terruvim-core-test 0.0.1

package/dist/src/factories/backupPolicy.js

@@ -0,0 +1,152 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BackupPolicy = void 0;
+const aws = __importStar(require("@pulumi/aws"));
+const pulumi = __importStar(require("@pulumi/pulumi"));
+class BackupPolicy extends pulumi.ComponentResource {
+    accounts;
+    assumeRoleName;
+    backupRegion;
+    orgUnitId;
+    primaryRegions;
+    monthlyBackupPolicyIamRoleName = "MyMonthlyBackupIamRole";
+    constructor(name, args, opts) {
+        super("acme:policies:BackupPolicy", name, undefined, opts);
+        this.accounts = args.accounts;
+        this.assumeRoleName = args.assumeRoleName;
+        this.backupRegion = args.backupRegion;
+        this.orgUnitId = args.orgUnitId;
+        this.primaryRegions = args.primaryRegions;
+        for (const accountName of Object.keys(args.accounts)) {
+            const account = args.accounts[accountName];
+            const accountProvider = new aws.Provider(`${accountName}Provider`, {
+                assumeRole: {
+                    roleArn: pulumi.interpolate `arn:aws:iam::${account.id}:role/${this.assumeRoleName}`,
+                },
+                allowedAccountIds: [account.id],
+            }, { parent: this });
+            this.createBackupVault(accountName, accountProvider);
+            this.createBackupPolicyIamRole(accountName, accountProvider);
+        }
+        this.createMonthlyBackupPolicy();
+        super.registerOutputs();
+    }
+    createBackupVault(accountName, accountProvider) {
+        const vault = new aws.backup.Vault(`backupVault-${accountName}`, { name: "Default" }, { provider: accountProvider, parent: this });
+    }
+    createBackupPolicyIamRole(accountName, accountProvider) {
+        const backupPolicyRole = new aws.iam.Role(`${accountName}BackupPolicyRole`, {
+            name: this.monthlyBackupPolicyIamRoleName,
+            assumeRolePolicy: {
+                Statement: [
+                    {
+                        Effect: "Allow",
+                        Action: "sts:AssumeRole",
+                        Principal: { Service: "backup.amazonaws.com" },
+                    },
+                ],
+                Version: "2012-10-17",
+            },
+            managedPolicyArns: [
+                "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup",
+            ],
+        }, { provider: accountProvider, parent: this });
+    }
+    createMonthlyBackupPolicy() {
+        const content = this.getMonthlyBackupPolicyJson();
+        const backupPolicy = new aws.organizations.Policy("orgBackupPolicy", {
+            type: "BACKUP_POLICY",
+            content,
+        }, { parent: this });
+        const attachment = new aws.organizations.PolicyAttachment("orgBackupPolicyAttachment", {
+            policyId: backupPolicy.id,
+            targetId: this.orgUnitId,
+        }, { parent: this });
+    }
+    getMonthlyBackupPolicyJson() {
+        const backupVaultCopyAction = {};
+        backupVaultCopyAction[`arn:aws:backup:${this.backupRegion}:$account:backup-vault:Default`] = {
+            target_backup_vault_arn: {
+                "@@assign": `arn:aws:backup:${this.backupRegion}:$account:backup-vault:Default`,
+            },
+            lifecycle: {
+                move_to_cold_storage_after_days: {
+                    "@@assign": "30",
+                },
+                delete_after_days: {
+                    "@@assign": "365",
+                },
+            },
+        };
+        return JSON.stringify({
+            plans: {
+                Monthly_Backup_Plan: {
+                    regions: {
+                        "@@assign": this.primaryRegions,
+                    },
+                    rules: {
+                        Monthly: {
+                            schedule_expression: {
+                                "@@assign": "cron(0 5 1 * ? *)",
+                            },
+                            start_backup_window_minutes: { "@@assign": "480" },
+                            target_backup_vault_name: { "@@assign": "Default" },
+                            lifecycle: {
+                                move_to_cold_storage_after_days: {
+                                    "@@assign": "30",
+                                },
+                                delete_after_days: { "@@assign": "365" },
+                            },
+                            copy_actions: backupVaultCopyAction,
+                        },
+                    },
+                    selections: {
+                        tags: {
+                            Backup_Assignment: {
+                                iam_role_arn: {
+                                    "@@assign": `arn:aws:iam::$account:role/${this.monthlyBackupPolicyIamRoleName}`,
+                                },
+                                tag_key: { "@@assign": "BackupType" },
