rds-aurora-bootstrapper 0.1.1

package/lib/constructs/aurora-database-create-owner.js

@@ -0,0 +1,71 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuroraDatabaseCreateOwner = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_iam_1 = require("aws-cdk-lib/aws-iam");
+const aws_lambda_1 = require("aws-cdk-lib/aws-lambda");
+const custom_resources_1 = require("aws-cdk-lib/custom-resources");
+const constructs_1 = require("constructs");
+const aurora_database_create_owner_function_1 = require("../funcs/aurora-database-create-owner-function");
+/**
+ * CDK construct that provisions a PostgreSQL owner role on an Aurora cluster
+ * using a custom resource backed by the RDS Data API.
+ *
+ * The master username is derived from the `username` field of
+ * {@link AuroraDatabaseCreateOwnerProps.dbMasterUserCredentials} through a
+ * Secrets Manager dynamic reference; callers do not pass it explicitly.
+ */
+class AuroraDatabaseCreateOwner extends constructs_1.Construct {
+    /**
+     * @param scope - Parent construct.
+     * @param id - Construct identifier.
+     * @param props - Configuration for the database owner role.
+     */
+    constructor(scope, id, props) {
+        super(scope, id);
+        const { dbMasterUserCredentials, dbCluster, dbName, ownerUsername } = props;
+        // 👇 Create database owner.
+        const createOwnerFunction = new aurora_database_create_owner_function_1.AuroraDatabaseCreateOwnerFunction(this, 'AuroraDatabaseCreateOwnerFunction', {
+            architecture: aws_lambda_1.Architecture.ARM_64,
+            timeout: aws_cdk_lib_1.Duration.minutes(1),
+            loggingFormat: aws_lambda_1.LoggingFormat.JSON,
+            systemLogLevelV2: aws_lambda_1.SystemLogLevel.INFO,
+            applicationLogLevelV2: aws_lambda_1.ApplicationLogLevel.INFO,
+        });
+        dbMasterUserCredentials.grantRead(createOwnerFunction);
+        createOwnerFunction.addToRolePolicy(new aws_iam_1.PolicyStatement({
+            actions: [
+                'rds-data:ExecuteStatement',
+                'rds-data:BeginTransaction',
+                'rds-data:CommitTransaction',
+                'rds-data:RollbackTransaction',
+            ],
+            resources: [dbCluster.clusterArn],
+        }));
+        createOwnerFunction.addToRolePolicy(new aws_iam_1.PolicyStatement({
+            actions: ['rds-data:ExecuteStatement'],
+            resources: [dbCluster.clusterArn],
+        }));
+        const auroraDatabaseCreateOwnerProvider = new custom_resources_1.Provider(this, 'AuroraDatabaseCreateOwnerProvider', {
+            onEventHandler: createOwnerFunction,
+        });
+        const createOwner = new aws_cdk_lib_1.CustomResource(this, 'AuroraDatabaseCreateOwnerCustomResource', {
+            serviceToken: auroraDatabaseCreateOwnerProvider.serviceToken,
+            serviceTimeout: aws_cdk_lib_1.Duration.seconds(10),
+            properties: {
+                MasterUserSecretArn: dbMasterUserCredentials.secretArn,
+                MasterUsername: dbMasterUserCredentials.secretValueFromJson('username').unsafeUnwrap(),
+                DatabaseName: dbName,
+                ClusterArn: dbCluster.clusterArn,
+                OwnerUsername: ownerUsername,
+            },
+        });
+        createOwner.node.addDependency(dbCluster);
+    }
+}
+exports.AuroraDatabaseCreateOwner = AuroraDatabaseCreateOwner;
+_a = JSII_RTTI_SYMBOL_1;
