@umccr/htsget-lambda 0.9.6

package/LICENSE

@@ -0,0 +1,23 @@
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.

package/README.md

@@ -0,0 +1,89 @@
+## Quickstart
+
+Here's how to deploy [htsget-rs's htsget-lambda](https://github.com/umccr/htsget-rs) to AWS:
+
+1. Install packages by running `npm install` or `pnpm install`.
+2. Authenticate to your AWS account (preferably using SSO).
+3. Modify the [`bin/settings.ts`][htsget-settings], according to your preferences. All options are documented at [`docs/CONFIG.md`][docs-config].
+4. Run `npx cdk deploy`.
+
+### Does it work?
+
+A simple `curl` command should be able to determine that:
+
+```sh
+curl "https://htsget.ga4gh-demo.org/reads/service-info"
+```
+
+Should return a response similar to the following:
+
+```json
+{
+  "id": "htsget-lambda/0.5.2",
+  "createdAt": "2025-01-22T23:29:34.423733522+00:00",
+  "name": "htsget-lambda",
+  "version": "0.5.2",
+  "updatedAt": "2025-01-22T23:29:34.423735886+00:00",
+  "description": "A cloud-based instance of htsget-rs using AWS Lambda, which serves data according to the htsget protocol.",
+  "organization": {
+    "name": "",
+    "url": ""
+  },
+  "documentationUrl": "https://github.com/umccr/htsget-rs",
+  "type": {
+    "group": "org.ga4gh",
+    "artifact": "htsget",
+    "version": "1.3.0"
+  },
+  "htsget": {
+    "datatype": "reads",
+    "formats": [
+      "BAM",
+      "CRAM"
+    ],
+    "fieldsParametersEffective": false,
+    "tagsParametersEffective": false
+  }
+}
+```
+
+Please note that the example above assumes a publicly accessible endpoint. If you have an authz'd deployment, please add `-H "Authorization: $JWT_TOKEN"` flags to your `curl` command.
+
+## Library
+
+The `HtsgetConstruct` is [published][htsget-npm] as an NPM package so that it can be used as construct in other projects.
+
+## Local development
+
+This project uses pnpm as the preferred package manager. To install and update the lock file, run:
+
+```sh
+pnpm install
+```
+
+To generate the [config docs][docs-config], run:
+
+```sh
+npx typedoc
+```
+
+[htsget-npm]: https://www.npmjs.com/package/htsget-lambda
+[docs-config]: docs/config/CONFIG.md
+[htsget-settings]: bin/settings.ts
+[cargo-lambda]: https://github.com/cargo-lambda/cargo-lambda
+[htsget-rs]: https://github.com/umccr/htsget-rs
+[aws-cdk]: https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html
+[cdk-context]: https://docs.aws.amazon.com/cdk/v2/guide/context.html
+[cdk-lookup-value]: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ssm.StringParameter.html#static-valuewbrfromwbrlookupscope-parametername
+[cdk-json]: cdk.json
+[aws-ssm]: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
+[aws-api-gateway]: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-lambda.html
+[aws-cognito]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html
+[jwt-authorizer]: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html
+[jwt-audience]: https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/apis-apiid-authorizers-authorizerid.html#apis-apiid-authorizers-authorizerid-model-jwtconfiguration
+[route-53]: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html
+[rust-function]: https://www.npmjs.com/package/rust.aws-cdk-lambda
+[aws-cdk]: https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html
+[aws-cli]: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
+[npm]: https://docs.npmjs.com/downloading-and-installing-node-js-and-npm
+[rust]: https://www.rust-lang.org/tools/install

package/bin/htsget-stack.d.ts

@@ -0,0 +1,6 @@
+import * as cdk from "aws-cdk-lib";
+import { Construct } from "constructs";
+import { HtsgetLambdaProps } from "../index";
+export declare class HtsgetStack extends cdk.Stack {
+    constructor(scope: Construct, id: string, settings: HtsgetLambdaProps, props?: cdk.StackProps);
+}