+                                tag_value: { "@@assign": ["MONTHLY"] },
+                            },
+                        },
+                    },
+                },
+            },
+        });
+    }
+}
+exports.BackupPolicy = BackupPolicy;

package/dist/src/factories/bastionFactory.js

@@ -0,0 +1,91 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BastionFactory = void 0;
+const aws = __importStar(require("@pulumi/aws"));
+const path = __importStar(require("path"));
+const resourceFactory_1 = require("./resourceFactory");
+const getOrCreateSshKeyPair_1 = require("./getOrCreateSshKeyPair");
+class BastionFactory extends resourceFactory_1.ResourceFactory {
+    async createResource(config, provider) {
+        const { vpcId, subnetId, sgId, ami, instanceType, keyName, publicKey, assetsPath } = config.inputs;
+        const meta = config.meta || {};
+        let finalKeyName = keyName;
+        let keyPair = undefined;
+        let privateKey = undefined;
+        let pubKey = publicKey;
+        const keysDir = assetsPath
+            ? path.join(assetsPath, "keys")
+            : path.resolve(__dirname, "../../assets/keys");
+        if (!finalKeyName) {
+            if (!pubKey) {
+                const keyPairObj = (0, getOrCreateSshKeyPair_1.getOrCreateSshKeyPair)(config.id, keysDir);
+                privateKey = keyPairObj.privateKey;
+                pubKey = keyPairObj.publicKey;
+            }
+            keyPair = new aws.ec2.KeyPair(`${meta.environment}-${config.id}-bastion-key`, {
+                publicKey: pubKey,
+            }, provider ? { provider } : undefined);
+            finalKeyName = undefined;
+        }
+        const instance = new aws.ec2.Instance(`${meta.environment}-${config.id}-bastion`, {
+            ami,
+            instanceType: instanceType || "t3.micro",
+            subnetId,
+            vpcSecurityGroupIds: [sgId],
+            keyName: keyPair ? keyPair.keyName : finalKeyName,
+            associatePublicIpAddress: true,
+            tags: {
+                Name: `${config.id}-bastion`,
+            },
+        }, provider ? { provider } : undefined);
+        return { instance, keyPair, privateKey };
+    }
+    getOutputs(resource) {
+        return {
+            publicIp: resource.instance.publicIp,
+            instanceId: resource.instance.id,
+            keyName: resource.keyPair?.keyName,
+            privateKey: resource.privateKey,
+            sgId: resource.instance.vpcSecurityGroupIds?.[0],
+        };
+    }
+    validateConfig(config) {
+        if (!config.inputs.vpcId || !config.inputs.subnetId || !config.inputs.sgId || !config.inputs.ami) {
+            throw new Error("Bastion config must include vpcId, subnetId, sgId, and ami in inputs");
+        }
+    }
+}
+exports.BastionFactory = BastionFactory;

package/dist/src/factories/bedrockFactory.js

@@ -0,0 +1,334 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BedrockFactory = void 0;
+const resourceFactory_1 = require("./resourceFactory");
+const validateBedrockConfig_1 = require("./validateBedrockConfig");
+const aws = __importStar(require("@pulumi/aws"));
+const pulumi = __importStar(require("@pulumi/pulumi"));
+class BedrockFactory extends resourceFactory_1.ResourceFactory {
+    async createResource(config) {
+        this.validateConfig(config);
+        const { foundationModel, knowledgeBases, agents, guardrails, monitoring, security, costOptimization } = config.configuration;
+        const { modelId, region, enableModelAccess = true, crossRegionInference = false } = foundationModel;
+        const current = aws.getCallerIdentity({});
+        const currentRegion = aws.getRegion({});
+        const accountId = current.then(acc => acc.accountId);
+        const deploymentRegion = region || currentRegion.then(r => r.name);
+        const modelArn = pulumi.interpolate `arn:aws:bedrock:${deploymentRegion}:${accountId}:inference-profile/${modelId}`;
+        const bedrockServiceRole = new aws.iam.Role(`${config.id}-bedrock-role`, {
+            assumeRolePolicy: JSON.stringify({
+                Version: "2012-10-17",
+                Statement: [
+                    {
+                        Effect: "Allow",
+                        Principal: {
+                            Service: "bedrock.amazonaws.com"
+                        },
+                        Action: "sts:AssumeRole"
+                    }
+                ]
+            }),
+            tags: {
+                Purpose: "Bedrock Service Role",
+                ModelId: modelId
+            }
+        });
+        const bedrockPolicy = new aws.iam.Policy(`${config.id}-bedrock-pol`, {
+            policy: pulumi.all([modelArn]).apply(([arn]) => JSON.stringify({
+                Version: "2012-10-17",
+                Statement: [
+                    {
+                        Effect: "Allow",
+                        Action: [
+                            "bedrock:InvokeModel",
+                            "bedrock:InvokeModelWithResponseStream",