+AuroraDatabaseCreateOwner[_a] = { fqn: "rds-aurora-bootstrapper.AuroraDatabaseCreateOwner", version: "0.1.1" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXVyb3JhLWRhdGFiYXNlLWNyZWF0ZS1vd25lci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9jb25zdHJ1Y3RzL2F1cm9yYS1kYXRhYmFzZS1jcmVhdGUtb3duZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw2Q0FBdUQ7QUFDdkQsaURBQXNEO0FBQ3RELHVEQUEwRztBQUcxRyxtRUFBd0Q7QUFDeEQsMkNBQXVDO0FBQ3ZDLDBHQUFtRztBQW1Cbkc7Ozs7Ozs7R0FPRztBQUNILE1BQWEseUJBQTBCLFNBQVEsc0JBQVM7SUFDdEQ7Ozs7T0FJRztJQUNILFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBcUM7UUFDN0UsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLEVBQUUsdUJBQXVCLEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxhQUFhLEVBQUUsR0FBRyxLQUFLLENBQUM7UUFFNUUsNEJBQTRCO1FBQzVCLE1BQU0sbUJBQW1CLEdBQUcsSUFBSSx5RUFBaUMsQ0FBQyxJQUFJLEVBQUUsbUNBQW1DLEVBQUU7WUFDM0csWUFBWSxFQUFFLHlCQUFZLENBQUMsTUFBTTtZQUNqQyxPQUFPLEVBQUUsc0JBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO1lBQzVCLGFBQWEsRUFBRSwwQkFBYSxDQUFDLElBQUk7WUFDakMsZ0JBQWdCLEVBQUUsMkJBQWMsQ0FBQyxJQUFJO1lBQ3JDLHFCQUFxQixFQUFFLGdDQUFtQixDQUFDLElBQUk7U0FDaEQsQ0FBQyxDQUFDO1FBQ0gsdUJBQXVCLENBQUMsU0FBUyxDQUFDLG1CQUFtQixDQUFDLENBQUM7UUFDdkQsbUJBQW1CLENBQUMsZUFBZSxDQUFDLElBQUkseUJBQWUsQ0FBQztZQUN0RCxPQUFPLEVBQUU7Z0JBQ1AsMkJBQTJCO2dCQUMzQiwyQkFBMkI7Z0JBQzNCLDRCQUE0QjtnQkFDNUIsOEJBQThCO2FBQy9CO1lBQ0QsU0FBUyxFQUFFLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQztTQUNsQyxDQUFDLENBQUMsQ0FBQztRQUNKLG1CQUFtQixDQUFDLGVBQWUsQ0FBQyxJQUFJLHlCQUFlLENBQUM7WUFDdEQsT0FBTyxFQUFFLENBQUMsMkJBQTJCLENBQUM7WUFDdEMsU0FBUyxFQUFFLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQztTQUNsQyxDQUFDLENBQUMsQ0FBQztRQUVKLE1BQU0saUNBQWlDLEdBQUcsSUFBSSwyQkFBUSxDQUFDLElBQUksRUFBRSxtQ0FBbUMsRUFBRTtZQUNoRyxjQUFjLEVBQUUsbUJBQW1CO1NBQ3BDLENBQUMsQ0FBQztRQUVILE1BQU0sV0FBVyxHQUFHLElBQUksNEJBQWMsQ0FBQyxJQUFJLEVBQUUseUNBQXlDLEVBQUU7WUFDdEYsWUFBWSxFQUFFLGlDQUFpQyxDQUFDLFlBQVk7WUFDNUQsY0FBYyxFQUFFLHNCQUFRLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNwQyxVQUFVLEVBQUU7Z0JBQ1YsbUJBQW1CLEVBQUUsdUJBQXVCLENBQUMsU0FBUztnQkFDdEQsY0FBYyxFQUFFLHVCQUF1QixDQUFDLG1CQUFtQixDQUFDLFVBQVUsQ0FBQyxDQUFDLFlBQVksRUFBRTtnQkFDdEYsWUFBWSxFQUFFLE1BQU07Z0JBQ3BCLFVBQVUsRUFBRSxTQUFTLENBQUMsVUFBVTtnQkFDaEMsYUFBYSxFQUFFLGFBQWE7YUFDN0I7U0FDRixDQUFDLENBQUM7UUFDSCxXQUFXLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUM1QyxDQUFDOztBQWxESCw4REFtREMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBDdXN0b21SZXNvdXJjZSwgRHVyYXRpb24gfSBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgeyBQb2xpY3lTdGF0ZW1lbnQgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcbmltcG9ydCB7IEFyY2hpdGVjdHVyZSwgTG9nZ2luZ0Zvcm1hdCwgU3lzdGVtTG9nTGV2ZWwsIEFwcGxpY2F0aW9uTG9nTGV2ZWwgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtbGFtYmRhJztcbmltcG9ydCB7IERhdGFiYXNlQ2x1c3RlciB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1yZHMnO1xuaW1wb3J0IHsgU2VjcmV0IH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLXNlY3JldHNtYW5hZ2VyJztcbmltcG9ydCB7IFByb3ZpZGVyIH0gZnJvbSAnYXdzLWNkay1saWIvY3VzdG9tLXJlc291cmNlcyc7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcbmltcG9ydCB7IEF1cm9yYURhdGFiYXNlQ3JlYXRlT3duZXJGdW5jdGlvbiB9IGZyb20gJy4uL2Z1bmNzL2F1cm9yYS1kYXRhYmFzZS1jcmVhdGUtb3duZXItZnVuY3Rpb24nO1xuXG4vKipcbiAqIFByb3BlcnRpZXMgZm9yIHtAbGluayBBdXJvcmFEYXRhYmFzZUNyZWF0ZU93bmVyfS5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBBdXJvcmFEYXRhYmFzZUNyZWF0ZU93bmVyUHJvcHMge1xuICAvKipcbiAgICogU2VjcmV0cyBNYW5hZ2VyIHNlY3JldCBob2xkaW5nIHRoZSBBdXJvcmEgbWFzdGVyIHVzZXIgY3JlZGVudGlhbHMuXG4gICAqIFRoZSBgdXNlcm5hbWVgIGZpZWxkIGlzIHBhc3NlZCB0byB0aGUgY3VzdG9tIHJlc291cmNlIHZpYSBhIGR5bmFtaWMgcmVmZXJlbmNlLlxuICAgKi9cbiAgcmVhZG9ubHkgZGJNYXN0ZXJVc2VyQ3JlZGVudGlhbHM6IFNlY3JldDtcbiAgLyoqIEF1cm9yYSBkYXRhYmFzZSBjbHVzdGVyIHdoZXJlIHRoZSBvd25lciByb2xlIGlzIGNyZWF0ZWQuICovXG4gIHJlYWRvbmx5IGRiQ2x1c3RlcjogRGF0YWJhc2VDbHVzdGVyO1xuICAvKiogTmFtZSBvZiB0aGUgUG9zdGdyZVNRTCBkYXRhYmFzZSB0YXJnZXRlZCBieSB0aGUgY3VzdG9tIHJlc291cmNlLiAqL1xuICByZWFkb25seSBkYk5hbWU6IHN0cmluZztcbiAgLyoqIFVzZXJuYW1lIG9mIHRoZSBvd25lciByb2xlIHRvIGNyZWF0ZSAoYE5PTE9HSU5gLCBgTk9JTkhFUklUYCkuICovXG4gIHJlYWRvbmx5IG93bmVyVXNlcm5hbWU6IHN0cmluZztcbn1cblxuLyoqXG4gKiBDREsgY29uc3RydWN0IHRoYXQgcHJvdmlzaW9ucyBhIFBvc3RncmVTUUwgb3duZXIgcm9sZSBvbiBhbiBBdXJvcmEgY2x1c3RlclxuICogdXNpbmcgYSBjdXN0b20gcmVzb3VyY2UgYmFja2VkIGJ5IHRoZSBSRFMgRGF0YSBBUEkuXG4gKlxuICogVGhlIG1hc3RlciB1c2VybmFtZSBpcyBkZXJpdmVkIGZyb20gdGhlIGB1c2VybmFtZWAgZmllbGQgb2ZcbiAqIHtAbGluayBBdXJvcmFEYXRhYmFzZUNyZWF0ZU93bmVyUHJvcHMuZGJNYXN0ZXJVc2VyQ3JlZGVudGlhbHN9IHRocm91Z2ggYVxuICogU2VjcmV0cyBNYW5hZ2VyIGR5bmFtaWMgcmVmZXJlbmNlOyBjYWxsZXJzIGRvIG5vdCBwYXNzIGl0IGV4cGxpY2l0bHkuXG4gKi9cbmV4cG9ydCBjbGFzcyBBdXJvcmFEYXRhYmFzZUNyZWF0ZU93bmVyIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgLyoqXG4gICAqIEBwYXJhbSBzY29wZSAtIFBhcmVudCBjb25zdHJ1Y3QuXG4gICAqIEBwYXJhbSBpZCAtIENvbnN0cnVjdCBpZGVudGlmaWVyLlxuICAgKiBAcGFyYW0gcHJvcHMgLSBDb25maWd1cmF0aW9uIGZvciB0aGUgZGF0YWJhc2Ugb3duZXIgcm9sZS5cbiAgICovXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBBdXJvcmFEYXRhYmFzZUNyZWF0ZU93bmVyUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuXG4gICAgY29uc3QgeyBkYk1hc3RlclVzZXJDcmVkZW50aWFscywgZGJDbHVzdGVyLCBkYk5hbWUsIG93bmVyVXNlcm5hbWUgfSA9IHByb3BzO1xuXG4gICAgLy8g8J+RhyBDcmVhdGUgZGF0YWJhc2Ugb3duZXIuXG4gICAgY29uc3QgY3JlYXRlT3duZXJGdW5jdGlvbiA9IG5ldyBBdXJvcmFEYXRhYmFzZUNyZWF0ZU93bmVyRnVuY3Rpb24odGhpcywgJ0F1cm9yYURhdGFiYXNlQ3JlYXRlT3duZXJGdW5jdGlvbicsIHtcbiAgICAgIGFyY2hpdGVjdHVyZTogQXJjaGl0ZWN0dXJlLkFSTV82NCxcbiAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLm1pbnV0ZXMoMSksXG4gICAgICBsb2dnaW5nRm9ybWF0OiBMb2dnaW5nRm9ybWF0LkpTT04sXG4gICAgICBzeXN0ZW1Mb2dMZXZlbFYyOiBTeXN0ZW1Mb2dMZXZlbC5JTkZPLFxuICAgICAgYXBwbGljYXRpb25Mb2dMZXZlbFYyOiBBcHBsaWNhdGlvbkxvZ0xldmVsLklORk8sXG4gICAgfSk7XG4gICAgZGJNYXN0ZXJVc2VyQ3JlZGVudGlhbHMuZ3JhbnRSZWFkKGNyZWF0ZU93bmVyRnVuY3Rpb24pO1xuICAgIGNyZWF0ZU93bmVyRnVuY3Rpb24uYWRkVG9Sb2xlUG9saWN5KG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgYWN0aW9uczogW1xuICAgICAgICAncmRzLWRhdGE6RXhlY3V0ZVN0YXRlbWVudCcsXG4gICAgICAgICdyZHMtZGF0YTpCZWdpblRyYW5zYWN0aW9uJyxcbiAgICAgICAgJ3Jkcy1kYXRhOkNvbW1pdFRyYW5zYWN0aW9uJyxcbiAgICAgICAgJ3Jkcy1kYXRhOlJvbGxiYWNrVHJhbnNhY3Rpb24nLFxuICAgICAgXSxcbiAgICAgIHJlc291cmNlczogW2RiQ2x1c3Rlci5jbHVzdGVyQXJuXSxcbiAgICB9KSk7XG4gICAgY3JlYXRlT3duZXJGdW5jdGlvbi5hZGRUb1JvbGVQb2xpY3kobmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICBhY3Rpb25zOiBbJ3Jkcy1kYXRhOkV4ZWN1dGVTdGF0ZW1lbnQnXSxcbiAgICAgIHJlc291cmNlczogW2RiQ2x1c3Rlci5jbHVzdGVyQXJuXSxcbiAgICB9KSk7XG5cbiAgICBjb25zdCBhdXJvcmFEYXRhYmFzZUNyZWF0ZU93bmVyUHJvdmlkZXIgPSBuZXcgUHJvdmlkZXIodGhpcywgJ0F1cm9yYURhdGFiYXNlQ3JlYXRlT3duZXJQcm92aWRlcicsIHtcbiAgICAgIG9uRXZlbnRIYW5kbGVyOiBjcmVhdGVPd25lckZ1bmN0aW9uLFxuICAgIH0pO1xuXG4gICAgY29uc3QgY3JlYXRlT3duZXIgPSBuZXcgQ3VzdG9tUmVzb3VyY2UodGhpcywgJ0F1cm9yYURhdGFiYXNlQ3JlYXRlT3duZXJDdXN0b21SZXNvdXJjZScsIHtcbiAgICAgIHNlcnZpY2VUb2tlbjogYXVyb3JhRGF0YWJhc2VDcmVhdGVPd25lclByb3ZpZGVyLnNlcnZpY2VUb2tlbixcbiAgICAgIHNlcnZpY2VUaW1lb3V0OiBEdXJhdGlvbi5zZWNvbmRzKDEwKSxcbiAgICAgIHByb3BlcnRpZXM6IHtcbiAgICAgICAgTWFzdGVyVXNlclNlY3JldEFybjogZGJNYXN0ZXJVc2VyQ3JlZGVudGlhbHMuc2VjcmV0QXJuLFxuICAgICAgICBNYXN0ZXJVc2VybmFtZTogZGJNYXN0ZXJVc2VyQ3JlZGVudGlhbHMuc2VjcmV0VmFsdWVGcm9tSnNvbigndXNlcm5hbWUnKS51bnNhZmVVbndyYXAoKSxcbiAgICAgICAgRGF0YWJhc2VOYW1lOiBkYk5hbWUsXG4gICAgICAgIENsdXN0ZXJBcm46IGRiQ2x1c3Rlci5jbHVzdGVyQXJuLFxuICAgICAgICBPd25lclVzZXJuYW1lOiBvd25lclVzZXJuYW1lLFxuICAgICAgfSxcbiAgICB9KTtcbiAgICBjcmVhdGVPd25lci5ub2RlLmFkZERlcGVuZGVuY3koZGJDbHVzdGVyKTtcbiAgfVxufSJdfQ==

package/lib/funcs/aurora-database-create-owner-function.d.ts

@@ -0,0 +1,13 @@
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import { Construct } from 'constructs';
+/**
+ * Props for AuroraDatabaseCreateOwnerFunction
+ */
+export interface AuroraDatabaseCreateOwnerFunctionProps extends lambda.FunctionOptions {
+}
+/**
+ * An AWS Lambda function which executes src/funcs/aurora-database-create-owner.
+ */
+export declare class AuroraDatabaseCreateOwnerFunction extends lambda.Function {
+    constructor(scope: Construct, id: string, props?: AuroraDatabaseCreateOwnerFunctionProps);
+}

package/lib/funcs/aurora-database-create-owner-function.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuroraDatabaseCreateOwnerFunction = void 0;
+// ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
+const path = require("path");
+const lambda = require("aws-cdk-lib/aws-lambda");
+/**
+ * An AWS Lambda function which executes src/funcs/aurora-database-create-owner.
