cdk-dms-replication 0.0.0

package/lib/replication-instance.js

@@ -0,0 +1,93 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DmsReplicationInstance = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const cdk = require("aws-cdk-lib");
+const dms = require("aws-cdk-lib/aws-dms");
+const ec2 = require("aws-cdk-lib/aws-ec2");
+const kms = require("aws-cdk-lib/aws-kms");
+const constructs_1 = require("constructs");
+const enums_1 = require("./enums");
+/**
+ * An L2-style construct that provisions a DMS replication instance with:
+ * - Private subnet placement via a dedicated subnet group
+ * - KMS encryption at rest (key created if not provided)
+ * - A dedicated security group (created if not provided)
+ */
+class DmsReplicationInstance extends constructs_1.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        // -----------------------------------------------------------------------
+        // KMS key
+        // -----------------------------------------------------------------------
+        this.encryptionKey =
+            props.kmsKey ??
+                new kms.Key(this, 'EncryptionKey', {
+                    description: `DMS replication instance encryption key for ${id}`,
+                    enableKeyRotation: true,
+                    removalPolicy: props.removalPolicy ?? cdk.RemovalPolicy.DESTROY,
+                });
+        // -----------------------------------------------------------------------
+        // Security group
+        // -----------------------------------------------------------------------
+        const provided = props.securityGroups ?? [];
+        if (provided.length === 0) {
+            const sg = new ec2.SecurityGroup(this, 'SecurityGroup', {
+                vpc: props.vpc,
+                description: `DMS replication instance security group for ${id}`,
+                allowAllOutbound: true,
+            });
+            this.securityGroup = sg;
+        }
+        else {
+            this.securityGroup = provided[0];
+        }
+        const securityGroupIds = provided.length > 0
+            ? provided.map((sg) => sg.securityGroupId)
+            : [this.securityGroup.securityGroupId];
+        // -----------------------------------------------------------------------
+        // Subnet group
+        // -----------------------------------------------------------------------
+        const subnetSelection = props.vpcSubnets ?? {
+            subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
+        };
+        const subnets = props.vpc.selectSubnets(subnetSelection);
+        this.subnetGroup = new dms.CfnReplicationSubnetGroup(this, 'SubnetGroup', {
+            replicationSubnetGroupDescription: `DMS subnet group for ${id}`,
+            subnetIds: subnets.subnetIds,
+        });
+        // -----------------------------------------------------------------------
+        // Replication instance
+        // -----------------------------------------------------------------------
+        const instanceIdentifier = props.replicationInstanceIdentifier ?? cdk.Names.uniqueResourceName(this, { maxLength: 63 }).toLowerCase();
+        this.cfnReplicationInstance = new dms.CfnReplicationInstance(this, 'Resource', {
+            replicationInstanceClass: props.replicationInstanceClass ?? enums_1.ReplicationInstanceClass.R6I_LARGE,
+            replicationInstanceIdentifier: instanceIdentifier,
+            allocatedStorage: props.allocatedStorage ?? 100,
+            engineVersion: props.engineVersion,
+            kmsKeyId: this.encryptionKey.keyArn,
+            multiAz: props.multiAz ?? false,
+            publiclyAccessible: props.publiclyAccessible ?? false,
+            autoMinorVersionUpgrade: props.autoMinorVersionUpgrade ?? true,
+            replicationSubnetGroupIdentifier: this.subnetGroup.ref,
+            vpcSecurityGroupIds: securityGroupIds,
+            preferredMaintenanceWindow: props.preferredMaintenanceWindow,
+        });
+        this.cfnReplicationInstance.applyRemovalPolicy(props.removalPolicy ?? cdk.RemovalPolicy.DESTROY);
+        this.replicationInstanceArn = this.cfnReplicationInstance.ref;
+    }
+    /**
+     * Allow inbound access to the replication instance on a given port from a peer.
+     * Useful when the source or target database security group needs to trust the instance.
+     */
+    allowInboundFrom(peer, port, description) {
+        if (this.securityGroup instanceof ec2.SecurityGroup) {
+            this.securityGroup.addIngressRule(peer, port, description ?? 'Allow DMS replication instance');
+        }
+    }
+}