+                            "bedrock:GetFoundationModel",
+                            "bedrock:ListFoundationModels",
+                            "bedrock:GetModelInvocationLoggingConfiguration",
+                            "bedrock:PutModelInvocationLoggingConfiguration"
+                        ],
+                        Resource: arn
+                    },
+                    {
+                        Effect: "Allow",
+                        Action: [
+                            "bedrock:RetrieveAndGenerate",
+                            "bedrock:Retrieve",
+                            "bedrock:InvokeAgent"
+                        ],
+                        Resource: "*"
+                    }
+                ]
+            }))
+        });
+        new aws.iam.RolePolicyAttachment(`${config.id}-bedrock-pol-att`, {
+            role: bedrockServiceRole.name,
+            policyArn: bedrockPolicy.arn
+        });
+        let outputs = {
+            modelArn: modelArn,
+            modelId,
+            region: pulumi.output(deploymentRegion),
+            iamRoleArn: bedrockServiceRole.arn
+        };
+        if (monitoring?.enableCloudWatchLogs) {
+            const logGroup = new aws.cloudwatch.LogGroup(`${config.id}-bedrock-logs`, {
+                name: monitoring.logGroupName || `/aws/bedrock/${config.id}`,
+                retentionInDays: 365,
+                tags: {
+                    Purpose: "Bedrock Monitoring",
+                    ModelId: modelId
+                }
+            });
+            outputs.logGroupArn = logGroup.arn;
+            const cloudWatchPolicy = new aws.iam.Policy(`${config.id}-cw-pol`, {
+                policy: pulumi.all([logGroup.arn]).apply(([logGroupArn]) => JSON.stringify({
+                    Version: "2012-10-17",
+                    Statement: [
+                        {
+                            Effect: "Allow",
+                            Action: [
+                                "logs:CreateLogGroup",
+                                "logs:CreateLogStream",
+                                "logs:PutLogEvents",
+                                "logs:DescribeLogGroups",
+                                "logs:DescribeLogStreams"
+                            ],
+                            Resource: [
+                                logGroupArn,
+                                `${logGroupArn}:*`
+                            ]
+                        }
+                    ]
+                }))
+            });
+            new aws.iam.RolePolicyAttachment(`${config.id}-cw-pol-att`, {
+                role: bedrockServiceRole.name,
+                policyArn: cloudWatchPolicy.arn
+            });
+        }
+        if (security?.enableEncryption) {
+            const kmsKey = new aws.kms.Key(`${config.id}-bedrock-kms`, {
+                description: `KMS key for Bedrock ${config.id} encryption`,
+                policy: pulumi.all([accountId]).apply(([accId]) => JSON.stringify({
+                    Version: "2012-10-17",
+                    Statement: [
+                        {
+                            Sid: "Enable IAM User Permissions",
+                            Effect: "Allow",
+                            Principal: {
+                                AWS: `arn:aws:iam::${accId}:root`
+                            },
+                            Action: "kms:*",
+                            Resource: "*"
+                        },
+                        {
+                            Sid: "Allow Bedrock service",
+                            Effect: "Allow",
+                            Principal: {
+                                Service: "bedrock.amazonaws.com"
+                            },
+                            Action: [
+                                "kms:Decrypt",
+                                "kms:GenerateDataKey",
+                                "kms:DescribeKey"
+                            ],
+                            Resource: "*"
+                        }
+                    ]
+                })),
+                tags: {
+                    Purpose: "Bedrock Encryption",
+                    ModelId: modelId
+                }
+            });
+            const kmsAlias = new aws.kms.Alias(`${config.id}-kms-alias`, {
+                name: `alias/bedrock-${config.id}`,
+                targetKeyId: kmsKey.keyId
+            });
+            outputs.kmsKeyArn = kmsKey.arn;
+        }
+        if (knowledgeBases && knowledgeBases.length > 0) {
+            const knowledgeBaseArns = [];
+            const knowledgeBaseIds = [];
+            for (const kbConfig of knowledgeBases) {
+                if (kbConfig.vectorDatabase.type === 'opensearch') {
+                    const opensearchRole = new aws.iam.Role(`${config.id}-os-${kbConfig.name}`, {
+                        assumeRolePolicy: JSON.stringify({