+ */
+class AuroraDatabaseCreateOwnerFunction extends lambda.Function {
+    constructor(scope, id, props) {
+        super(scope, id, {
+            description: 'src/funcs/aurora-database-create-owner.lambda.ts',
+            ...props,
+            runtime: new lambda.Runtime('nodejs24.x', lambda.RuntimeFamily.NODEJS),
+            handler: 'index.handler',
+            code: lambda.Code.fromAsset(path.join(__dirname, '../../assets/funcs/aurora-database-create-owner.lambda')),
+        });
+        this.addEnvironment('AWS_NODEJS_CONNECTION_REUSE_ENABLED', '1', { removeInEdge: true });
+    }
+}
+exports.AuroraDatabaseCreateOwnerFunction = AuroraDatabaseCreateOwnerFunction;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXVyb3JhLWRhdGFiYXNlLWNyZWF0ZS1vd25lci1mdW5jdGlvbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9mdW5jcy9hdXJvcmEtZGF0YWJhc2UtY3JlYXRlLW93bmVyLWZ1bmN0aW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDZFQUE2RTtBQUM3RSw2QkFBNkI7QUFDN0IsaURBQWlEO0FBU2pEOztHQUVHO0FBQ0gsTUFBYSxpQ0FBa0MsU0FBUSxNQUFNLENBQUMsUUFBUTtJQUNwRSxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQThDO1FBQ3RGLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFO1lBQ2YsV0FBVyxFQUFFLGtEQUFrRDtZQUMvRCxHQUFHLEtBQUs7WUFDUixPQUFPLEVBQUUsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLFlBQVksRUFBRSxNQUFNLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQztZQUN0RSxPQUFPLEVBQUUsZUFBZTtZQUN4QixJQUFJLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsd0RBQXdELENBQUMsQ0FBQztTQUM1RyxDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsY0FBYyxDQUFDLHFDQUFxQyxFQUFFLEdBQUcsRUFBRSxFQUFFLFlBQVksRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQzFGLENBQUM7Q0FDRjtBQVhELDhFQVdDIiwic291cmNlc0NvbnRlbnQiOlsiLy8gfn4gR2VuZXJhdGVkIGJ5IHByb2plbi4gVG8gbW9kaWZ5LCBlZGl0IC5wcm9qZW5yYy50cyBhbmQgcnVuIFwibnB4IHByb2plblwiLlxuaW1wb3J0ICogYXMgcGF0aCBmcm9tICdwYXRoJztcbmltcG9ydCAqIGFzIGxhbWJkYSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtbGFtYmRhJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuXG4vKipcbiAqIFByb3BzIGZvciBBdXJvcmFEYXRhYmFzZUNyZWF0ZU93bmVyRnVuY3Rpb25cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBBdXJvcmFEYXRhYmFzZUNyZWF0ZU93bmVyRnVuY3Rpb25Qcm9wcyBleHRlbmRzIGxhbWJkYS5GdW5jdGlvbk9wdGlvbnMge1xufVxuXG4vKipcbiAqIEFuIEFXUyBMYW1iZGEgZnVuY3Rpb24gd2hpY2ggZXhlY3V0ZXMgc3JjL2Z1bmNzL2F1cm9yYS1kYXRhYmFzZS1jcmVhdGUtb3duZXIuXG4gKi9cbmV4cG9ydCBjbGFzcyBBdXJvcmFEYXRhYmFzZUNyZWF0ZU93bmVyRnVuY3Rpb24gZXh0ZW5kcyBsYW1iZGEuRnVuY3Rpb24ge1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wcz86IEF1cm9yYURhdGFiYXNlQ3JlYXRlT3duZXJGdW5jdGlvblByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkLCB7XG4gICAgICBkZXNjcmlwdGlvbjogJ3NyYy9mdW5jcy9hdXJvcmEtZGF0YWJhc2UtY3JlYXRlLW93bmVyLmxhbWJkYS50cycsXG4gICAgICAuLi5wcm9wcyxcbiAgICAgIHJ1bnRpbWU6IG5ldyBsYW1iZGEuUnVudGltZSgnbm9kZWpzMjQueCcsIGxhbWJkYS5SdW50aW1lRmFtaWx5Lk5PREVKUyksXG4gICAgICBoYW5kbGVyOiAnaW5kZXguaGFuZGxlcicsXG4gICAgICBjb2RlOiBsYW1iZGEuQ29kZS5mcm9tQXNzZXQocGF0aC5qb2luKF9fZGlybmFtZSwgJy4uLy4uL2Fzc2V0cy9mdW5jcy9hdXJvcmEtZGF0YWJhc2UtY3JlYXRlLW93bmVyLmxhbWJkYScpKSxcbiAgICB9KTtcbiAgICB0aGlzLmFkZEVudmlyb25tZW50KCdBV1NfTk9ERUpTX0NPTk5FQ1RJT05fUkVVU0VfRU5BQkxFRCcsICcxJywgeyByZW1vdmVJbkVkZ2U6IHRydWUgfSk7XG4gIH1cbn0iXX0=

package/lib/funcs/aurora-database-create-owner.lambda.d.ts

@@ -0,0 +1,17 @@
+import { CdkCustomResourceHandler } from 'aws-lambda';
+/**
+ * Custom resource handler that creates a PostgreSQL owner role on Aurora.
+ *
+ * On Create, reads `MasterUserSecretArn`, `MasterUsername`, `DatabaseName`,
+ * `ClusterArn`, and `OwnerUsername` from `ResourceProperties`. `MasterUsername`
+ * is resolved by CloudFormation from the credentials secret at deploy time.
+ * If the owner role does not already exist, creates it with `NOLOGIN NOINHERIT`
+ * and grants it to the master user inside a transaction. Update and Delete are
+ * no-ops that preserve the physical resource ID.
+ *
+ * @param event - CloudFormation custom resource event.
+ * @param context - Lambda execution context.
+ * @returns Custom resource response with a physical resource ID and optional data.
+ * @throws Rethrows any error after rolling back an open transaction on Create.
+ */
+export declare const handler: CdkCustomResourceHandler;

package/lib/funcs/aurora-database-create-owner.lambda.js

@@ -0,0 +1,96 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handler = void 0;
+const client_rds_data_1 = require("@aws-sdk/client-rds-data");
+/** Reused RDS Data API client for the Lambda execution environment. */
+const rdsDataClient = new client_rds_data_1.RDSDataClient({});
+/**
+ * Custom resource handler that creates a PostgreSQL owner role on Aurora.
+ *
+ * On Create, reads `MasterUserSecretArn`, `MasterUsername`, `DatabaseName`,
+ * `ClusterArn`, and `OwnerUsername` from `ResourceProperties`. `MasterUsername`
+ * is resolved by CloudFormation from the credentials secret at deploy time.
+ * If the owner role does not already exist, creates it with `NOLOGIN NOINHERIT`
+ * and grants it to the master user inside a transaction. Update and Delete are
+ * no-ops that preserve the physical resource ID.
+ *
+ * @param event - CloudFormation custom resource event.
+ * @param context - Lambda execution context.
+ * @returns Custom resource response with a physical resource ID and optional data.
+ * @throws Rethrows any error after rolling back an open transaction on Create.
+ */
+const handler = async (event, context) => {
+    console.log({ event, context });
+    switch (event.RequestType) {
+        case 'Create':
+            const masterUserSecretArn = event.ResourceProperties.MasterUserSecretArn;
+            const masterUsername = event.ResourceProperties.MasterUsername;
+            const databaseName = event.ResourceProperties.DatabaseName;
+            const clusterArn = event.ResourceProperties.ClusterArn;
+            const ownerUsername = event.ResourceProperties.OwnerUsername;
+            const physicalResourceId = `${clusterArn}:${databaseName}:${ownerUsername}`;
+            const rdsDataTarget = {
+                resourceArn: clusterArn,
+                secretArn: masterUserSecretArn,
+                database: databaseName,
+            };
+            // 👇 Begin transaction.
