terraconstructs 0.0.17 → 0.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +4536 -6
- package/lib/aws/arn.js +1 -1
- package/lib/aws/aws-construct.js +1 -1
- package/lib/aws/aws-stack.js +1 -1
- package/lib/aws/aws-tags.js +2 -2
- package/lib/aws/cloudwatch/actions/ec2.js +1 -1
- package/lib/aws/cloudwatch/actions/lambda.js +1 -1
- package/lib/aws/cloudwatch/alarm-base.js +1 -1
- package/lib/aws/cloudwatch/alarm-rule.js +1 -1
- package/lib/aws/cloudwatch/alarm-status-widget.js +1 -1
- package/lib/aws/cloudwatch/alarm.js +1 -1
- package/lib/aws/cloudwatch/composite-alarm.js +1 -1
- package/lib/aws/cloudwatch/dashboard.js +1 -1
- package/lib/aws/cloudwatch/data-protection-policy.js +3 -3
- package/lib/aws/cloudwatch/graph.js +8 -8
- package/lib/aws/cloudwatch/layout.js +3 -3
- package/lib/aws/cloudwatch/log-destinations/kinesis.js +1 -1
- package/lib/aws/cloudwatch/log-destinations/lambda.js +1 -1
- package/lib/aws/cloudwatch/log-group.js +1 -1
- package/lib/aws/cloudwatch/log-query.js +1 -1
- package/lib/aws/cloudwatch/log-stream.js +1 -1
- package/lib/aws/cloudwatch/metric-filter.js +1 -1
- package/lib/aws/cloudwatch/metric.js +2 -2
- package/lib/aws/cloudwatch/pattern.js +3 -3
- package/lib/aws/cloudwatch/policy.js +1 -1
- package/lib/aws/cloudwatch/query-definition.js +2 -2
- package/lib/aws/cloudwatch/stats.js +1 -1
- package/lib/aws/cloudwatch/subscription-filter.js +1 -1
- package/lib/aws/cloudwatch/text.js +1 -1
- package/lib/aws/cloudwatch/variable.js +3 -3
- package/lib/aws/cloudwatch/widget.js +1 -1
- package/lib/aws/compute/activity.js +1 -1
- package/lib/aws/compute/alb/application-listener-action.js +1 -1
- package/lib/aws/compute/alb/application-listener-certificate.js +1 -1
- package/lib/aws/compute/alb/application-listener-rule.js +1 -1
- package/lib/aws/compute/alb/application-listener.js +1 -1
- package/lib/aws/compute/alb/application-load-balancer.js +1 -1
- package/lib/aws/compute/alb/application-target-group.js +1 -1
- package/lib/aws/compute/alb/conditions.js +1 -1
- package/lib/aws/compute/alb/trust-store-revocation.js +1 -1
- package/lib/aws/compute/alb/trust-store.js +1 -1
- package/lib/aws/compute/architecture.js +1 -1
- package/lib/aws/compute/aspects/require-imdsv2-aspect.js +2 -2
- package/lib/aws/compute/bastion-host.js +1 -1
- package/lib/aws/compute/chain.js +1 -1
- package/lib/aws/compute/client-vpn-authorization-rule.js +1 -1
- package/lib/aws/compute/client-vpn-endpoint.js +2 -2
- package/lib/aws/compute/client-vpn-route.js +2 -2
- package/lib/aws/compute/condition.js +1 -1
- package/lib/aws/compute/connections.js +1 -1
- package/lib/aws/compute/event-invoke-config.js +1 -1
- package/lib/aws/compute/event-source-filter.js +2 -2
- package/lib/aws/compute/event-source-mapping.js +1 -1
- package/lib/aws/compute/event-sources/s3-onfailure-destination.js +1 -1
- package/lib/aws/compute/event-sources/s3.js +1 -1
- package/lib/aws/compute/event-sources/sqs-dlq.js +1 -1
- package/lib/aws/compute/event-sources/sqs.js +1 -1
- package/lib/aws/compute/fields.js +4 -4
- package/lib/aws/compute/function-alias.js +1 -1
- package/lib/aws/compute/function-base.js +2 -2
- package/lib/aws/compute/function-destinations/event-bridge.js +1 -1
- package/lib/aws/compute/function-destinations/function.js +1 -1
- package/lib/aws/compute/function-destinations/sqs.js +1 -1
- package/lib/aws/compute/function-nodejs.js +1 -1
- package/lib/aws/compute/function-url.js +1 -1
- package/lib/aws/compute/function.js +1 -1
- package/lib/aws/compute/instance-types.js +1 -1
- package/lib/aws/compute/instance.js +1 -1
- package/lib/aws/compute/ip-addresses.js +2 -2
- package/lib/aws/compute/ipam.js +1 -1
- package/lib/aws/compute/key-pair.js +1 -1
- package/lib/aws/compute/launch-template.js +3 -7
- package/lib/aws/compute/lb-shared/base-listener.js +1 -1
- package/lib/aws/compute/lb-shared/base-load-balancer.js +2 -2
- package/lib/aws/compute/lb-shared/base-target-group.js +1 -1
- package/lib/aws/compute/lb-shared/listener-certificate.js +1 -1
- package/lib/aws/compute/lb-shared/load-balancer-targets.js +2 -2
- package/lib/aws/compute/lb-targets/alb-target.js +3 -3
- package/lib/aws/compute/lb-targets/instance-target.js +2 -2
- package/lib/aws/compute/lb-targets/ip-target.js +1 -1
- package/lib/aws/compute/lb-targets/lambda-target.js +1 -1
- package/lib/aws/compute/load-balancer.js +3 -3
- package/lib/aws/compute/machine-image/amazon-linux-2022.js +2 -2
- package/lib/aws/compute/machine-image/amazon-linux-2023.js +2 -2
- package/lib/aws/compute/machine-image/amazon-linux2.js +2 -2
- package/lib/aws/compute/machine-image/common.js +1 -1
- package/lib/aws/compute/machine-image/machine-image.js +8 -8
- package/lib/aws/compute/nat.js +5 -5
- package/lib/aws/compute/network-acl-types.js +2 -2
- package/lib/aws/compute/network-acl.js +3 -3
- package/lib/aws/compute/nlb/network-listener-action.js +1 -1
- package/lib/aws/compute/nlb/network-listener.js +1 -1
- package/lib/aws/compute/nlb/network-load-balancer.js +1 -1
- package/lib/aws/compute/nlb/network-target-group.js +1 -1
- package/lib/aws/compute/peer.js +1 -1
- package/lib/aws/compute/placement-group.js +1 -1
- package/lib/aws/compute/port.js +1 -1
- package/lib/aws/compute/prefix-list.js +1 -1
- package/lib/aws/compute/route.js +8 -8
- package/lib/aws/compute/security-group.js +1 -1
- package/lib/aws/compute/state-graph.js +1 -1
- package/lib/aws/compute/state-machine-fragment.js +1 -1
- package/lib/aws/compute/state-machine.js +4 -4
- package/lib/aws/compute/states/choice.js +1 -1
- package/lib/aws/compute/states/custom-state.js +1 -1
- package/lib/aws/compute/states/distributed-map/item-batcher.js +1 -1
- package/lib/aws/compute/states/distributed-map/item-reader.js +5 -5
- package/lib/aws/compute/states/distributed-map/result-writer.js +1 -1
- package/lib/aws/compute/states/distributed-map.js +1 -1
- package/lib/aws/compute/states/fail.js +1 -1
- package/lib/aws/compute/states/map-base.js +1 -1
- package/lib/aws/compute/states/map.js +1 -1
- package/lib/aws/compute/states/parallel.js +1 -1
- package/lib/aws/compute/states/pass.js +2 -2
- package/lib/aws/compute/states/state.js +1 -1
- package/lib/aws/compute/states/succeed.js +1 -1
- package/lib/aws/compute/states/task-base.js +2 -2
- package/lib/aws/compute/states/task.js +1 -1
- package/lib/aws/compute/states/wait.js +2 -2
- package/lib/aws/compute/subnet-v2.js +2 -2
- package/lib/aws/compute/subnet.js +1 -1
- package/lib/aws/compute/task-credentials.js +1 -1
- package/lib/aws/compute/task-input.js +1 -1
- package/lib/aws/compute/tasks/aws-sdk/call-aws-service.js +1 -1
- package/lib/aws/compute/tasks/eventbridge/put-events.js +1 -1
- package/lib/aws/compute/tasks/http/invoke.js +1 -1
- package/lib/aws/compute/tasks/lambda/invoke.js +1 -1
- package/lib/aws/compute/tasks/sqs/send-message.js +1 -1
- package/lib/aws/compute/tasks/stepfunctions/invoke-activity.js +1 -1
- package/lib/aws/compute/tasks/stepfunctions/start-execution.js +1 -1
- package/lib/aws/compute/types.js +1 -1
- package/lib/aws/compute/user-data.js +3 -3
- package/lib/aws/compute/volume.js +2 -2
- package/lib/aws/compute/vpc-endpoint-service.js +1 -1
- package/lib/aws/compute/vpc-endpoint.js +6 -6
- package/lib/aws/compute/vpc-flow-logs.js +4 -4
- package/lib/aws/compute/vpc-v2-base.js +1 -1
- package/lib/aws/compute/vpc-v2.js +2 -2
- package/lib/aws/compute/vpc.js +4 -4
- package/lib/aws/compute/vpn.js +3 -3
- package/lib/aws/edge/certificate.js +1 -1
- package/lib/aws/edge/distribution.js +3 -3
- package/lib/aws/edge/dns-alias-record-targets.js +3 -3
- package/lib/aws/edge/dns-record.js +13 -13
- package/lib/aws/edge/dns-zone.js +1 -1
- package/lib/aws/edge/function.js +2 -2
- package/lib/aws/edge/key-value-store.js +4 -4
