npm - terruvim-core-test - Versions diffs - 0.0.1 - Mend

terruvim-core-test 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (199) hide show

package/dist/src/core/config.js +2 -0
package/dist/src/core/configMerge.js +266 -0
package/dist/src/core/configUtils.js +72 -0
package/dist/src/core/dependencyResolver.js +17 -0
package/dist/src/core/deployUtils.js +73 -0
package/dist/src/core/dynamicResourceManager.js +709 -0
package/dist/src/core/entrypoint.js +56 -0
package/dist/src/core/generateFinalConfig.js +45 -0
package/dist/src/core/index.js +24 -0
package/dist/src/core/resourceMap.js +99 -0
package/dist/src/factories/accountPermissions.js +134 -0
package/dist/src/factories/acmFactory.js +30 -0
package/dist/src/factories/albFactory.js +331 -0
package/dist/src/factories/attachSecretAccessPolicy.js +56 -0
package/dist/src/factories/auroraFactory.js +619 -0
package/dist/src/factories/backupPolicy.js +152 -0
package/dist/src/factories/bastionFactory.js +91 -0
package/dist/src/factories/bedrockFactory.js +334 -0
package/dist/src/factories/budgetFactory.js +64 -0
package/dist/src/factories/buildAlbCloudWatchAlarmsHelper.js +79 -0
package/dist/src/factories/buildAlbCloudWatchDashboardHelper.js +106 -0
package/dist/src/factories/buildAlbListenerRulesHelper.js +45 -0
package/dist/src/factories/buildAlbListenersHelper.js +64 -0
package/dist/src/factories/buildAlbResourceHelper.js +54 -0
package/dist/src/factories/buildAlbRoute53RecordHelper.js +49 -0
package/dist/src/factories/buildAlbTargetGroupsHelper.js +47 -0
package/dist/src/factories/buildAlbWafAssociationHelper.js +43 -0
package/dist/src/factories/buildAndPushDockerImage.js +57 -0
package/dist/src/factories/buildAwsCloudWatchAlarmsHelper.js +118 -0
package/dist/src/factories/buildCloudFrontRoute53RecordHelper.js +49 -0
package/dist/src/factories/buildEcsClusterArgs.js +32 -0
package/dist/src/factories/buildEcsSecrets.js +48 -0
package/dist/src/factories/buildForceRedeployEnv.js +8 -0
package/dist/src/factories/buildResourceOptions.js +11 -0
package/dist/src/factories/buildS3StaticHostingCicdHelper.js +142 -0
package/dist/src/factories/buildS3StaticHostingCloudWatchDashboardHelper.js +122 -0
package/dist/src/factories/cloudTrailFactory.js +22 -0
package/dist/src/factories/cloudWatchCompositeAlarmFactory.js +91 -0
package/dist/src/factories/cloudWatchInsightsQueryFactory.js +83 -0
package/dist/src/factories/cloudWatchLogGroupFactory.js +84 -0
package/dist/src/factories/cloudfrontCodePipelineFactory.js +357 -0
package/dist/src/factories/cloudwatchAlarmsFactory.js +121 -0
package/dist/src/factories/codePipelineNotificationFactory.js +193 -0
package/dist/src/factories/codePipelineNotificationRulesFactory.js +117 -0
package/dist/src/factories/codeStarConnectionFactory.js +56 -0
package/dist/src/factories/collectSecretKeys.js +18 -0
package/dist/src/factories/comprehensiveNotificationFactory.js +250 -0
package/dist/src/factories/costAndUsageReportFactory.js +32 -0
package/dist/src/factories/createAwsAcmCertificate.js +40 -0
package/dist/src/factories/createAwsBudget.js +40 -0
package/dist/src/factories/createAwsCloudTrail.js +59 -0
package/dist/src/factories/createAwsCloudwatchDashboard.js +59 -0
package/dist/src/factories/createAwsEc2Instance.js +40 -0
package/dist/src/factories/createAwsEventBridgeEventBus.js +40 -0
package/dist/src/factories/createAwsGuardDutyDetector.js +40 -0
package/dist/src/factories/createAwsGuardDutyDetectorFeature.js +45 -0
package/dist/src/factories/createAwsGuardDutyFilter.js +46 -0
package/dist/src/factories/createAwsGuardDutyPublishingDestination.js +50 -0
package/dist/src/factories/createAwsHostedZone.js +40 -0
package/dist/src/factories/createAwsIamRole.js +49 -0
package/dist/src/factories/createAwsIamRoleInlinePolicies.js +48 -0
package/dist/src/factories/createAwsIdentitystoreGroup.js +44 -0
package/dist/src/factories/createAwsIdentitystoreGroupMembership.js +56 -0
package/dist/src/factories/createAwsIdentitystoreUser.js +47 -0
package/dist/src/factories/createAwsInspectorAssessmentTarget.js +47 -0
package/dist/src/factories/createAwsInspectorDelegatedAdminAccount.js +47 -0
package/dist/src/factories/createAwsInspectorEnabler.js +49 -0
package/dist/src/factories/createAwsInspectorOrganizationConfiguration.js +55 -0
package/dist/src/factories/createAwsKmsAliases.js +47 -0
package/dist/src/factories/createAwsKmsKey.js +51 -0
package/dist/src/factories/createAwsMacieAccount.js +45 -0
package/dist/src/factories/createAwsMacieClassificationJob.js +53 -0
package/dist/src/factories/createAwsMacieMember.js +49 -0
package/dist/src/factories/createAwsMacieOrganizationConfiguration.js +44 -0
package/dist/src/factories/createAwsRdsCluster.js +40 -0
package/dist/src/factories/createAwsRdsClusterInstance.js +40 -0
package/dist/src/factories/createAwsRdsInstance.js +40 -0
package/dist/src/factories/createAwsRdsSubnetGroup.js +40 -0
package/dist/src/factories/createAwsRoute53Record.js +40 -0
package/dist/src/factories/createAwsSecret.js +40 -0
package/dist/src/factories/createAwsSecretRotation.js +40 -0
package/dist/src/factories/createAwsSecretVersion.js +40 -0
package/dist/src/factories/createAwsSecurityGroup.js +40 -0
package/dist/src/factories/createAwsSecurityGroupRule.js +40 -0
package/dist/src/factories/createAwsSecurityHubAccount.js +40 -0
package/dist/src/factories/createAwsSecurityHubAutomationRule.js +48 -0
