p6-cdk-s3-protector 0.0.48 → 0.0.50

package/.jsii

@@ -8,12 +8,12 @@
     ]
   },
   "bundled": {
-    "@aws-sdk/client-s3": "^3.932.0",
-    "@aws-sdk/client-s3-control": "^3.932.0",
-    "@aws-sdk/client-sts": "^3.932.0",
-    "@types/aws-lambda": "^8.10.158",
+    "@aws-sdk/client-s3": "^3.936.0",
+    "@aws-sdk/client-s3-control": "^3.936.0",
+    "@aws-sdk/client-sts": "^3.936.0",
+    "@types/aws-lambda": "^8.10.159",
     "aws-sdk": "^2.1692.0",
-    "cdk-iam-floyd": "^0.731.0",
+    "cdk-iam-floyd": "^0.732.0",
     "source-map-support": "^0.5.21",
     "winston": "^3.18.3"
   },
@@ -8502,6 +8502,6 @@
       "symbolId": "src/p6cdks3protector:P6CDKS3Protector"
     }
   },
-  "version": "0.0.48",
-  "fingerprint": "relq+0gVD/9bq3iAWQWSxiEduFl0/2e6hNyld+d6QVg="
+  "version": "0.0.50",
+  "fingerprint": "KHGf1riFH4KHr2KbLitu71OJd0oOa27tSf3MNsZh4m4="
 }

package/lib/p6cdks3protector.js

@@ -41,7 +41,7 @@ const lambdajs = __importStar(require("aws-cdk-lib/aws-lambda-nodejs"));
 const cr = __importStar(require("aws-cdk-lib/custom-resources"));
 const floyd = __importStar(require("cdk-iam-floyd"));
 class P6CDKS3Protector extends cdk.Resource {
-    static [JSII_RTTI_SYMBOL_1] = { fqn: "p6-cdk-s3-protector.P6CDKS3Protector", version: "0.0.48" };
+    static [JSII_RTTI_SYMBOL_1] = { fqn: "p6-cdk-s3-protector.P6CDKS3Protector", version: "0.0.50" };
     constructor(scope, id) {
         super(scope, id);
         const policy = new floyd.Statement.S3().allow().toPutObject().toPutObjectAcl();

package/node_modules/@aws/lambda-invoke-store/README.md

@@ -33,19 +33,20 @@ export const handler = async (event, context) => {
   // The RIC has already initialized the InvokeStore with requestId and X-Ray traceId
 
   // Access Lambda context data
-  console.log(`Processing request: ${InvokeStore.getRequestId()}`);
+  const invokeStore = await InvokeStore.getInstanceAsync();
+  console.log(`Processing request: ${invokeStore.getRequestId()}`);
 
   // Store custom data
-  InvokeStore.set("userId", event.userId);
+  invokeStore.set("userId", event.userId);
 
   // Data persists across async operations
   await processData(event);
 
   // Retrieve custom data
-  const userId = InvokeStore.get("userId");
+  const userId = invokeStore.get("userId");
 
   return {
-    requestId: InvokeStore.getRequestId(),
+    requestId: invokeStore.getRequestId(),
     userId,
   };
 };
@@ -53,89 +54,96 @@ export const handler = async (event, context) => {
 // Context is preserved in async operations
 async function processData(event) {
   // Still has access to the same invoke context
-  console.log(`Processing in same context: ${InvokeStore.getRequestId()}`);
+  const invokeStore = await InvokeStore.getInstanceAsync();
+  console.log(`Processing in same context: ${invokeStore.getRequestId()}`);
 
   // Can set additional data
-  InvokeStore.set("processedData", { result: "success" });
+  invokeStore.set("processedData", { result: "success" });
 }
 ```
 
 ## API Reference
 
-### InvokeStore.getContext()
+### InvokeStore.getInstanceAsync()
+First, get an instance of the InvokeStore:
+```typescript
+const invokeStore = await InvokeStore.getInstanceAsync();
+```
+
+### invokeStore.getContext()
 
 Returns the complete current context or `undefined` if outside a context.
 
 ```typescript
-const context = InvokeStore.getContext();
+const context = invokeStore.getContext();
 ```
 
-### InvokeStore.get(key)
+### invokeStore.get(key)
 
 Gets a value from the current context.
 