- package/lib/aws/edge/origin.js +3 -3
- package/lib/aws/edge/response-headers-policy.js +1 -1
- package/lib/aws/encryption/alias.js +1 -1
- package/lib/aws/encryption/key.js +1 -1
- package/lib/aws/encryption/via-service-principal.js +1 -1
- package/lib/aws/iam/grant.js +2 -2
- package/lib/aws/iam/group.js +1 -1
- package/lib/aws/iam/instance-profile.js +1 -1
- package/lib/aws/iam/managed-policy.js +1 -1
- package/lib/aws/iam/oidc-provider.js +1 -1
- package/lib/aws/iam/policy-document.js +1 -1
- package/lib/aws/iam/policy-statement.js +1 -1
- package/lib/aws/iam/policy.js +1 -1
- package/lib/aws/iam/principals.js +20 -20
- package/lib/aws/iam/role.js +1 -1
- package/lib/aws/iam/saml-provider.js +2 -2
- package/lib/aws/iam/unknown-principal.js +1 -1
- package/lib/aws/iam/user.js +1 -1
- package/lib/aws/network/simple-ipv4-vpc.js +1 -1
- package/lib/aws/network/subnet-group.js +3 -3
- package/lib/aws/network/subnet.js +4 -4
- package/lib/aws/notify/archive.js +1 -1
- package/lib/aws/notify/connection.js +3 -3
- package/lib/aws/notify/delivery-policy.d.ts +114 -0
- package/lib/aws/notify/delivery-policy.js +27 -0
- package/lib/aws/notify/event-bus.js +3 -3
- package/lib/aws/notify/event-pattern.js +1 -1
- package/lib/aws/notify/index.d.ts +11 -0
- package/lib/aws/notify/index.js +14 -1
- package/lib/aws/notify/input.js +2 -2
- package/lib/aws/notify/kinesis-stream.js +1 -1
- package/lib/aws/notify/notification-rule-source.d.ts +20 -0
- package/lib/aws/notify/notification-rule-source.js +4 -0
- package/lib/aws/notify/notification-rule-target.d.ts +24 -0
- package/lib/aws/notify/notification-rule-target.js +4 -0
- package/lib/aws/notify/notification-rule.d.ts +123 -0
- package/lib/aws/notify/notification-rule.js +129 -0
- package/lib/aws/notify/policy.d.ts +56 -0
- package/lib/aws/notify/policy.js +83 -0
- package/lib/aws/notify/queue-policy.js +1 -1
- package/lib/aws/notify/queue.js +1 -1
- package/lib/aws/notify/resource-policy.js +1 -1
- package/lib/aws/notify/rule.js +1 -1
- package/lib/aws/notify/schedule.js +1 -1
- package/lib/aws/notify/sns-augmentations.generated.d.ts +125 -0
- package/lib/aws/notify/sns-augmentations.generated.js +71 -0
- package/lib/aws/notify/sns-canned-metrics.generated.d.ts +33 -0
- package/lib/aws/notify/sns-canned-metrics.generated.js +47 -0
- package/lib/aws/notify/subscriber.d.ts +44 -0
- package/lib/aws/notify/subscriber.js +4 -0
- package/lib/aws/notify/subscription-filter.d.ts +129 -0
- package/lib/aws/notify/subscription-filter.js +105 -0
- package/lib/aws/notify/subscription.d.ts +219 -0
- package/lib/aws/notify/subscription.js +357 -0
- package/lib/aws/notify/targets/event-bus.js +1 -1
- package/lib/aws/notify/targets/function.js +1 -1
- package/lib/aws/notify/targets/log-group.js +2 -2
- package/lib/aws/notify/targets/sqs.js +1 -1
- package/lib/aws/notify/targets/state-machine.js +1 -1
- package/lib/aws/notify/topic-base.d.ts +155 -0
- package/lib/aws/notify/topic-base.js +175 -0
- package/lib/aws/notify/topic.d.ts +222 -0
- package/lib/aws/notify/topic.js +219 -0
- package/lib/aws/storage/bucket-notifications.js +1 -1
- package/lib/aws/storage/bucket-policy.js +1 -1
- package/lib/aws/storage/bucket-source.js +1 -1
- package/lib/aws/storage/bucket.js +2 -2
- package/lib/aws/storage/notification-targets/function.js +1 -1
- package/lib/aws/storage/notification-targets/queue.js +1 -1
- package/lib/aws/storage/origin-access-identity.js +1 -1
- package/lib/aws/storage/parameter.js +2 -2
- package/lib/construct-base.js +2 -2
- package/lib/duration.js +1 -1
- package/lib/expiration.js +1 -1
- package/lib/size.js +1 -1
- package/lib/stack-base.js +1 -1
- package/lib/terra-func.js +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
import * as constructs from "constructs";
|
|
2
|
+
import { Construct } from "constructs";
|
|
3
|
+
import { INotificationRuleTarget, NotificationRuleTargetConfig } from "./notification-rule-target";
|
|
4
|
+
import { ITopicSubscription } from "./subscriber";
|
|
5
|
+
import { Subscription } from "./subscription";
|
|
6
|
+
import { IAwsConstruct, AwsConstructBase, AwsConstructProps } from "../aws-construct";
|
|
7
|
+
import { IKey } from "../encryption";
|
|
8
|
+
import * as iam from "../iam";
|
|
9
|
+
/**
|
|
10
|
+
* Outputs for the Subscription construct.
|
|
11
|
+
*/
|
|
12
|
+
export interface TopicOutputs {
|
|
13
|
+
/**
|
|
14
|
+
* The ARN of the topic
|
|
15
|
+
*
|
|
16
|
+
* @attribute
|
|
17
|
+
*/
|
|
18
|
+
readonly topicArn: string;
|
|
19
|
+
/**
|
|
20
|
+
* The name of the topic
|
|
21
|
+
*
|
|
22
|
+
* @attribute
|
|
23
|
+
*/
|
|
24
|
+
readonly topicName: string;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Represents an SNS topic
|
|
28
|
+
*/
|
|
29
|
+
export interface ITopic extends IAwsConstruct, INotificationRuleTarget {
|
|
30
|
+
/**
|
|
31
|
+
* strongly typed outputs for the topic
|
|
32
|
+
*/
|
|
33
|
+
readonly topicOutputs: TopicOutputs;
|
|
34
|
+
/**
|
|
35
|
+
* The ARN of the topic
|
|
36
|
+
*
|
|
37
|
+
* @attribute
|
|
38
|
+
*/
|
|
39
|
+
readonly topicArn: string;
|
|
40
|
+
/**
|
|
41
|
+
* The name of the topic
|
|
42
|
+
*
|
|
43
|
+
* @attribute
|
|
44
|
+
*/
|
|
45
|
+
readonly topicName: string;
|
|
46
|
+
/**
|
|
47
|
+
* A KMS Key, either managed by this CDK app, or imported.
|
|
48
|
+
*
|
|
49
|
+
* This property applies only to server-side encryption.
|
|
50
|
+
*
|
|
51
|
+
* @see https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html
|
|
52
|
+
*
|
|
53
|
+
* @default None
|
|
54
|
+
*/
|
|
55
|
+
readonly masterKey?: IKey;
|
|
56
|
+
/**
|
|
57
|
+
* Enables content-based deduplication for FIFO topics.
|
|
58
|
+
*
|
|
59
|
+
* @attribute
|
|
60
|
+
*/
|
|
61
|
+
readonly contentBasedDeduplication: boolean;
|
|
62
|
+
/**
|
|
63
|
+
* Whether this topic is an Amazon SNS FIFO queue. If false, this is a standard topic.
|
|
64
|
+
*
|
|
65
|
+
* @attribute
|
|
66
|
+
*/
|
|
67
|
+
readonly fifo: boolean;
|
|
68
|
+
/**
|
|
69
|
+
* Subscribe some endpoint to this topic
|
|
70
|
+
*/
|
|
71
|
+
addSubscription(subscription: ITopicSubscription): Subscription;
|
|
72
|
+
/**
|
|
73
|
+
* Adds a statement to the IAM resource policy associated with this topic.
|
|
74
|
+
*
|
|
75
|
+
* If this topic was created in this stack (`new Topic`), a topic policy
|
|
76
|
+
* will be automatically created upon the first call to `addToResourcePolicy`. If
|
|
77
|
+
* the topic is imported (`Topic.import`), then this is a no-op.
|
|
78
|
+
*/
|
|
79
|
+
addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult;
|
|
80
|
+
/**
|
|
81
|
+
* Grant topic publishing permissions to the given identity
|
|
82
|
+
*/
|
|
83
|
+
grantPublish(identity: iam.IGrantable): iam.Grant;
|
|
84
|
+
/**
|
|
85
|
+
* Grant topic subscribing permissions to the given identity
|
|
86
|
+
*/
|
|
87
|
+
grantSubscribe(identity: iam.IGrantable): iam.Grant;
|
|
88
|
+
}
|
|
89
|
+
/**
|
|
90
|
+
* Either a new or imported Topic
|
|
91
|
+
*/
|
|
92
|
+
export declare abstract class TopicBase extends AwsConstructBase implements ITopic {
|
|
93
|
+
get topicOutputs(): TopicOutputs;
|
|
94
|
+
get outputs(): Record<string, any>;
|
|
95
|
+
abstract readonly topicArn: string;
|
|
96
|
+
abstract readonly topicName: string;
|
|
97
|
+
abstract readonly masterKey?: IKey;
|
|
98
|
+
abstract readonly fifo: boolean;
|
|
99
|
+
abstract readonly contentBasedDeduplication: boolean;
|
|
100
|
+
/**
|
|
101
|
+
* Controls automatic creation of policy objects.
|
|
102
|
+
*
|
|
103
|
+
* Set by subclasses.
|
|
104
|
+
*/
|
|
105
|
+
protected abstract readonly autoCreatePolicy: boolean;
|
|
106
|
+
/**
|
|
107
|
+
* Adds a statement to enforce encryption of data in transit when publishing to the topic.