package/dist/src/factories/createAwsSecurityHubStandardsControl.js +44 -0
package/dist/src/factories/createAwsSecurityHubStandardsSubscription.js +42 -0
package/dist/src/factories/createAwsSesDomainDkim.js +40 -0
package/dist/src/factories/createAwsSesDomainIdentity.js +40 -0
package/dist/src/factories/createAwsSesEmailIdentity.js +40 -0
package/dist/src/factories/createAwsSnsSubscription.js +62 -0
package/dist/src/factories/createAwsSnsTopic.js +41 -0
package/dist/src/factories/createAwsSqsQueue.js +40 -0
package/dist/src/factories/createAwsSsmParameters.js +66 -0
package/dist/src/factories/createAwsSsoAccountAssignment.js +66 -0
package/dist/src/factories/createAwsSsoPermissionSet.js +64 -0
package/dist/src/factories/createAwsStepFunctionsStateMachine.js +40 -0
package/dist/src/factories/createBudget.js +56 -0
package/dist/src/factories/createBudgetWithSnsAlert.js +79 -0
package/dist/src/factories/createCostAndUsageReport.js +40 -0
package/dist/src/factories/createEcrRepo.js +69 -0
package/dist/src/factories/createEcsRolesAndPolicies.js +84 -0
package/dist/src/factories/createEcsService.js +71 -0
package/dist/src/factories/createEnvSecret.js +60 -0
package/dist/src/factories/createGithubCodeStarConnection.js +44 -0
package/dist/src/factories/createIamUserWithAccessKey.js +44 -0
package/dist/src/factories/createLambdaFunction.js +89 -0
package/dist/src/factories/createLambdaPermission.js +57 -0
package/dist/src/factories/createListenerRule.js +68 -0
package/dist/src/factories/createLogGroup.js +44 -0
package/dist/src/factories/createSlackChannelConfiguration.js +49 -0
package/dist/src/factories/createTargetGroup.js +50 -0
package/dist/src/factories/createTaskDefinition.js +49 -0
package/dist/src/factories/createVpcEndpoint.js +49 -0
package/dist/src/factories/dashboardFactory.js +94 -0
package/dist/src/factories/dataProtectionPolicyBuilder.js +103 -0
package/dist/src/factories/ec2Factory.js +67 -0
package/dist/src/factories/ecsClusterFactory.js +90 -0
package/dist/src/factories/ecsCodePipelineFactory.js +308 -0
package/dist/src/factories/ecsServiceFactory.js +350 -0
package/dist/src/factories/enhancedCloudFrontCodePipelineFactory.js +205 -0
package/dist/src/factories/enhancedEcsCodePipelineFactory.js +189 -0
package/dist/src/factories/eventBridgeBusFactory.js +84 -0
package/dist/src/factories/eventBridgeFactory.js +26 -0
package/dist/src/factories/eventBridgeRuleFactory.js +114 -0
package/dist/src/factories/fetchAllSecrets.js +51 -0
package/dist/src/factories/getDeterministicPriority.js +13 -0
package/dist/src/factories/getOrCreateSshKeyPair.js +57 -0
package/dist/src/factories/guardDutyFactory.js +151 -0
package/dist/src/factories/hostedZoneFactory.js +30 -0
package/dist/src/factories/iamRoleFactory.js +29 -0
package/dist/src/factories/inspectorFactory.js +109 -0
package/dist/src/factories/kmsKeyFactory.js +32 -0
package/dist/src/factories/lambdaFactory.js +133 -0
package/dist/src/factories/lambdaPermissionFactory.js +32 -0
package/dist/src/factories/logDataProtectionPolicyFactory.js +81 -0
package/dist/src/factories/macieFactory.js +85 -0
package/dist/src/factories/networkingFactory.js +429 -0
package/dist/src/factories/opensearchCollectionFactory.js +109 -0
package/dist/src/factories/organizationFactory.js +221 -0
package/dist/src/factories/processReservedInstances.js +6 -0
package/dist/src/factories/processSavingsPlans.js +43 -0
package/dist/src/factories/rdsFactory.js +40 -0
package/dist/src/factories/recordFactory.js +36 -0
package/dist/src/factories/resolveEnvSecrets.js +14 -0
package/dist/src/factories/resourceFactory.js +12 -0
package/dist/src/factories/s3Factory.js +262 -0
package/dist/src/factories/s3StaticHostingFactory.backup.js +424 -0
package/dist/src/factories/s3StaticHostingFactory.js +348 -0
package/dist/src/factories/s3StaticHostingFactory.refactored.js +334 -0
package/dist/src/factories/savingsPlanFactory.js +26 -0
package/dist/src/factories/secretsManagerFactory.js +107 -0
package/dist/src/factories/securityGroupFactory.js +28 -0
package/dist/src/factories/securityGroupRuleFactory.js +43 -0
package/dist/src/factories/securityHubFactory.js +96 -0
package/dist/src/factories/sesDomainDkimFactory.js +25 -0
package/dist/src/factories/sesFactory.js +25 -0
package/dist/src/factories/sesIdentitiesFactory.js +134 -0
package/dist/src/factories/simpleNotificationFactory.js +112 -0
package/dist/src/factories/smtpUserFactory.js +108 -0
package/dist/src/factories/snsFactory.js +87 -0
package/dist/src/factories/sqsFactory.js +41 -0
package/dist/src/factories/ssmParameterFactory.js +67 -0
package/dist/src/factories/ssoFactory.js +32 -0
package/dist/src/factories/ssoGroupFactory.js +41 -0
package/dist/src/factories/ssoPermissionSetFactory.js +29 -0
package/dist/src/factories/ssoUserFactory.js +30 -0
package/dist/src/factories/stepFunctionsFactory.js +32 -0
package/dist/src/factories/tagPolicies.js +99 -0
package/dist/src/factories/transformBudgetCostFilters.js +8 -0
package/dist/src/factories/transformBudgetNotifications.js +12 -0
package/dist/src/factories/transformBudgetPlannedLimits.js +8 -0
package/dist/src/factories/types.js +2 -0
package/dist/src/factories/validateAcmConfig.js +26 -0
package/dist/src/factories/validateAuroraConfig.js +8 -0
package/dist/src/factories/validateBedrockConfig.js +124 -0
package/dist/src/factories/validateDashboardConfig.js +28 -0
package/dist/src/factories/validateEventBridgeConfig.js +14 -0