 ```typescript
-const requestId = InvokeStore.get(InvokeStore.PROTECTED_KEYS.REQUEST_ID);
-const customValue = InvokeStore.get("customKey");
+const requestId = invokeStore.get(InvokeStoreBase.PROTECTED_KEYS.REQUEST_ID);
+const customValue = invokeStore.get("customKey");
 ```
 
-### InvokeStore.set(key, value)
+### invokeStore.set(key, value)
 
 Sets a custom value in the current context. Protected Lambda fields cannot be modified.
 
 ```typescript
-InvokeStore.set("userId", "user-123");
-InvokeStore.set("timestamp", Date.now());
+invokeStore.set("userId", "user-123");
+invokeStore.set("timestamp", Date.now());
 
 // This will throw an error:
-// InvokeStore.set(InvokeStore.PROTECTED_KEYS.REQUEST_ID, 'new-id');
+// invokeStore.set(InvokeStoreBase.PROTECTED_KEYS.REQUEST_ID, 'new-id');
 ```
 
-### InvokeStore.getRequestId()
+### invokeStore.getRequestId()
 
 Convenience method to get the current request ID.
 
 ```typescript
-const requestId = InvokeStore.getRequestId(); // Returns '-' if outside context
+const requestId = invokeStore.getRequestId(); // Returns '-' if outside context
 ```
 
-### InvokeStore.getTenantId()
+### invokeStore.getTenantId()
 
 Convenience method to get the tenant ID.
 
 ```typescript
-const requestId = InvokeStore.getTenantId();
+const requestId = invokeStore.getTenantId();
 ```
 
-### InvokeStore.getXRayTraceId()
+### invokeStore.getXRayTraceId()
 
 Convenience method to get the current [X-Ray trace ID](https://docs.aws.amazon.com/xray/latest/devguide/xray-concepts.html#xray-concepts-traces). This ID is used for distributed tracing across AWS services.
 
 ```typescript
-const traceId = InvokeStore.getXRayTraceId(); // Returns undefined if not set or outside context
+const traceId = invokeStore.getXRayTraceId(); // Returns undefined if not set or outside context
 ```
 
-### InvokeStore.hasContext()
+### invokeStore.hasContext()
 
 Checks if code is currently running within an invoke context.
 
 ```typescript
-if (InvokeStore.hasContext()) {
+if (invokeStore.hasContext()) {
   // We're inside an invoke context
 }
 ```
 
-### InvokeStore.run(context, fn)
+### invokeStore.run(context, fn)
 
 > **Note**: This method is primarily used by the Lambda Runtime Interface Client (RIC) to initialize the context for each invocation. Lambda function developers typically don't need to call this method directly.
 
 Runs a function within an invoke context.
 
 ```typescript
-InvokeStore.run(
+invokeStore.run(
   {
-    [InvokeStore.PROTECTED_KEYS.REQUEST_ID]: "request-123",
-    [InvokeStore.PROTECTED_KEYS.X_RAY_TRACE_ID]: "trace-456", // Optional X-Ray trace ID
+    [InvokeStoreBase.PROTECTED_KEYS.REQUEST_ID]: "request-123",
+    [InvokeStoreBase.PROTECTED_KEYS.X_RAY_TRACE_ID]: "trace-456", // Optional X-Ray trace ID
     customField: "value", // Optional custom fields
   },
   () => {

package/node_modules/@aws/lambda-invoke-store/dist-cjs/invoke-store.js

@@ -1,66 +1,124 @@
 'use strict';
 