package/bin/htsget-stack.js

@@ -0,0 +1,59 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HtsgetStack = void 0;
+const cdk = __importStar(require("aws-cdk-lib"));
+const settings_1 = require("./settings");
+const htsget_lambda_1 = require("../lib/htsget-lambda");
+class HtsgetStack extends cdk.Stack {
+    constructor(scope, id, settings, props) {
+        super(scope, id, props);
+        new htsget_lambda_1.HtsgetLambda(this, "HtsgetLambda", settings);
+    }
+}
+exports.HtsgetStack = HtsgetStack;
+const app = new cdk.App();
+new HtsgetStack(app, "HtsgetLambdaStack", settings_1.SETTINGS, {
+    stackName: "HtsgetLambdaStack",
+    description: "A stack deploying htsget-rs with API gateway.",
+    tags: {
+        Stack: "HtsgetLambdaStack",
+    },
+    env: {
+        account: process.env.CDK_DEFAULT_ACCOUNT,
+        region: process.env.CDK_DEFAULT_REGION,
+    },
+});
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaHRzZ2V0LXN0YWNrLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiaHRzZ2V0LXN0YWNrLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLGlEQUFtQztBQUduQyx5Q0FBc0M7QUFDdEMsd0RBQW9EO0FBRXBELE1BQWEsV0FBWSxTQUFRLEdBQUcsQ0FBQyxLQUFLO0lBQ3hDLFlBQ0UsS0FBZ0IsRUFDaEIsRUFBVSxFQUNWLFFBQTJCLEVBQzNCLEtBQXNCO1FBRXRCLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBRXhCLElBQUksNEJBQVksQ0FBQyxJQUFJLEVBQUUsY0FBYyxFQUFFLFFBQVEsQ0FBQyxDQUFDO0lBQ25ELENBQUM7Q0FDRjtBQVhELGtDQVdDO0FBRUQsTUFBTSxHQUFHLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7QUFDMUIsSUFBSSxXQUFXLENBQUMsR0FBRyxFQUFFLG1CQUFtQixFQUFFLG1CQUFRLEVBQUU7SUFDbEQsU0FBUyxFQUFFLG1CQUFtQjtJQUM5QixXQUFXLEVBQUUsK0NBQStDO0lBQzVELElBQUksRUFBRTtRQUNKLEtBQUssRUFBRSxtQkFBbUI7S0FDM0I7SUFDRCxHQUFHLEVBQUU7UUFDSCxPQUFPLEVBQUUsT0FBTyxDQUFDLEdBQUcsQ0FBQyxtQkFBbUI7UUFDeEMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsa0JBQWtCO0tBQ3ZDO0NBQ0YsQ0FBQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY2RrIGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCB7IEh0c2dldExhbWJkYVByb3BzIH0gZnJvbSBcIi4uL2luZGV4XCI7XG5pbXBvcnQgeyBTRVRUSU5HUyB9IGZyb20gXCIuL3NldHRpbmdzXCI7XG5pbXBvcnQgeyBIdHNnZXRMYW1iZGEgfSBmcm9tIFwiLi4vbGliL2h0c2dldC1sYW1iZGFcIjtcblxuZXhwb3J0IGNsYXNzIEh0c2dldFN0YWNrIGV4dGVuZHMgY2RrLlN0YWNrIHtcbiAgY29uc3RydWN0b3IoXG4gICAgc2NvcGU6IENvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIHNldHRpbmdzOiBIdHNnZXRMYW1iZGFQcm9wcyxcbiAgICBwcm9wcz86IGNkay5TdGFja1Byb3BzLFxuICApIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHByb3BzKTtcblxuICAgIG5ldyBIdHNnZXRMYW1iZGEodGhpcywgXCJIdHNnZXRMYW1iZGFcIiwgc2V0dGluZ3MpO1xuICB9XG59XG5cbmNvbnN0IGFwcCA9IG5ldyBjZGsuQXBwKCk7XG5uZXcgSHRzZ2V0U3RhY2soYXBwLCBcIkh0c2dldExhbWJkYVN0YWNrXCIsIFNFVFRJTkdTLCB7XG4gIHN0YWNrTmFtZTogXCJIdHNnZXRMYW1iZGFTdGFja1wiLFxuICBkZXNjcmlwdGlvbjogXCJBIHN0YWNrIGRlcGxveWluZyBodHNnZXQtcnMgd2l0aCBBUEkgZ2F0ZXdheS5cIixcbiAgdGFnczoge1xuICAgIFN0YWNrOiBcIkh0c2dldExhbWJkYVN0YWNrXCIsXG4gIH0sXG4gIGVudjoge1xuICAgIGFjY291bnQ6IHByb2Nlc3MuZW52LkNES19ERUZBVUxUX0FDQ09VTlQsXG4gICAgcmVnaW9uOiBwcm9jZXNzLmVudi5DREtfREVGQVVMVF9SRUdJT04sXG4gIH0sXG59KTtcbiJdfQ==