package/dist/src/factories/validateHostedZoneConfig.js +26 -0
package/dist/src/factories/validateIamRoleConfig.js +8 -0
package/dist/src/factories/validateKmsKeyConfig.js +8 -0
package/dist/src/factories/validateRdsConfig.js +17 -0
package/dist/src/factories/validateRoute53RecordConfig.js +41 -0
package/dist/src/factories/validateS3Config.js +8 -0
package/dist/src/factories/validateSecretsManagerConfig.js +8 -0
package/dist/src/factories/validateSecurityGroupConfig.js +8 -0
package/dist/src/factories/validateSecurityGroupRuleConfig.js +8 -0
package/dist/src/factories/validateSesDomainDkimConfig.js +8 -0
package/dist/src/factories/validateSesDomainIdentityConfig.js +8 -0
package/dist/src/factories/validateSesIdentitiesConfig.js +40 -0
package/dist/src/factories/validateSnsConfig.js +11 -0
package/dist/src/factories/validateSqsConfig.js +11 -0
package/dist/src/factories/validateSsmParameterFactoryConfig.js +9 -0
package/dist/src/factories/validateStepFunctionsConfig.js +8 -0
package/dist/src/factories/vpcEndpointFactory.js +98 -0
package/dist/src/factories/wafFactory.js +499 -0
package/package.json +71 -0
package/scripts/copy-assets.js +136 -0

package/dist/src/factories/auroraFactory.js ADDED Viewed

@@ -0,0 +1,619 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuroraFactory = void 0;
+const aws = __importStar(require("@pulumi/aws"));
+const pulumi = __importStar(require("@pulumi/pulumi"));
+const resourceFactory_1 = require("./resourceFactory");
+const validateAuroraConfig_1 = require("./validateAuroraConfig");
+const createAwsRdsSubnetGroup_1 = require("./createAwsRdsSubnetGroup");
+const createAwsRdsCluster_1 = require("./createAwsRdsCluster");
+const createAwsRdsClusterInstance_1 = require("./createAwsRdsClusterInstance");
+const dataProtectionPolicyBuilder_1 = require("./dataProtectionPolicyBuilder");
+class AuroraFactory extends resourceFactory_1.ResourceFactory {
+    async createResource(config, provider) {
+        (0, validateAuroraConfig_1.validateAuroraConfig)(config);
+        if (!config.inputs.sgId) {
+            throw new Error("AuroraFactory: sgId must be provided in inputs (create security group separately)");
+        }
+        const monitoringRole = this.createMonitoringRole(config, provider);
+        const subnetGroup = (0, createAwsRdsSubnetGroup_1.createAwsRdsSubnetGroup)(`${config.meta.environment}-${config.id}-subnet-group`, {
+            subnetIds: config.inputs.subnetIds || [],
+            description: `Subnet group for ${config.id}`,
+        }, provider ? { provider } : undefined);
+        const isServerlessV2 = !!config.configuration.serverlessV2ScalingConfiguration;
+        const securityConfig = {
+            storageEncrypted: config.configuration.storageEncrypted ?? true,
+            kmsKeyId: config.configuration.kmsKeyId,
+            deletionProtection: config.configuration.deletionProtection ?? true,
+            iamDatabaseAuthenticationEnabled: config.configuration.enableIAMDatabaseAuthentication ?? true,
+            copyTagsToSnapshot: config.configuration.copyTagsToSnapshot ?? true,
+            skipFinalSnapshot: config.configuration.skipFinalSnapshot ?? false,
+            finalSnapshotIdentifier: config.configuration.finalSnapshotIdentifier,
+            allowMajorVersionUpgrade: config.configuration.allowMajorVersionUpgrade ?? false,
+            performanceInsightsEnabled: config.configuration.performanceInsightsEnabled ?? true,
+            performanceInsightsKmsKeyId: config.configuration.performanceInsightsKmsKeyId,
+            performanceInsightsRetentionPeriod: config.configuration.performanceInsightsRetentionPeriod ?? 7,
+            monitoringInterval: config.configuration.monitoringInterval ?? 60,
+            monitoringRoleArn: monitoringRole?.arn || config.configuration.monitoringRoleArn,
+            backupRetentionPeriod: config.configuration.backupRetentionPeriod ?? 35,
+            preferredBackupWindow: config.configuration.preferredBackupWindow ?? "03:00-04:00",
+            preferredMaintenanceWindow: config.configuration.preferredMaintenanceWindow ?? "sun:04:00-sun:05:00",
+            enabledCloudwatchLogsExports: config.configuration.enabledCloudwatchLogsExports ?? ["postgresql"],
+            networkType: config.configuration.networkType ?? "IPV4",
+            dbClusterParameterGroupName: config.configuration.dbClusterParameterGroupName,
+            enableHttpEndpoint: config.configuration.enableHttpEndpoint ?? false,
+            enableGlobalWriteForwarding: config.configuration.enableGlobalWriteForwarding ?? false,
+        };
+        const clusterConfig = {
+            engine: config.configuration.engine,
+            engineMode: isServerlessV2 ? "provisioned" : config.configuration.engineMode,
+            engineVersion: config.configuration.engineVersion,
+            databaseName: config.configuration.dbName,
+            masterUsername: config.configuration.username,
+            masterPassword: config.configuration.password,
+            vpcSecurityGroupIds: [config.inputs.sgId],
+            dbSubnetGroupName: subnetGroup.name,
+            tags: config.configuration.tags,
+            ...securityConfig,
+        };
+        if (isServerlessV2) {
+            clusterConfig.serverlessv2ScalingConfiguration = config.configuration.serverlessV2ScalingConfiguration;
+        }