+exports.DmsReplicationInstance = DmsReplicationInstance;
+_a = JSII_RTTI_SYMBOL_1;
+DmsReplicationInstance[_a] = { fqn: "cdk-dms-replication.DmsReplicationInstance", version: "0.0.0" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVwbGljYXRpb24taW5zdGFuY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvcmVwbGljYXRpb24taW5zdGFuY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSxtQ0FBbUM7QUFDbkMsMkNBQTJDO0FBQzNDLDJDQUEyQztBQUMzQywyQ0FBMkM7QUFDM0MsMkNBQXVDO0FBQ3ZDLG1DQUFtRDtBQW9GbkQ7Ozs7O0dBS0c7QUFDSCxNQUFhLHNCQUF1QixTQUFRLHNCQUFTO0lBZ0JuRCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQWtDO1FBQzFFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsMEVBQTBFO1FBQzFFLFVBQVU7UUFDViwwRUFBMEU7UUFDMUUsSUFBSSxDQUFDLGFBQWE7WUFDaEIsS0FBSyxDQUFDLE1BQU07Z0JBQ1osSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLElBQUksRUFBRSxlQUFlLEVBQUU7b0JBQ2pDLFdBQVcsRUFBRSwrQ0FBK0MsRUFBRSxFQUFFO29CQUNoRSxpQkFBaUIsRUFBRSxJQUFJO29CQUN2QixhQUFhLEVBQUUsS0FBSyxDQUFDLGFBQWEsSUFBSSxHQUFHLENBQUMsYUFBYSxDQUFDLE9BQU87aUJBQ2hFLENBQUMsQ0FBQztRQUVMLDBFQUEwRTtRQUMxRSxpQkFBaUI7UUFDakIsMEVBQTBFO1FBQzFFLE1BQU0sUUFBUSxHQUFHLEtBQUssQ0FBQyxjQUFjLElBQUksRUFBRSxDQUFDO1FBQzVDLElBQUksUUFBUSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUMxQixNQUFNLEVBQUUsR0FBRyxJQUFJLEdBQUcsQ0FBQyxhQUFhLENBQUMsSUFBSSxFQUFFLGVBQWUsRUFBRTtnQkFDdEQsR0FBRyxFQUFFLEtBQUssQ0FBQyxHQUFHO2dCQUNkLFdBQVcsRUFBRSwrQ0FBK0MsRUFBRSxFQUFFO2dCQUNoRSxnQkFBZ0IsRUFBRSxJQUFJO2FBQ3ZCLENBQUMsQ0FBQztZQUNILElBQUksQ0FBQyxhQUFhLEdBQUcsRUFBRSxDQUFDO1FBQzFCLENBQUM7YUFBTSxDQUFDO1lBQ04sSUFBSSxDQUFDLGFBQWEsR0FBRyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDbkMsQ0FBQztRQUVELE1BQU0sZ0JBQWdCLEdBQUcsUUFBUSxDQUFDLE1BQU0sR0FBRyxDQUFDO1lBQzFDLENBQUMsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxFQUFFLENBQUMsZUFBZSxDQUFDO1lBQzFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsZUFBZSxDQUFDLENBQUM7UUFFekMsMEVBQTBFO1FBQzFFLGVBQWU7UUFDZiwwRUFBMEU7UUFDMUUsTUFBTSxlQUFlLEdBQUcsS0FBSyxDQUFDLFVBQVUsSUFBSTtZQUMxQyxVQUFVLEVBQUUsR0FBRyxDQUFDLFVBQVUsQ0FBQyxtQkFBbUI7U0FDL0MsQ0FBQztRQUNGLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsYUFBYSxDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBRXpELElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxHQUFHLENBQUMseUJBQXlCLENBQUMsSUFBSSxFQUFFLGFBQWEsRUFBRTtZQUN4RSxpQ0FBaUMsRUFBRSx3QkFBd0IsRUFBRSxFQUFFO1lBQy9ELFNBQVMsRUFBRSxPQUFPLENBQUMsU0FBUztTQUM3QixDQUFDLENBQUM7UUFFSCwwRUFBMEU7UUFDMUUsdUJBQXVCO1FBQ3ZCLDBFQUEwRTtRQUMxRSxNQUFNLGtCQUFrQixHQUN0QixLQUFLLENBQUMsNkJBQTZCLElBQUksR0FBRyxDQUFDLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLEVBQUUsRUFBRSxTQUFTLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUU3RyxJQUFJLENBQUMsc0JBQXNCLEdBQUcsSUFBSSxHQUFHLENBQUMsc0JBQXNCLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRTtZQUM3RSx3QkFBd0IsRUFBRSxLQUFLLENBQUMsd0JBQXdCLElBQUksZ0NBQXdCLENBQUMsU0FBUztZQUM5Riw2QkFBNkIsRUFBRSxrQkFBa0I7WUFDakQsZ0JBQWdCLEVBQUUsS0FBSyxDQUFDLGdCQUFnQixJQUFJLEdBQUc7WUFDL0MsYUFBYSxFQUFFLEtBQUssQ0FBQyxhQUFhO1lBQ2xDLFFBQVEsRUFBRSxJQUFJLENBQUMsYUFBYSxDQUFDLE1BQU07WUFDbkMsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPLElBQUksS0FBSztZQUMvQixrQkFBa0IsRUFBRSxLQUFLLENBQUMsa0JBQWtCLElBQUksS0FBSztZQUNyRCx1QkFBdUIsRUFBRSxLQUFLLENBQUMsdUJBQXVCLElBQUksSUFBSTtZQUM5RCxnQ0FBZ0MsRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUc7WUFDdEQsbUJBQW1CLEVBQUUsZ0JBQWdCO1lBQ3JDLDBCQUEwQixFQUFFLEtBQUssQ0FBQywwQkFBMEI7U0FDN0QsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLHNCQUFzQixDQUFDLGtCQUFrQixDQUM1QyxLQUFLLENBQUMsYUFBYSxJQUFJLEdBQUcsQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUNqRCxDQUFDO1FBRUYsSUFBSSxDQUFDLHNCQUFzQixHQUFHLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxHQUFHLENBQUM7SUFDaEUsQ0FBQztJQUVEOzs7T0FHRztJQUNILGdCQUFnQixDQUFDLElBQWUsRUFBRSxJQUFjLEVBQUUsV0FBb0I7UUFDcEUsSUFBSSxJQUFJLENBQUMsYUFBYSxZQUFZLEdBQUcsQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUNwRCxJQUFJLENBQUMsYUFBYSxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLFdBQVcsSUFBSSxnQ0FBZ0MsQ0FBQyxDQUFDO1FBQ2pHLENBQUM7SUFDSCxDQUFDOztBQWhHSCx3REFpR0MiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBjZGsgZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0ICogYXMgZG1zIGZyb20gJ2F3cy1jZGstbGliL2F3cy1kbXMnO1xuaW1wb3J0ICogYXMgZWMyIGZyb20gJ2F3cy1jZGstbGliL2F3cy1lYzInO1xuaW1wb3J0ICogYXMga21zIGZyb20gJ2F3cy1jZGstbGliL2F3cy1rbXMnO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5pbXBvcnQgeyBSZXBsaWNhdGlvbkluc3RhbmNlQ2xhc3MgfSBmcm9tICcuL2VudW1zJztcblxuLyoqIFByb3BzIGZvciB7QGxpbmsgRG1zUmVwbGljYXRpb25JbnN0YW5jZX0uICovXG5leHBvcnQgaW50ZXJmYWNlIERtc1JlcGxpY2F0aW9uSW5zdGFuY2VQcm9wcyB7XG4gIC8qKlxuICAgKiBJbnN0YW5jZSBjbGFzcyBmb3IgdGhlIHJlcGxpY2F0aW9uIGluc3RhbmNlLlxuICAgKiBAZGVmYXVsdCBSZXBsaWNhdGlvbkluc3RhbmNlQ2xhc3MuUjZJX0xBUkdFXG4gICAqL1xuICByZWFkb25seSByZXBsaWNhdGlvbkluc3RhbmNlQ2xhc3M/OiBSZXBsaWNhdGlvbkluc3RhbmNlQ2xhc3M7XG5cbiAgLyoqXG4gICAqIFZQQyBpbiB3aGljaCB0byBwbGFjZSB0aGUgcmVwbGljYXRpb24gaW5zdGFuY2UuXG4gICAqIFRoZSBjb25zdHJ1Y3QgY3JlYXRlcyBhIGRlZGljYXRlZCBzdWJuZXQgZ3JvdXAgZnJvbSB0aGUgcHJpdmF0ZSBzdWJuZXRzLlxuICAgKi9cbiAgcmVhZG9ubHkgdnBjOiBlYzIuSVZwYztcblxuICAvKipcbiAgICogU3BlY2lmaWMgc3VibmV0cyB0byB1c2UgZm9yIHRoZSByZXBsaWNhdGlvbiBzdWJuZXQgZ3JvdXAuXG4gICAqIERlZmF1bHRzIHRvIGFsbCBwcml2YXRlIHN1Ym5ldHMgaW4gdGhlIFZQQy5cbiAgICovXG4gIHJlYWRvbmx5IHZwY1N1Ym5ldHM/OiBlYzIuU3VibmV0U2VsZWN0aW9uO1xuXG4gIC8qKlxuICAgKiBTZWN1cml0eSBncm91cHMgdG8gYXR0YWNoIHRvIHRoZSByZXBsaWNhdGlvbiBpbnN0YW5jZS5cbiAgICogQSBuZXcgc2VjdXJpdHkgZ3JvdXAgaXMgY3JlYXRlZCBpZiBub25lIGFyZSBwcm92aWRlZC5cbiAgICovXG4gIHJlYWRvbmx5IHNlY3VyaXR5R3JvdXBzPzogZWMyLklTZWN1cml0eUdyb3VwW107XG5cbiAgLyoqXG4gICAqIEtNUyBrZXkgdXNlZCB0byBlbmNyeXB0IHRoZSByZXBsaWNhdGlvbiBpbnN0YW5jZSBzdG9yYWdlIGF0IHJlc3QuXG4gICAqIEEgbmV3IGtleSBpcyBjcmVhdGVkIGlmIG5vdCBwcm92aWRlZC5cbiAgICovXG4gIHJlYWRvbmx5IGttc0tleT86IGttcy5JS2V5O1xuXG4gIC8qKlxuICAgKiBBbGxvY2F0ZWQgc3RvcmFnZSBpbiBHQi5cbiAgICogQGRlZmF1bHQgMTAwXG4gICAqL1xuICByZWFkb25seSBhbGxvY2F0ZWRTdG9yYWdlPzogbnVtYmVyO1xuXG4gIC8qKlxuICAgKiBXaGV0aGVyIHRoZSByZXBsaWNhdGlvbiBpbnN0YW5jZSBpcyBNdWx0aS1BWi5cbiAgICogQGRlZmF1bHQgZmFsc2VcbiAgICovXG4gIHJlYWRvbmx5IG11bHRpQXo/OiBib29sZWFuO1xuXG4gIC8qKlxuICAgKiBXaGV0aGVyIHRoZSByZXBsaWNhdGlvbiBpbnN0YW5jZSBpcyBwdWJsaWNseSBhY2Nlc3NpYmxlLlxuICAgKiBTZXR0aW5nIHRoaXMgdG8gdHJ1ZSBpcyBzdHJvbmdseSBkaXNjb3VyYWdlZCBmb3IgcHJvZHVjdGlvbiB3b3JrbG9hZHMuXG4gICAqIEBkZWZhdWx0IGZhbHNlXG4gICAqL1xuICByZWFkb25seSBwdWJsaWNseUFjY2Vzc2libGU/OiBib29sZWFuO1xuXG4gIC8qKlxuICAgKiBXaGV0aGVyIHRvIGFsbG93IG1pbm9yIHZlcnNpb24gdXBncmFkZXMgdG8gYmUgYXBwbGllZCBhdXRvbWF0aWNhbGx5IGR1cmluZyBtYWludGVuYW5jZS5cbiAgICogQGRlZmF1bHQgdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgYXV0b01pbm9yVmVyc2lvblVwZ3JhZGU/OiBib29sZWFuO1xuXG4gIC8qKlxuICAgKiBQcmVmZXJyZWQgbWFpbnRlbmFuY2Ugd2luZG93LCBlLmcuIFwic3VuOjA0OjAwLXN1bjowNDozMFwiLlxuICAgKi9cbiAgcmVhZG9ubHkgcHJlZmVycmVkTWFpbnRlbmFuY2VXaW5kb3c/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFJlcGxpY2F0aW9uIGVuZ2luZSB2ZXJzaW9uLlxuICAgKiBAZGVmYXVsdCBsYXRlc3QgdmVyc2lvbiBhdmFpbGFibGUgaW4gdGhlIHJlZ2lvbiAoY2hvc2VuIGJ5IERNUylcbiAgICovXG4gIHJlYWRvbmx5IGVuZ2luZVZlcnNpb24/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIExvZ2ljYWwgbmFtZSBvZiB0aGUgcmVwbGljYXRpb24gaW5zdGFuY2UuXG4gICAqIFVzZWQgaW4gdGhlIHJlcGxpY2F0aW9uIGluc3RhbmNlIGlkZW50aWZpZXIgYW5kIHJlc291cmNlIG5hbWluZy5cbiAgICogQGRlZmF1bHQgaWQgb2YgdGhlIGNvbnN0cnVjdFxuICAgKi9cbiAgcmVhZG9ubHkgcmVwbGljYXRpb25JbnN0YW5jZUlkZW50aWZpZXI/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFJlbW92YWwgcG9saWN5IGFwcGxpZWQgdG8gdGhlIHJlcGxpY2F0aW9uIGluc3RhbmNlLlxuICAgKiBAZGVmYXVsdCBjZGsuUmVtb3ZhbFBvbGljeS5ERVNUUk9ZXG4gICAqL1xuICByZWFkb25seSByZW1vdmFsUG9saWN5PzogY2RrLlJlbW92YWxQb2xpY3k7XG59XG5cbi8qKlxuICogQW4gTDItc3R5bGUgY29uc3RydWN0IHRoYXQgcHJvdmlzaW9ucyBhIERNUyByZXBsaWNhdGlvbiBpbnN0YW5jZSB3aXRoOlxuICogLSBQcml2YXRlIHN1Ym5ldCBwbGFjZW1lbnQgdmlhIGEgZGVkaWNhdGVkIHN1Ym5ldCBncm91cFxuICogLSBLTVMgZW5jcnlwdGlvbiBhdCByZXN0IChrZXkgY3JlYXRlZCBpZiBub3QgcHJvdmlkZWQpXG4gKiAtIEEgZGVkaWNhdGVkIHNlY3VyaXR5IGdyb3VwIChjcmVhdGVkIGlmIG5vdCBwcm92aWRlZClcbiAqL1xuZXhwb3J0IGNsYXNzIERtc1JlcGxpY2F0aW9uSW5zdGFuY2UgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICAvKiogVGhlIHVuZGVybHlpbmcgQ2xvdWRGb3JtYXRpb24gcmVwbGljYXRpb24gaW5zdGFuY2UgcmVzb3VyY2UuICovXG4gIHJlYWRvbmx5IGNmblJlcGxpY2F0aW9uSW5zdGFuY2U6IGRtcy5DZm5SZXBsaWNhdGlvbkluc3RhbmNlO1xuXG4gIC8qKiBUaGUgcmVwbGljYXRpb24gc3VibmV0IGdyb3VwIGNyZWF0ZWQgZm9yIHRoaXMgaW5zdGFuY2UuICovXG4gIHJlYWRvbmx5IHN1Ym5ldEdyb3VwOiBkbXMuQ2ZuUmVwbGljYXRpb25TdWJuZXRHcm91cDtcblxuICAvKiogVGhlIEtNUyBrZXkgdXNlZCBmb3Igc3RvcmFnZSBlbmNyeXB0aW9uLiAqL1xuICByZWFkb25seSBlbmNyeXB0aW9uS2V5OiBrbXMuSUtleTtcblxuICAvKiogVGhlIHNlY3VyaXR5IGdyb3VwIGF0dGFjaGVkIHRvIHRoaXMgaW5zdGFuY2UuICovXG4gIHJlYWRvbmx5IHNlY3VyaXR5R3JvdXA6IGVjMi5JU2VjdXJpdHlHcm91cDtcblxuICAvKiogVGhlIHJlcGxpY2F0aW9uIGluc3RhbmNlIEFSTi4gKi9cbiAgcmVhZG9ubHkgcmVwbGljYXRpb25JbnN0YW5jZUFybjogc3RyaW5nO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBEbXNSZXBsaWNhdGlvbkluc3RhbmNlUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuXG4gICAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgICAvLyBLTVMga2V5XG4gICAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgICB0aGlzLmVuY3J5cHRpb25LZXkgPVxuICAgICAgcHJvcHMua21zS2V5ID8/XG4gICAgICBuZXcga21zLktleSh0aGlzLCAnRW5jcnlwdGlvbktleScsIHtcbiAgICAgICAgZGVzY3JpcHRpb246IGBETVMgcmVwbGljYXRpb24gaW5zdGFuY2UgZW5jcnlwdGlvbiBrZXkgZm9yICR7aWR9YCxcbiAgICAgICAgZW5hYmxlS2V5Um90