package/bin/htsget-stack.ts

@@ -0,0 +1,31 @@
+import * as cdk from "aws-cdk-lib";
+import { Construct } from "constructs";
+import { HtsgetLambdaProps } from "../index";
+import { SETTINGS } from "./settings";
+import { HtsgetLambda } from "../lib/htsget-lambda";
+
+export class HtsgetStack extends cdk.Stack {
+  constructor(
+    scope: Construct,
+    id: string,
+    settings: HtsgetLambdaProps,
+    props?: cdk.StackProps,
+  ) {
+    super(scope, id, props);
+
+    new HtsgetLambda(this, "HtsgetLambda", settings);
+  }
+}
+
+const app = new cdk.App();
+new HtsgetStack(app, "HtsgetLambdaStack", SETTINGS, {
+  stackName: "HtsgetLambdaStack",
+  description: "A stack deploying htsget-rs with API gateway.",
+  tags: {
+    Stack: "HtsgetLambdaStack",
+  },
+  env: {
+    account: process.env.CDK_DEFAULT_ACCOUNT,
+    region: process.env.CDK_DEFAULT_REGION,
+  },
+});

package/bin/settings.d.ts

@@ -0,0 +1,5 @@
+import { HtsgetLambdaProps } from "../index";
+/**
+ * Settings to use for the htsget deployment.
+ */
+export declare const SETTINGS: HtsgetLambdaProps;

package/bin/settings.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SETTINGS = void 0;
+/**
+ * Settings to use for the htsget deployment.
+ */
+exports.SETTINGS = {
+    domain: "dev.umccr.org",
+    copyTestData: true,
+    gitReference: "htsget-lambda-v0.7.4",
+    bucketName: "htsget-data",
+    functionName: "htsget-function",
+    roleName: "htsget-role",
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V0dGluZ3MuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJzZXR0aW5ncy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFFQTs7R0FFRztBQUNVLFFBQUEsUUFBUSxHQUFzQjtJQUN6QyxNQUFNLEVBQUUsZUFBZTtJQUN2QixZQUFZLEVBQUUsSUFBSTtJQUNsQixZQUFZLEVBQUUsc0JBQXNCO0lBQ3BDLFVBQVUsRUFBRSxhQUFhO0lBQ3pCLFlBQVksRUFBRSxpQkFBaUI7SUFDL0IsUUFBUSxFQUFFLGFBQWE7Q0FDeEIsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEh0c2dldExhbWJkYVByb3BzIH0gZnJvbSBcIi4uL2luZGV4XCI7XG5cbi8qKlxuICogU2V0dGluZ3MgdG8gdXNlIGZvciB0aGUgaHRzZ2V0IGRlcGxveW1lbnQuXG4gKi9cbmV4cG9ydCBjb25zdCBTRVRUSU5HUzogSHRzZ2V0TGFtYmRhUHJvcHMgPSB7XG4gIGRvbWFpbjogXCJkZXYudW1jY3Iub3JnXCIsXG4gIGNvcHlUZXN0RGF0YTogdHJ1ZSxcbiAgZ2l0UmVmZXJlbmNlOiBcImh0c2dldC1sYW1iZGEtdjAuNy40XCIsXG4gIGJ1Y2tldE5hbWU6IFwiaHRzZ2V0LWRhdGFcIixcbiAgZnVuY3Rpb25OYW1lOiBcImh0c2dldC1mdW5jdGlvblwiLFxuICByb2xlTmFtZTogXCJodHNnZXQtcm9sZVwiLFxufTtcbiJdfQ==

package/bin/settings.ts

@@ -0,0 +1,13 @@
+import { HtsgetLambdaProps } from "../index";
+
+/**
+ * Settings to use for the htsget deployment.
+ */
+export const SETTINGS: HtsgetLambdaProps = {
+  domain: "dev.umccr.org",
+  copyTestData: true,
+  gitReference: "htsget-lambda-v0.7.4",
+  bucketName: "htsget-data",
+  functionName: "htsget-function",
+  roleName: "htsget-role",
+};