+        const cluster = (0, createAwsRdsCluster_1.createAwsRdsCluster)(`${config.meta.environment}-${config.id}`, clusterConfig, provider ? { provider } : undefined);
+        if (isServerlessV2) {
+            (0, createAwsRdsClusterInstance_1.createAwsRdsClusterInstance)(`${config.meta.environment}-${config.id}-instance`, {
+                identifier: `${config.meta.environment}-${config.id}-aurora-cluster-instance`,
+                clusterIdentifier: cluster.id,
+                instanceClass: "db.serverless",
+                engine: config.configuration.engine,
+                engineVersion: config.configuration.engineVersion,
+                performanceInsightsEnabled: securityConfig.performanceInsightsEnabled,
+                performanceInsightsKmsKeyId: securityConfig.performanceInsightsKmsKeyId,
+                performanceInsightsRetentionPeriod: securityConfig.performanceInsightsRetentionPeriod,
+                monitoringInterval: securityConfig.monitoringInterval,
+                monitoringRoleArn: monitoringRole?.arn || securityConfig.monitoringRoleArn,
+                tags: config.configuration.tags,
+            }, provider ? { provider } : undefined);
+        }
+        else if (config.configuration.engineMode !== "serverless" && !isServerlessV2) {
+            const timestamp = Date.now().toString().slice(-8);
+            (0, createAwsRdsClusterInstance_1.createAwsRdsClusterInstance)(`${config.meta.environment}-${config.id}-instance`, {
+                identifier: `${config.meta.environment}-${config.id}-aurora-instance-${timestamp}`,
+                clusterIdentifier: cluster.id,
+                instanceClass: config.configuration.instanceClass,
+                engine: config.configuration.engine,
+                engineVersion: config.configuration.engineVersion,
+                performanceInsightsEnabled: securityConfig.performanceInsightsEnabled,
+                performanceInsightsKmsKeyId: securityConfig.performanceInsightsKmsKeyId,
+                performanceInsightsRetentionPeriod: securityConfig.performanceInsightsRetentionPeriod,
+                monitoringInterval: securityConfig.monitoringInterval,
+                monitoringRoleArn: monitoringRole?.arn || securityConfig.monitoringRoleArn,
+                tags: config.configuration.tags,
+            }, provider ? { provider } : undefined);
+        }
+        this.createAuroraAutoScaling(config, cluster, provider);
+        if (config.crossRegionBackup?.enabled) {
+            await this.createCrossRegionBackup(config, cluster, provider);
+        }
+        if (config.configuration.cloudwatchLogsDataProtection?.enabled) {
+            const enabledLogs = config.configuration.enabledCloudwatchLogsExports || ["postgresql"];
+            for (const logType of enabledLogs) {
+                const logGroupName = `/aws/rds/cluster/${config.meta.environment}-${config.id}/${logType}`;
+                const logGroup = new aws.cloudwatch.LogGroup(`${config.meta.environment}-${config.id}-${logType}-log-group`, {
+                    name: logGroupName,
+                    retentionInDays: 365,
+                    tags: config.configuration.tags,
+                }, {
+                    provider: provider,
+                    dependsOn: [cluster]
+                });
+                const dataProtectionPolicy = this.buildDataProtectionPolicy(config.configuration.cloudwatchLogsDataProtection, logGroupName);
+                new aws.cloudwatch.LogDataProtectionPolicy(`${config.meta.environment}-${config.id}-${logType}-data-protection`, {
+                    logGroupName: logGroupName,
+                    policyDocument: JSON.stringify(dataProtectionPolicy),
+                }, {
+                    provider: provider,
+                    dependsOn: [cluster, logGroup]
+                });
+            }
+        }
+        return cluster;
+    }
+    createMonitoringRole(config, provider) {
+        const monitoringInterval = config.configuration.monitoringInterval;
+        if (!monitoringInterval || monitoringInterval === 0) {
+            return undefined;
+        }
+        const monitoringRole = new aws.iam.Role(`${config.meta.environment}-${config.id}-monitoring-role`, {
+            assumeRolePolicy: JSON.stringify({
+                Version: "2012-10-17",
+                Statement: [
+                    {
+                        Action: "sts:AssumeRole",
+                        Effect: "Allow",
+                        Principal: {
+                            Service: "monitoring.rds.amazonaws.com"
+                        }
+                    }
+                ]
+            }),
+            tags: {
+                ...config.configuration.tags,
+                Purpose: "RDS Enhanced Monitoring"
+            }
+        }, provider ? { provider } : undefined);
+        new aws.iam.RolePolicyAttachment(`${config.meta.environment}-${config.id}-monitoring-policy`, {
+            role: monitoringRole.name,
+            policyArn: "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
+        }, provider ? { provider } : undefined);
+        return monitoringRole;
+    }
+    createAuroraAutoScaling(config, cluster, provider) {
+        if (!config.autoScaling?.enabled) {
+            return;
+        }
+        const autoScalingConfig = config.autoScaling;
+        const resourceId = cluster.clusterIdentifier.apply(id => `cluster:${id}`);
