@vyriy/stack 0.1.9

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Vyriy contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,102 @@
+# @vyriy/stack
+
+AWS CDK stack helpers for Vyriy projects.
+
+## Purpose
+
+This package keeps small, reusable CDK construction helpers close to the AWS primitives they wrap. The helpers are intentionally thin: they provide calm defaults for common Vyriy infrastructure while leaving the full CDK prop objects available to callers.
+
+## API
+
+- `s3.createBucket(scope, id, props?)` creates a private S3 bucket with static-site-friendly defaults.
+- `cf.createDefaultBehavior(bucket, options?)` creates a CloudFront S3 origin behavior that redirects viewers to HTTPS.
+- `cf.createWebsiteRedirectBehavior(bucket, options?)` creates a CloudFront behavior for an S3 website redirect bucket.
+- `cf.createCloudFrontFunction(scope, id, props)` creates a CloudFront Function from inline JavaScript source.
+- `cf.createDistribution(scope, id, props)` creates a CloudFront distribution.
+- `route53.getHostedZone(scope, id, props)` looks up an existing Route 53 hosted zone.
+- `route53.createARecord(scope, id, props)` creates a Route 53 A record.
+- `route53.createCloudFrontTarget(distribution)` creates a Route 53 alias target for CloudFront.
+- `acm.createCertificate(scope, id, props)` creates an ACM certificate.
+- `deployment.createBucketDeployment(scope, id, props)` deploys files to S3 with a `512` MB default memory limit.
+- `deployment.createImmutableCacheControl(days?)` creates long-lived immutable cache-control headers.
+- `deployment.Source` and `deployment.CacheControl` are re-exported from `aws-cdk-lib/aws-s3-deployment`.
+
+## Static Site Example
+
+This example wires the package helpers into a static website stack:
+
+- find an existing hosted zone
+- create a private S3 bucket for `vyriy.dev`
+- create a redirect S3 bucket for `www.vyriy.dev`
+- create a DNS-validated ACM certificate
+- create one CloudFront distribution for the main site
+- create one CloudFront distribution for the `www` redirect
+- create Route 53 alias records
+- deploy local site files into the main bucket and invalidate CloudFront
+
+CloudFront requires ACM certificates for custom aliases to be in `us-east-1`, so deploy this stack in `us-east-1` or split the certificate into a dedicated us-east-1 stack.
+
+```ts
+import { CfnOutput, Stack, type StackProps } from 'aws-cdk-lib';
+import type { Construct } from 'constructs';
+
+import { stack } from '@vyriy/cdk';
+import { acm, cf, deployment, route53, s3 } from '@vyriy/stack';
+import { path } from '@vyriy/path';
+
+stack(
+  class StaticSiteStack extends Stack {
+    constructor(scope: Construct, id: string, props?: StackProps) {
+      super(scope, id, props);
+
+      const domain = 'site.com';
+
+      const hostedZone = route53.getHostedZone(this, 'HostedZone', {
+        domainName: domain,
+      });
+
+      const bucket = s3.createBucket(this, 'Bucket', {
+        bucketName: domain,
+      });
+
+      const certificate = acm.createCertificate(this, 'Certificate', {
+        domainName: domain,
+        subjectAlternativeNames: [`*.${domain}`],
+        validation: acm.CertificateValidation.fromDns(hostedZone),
+      });
+
+      const distribution = cf.createDistribution(this, 'Distribution', {
+        certificate,
+        defaultBehavior: cf.createDefaultBehavior(bucket),
+        defaultRootObject: 'index.html',
+        domainNames: [domain],
+        errorResponses: [
+          {
+            httpStatus: 403,
+            responseHttpStatus: 404,
+            responsePagePath: '/404.html',
+          },
+          {
+            httpStatus: 404,
+            responseHttpStatus: 404,
+            responsePagePath: '/404.html',
+          },
+        ],
+      });
+
+      route53.createARecord(this, 'RootRecord', {
+        target: route53.createCloudFrontTarget(distribution),
+        zone: hostedZone,
+      });
+
+      deployment.createBucketDeployment(this, 'DeploySite', {
+        cacheControl: deployment.createImmutableCacheControl(),
+        destinationBucket: bucket,
+        distribution,
+        distributionPaths: ['/*'],
+        sources: [deployment.Source.asset(path('dist'))],
+      });
+    }
+  },
+);
+```

