+  createCloudWatchAlarmRule(): ConfigRule {
+    return this.createConfigRule({
+      name: 'cloudwatch-alarm-action-check',
+      description: 'Checks whether CloudWatch alarms have actions configured',
+      source: 'AWS_MANAGED',
+      identifier: 'CLOUDWATCH_ALARM_ACTION_CHECK',
+      inputParameters: {
+        alarmActionRequired: true,
+        insufficientDataActionRequired: false,
+        okActionRequired: false,
+      },
+      scope: {
+        complianceResourceTypes: ['AWS::CloudWatch::Alarm'],
+      },
+    })
+  }
+  /**
+   * Create custom Lambda rule
+   */
+  createCustomLambdaRule(options: {
+    name: string
+    description: string
+    lambdaFunctionArn: string
+    resourceTypes?: string[]
+    maxExecutionFrequency?: ConfigRule['maxExecutionFrequency']
+    inputParameters?: Record<string, any>
+  }): ConfigRule {
+    return this.createConfigRule({
+      name: options.name,
+      description: options.description,
+      source: 'CUSTOM_LAMBDA',
+      lambdaFunctionArn: options.lambdaFunctionArn,
+      scope: options.resourceTypes
+        ? {
+            complianceResourceTypes: options.resourceTypes,
+          }
+        : undefined,
+      maxExecutionFrequency: options.maxExecutionFrequency,
+      inputParameters: options.inputParameters,
+    })
+  }
+  /**
+   * Create compliance preset rules
+   */
+  createCompliancePreset(preset: 'hipaa' | 'pci-dss' | 'sox' | 'gdpr' | 'basic'): ConfigRule[] {
+    const rules: ConfigRule[] = []
+    switch (preset) {
+      case 'hipaa':
+        rules.push(
+          this.createS3EncryptionRule(),
+          this.createRdsEncryptionRule(),
+          this.createEbsEncryptionRule(),
+          this.createCloudTrailEnabledRule(),
+          this.createIamPasswordPolicyRule(),
+          this.createRdsBackupRule(7),
+          this.createVpcFlowLogsRule(),
+        )
+        break
+      case 'pci-dss':
+        rules.push(
+          this.createS3EncryptionRule(),
+          this.createS3PublicAccessBlockRule(),
+          this.createRdsEncryptionRule(),
+          this.createEbsEncryptionRule(),
+          this.createCloudTrailEnabledRule(),
+          this.createIamPasswordPolicyRule(),
+          this.createIamMfaRule(),
+          this.createRootAccountMfaRule(),
+          this.createVpcFlowLogsRule(),
+        )
+        break
+      case 'sox':
+        rules.push(
+          this.createS3VersioningRule(),
+          this.createCloudTrailEnabledRule(),
+          this.createRdsBackupRule(30),
+          this.createIamPasswordPolicyRule(),
+        )
+        break
+      case 'gdpr':
+        rules.push(
+          this.createS3EncryptionRule(),
+          this.createRdsEncryptionRule(),
+          this.createEbsEncryptionRule(),
+          this.createCloudTrailEnabledRule(),
+          this.createRdsSnapshotEncryptionRule(),
+        )
+        break
+      case 'basic':
+        rules.push(
+          this.createS3EncryptionRule(),
+          this.createS3PublicAccessBlockRule(),
+          this.createRdsEncryptionRule(),
+          this.createCloudTrailEnabledRule(),
+          this.createIamMfaRule(),
+          this.createRootAccountMfaRule(),
+        )
+        break
+    }
+    return rules
+  }
+  /**
+   * Get config rule
+   */
+  getConfigRule(id: string): ConfigRule | undefined {
+    return this.configRules.get(id)
+  }
+  /**
+   * List config rules
+   */
+  listConfigRules(): ConfigRule[] {
+    return Array.from(this.configRules.values())
+  }
+  /**