YXRpb246IHRydWUsXG4gICAgICAgIHJlbW92YWxQb2xpY3k6IHByb3BzLnJlbW92YWxQb2xpY3kgPz8gY2RrLlJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICAgIH0pO1xuXG4gICAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgICAvLyBTZWN1cml0eSBncm91cFxuICAgIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4gICAgY29uc3QgcHJvdmlkZWQgPSBwcm9wcy5zZWN1cml0eUdyb3VwcyA/PyBbXTtcbiAgICBpZiAocHJvdmlkZWQubGVuZ3RoID09PSAwKSB7XG4gICAgICBjb25zdCBzZyA9IG5ldyBlYzIuU2VjdXJpdHlHcm91cCh0aGlzLCAnU2VjdXJpdHlHcm91cCcsIHtcbiAgICAgICAgdnBjOiBwcm9wcy52cGMsXG4gICAgICAgIGRlc2NyaXB0aW9uOiBgRE1TIHJlcGxpY2F0aW9uIGluc3RhbmNlIHNlY3VyaXR5IGdyb3VwIGZvciAke2lkfWAsXG4gICAgICAgIGFsbG93QWxsT3V0Ym91bmQ6IHRydWUsXG4gICAgICB9KTtcbiAgICAgIHRoaXMuc2VjdXJpdHlHcm91cCA9IHNnO1xuICAgIH0gZWxzZSB7XG4gICAgICB0aGlzLnNlY3VyaXR5R3JvdXAgPSBwcm92aWRlZFswXTtcbiAgICB9XG5cbiAgICBjb25zdCBzZWN1cml0eUdyb3VwSWRzID0gcHJvdmlkZWQubGVuZ3RoID4gMFxuICAgICAgPyBwcm92aWRlZC5tYXAoKHNnKSA9PiBzZy5zZWN1cml0eUdyb3VwSWQpXG4gICAgICA6IFt0aGlzLnNlY3VyaXR5R3JvdXAuc2VjdXJpdHlHcm91cElkXTtcblxuICAgIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4gICAgLy8gU3VibmV0IGdyb3VwXG4gICAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgICBjb25zdCBzdWJuZXRTZWxlY3Rpb24gPSBwcm9wcy52cGNTdWJuZXRzID8/IHtcbiAgICAgIHN1Ym5ldFR5cGU6IGVjMi5TdWJuZXRUeXBlLlBSSVZBVEVfV0lUSF9FR1JFU1MsXG4gICAgfTtcbiAgICBjb25zdCBzdWJuZXRzID0gcHJvcHMudnBjLnNlbGVjdFN1Ym5ldHMoc3VibmV0U2VsZWN0aW9uKTtcblxuICAgIHRoaXMuc3VibmV0R3JvdXAgPSBuZXcgZG1zLkNmblJlcGxpY2F0aW9uU3VibmV0R3JvdXAodGhpcywgJ1N1Ym5ldEdyb3VwJywge1xuICAgICAgcmVwbGljYXRpb25TdWJuZXRHcm91cERlc2NyaXB0aW9uOiBgRE1TIHN1Ym5ldCBncm91cCBmb3IgJHtpZH1gLFxuICAgICAgc3VibmV0SWRzOiBzdWJuZXRzLnN1Ym5ldElkcyxcbiAgICB9KTtcblxuICAgIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4gICAgLy8gUmVwbGljYXRpb24gaW5zdGFuY2VcbiAgICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAgIGNvbnN0IGluc3RhbmNlSWRlbnRpZmllciA9XG4gICAgICBwcm9wcy5yZXBsaWNhdGlvbkluc3RhbmNlSWRlbnRpZmllciA/PyBjZGsuTmFtZXMudW5pcXVlUmVzb3VyY2VOYW1lKHRoaXMsIHsgbWF4TGVuZ3RoOiA2MyB9KS50b0xvd2VyQ2FzZSgpO1xuXG4gICAgdGhpcy5jZm5SZXBsaWNhdGlvbkluc3RhbmNlID0gbmV3IGRtcy5DZm5SZXBsaWNhdGlvbkluc3RhbmNlKHRoaXMsICdSZXNvdXJjZScsIHtcbiAgICAgIHJlcGxpY2F0aW9uSW5zdGFuY2VDbGFzczogcHJvcHMucmVwbGljYXRpb25JbnN0YW5jZUNsYXNzID8/IFJlcGxpY2F0aW9uSW5zdGFuY2VDbGFzcy5SNklfTEFSR0UsXG4gICAgICByZXBsaWNhdGlvbkluc3RhbmNlSWRlbnRpZmllcjogaW5zdGFuY2VJZGVudGlmaWVyLFxuICAgICAgYWxsb2NhdGVkU3RvcmFnZTogcHJvcHMuYWxsb2NhdGVkU3RvcmFnZSA/PyAxMDAsXG4gICAgICBlbmdpbmVWZXJzaW9uOiBwcm9wcy5lbmdpbmVWZXJzaW9uLFxuICAgICAga21zS2V5SWQ6IHRoaXMuZW5jcnlwdGlvbktleS5rZXlBcm4sXG4gICAgICBtdWx0aUF6OiBwcm9wcy5tdWx0aUF6ID8/IGZhbHNlLFxuICAgICAgcHVibGljbHlBY2Nlc3NpYmxlOiBwcm9wcy5wdWJsaWNseUFjY2Vzc2libGUgPz8gZmFsc2UsXG4gICAgICBhdXRvTWlub3JWZXJzaW9uVXBncmFkZTogcHJvcHMuYXV0b01pbm9yVmVyc2lvblVwZ3JhZGUgPz8gdHJ1ZSxcbiAgICAgIHJlcGxpY2F0aW9uU3VibmV0R3JvdXBJZGVudGlmaWVyOiB0aGlzLnN1Ym5ldEdyb3VwLnJlZixcbiAgICAgIHZwY1NlY3VyaXR5R3JvdXBJZHM6IHNlY3VyaXR5R3JvdXBJZHMsXG4gICAgICBwcmVmZXJyZWRNYWludGVuYW5jZVdpbmRvdzogcHJvcHMucHJlZmVycmVkTWFpbnRlbmFuY2VXaW5kb3csXG4gICAgfSk7XG4gICAgdGhpcy5jZm5SZXBsaWNhdGlvbkluc3RhbmNlLmFwcGx5UmVtb3ZhbFBvbGljeShcbiAgICAgIHByb3BzLnJlbW92YWxQb2xpY3kgPz8gY2RrLlJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICApO1xuXG4gICAgdGhpcy5yZXBsaWNhdGlvbkluc3RhbmNlQXJuID0gdGhpcy5jZm5SZXBsaWNhdGlvbkluc3RhbmNlLnJlZjtcbiAgfVxuXG4gIC8qKlxuICAgKiBBbGxvdyBpbmJvdW5kIGFjY2VzcyB0byB0aGUgcmVwbGljYXRpb24gaW5zdGFuY2Ugb24gYSBnaXZlbiBwb3J0IGZyb20gYSBwZWVyLlxuICAgKiBVc2VmdWwgd2hlbiB0aGUgc291cmNlIG9yIHRhcmdldCBkYXRhYmFzZSBzZWN1cml0eSBncm91cCBuZWVkcyB0byB0cnVzdCB0aGUgaW5zdGFuY2UuXG4gICAqL1xuICBhbGxvd0luYm91bmRGcm9tKHBlZXI6IGVjMi5JUGVlciwgcG9ydDogZWMyLlBvcnQsIGRlc2NyaXB0aW9uPzogc3RyaW5nKTogdm9pZCB7XG4gICAgaWYgKHRoaXMuc2VjdXJpdHlHcm91cCBpbnN0YW5jZW9mIGVjMi5TZWN1cml0eUdyb3VwKSB7XG4gICAgICB0aGlzLnNlY3VyaXR5R3JvdXAuYWRkSW5ncmVzc1J1bGUocGVlciwgcG9ydCwgZGVzY3JpcHRpb24gPz8gJ0FsbG93IERNUyByZXBsaWNhdGlvbiBpbnN0YW5jZScpO1xuICAgIH1cbiAgfVxufVxuIl19

package/lib/replication-task.d.ts

@@ -0,0 +1,72 @@
+import * as cdk from 'aws-cdk-lib';
+import * as dms from 'aws-cdk-lib/aws-dms';
+import { Construct } from 'constructs';
+import { IDmsEndpoint } from './endpoint';
+import { MigrationType } from './enums';
+/** Props for {@link DmsReplicationTask}. */
+export interface DmsReplicationTaskProps {
+    /** ARN of the replication instance to use. */
+    readonly replicationInstanceArn: string;
+    /** Source endpoint. */
+    readonly sourceEndpoint: IDmsEndpoint;
+    /** Target endpoint. */
+    readonly targetEndpoint: IDmsEndpoint;
+    /** The migration type. */
+    readonly migrationType: MigrationType;
+    /**
+     * Table mappings JSON string.