package/cdk.json

@@ -0,0 +1,29 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/htsget-stack.ts",
+  "context": {
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
+    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/aws-lambda:recognizeVersionProps": true,
+    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:stackRelativeExports": true,
+    "@aws-cdk/core:target-partitions": ["aws", "aws-cn"]
+  },
+  "watch": {
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ],
+    "include": ["**"]
+  }
+}

package/docs/config/CONFIG.md

@@ -0,0 +1,101 @@
+**htsget-lambda**
+
+***
+
+# htsget-lambda
+
+## CorsConifg
+
+Defined in: [aws/lib/config.ts:173](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L173)
+
+CORS configuration for the htsget-rs server.
+
+### Properties
+
+| Property | Type | Default value | Description | Defined in |
+| ------ | ------ | ------ | ------ | ------ |
+| <a id="allowcredentials"></a> `allowCredentials?` | `boolean` | `false` | CORS allow credentials. | [aws/lib/config.ts:179](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L179) |
+| <a id="allowheaders"></a> `allowHeaders?` | `string`[] | `["*"]` | CORS allow headers. | [aws/lib/config.ts:186](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L186) |
+| <a id="allowmethods"></a> `allowMethods?` | `CorsHttpMethod`[] | `[CorsHttpMethod.ANY]` | CORS allow methods. | [aws/lib/config.ts:193](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L193) |
+| <a id="alloworigins"></a> `allowOrigins?` | `string`[] | `["*"]` | CORS allow origins. | [aws/lib/config.ts:200](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L200) |
+| <a id="exposeheaders"></a> `exposeHeaders?` | `string`[] | `["*"]` | CORS expose headers. | [aws/lib/config.ts:207](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L207) |
+| <a id="maxage"></a> `maxAge?` | `Duration` | `Duration.days(30)` | CORS max age. | [aws/lib/config.ts:214](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L214) |
+
+***
+
+## HtsgetConfig
+
+Defined in: [aws/lib/config.ts:221](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L221)
+
+Configuration for the htsget-rs server. This allows specifying the options
+available in the htsget-rs config: https://github.com/umccr/htsget-rs/tree/main/htsget-config
+
+### Properties
+
+| Property | Type | Default value | Description | Defined in |
+| ------ | ------ | ------ | ------ | ------ |
+| <a id="environment_override"></a> `environment_override?` | `Record`\<`string`, `unknown`\> | `undefined` | Any additional htsget-rs options can be specified here as environment variables. These will override any options set in this construct, and allows using advanced configuration. Options here should contain the `HTSGET_` prefix. | [aws/lib/config.ts:247](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L247) |
+| <a id="locations"></a> `locations?` | [`HtsgetLocation`](#htsgetlocation)[] | `[]` | The locations for the htsget-rs server. This is the same as the htsget-rs config locations: https://github.com/umccr/htsget-rs/tree/main/htsget-config#quickstart Any `s3://...` locations will automatically be added to the bucket access policy. | [aws/lib/config.ts:230](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L230) |
+| <a id="service_info"></a> `service_info?` | `Record`\<`string`, `unknown`\> | `undefined` | Service info fields to configure for the server. This is the same as the htsget-rs config service_info: https://github.com/umccr/htsget-rs/tree/main/htsget-config#service-info-config | [aws/lib/config.ts:238](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L238) |
+
+***
+
+## HtsgetLambdaProps
+
+Defined in: [aws/lib/config.ts:10](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L10)
+
+Settings related to the htsget lambda construct props.
+
+### Properties
+
+| Property | Type | Default value | Description | Defined in |
+| ------ | ------ | ------ | ------ | ------ |
+| <a id="bucketname"></a> `bucketName?` | `string` | `undefined` | The name of the bucket to create when using `copyTestData`. Defaults to the auto-generated CDK construct name. | [aws/lib/config.ts:86](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L86) |
+| <a id="buildenvironment"></a> `buildEnvironment?` | `Record`\<`string`, `string`\> | `undefined` | Override the environment variables used to build htsget. Note that this only adds environment variables that get used to build htsget-rs with `cargo`. It has no effect on the environment variables that htsget-rs has when the Lambda function is deployed. In general, leave this undefined unless there is a specific reason to override the build environment. | [aws/lib/config.ts:148](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L148) |
+| <a id="cargolambdaflags"></a> `cargoLambdaFlags?` | `string`[] | `undefined` | Override any cargo lambda flags for the build. By default, features are resolved automatically based on the config and `HtsgetLocation[]`. This option overrides that and any automatically added flags. | [aws/lib/config.ts:68](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L68) |
+| <a id="certificatearn"></a> `certificateArn?` | `string` | `undefined` | The arn of the certificate to use. This will not create a `Certificate` if specified, and will instead lookup an existing one. | [aws/lib/config.ts:116](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L116) |
