@ts-cloud/core 0.2.3 → 0.2.4

package/dist/modules/email.d.ts

@@ -0,0 +1,314 @@
+import type { IAMPolicy, IAMRole, LambdaFunction, LambdaPermission, Route53RecordSet, S3Bucket, SESConfigurationSet, SESEmailIdentity, SESReceiptRule, SESReceiptRuleSet } from '@ts-cloud/aws-types';
+import type { EnvironmentType } from '../types';
+export interface EmailIdentityOptions {
+    domain: string;
+    slug: string;
+    environment: EnvironmentType;
+    enableDkim?: boolean;
+    dkimKeyLength?: 'RSA_1024_BIT' | 'RSA_2048_BIT';
+}
+export interface ConfigurationSetOptions {
+    slug: string;
+    environment: EnvironmentType;
+    name?: string;
+    reputationMetrics?: boolean;
+    sendingEnabled?: boolean;
+    suppressBounces?: boolean;
+    suppressComplaints?: boolean;
+}
+export interface ReceiptRuleSetOptions {
+    slug: string;
+    environment: EnvironmentType;
+    name?: string;
+}
+export interface ReceiptRuleOptions {
+    slug: string;
+    environment: EnvironmentType;
+    ruleSetName: string;
+    recipients?: string[];
+    enabled?: boolean;
+    scanEnabled?: boolean;
+    tlsPolicy?: 'Optional' | 'Require';
+    s3Action?: {
+        bucketName: string;
+        prefix?: string;
+        kmsKeyArn?: string;
+    };
+    lambdaAction?: {
+        functionArn: string;
+        invocationType?: 'Event' | 'RequestResponse';
+    };
+    snsAction?: {
+        topicArn: string;
+        encoding?: 'UTF-8' | 'Base64';
+    };
+}
+/**
+ * Email Module - SES (Simple Email Service)
+ * Provides clean API for email sending, receiving, and domain verification
+ */
+export declare class Email {
+    /**
+     * Verify a domain for sending emails
+     */
+    static verifyDomain(options: EmailIdentityOptions): {
+        emailIdentity: SESEmailIdentity;
+        logicalId: string;
+    };
+    /**
+     * Create DNS records for DKIM verification
+     * Returns Route53 RecordSets for DKIM tokens
+     */
+    static createDkimRecords(domain: string, dkimTokens: string[], hostedZoneId: string): Array<{
+        record: Route53RecordSet;
+        logicalId: string;
+    }>;
+    /**
+     * Create SES Configuration Set
+     */
+    static createConfigurationSet(options: ConfigurationSetOptions): {
+        configurationSet: SESConfigurationSet;
+        logicalId: string;
+    };
+    /**
+     * Create Receipt Rule Set for inbound email
+     */
+    static createReceiptRuleSet(options: ReceiptRuleSetOptions): {
+        ruleSet: SESReceiptRuleSet;
+        logicalId: string;
+    };
+    /**
+     * Create Receipt Rule for processing inbound emails
+     */
+    static createReceiptRule(ruleSetLogicalId: string, options: ReceiptRuleOptions): {
+        receiptRule: SESReceiptRule;
+        logicalId: string;
+    };
+    /**
+     * Create MX record for receiving emails
+     */
+    static createMxRecord(domain: string, hostedZoneId: string, region: string): {
+        record: Route53RecordSet;
+        logicalId: string;
+    };
+    /**
+     * Create verification TXT record
+     */
+    static createVerificationRecord(domain: string, verificationToken: string, hostedZoneId: string): {
+        record: Route53RecordSet;
+        logicalId: string;
+    };
+    /**
+     * Get SES SMTP credentials information
+     */
+    static getSmtpEndpoint(region: string): string;
+    /**
+     * Get SES SMTP port options
+     */
+    static readonly SmtpPorts: {
+        readonly TLS: 587;
+        readonly SSL: 465;
+        readonly Unencrypted: 25;
+    };
+    /**
+     * Create SPF record for email authentication
+     */
+    static createSpfRecord(domain: string, hostedZoneId: string, options?: {
+        includeDomains?: string[];
+        softFail?: boolean;
+    }): {
+        record: Route53RecordSet;
+        logicalId: string;
+    };
+    /**
+     * Create DMARC record for email authentication
+     */
+    static createDmarcRecord(domain: string, hostedZoneId: string, options?: {
+        policy?: 'none' | 'quarantine' | 'reject';
+        subdomainPolicy?: 'none' | 'quarantine' | 'reject';
+        percentage?: number;
+        reportingEmail?: string;
+        forensicEmail?: string;
+    }): {
+        record: Route53RecordSet;
+        logicalId: string;
+    };
+    /**
+     * Create complete inbound email setup