+   * Get config recorder
+   */
+  getConfigRecorder(name: string): ConfigRecorder | undefined {
+    return this.configRecorders.get(name)
+  }
+  /**
+   * List config recorders
+   */
+  listConfigRecorders(): ConfigRecorder[] {
+    return Array.from(this.configRecorders.values())
+  }
+  /**
+   * Get delivery channel
+   */
+  getDeliveryChannel(name: string): DeliveryChannel | undefined {
+    return this.deliveryChannels.get(name)
+  }
+  /**
+   * List delivery channels
+   */
+  listDeliveryChannels(): DeliveryChannel[] {
+    return Array.from(this.deliveryChannels.values())
+  }
+  /**
+   * Generate CloudFormation for config rule
+   */
+  generateConfigRuleCF(rule: ConfigRule): any {
+    const cfRule: any = {
+      Type: 'AWS::Config::ConfigRule',
+      Properties: {
+        ConfigRuleName: rule.name,
+        Description: rule.description,
+        Source: {
+          Owner: rule.source === 'AWS_MANAGED' ? 'AWS' : 'CUSTOM_LAMBDA',
+        },
+      },
+    }
+    if (rule.source === 'AWS_MANAGED' && rule.identifier) {
+      cfRule.Properties.Source.SourceIdentifier = rule.identifier
+    }
+    if (rule.source === 'CUSTOM_LAMBDA' && rule.lambdaFunctionArn) {
+      cfRule.Properties.Source.SourceIdentifier = rule.lambdaFunctionArn
+      cfRule.Properties.Source.SourceDetails = [
+        {
+          EventSource: 'aws.config',
+          MessageType: 'ConfigurationItemChangeNotification',
+        },
+      ]
+    }
+    if (rule.inputParameters) {
+      cfRule.Properties.InputParameters = JSON.stringify(rule.inputParameters)
+    }
+    if (rule.scope) {
+      cfRule.Properties.Scope = {}
+      if (rule.scope.complianceResourceTypes) {
+        cfRule.Properties.Scope.ComplianceResourceTypes = rule.scope.complianceResourceTypes
+      }
+      if (rule.scope.tagKey) {
+        cfRule.Properties.Scope.TagKey = rule.scope.tagKey
+      }
+      if (rule.scope.tagValue) {
+        cfRule.Properties.Scope.TagValue = rule.scope.tagValue
+      }
+    }
+    if (rule.maxExecutionFrequency) {
+      cfRule.Properties.MaximumExecutionFrequency = rule.maxExecutionFrequency
+    }
+    return cfRule
+  }
+  /**
+   * Generate CloudFormation for config recorder
+   */
+  generateConfigRecorderCF(recorder: ConfigRecorder): any {
+    return {
+      Type: 'AWS::Config::ConfigurationRecorder',
+      Properties: {
+        Name: recorder.name,
+        RoleArn: recorder.roleArn,
+        RecordingGroup: recorder.recordingGroup || {
+          AllSupported: true,
+          IncludeGlobalResourceTypes: true,
+        },
+      },
+    }
+  }
+  /**
+   * Generate CloudFormation for delivery channel
+   */
+  generateDeliveryChannelCF(channel: DeliveryChannel): any {
+    return {
+      Type: 'AWS::Config::DeliveryChannel',
+      Properties: {
+        Name: channel.name,
+        S3BucketName: channel.s3BucketName,
+        ...(channel.s3KeyPrefix && { S3KeyPrefix: channel.s3KeyPrefix }),
+        ...(channel.snsTopicArn && { SnsTopicARN: channel.snsTopicArn }),
+        ...(channel.configSnapshotDeliveryProperties && {
+          ConfigSnapshotDeliveryProperties: channel.configSnapshotDeliveryProperties,
+        }),
+      },
+    }
+  }
+  /**
+   * Clear all data
+   */
+  clear(): void {
+    this.configRules.clear()
+    this.configRecorders.clear()
+    this.deliveryChannels.clear()
+    this.ruleCounter = 0
+  }
+}
+/**
+ * Global AWS Config manager instance
+ */
+export const awsConfigManager: AWSConfigManager = new AWSConfigManager()