+| <a id="copytestdata"></a> `copyTestData?` | `boolean` | `false` | Copy the test data directory to a new bucket: https://github.com/umccr/htsget-rs/tree/main/data Also copies the Crypt4GH keys to Secrets Manager. Automatically the htsget-rs server access to the bucket and secrets using the locations config. | [aws/lib/config.ts:79](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L79) |
+| <a id="cors"></a> `cors?` | [`CorsConifg`](#corsconifg) | same as the `CorsConfig` defaults | CORS configuration for the htsget-rs server. Values here are propagated to CORS options in htsget-rs. | [aws/lib/config.ts:45](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L45) |
+| <a id="domain"></a> `domain?` | `string` | `undefined` | The domain name for the htsget server. This must be specified if `httpApi` is not set. This assumes that a `HostedZone` exists for this domain. | [aws/lib/config.ts:24](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L24) |
+| <a id="functionname"></a> `functionName?` | `string` | `undefined` | The name of the Lambda function. Defaults to the auto-generated CDK construct name. | [aws/lib/config.ts:93](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L93) |
+| <a id="gitforceclone"></a> `gitForceClone?` | `boolean` | `false` | Whether to force a git clone for every build. If this is false, then the git repo is only cloned once for every git reference in a temporary directory. Otherwise, the repo is cloned every time. | [aws/lib/config.ts:60](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L60) |
+| <a id="gitreference"></a> `gitReference?` | `string` | `"main"` | The git reference to fetch from the htsget-rs repo. | [aws/lib/config.ts:52](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L52) |
+| <a id="hostedzone"></a> `hostedZone?` | `IHostedZone` | `undefined` | Use the provided hosted zone instead of looking it up from the domain name. | [aws/lib/config.ts:123](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L123) |
+| <a id="htsgetconfig-1"></a> `htsgetConfig?` | [`HtsgetConfig`](#htsgetconfig) | `undefined` | The htsget-rs config options. Use this to specify any locations and htsget-rs options. | [aws/lib/config.ts:16](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L16) |
+| <a id="httpapi"></a> `httpApi?` | `IHttpApi` | `undefined` | Manually specify an `HttpApi`. This will not create a `HostedZone`, any Route53 records, certificates, or authorizers, and will instead rely on the existing `HttpApi`. | [aws/lib/config.ts:108](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L108) |
+| <a id="jwt"></a> `jwt?` | [`JwtConfig`](#jwtconfig) | `undefined`, defaults to a public deployment | Whether this deployment is gated behind a JWT authorizer, or if its public. | [aws/lib/config.ts:38](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L38) |
+| <a id="role"></a> `role?` | `IRole` | `undefined` | Use the provided role instead of creating one. This will ignore any configuration related to permissions for buckets and secrets, and rely on the existing role. | [aws/lib/config.ts:131](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L131) |
+| <a id="rolename"></a> `roleName?` | `string` | `undefined` | The name of the role for the Lambda function. Defaults to the auto-generated CDK construct name. | [aws/lib/config.ts:138](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L138) |
+| <a id="subdomain"></a> `subDomain?` | `string` | `"htsget"` | The domain name prefix to use for the htsget-rs server. | [aws/lib/config.ts:31](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L31) |
+| <a id="vpc"></a> `vpc?` | `IVpc` | `undefined` | Optionally specify a VPC for the Lambda function. | [aws/lib/config.ts:100](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L100) |
+
+***
+
+## HtsgetLocation
+
+Defined in: [aws/lib/config.ts:253](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L253)
+
+Config for locations.
+
+### Properties
+
+| Property | Type | Default value | Description | Defined in |
+| ------ | ------ | ------ | ------ | ------ |
+| <a id="location"></a> `location` | `string` | `undefined` | The location string. | [aws/lib/config.ts:257](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L257) |
+| <a id="private_key"></a> `private_key?` | `string` | `undefined` | Optional Crypt4GH private key secret ARN or name. | [aws/lib/config.ts:263](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L263) |
+| <a id="public_key"></a> `public_key?` | `string` | `undefined` | Optional Crypt4GH public key secret ARN or name. | [aws/lib/config.ts:269](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L269) |
+
+***
+
+## JwtConfig
+
+Defined in: [aws/lib/config.ts:154](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L154)
+
+JWT authorization settings.
+
+### Properties
+
+| Property | Type | Default value | Description | Defined in |
+| ------ | ------ | ------ | ------ | ------ |
+| <a id="audience"></a> `audience?` | `string`[] | `[]` | The JWT audience. | [aws/lib/config.ts:160](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L160) |
+| <a id="coguserpoolid"></a> `cogUserPoolId?` | `string` | `undefined`, creates a new user pool | The cognito user pool id for the authorizer. If this is not set, then a new user pool is created. | [aws/lib/config.ts:167](https://github.com/umccr/htsget-deploy/blob/main/aws/lib/config.ts#L167) |