-var async_hooks = require('async_hooks');
-
-const noGlobalAwsLambda = process.env["AWS_LAMBDA_NODEJS_NO_GLOBAL_AWSLAMBDA"] === "1" ||
-    process.env["AWS_LAMBDA_NODEJS_NO_GLOBAL_AWSLAMBDA"] === "true";
-if (!noGlobalAwsLambda) {
-    globalThis.awslambda = globalThis.awslambda || {};
-}
 const PROTECTED_KEYS = {
-    REQUEST_ID: Symbol("_AWS_LAMBDA_REQUEST_ID"),
-    X_RAY_TRACE_ID: Symbol("_AWS_LAMBDA_X_RAY_TRACE_ID"),
-    TENANT_ID: Symbol("_AWS_LAMBDA_TENANT_ID"),
+    REQUEST_ID: Symbol.for("_AWS_LAMBDA_REQUEST_ID"),
+    X_RAY_TRACE_ID: Symbol.for("_AWS_LAMBDA_X_RAY_TRACE_ID"),
+    TENANT_ID: Symbol.for("_AWS_LAMBDA_TENANT_ID"),
 };
-class InvokeStoreImpl {
-    static storage = new async_hooks.AsyncLocalStorage();
+const NO_GLOBAL_AWS_LAMBDA = ["true", "1"].includes(process.env?.AWS_LAMBDA_NODEJS_NO_GLOBAL_AWSLAMBDA ?? "");
+if (!NO_GLOBAL_AWS_LAMBDA) {
+    globalThis.awslambda = globalThis.awslambda || {};
+}
+class InvokeStoreBase {
     static PROTECTED_KEYS = PROTECTED_KEYS;
-    static run(context, fn) {
-        return this.storage.run({ ...context }, fn);
+    isProtectedKey(key) {
+        return Object.values(PROTECTED_KEYS).includes(key);
+    }
+    getRequestId() {
+        return this.get(PROTECTED_KEYS.REQUEST_ID) ?? "-";
     }
-    static getContext() {
-        return this.storage.getStore();
+    getXRayTraceId() {
+        return this.get(PROTECTED_KEYS.X_RAY_TRACE_ID);
     }
-    static get(key) {
-        const context = this.storage.getStore();
-        return context?.[key];
+    getTenantId() {
+        return this.get(PROTECTED_KEYS.TENANT_ID);
     }
-    static set(key, value) {
+}
+class InvokeStoreSingle extends InvokeStoreBase {
+    currentContext;
+    getContext() {
+        return this.currentContext;
+    }
+    hasContext() {
+        return this.currentContext !== undefined;
+    }
+    get(key) {
+        return this.currentContext?.[key];
+    }
+    set(key, value) {
         if (this.isProtectedKey(key)) {
-            throw new Error(`Cannot modify protected Lambda context field`);
+            throw new Error(`Cannot modify protected Lambda context field: ${String(key)}`);
         }
-        const context = this.storage.getStore();
-        if (context) {
-            context[key] = value;
+        this.currentContext = this.currentContext || {};
+        this.currentContext[key] = value;
+    }
+    run(context, fn) {
+        this.currentContext = context;
+        try {
+            return fn();
         }
+        finally {
+            this.currentContext = undefined;
+        }
+    }
+}
+class InvokeStoreMulti extends InvokeStoreBase {
+    als;
+    static async create() {
+        const instance = new InvokeStoreMulti();
+        const asyncHooks = await import('node:async_hooks');
+        instance.als = new asyncHooks.AsyncLocalStorage();
+        return instance;
     }
-    static getRequestId() {
-        return this.get(this.PROTECTED_KEYS.REQUEST_ID) ?? "-";
+    getContext() {
+        return this.als.getStore();
     }
-    static getXRayTraceId() {
-        return this.get(this.PROTECTED_KEYS.X_RAY_TRACE_ID);
+    hasContext() {
+        return this.als.getStore() !== undefined;
     }
-    static getTenantId() {
-        return this.get(this.PROTECTED_KEYS.TENANT_ID);
+    get(key) {
+        return this.als.getStore()?.[key];
     }
-    static hasContext() {
-        return this.storage.getStore() !== undefined;
+    set(key, value) {
+        if (this.isProtectedKey(key)) {
+            throw new Error(`Cannot modify protected Lambda context field: ${String(key)}`);
+        }
+        const store = this.als.getStore();
+        if (!store) {
+            throw new Error("No context available");
+        }
+        store[key] = value;
     }
-    static isProtectedKey(key) {
-        return (key === this.PROTECTED_KEYS.REQUEST_ID ||
-            key === this.PROTECTED_KEYS.X_RAY_TRACE_ID);
+    run(context, fn) {
+        return this.als.run(context, fn);
     }
 }
-let instance;
-if (!noGlobalAwsLambda && globalThis.awslambda?.InvokeStore) {
-    instance = globalThis.awslambda.InvokeStore;
-}
-else {
-    instance = InvokeStoreImpl;
-    if (!noGlobalAwsLambda && globalThis.awslambda) {
-        globalThis.awslambda.InvokeStore = instance;
+exports.InvokeStore = void 0;
+(function (InvokeStore) {
+    let instance = null;
+    async function getInstanceAsync() {
+        if (!instance) {
+            instance = (async () => {
+                const isMulti = "AWS_LAMBDA_MAX_CONCURRENCY" in process.env;
+                const newInstance = isMulti
+                    ? await InvokeStoreMulti.create()
+                    : new InvokeStoreSingle();
+                if (!NO_GLOBAL_AWS_LAMBDA && globalThis.awslambda?.InvokeStore) {
+                    return globalThis.awslambda.InvokeStore;
+                }
+                else if (!NO_GLOBAL_AWS_LAMBDA && globalThis.awslambda) {
+                    globalThis.awslambda.InvokeStore = newInstance;
+                    return newInstance;
+                }
+                else {
+                    return newInstance;
+                }
+            })();
+        }
+        return instance;
     }
-}
-const InvokeStore = instance;
+    InvokeStore.getInstanceAsync = getInstanceAsync;
+    InvokeStore._testing = process.env.AWS_LAMBDA_BENCHMARK_MODE === "1"
+        ? {
+            reset: () => {
+                instance = null;
+                if (globalThis.awslambda?.InvokeStore) {
+                    delete globalThis.awslambda.InvokeStore;
+                }
+                globalThis.awslambda = {};
+            },
+        }
+        : undefined;
+})(exports.InvokeStore || (exports.InvokeStore = {}));
 