|
|
108
|
+
*/
|
|
109
|
+
protected enforceSSL?: boolean;
|
|
110
|
+
private policy?;
|
|
111
|
+
constructor(scope: Construct, id: string, props?: AwsConstructProps);
|
|
112
|
+
/**
|
|
113
|
+
* Subscribe some endpoint to this topic
|
|
114
|
+
*/
|
|
115
|
+
addSubscription(topicSubscription: ITopicSubscription): Subscription;
|
|
116
|
+
/**
|
|
117
|
+
* Adds a statement to the IAM resource policy associated with this topic.
|
|
118
|
+
*
|
|
119
|
+
* If this topic was created in this stack (`new Topic`), a topic policy
|
|
120
|
+
* will be automatically created upon the first call to `addToResourcePolicy`.
|
|
121
|
+
* However, if `enforceSSL` is set to `true`, the policy has already been created
|
|
122
|
+
* before the first call to this method.
|
|
123
|
+
*
|
|
124
|
+
* If the topic is imported (`Topic.import`), then this is a no-op.
|
|
125
|
+
*/
|
|
126
|
+
addToResourcePolicy(statement: iam.PolicyStatement): iam.AddToResourcePolicyResult;
|
|
127
|
+
/**
|
|
128
|
+
* Adds a SSL policy to the topic resource policy.
|
|
129
|
+
*/
|
|
130
|
+
protected addSSLPolicy(): void;
|
|
131
|
+
/**
|
|
132
|
+
* Creates a topic policy for this topic.
|
|
133
|
+
*/
|
|
134
|
+
protected createTopicPolicy(): void;
|
|
135
|
+
/**
|
|
136
|
+
* Adds a statement to enforce encryption of data in transit when publishing to the topic.
|
|
137
|
+
*
|
|
138
|
+
* For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit.
|
|
139
|
+
*/
|
|
140
|
+
protected createSSLPolicyDocument(): iam.PolicyStatement;
|
|
141
|
+
/**
|
|
142
|
+
* Grant topic publishing permissions to the given identity
|
|
143
|
+
*/
|
|
144
|
+
grantPublish(grantee: iam.IGrantable): iam.Grant;
|
|
145
|
+
/**
|
|
146
|
+
* Grant topic subscribing permissions to the given identity
|
|
147
|
+
*/
|
|
148
|
+
grantSubscribe(grantee: iam.IGrantable): iam.Grant;
|
|
149
|
+
/**
|
|
150
|
+
* Represents a notification target
|
|
151
|
+
* That allows SNS topic to associate with this rule target.
|
|
152
|
+
*/
|
|
153
|
+
bindAsNotificationRuleTarget(_scope: constructs.Construct): NotificationRuleTargetConfig;
|
|
154
|
+
private nextTokenId;
|
|
155
|
+
}
|
|
@@ -0,0 +1,175 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var _a;
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
exports.TopicBase = void 0;
|
|
5
|
+
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
|
|
6
|
+
// https://github.com/aws/aws-cdk/blob/f1c092634a391b0b7aed0f75626dd6d0ffd56564/packages/aws-cdk-lib/aws-sns/lib/topic-base.ts
|
|
7
|
+
const cdktf_1 = require("cdktf");
|
|
8
|
+
const policy_1 = require("./policy");
|
|
9
|
+
const subscription_1 = require("./subscription");
|
|
10
|
+
const aws_construct_1 = require("../aws-construct");
|
|
11
|
+
const iam = require("../iam");
|
|
12
|
+
/**
|
|
13
|
+
* Either a new or imported Topic
|
|
14
|
+
*/
|
|
15
|
+
class TopicBase extends aws_construct_1.AwsConstructBase {
|
|
16
|
+
get topicOutputs() {
|
|
17
|
+
return {
|
|
18
|
+
topicArn: this.topicArn,
|
|
19
|
+
topicName: this.topicName,
|
|
20
|
+
};
|
|
21
|
+
}
|
|
22
|
+
get outputs() {
|
|
23
|
+
return this.topicOutputs;
|
|
24
|
+
}
|
|
25
|
+
constructor(scope, id, props = {}) {
|
|
26
|
+
super(scope, id, props);
|
|
27
|
+
this.node.addValidation({
|
|
28
|
+
validate: () => this.policy?.document.validateForResourcePolicy() ?? [],
|
|
29
|
+
});
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Subscribe some endpoint to this topic
|
|
33
|
+
*/
|
|
34
|
+
addSubscription(topicSubscription) {
|
|
35
|
+
const subscriptionConfig = topicSubscription.bind(this);
|
|
36
|
+
const scope = subscriptionConfig.subscriberScope || this;
|
|
37
|
+
let id = subscriptionConfig.subscriberId;
|
|
38
|
+
if (cdktf_1.Token.isUnresolved(subscriptionConfig.subscriberId)) {
|
|
39
|
+
id = this.nextTokenId(scope);
|
|
40
|
+
}
|
|
41
|
+
// We use the subscriber's id as the construct id. There's no meaning
|
|
42
|
+
// to subscribing the same subscriber twice on the same topic.
|
|
43
|
+
if (scope.node.tryFindChild(id)) {
|
|
44
|
+
// TODO: Adopt ValidationError
|
|
45
|
+
throw new Error(`A subscription with id "${id}" already exists under the scope ${scope.node.path}`);
|
|
46
|
+
}
|
|
47
|
+
const subscription = new subscription_1.Subscription(scope, id, {
|
|
48
|
+
topic: this,
|
|
49
|
+
...subscriptionConfig,
|
|
50
|
+
});
|
|
51
|
+
// Add dependency for the subscription, for example for SQS subscription
|
|
52
|
+
// the queue policy has to deploy before the subscription is created
|
|
53
|
+
if (subscriptionConfig.subscriptionDependency) {
|
|
54
|
+
subscription.node.addDependency(subscriptionConfig.subscriptionDependency);
|
|
55
|
+
}
|
|
56
|
+
return subscription;
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Adds a statement to the IAM resource policy associated with this topic.
|
|
60
|
+
*
|
|
61
|
+
* If this topic was created in this stack (`new Topic`), a topic policy
|
|
62
|
+
* will be automatically created upon the first call to `addToResourcePolicy`.
|
|
63
|
+
* However, if `enforceSSL` is set to `true`, the policy has already been created
|
|
64
|
+
* before the first call to this method.
|
|
65
|
+
*
|
|
66
|
+
* If the topic is imported (`Topic.import`), then this is a no-op.
|
|
67
|
+
*/
|
|
68
|
+
addToResourcePolicy(statement) {
|
|
69
|
+
this.createTopicPolicy();
|
|
70
|
+
if (this.policy) {
|
|
71
|
+
this.policy.document.addStatements(statement);
|
|
72
|
+
return { statementAdded: true, policyDependable: this.policy };
|
|
73
|
+
}
|
|
74
|
+
return { statementAdded: false };
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Adds a SSL policy to the topic resource policy.
|
|
78
|
+
*/
|
|
79
|
+
addSSLPolicy() {
|
|
80
|
+
this.createTopicPolicy();
|
|
81
|
+
if (this.policy) {
|
|
82
|
+
this.policy.document.addStatements(this.createSSLPolicyDocument());
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
/**
|
|
86
|
+
* Creates a topic policy for this topic.
|
|
87
|
+
*/
|
|
88
|
+
createTopicPolicy() {
|
|
89
|
+
if (!this.policy && this.autoCreatePolicy) {
|
|
90
|
+
this.policy = new policy_1.TopicPolicy(this, "Policy", { topics: [this] });
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Adds a statement to enforce encryption of data in transit when publishing to the topic.
|
|
95
|
+
*
|
|
96
|
+
* For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit.
|
|
97
|
+
*/
|
|
98
|
+
createSSLPolicyDocument() {
|
|
99
|
+
return new iam.PolicyStatement({
|
|
100
|
+
sid: "AllowPublishThroughSSLOnly",
|
|
101
|
+
actions: ["sns:Publish"],
|
|
102
|
+
effect: iam.Effect.DENY,
|
|
103
|
+
resources: [this.topicArn],
|
|
104
|
+
condition: [
|
|
105
|
+
{
|
|
106
|
+
test: "Bool",
|
|
107
|
+
values: ["false"],
|
|
108
|
+
variable: "aws:SecureTransport",
|
|
109
|
+
},
|
|
110
|
+
],
|
|
111
|
+
principals: [new iam.StarPrincipal()],
|
|
112
|
+
});
|
|
113
|
+
}
|
|
114
|
+
/**
|
|
115
|
+
* Grant topic publishing permissions to the given identity
|
|
116
|
+
*/
|
|
117
|
+
grantPublish(grantee) {
|
|
118
|
+
const ret = iam.Grant.addToPrincipalOrResource({
|
|
119
|
+
grantee,
|
|
120
|
+
actions: ["sns:Publish"],
|
|
121
|
+
resourceArns: [this.topicArn],
|
|
122
|
+
resource: this,
|
|
123
|
+
});
|
|
124
|
+
if (this.masterKey) {
|
|
125
|
+
this.masterKey.grant(grantee, "kms:Decrypt", "kms:GenerateDataKey*");
|
|
126
|
+
}
|
|
127
|
+
return ret;
|
|
128
|
+
}
|
|
129
|
+
/**
|
|
130
|
+
* Grant topic subscribing permissions to the given identity
|
|
131
|
+
*/
|
|
132
|
+
grantSubscribe(grantee) {
|
|
133
|
+
return iam.Grant.addToPrincipalOrResource({
|
|
134
|
+
grantee,
|
|
135
|
+
actions: ["sns:Subscribe"],
|
|
136
|
+
resourceArns: [this.topicArn],
|
|
137
|
+
resource: this,
|
|
138
|
+
});
|
|
139
|
+
}
|
|
140
|
+
/**
|
|
141
|
+
* Represents a notification target
|
|
142
|
+
* That allows SNS topic to associate with this rule target.