+     * Use {@link TableMappings} to build this, or provide a raw JSON string.
+     *
+     * @example
+     * tableMappings: new TableMappings().includeSchema('public').toJson()
+     */
+    readonly tableMappings: string;
+    /**
+     * Task settings JSON string.
+     * Use {@link TaskSettings} to build this, or provide a raw JSON string.
+     * A sensible default is applied if not provided.
+     */
+    readonly taskSettings?: string;
+    /**
+     * Logical name for the replication task.
+     * Auto-generated from the construct ID if not provided.
+     */
+    readonly replicationTaskIdentifier?: string;
+    /**
+     * CDC start time as an ISO-8601 string or Unix epoch number.
+     * Only valid when migrationType is CDC or FULL_LOAD_AND_CDC.
+     * Mutually exclusive with cdcStartPosition.
+     */
+    readonly cdcStartTime?: string;
+    /**
+     * CDC start position (log sequence number or similar).
+     * Only valid when migrationType is CDC or FULL_LOAD_AND_CDC.
+     * Mutually exclusive with cdcStartTime.
+     */
+    readonly cdcStartPosition?: string;
+    /**
+     * CDC stop position.  The task stops once this position is reached.
+     * Only valid when migrationType is CDC or FULL_LOAD_AND_CDC.
+     */
+    readonly cdcStopPosition?: string;
+    /**
+     * Removal policy for this resource.
+     * @default cdk.RemovalPolicy.DESTROY
+     */
+    readonly removalPolicy?: cdk.RemovalPolicy;
+    /**
+     * Tags to apply to the task resource.
+     */
+    readonly tags?: cdk.CfnTag[];
+}
+/**
+ * A DMS replication task that ties a replication instance to a source and
+ * target endpoint and defines what data to migrate and how.
+ */
+export declare class DmsReplicationTask extends Construct {
+    /** The underlying CloudFormation replication task resource. */
+    readonly cfnReplicationTask: dms.CfnReplicationTask;
+    /** ARN of the replication task. */
+    readonly replicationTaskArn: string;
+    constructor(scope: Construct, id: string, props: DmsReplicationTaskProps);
+}

package/lib/replication-task.js

@@ -0,0 +1,46 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DmsReplicationTask = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const cdk = require("aws-cdk-lib");
+const dms = require("aws-cdk-lib/aws-dms");
+const constructs_1 = require("constructs");
+const task_settings_1 = require("./task-settings");
+/**
+ * A DMS replication task that ties a replication instance to a source and
+ * target endpoint and defines what data to migrate and how.
+ */
+class DmsReplicationTask extends constructs_1.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const taskIdentifier = props.replicationTaskIdentifier ??
+            cdk.Names.uniqueResourceName(this, { maxLength: 63 }).toLowerCase();
+        const taskSettings = props.taskSettings ?? new task_settings_1.TaskSettings().toJson();
+        // DMS expects cdcStartTime as a Unix epoch number (seconds since epoch)
+        let cdcStartTime;
+        if (props.cdcStartTime !== undefined) {
+            const parsed = Date.parse(props.cdcStartTime);
+            cdcStartTime = isNaN(parsed) ? Number(props.cdcStartTime) : Math.floor(parsed / 1000);
+        }
+        this.cfnReplicationTask = new dms.CfnReplicationTask(this, 'Resource', {
+            replicationInstanceArn: props.replicationInstanceArn,
+            sourceEndpointArn: props.sourceEndpoint.endpointArn,
+            targetEndpointArn: props.targetEndpoint.endpointArn,
+            migrationType: props.migrationType,
+            tableMappings: props.tableMappings,
+            replicationTaskSettings: taskSettings,
+            replicationTaskIdentifier: taskIdentifier,
+            cdcStartTime,
+            cdcStartPosition: props.cdcStartPosition,
+            cdcStopPosition: props.cdcStopPosition,
+            tags: props.tags,
+        });
+        this.cfnReplicationTask.applyRemovalPolicy(props.removalPolicy ?? cdk.RemovalPolicy.DESTROY);
+        this.replicationTaskArn = this.cfnReplicationTask.ref;
+    }
+}
+exports.DmsReplicationTask = DmsReplicationTask;
+_a = JSII_RTTI_SYMBOL_1;