+     * Includes receipt rule set, rule, and S3 storage
+     */
+    static createInboundEmailSetup(options: {
+        slug: string;
+        environment: EnvironmentType;
+        domain: string;
+        s3BucketName: string;
+        s3KeyPrefix?: string;
+        region: string;
+        hostedZoneId: string;
+        lambdaFunctionArn?: string;
+        snsTopicArn?: string;
+    }): {
+        resources: Record<string, any>;
+        outputs: {
+            ruleSetLogicalId: string;
+            ruleLogicalId: string;
+            mxRecordLogicalId: string;
+        };
+    };
+    /**
+     * Create complete email domain setup
+     * Includes domain verification, DKIM, SPF, DMARC, and optionally inbound email
+     */
+    static createCompleteDomainSetup(options: {
+        slug: string;
+        environment: EnvironmentType;
+        domain: string;
+        hostedZoneId: string;
+        region: string;
+        enableInbound?: boolean;
+        inboundS3Bucket?: string;
+        dmarcReportingEmail?: string;
+    }): {
+        resources: Record<string, any>;
+        outputs: {
+            identityLogicalId: string;
+            configSetLogicalId: string;
+        };
+    };
+    /**
+     * SES inbound SMTP endpoints by region
+     */
+    static readonly InboundSmtpEndpoints: Record<string, string>;
+    /**
+     * Check if region supports SES inbound email
+     */
+    static supportsInboundEmail(region: string): boolean;
+    /**
+     * Create IAM role for email Lambda functions
+     */
+    static createEmailLambdaRole(options: {
+        slug: string;
+        environment: EnvironmentType;
+        s3BucketArn: string;
+        sesIdentityArn?: string;
+    }): {
+        role: IAMRole;
+        policy: IAMPolicy;
+        roleLogicalId: string;
+        policyLogicalId: string;
+    };
+    /**
+     * Create Lambda function for outbound email (JSON to raw email conversion)
+     * Converts JSON email payloads to raw MIME format and sends via SES
+     */
+    static createOutboundEmailLambda(options: {
+        slug: string;
+        environment: EnvironmentType;
+        roleArn: string;
+        domain: string;
+        configurationSetName?: string;
+        timeout?: number;
+        memorySize?: number;
+    }): {
+        function: LambdaFunction;
+        logicalId: string;
+    };
+    /**
+     * Create Lambda function for inbound email processing
+     * Organizes emails by From/To addresses and extracts metadata
+     */
+    static createInboundEmailLambda(options: {
+        slug: string;
+        environment: EnvironmentType;
+        roleArn: string;
+        s3BucketName: string;
+        organizedPrefix?: string;
+        timeout?: number;
+        memorySize?: number;
+    }): {
+        function: LambdaFunction;
+        permission: LambdaPermission;
+        logicalId: string;
+        permissionLogicalId: string;
+    };
+    /**
+     * Create Lambda function for email conversion
+     * Converts raw MIME emails to HTML/text format
+     */
+    static createEmailConversionLambda(options: {
+        slug: string;
+        environment: EnvironmentType;
+        roleArn: string;
+        s3BucketName: string;
+        convertedPrefix?: string;
+        timeout?: number;
+        memorySize?: number;
+    }): {
+        function: LambdaFunction;
+        logicalId: string;
+    };
+    /**
+     * Create S3 bucket notification configuration for email processing
+     */
+    static createEmailBucketNotification(options: {
+        bucketLogicalId: string;
+        lambdaArn: string;
+        prefix?: string;
+        suffix?: string;
+        events?: string[];
+    }): {
+        notificationConfiguration: NonNullable<NonNullable<S3Bucket['Properties']>['NotificationConfiguration']>;
+    };
+    /**
+     * Create Lambda permission for S3 to invoke email processing Lambda
+     */
+    static createS3LambdaPermission(options: {
+        slug: string;
+        environment: EnvironmentType;
+        lambdaLogicalId: string;
+        s3BucketArn: string;
+    }): {
+        permission: LambdaPermission;
+        logicalId: string;
+    };
+    /**
+     * Create complete email processing stack
+     * Includes all Lambda functions, IAM roles, and S3 notifications