package/certificatemanager/index.d.ts

@@ -0,0 +1,4 @@
+import { Construct } from 'constructs';
+import { Certificate, CertificateProps, CertificateValidation } from 'aws-cdk-lib/aws-certificatemanager';
+export { CertificateValidation };
+export declare const createCertificate: (scope: Construct, id: string, props: CertificateProps) => Certificate;

package/certificatemanager/index.js

@@ -0,0 +1,3 @@
+import { Certificate, CertificateValidation } from 'aws-cdk-lib/aws-certificatemanager';
+export { CertificateValidation };
+export const createCertificate = (scope, id, props) => new Certificate(scope, id, props);

package/cloudfront/index.d.ts

@@ -0,0 +1,42 @@
+import { Construct } from 'constructs';
+import { AddBehaviorOptions, Distribution, DistributionProps, Function as CloudFrontFunction, FunctionEventType, FunctionProps, OriginProtocolPolicy, ViewerProtocolPolicy } from 'aws-cdk-lib/aws-cloudfront';
+import { HttpOrigin } from 'aws-cdk-lib/aws-cloudfront-origins';
+import { Bucket } from 'aws-cdk-lib/aws-s3';
+export { FunctionEventType, OriginProtocolPolicy, ViewerProtocolPolicy };
+export interface CreateCloudFrontFunctionProps extends Omit<FunctionProps, 'code'> {
+    readonly code: string;
+}
+export declare const createDistribution: (scope: Construct, id: string, props: DistributionProps) => Distribution;
+export declare const createCloudFrontFunction: (scope: Construct, id: string, props: CreateCloudFrontFunctionProps) => CloudFrontFunction;
+export declare const createDefaultBehavior: (bucket: Bucket, options?: AddBehaviorOptions) => {
+    allowedMethods?: import("aws-cdk-lib/aws-cloudfront").AllowedMethods;
+    cachedMethods?: import("aws-cdk-lib/aws-cloudfront").CachedMethods;
+    cachePolicy?: import("aws-cdk-lib/aws-cloudfront").ICachePolicyRef;
+    compress?: boolean;
+    originRequestPolicy?: import("aws-cdk-lib/aws-cloudfront").IOriginRequestPolicyRef;
+    realtimeLogConfig?: import("aws-cdk-lib/aws-cloudfront").IRealtimeLogConfigRef;
+    responseHeadersPolicy?: import("aws-cdk-lib/aws-cloudfront").IResponseHeadersPolicyRef;
+    smoothStreaming?: boolean;
+    viewerProtocolPolicy: ViewerProtocolPolicy;
+    functionAssociations?: import("aws-cdk-lib/aws-cloudfront").FunctionAssociation[];
+    edgeLambdas?: import("aws-cdk-lib/aws-cloudfront").EdgeLambda[];
+    trustedKeyGroups?: import("aws-cdk-lib/aws-cloudfront").IKeyGroupRef[];
+    enableGrpc?: boolean;
+    origin: import("aws-cdk-lib/aws-cloudfront").IOrigin;
+};
+export declare const createWebsiteRedirectBehavior: (bucket: Bucket, options?: AddBehaviorOptions) => {
+    allowedMethods?: import("aws-cdk-lib/aws-cloudfront").AllowedMethods;
+    cachedMethods?: import("aws-cdk-lib/aws-cloudfront").CachedMethods;
+    cachePolicy?: import("aws-cdk-lib/aws-cloudfront").ICachePolicyRef;
+    compress?: boolean;
+    originRequestPolicy?: import("aws-cdk-lib/aws-cloudfront").IOriginRequestPolicyRef;
+    realtimeLogConfig?: import("aws-cdk-lib/aws-cloudfront").IRealtimeLogConfigRef;
+    responseHeadersPolicy?: import("aws-cdk-lib/aws-cloudfront").IResponseHeadersPolicyRef;
+    smoothStreaming?: boolean;
+    viewerProtocolPolicy: ViewerProtocolPolicy;
+    functionAssociations?: import("aws-cdk-lib/aws-cloudfront").FunctionAssociation[];
+    edgeLambdas?: import("aws-cdk-lib/aws-cloudfront").EdgeLambda[];
+    trustedKeyGroups?: import("aws-cdk-lib/aws-cloudfront").IKeyGroupRef[];
+    enableGrpc?: boolean;
+    origin: HttpOrigin;
+};