+            const { transactionId } = await rdsDataClient.send(new client_rds_data_1.BeginTransactionCommand(rdsDataTarget));
+            try {
+                const exists = await (async () => {
+                    const result = await rdsDataClient.send(new client_rds_data_1.ExecuteStatementCommand({
+                        ...rdsDataTarget,
+                        transactionId,
+                        formatRecordsAs: 'JSON',
+                        sql: 'SELECT 1 FROM pg_roles WHERE rolname = :r',
+                        parameters: [{ name: 'r', value: { stringValue: ownerUsername } }],
+                    }));
+                    return (result.records ?? []).length > 0;
+                })();
+                if (!exists) {
+                    // Create user
+                    await rdsDataClient.send(new client_rds_data_1.ExecuteStatementCommand({
+                        ...rdsDataTarget,
+                        transactionId,
+                        sql: `CREATE ROLE ${ownerUsername} NOLOGIN NOINHERIT`,
+                    }));
+                    // 👇 次の処理のために実行ロールを変更
+                    await rdsDataClient.send(new client_rds_data_1.ExecuteStatementCommand({
+                        ...rdsDataTarget,
+                        transactionId,
+                        sql: `GRANT ${ownerUsername} TO ${masterUsername}`,
+                    }));
+                    await rdsDataClient.send(new client_rds_data_1.CommitTransactionCommand({
+                        resourceArn: rdsDataTarget.resourceArn,
+                        secretArn: rdsDataTarget.secretArn,
+                        transactionId,
+                    }));
+                }
+                return {
+                    PhysicalResourceId: physicalResourceId,
+                    Data: {
+                        created: true,
+                    },
+                };
+            }
+            catch (error) {
+                if (transactionId) {
+                    await rdsDataClient.send(new client_rds_data_1.RollbackTransactionCommand({
+                        resourceArn: rdsDataTarget.resourceArn,
+                        secretArn: rdsDataTarget.secretArn,
+                        transactionId,
+                    })).catch(() => { });
+                }
+                throw error;
+            }
+        case 'Update':
+        case 'Delete':
+            return {
+                PhysicalResourceId: event.PhysicalResourceId,
+            };
+        default:
+            throw new Error('unreachable');
+    }
+};
+exports.handler = handler;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXVyb3JhLWRhdGFiYXNlLWNyZWF0ZS1vd25lci5sYW1iZGEuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZnVuY3MvYXVyb3JhLWRhdGFiYXNlLWNyZWF0ZS1vd25lci5sYW1iZGEudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsOERBQWlLO0FBR2pLLHVFQUF1RTtBQUN2RSxNQUFNLGFBQWEsR0FBRyxJQUFJLCtCQUFhLENBQUMsRUFBRSxDQUFDLENBQUM7QUFFNUM7Ozs7Ozs7Ozs7Ozs7O0dBY0c7QUFDSSxNQUFNLE9BQU8sR0FBNkIsS0FBSyxFQUFFLEtBQTZCLEVBQUUsT0FBZ0IsRUFBc0MsRUFBRTtJQUM3SSxPQUFPLENBQUMsR0FBRyxDQUFDLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUM7SUFFaEMsUUFBUSxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDMUIsS0FBSyxRQUFRO1lBQ1gsTUFBTSxtQkFBbUIsR0FBRyxLQUFLLENBQUMsa0JBQWtCLENBQUMsbUJBQTZCLENBQUM7WUFDbkYsTUFBTSxjQUFjLEdBQUcsS0FBSyxDQUFDLGtCQUFrQixDQUFDLGNBQXdCLENBQUM7WUFDekUsTUFBTSxZQUFZLEdBQUcsS0FBSyxDQUFDLGtCQUFrQixDQUFDLFlBQXNCLENBQUM7WUFDckUsTUFBTSxVQUFVLEdBQUcsS0FBSyxDQUFDLGtCQUFrQixDQUFDLFVBQW9CLENBQUM7WUFDakUsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDLGtCQUFrQixDQUFDLGFBQXVCLENBQUM7WUFFdkUsTUFBTSxrQkFBa0IsR0FBRyxHQUFHLFVBQVUsSUFBSSxZQUFZLElBQUksYUFBYSxFQUFFLENBQUM7WUFFNUUsTUFBTSxhQUFhLEdBQUc7Z0JBQ3BCLFdBQVcsRUFBRSxVQUFVO2dCQUN2QixTQUFTLEVBQUUsbUJBQW1CO2dCQUM5QixRQUFRLEVBQUUsWUFBWTthQUN2QixDQUFDO1lBRUYsd0JBQXdCO1lBQ3hCLE1BQU0sRUFBRSxhQUFhLEVBQUUsR0FBRyxNQUFNLGFBQWEsQ0FBQyxJQUFJLENBQUMsSUFBSSx5Q0FBdUIsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDO1lBRS9GLElBQUksQ0FBQztnQkFFSCxNQUFNLE1BQU0sR0FBRyxNQUFNLENBQUMsS0FBSyxJQUFJLEVBQUU7b0JBQy9CLE1BQU0sTUFBTSxHQUFHLE1BQU0sYUFBYSxDQUFDLElBQUksQ0FBQyxJQUFJLHlDQUF1QixDQUFDO3dCQUNsRSxHQUFHLGFBQWE7d0JBQ2hCLGFBQWE7d0JBQ2IsZUFBZSxFQUFFLE1BQU07d0JBQ3ZCLEdBQUcsRUFBRSwyQ0FBMkM7d0JBQ2hELFVBQVUsRUFBRSxDQUFDLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxLQUFLLEVBQUUsRUFBRSxXQUFXLEVBQUUsYUFBYSxFQUFFLEVBQUUsQ0FBQztxQkFDbkUsQ0FBQyxDQUFDLENBQUM7b0JBQ0osT0FBTyxDQUFDLE1BQU0sQ0FBQyxPQUFPLElBQUksRUFBRSxDQUFDLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQztnQkFDM0MsQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFFTCxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7b0JBQ1osY0FBYztvQkFDZCxNQUFNLGFBQWEsQ0FBQyxJQUFJLENBQUMsSUFBSSx5Q0FBdUIsQ0FBQzt3QkFDbkQsR0FBRyxhQUFhO3dCQUNoQixhQUFhO3dCQUNiLEdBQUcsRUFBRSxlQUFlLGFBQWEsb0JBQW9CO3FCQUN0RCxDQUFDLENBQUMsQ0FBQztvQkFFSixzQkFBc0I7b0JBQ3RCLE1BQU0sYUFBYSxDQUFDLElBQUksQ0FBQyxJQUFJLHlDQUF1QixDQUFDO3dCQUNuRCxHQUFHLGFBQWE7d0JBQ2hCLGFBQWE7d0JBQ2IsR0FBRyxFQUFFLFNBQVMsYUFBYSxPQUFPLGNBQWMsRUFBRTtxQkFDbkQsQ0FBQyxDQUFDLENBQUM7b0JBRUosTUFBTSxhQUFhLENBQUMsSUFBSSxDQUFDLElBQUksMENBQXdCLENBQUM7d0JBQ3BELFdBQVcsRUFBRSxhQUFhLENBQUMsV0FBVzt3QkFDdEMsU0FBUyxFQUFFLGFBQWEsQ0FBQyxTQUFTO3dCQUNsQyxhQUFhO3FCQUNkLENBQUMsQ0FBQyxDQUFDO2dCQUNOLENBQUM7Z0JBQ0QsT0FBTztvQkFDTCxrQkFBa0IsRUFBRSxrQkFBa0I7b0JBQ3RDLElBQUksRUFBRTt3QkFDSixPQUFPLEVBQUUsSUFBSTtxQkFDZDtpQkFDRixDQUFDO1lBRUosQ0FBQztZQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7Z0JBQ2YsSUFBSSxhQUFhLEVBQUUsQ0FBQztvQkFDbEIsTUFBTSxhQUFhLENBQUMsSUFBSSxDQUFDLElBQUksNENBQTBCLENBQUM7d0JBQ3RELFdBQVcsRUFBRSxhQUFhLENBQUMsV0FBVzt3QkFDdEMsU0FBUyxFQUFFLGFBQWEsQ0FBQyxTQUFTO3dCQUNsQyxhQUFhO3FCQUNkLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxHQUFHLEVBQUUsR0FBRSxDQUFDLENBQUMsQ0FBQztnQkFDdEIsQ0FBQztnQkFDRCxNQUFNLEtBQUssQ0FBQztZQUNkLENBQUM7UUFDSCxLQUFLLFFBQVEsQ0FBQztRQUNkLEtBQUssUUFBUTtZQUNYLE9BQU87Z0JBQ0wsa0JBQWtCLEVBQUUsS0FBSyxDQUFDLGtCQUFrQjthQUM3QyxDQUFDO1FBQ0o7WUFDRSxNQUFNLElBQUksS0FBSyxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ25DLENBQUM7QUFDSCxDQUFDLENBQUM7QUFqRlcsUUFBQSxPQUFPLFdBaUZsQiIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IFJEU0RhdGFDbGllbnQsIEV4ZWN1dGVTdGF0ZW1lbnRDb21tYW5kLCBCZWdpblRyYW5zYWN0aW9uQ29tbWFuZCwgQ29tbWl0VHJhbnNhY3Rpb25Db21tYW5kLCBSb2xsYmFja1RyYW5zYWN0aW9uQ29tbWFuZCB9IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1yZHMtZGF0YSc7XG5pbXBvcnQgeyBDb250ZXh0LCBDZGtDdXN0b21SZXNvdXJjZUV2ZW50LCBDZGtDdXN0b21SZXNvdXJjZVJlc3BvbnNlLCBDZGtDdXN0b21SZXNvdXJjZUhhbmRsZXIgfSBmcm9tICdhd3MtbGFtYmRhJztcblxuLyoqIFJldXNlZCBSRFMgRGF0YSBBUEkgY2xpZW50IGZvciB0aGUgTGFtYmRhIGV4ZWN1dGlvbiBlbnZpcm9ubWVudC4gKi9cbmNvbnN0IHJkc0RhdGFDbGllbnQgPSBuZXcgUkRTRGF0YUNsaWVudCh7fSk7XG5cbi8qKlxuICogQ3VzdG9tIHJlc291cmNlIGhhbmRsZXIgdGhhdCBjcmVhdGVzIGEgUG9zdGdyZVNRTCBvd25lciByb2xlIG9uIEF1cm9yYS5cbiAqXG4gKiBPbiBDcmVhdGUsIHJlYWRzIGBNYXN0ZXJVc2VyU2VjcmV0QXJuYCwgYE1hc3RlclVzZXJuYW1lYCwgYERhdGFiYXNlTmFtZWAsXG4gKiBgQ2x1c3RlckFybmAsIGFuZCBgT3duZXJVc2VybmFtZWAgZnJvbSBgUmVzb3VyY2VQcm9wZXJ0aWVzYC4gYE1hc3RlclVzZXJuYW1lYFxuICogaXMgcmVzb2x2ZWQgYnkgQ2xvdWRGb3JtYXRpb24gZnJvbSB0aGUgY3JlZGVudGlhbHMgc2VjcmV0IGF0IGRlcGxveSB0aW1lLlxuICogSWYgdGhlIG93bmVyIHJvbGUgZG9lcyBub3QgYWxyZWFkeSBleGlzdCwgY3JlYXRlcyBpdCB3aXRoIGBOT0xPR0lOIE5PSU5IRVJJVGBcbiAqIGFuZCBncmFudHMgaXQgdG8gdGhlIG1hc3RlciB1c2VyIGluc2lkZSBhIHRyYW5zYWN0aW9uLiBVcGRhdGUgYW5kIERlbGV0ZSBhcmVcbiAqIG5vLW9wcyB0aGF0IHByZXNlcnZlIHRoZSBwaHlzaWNhbCByZXNvdXJjZSBJRC5cbiAqXG4gKiBAcGFyYW0gZXZlbnQgLSBDbG91ZEZvcm1hdGlvbiBjdXN0b20gcmVzb3VyY2UgZXZlbnQuXG4gKiBAcGFyYW0gY29udGV4dCAtIExhbWJkYSBleGVjdXRpb24gY29udGV4dC5cbiAqIEByZXR1cm5zIEN1c3RvbSByZXNvdXJjZSByZXNwb25zZSB3aXRoIGEgcGh5c2ljYWwgcmVzb3VyY2UgSUQgYW5kIG9wdGlvbmFsIGRhdGEuXG4gKiBAdGhyb3dzIFJldGhyb3dzIGFueSBlcnJvciBhZnRlciByb2xsaW5nIGJhY2sgYW4gb3BlbiB0cmFuc2FjdGlvbiBvbiBDcmVhdGUuXG4gKi9cbmV4cG9ydCBjb25zdCBoYW5kbGVyOiBDZGtDdXN0b21SZXNvdXJjZUhhbmRsZXIgPSBhc3luYyAoZXZlbnQ6IENka0N1c3RvbVJlc291cmNlRXZlbnQsIGNvbnRleHQ6IENvbnRleHQpOiBQcm9taXNlPENka0N1c3RvbVJlc291cmNlUmVzcG9uc2U+ID0+IHtcbiAgY29uc29sZS5sb2coeyBldmVudCwgY29udGV4dCB9KTtcblxuICBzd2l0Y2ggKGV2ZW50LlJlcXVlc3RUeXBlKSB7XG4gICAgY2FzZSAnQ3JlYXRlJzpcbiAgICAgIGNvbnN0IG1hc3RlclVzZXJTZWNyZXRBcm4gPSBldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuTWFzdGVyVXNlclNlY3JldEFybiBhcyBzdHJpbmc7XG4gICAgICBjb25zdCBtYXN0ZXJVc2VybmFtZSA9IGV2ZW50LlJlc291cmNlUHJvcGVydGllcy5NYXN0ZXJVc2VybmFtZSBhcyBzdHJpbmc7XG4gICAgICBjb25zdCBkYXRhYmFzZU5hbWUgPSBldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuRGF0YWJhc2VOYW1lIGFzIHN0cmluZztcbiAgICAgIGNvbnN0IGNsdXN0ZXJBcm4gPSBldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuQ2x1c3RlckFybiBhcyBzdHJpbmc7XG4gICAgICBjb25zdCBvd25lclVzZXJuYW1lID0gZXZlbnQuUmVzb3VyY2VQcm9wZXJ0aWVzLk93bmVyVXNlcm5hbWUgYXMgc3RyaW5nO1xuXG4gICAgICBjb25zdCBwaHlzaWNhbFJlc291cmNlSWQgPSBgJHtjbHVzdGVyQXJufToke2RhdGFiYXNlTmFtZX06JHtvd25lclVzZXJuYW1lfWA7XG5cbiAgICAgIGNvbnN0IHJkc0RhdGFUYXJnZXQgPSB7XG4gICAgICAgIHJlc291cmNlQXJuOiBjbHVzdGVyQXJuLFxuICAgICAgICBzZWNyZXRBcm46IG1hc3RlclVzZXJTZWNyZXRBcm4sXG4gICAgICAgIGRhdGFiYXNlOiBkYXRhYmFzZU5hbWUsXG4gICAgICB9O1xuXG4gICAgICAvLyDwn5GHIEJlZ2luIHRyYW5zYWN0aW9uLlxuICAgICAgY29uc3QgeyB0cmFuc2FjdGlvbklkIH0gPSBhd2FpdCByZHNEYXRhQ2xpZW50LnNlbmQobmV3IEJlZ2luVHJhbnNhY3Rpb25Db21tYW5kKHJkc0RhdGFUYXJnZXQpKTtcblxuICAgICAgdHJ5IHtcblxuICAgICAgICBjb25zdCBleGlzdHMgPSBhd2FpdCAoYXN5bmMgKCkgPT4ge1xuICAgICAgICAgIGNvbnN0IHJlc3VsdCA9IGF3YWl0IHJkc0RhdGFDbGllbnQuc2VuZChuZXcgRXhlY3V0ZVN0YXRlbWVudENvbW1hbmQoe1xuICAgICAgICAgICAgLi4ucmRzRGF0YVRhcmdldCxcbiAgICAgICAgICAgIHRyYW5zYWN0aW9uSWQsXG4gICAgICAgICAgICBmb3JtYXRSZWNvcmRzQXM6ICdKU09OJyxcbiAgICAgICAgICAgIHNxbDogJ1NFTEVDVCAxIEZST00gcGdfcm9sZXMgV0hFUkUgcm9sbmFtZSA9IDpyJyxcbiAgICAgICAgICAgIHBhcmFtZXRlcnM6IFt7IG5hbWU6ICdyJywgdmFsdWU6IHsgc3RyaW5nVmFsdWU6IG93bmVyVXNlcm5hbWUgfSB9XSxcbiAgICAgICAgICB9KSk7XG4gICAgICAgICAgcmV0dXJuIChyZXN1bHQucmVjb3JkcyA/PyBbXSkubGVuZ3RoID4gMDtcbiAgICAgICAgfSkoKTtcblxuICAgICAgICBpZiAoIWV4aXN0cykge1xuICAgICAgICAgIC8vIENyZWF0ZSB1c2VyXG4gICAgICAgICAgYXdhaXQgcmRzRGF0YUNsaWVudC5zZW5kKG5ldyBFeGVjdXRlU3RhdGVtZW50Q29tbWFuZCh7XG4gICAgICAgICAgICAuLi5yZHNEYXRhVGFyZ2V0LFxuICAgICAgICAgICAgdHJhbnNhY3Rpb25JZCxcbiAgICAgICAgICAgIHNxbDogYENSRUFURSBST0xFICR7b3duZXJVc2VybmFtZX0gTk9MT0dJTiBOT0lOSEVSSVRgLFxuICAgICAgICAgIH0pKTtcblxuICAgICAgICAgIC8vIPCfkYcg5qyh44Gu5Yem55CG44Gu44Gf44KB44Gr5a6f6KGM44Ot44O844Or44KS5aSJ5pu0XG4gICAgICAgICAgYXdhaXQgcmRzRGF0YUNsaWVudC5zZW5kKG5ldyBFeGVjdXRlU3RhdGVtZW50Q29tbWFuZCh7XG4gICAgICAgICAgICAuLi5yZHNEYXRhVGFyZ2V0LFxuICAgICAgICAgICAgdHJhbnNhY3Rpb25JZCxcbiAgICAgICAgICAgIHNxbDogYEdSQU5UICR7b3duZXJVc2VybmFtZX0gVE8gJHttYXN0ZXJVc2VybmFtZX1gLFxuICAgICAgICAgIH0pKTtcblxuICAgICAgICAgIGF3YWl0IHJkc0RhdGFDbGllbnQuc2VuZChuZXcgQ29tbWl0VHJhbnNhY3Rpb25Db21tYW5kKHtcbiAgICAgICAgICAgIHJlc291cmNlQXJuOiByZHNEYXRhVGFyZ2V0LnJlc291cmNlQXJuLFxuICAgICAgICAgICAgc2VjcmV0QXJuOiByZHNEYXRhVGFyZ2V0LnNlY3JldEFybixcbiAgICAgICAgICAgIHRyYW5zYWN0aW9uSWQsXG4gICAgICAgICAgfSkpO1xuICAgICAgICB9XG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBwaHlzaWNhbFJlc291cmNlSWQsXG4gICAgICAgICAgRGF0YToge1xuICAgICAgICAgICAgY3JlYXRlZDogdHJ1ZSxcbiAgICAgICAgICB9LFxuICAgICAgICB9O1xuXG4gICAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgICBpZiAodHJhbnNhY3Rpb25JZCkge1xuICAgICAgICAgIGF3YWl0IHJkc0RhdGFDbGllbnQuc2VuZChuZXcgUm9sbGJhY2tUcmFuc2FjdGlvbkNvbW1hbmQoe1xuICAgICAgICAgICAgcmVzb3VyY2VBcm46IHJkc0RhdGFUYXJnZXQucmVzb3VyY2VBcm4sXG4gICAgICAgICAgICBzZWNyZXRBcm46IHJkc0RhdGFUYXJnZXQuc2VjcmV0QXJuLFxuICAgICAgICAgICAgdHJhbnNhY3Rpb25JZCxcbiAgICAgICAgICB9KSkuY2F0Y2goKCkgPT4ge30pO1xuICAgICAgICB9XG4gICAgICAgIHRocm93IGVycm9yO1xuICAgICAgfVxuICAgIGNhc2UgJ1VwZGF0ZSc6XG4gICAgY2FzZSAnRGVsZXRlJzpcbiAgICAgIHJldHVybiB7XG4gICAgICAgIFBoeXNpY2FsUmVzb3VyY2VJZDogZXZlbnQuUGh5c2ljYWxSZXNvdXJjZUlkLFxuICAgICAgfTtcbiAgICBkZWZhdWx0OlxuICAgICAgdGhyb3cgbmV3IEVycm9yKCd1bnJlYWNoYWJsZScpO1xuICB9XG59O1xuIl19

package/lib/index.d.ts

@@ -0,0 +1 @@
+export * from './constructs/aurora-database-create-owner';

package/lib/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./constructs/aurora-database-create-owner"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDRFQUEwRCIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCAqIGZyb20gJy4vY29uc3RydWN0cy9hdXJvcmEtZGF0YWJhc2UtY3JlYXRlLW93bmVyJzsiXX0=