+        const scalableTarget = new aws.appautoscaling.Target(`${config.meta.environment}-${config.id}-autoscaling-target`, {
+            serviceNamespace: "rds",
+            resourceId: resourceId,
+            scalableDimension: "rds:cluster:ReadReplicaCount",
+            minCapacity: autoScalingConfig.minCapacity,
+            maxCapacity: autoScalingConfig.maxCapacity,
+        }, provider ? { provider } : undefined);
+        if (autoScalingConfig.targetCpuUtilization) {
+            new aws.appautoscaling.Policy(`${config.meta.environment}-${config.id}-cpu-scaling-policy`, {
+                name: `${config.meta.environment}-${config.id}-cpu-scaling-policy`,
+                serviceNamespace: scalableTarget.serviceNamespace,
+                resourceId: scalableTarget.resourceId,
+                scalableDimension: scalableTarget.scalableDimension,
+                policyType: "TargetTrackingScaling",
+                targetTrackingScalingPolicyConfiguration: {
+                    targetValue: autoScalingConfig.targetCpuUtilization,
+                    predefinedMetricSpecification: {
+                        predefinedMetricType: "RDSReaderAverageCPUUtilization",
+                    },
+                    scaleInCooldown: autoScalingConfig.scaleInCooldown || 300,
+                    scaleOutCooldown: autoScalingConfig.scaleOutCooldown || 300,
+                },
+            }, provider ? { provider, dependsOn: [scalableTarget] } : { dependsOn: [scalableTarget] });
+        }
+    }
+    async createCrossRegionBackup(config, cluster, provider) {
+        const backupConfig = config.crossRegionBackup;
+        const resolvedBackupRegion = backupConfig.backupRegion.startsWith('${')
+            ? config.meta.variables?.backupRegion || 'eu-west-3'
+            : backupConfig.backupRegion;
+        if (backupConfig.enableLambdaBackups === false) {
+        }
+        if (backupConfig.globalDatabase?.enabled) {
+            const configuredGlobalClusterIdentifier = backupConfig.globalDatabase.globalClusterIdentifier ||
+                `global-${config.meta.environment}-${config.id}`;
+            const globalClusterIdentifier = configuredGlobalClusterIdentifier.includes('${meta.environment}')
+                ? configuredGlobalClusterIdentifier.replace('${meta.environment}', config.meta.environment).toLowerCase()
+                : configuredGlobalClusterIdentifier.toLowerCase();
+            const globalCluster = new aws.rds.GlobalCluster(`${config.meta.environment}-${config.id}-global-cluster`, {
+                globalClusterIdentifier: globalClusterIdentifier,
+                engine: config.configuration.engine || "aurora-postgresql",
+                engineVersion: config.configuration.engineVersion || "16.6",
+                storageEncrypted: config.configuration.storageEncrypted ?? true,
+                deletionProtection: config.configuration.deletionProtection ?? false,
+                forceDestroy: true,
+            }, provider ? { provider } : undefined);
+        }
+        if (backupConfig.snapshotCopy?.enabled && backupConfig.enableLambdaBackups !== false) {
+            const snapshotRule = new aws.cloudwatch.EventRule(`${config.meta.environment}-${config.id}-snapshot-rule`, {
+                name: `${config.meta.environment}-${config.id}-snapshot-rule`,
+                description: `Automated Aurora snapshot copy to ${resolvedBackupRegion}`,
+                scheduleExpression: `rate(${backupConfig.snapshotCopy.copyInterval || 24} hours)`,
+                state: "ENABLED",
+            }, provider ? { provider } : undefined);
+            const snapshotLogGroup = new aws.cloudwatch.LogGroup(`${config.meta.environment}-${config.id}-snapshot-logs`, {
+                name: `/aws/lambda/${config.meta.environment}-${config.id}-aurora-snapshot-copy`,
+                retentionInDays: 365,
+            }, provider ? { provider } : undefined);
+            const snapshotLambdaRole = new aws.iam.Role(`${config.meta.environment}-${config.id}-snapshot-lambda-role`, {
+                assumeRolePolicy: JSON.stringify({
+                    Version: "2012-10-17",
+                    Statement: [
+                        {
+                            Action: "sts:AssumeRole",
+                            Effect: "Allow",
+                            Principal: {
+                                Service: "lambda.amazonaws.com"
+                            }
+                        }
+                    ]
+                })
+            }, provider ? { provider } : undefined);
+            const snapshotLambdaPolicy = new aws.iam.RolePolicy(`${config.meta.environment}-${config.id}-snapshot-lambda-policy`, {
+                role: snapshotLambdaRole.id,
+                policy: JSON.stringify({
+                    Version: "2012-10-17",
+                    Statement: [
+                        {
+                            Effect: "Allow",
+                            Action: [
+                                "logs:CreateLogGroup",
+                                "logs:CreateLogStream",
+                                "logs:PutLogEvents"
+                            ],
+                            Resource: "arn:aws:logs:*:*:*"
+                        },
+                        {
+                            Effect: "Allow",
+                            Action: [
+                                "rds:DescribeDBClusters",