+                            Version: "2012-10-17",
+                            Statement: [
+                                {
+                                    Effect: "Allow",
+                                    Principal: {
+                                        Service: "bedrock.amazonaws.com"
+                                    },
+                                    Action: "sts:AssumeRole"
+                                }
+                            ]
+                        })
+                    });
+                    if (kbConfig.dataSource?.type === 's3') {
+                        const bucketArn = kbConfig.dataSource.s3Configuration?.bucketArn || "";
+                        const s3Policy = new aws.iam.Policy(`${config.id}-s3-${kbConfig.name}`, {
+                            policy: pulumi.output(bucketArn).apply(arn => JSON.stringify({
+                                Version: "2012-10-17",
+                                Statement: [
+                                    {
+                                        Effect: "Allow",
+                                        Action: [
+                                            "s3:GetObject",
+                                            "s3:ListBucket"
+                                        ],
+                                        Resource: [
+                                            arn,
+                                            `${arn}/*`
+                                        ]
+                                    }
+                                ]
+                            }))
+                        });
+                        new aws.iam.RolePolicyAttachment(`${config.id}-s3-att-${kbConfig.name}`, {
+                            role: opensearchRole.name,
+                            policyArn: s3Policy.arn
+                        });
+                    }
+                }
+            }
+            outputs.knowledgeBaseArns = knowledgeBaseArns;
+            outputs.knowledgeBaseIds = knowledgeBaseIds;
+        }
+        if (agents && agents.length > 0) {
+            const agentArns = [];
+            const agentIds = [];
+            const agentAliasArns = [];
+            for (const agentConfig of agents) {
+                const agentRole = new aws.iam.Role(`${config.id}-ag-${agentConfig.name}`, {
+                    assumeRolePolicy: JSON.stringify({
+                        Version: "2012-10-17",
+                        Statement: [
+                            {
+                                Effect: "Allow",
+                                Principal: {
+                                    Service: "bedrock.amazonaws.com"
+                                },
+                                Action: "sts:AssumeRole"
+                            }
+                        ]
+                    })
+                });
+                const agentModelArn = pulumi.interpolate `arn:aws:bedrock:${deploymentRegion}:${accountId}:inference-profile/${agentConfig.foundationModel}`;
+                const agentModelPolicy = new aws.iam.Policy(`${config.id}-mod-${agentConfig.name}`, {
+                    policy: pulumi.all([agentModelArn]).apply(([arn]) => JSON.stringify({
+                        Version: "2012-10-17",
+                        Statement: [
+                            {
+                                Effect: "Allow",
+                                Action: [
+                                    "bedrock:InvokeModel"
+                                ],
+                                Resource: arn
+                            }
+                        ]
+                    }))
+                });
+                new aws.iam.RolePolicyAttachment(`${config.id}-mod-att-${agentConfig.name}`, {
+                    role: agentRole.name,
+                    policyArn: agentModelPolicy.arn
+                });
+            }
+            outputs.agentArns = agentArns;
+            outputs.agentIds = agentIds;
+            outputs.agentAliasArns = agentAliasArns;
+        }
+        if (guardrails && guardrails.length > 0) {
+            const guardrailArns = [];
+            const guardrailIds = [];
+            outputs.guardrailArns = guardrailArns;
+            outputs.guardrailIds = guardrailIds;
+        }
+        if (security?.enableVpcEndpoint && security.vpcEndpointConfig && config.inputs?.vpcId) {
+            const vpcEndpoint = new aws.ec2.VpcEndpoint(`${config.id}-vpc-endpoint`, {
+                vpcId: config.inputs.vpcId,
+                serviceName: pulumi.interpolate `com.amazonaws.${deploymentRegion}.bedrock-runtime`,
+                vpcEndpointType: "Interface",
+                subnetIds: security.vpcEndpointConfig.subnetIds,
+                securityGroupIds: security.vpcEndpointConfig.securityGroupIds,
+                tags: {
+                    Purpose: "Bedrock VPC Endpoint",
+                    ModelId: modelId
+                }
+            });