+     */
+    static createEmailProcessingStack(options: {
+        slug: string;
+        environment: EnvironmentType;
+        domain: string;
+        s3BucketName: string;
+        s3BucketArn: string;
+        configurationSetName?: string;
+        enableInbound?: boolean;
+        enableConversion?: boolean;
+    }): {
+        resources: Record<string, any>;
+        outputs: {
+            roleLogicalId: string;
+            outboundLambdaLogicalId: string;
+            inboundLambdaLogicalId?: string;
+            conversionLambdaLogicalId?: string;
+        };
+    };
+    /**
+     * Lambda function code for email processing
+     */
+    static readonly LambdaCode: {
+        /**
+         * Outbound email Lambda - JSON to raw email conversion
+         */
+        outboundEmail: string;
+        /**
+         * Inbound email Lambda - Processes raw emails into EmailSDK-compatible structure
+         * Writes to: mailboxes/{domain}/{localPart}/inbox.json + per-message files
+         */
+        inboundEmail: string;
+        /**
+         * Email conversion Lambda - Raw to HTML/text
+         */
+        emailConversion: string;
+    };
+}

package/dist/modules/filesystem.d.ts

@@ -0,0 +1,132 @@
+import type { EC2SecurityGroup, EFSAccessPoint, EFSFileSystem, EFSMountTarget } from '@ts-cloud/aws-types';
+import type { EnvironmentType } from '../types';
+export interface FileSystemOptions {
+    slug: string;
+    environment: EnvironmentType;
+    encrypted?: boolean;
+    kmsKeyId?: string;
+    performanceMode?: 'generalPurpose' | 'maxIO';
+    throughputMode?: 'bursting' | 'provisioned' | 'elastic';
+    provisionedThroughput?: number;
+    enableBackup?: boolean;
+}
+export interface MountTargetOptions {
+    slug: string;
+    environment: EnvironmentType;
+    subnetId: string;
+    securityGroups: string[];
+    ipAddress?: string;
+}
+export interface AccessPointOptions {
+    slug: string;
+    environment: EnvironmentType;
+    path?: string;
+    uid?: string;
+    gid?: string;
+    permissions?: string;
+}
+export interface LifecyclePolicyOptions {
+    transitionToIA?: 7 | 14 | 30 | 60 | 90;
+    transitionToPrimary?: boolean;
+}
+/**
+ * FileSystem Module - EFS (Elastic File System)
+ * Provides clean API for creating and configuring shared file systems
+ */
+export declare class FileSystem {
+    /**
+     * Create an EFS file system
+     */
+    static createFileSystem(options: FileSystemOptions): {
+        fileSystem: EFSFileSystem;
+        logicalId: string;
+    };
+    /**
+     * Create a mount target for multi-AZ access
+     */
+    static createMountTarget(fileSystemLogicalId: string, options: MountTargetOptions): {
+        mountTarget: EFSMountTarget;
+        logicalId: string;
+    };
+    /**
+     * Create an access point with POSIX permissions
+     */
+    static createAccessPoint(fileSystemLogicalId: string, options: AccessPointOptions): {
+        accessPoint: EFSAccessPoint;
+        logicalId: string;
+    };
+    /**
+     * Set lifecycle policy for cost optimization
+     */
+    static setLifecyclePolicy(fileSystem: EFSFileSystem, options: LifecyclePolicyOptions): EFSFileSystem;
+    /**
+     * Enable automatic backups
+     */
+    static enableBackup(fileSystem: EFSFileSystem): EFSFileSystem;
+    /**
+     * Disable automatic backups
+     */
+    static disableBackup(fileSystem: EFSFileSystem): EFSFileSystem;
+    /**
+     * Set provisioned throughput mode
+     */
+    static setProvisionedThroughput(fileSystem: EFSFileSystem, throughputInMibps: number): EFSFileSystem;
+    /**
+     * Set elastic throughput mode (recommended for most workloads)
+     */
+    static setElasticThroughput(fileSystem: EFSFileSystem): EFSFileSystem;
+    /**
+     * Enable max I/O performance mode (for highly parallelized workloads)
+     */
+    static enableMaxIO(fileSystem: EFSFileSystem): EFSFileSystem;
+    /**
+     * Create a security group for EFS mount targets
+     * Allows NFS traffic (port 2049) from specified sources
+     */
+    static createEfsSecurityGroup(options: {
+        slug: string;
+        environment: EnvironmentType;
+        vpcId: string;
+        sourceSecurityGroupIds?: string[];
+        sourceCidrBlocks?: string[];
+        description?: string;