+                                "rds:DescribeDBClusterSnapshots",
+                                "rds:CreateDBClusterSnapshot",
+                                "rds:CopyDBClusterSnapshot",
+                                "rds:DeleteDBClusterSnapshot"
+                            ],
+                            Resource: "*"
+                        },
+                        {
+                            Effect: "Allow",
+                            Action: [
+                                "kms:Decrypt",
+                                "kms:DescribeKey",
+                                "kms:Encrypt",
+                                "kms:GenerateDataKey*",
+                                "kms:ReEncrypt*"
+                            ],
+                            Resource: "*"
+                        }
+                    ]
+                })
+            }, provider ? { provider } : undefined);
+            const snapshotLambda = new aws.lambda.Function(`${config.meta.environment}-${config.id}-snapshot-lambda`, {
+                name: `${config.meta.environment}-${config.id}-aurora-snapshot-copy`,
+                role: snapshotLambdaRole.arn,
+                handler: "index.handler",
+                runtime: "python3.9",
+                timeout: 300,
+                code: new pulumi.asset.AssetArchive({
+                    "index.py": new pulumi.asset.StringAsset(`
+import boto3
+import json
+import os
+from datetime import datetime
+def handler(event, context):
+    cluster_id = os.environ['CLUSTER_ID']
+    backup_region = os.environ['BACKUP_REGION']
+    retention_days = int(os.environ.get('RETENTION_DAYS', '14'))
+    # Create RDS clients for both regions
+    source_rds = boto3.client('rds')
+    target_rds = boto3.client('rds', region_name=backup_region)
+    try:
+        # Create snapshot in source region
+        timestamp = datetime.now().strftime('%Y-%m-%d-%H-%M-%S')
+        snapshot_id = f"{cluster_id}-snapshot-{timestamp}"
+        print(f"Creating snapshot {snapshot_id} for cluster {cluster_id}")
+        source_rds.create_db_cluster_snapshot(
+            DBClusterSnapshotIdentifier=snapshot_id,
+            DBClusterIdentifier=cluster_id
+        )
+        # Wait for snapshot to be available
+        waiter = source_rds.get_waiter('db_cluster_snapshot_completed')
+        waiter.wait(DBClusterSnapshotIdentifier=snapshot_id)
+        # Copy snapshot to backup region
+        source_snapshot_arn = f"arn:aws:rds:eu-central-1:{context.invoked_function_arn.split(':')[4]}:cluster-snapshot:{snapshot_id}"
+        target_snapshot_id = f"{cluster_id}-backup-{timestamp}"
+        print(f"Copying snapshot to {backup_region} as {target_snapshot_id}")
+        copy_params = {
+            'SourceDBClusterSnapshotIdentifier': source_snapshot_arn,
+            'TargetDBClusterSnapshotIdentifier': target_snapshot_id,
+            'CopyTags': True
+        }
+        # Add KMS key if provided for encrypted snapshots
+        target_kms_key = os.environ.get('TARGET_KMS_KEY_ID')
+        if target_kms_key:
+            copy_params['KmsKeyId'] = target_kms_key
+            print(f"Using KMS key for cross-region encryption: {target_kms_key}")
+        target_rds.copy_db_cluster_snapshot(**copy_params)
+        # Clean up old snapshots (retention policy)
+        snapshots = target_rds.describe_db_cluster_snapshots(
+            SnapshotType='manual',
+            DBClusterIdentifier=cluster_id
+        )
+        # Sort by creation time and delete old ones
+        old_snapshots = sorted(
+            [s for s in snapshots['DBClusterSnapshots'] if s['DBClusterSnapshotIdentifier'].startswith(f"{cluster_id}-backup-")],
+            key=lambda x: x['SnapshotCreateTime']
+        )[:-retention_days]
+        for old_snapshot in old_snapshots:
+            print(f"Deleting old snapshot {old_snapshot['DBClusterSnapshotIdentifier']}")
+            target_rds.delete_db_cluster_snapshot(
+                DBClusterSnapshotIdentifier=old_snapshot['DBClusterSnapshotIdentifier']
+            )
+        return {
+            'statusCode': 200,
+            'body': json.dumps(f'Successfully copied snapshot {snapshot_id} to {backup_region}')
+        }
+    except Exception as e:
+        print(f"Error: {str(e)}")
+        return {
+            'statusCode': 500,
+            'body': json.dumps(f'Error: {str(e)}')
+        }
+`)
+                }),
+                environment: {
+                    variables: {
+                        CLUSTER_ID: cluster.clusterIdentifier,
+                        BACKUP_REGION: resolvedBackupRegion,
+                        RETENTION_DAYS: (backupConfig.snapshotCopy.retentionPeriod || 14).toString(),
+                        TARGET_KMS_KEY_ID: backupConfig.snapshotCopy.kmsKeyId || "",
+                    }
+                },
+            }, {
+                provider: provider,
+                dependsOn: [snapshotLogGroup, snapshotLambdaPolicy]
+            });
+            const snapshotLambdaPermission = new aws.lambda.Permission(`${config.meta.environment}-${config.id}-snapshot-lambda-permission`, {
+                action: "lambda:InvokeFunction",
+                function: snapshotLambda.name,
+                principal: "events.amazonaws.com",
+                sourceArn: snapshotRule.arn,
+            }, provider ? { provider } : undefined);