|
|
143
|
+
*/
|
|
144
|
+
bindAsNotificationRuleTarget(_scope) {
|
|
145
|
+
// SNS topic need to grant codestar-notifications service to publish
|
|
146
|
+
// @see https://docs.aws.amazon.com/dtconsole/latest/userguide/set-up-sns.html
|
|
147
|
+
this.grantPublish(new iam.ServicePrincipal("codestar-notifications.amazonaws.com"));
|
|
148
|
+
return {
|
|
149
|
+
targetType: "SNS",
|
|
150
|
+
targetAddress: this.topicArn,
|
|
151
|
+
};
|
|
152
|
+
}
|
|
153
|
+
nextTokenId(scope) {
|
|
154
|
+
let nextSuffix = 1;
|
|
155
|
+
const re = /TokenSubscription:([\d]*)/gm;
|
|
156
|
+
// Search through the construct and all of its children
|
|
157
|
+
// for previous subscriptions that match our regex pattern
|
|
158
|
+
for (const source of scope.node.findAll()) {
|
|
159
|
+
const m = re.exec(source.node.id); // Use regex to find a match
|
|
160
|
+
if (m !== null) {
|
|
161
|
+
// if we found a match
|
|
162
|
+
const matchSuffix = parseInt(m[1], 10); // get the suffix for that match (as integer)
|
|
163
|
+
if (matchSuffix >= nextSuffix) {
|
|
164
|
+
// check if the match suffix is larger or equal to currently proposed suffix
|
|
165
|
+
nextSuffix = matchSuffix + 1; // increment the suffix
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
return `TokenSubscription:${nextSuffix}`;
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
exports.TopicBase = TopicBase;
|
|
173
|
+
_a = JSII_RTTI_SYMBOL_1;
|
|
174
|
+
TopicBase[_a] = { fqn: "terraconstructs.aws.notify.TopicBase", version: "0.0.19" };
|
|
175
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidG9waWMtYmFzZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9hd3Mvbm90aWZ5L3RvcGljLWJhc2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw4SEFBOEg7QUFFOUgsaUNBQThCO0FBTzlCLHFDQUF1QztBQUV2QyxpREFBOEM7QUFDOUMsb0RBSTBCO0FBRTFCLDhCQUE4QjtBQW1HOUI7O0dBRUc7QUFDSCxNQUFzQixTQUFVLFNBQVEsZ0NBQWdCO0lBQ3RELElBQVcsWUFBWTtRQUNyQixPQUFPO1lBQ0wsUUFBUSxFQUFFLElBQUksQ0FBQyxRQUFRO1lBQ3ZCLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztTQUMxQixDQUFDO0lBQ0osQ0FBQztJQUNELElBQVcsT0FBTztRQUNoQixPQUFPLElBQUksQ0FBQyxZQUFZLENBQUM7SUFDM0IsQ0FBQztJQXlCRCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLFFBQTJCLEVBQUU7UUFDckUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFFeEIsSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUM7WUFDdEIsUUFBUSxFQUFFLEdBQUcsRUFBRSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLHlCQUF5QixFQUFFLElBQUksRUFBRTtTQUN4RSxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxlQUFlLENBQUMsaUJBQXFDO1FBQzFELE1BQU0sa0JBQWtCLEdBQUcsaUJBQWlCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBRXhELE1BQU0sS0FBSyxHQUFHLGtCQUFrQixDQUFDLGVBQWUsSUFBSSxJQUFJLENBQUM7UUFDekQsSUFBSSxFQUFFLEdBQUcsa0JBQWtCLENBQUMsWUFBWSxDQUFDO1FBQ3pDLElBQUksYUFBSyxDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDO1lBQ3hELEVBQUUsR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQy9CLENBQUM7UUFFRCxxRUFBcUU7UUFDckUsOERBQThEO1FBQzlELElBQUksS0FBSyxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztZQUNoQyw4QkFBOEI7WUFDOUIsTUFBTSxJQUFJLEtBQUssQ0FDYiwyQkFBMkIsRUFBRSxvQ0FBb0MsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FDbkYsQ0FBQztRQUNKLENBQUM7UUFFRCxNQUFNLFlBQVksR0FBRyxJQUFJLDJCQUFZLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRTtZQUMvQyxLQUFLLEVBQUUsSUFBSTtZQUNYLEdBQUcsa0JBQWtCO1NBQ3RCLENBQUMsQ0FBQztRQUVILHdFQUF3RTtRQUN4RSxvRUFBb0U7UUFDcEUsSUFBSSxrQkFBa0IsQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO1lBQzlDLFlBQVksQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUM3QixrQkFBa0IsQ0FBQyxzQkFBc0IsQ0FDMUMsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLFlBQVksQ0FBQztJQUN0QixDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0ksbUJBQW1CLENBQ3hCLFNBQThCO1FBRTlCLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1FBRXpCLElBQUksSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2hCLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUM5QyxPQUFPLEVBQUUsY0FBYyxFQUFFLElBQUksRUFBRSxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDakUsQ0FBQztRQUNELE9BQU8sRUFBRSxjQUFjLEVBQUUsS0FBSyxFQUFFLENBQUM7SUFDbkMsQ0FBQztJQUVEOztPQUVHO0lBQ08sWUFBWTtRQUNwQixJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztRQUV6QixJQUFJLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNoQixJQUFJLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLHVCQUF1QixFQUFFLENBQUMsQ0FBQztRQUNyRSxDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ08saUJBQWlCO1FBQ3pCLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxJQUFJLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQzFDLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxvQkFBVyxDQUFDLElBQUksRUFBRSxRQUFRLEVBQUUsRUFBRSxNQUFNLEVBQUUsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDcEUsQ0FBQztJQUNILENBQUM7SUFFRDs7OztPQUlHO0lBQ08sdUJBQXVCO1FBQy9CLE9BQU8sSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO1lBQzdCLEdBQUcsRUFBRSw0QkFBNEI7WUFDakMsT0FBTyxFQUFFLENBQUMsYUFBYSxDQUFDO1lBQ3hCLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUk7WUFDdkIsU0FBUyxFQUFFLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUMxQixTQUFTLEVBQUU7Z0JBQ1Q7b0JBQ0UsSUFBSSxFQUFFLE1BQU07b0JBQ1osTUFBTSxFQUFFLENBQUMsT0FBTyxDQUFDO29CQUNqQixRQUFRLEVBQUUscUJBQXFCO2lCQUNoQzthQUNGO1lBQ0QsVUFBVSxFQUFFLENBQUMsSUFBSSxHQUFHLENBQUMsYUFBYSxFQUFFLENBQUM7U0FDdEMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOztPQUVHO0lBQ0ksWUFBWSxDQUFDLE9BQXVCO1FBQ3pDLE1BQU0sR0FBRyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsd0JBQXdCLENBQUM7WUFDN0MsT0FBTztZQUNQLE9BQU8sRUFBRSxDQUFDLGFBQWEsQ0FBQztZQUN4QixZQUFZLEVBQUUsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDO1lBQzdCLFFBQVEsRUFBRSxJQUFJO1NBQ2YsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDbkIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsT0FBTyxFQUFFLGFBQWEsRUFBRSxzQkFBc0IsQ0FBQyxDQUFDO1FBQ3ZFLENBQUM7UUFDRCxPQUFPLEdBQUcsQ0FBQztJQUNiLENBQUM7SUFFRDs7T0FFRztJQUNJLGNBQWMsQ0FBQyxPQUF1QjtRQUMzQyxPQUFPLEdBQUcsQ0FBQyxLQUFLLENBQUMsd0JBQXdCLENBQUM7WUFDeEMsT0FBTztZQUNQLE9BQU8sRUFBRSxDQUFDLGVBQWUsQ0FBQztZQUMxQixZQUFZLEVBQUUsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDO1lBQzdCLFFBQVEsRUFBRSxJQUFJO1NBQ2YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOzs7T0FHRztJQUNJLDRCQUE0QixDQUNqQyxNQUE0QjtRQUU1QixvRUFBb0U7UUFDcEUsOEVBQThFO1FBQzlFLElBQUksQ0FBQyxZQUFZLENBQ2YsSUFBSSxHQUFHLENBQUMsZ0JBQWdCLENBQUMsc0NBQXNDLENBQUMsQ0FDakUsQ0FBQztRQUNGLE9BQU87WUFDTCxVQUFVLEVBQUUsS0FBSztZQUNqQixhQUFhLEVBQUUsSUFBSSxDQUFDLFFBQVE7U0FDN0IsQ0FBQztJQUNKLENBQUM7SUFFTyxXQUFXLENBQUMsS0FBZ0I7UUFDbEMsSUFBSSxVQUFVLEdBQUcsQ0FBQyxDQUFDO1FBQ25CLE1BQU0sRUFBRSxHQUFHLDZCQUE2QixDQUFDO1FBQ3pDLHVEQUF1RDtRQUN2RCwwREFBMEQ7UUFDMUQsS0FBSyxNQUFNLE1BQU0sSUFBSSxLQUFLLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7WUFDMUMsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsNEJBQTRCO1lBQy9ELElBQUksQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO2dCQUNmLHNCQUFzQjtnQkFDdEIsTUFBTSxXQUFXLEdBQUcsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLDZDQUE2QztnQkFDckYsSUFBSSxXQUFXLElBQUksVUFBVSxFQUFFLENBQUM7b0JBQzlCLDRFQUE0RTtvQkFDNUUsVUFBVSxHQUFHLFdBQVcsR0FBRyxDQUFDLENBQUMsQ0FBQyx1QkFBdUI7Z0JBQ3ZELENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUNELE9BQU8scUJBQXFCLFVBQVUsRUFBRSxDQUFDO0lBQzNDLENBQUM7O0FBOU1ILDhCQStNQyIsInNvdXJjZXNDb250ZW50IjpbIi8vIGh0dHBzOi8vZ2l0aHViLmNvbS9hd3MvYXdzLWNkay9ibG9iL2YxYzA5MjYzNGEzOTFiMGI3YWVkMGY3NTYyNmRkNmQwZmZkNTY1NjQvcGFja2FnZXMvYXdzLWNkay1saWIvYXdzLXNucy9saWIvdG9waWMtYmFzZS50c1xuXG5pbXBvcnQgeyBUb2tlbiB9IGZyb20gXCJjZGt0ZlwiO1xuaW1wb3J0ICogYXMgY29uc3RydWN0cyBmcm9tIFwiY29uc3RydWN0c1wiO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCB7XG4gIElOb3RpZmljYXRpb25SdWxlVGFyZ2V0LFxuICBOb3RpZmljYXRpb25SdWxlVGFyZ2V0Q29uZmlnLFxufSBmcm9tIFwiLi9ub3RpZmljYXRpb24tcnVsZS10YXJnZXRcIjtcbmltcG9ydCB7IFRvcGljUG9saWN5IH0gZnJvbSBcIi4vcG9saWN5XCI7XG5pbXBvcnQgeyBJVG9waWNTdWJzY3JpcHRpb24gfSBmcm9tIFwiLi9zdWJzY3JpYmVyXCI7XG5pbXBvcnQgeyBTdWJzY3JpcHRpb24gfSBmcm9tIFwiLi9zdWJzY3JpcHRpb25cIjtcbmltcG9ydCB7XG4gIElBd3NDb25zdHJ1Y3QsXG4gIEF3c0NvbnN0cnVjdEJhc2UsXG4gIEF3c0NvbnN0cnVjdFByb3BzLFxufSBmcm9tIFwiLi4vYXdzLWNvbnN0cnVjdFwiO1xuaW1wb3J0IHsgSUtleSB9IGZyb20gXCIuLi9lbmNyeXB0aW9uXCI7XG5pbXBvcnQgKiBhcyBpYW0gZnJvbSBcIi4uL2lhbVwiO1xuLy8gVE9ETzogQWRvcHQgVmFsaWRhdGlvbkVycm9yXG4vLyAtIGh0dHBzOi8vZ2l0aHViLmNvbS9hd3MvYXdzLWNkay9wdWxsLzMzMzgyL1xuLy8gLSBodHRwczovL2dpdGh1Yi5jb20vYXdzL2F3cy1jZGsvcHVsbC8zMzA0NVxuLy8gaW1wb3J0IHsgVmFsaWRhdGlvbkVycm9yIH0gZnJvbSBcIi4uLy4uL2NvcmUvbGliL2Vycm9yc1wiO1xuXG4vKipcbiAqIE91dHB1dHMgZm9yIHRoZSBTdWJzY3JpcHRpb24gY29uc3RydWN0LlxuICovXG5leHBvcnQgaW50ZXJmYWNlIFRvcGljT3V0cHV0cyB7XG4gIC8qKlxuICAgKiBUaGUgQVJOIG9mIHRoZSB0b3BpY1xuICAgKlxuICAgKiBAYXR0cmlidXRlXG4gICAqL1xuICByZWFkb25seSB0b3BpY0Fybjogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgbmFtZSBvZiB0aGUgdG9waWNcbiAgICpcbiAgICogQGF0dHJpYnV0ZVxuICAgKi9cbiAgcmVhZG9ubHkgdG9waWNOYW1lOiBzdHJpbmc7XG59XG5cbi8qKlxuICogUmVwcmVzZW50cyBhbiBTTlMgdG9waWNcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBJVG9waWMgZXh0ZW5kcyBJQXdzQ29uc3RydWN0LCBJTm90aWZpY2F0aW9uUnVsZVRhcmdldCB7XG4gIC8qKlxuICAgKiBzdHJvbmdseSB0eXBlZCBvdXRwdXRzIGZvciB0aGUgdG9waWNcbiAgICovXG4gIHJlYWRvbmx5IHRvcGljT3V0cHV0czogVG9waWNPdXRwdXRzO1xuICAvKipcbiAgICogVGhlIEFSTiBvZiB0aGUgdG9waWNcbiAgICpcbiAgICogQGF0dHJpYnV0ZVxuICAgKi9cbiAgcmVhZG9ubHkgdG9waWNBcm46IHN0cmluZztcblxuICAvKipcbiAgICogVGhlIG5hbWUgb2YgdGhlIHRvcGljXG4gICAqXG4gICAqIEBhdHRyaWJ1dGVcbiAgICovXG4gIHJlYWRvbmx5IHRvcGljTmFtZTogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBBIEtNUyBLZXksIGVpdGhlciBtYW5hZ2VkIGJ5IHRoaXMgQ0RLIGFwcCwgb3IgaW1wb3J0ZWQuXG4gICAqXG4gICAqIFRoaXMgcHJvcGVydHkgYXBwbGllcyBvbmx5IHRvIHNlcnZlci1zaWRlIGVuY3J5cHRpb24uXG4gICAqXG4gICAqIEBzZWUgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL3Nucy9sYXRlc3QvZGcvc25zLXNlcnZlci1zaWRlLWVuY3J5cHRpb24uaHRtbFxuICAgKlxuICAgKiBAZGVmYXVsdCBOb25lXG4gICAqL1xuICByZWFkb25seSBtYXN0ZXJLZXk/OiBJS2V5O1xuXG4gIC8qKlxuICAgKiBFbmFibGVzIGNvbnRlbnQtYmFzZWQgZGVkdXBsaWNhdGlvbiBmb3IgRklGTyB0b3BpY3MuXG4gICAqXG4gICAqIEBhdHRyaWJ1dGVcbiAgICovXG4gIHJlYWRvbmx5IGNvbnRlbnRCYXNlZERlZHVwbGljYXRpb246IGJvb2xlYW47XG5cbiAgLyoqXG4gICAqIFdoZXRoZXIgdGhpcyB0b3BpYyBpcyBhbiBBbWF6b24gU05TIEZJRk8gcXVldWUuIElmIGZhbHNlLCB0aGlzIGlzIGEgc3RhbmRhcmQgdG9waWMuXG4gICAqXG4gICAqIEBhdHRyaWJ1dGVcbiAgICovXG4gIHJlYWRvbmx5IGZpZm86IGJvb2xlYW47XG5cbiAgLyoqXG4gICAqIFN1YnNjcmliZSBzb21lIGVuZHBvaW50IHRvIHRoaXMgdG9waWNcbiAgICovXG4gIGFkZFN1YnNjcmlwdGlvbihzdWJzY3JpcHRpb246IElUb3BpY1N1YnNjcmlwdGlvbik6IFN1YnNjcmlwdGlvbjtcblxuICAvKipcbiAgICogQWRkcyBhIHN0YXRlbWVudCB0byB0aGUgSUFNIHJlc291cmNlIHBvbGljeSBhc3NvY2lhdGVkIHdpdGggdGhpcyB0b3BpYy5cbiAgICpcbiAgICogSWYgdGhpcyB0b3BpYyB3YXMgY3JlYXRlZCBpbiB0aGlzIHN0YWNrIChgbmV3IFRvcGljYCksIGEgdG9waWMgcG9saWN5XG4gICAqIHdpbGwgYmUgYXV0b21hdGljYWxseSBjcmVhdGVkIHVwb24gdGhlIGZpcnN0IGNhbGwgdG8gYGFkZFRvUmVzb3VyY2VQb2xpY3lgLiBJZlxuICAgKiB0aGUgdG9waWMgaXMgaW1wb3J0ZWQgKGBUb3BpYy5pbXBvcnRgKSwgdGhlbiB0aGlzIGlzIGEgbm8tb3AuXG4gICAqL1xuICBhZGRUb1Jlc291cmNlUG9saWN5KFxuICAgIHN0YXRlbWVudDogaWFtLlBvbGljeVN0YXRlbWVudCxcbiAgKTogaWFtLkFkZFRvUmVzb3VyY2VQb2xpY3lSZXN1bHQ7XG5cbiAgLyoqXG4gICAqIEdyYW50IHRvcGljIHB1Ymxpc2hpbmcgcGVybWlzc2lvbnMgdG8gdGhlIGdpdmVuIGlkZW50aXR5XG4gICAqL1xuICBncmFudFB1Ymxpc2goaWRlbnRpdHk6IGlhbS5JR3JhbnRhYmxlKTogaWFtLkdyYW50O1xuXG4gIC8qKlxuICAgKiBHcmFudCB0b3BpYyBzdWJzY3JpYmluZyBwZXJtaXNzaW9ucyB0byB0aGUgZ2l2ZW4gaWRlbnRpdHlcbiAgICovXG4gIGdyYW50U3Vic2NyaWJlKGlkZW50aXR5OiBpYW0uSUdyYW50YWJsZSk6IGlhbS5HcmFudDtcbn1cblxuLyoqXG4gKiBFaXRoZXIgYSBuZXcgb3IgaW1wb3J0ZWQgVG9waWNcbiAqL1xuZXhwb3J0IGFic3RyYWN0IGNsYXNzIFRvcGljQmFzZSBleHRlbmRzIEF3c0NvbnN0cnVjdEJhc2UgaW1wbGVtZW50cyBJVG9waWMge1xuICBwdWJsaWMgZ2V0IHRvcGljT3V0cHV0cygpOiBUb3BpY091dHB1dHMge1xuICAgIHJldHVybiB7XG4gICAgICB0b3BpY0FybjogdGhpcy50b3BpY0FybixcbiAgICAgIHRvcGljTmFtZTogdGhpcy50b3BpY05hbWUsXG4gICAgfTtcbiAgfVxuICBwdWJsaWMgZ2V0IG91dHB1dHMoKTogUmVjb3JkPHN0cmluZywgYW55PiB7XG4gICAgcmV0dXJuIHRoaXMudG9waWNPdXRwdXRzO1xuICB9XG4gIHB1YmxpYyBhYnN0cmFjdCByZWFkb25seSB0b3BpY0Fybjogc3RyaW5nO1xuXG4gIHB1YmxpYyBhYnN0cmFjdCByZWFkb25seSB0b3BpY05hbWU6IHN0cmluZztcblxuICBwdWJsaWMgYWJzdHJhY3QgcmVhZG9ubHkgbWFzdGVyS2V5PzogSUtleTtcblxuICBwdWJsaWMgYWJzdHJhY3QgcmVhZG9ubHkgZmlmbzogYm9vbGVhbjtcblxuICBwdWJsaWMgYWJzdHJhY3QgcmVhZG9ubHkgY29udGVudEJhc2VkRGVkdXBsaWNhdGlvbjogYm9vbGVhbjtcblxuICAvKipcbiAgICogQ29udHJvbHMgYXV0b21hdGljIGNyZWF0aW9uIG9mIHBvbGljeSBvYmplY3RzLlxuICAgKlxuICAgKiBTZXQgYnkgc3ViY2xhc3Nlcy5cbiAgICovXG4gIHByb3RlY3RlZCBhYnN0cmFjdCByZWFkb25seSBhdXRvQ3JlYXRlUG9saWN5OiBib29sZWFuO1xuXG4gIC8qKlxuICAgKiBBZGRzIGEgc3RhdGVtZW50IHRvIGVuZm9yY2UgZW5jcnlwdGlvbiBvZiBkYXRhIGluIHRyYW5zaXQgd2hlbiBwdWJsaXNoaW5nIHRvIHRoZSB0b3BpYy5cbiAgICovXG4gIHByb3RlY3RlZCBlbmZvcmNlU1NMPzogYm9vbGVhbjtcblxuICBwcml2YXRlIHBvbGljeT86IFRvcGljUG9saWN5O1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBBd3NDb25zdHJ1Y3RQcm9wcyA9IHt9KSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkLCBwcm9wcyk7XG5cbiAgICB0aGlzLm5vZGUuYWRkVmFsaWRhdGlvbih7XG4gICAgICB2YWxpZGF0ZTogKCkgPT4gdGhpcy5wb2xpY3k/LmRvY3VtZW50LnZhbGlkYXRlRm9yUmVzb3VyY2VQb2xpY3koKSA/PyBbXSxcbiAgICB9KTtcbiAgfVxuXG4gIC8qKlxuICAgKiBTdWJzY3JpYmUgc29tZSBlbmRwb2ludCB0byB0aGlzIHRvcGljXG4gICAqL1xuICBwdWJsaWMgYWRkU3Vic2NyaXB0aW9uKHRvcGljU3Vic2NyaXB0aW9uOiBJVG9waWNTdWJzY3JpcHRpb24pOiBTdWJzY3JpcHRpb24ge1xuICAgIGNvbnN0IHN1YnNjcmlwdGlvbkNvbmZpZyA9IHRvcGljU3Vic2NyaXB0aW9uLmJpbmQodGhpcyk7XG5cbiAgICBjb25zdCBzY29wZSA9IHN1YnNjcmlwdGlvbkNvbmZpZy5zdWJzY3JpYmVyU2NvcGUgfHwgdGhpcztcbiAgICBsZXQgaWQgPSBzdWJzY3JpcHRpb25Db25maWcuc3Vic2NyaWJlcklkO1xuICAgIGlmIChUb2tlbi5pc1VucmVzb2x2ZWQoc3Vic2NyaXB0aW9uQ29uZmlnLnN1YnNjcmliZXJJZCkpIHtcbiAgICAgIGlkID0gdGhpcy5uZXh0VG9rZW5JZChzY29wZSk7XG4gICAgfVxuXG4gICAgLy8gV2UgdXNlIHRoZSBzdWJzY3JpYmVyJ3MgaWQgYXMgdGhlIGNvbnN0cnVjdCBpZC4gVGhlcmUncyBubyBtZWFuaW5nXG4gICAgLy8gdG8gc3Vic2NyaWJpbmcgdGhlIHNhbWUgc3Vic2NyaWJlciB0d2ljZSBvbiB0aGUgc2FtZSB0b3BpYy5cbiAgICBpZiAoc2NvcGUubm9kZS50cnlGaW5kQ2hpbGQoaWQpKSB7XG4gICAgICAvLyBUT0RPOiBBZG9wdCBWYWxpZGF0aW9uRXJyb3JcbiAgICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgICAgYEEgc3Vic2NyaXB0aW9uIHdpdGggaWQgXCIke2lkfVwiIGFscmVhZHkgZXhpc3RzIHVuZGVyIHRoZSBzY29wZSAke3Njb3BlLm5vZGUucGF0aH1gLFxuICAgICAgKTtcbiAgICB9XG5cbiAgICBjb25zdCBzdWJzY3JpcHRpb24gPSBuZXcgU3Vic2NyaXB0aW9uKHNjb3BlLCBpZCwge1xuICAgICAgdG9waWM6IHRoaXMsXG4gICAgICAuLi5zdWJzY3JpcHRpb25Db25maWcsXG4gICAgfSk7XG5cbiAgICAvLyBBZGQgZGVwZW5kZW5jeSBmb3IgdGhlIHN1YnNjcmlwdGlvbiwgZm9yIGV4YW1wbGUgZm9yIFNRUyBzdWJzY3JpcHRpb25cbiAgICAvLyB0aGUgcXVldWUgcG9saWN5IGhhcyB0byBkZXBsb3kgYmVmb3JlIHRoZSBzdWJzY3JpcHRpb24gaXMgY3JlYXRlZFxuICAgIGlmIChzdWJzY3JpcHRpb25Db25maWcuc3Vic2NyaXB0aW9uRGVwZW5kZW5jeSkge1xuICAgICAgc3Vic2NyaXB0aW9uLm5vZGUuYWRkRGVwZW5kZW5jeShcbiAgICAgICAgc3Vic2NyaXB0aW9uQ29uZmlnLnN1YnNjcmlwdGlvbkRlcGVuZGVuY3ksXG4gICAgICApO1xuICAgIH1cblxuICAgIHJldHVybiBzdWJzY3JpcHRpb247XG4gIH1cblxuICAvKipcbiAgICogQWRkcyBhIHN0YXRlbWVudCB0byB0aGUgSUFNIHJlc291cmNlIHBvbGljeSBhc3NvY2lhdGVkIHdpdGggdGhpcyB0b3BpYy5cbiAgICpcbiAgICogSWYgdGhpcyB0b3BpYyB3YXMgY3JlYXRlZCBpbiB0aGlzIHN0YWNrIChgbmV3IFRvcGljYCksIGEgdG9waWMgcG9saWN5XG4gICAqIHdpbGwgYmUgYXV0b21hdGljYWxseSBjcmVhdGVkIHVwb24gdGhlIGZpcnN0IGNhbGwgdG8gYGFkZFRvUmVzb3VyY2VQb2xpY3lgLlxuICAgKiBIb3dldmVyLCBpZiBgZW5mb3JjZVNTTGAgaXMgc2V0IHRvIGB0cnVlYCwgdGhlIHBvbGljeSBoYXMgYWxyZWFkeSBiZWVuIGNyZWF0ZWRcbiAgICogYmVmb3JlIHRoZSBmaXJzdCBjYWxsIHRvIHRoaXMgbWV0aG9kLlxuICAgKlxuICAgKiBJZiB0aGUgdG9waWMgaXMgaW1wb3J0ZWQgKGBUb3BpYy5pbXBvcnRgKSwgdGhlbiB0aGlzIGlzIGEgbm8tb3AuXG4gICAqL1xuICBwdWJsaWMgYWRkVG9SZXNvdXJjZVBvbGljeShcbiAgICBzdGF0ZW1lbnQ6IGlhbS5Qb2xpY3lTdGF0ZW1lbnQsXG4gICk6IGlhbS5BZGRUb1Jlc291cmNlUG9saWN5UmVzdWx0IHtcbiAgICB0aGlzLmNyZWF0ZVRvcGljUG9saWN5KCk7XG5cbiAgICBpZiAodGhpcy5wb2xpY3kpIHtcbiAgICAgIHRoaXMucG9saWN5LmRvY3VtZW50LmFkZFN0YXRlbWVudHMoc3RhdGVtZW50KTtcbiAgICAgIHJldHVybiB7IHN0YXRlbWVudEFkZGVkOiB0cnVlLCBwb2xpY3lEZXBlbmRhYmxlOiB0aGlzLnBvbGljeSB9O1xuICAgIH1cbiAgICByZXR1cm4geyBzdGF0ZW1lbnRBZGRlZDogZmFsc2UgfTtcbiAgfVxuXG4gIC8qKlxuICAgKiBBZGRzIGEgU1NMIHBvbGljeSB0byB0aGUgdG9waWMgcmVzb3VyY2UgcG9saWN5LlxuICAgKi9cbiAgcHJvdGVjdGVkIGFkZFNTTFBvbGljeSgpOiB2b2lkIHtcbiAgICB0aGlzLmNyZWF0ZVRvcGljUG9saWN5KCk7XG5cbiAgICBpZiAodGhpcy5wb2xpY3kpIHtcbiAgICAgIHRoaXMucG9saWN5LmRvY3VtZW50LmFkZFN0YXRlbWVudHModGhpcy5jcmVhdGVTU0xQb2xpY3lEb2N1bWVudCgpKTtcbiAgICB9XG4gIH1cblxuICAvKipcbiAgICogQ3JlYXRlcyBhIHRvcGljIHBvbGljeSBmb3IgdGhpcyB0b3BpYy5cbiAgICovXG4gIHByb3RlY3RlZCBjcmVhdGVUb3BpY1BvbGljeSgpOiB2b2lkIHtcbiAgICBpZiAoIXRoaXMucG9saWN5ICYmIHRoaXMuYXV0b0NyZWF0ZVBvbGljeSkge1xuICAgICAgdGhpcy5wb2xpY3kgPSBuZXcgVG9waWNQb2xpY3kodGhpcywgXCJQb2xpY3lcIiwgeyB0b3BpY3M6IFt0aGlzXSB9KTtcbiAgICB9XG4gIH1cblxuICAvKipcbiAgICogQWRkcyBhIHN0YXRlbWVudCB0byBlbmZvcmNlIGVuY3J5cHRpb24gb2YgZGF0YSBpbiB0cmFuc2l0IHdoZW4gcHVibGlzaGluZyB0byB0aGUgdG9waWMuXG4gICAqXG4gICAqIEZvciBtb3JlIGluZm9ybWF0aW9uLCBzZWUgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL3Nucy9sYXRlc3QvZGcvc25zLXNlY3VyaXR5LWJlc3QtcHJhY3RpY2VzLmh0bWwjZW5mb3JjZS1lbmNyeXB0aW9uLWRhdGEtaW4tdHJhbnNpdC5cbiAgICovXG4gIHByb3RlY3RlZCBjcmVhdGVTU0xQb2xpY3lEb2N1bWVudCgpOiBpYW0uUG9saWN5U3RhdGVtZW50IHtcbiAgICByZXR1cm4gbmV3IGlhbS5Qb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgc2lkOiBcIkFsbG93UHVibGlzaFRocm91Z2hTU0xPbmx5XCIsXG4gICAgICBhY3Rpb25zOiBbXCJzbnM6UHVibGlzaFwiXSxcbiAgICAgIGVmZmVjdDogaWFtLkVmZmVjdC5ERU5ZLFxuICAgICAgcmVzb3VyY2VzOiBbdGhpcy50b3BpY0Fybl0sXG4gICAgICBjb25kaXRpb246IFtcbiAgICAgICAge1xuICAgICAgICAgIHRlc3Q6IFwiQm9vbFwiLFxuICAgICAgICAgIHZhbHVlczogW1wiZmFsc2VcIl0sXG4gICAgICAgICAgdmFyaWFibGU6IFwiYXdzOlNlY3VyZVRyYW5zcG9ydFwiLFxuICAgICAgICB9LFxuICAgICAgXSxcbiAgICAgIHByaW5jaXBhbHM6IFtuZXcgaWFtLlN0YXJQcmluY2lwYWwoKV0sXG4gICAgfSk7XG4gIH1cblxuICAvKipcbiAgICogR3JhbnQgdG9waWMgcHVibGlzaGluZyBwZXJtaXNzaW9ucyB0byB0aGUgZ2l2ZW4gaWRlbnRpdHlcbiAgICovXG4gIHB1YmxpYyBncmFudFB1Ymxpc2goZ3JhbnRlZTogaWFtLklHcmFudGFibGUpIHtcbiAgICBjb25zdCByZXQgPSBpYW0uR3JhbnQuYWRkVG9QcmluY2lwYWxPclJlc291cmNlKHtcbiAgICAgIGdyYW50ZWUsXG4gICAgICBhY3Rpb25zOiBbXCJzbnM6UHVibGlzaFwiXSxcbiAgICAgIHJlc291cmNlQXJuczogW3RoaXMudG9waWNBcm5dLFxuICAgICAgcmVzb3VyY2U6IHRoaXMsXG4gICAgfSk7XG4gICAgaWYgKHRoaXMubWFzdGVyS2V5KSB7XG4gICAgICB0aGlzLm1hc3RlcktleS5ncmFudChncmFudGVlLCBcImttczpEZWNyeXB0XCIsIFwia21zOkdlbmVyYXRlRGF0YUtleSpcIik7XG4gICAgfVxuICAgIHJldHVybiByZXQ7XG4gIH1cblxuICAvKipcbiAgICogR3JhbnQgdG9waWMgc3Vic2NyaWJpbmcgcGVybWlzc2lvbnMgdG8gdGhlIGdpdmVuIGlkZW50aXR5XG4gICAqL1xuICBwdWJsaWMgZ3JhbnRTdWJzY3JpYmUoZ3JhbnRlZTogaWFtLklHcmFudGFibGUpIHtcbiAgICByZXR1cm4gaWFtLkdyYW50LmFkZFRvUHJpbmNpcGFsT3JSZXNvdXJjZSh7XG4gICAgICBncmFudGVlLFxuICAgICAgYWN0aW9uczogW1wic25zOlN1YnNjcmliZVwiXSxcbiAgICAgIHJlc291cmNlQXJuczogW3RoaXMudG9waWNBcm5dLFxuICAgICAgcmVzb3VyY2U6IHRoaXMsXG4gICAgfSk7XG4gIH1cblxuICAvKipcbiAgICogUmVwcmVzZW50cyBhIG5vdGlmaWNhdGlvbiB0YXJnZXRcbiAgICogVGhhdCBhbGxvd3MgU05TIHRvcGljIHRvIGFzc29jaWF0ZSB3aXRoIHRoaXMgcnVsZSB0YXJnZXQuXG4gICAqL1xuICBwdWJsaWMgYmluZEFzTm90aWZpY2F0aW9uUnVsZVRhcmdldChcbiAgICBfc2NvcGU6IGNvbnN0cnVjdHMuQ29uc3RydWN0LFxuICApOiBOb3RpZmljYXRpb25SdWxlVGFyZ2V0Q29uZmlnIHtcbiAgICAvLyBTTlMgdG9waWMgbmVlZCB0byBncmFudCBjb2Rlc3Rhci1ub3RpZmljYXRpb25zIHNlcnZpY2UgdG8gcHVibGlzaFxuICAgIC8vIEBzZWUgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL2R0Y29uc29sZS9sYXRlc3QvdXNlcmd1aWRlL3NldC11cC1zbnMuaHRtbFxuICAgIHRoaXMuZ3JhbnRQdWJsaXNoKFxuICAgICAgbmV3IGlhbS5TZXJ2aWNlUHJpbmNpcGFsKFwiY29kZXN0YXItbm90aWZpY2F0aW9ucy5hbWF6b25hd3MuY29tXCIpLFxuICAgICk7XG4gICAgcmV0dXJuIHtcbiAgICAgIHRhcmdldFR5cGU6IFwiU05TXCIsXG4gICAgICB0YXJnZXRBZGRyZXNzOiB0aGlzLnRvcGljQXJuLFxuICAgIH07XG4gIH1cblxuICBwcml2YXRlIG5leHRUb2tlbklkKHNjb3BlOiBDb25zdHJ1Y3QpIHtcbiAgICBsZXQgbmV4dFN1ZmZpeCA9IDE7XG4gICAgY29uc3QgcmUgPSAvVG9rZW5TdWJzY3JpcHRpb246KFtcXGRdKikvZ207XG4gICAgLy8gU2VhcmNoIHRocm91Z2ggdGhlIGNvbnN0cnVjdCBhbmQgYWxsIG9mIGl0cyBjaGlsZHJlblxuICAgIC8vIGZvciBwcmV2aW91cyBzdWJzY3JpcHRpb25zIHRoYXQgbWF0Y2ggb3VyIHJlZ2V4IHBhdHRlcm5cbiAgICBmb3IgKGNvbnN0IHNvdXJjZSBvZiBzY29wZS5ub2RlLmZpbmRBbGwoKSkge1xuICAgICAgY29uc3QgbSA9IHJlLmV4ZWMoc291cmNlLm5vZGUuaWQpOyAvLyBVc2UgcmVnZXggdG8gZmluZCBhIG1hdGNoXG4gICAgICBpZiAobSAhPT0gbnVsbCkge1xuICAgICAgICAvLyBpZiB3ZSBmb3VuZCBhIG1hdGNoXG4gICAgICAgIGNvbnN0IG1hdGNoU3VmZml4ID0gcGFyc2VJbnQobVsxXSwgMTApOyAvLyBnZXQgdGhlIHN1ZmZpeCBmb3IgdGhhdCBtYXRjaCAoYXMgaW50ZWdlcilcbiAgICAgICAgaWYgKG1hdGNoU3VmZml4ID49IG5leHRTdWZmaXgpIHtcbiAgICAgICAgICAvLyBjaGVjayBpZiB0aGUgbWF0Y2ggc3VmZml4IGlzIGxhcmdlciBvciBlcXVhbCB0byBjdXJyZW50bHkgcHJvcG9zZWQgc3VmZml4XG4gICAgICAgICAgbmV4dFN1ZmZpeCA9IG1hdGNoU3VmZml4ICsgMTsgLy8gaW5jcmVtZW50IHRoZSBzdWZmaXhcbiAgICAgICAgfVxuICAgICAgfVxuICAgIH1cbiAgICByZXR1cm4gYFRva2VuU3Vic2NyaXB0aW9uOiR7bmV4dFN1ZmZpeH1gO1xuICB9XG59XG4iXX0=
|
|
@@ -0,0 +1,222 @@
|
|
|
1
|
+
import { Construct } from "constructs";
|
|
2
|
+
import { AwsConstructProps } from "../aws-construct";
|
|
3
|
+
import * as encryption from "../encryption";
|
|
4
|
+
import * as iam from "../iam";
|
|
5
|
+
import { ITopic, TopicBase } from "./topic-base";
|
|
6
|
+
/**
|
|
7
|
+
* Properties for a new SNS topic
|
|
8
|
+
*/
|
|
9
|
+
export interface TopicProps extends AwsConstructProps {
|
|
10
|
+
/**
|
|
11
|
+
* A developer-defined string that can be used to identify this SNS topic.
|
|
12
|
+
*
|
|
13
|
+
* The display name must be maximum 100 characters long, including hyphens (-),
|
|
14
|
+
* underscores (_), spaces, and tabs.
|
|
15
|
+
*
|
|
16
|
+
* @default None
|
|
17
|
+
*/
|
|
18
|
+
readonly displayName?: string;
|
|
19
|
+
/**
|
|
20
|
+
* A name for the topic.
|
|
21
|
+
*
|
|
22
|
+
* If you don't specify a name, AWS CloudFormation generates a unique
|
|
23
|
+
* physical ID and uses that ID for the topic name. For more information,
|
|
24
|
+
* see Name Type.