+    }): {
+        securityGroup: EC2SecurityGroup;
+        logicalId: string;
+    };
+    /**
+     * Create mount targets across multiple subnets (multi-AZ)
+     * Returns all mount targets and their logical IDs
+     */
+    static createMultiAzMountTargets(fileSystemLogicalId: string, options: {
+        slug: string;
+        environment: EnvironmentType;
+        subnetIds: string[];
+        securityGroupId: string;
+    }): {
+        mountTargets: EFSMountTarget[];
+        logicalIds: string[];
+    };
+    /**
+     * Create a complete EFS setup with security group and mount targets
+     */
+    static createCompleteFileSystem(options: {
+        slug: string;
+        environment: EnvironmentType;
+        vpcId: string;
+        subnetIds: string[];
+        sourceSecurityGroupIds?: string[];
+        encrypted?: boolean;
+        performanceMode?: 'generalPurpose' | 'maxIO';
+        throughputMode?: 'bursting' | 'provisioned' | 'elastic';
+        enableBackup?: boolean;
+        transitionToIA?: 7 | 14 | 30 | 60 | 90;
+    }): {
+        resources: Record<string, any>;
+        outputs: {
+            fileSystemId: string;
+            securityGroupId: string;
+            mountTargetIds: string[];
+        };
+    };
+}

package/dist/modules/index.d.ts

@@ -0,0 +1,31 @@
+/**
+ * ts-cloud Resource Modules
+ * Clean API abstractions for AWS CloudFormation resources
+ */
+export * from './storage';
+export * from './registry';
+export * from './cdn';
+export * from './dns';
+export * from './security';
+export * from './compute';
+export * from './network';
+export * from './filesystem';
+export * from './email';
+export * from './phone';
+export * from './queue';
+export * from './sms';
+export * from './ai';
+export * from './database';
+export * from './cache';
+export * from './permissions';
+export * from './api';
+export * from './messaging';
+export * from './workflow';
+export * from './monitoring';
+export * from './auth';
+export * from './deployment';
+export * from './secrets';
+export * from './parameter-store';
+export * from './search';
+export * from './redirects';
+export * from './communication';

package/dist/modules/messaging.d.ts

@@ -0,0 +1,210 @@
+import type { SNSSubscription, SNSTopic, SNSTopicPolicy } from '@ts-cloud/aws-types';
+import type { EnvironmentType } from '../types';
+export interface TopicOptions {
+    slug: string;
+    environment: EnvironmentType;
+    topicName?: string;
+    displayName?: string;
+    encrypted?: boolean;
+    kmsKeyId?: string;
+}
+export interface SubscriptionOptions {
+    slug: string;
+    environment: EnvironmentType;
+    protocol: 'http' | 'https' | 'email' | 'email-json' | 'sms' | 'sqs' | 'application' | 'lambda' | 'firehose';
+    endpoint: string;
+    filterPolicy?: Record<string, unknown>;
+    rawMessageDelivery?: boolean;
+}
+export interface TopicPolicyOptions {
+    slug: string;
+    environment: EnvironmentType;
+    allowedPrincipals?: string | string[];
+    allowedServices?: string | string[];
+    actions?: string | string[];
+}
+/**
+ * Messaging Module - SNS (Simple Notification Service)
+ * Provides clean API for pub/sub messaging, notifications, and event routing
+ */
+export declare class Messaging {
+    /**
+     * Create an SNS topic
+     */
+    static createTopic(options: TopicOptions): {
+        topic: SNSTopic;
+        logicalId: string;
+    };
+    /**
+     * Subscribe to a topic
+     */
+    static subscribe(topicLogicalId: string, options: SubscriptionOptions): {
+        subscription: SNSSubscription;
+        logicalId: string;
+    };
+    /**
+     * Subscribe email to topic
+     */
+    static subscribeEmail(topicLogicalId: string, email: string, options: {
+        slug: string;
+        environment: EnvironmentType;
+        filterPolicy?: Record<string, unknown>;
+    }): {
+        subscription: SNSSubscription;
+        logicalId: string;
+    };
+    /**
+     * Subscribe Lambda function to topic
+     */
+    static subscribeLambda(topicLogicalId: string, functionArn: string, options: {
+        slug: string;
+        environment: EnvironmentType;
+        filterPolicy?: Record<string, unknown>;
+    }): {
+        subscription: SNSSubscription;
+        logicalId: string;