-exports.InvokeStore = InvokeStore;
+exports.InvokeStoreBase = InvokeStoreBase;

package/node_modules/@aws/lambda-invoke-store/dist-es/invoke-store.js

@@ -1,64 +1,122 @@
-import { AsyncLocalStorage } from 'async_hooks';
-
-const noGlobalAwsLambda = process.env["AWS_LAMBDA_NODEJS_NO_GLOBAL_AWSLAMBDA"] === "1" ||
-    process.env["AWS_LAMBDA_NODEJS_NO_GLOBAL_AWSLAMBDA"] === "true";
-if (!noGlobalAwsLambda) {
-    globalThis.awslambda = globalThis.awslambda || {};
-}
 const PROTECTED_KEYS = {
-    REQUEST_ID: Symbol("_AWS_LAMBDA_REQUEST_ID"),
-    X_RAY_TRACE_ID: Symbol("_AWS_LAMBDA_X_RAY_TRACE_ID"),
-    TENANT_ID: Symbol("_AWS_LAMBDA_TENANT_ID"),
+    REQUEST_ID: Symbol.for("_AWS_LAMBDA_REQUEST_ID"),
+    X_RAY_TRACE_ID: Symbol.for("_AWS_LAMBDA_X_RAY_TRACE_ID"),
+    TENANT_ID: Symbol.for("_AWS_LAMBDA_TENANT_ID"),
 };
-class InvokeStoreImpl {
-    static storage = new AsyncLocalStorage();
+const NO_GLOBAL_AWS_LAMBDA = ["true", "1"].includes(process.env?.AWS_LAMBDA_NODEJS_NO_GLOBAL_AWSLAMBDA ?? "");
+if (!NO_GLOBAL_AWS_LAMBDA) {
+    globalThis.awslambda = globalThis.awslambda || {};
+}
+class InvokeStoreBase {
     static PROTECTED_KEYS = PROTECTED_KEYS;
-    static run(context, fn) {
-        return this.storage.run({ ...context }, fn);
+    isProtectedKey(key) {
+        return Object.values(PROTECTED_KEYS).includes(key);
+    }
+    getRequestId() {
+        return this.get(PROTECTED_KEYS.REQUEST_ID) ?? "-";
     }
-    static getContext() {
-        return this.storage.getStore();
+    getXRayTraceId() {
+        return this.get(PROTECTED_KEYS.X_RAY_TRACE_ID);
     }
-    static get(key) {
-        const context = this.storage.getStore();
-        return context?.[key];
+    getTenantId() {
+        return this.get(PROTECTED_KEYS.TENANT_ID);
     }
-    static set(key, value) {
+}
+class InvokeStoreSingle extends InvokeStoreBase {
+    currentContext;
+    getContext() {
+        return this.currentContext;
+    }
+    hasContext() {
+        return this.currentContext !== undefined;
+    }
+    get(key) {
+        return this.currentContext?.[key];
+    }
+    set(key, value) {
         if (this.isProtectedKey(key)) {
-            throw new Error(`Cannot modify protected Lambda context field`);
+            throw new Error(`Cannot modify protected Lambda context field: ${String(key)}`);
         }
-        const context = this.storage.getStore();
-        if (context) {
-            context[key] = value;
+        this.currentContext = this.currentContext || {};
+        this.currentContext[key] = value;
+    }
+    run(context, fn) {
+        this.currentContext = context;
+        try {
+            return fn();
         }
+        finally {
+            this.currentContext = undefined;
+        }
+    }
+}
+class InvokeStoreMulti extends InvokeStoreBase {
+    als;
+    static async create() {
+        const instance = new InvokeStoreMulti();
+        const asyncHooks = await import('node:async_hooks');