+            outputs.vpcEndpointId = vpcEndpoint.id;
+        }
+        if (costOptimization?.enableProvisionedThroughput) {
+        }
+        console.log(`Configured Bedrock foundation model: ${modelId}`);
+        modelArn.apply(arn => console.log(`Model ARN: ${arn}`));
+        console.log(`Region: ${await deploymentRegion}`);
+        bedrockServiceRole.arn.apply(arn => console.log(`IAM Role ARN: ${arn}`));
+        return outputs;
+    }
+    getOutputs(resource) {
+        return resource;
+    }
+    validateConfig(config) {
+        (0, validateBedrockConfig_1.validateBedrockConfig)(config);
+        if (!config.configuration.foundationModel.modelId) {
+            throw new Error("Foundation model ID is required");
+        }
+        if (!config.configuration.foundationModel.region) {
+            throw new Error("Region is required for foundation model");
+        }
+        if (config.configuration.knowledgeBases) {
+            for (const kb of config.configuration.knowledgeBases) {
+                if (!kb.name || !kb.vectorDatabase.type) {
+                    throw new Error("Knowledge base name and vector database type are required");
+                }
+                if (kb.vectorDatabase.type === 'opensearch' && !kb.vectorDatabase.opensearchConfiguration) {
+                    throw new Error("OpenSearch configuration is required when using OpenSearch vector database");
+                }
+            }
+        }
+        if (config.configuration.agents) {
+            for (const agent of config.configuration.agents) {
+                if (!agent.name || !agent.foundationModel || !agent.instruction) {
+                    throw new Error("Agent name, foundation model, and instruction are required");
+                }
+            }
+        }
+    }
+}
+exports.BedrockFactory = BedrockFactory;

package/dist/src/factories/budgetFactory.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BudgetFactory = void 0;
+const resourceFactory_1 = require("./resourceFactory");
+const transformBudgetNotifications_1 = require("./transformBudgetNotifications");
+const transformBudgetCostFilters_1 = require("./transformBudgetCostFilters");
+const transformBudgetPlannedLimits_1 = require("./transformBudgetPlannedLimits");
+const createAwsBudget_1 = require("./createAwsBudget");
+class BudgetFactory extends resourceFactory_1.ResourceFactory {
+    async createResource(config) {
+        this.validateConfig(config);
+        const cfgArr = config.configuration ? config.configuration : config;
+        const budgets = [];
+        for (const item of cfgArr) {
+            const notifications = (0, transformBudgetNotifications_1.transformBudgetNotifications)(item.notifications);
+            const costFilters = (0, transformBudgetCostFilters_1.transformBudgetCostFilters)(item.costFilters);
+            const plannedLimits = (0, transformBudgetPlannedLimits_1.transformBudgetPlannedLimits)(item.plannedLimits);
+            const hasPlannedLimits = Array.isArray(plannedLimits) && plannedLimits.length > 0;
+            let autoAdjustData = item.autoAdjustData;
+            if (autoAdjustData && typeof autoAdjustData === 'object' && 'lastAutoAdjustTime' in autoAdjustData) {
+                const { lastAutoAdjustTime, ...rest } = autoAdjustData;
+                autoAdjustData = rest;
+            }
+            const args = {
+                name: item.name,
+                namePrefix: item.namePrefix,
+                budgetType: item.budgetType || "COST",
+                timeUnit: item.timeUnit || "MONTHLY",
+                costFilters,
+                notifications,
+                tags: item.tags,
+                costTypes: item.costTypes,
+                plannedLimits: hasPlannedLimits ? plannedLimits : undefined,
+                autoAdjustData: autoAdjustData,
+                timePeriodStart: item.timePeriodStart,
+                timePeriodEnd: item.timePeriodEnd,
+                accountId: item.accountId,
+            };
+            if (!hasPlannedLimits) {
+                args.limitAmount = item.limit !== undefined ? item.limit.toString() : undefined;
+                args.limitUnit = item.limitUnit || "USD";
+            }
+            budgets.push((0, createAwsBudget_1.createAwsBudget)(item, args));
+        }
+        return budgets;
+    }
+    getOutputs(resources) {
+        return {
+            budgetNames: resources.map(r => r.name),
+        };
+    }
+    validateConfig(config) {
+        const cfgArr = config.configuration ? config.configuration : config;
+        if (!Array.isArray(cfgArr) || cfgArr.length === 0) {
+            throw new Error("Budget config must include non-empty configuration array");
+        }
+        for (const item of cfgArr) {
+            if (!item.name && !item.namePrefix) {
+                throw new Error("Each budget must have name or namePrefix");
+            }
+        }
+    }
+}
+exports.BudgetFactory = BudgetFactory;