+DmsReplicationTask[_a] = { fqn: "cdk-dms-replication.DmsReplicationTask", version: "0.0.0" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVwbGljYXRpb24tdGFzay5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9yZXBsaWNhdGlvbi10YXNrLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsbUNBQW1DO0FBQ25DLDJDQUEyQztBQUMzQywyQ0FBdUM7QUFJdkMsbURBQStDO0FBc0UvQzs7O0dBR0c7QUFDSCxNQUFhLGtCQUFtQixTQUFRLHNCQUFTO0lBTy9DLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBOEI7UUFDdEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLGNBQWMsR0FDbEIsS0FBSyxDQUFDLHlCQUF5QjtZQUMvQixHQUFHLENBQUMsS0FBSyxDQUFDLGtCQUFrQixDQUFDLElBQUksRUFBRSxFQUFFLFNBQVMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBRXRFLE1BQU0sWUFBWSxHQUFHLEtBQUssQ0FBQyxZQUFZLElBQUksSUFBSSw0QkFBWSxFQUFFLENBQUMsTUFBTSxFQUFFLENBQUM7UUFFdkUsd0VBQXdFO1FBQ3hFLElBQUksWUFBZ0MsQ0FBQztRQUNyQyxJQUFJLEtBQUssQ0FBQyxZQUFZLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDckMsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDOUMsWUFBWSxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLENBQUM7UUFDeEYsQ0FBQztRQUVELElBQUksQ0FBQyxrQkFBa0IsR0FBRyxJQUFJLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ3JFLHNCQUFzQixFQUFFLEtBQUssQ0FBQyxzQkFBc0I7WUFDcEQsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLGNBQWMsQ0FBQyxXQUFXO1lBQ25ELGlCQUFpQixFQUFFLEtBQUssQ0FBQyxjQUFjLENBQUMsV0FBVztZQUNuRCxhQUFhLEVBQUUsS0FBSyxDQUFDLGFBQWE7WUFDbEMsYUFBYSxFQUFFLEtBQUssQ0FBQyxhQUFhO1lBQ2xDLHVCQUF1QixFQUFFLFlBQVk7WUFDckMseUJBQXlCLEVBQUUsY0FBYztZQUN6QyxZQUFZO1lBQ1osZ0JBQWdCLEVBQUUsS0FBSyxDQUFDLGdCQUFnQjtZQUN4QyxlQUFlLEVBQUUsS0FBSyxDQUFDLGVBQWU7WUFDdEMsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO1NBQ2pCLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxrQkFBa0IsQ0FDeEMsS0FBSyxDQUFDLGFBQWEsSUFBSSxHQUFHLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FDakQsQ0FBQztRQUVGLElBQUksQ0FBQyxrQkFBa0IsR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDO0lBQ3hELENBQUM7O0FBMUNILGdEQTJDQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNkayBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgKiBhcyBkbXMgZnJvbSAnYXdzLWNkay1saWIvYXdzLWRtcyc7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcbmltcG9ydCB7IElEbXNFbmRwb2ludCB9IGZyb20gJy4vZW5kcG9pbnQnO1xuaW1wb3J0IHsgTWlncmF0aW9uVHlwZSB9IGZyb20gJy4vZW51bXMnO1xuaW1wb3J0IHsgVGFibGVNYXBwaW5ncyB9IGZyb20gJy4vdGFibGUtbWFwcGluZ3MnO1xuaW1wb3J0IHsgVGFza1NldHRpbmdzIH0gZnJvbSAnLi90YXNrLXNldHRpbmdzJztcblxuLyoqIFByb3BzIGZvciB7QGxpbmsgRG1zUmVwbGljYXRpb25UYXNrfS4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgRG1zUmVwbGljYXRpb25UYXNrUHJvcHMge1xuICAvKiogQVJOIG9mIHRoZSByZXBsaWNhdGlvbiBpbnN0YW5jZSB0byB1c2UuICovXG4gIHJlYWRvbmx5IHJlcGxpY2F0aW9uSW5zdGFuY2VBcm46IHN0cmluZztcblxuICAvKiogU291cmNlIGVuZHBvaW50LiAqL1xuICByZWFkb25seSBzb3VyY2VFbmRwb2ludDogSURtc0VuZHBvaW50O1xuXG4gIC8qKiBUYXJnZXQgZW5kcG9pbnQuICovXG4gIHJlYWRvbmx5IHRhcmdldEVuZHBvaW50OiBJRG1zRW5kcG9pbnQ7XG5cbiAgLyoqIFRoZSBtaWdyYXRpb24gdHlwZS4gKi9cbiAgcmVhZG9ubHkgbWlncmF0aW9uVHlwZTogTWlncmF0aW9uVHlwZTtcblxuICAvKipcbiAgICogVGFibGUgbWFwcGluZ3MgSlNPTiBzdHJpbmcuXG4gICAqIFVzZSB7QGxpbmsgVGFibGVNYXBwaW5nc30gdG8gYnVpbGQgdGhpcywgb3IgcHJvdmlkZSBhIHJhdyBKU09OIHN0cmluZy5cbiAgICpcbiAgICogQGV4YW1wbGVcbiAgICogdGFibGVNYXBwaW5nczogbmV3IFRhYmxlTWFwcGluZ3MoKS5pbmNsdWRlU2NoZW1hKCdwdWJsaWMnKS50b0pzb24oKVxuICAgKi9cbiAgcmVhZG9ubHkgdGFibGVNYXBwaW5nczogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUYXNrIHNldHRpbmdzIEpTT04gc3RyaW5nLlxuICAgKiBVc2Uge0BsaW5rIFRhc2tTZXR0aW5nc30gdG8gYnVpbGQgdGhpcywgb3IgcHJvdmlkZSBhIHJhdyBKU09OIHN0cmluZy5cbiAgICogQSBzZW5zaWJsZSBkZWZhdWx0IGlzIGFwcGxpZWQgaWYgbm90IHByb3ZpZGVkLlxuICAgKi9cbiAgcmVhZG9ubHkgdGFza1NldHRpbmdzPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBMb2dpY2FsIG5hbWUgZm9yIHRoZSByZXBsaWNhdGlvbiB0YXNrLlxuICAgKiBBdXRvLWdlbmVyYXRlZCBmcm9tIHRoZSBjb25zdHJ1Y3QgSUQgaWYgbm90IHByb3ZpZGVkLlxuICAgKi9cbiAgcmVhZG9ubHkgcmVwbGljYXRpb25UYXNrSWRlbnRpZmllcj86IHN0cmluZztcblxuICAvKipcbiAgICogQ0RDIHN0YXJ0IHRpbWUgYXMgYW4gSVNPLTg2MDEgc3RyaW5nIG9yIFVuaXggZXBvY2ggbnVtYmVyLlxuICAgKiBPbmx5IHZhbGlkIHdoZW4gbWlncmF0aW9uVHlwZSBpcyBDREMgb3IgRlVMTF9MT0FEX0FORF9DREMuXG4gICAqIE11dHVhbGx5IGV4Y2x1c2l2ZSB3aXRoIGNkY1N0YXJ0UG9zaXRpb24uXG4gICAqL1xuICByZWFkb25seSBjZGNTdGFydFRpbWU/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIENEQyBzdGFydCBwb3NpdGlvbiAobG9nIHNlcXVlbmNlIG51bWJlciBvciBzaW1pbGFyKS5cbiAgICogT25seSB2YWxpZCB3aGVuIG1pZ3JhdGlvblR5cGUgaXMgQ0RDIG9yIEZVTExfTE9BRF9BTkRfQ0RDLlxuICAgKiBNdXR1YWxseSBleGNsdXNpdmUgd2l0aCBjZGNTdGFydFRpbWUuXG4gICAqL1xuICByZWFkb25seSBjZGNTdGFydFBvc2l0aW9uPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBDREMgc3RvcCBwb3NpdGlvbi4gIFRoZSB0YXNrIHN0b3BzIG9uY2UgdGhpcyBwb3NpdGlvbiBpcyByZWFjaGVkLlxuICAgKiBPbmx5IHZhbGlkIHdoZW4gbWlncmF0aW9uVHlwZSBpcyBDREMgb3IgRlVMTF9MT0FEX0FORF9DREMuXG4gICAqL1xuICByZWFkb25seSBjZGNTdG9wUG9zaXRpb24/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFJlbW92YWwgcG9saWN5IGZvciB0aGlzIHJlc291cmNlLlxuICAgKiBAZGVmYXVsdCBjZGsuUmVtb3ZhbFBvbGljeS5ERVNUUk9ZXG4gICAqL1xuICByZWFkb25seSByZW1vdmFsUG9saWN5PzogY2RrLlJlbW92YWxQb2xpY3k7XG5cbiAgLyoqXG4gICAqIFRhZ3MgdG8gYXBwbHkgdG8gdGhlIHRhc2sgcmVzb3VyY2UuXG4gICAqL1xuICByZWFkb25seSB0YWdzPzogY2RrLkNmblRhZ1tdO1xufVxuXG4vKipcbiAqIEEgRE1TIHJlcGxpY2F0aW9uIHRhc2sgdGhhdCB0aWVzIGEgcmVwbGljYXRpb24gaW5zdGFuY2UgdG8gYSBzb3VyY2UgYW5kXG4gKiB0YXJnZXQgZW5kcG9pbnQgYW5kIGRlZmluZXMgd2hhdCBkYXRhIHRvIG1pZ3JhdGUgYW5kIGhvdy5cbiAqL1xuZXhwb3J0IGNsYXNzIERtc1JlcGxpY2F0aW9uVGFzayBleHRlbmRzIENvbnN0cnVjdCB7XG4gIC8qKiBUaGUgdW5kZXJseWluZyBDbG91ZEZvcm1hdGlvbiByZXBsaWNhdGlvbiB0YXNrIHJlc291cmNlLiAqL1xuICByZWFkb25seSBjZm5SZXBsaWNhdGlvblRhc2s6IGRtcy5DZm5SZXBsaWNhdGlvblRhc2s7XG5cbiAgLyoqIEFSTiBvZiB0aGUgcmVwbGljYXRpb24gdGFzay4gKi9cbiAgcmVhZG9ubHkgcmVwbGljYXRpb25UYXNrQXJuOiBzdHJpbmc7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IERtc1JlcGxpY2F0aW9uVGFza1Byb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IHRhc2tJZGVudGlmaWVyID1cbiAgICAgIHByb3BzLnJlcGxpY2F0aW9uVGFza0lkZW50aWZpZXIgPz9cbiAgICAgIGNkay5OYW1lcy51bmlxdWVSZXNvdXJjZU5hbWUodGhpcywgeyBtYXhMZW5ndGg6IDYzIH0pLnRvTG93ZXJDYXNlKCk7XG5cbiAgICBjb25zdCB0YXNrU2V0dGluZ3MgPSBwcm9wcy50YXNrU2V0dGluZ3MgPz8gbmV3IFRhc2tTZXR0aW5ncygpLnRvSnNvbigpO1xuXG4gICAgLy8gRE1TIGV4cGVjdHMgY2RjU3RhcnRUaW1lIGFzIGEgVW5peCBlcG9jaCBudW1iZXIgKHNlY29uZHMgc2luY2UgZXBvY2gpXG4gICAgbGV0IGNkY1N0YXJ0VGltZTogbnVtYmVyIHwgdW5kZWZpbmVkO1xuICAgIGlmIChwcm9wcy5jZGNTdGFydFRpbWUgIT09IHVuZGVmaW5lZCkge1xuICAgICAgY29uc3QgcGFyc2VkID0gRGF0ZS5wYXJzZShwcm9wcy5jZGNTdGFydFRpbWUpO1xuICAgICAgY2RjU3RhcnRUaW1lID0gaXNOYU4ocGFyc2VkKSA/IE51bWJlcihwcm9wcy5jZGNTdGFydFRpbWUpIDogTWF0aC5mbG9vcihwYXJzZWQgLyAxMDAwKTtcbiAgICB9XG5cbiAgICB0aGlzLmNmblJlcGxpY2F0aW9uVGFzayA9IG5ldyBkbXMuQ2ZuUmVwbGljYXRpb25UYXNrKHRoaXMsICdSZXNvdXJjZScsIHtcbiAgICAgIHJlcGxpY2F0aW9uSW5zdGFuY2VBcm46IHByb3BzLnJlcGxpY2F0aW9uSW5zdGFuY2VBcm4sXG4gICAgICBzb3VyY2VFbmRwb2ludEFybjogcHJvcHMuc291cmNlRW5kcG9pbnQuZW5kcG9pbnRBcm4sXG4gICAgICB0YXJnZXRFbmRwb2ludEFybjogcHJvcHMudGFyZ2V0RW5kcG9pbnQuZW5kcG9pbnRBcm4sXG4gICAgICBtaWdyYXRpb25UeXBlOiBwcm9wcy5taWdyYXRpb25UeXBlLFxuICAgICAgdGFibGVNYXBwaW5nczogcHJvcHMudGFibGVNYXBwaW5ncyxcbiAgICAgIHJlcGxpY2F0aW9uVGFza1NldHRpbmdzOiB0YXNrU2V0dGluZ3MsXG4gICAgICByZXBsaWNhdGlvblRhc2tJZGVudGlmaWVyOiB0YXNrSWRlbnRpZmllcixcbiAgICAgIGNkY1N0YXJ0VGltZSxcbiAgICAgIGNkY1N0YXJ0UG9zaXRpb246IHByb3BzLmNkY1N0YXJ0UG9zaXRpb24sXG4gICAgICBjZGNTdG9wUG9zaXRpb246IHByb3BzLmNkY1N0b3BQb3NpdGlvbixcbiAgICAgIHRhZ3M6IHByb3BzLnRhZ3MsXG4gICAgfSk7XG5cbiAgICB0aGlzLmNmblJlcGxpY2F0aW9uVGFzay5hcHBseVJlbW92YWxQb2xpY3koXG4gICAgICBwcm9wcy5yZW1vdmFsUG9saWN5ID8/IGNkay5SZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgKTtcblxuICAgIHRoaXMucmVwbGljYXRpb25UYXNrQXJuID0gdGhpcy5jZm5SZXBsaWNhdGlvblRhc2sucmVmO1xuICB9XG59XG4iXX0=

package/lib/serverless-pipeline.d.ts

@@ -0,0 +1,196 @@
+import * as cdk from 'aws-cdk-lib';
+import * as dms from 'aws-cdk-lib/aws-dms';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as kms from 'aws-cdk-lib/aws-kms';
+import * as logs from 'aws-cdk-lib/aws-logs';
+import { Construct } from 'constructs';
+import { IDmsEndpoint } from './endpoint';
+import { MigrationType } from './enums';
+import { SourceEndpointOptions, TargetEndpointOptions } from './migration-pipeline';
+/** Props for {@link DmsServerlessPipeline}. */
+export interface DmsServerlessPipelineProps {
+    /**
+     * VPC in which to place the serverless replication config.
+     * The config is placed in private subnets.
+     */
+    readonly vpc: ec2.IVpc;
+    /**
+     * Subnet selection for the replication subnet group.
+     * @default private subnets with egress
+     */
+    readonly vpcSubnets?: ec2.SubnetSelection;
+    /**
+     * Security groups to attach to the serverless replication config.
+     * A new security group is created if none are provided.
+     */
+    readonly securityGroups?: ec2.ISecurityGroup[];
+    /**
+     * Maximum number of DMS Capacity Units (DCUs) the serverless replication may
+     * scale up to.