+            const snapshotTarget = new aws.cloudwatch.EventTarget(`${config.meta.environment}-${config.id}-snapshot-target`, {
+                rule: snapshotRule.name,
+                targetId: "SnapshotCopyTarget",
+                arn: snapshotLambda.arn,
+            }, provider ? { provider } : undefined);
+        }
+        if (backupConfig.crossRegionBackups?.enabled && backupConfig.enableLambdaBackups !== false) {
+            const backupProvider = new aws.Provider(`${config.meta.environment}-${config.id}-backup-provider`, {
+                region: resolvedBackupRegion,
+                profile: aws.config.profile,
+                allowedAccountIds: aws.config.allowedAccountIds,
+            });
+            const backupRule = new aws.cloudwatch.EventRule(`${config.meta.environment}-${config.id}-backup-rule`, {
+                name: `${config.meta.environment}-${config.id}-cross-region-backup`,
+                description: `Automated cross-region backup for Aurora cluster`,
+                scheduleExpression: `cron(0 1 * * ? *)`,
+                state: "ENABLED",
+            }, provider ? { provider } : undefined);
+            const backupLogGroup = new aws.cloudwatch.LogGroup(`${config.meta.environment}-${config.id}-backup-logs`, {
+                name: `/aws/lambda/${config.meta.environment}-${config.id}-aurora-backup`,
+                retentionInDays: 365,
+            }, provider ? { provider } : undefined);
+            const backupLambdaRole = new aws.iam.Role(`${config.meta.environment}-${config.id}-backup-lambda-role`, {
+                assumeRolePolicy: JSON.stringify({
+                    Version: "2012-10-17",
+                    Statement: [
+                        {
+                            Action: "sts:AssumeRole",
+                            Effect: "Allow",
+                            Principal: {
+                                Service: "lambda.amazonaws.com"
+                            }
+                        }
+                    ]
+                })
+            }, provider ? { provider } : undefined);
+            const backupLambdaPolicy = new aws.iam.RolePolicy(`${config.meta.environment}-${config.id}-backup-lambda-policy`, {
+                role: backupLambdaRole.id,
+                policy: JSON.stringify({
+                    Version: "2012-10-17",
+                    Statement: [
+                        {
+                            Effect: "Allow",
+                            Action: [
+                                "logs:CreateLogGroup",
+                                "logs:CreateLogStream",
+                                "logs:PutLogEvents"
+                            ],
+                            Resource: "arn:aws:logs:*:*:*"
+                        },
+                        {
+                            Effect: "Allow",
+                            Action: [
+                                "rds:DescribeDBClusters",
+                                "rds:DescribeDBClusterSnapshots",
+                                "rds:CreateDBClusterSnapshot",
+                                "rds:CopyDBClusterSnapshot",
+                                "rds:DeleteDBClusterSnapshot",
+                                "rds:RestoreDBClusterFromSnapshot",
+                                "rds:DescribeDBClusterBackups"
+                            ],
+                            Resource: "*"
+                        },
+                        {
+                            Effect: "Allow",
+                            Action: [
+                                "kms:Decrypt",
+                                "kms:DescribeKey",
+                                "kms:Encrypt",
+                                "kms:GenerateDataKey*",
+                                "kms:ReEncrypt*"
+                            ],
+                            Resource: "*"
+                        }
+                    ]
+                })
+            }, provider ? { provider } : undefined);
+            const backupLambda = new aws.lambda.Function(`${config.meta.environment}-${config.id}-backup-lambda`, {
+                name: `${config.meta.environment}-${config.id}-aurora-backup`,
+                role: backupLambdaRole.arn,
+                handler: "index.handler",
+                runtime: "python3.9",
+                timeout: 600,
+                code: new pulumi.asset.AssetArchive({
+                    "index.py": new pulumi.asset.StringAsset(`
+import boto3
+import json
+import os
+from datetime import datetime, timedelta
+def handler(event, context):
+    cluster_id = os.environ['CLUSTER_ID']
+    backup_region = os.environ['BACKUP_REGION']
+    retention_days = int(os.environ.get('RETENTION_DAYS', '7'))
+    # Create RDS clients for both regions
+    source_rds = boto3.client('rds')
+    target_rds = boto3.client('rds', region_name=backup_region)
+    try:
+        # Get cluster info
+        cluster_info = source_rds.describe_db_clusters(
+            DBClusterIdentifier=cluster_id
+        )['DBClusters'][0]
+        # Create cross-region automated backup snapshot
+        timestamp = datetime.now().strftime('%Y-%m-%d-%H-%M-%S')
+        backup_id = f"{cluster_id}-auto-backup-{timestamp}"
+        print(f"Creating automated backup {backup_id} for cluster {cluster_id}")
+        # Create snapshot in source region
+        source_rds.create_db_cluster_snapshot(