|
|
25
|
+
*
|
|
26
|
+
* @default Generated name
|
|
27
|
+
*/
|
|
28
|
+
readonly topicName?: string;
|
|
29
|
+
/**
|
|
30
|
+
* A KMS Key, either managed by this CDK app, or imported.
|
|
31
|
+
*
|
|
32
|
+
* @default None
|
|
33
|
+
*/
|
|
34
|
+
readonly masterKey?: encryption.IKey;
|
|
35
|
+
/**
|
|
36
|
+
* Enables content-based deduplication for FIFO topics.
|
|
37
|
+
*
|
|
38
|
+
* @default None
|
|
39
|
+
*/
|
|
40
|
+
readonly contentBasedDeduplication?: boolean;
|
|
41
|
+
/**
|
|
42
|
+
* Set to true to create a FIFO topic.
|
|
43
|
+
*
|
|
44
|
+
* @default None
|
|
45
|
+
*/
|
|
46
|
+
readonly fifo?: boolean;
|
|
47
|
+
/**
|
|
48
|
+
* The list of delivery status logging configurations for the topic.
|
|
49
|
+
*
|
|
50
|
+
* @see https://docs.aws.amazon.com/sns/latest/dg/sns-topic-attributes.html.
|
|
51
|
+
*
|
|
52
|
+
* @default None
|
|
53
|
+
*/
|
|
54
|
+
readonly loggingConfigs?: LoggingConfig[];
|
|
55
|
+
/**
|
|
56
|
+
* The number of days Amazon SNS retains messages.
|
|
57
|
+
*
|
|
58
|
+
* It can only be set for FIFO topics.
|
|
59
|
+
*
|
|
60
|
+
* @see https://docs.aws.amazon.com/sns/latest/dg/fifo-message-archiving-replay.html
|
|
61
|
+
*
|
|
62
|
+
* @default - do not archive messages
|
|
63
|
+
*/
|
|
64
|
+
readonly messageRetentionPeriodInDays?: number;
|
|
65
|
+
/**
|
|
66
|
+
* Adds a statement to enforce encryption of data in transit when publishing to the topic.
|
|
67
|
+
*
|
|
68
|
+
* @see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit.
|
|
69
|
+
*
|
|
70
|
+
* @default false
|
|
71
|
+
*/
|
|
72
|
+
readonly enforceSSL?: boolean;
|
|
73
|
+
/**
|
|
74
|
+
* The signature version corresponds to the hashing algorithm used while creating the signature of the notifications,
|
|
75
|
+
* subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS.
|
|
76
|
+
*
|
|
77
|
+
* @see https://docs.aws.amazon.com/sns/latest/dg/sns-verify-signature-of-message.html.
|
|
78
|
+
*
|
|
79
|
+
* @default 1
|
|
80
|
+
*/
|
|
81
|
+
readonly signatureVersion?: string;
|
|
82
|
+
/**
|
|
83
|
+
* Tracing mode of an Amazon SNS topic.
|
|
84
|
+
*
|
|
85
|
+
* @see https://docs.aws.amazon.com/sns/latest/dg/sns-active-tracing.html
|
|
86
|
+
*
|
|
87
|
+
* @default TracingConfig.PASS_THROUGH
|
|
88
|
+
*/
|
|
89
|
+
readonly tracingConfig?: TracingConfig;
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* A logging configuration for delivery status of messages sent from SNS topic to subscribed endpoints.
|
|
93
|
+
*
|
|
94
|
+
* @see https://docs.aws.amazon.com/sns/latest/dg/sns-topic-attributes.html.
|
|
95
|
+
*/
|
|
96
|
+
export interface LoggingConfig {
|
|
97
|
+
/**
|
|
98
|
+
* Indicates one of the supported protocols for the SNS topic.
|
|
99
|
+
*/
|
|
100
|
+
readonly protocol: LoggingProtocol;
|
|
101
|
+
/**
|
|
102
|
+
* The IAM role to be used when logging failed message deliveries in Amazon CloudWatch.
|
|
103
|
+
*
|
|
104
|
+
* @default None
|
|
105
|
+
*/
|
|
106
|
+
readonly failureFeedbackRole?: iam.IRole;
|
|
107
|
+
/**
|
|
108
|
+
* The IAM role to be used when logging successful message deliveries in Amazon CloudWatch.
|
|
109
|
+
*
|
|
110
|
+
* @default None
|
|
111
|
+
*/
|
|
112
|
+
readonly successFeedbackRole?: iam.IRole;
|
|
113
|
+
/**
|
|
114
|
+
* The percentage of successful message deliveries to be logged in Amazon CloudWatch.
|
|
115
|
+
*
|
|
116
|
+
* Valid values are integer between 0-100
|
|
117
|
+
*
|
|
118
|
+
* @default None
|
|
119
|
+
*/
|
|
120
|
+
readonly successFeedbackSampleRate?: number;
|
|
121
|
+
}
|
|
122
|
+
/**
|
|
123
|
+
* The type of supported protocol for delivery status logging.
|
|
124
|
+
*/
|
|
125
|
+
export declare enum LoggingProtocol {
|
|
126
|
+
/**
|
|
127
|
+
* HTTP
|
|
128
|
+
*/
|
|
129
|
+
HTTP = "http",// NOTE: AWSCDK enum value = "http/s",
|
|
130
|
+
/**
|
|
131
|
+
* Amazon Simple Queue Service
|
|
132
|
+
*/
|
|
133
|
+
SQS = "sqs",
|
|
134
|
+
/**
|
|
135
|
+
* AWS Lambda
|
|
136
|
+
*/
|
|
137
|
+
LAMBDA = "lambda",
|
|
138
|
+
/**
|
|
139
|
+
* Amazon Data Firehose
|
|
140
|
+
*/
|
|
141
|
+
FIREHOSE = "firehose",
|
|
142
|
+
/**
|
|
143
|
+
* Platform application endpoint
|
|
144
|
+
*/
|
|
145
|
+
APPLICATION = "application"
|
|
146
|
+
}
|
|
147
|
+
/**
|
|
148
|
+
* The tracing mode of an Amazon SNS topic
|
|
149
|
+
*/
|
|
150
|
+
export declare enum TracingConfig {
|
|
151
|
+
/**
|
|
152
|
+
* The mode that topic passes trace headers received from the Amazon SNS publisher to its subscription.
|
|
153
|
+
*/
|
|
154
|
+
PASS_THROUGH = "PassThrough",
|
|
155
|
+
/**
|
|
156
|
+
* The mode that Amazon SNS vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true.
|
|
157
|
+
*/
|
|
158
|
+
ACTIVE = "Active"
|
|
159
|
+
}
|
|
160
|
+
/**
|
|
161
|
+
* Represents an SNS topic defined outside of this stack.
|
|
162
|
+
*/
|
|
163
|
+
export interface TopicAttributes {
|
|
164
|
+
/**
|
|
165
|
+
* The ARN of the SNS topic.
|
|
166
|
+
*/
|
|
167
|
+
readonly topicArn: string;
|
|
168
|
+
/**
|
|
169
|
+
* KMS encryption key ARN, if this topic is server-side encrypted by a KMS key.
|
|
170
|
+
*
|
|
171
|
+
* @default - None
|
|
172
|
+
*/
|
|
173
|
+
readonly keyArn?: string;
|
|
174
|
+
/**
|
|
175
|
+
* Whether content-based deduplication is enabled.
|
|
176
|
+
* Only applicable for FIFO topics.
|
|
177
|
+
*
|
|
178
|
+
* @default false
|
|
179
|
+
*/
|
|
180
|
+
readonly contentBasedDeduplication?: boolean;
|
|
181
|
+
}
|
|
182
|
+
/**
|
|
183
|
+
* A new SNS topic
|
|
184
|
+
*
|
|
185
|
+
* @resource aws_sns_topic
|
|
186
|
+
*/
|
|
187
|
+
export declare class Topic extends TopicBase {
|
|
188
|
+
/**
|
|
189
|
+
* Import an existing SNS topic provided an ARN
|
|
190
|
+
*
|
|
191
|
+
* @param scope The parent creating construct
|
|
192
|
+
* @param id The construct's name
|
|
193
|
+
* @param topicArn topic ARN (i.e. arn:aws:sns:us-east-2:444455556666:MyTopic)
|
|
194
|
+
*/
|
|
195
|
+
static fromTopicArn(scope: Construct, id: string, topicArn: string): ITopic;
|
|
196
|
+
/**
|
|
197
|
+
* Import an existing SNS topic provided a topic attributes
|
|
198
|
+
*
|
|
199
|
+
* @param scope The parent creating construct
|
|
200
|
+
* @param id The construct's name
|
|
201
|
+
* @param attrs the attributes of the topic to import
|
|
202
|
+
*/
|
|
203
|
+
static fromTopicAttributes(scope: Construct, id: string, attrs: TopicAttributes): ITopic;
|
|
204
|
+
readonly topicArn: string;
|
|
205
|
+
readonly topicName: string;
|
|
206
|
+
readonly masterKey?: encryption.IKey;
|
|
207
|
+
readonly contentBasedDeduplication: boolean;
|
|
208
|
+
readonly fifo: boolean;
|
|
209
|
+
protected readonly autoCreatePolicy: boolean;
|
|
210
|
+
private readonly resource;
|
|
211
|
+
constructor(scope: Construct, id: string, props?: TopicProps);
|
|
212
|
+
/**
|
|
213
|
+
* Adds a delivery status logging configuration to the topic.
|
|
214
|
+
*/
|
|
215
|
+
addLoggingConfig(config: LoggingConfig): void;
|
|
216
|
+
/**
|
|
217
|
+
* Adds an IAM policy statement to enforce the use of TLS for publishing to this topic.
|
|
218
|
+
*
|
|
219
|
+
* @see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit
|
|
220
|
+
*/
|
|
221
|
+
protected addSSLPolicy(): void;
|
|
222
|
+
}
|