+     *
+     * Valid values: 1, 2, 4, 8, 16, 32, 64, 128, 192, 256, 384.
+     */
+    readonly maxCapacityUnits: number;
+    /**
+     * Minimum number of DCUs DMS will provision at start-up.
+     * @default DMS auto-determines based on workload
+     */
+    readonly minCapacityUnits?: number;
+    /**
+     * Whether the serverless replication is Multi-AZ.
+     * @default false
+     */
+    readonly multiAz?: boolean;
+    /**
+     * Preferred maintenance window, e.g. "sun:04:00-sun:04:30".
+     */
+    readonly preferredMaintenanceWindow?: string;
+    /**
+     * KMS key used to encrypt replication storage at rest.
+     * A new key is created if not provided.
+     */
+    readonly kmsKey?: kms.IKey;
+    /**
+     * Source endpoint configuration.
+     * Provide this OR `existingSourceEndpoint` — not both.
+     */
+    readonly sourceEndpoint?: SourceEndpointOptions;
+    /**
+     * An existing {@link IDmsEndpoint} to use as the source.
+     * Provide this OR `sourceEndpoint` — not both.
+     */
+    readonly existingSourceEndpoint?: IDmsEndpoint;
+    /**
+     * Target endpoint configuration.
+     * Provide this OR `existingTargetEndpoint` — not both.
+     */
+    readonly targetEndpoint?: TargetEndpointOptions;
+    /**
+     * An existing {@link IDmsEndpoint} to use as the target.
+     * Provide this OR `targetEndpoint` — not both.
+     */
+    readonly existingTargetEndpoint?: IDmsEndpoint;
+    /** The type of migration to perform. */
+    readonly migrationType: MigrationType;
+    /**
+     * Table mappings JSON string.
+     * Use {@link TableMappings} to build this.
+     * Defaults to "include all tables in all schemas" if not provided.
+     */
+    readonly tableMappings?: string;
+    /**
+     * Replication settings JSON string (equivalent to task settings for classic DMS).
+     * Use {@link TaskSettings} to build this.
+     * Sensible defaults are applied by DMS if not provided.
+     *
+     * @remarks DMS Serverless does not support setting CDC start/stop positions
+     * via CloudFormation. To start replication from a specific LSN or timestamp
+     * after the replication config has been created, call the
+     * `StartReplication` API with `StartReplicationTaskType` set to
+     * `start-replication` and supply `CdcStartPosition` or `CdcStartTime`.
+     */
+    readonly taskSettings?: string;
+    /**
+     * Whether to create a CloudWatch log group for the replication config.
+     * @default true
+     */
+    readonly enableCloudWatchLogs?: boolean;
+    /**
+     * Retention period for the CloudWatch log group.
+     * @default logs.RetentionDays.ONE_MONTH
+     */
+    readonly logRetention?: logs.RetentionDays;
+    /**
+     * Whether to create the two account-level DMS service roles (`dms-vpc-role`
+     * and `dms-cloudwatch-logs-role`) required by DMS.
+     *
+     * Set to `false` if the roles already exist — for example, because a
+     * `DmsMigrationPipeline` or a prior manual deployment already created them.
+     * Attempting to create roles with the same name twice causes a CloudFormation
+     * `EntityAlreadyExists` error.
+     *
+     * @default true
+     */
+    readonly createDmsServiceRoles?: boolean;
+    /**
+     * Logical identifier for the replication config resource.
+     * @default unique name derived from the construct id
+     */
+    readonly replicationConfigIdentifier?: string;
+    /**
+     * Removal policy applied to all resources in the pipeline.
+     * @default cdk.RemovalPolicy.DESTROY
+     */
+    readonly removalPolicy?: cdk.RemovalPolicy;
+}
+/**
+ * An L3 CDK pattern construct that provisions a DMS Serverless replication
+ * pipeline:
+ *
+ * - **Replication config** — backed by `CfnReplicationConfig`; DMS auto-scales
+ *   capacity between `minCapacityUnits` and `maxCapacityUnits`.
+ * - **Source endpoint** — supports every engine DMS supports.
+ * - **Target endpoint** — supports every engine DMS supports.
+ * - **Subnet group** — private subnet placement.
+ * - **KMS key** — storage encryption at rest (created if not provided).
+ * - **Security group** — dedicated group (created if not provided).
+ * - **IAM roles** — `dms-vpc-role` and `dms-cloudwatch-logs-role`.
+ * - **CloudWatch log group** — (optional) retains replication logs.
+ *
+ * > **CDC start/stop position limitation**: `CfnReplicationConfig` does not
+ * > expose `cdcStartTime` / `cdcStartPosition` / `cdcStopPosition`. To start
+ * > from a specific position, call the `StartReplication` API directly after
+ * > the config is created (e.g. from a Lambda custom resource or CLI).
+ *
+ * @example
+ * const pipeline = new DmsServerlessPipeline(this, 'ServerlessPipeline', {
+ *   vpc,
+ *   maxCapacityUnits: 8,
+ *   migrationType: MigrationType.FULL_LOAD_AND_CDC,
+ *   sourceEndpoint: {
+ *     engine: EndpointEngine.MYSQL,
+ *     serverName: 'mysql.example.com',
+ *     port: 3306,
+ *     username: 'dms_user',
+ *     password: cdk.SecretValue.secretsManager('mysql-dms-secret'),
+ *   },
+ *   targetEndpoint: {
+ *     engine: EndpointEngine.AURORA_POSTGRESQL,
+ *     serverName: cluster.clusterEndpoint.hostname,
+ *     port: 5432,
+ *     username: 'dms_user',
+ *     password: cdk.SecretValue.secretsManager('aurora-dms-secret'),
+ *   },
+ * });
+ */
+export declare class DmsServerlessPipeline extends Construct {
+    /** The underlying `CfnReplicationConfig` resource. */
+    readonly cfnReplicationConfig: dms.CfnReplicationConfig;
+    /** The ARN of the replication config. */
+    readonly replicationConfigArn: string;
+    /** The source endpoint used by this pipeline. */
+    readonly source: IDmsEndpoint;
+    /** The target endpoint used by this pipeline. */
+    readonly target: IDmsEndpoint;
+    /** The replication subnet group created for this pipeline. */
+    readonly subnetGroup: dms.CfnReplicationSubnetGroup;
+    /** The KMS key used for storage encryption. */
+    readonly encryptionKey: kms.IKey;
+    /** The security group attached to this pipeline. */
+    readonly securityGroup: ec2.ISecurityGroup;
+    /** CloudWatch log group for the replication config (if enableCloudWatchLogs is true). */
+    readonly logGroup?: logs.LogGroup;
+    /**
+     * IAM role that allows DMS to write to CloudWatch Logs.
+     * `undefined` when `createDmsServiceRoles` is `false`.
+     */
+    readonly dmsCloudWatchRole?: iam.Role;
+    /**
+     * IAM role that allows DMS to manage VPC resources (dms-vpc-role).
+     * `undefined` when `createDmsServiceRoles` is `false`.
+     */
+    readonly dmsVpcRole?: iam.Role;
+    constructor(scope: Construct, id: string, props: DmsServerlessPipelineProps);
+    private validateProps;
+}