package/package.json

@@ -0,0 +1,146 @@
+{
+  "name": "rds-aurora-bootstrapper",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/gammarers-aws-cdk-constructs/rds-aurora-bootstrapper.git"
+  },
+  "scripts": {
+    "build": "projen build",
+    "bump": "projen bump",
+    "bundle": "projen bundle",
+    "bundle:funcs/aurora-database-create-owner.lambda": "projen bundle:funcs/aurora-database-create-owner.lambda",
+    "bundle:funcs/aurora-database-create-owner.lambda:watch": "projen bundle:funcs/aurora-database-create-owner.lambda:watch",
+    "clobber": "projen clobber",
+    "compat": "projen compat",
+    "compile": "projen compile",
+    "default": "projen default",
+    "docgen": "projen docgen",
+    "eject": "projen eject",
+    "eslint": "projen eslint",
+    "package": "projen package",
+    "package-all": "projen package-all",
+    "package:js": "projen package:js",
+    "post-compile": "projen post-compile",
+    "post-upgrade": "projen post-upgrade",
+    "pre-compile": "projen pre-compile",
+    "release": "projen release",
+    "test": "projen test",
+    "test:watch": "projen test:watch",
+    "unbump": "projen unbump",
+    "upgrade": "projen upgrade",
+    "watch": "projen watch",
+    "projen": "projen"
+  },
+  "author": {
+    "name": "yicr",
+    "email": "yicr@users.noreply.github.com",
+    "organization": false
+  },
+  "devDependencies": {
+    "@aws-sdk/client-rds-data": "^3.743.0",
+    "@aws-sdk/client-secrets-manager": "^3.743.0",
+    "@stylistic/eslint-plugin": "^2",
+    "@types/aws-lambda": "^8.10.161",
+    "@types/jest": "^30.0.0",
+    "@types/node": "^20",
+    "@typescript-eslint/eslint-plugin": "^8",
+    "@typescript-eslint/parser": "^8",
+    "aws-cdk-lib": "2.232.0",
+    "commit-and-tag-version": "^12",
+    "constructs": "10.5.1",
+    "esbuild": "^0.28.0",
+    "eslint": "^9",
+    "eslint-import-resolver-typescript": "^4.4.4",
+    "eslint-plugin-import": "^2.32.0",
+    "jest": "^30.4.2",
+    "jest-junit": "^17",
+    "jsii": "5.9.x",
+    "jsii-diff": "^1.132.0",
+    "jsii-docgen": "^10.5.0",
+    "jsii-pacmak": "^1.132.0",
+    "jsii-rosetta": "5.9.x",
+    "projen": "^0.99.64",
+    "ts-jest": "^29.4.11",
+    "ts-node": "^10.9.2",
+    "typescript": "5.9.x"
+  },
+  "peerDependencies": {
+    "aws-cdk-lib": "^2.232.0",
+    "constructs": "^10.5.1"
+  },
+  "keywords": [
+    "cdk"
+  ],
+  "engines": {
+    "node": ">= 20.0.0"
+  },
+  "devEngines": {
+    "packageManager": {
+      "name": "yarn",
+      "version": "1.22.22",
+      "onFail": "ignore"
+    }
+  },
+  "main": "lib/index.js",
+  "license": "Apache-2.0",
+  "publishConfig": {
+    "access": "public"
+  },
+  "version": "0.1.1",
+  "jest": {
+    "coverageProvider": "v8",
+    "testMatch": [
+      "<rootDir>/@(src|test)/**/*(*.)@(spec|test).ts?(x)",
+      "<rootDir>/@(src|test)/**/__tests__/**/*.ts?(x)",
+      "<rootDir>/@(projenrc)/**/*(*.)@(spec|test).ts?(x)",
+      "<rootDir>/@(projenrc)/**/__tests__/**/*.ts?(x)"
+    ],
+    "clearMocks": true,
+    "collectCoverage": true,
+    "coverageReporters": [
+      "json",
+      "lcov",
+      "clover",
+      "cobertura",
+      "text"
+    ],
+    "coverageDirectory": "coverage",
+    "coveragePathIgnorePatterns": [
+      "/node_modules/"
+    ],
+    "testPathIgnorePatterns": [
+      "/node_modules/"
+    ],
+    "watchPathIgnorePatterns": [
+      "/node_modules/"
+    ],
+    "reporters": [
+      "default",
+      [
+        "jest-junit",
+        {
+          "outputDirectory": "test-reports"
+        }
+      ]
+    ],
+    "transform": {
+      "^.+\\.[t]sx?$": [
+        "ts-jest",
+        {
+          "tsconfig": "tsconfig.dev.json"
+        }
+      ]
+    }
+  },
+  "types": "lib/index.d.ts",
+  "stability": "stable",
+  "jsii": {
+    "outdir": "dist",
+    "targets": {},
+    "tsc": {
+      "outDir": "lib",
+      "rootDir": "src"
+    }
+  },
+  "//": "~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\"."
+}