package/cloudfront/index.js

@@ -0,0 +1,20 @@
+import { Distribution, Function as CloudFrontFunction, FunctionCode, FunctionEventType, OriginProtocolPolicy, ViewerProtocolPolicy, } from 'aws-cdk-lib/aws-cloudfront';
+import { HttpOrigin, S3BucketOrigin } from 'aws-cdk-lib/aws-cloudfront-origins';
+export { FunctionEventType, OriginProtocolPolicy, ViewerProtocolPolicy };
+export const createDistribution = (scope, id, props) => new Distribution(scope, id, props);
+export const createCloudFrontFunction = (scope, id, props) => new CloudFrontFunction(scope, id, {
+    ...props,
+    code: FunctionCode.fromInline(props.code),
+});
+export const createDefaultBehavior = (bucket, options = {}) => ({
+    origin: S3BucketOrigin.withOriginAccessControl(bucket),
+    viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+    ...options,
+});
+export const createWebsiteRedirectBehavior = (bucket, options = {}) => ({
+    origin: new HttpOrigin(bucket.bucketWebsiteDomainName, {
+        protocolPolicy: OriginProtocolPolicy.HTTP_ONLY,
+    }),
+    viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+    ...options,
+});

package/deployment/index.d.ts

@@ -0,0 +1,5 @@
+import { Construct } from 'constructs';
+import { BucketDeployment, BucketDeploymentProps, CacheControl, Source } from 'aws-cdk-lib/aws-s3-deployment';
+export { Source, CacheControl };
+export declare const createBucketDeployment: (scope: Construct, id: string, props: BucketDeploymentProps) => BucketDeployment;
+export declare const createImmutableCacheControl: (days?: number) => CacheControl[];

package/deployment/index.js

@@ -0,0 +1,12 @@
+import { Duration } from 'aws-cdk-lib';
+import { BucketDeployment, CacheControl, Source } from 'aws-cdk-lib/aws-s3-deployment';
+export { Source, CacheControl };
+export const createBucketDeployment = (scope, id, props) => new BucketDeployment(scope, id, {
+    memoryLimit: 512,
+    ...props,
+});
+export const createImmutableCacheControl = (days = 365) => [
+    CacheControl.setPublic(),
+    CacheControl.maxAge(Duration.days(days)),
+    CacheControl.immutable(),
+];

package/index.d.ts

@@ -0,0 +1,5 @@
+export * as acm from './certificatemanager/index.js';
+export * as cf from './cloudfront/index.js';
+export * as deployment from './deployment/index.js';
+export * as route53 from './route53/index.js';
+export * as s3 from './s3/index.js';

package/index.js

@@ -0,0 +1,5 @@
+export * as acm from './certificatemanager/index.js';
+export * as cf from './cloudfront/index.js';
+export * as deployment from './deployment/index.js';
+export * as route53 from './route53/index.js';
+export * as s3 from './s3/index.js';