+        instance.als = new asyncHooks.AsyncLocalStorage();
+        return instance;
     }
-    static getRequestId() {
-        return this.get(this.PROTECTED_KEYS.REQUEST_ID) ?? "-";
+    getContext() {
+        return this.als.getStore();
     }
-    static getXRayTraceId() {
-        return this.get(this.PROTECTED_KEYS.X_RAY_TRACE_ID);
+    hasContext() {
+        return this.als.getStore() !== undefined;
     }
-    static getTenantId() {
-        return this.get(this.PROTECTED_KEYS.TENANT_ID);
+    get(key) {
+        return this.als.getStore()?.[key];
     }
-    static hasContext() {
-        return this.storage.getStore() !== undefined;
+    set(key, value) {
+        if (this.isProtectedKey(key)) {
+            throw new Error(`Cannot modify protected Lambda context field: ${String(key)}`);
+        }
+        const store = this.als.getStore();
+        if (!store) {
+            throw new Error("No context available");
+        }
+        store[key] = value;
     }
-    static isProtectedKey(key) {
-        return (key === this.PROTECTED_KEYS.REQUEST_ID ||
-            key === this.PROTECTED_KEYS.X_RAY_TRACE_ID);
+    run(context, fn) {
+        return this.als.run(context, fn);
     }
 }
-let instance;
-if (!noGlobalAwsLambda && globalThis.awslambda?.InvokeStore) {
-    instance = globalThis.awslambda.InvokeStore;
-}
-else {
-    instance = InvokeStoreImpl;
-    if (!noGlobalAwsLambda && globalThis.awslambda) {
-        globalThis.awslambda.InvokeStore = instance;
+var InvokeStore;
+(function (InvokeStore) {
+    let instance = null;
+    async function getInstanceAsync() {
+        if (!instance) {
+            instance = (async () => {
+                const isMulti = "AWS_LAMBDA_MAX_CONCURRENCY" in process.env;
+                const newInstance = isMulti
+                    ? await InvokeStoreMulti.create()
+                    : new InvokeStoreSingle();
+                if (!NO_GLOBAL_AWS_LAMBDA && globalThis.awslambda?.InvokeStore) {
+                    return globalThis.awslambda.InvokeStore;
+                }
+                else if (!NO_GLOBAL_AWS_LAMBDA && globalThis.awslambda) {
+                    globalThis.awslambda.InvokeStore = newInstance;
+                    return newInstance;
+                }
+                else {
+                    return newInstance;
+                }
+            })();
+        }
+        return instance;
     }
-}
-const InvokeStore = instance;
+    InvokeStore.getInstanceAsync = getInstanceAsync;
+    InvokeStore._testing = process.env.AWS_LAMBDA_BENCHMARK_MODE === "1"
+        ? {
+            reset: () => {
+                instance = null;
+                if (globalThis.awslambda?.InvokeStore) {
+                    delete globalThis.awslambda.InvokeStore;
+                }
+                globalThis.awslambda = {};
+            },
+        }
+        : undefined;
+})(InvokeStore || (InvokeStore = {}));
 