+            DBClusterSnapshotIdentifier=backup_id,
+            DBClusterIdentifier=cluster_id,
+            Tags=[
+                {
+                    'Key': 'BackupType',
+                    'Value': 'CrossRegionAutomated'
+                },
+                {
+                    'Key': 'SourceRegion',
+                    'Value': os.environ.get('AWS_REGION', 'eu-central-1')
+                },
+                {
+                    'Key': 'CreatedBy',
+                    'Value': 'Aurora-CrossRegion-Backup-Lambda'
+                }
+            ]
+        )
+        # Wait for snapshot to be available
+        waiter = source_rds.get_waiter('db_cluster_snapshot_completed')
+        waiter.wait(
+            DBClusterSnapshotIdentifier=backup_id,
+            WaiterConfig={'Delay': 30, 'MaxAttempts': 60}
+        )
+        # Copy to backup region
+        source_snapshot_arn = f"arn:aws:rds:eu-central-1:{context.invoked_function_arn.split(':')[4]}:cluster-snapshot:{backup_id}"
+        target_backup_id = f"{cluster_id}-cross-region-{timestamp}"
+        print(f"Copying backup to {backup_region} as {target_backup_id}")
+        copy_params = {
+            'SourceDBClusterSnapshotIdentifier': source_snapshot_arn,
+            'TargetDBClusterSnapshotIdentifier': target_backup_id,
+            'CopyTags': True,
+            'Tags': [
+                {
+                    'Key': 'BackupType',
+                    'Value': 'CrossRegionAutomated'
+                },
+                {
+                    'Key': 'SourceRegion',
+                    'Value': os.environ.get('AWS_REGION', 'eu-central-1')
+                }
+            ]
+        }
+        # Add KMS key if provided for encrypted snapshots
+        target_kms_key = os.environ.get('TARGET_KMS_KEY_ID')
+        if target_kms_key:
+            copy_params['KmsKeyId'] = target_kms_key
+            print(f"Using KMS key for cross-region encryption: {target_kms_key}")
+        target_rds.copy_db_cluster_snapshot(**copy_params)
+        # Clean up old automated backups in backup region
+        cutoff_date = datetime.now() - timedelta(days=retention_days)
+        snapshots = target_rds.describe_db_cluster_snapshots(
+            SnapshotType='manual',
+            DBClusterIdentifier=cluster_id
+        )
+        for snapshot in snapshots['DBClusterSnapshots']:
+            if (snapshot['DBClusterSnapshotIdentifier'].startswith(f"{cluster_id}-cross-region-") and
+                snapshot['SnapshotCreateTime'].replace(tzinfo=None) < cutoff_date):
+                print(f"Deleting old backup {snapshot['DBClusterSnapshotIdentifier']}")
+                target_rds.delete_db_cluster_snapshot(
+                    DBClusterSnapshotIdentifier=snapshot['DBClusterSnapshotIdentifier']
+                )
+        return {
+            'statusCode': 200,
+            'body': json.dumps({
+                'message': f'Successfully created cross-region backup {target_backup_id}',
+                'sourceSnapshot': backup_id,
+                'targetSnapshot': target_backup_id,
+                'backupRegion': backup_region
+            })
+        }
+    except Exception as e:
+        print(f"Error in cross-region backup: {str(e)}")
+        return {
+            'statusCode': 500,
+            'body': json.dumps(f'Error: {str(e)}')
+        }
+`)
+                }),
+                environment: {
+                    variables: {
+                        CLUSTER_ID: cluster.clusterIdentifier,
+                        BACKUP_REGION: resolvedBackupRegion,
+                        RETENTION_DAYS: (backupConfig.crossRegionBackups.retentionPeriod || 7).toString(),
+                        TARGET_KMS_KEY_ID: backupConfig.crossRegionBackups.kmsKeyId || "",
+                    }
+                },
+            }, {
+                provider: provider,
+                dependsOn: [backupLogGroup, backupLambdaPolicy]
+            });
+            const backupLambdaPermission = new aws.lambda.Permission(`${config.meta.environment}-${config.id}-backup-lambda-permission`, {
+                action: "lambda:InvokeFunction",
+                function: backupLambda.name,
+                principal: "events.amazonaws.com",
+                sourceArn: backupRule.arn,
+            }, provider ? { provider } : undefined);
+            const backupTarget = new aws.cloudwatch.EventTarget(`${config.meta.environment}-${config.id}-backup-target`, {
+                rule: backupRule.name,
+                targetId: "CrossRegionBackupTarget",
+                arn: backupLambda.arn,
+            }, provider ? { provider } : undefined);
+        }
+    }
+    buildDataProtectionPolicy(dataProtectionConfig, logGroupName) {
+        return (0, dataProtectionPolicyBuilder_1.buildDataProtectionPolicy)(dataProtectionConfig, logGroupName, dataProtectionPolicyBuilder_1.DEFAULT_DATA_IDENTIFIERS.DATABASE_LOGS, "Aurora");
+    }
+    getOutputs(resource) {
+        return {
+            id: resource.id,
+            endpoint: resource.endpoint,
+            arn: resource.arn,
+            sgId: resource.vpcSecurityGroupIds,
+            subnetGroupName: resource.dbSubnetGroupName,
+            clusterId: resource.clusterIdentifier,
+        };
+    }
+    validateConfig(config) {
+        (0, validateAuroraConfig_1.validateAuroraConfig)(config);
+    }
+}
+exports.AuroraFactory = AuroraFactory;