package/package.json

@@ -0,0 +1,80 @@
+{
+  "name": "@vyriy/stack",
+  "version": "0.1.9",
+  "description": "AWS CDK stack helpers for Vyriy infrastructure",
+  "type": "module",
+  "main": "./index.js",
+  "dependencies": {
+    "aws-cdk-lib": "^2.253.1",
+    "constructs": "^10.6.0"
+  },
+  "license": "MIT",
+  "types": "./index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./index.js",
+      "default": "./index.js"
+    },
+    "./certificatemanager/index": {
+      "types": "./certificatemanager/index.d.ts",
+      "import": "./certificatemanager/index.js",
+      "default": "./certificatemanager/index.js"
+    },
+    "./certificatemanager/index.js": {
+      "types": "./certificatemanager/index.d.ts",
+      "import": "./certificatemanager/index.js",
+      "default": "./certificatemanager/index.js"
+    },
+    "./cloudfront/index": {
+      "types": "./cloudfront/index.d.ts",
+      "import": "./cloudfront/index.js",
+      "default": "./cloudfront/index.js"
+    },
+    "./cloudfront/index.js": {
+      "types": "./cloudfront/index.d.ts",
+      "import": "./cloudfront/index.js",
+      "default": "./cloudfront/index.js"
+    },
+    "./deployment/index": {
+      "types": "./deployment/index.d.ts",
+      "import": "./deployment/index.js",
+      "default": "./deployment/index.js"
+    },
+    "./deployment/index.js": {
+      "types": "./deployment/index.d.ts",
+      "import": "./deployment/index.js",
+      "default": "./deployment/index.js"
+    },
+    "./index": {
+      "types": "./index.d.ts",
+      "import": "./index.js",
+      "default": "./index.js"
+    },
+    "./index.js": {
+      "types": "./index.d.ts",
+      "import": "./index.js",
+      "default": "./index.js"
+    },
+    "./route53/index": {
+      "types": "./route53/index.d.ts",
+      "import": "./route53/index.js",
+      "default": "./route53/index.js"
+    },
+    "./route53/index.js": {
+      "types": "./route53/index.d.ts",
+      "import": "./route53/index.js",
+      "default": "./route53/index.js"
+    },
+    "./s3/index": {
+      "types": "./s3/index.d.ts",
+      "import": "./s3/index.js",
+      "default": "./s3/index.js"
+    },
+    "./s3/index.js": {
+      "types": "./s3/index.d.ts",
+      "import": "./s3/index.js",
+      "default": "./s3/index.js"
+    }
+  }
+}

package/route53/index.d.ts

@@ -0,0 +1,7 @@
+import { Construct } from 'constructs';
+import { Distribution } from 'aws-cdk-lib/aws-cloudfront';
+import { HostedZoneProviderProps, ARecord, ARecordProps, RecordTarget } from 'aws-cdk-lib/aws-route53';
+export { RecordTarget };
+export declare const getHostedZone: (scope: Construct, id: string, props: HostedZoneProviderProps) => import("aws-cdk-lib/aws-route53").IHostedZone;
+export declare const createARecord: (scope: Construct, id: string, props: ARecordProps) => ARecord;
+export declare const createCloudFrontTarget: (distribution: Distribution) => RecordTarget;

package/route53/index.js

@@ -0,0 +1,6 @@
+import { HostedZone, ARecord, RecordTarget } from 'aws-cdk-lib/aws-route53';
+import { CloudFrontTarget } from 'aws-cdk-lib/aws-route53-targets';
+export { RecordTarget };
+export const getHostedZone = (scope, id, props) => HostedZone.fromLookup(scope, id, props);
+export const createARecord = (scope, id, props) => new ARecord(scope, id, props);
+export const createCloudFrontTarget = (distribution) => RecordTarget.fromAlias(new CloudFrontTarget(distribution));

package/s3/index.d.ts

@@ -0,0 +1,4 @@
+import { Construct } from 'constructs';
+import { Bucket, BucketProps, RedirectProtocol } from 'aws-cdk-lib/aws-s3';
+export { RedirectProtocol };
+export declare const createBucket: (scope: Construct, id: string, props?: BucketProps) => Bucket;

package/s3/index.js

@@ -0,0 +1,22 @@
+import { RemovalPolicy } from 'aws-cdk-lib';
+import { BlockPublicAccess, Bucket, HttpMethods, BucketEncryption, RedirectProtocol, } from 'aws-cdk-lib/aws-s3';
+export { RedirectProtocol };
+export const createBucket = (scope, id, props = {}) => {
+    const bucketProps = {
+        removalPolicy: RemovalPolicy.DESTROY,
+        autoDeleteObjects: true,
+        versioned: false,
+        publicReadAccess: false,
+        blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
+        cors: [
+            {
+                allowedMethods: [HttpMethods.GET, HttpMethods.HEAD],
+                allowedOrigins: ['*'],
+                allowedHeaders: ['*'],
+            },
+        ],
+        encryption: BucketEncryption.S3_MANAGED,
+        ...props,
+    };
+    return new Bucket(scope, id, bucketProps);
+};