package/docs/examples/CROSS_ACCOUNT_SETUP.md

@@ -0,0 +1,88 @@
+# Cross account setup
+
+The Lambda function for htsget-rs can be set-up to be updated from a different account than the one containing the
+CDK infrastructure.
+
+To do this, the [aws-lambda-deploy] action can be used.
+
+[aws-lambda-deploy]: https://github.com/aws-actions/aws-lambda-deploy
+
+## Process
+
+Deploy the htsget infrastructure code to the target account that should contain the infrastructure, using `npx cdk deploy`.
+
+After deploying, verify that the server is reachable: `curl https://<domain>/reads/service-info`.
+
+Then, create a policy in the target account with the following permissions, matching the [aws-lambda-deploy] action, and
+allowing access to the bucket created by the infrastructure.
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "LambdaDeployPermissions",
+      "Effect": "Allow",
+      "Action": [
+        "lambda:GetFunctionConfiguration",
+        "lambda:CreateFunction",
+        "lambda:UpdateFunctionCode",
+        "lambda:UpdateFunctionConfiguration",
+        "lambda:PublishVersion"
+      ],
+      "Resource": "arn:aws:lambda:<region>:<account>:function:<function_name>"
+    },
+    {
+      "Sid":"PassRolesDefinition",
+      "Effect":"Allow",
+      "Action":[
+        "iam:PassRole"
+      ],
+      "Resource":[
+        "arn:aws:iam::<account>:role/<function_execution_role_name>"
+      ]
+    },
+    {
+      "Sid":"S3Access",
+      "Effect":"Allow",
+      "Action":[
+        "s3:ListBucket*",
+        "s3:PutObject*",
+        "s3:GetObject*"
+      ],
+      "Resource":[
+        "arn:aws:s3:::<bucket_name>"
+      ]
+    }
+  ]
+}
+```
+
+Then, create a role that has a trust policy for the delegated account, and the permissions of the policy created above,
+optionally add an external id:
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "sts:AssumeRole",
+            "Principal": {
+                "AWS": "<delegated_account>"
+            },
+            "Condition": {
+                "StringEquals": {
+                    "sts:ExternalId": "<external_id>"
+                }
+            }
+        }
+    ]
+}
+```
+
+To test that the setup works, attempt to update the Lambda function from the delegated account:
+
+```sh
+aws lambda get-function-configuration --function-name <function_name>
+```

package/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./lib/htsget-lambda";
+export * from "./lib/config";

package/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./lib/htsget-lambda"), exports);
+__exportStar(require("./lib/config"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsc0RBQW9DO0FBQ3BDLCtDQUE2QiIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCAqIGZyb20gXCIuL2xpYi9odHNnZXQtbGFtYmRhXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9saWIvY29uZmlnXCI7XG4iXX0=

package/index.ts

@@ -0,0 +1,2 @@
+export * from "./lib/htsget-lambda";
+export * from "./lib/config";