-export { InvokeStore };
+export { InvokeStore, InvokeStoreBase };

package/node_modules/@aws/lambda-invoke-store/dist-types/invoke-store.benchmark.d.ts

@@ -0,0 +1 @@
+export {};

package/node_modules/@aws/lambda-invoke-store/dist-types/invoke-store.d.ts

@@ -1,57 +1,50 @@
-/**
- * Generic store context that uses protected keys for Lambda fields
- * and allows custom user properties
- */
-export interface InvokeStoreContext {
-    [key: string | symbol]: unknown;
+interface Context {
+    [key: string]: unknown;
+    [key: symbol]: unknown;
+}
+declare global {
+    var awslambda: {
+        InvokeStore?: InvokeStoreBase;
+        [key: string]: unknown;
+    };
 }
 /**
- * InvokeStore implementation class
+ * Base class for AWS Lambda context storage implementations.
+ * Provides core functionality for managing Lambda execution context.
+ *
+ * Implementations handle either single-context (InvokeStoreSingle) or
+ * multi-context (InvokeStoreMulti) scenarios based on Lambda's execution environment.
+ *
+ * @public
  */
-declare class InvokeStoreImpl {
-    private static storage;
+export declare abstract class InvokeStoreBase {
     static readonly PROTECTED_KEYS: {
         readonly REQUEST_ID: symbol;
         readonly X_RAY_TRACE_ID: symbol;
         readonly TENANT_ID: symbol;
     };
-    /**
-     * Initialize and run code within an invoke context
-     */
-    static run<T>(context: InvokeStoreContext, fn: () => T | Promise<T>): T | Promise<T>;
-    /**
-     * Get the complete current context
-     */
-    static getContext(): InvokeStoreContext | undefined;
-    /**
-     * Get a specific value from the context by key
-     */
-    static get<T = unknown>(key: string | symbol): T | undefined;
-    /**
-     * Set a custom value in the current context
-     * Protected Lambda context fields cannot be overwritten
-     */
-    static set(key: string | symbol, value: unknown): void;
-    /**
-     * Get the current request ID
-     */
-    static getRequestId(): string;
-    /**
-     * Get the current X-ray trace ID
-     */
-    static getXRayTraceId(): string | undefined;
-    /**
-     * Get the current tenant ID
-     */
-    static getTenantId(): string | undefined;
-    /**
-     * Check if we're currently within an invoke context
-     */
-    static hasContext(): boolean;
-    /**
-     * Check if a key is protected (readonly Lambda context field)
-     */
-    private static isProtectedKey;
+    abstract getContext(): Context | undefined;
+    abstract hasContext(): boolean;
+    abstract get<T = unknown>(key: string | symbol): T | undefined;
+    abstract set<T = unknown>(key: string | symbol, value: T): void;
+    abstract run<T>(context: Context, fn: () => T): T;
+    protected isProtectedKey(key: string | symbol): boolean;
+    getRequestId(): string;
+    getXRayTraceId(): string | undefined;
+    getTenantId(): string | undefined;
+}
+/**
+ * Provides access to AWS Lambda execution context storage.
+ * Supports both single-context and multi-context environments through different implementations.
+ *
+ * The store manages protected Lambda context fields and allows storing/retrieving custom values
+ * within the execution context.
+ * @public
+ */
+export declare namespace InvokeStore {
+    function getInstanceAsync(): Promise<InvokeStoreBase>;
+    const _testing: {
+        reset: () => void;
+    } | undefined;
 }
-export declare const InvokeStore: typeof InvokeStoreImpl;
 export {};

package/node_modules/@aws/lambda-invoke-store/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws/lambda-invoke-store",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "Invoke scoped data storage for AWS Lambda Node.js Runtime Environment",
   "homepage": "https://github.com/awslabs/aws-lambda-invoke-store",
   "main": "./dist-cjs/invoke-store.js",
@@ -32,7 +32,7 @@
     "build": "yarn clean && yarn build:types && node ./scripts/build-rollup.js",
     "build:types": "tsc -p tsconfig.types.json",
     "clean": "rm -rf dist-types dist-cjs dist-es",
-    "test": "vitest run",
+    "test": "vitest run --reporter verbose",
     "test:watch": "vitest watch",
     "release": "yarn build && changeset publish"
   },