+    };
+    /**
+     * Subscribe SQS queue to topic
+     */
+    static subscribeSqs(topicLogicalId: string, queueArn: string, options: {
+        slug: string;
+        environment: EnvironmentType;
+        filterPolicy?: Record<string, unknown>;
+        rawMessageDelivery?: boolean;
+    }): {
+        subscription: SNSSubscription;
+        logicalId: string;
+    };
+    /**
+     * Subscribe HTTP/HTTPS endpoint to topic
+     */
+    static subscribeHttp(topicLogicalId: string, url: string, options: {
+        slug: string;
+        environment: EnvironmentType;
+        filterPolicy?: Record<string, unknown>;
+    }): {
+        subscription: SNSSubscription;
+        logicalId: string;
+    };
+    /**
+     * Subscribe SMS to topic
+     */
+    static subscribeSms(topicLogicalId: string, phoneNumber: string, options: {
+        slug: string;
+        environment: EnvironmentType;
+    }): {
+        subscription: SNSSubscription;
+        logicalId: string;
+    };
+    /**
+     * Create a topic policy
+     */
+    static setTopicPolicy(topicLogicalId: string, options: TopicPolicyOptions): {
+        policy: SNSTopicPolicy;
+        logicalId: string;
+    };
+    /**
+     * Allow CloudWatch Alarms to publish to topic
+     */
+    static allowCloudWatchAlarms(topicLogicalId: string, options: {
+        slug: string;
+        environment: EnvironmentType;
+    }): {
+        policy: SNSTopicPolicy;
+        logicalId: string;
+    };
+    /**
+     * Allow EventBridge to publish to topic
+     */
+    static allowEventBridge(topicLogicalId: string, options: {
+        slug: string;
+        environment: EnvironmentType;
+    }): {
+        policy: SNSTopicPolicy;
+        logicalId: string;
+    };
+    /**
+     * Allow S3 to publish to topic
+     */
+    static allowS3(topicLogicalId: string, options: {
+        slug: string;
+        environment: EnvironmentType;
+    }): {
+        policy: SNSTopicPolicy;
+        logicalId: string;
+    };
+    /**
+     * Enable encryption on topic
+     */
+    static enableEncryption(topic: SNSTopic, kmsKeyId: string): SNSTopic;
+    /**
+     * Add inline subscription to topic
+     */
+    static addInlineSubscription(topic: SNSTopic, protocol: SubscriptionOptions['protocol'], endpoint: string): SNSTopic;
+    /**
+     * Common filter policy patterns
+     */
+    static readonly FilterPolicies: {
+        /**
+         * Filter by event type
+         */
+        readonly eventType: (types: string[]) => {
+            eventType: string[];
+        };
+        /**
+         * Filter by status
+         */
+        readonly status: (statuses: string[]) => {
+            status: string[];
+        };
+        /**
+         * Filter by numeric range
+         */
+        readonly numericRange: (attribute: string, min: number, max: number) => Record<string, Array<{
+            numeric: (string | number)[];
+        }>>;
+        /**
+         * Filter by string prefix
+         */
+        readonly prefix: (attribute: string, prefixValue: string) => Record<string, Array<{
+            prefix: string;
+        }>>;
+        /**
+         * Filter by multiple attributes (AND logic)
+         */
+        readonly and: (...policies: Record<string, unknown>[]) => Record<string, unknown>;
+        /**
+         * Filter by exists/not exists
+         */
+        readonly exists: (attribute: string, existsValue: boolean) => Record<string, Array<{
+            exists: boolean;
+        }>>;
+    };
+    /**
+     * Common use cases for SNS topics
+     */
+    static readonly UseCases: {
+        /**
+         * Create alert topic for CloudWatch alarms
+         */
+        readonly createAlertTopic: (options: TopicOptions) => {
+            topic: SNSTopic;
+            logicalId: string;
+        };
+        /**
+         * Create event fanout topic for distributing events
+         */
+        readonly createEventFanout: (options: TopicOptions) => {
+            topic: SNSTopic;
+            logicalId: string;
+        };
+        /**
+         * Create notification topic for user notifications
+         */
+        readonly createNotificationTopic: (options: TopicOptions) => {
+            topic: SNSTopic;
+            logicalId: string;
+        };
+    };
+}