From e837d5131ddd66e29bd7acd56528fe5aa2aafe31 Mon Sep 17 00:00:00 2001 From: Fabrizio Cafolla Date: Mon, 13 Feb 2023 12:32:34 +0100 Subject: [PATCH] feat(refactoring): modules path (#9) --- docs/docs/api.md | 6054 +++++++++++++++-- src/common/env.ts | 1 - src/common/index.ts | 3 + src/constructs/.gitkeep | 0 src/constructs/aws-lambda/index.ts | 120 +- src/constructs/aws-lambda/lambda-extension.ts | 119 + src/constructs/index.ts | 1 - src/index.ts | 5 +- src/stacks/index.ts | 4 +- src/stacks/monitoring/index.ts | 1 - src/stacks/{monitoring => }/newrelic.ts | 4 +- src/stacks/{oidc/github.ts => oidc.ts} | 4 +- src/stacks/oidc/index.ts | 1 - 13 files changed, 5625 insertions(+), 692 deletions(-) create mode 100644 src/common/index.ts delete mode 100644 src/constructs/.gitkeep create mode 100644 src/constructs/aws-lambda/lambda-extension.ts delete mode 100644 src/constructs/index.ts delete mode 100644 src/stacks/monitoring/index.ts rename src/stacks/{monitoring => }/newrelic.ts (98%) rename src/stacks/{oidc/github.ts => oidc.ts} (98%) delete mode 100644 src/stacks/oidc/index.ts diff --git a/docs/docs/api.md b/docs/docs/api.md index c2c1fa5..2ab0d44 100644 --- a/docs/docs/api.md +++ b/docs/docs/api.md @@ -414,7 +414,7 @@ public addBaseTags(model: any, props?: BaseTagProps): void ###### `props`Optional -- *Type:* neulabs-cdk-constructs.utils.BaseTagProps +- *Type:* neulabs-cdk-constructs.common.BaseTagProps --- @@ -874,39 +874,39 @@ public readonly stage: string; --- -### NewRelicStack +### Function -#### Initializers +#### Initializers ```typescript -import { stacks } from 'neulabs-cdk-constructs' +import { aws_lambda } from 'neulabs-cdk-constructs' -new stacks.NewRelicStack(scope: Construct, id: string, props: NewRelicStackProps) +new aws_lambda.Function(scope: Construct, id: string, props: FunctionProps) ``` | **Name** | **Type** | **Description** | | --- | --- | --- | -| scope | constructs.Construct | *No description.* | -| id | string | *No description.* | -| props | neulabs-cdk-constructs.stacks.NewRelicStackProps | *No description.* | +| scope | constructs.Construct | *No description.* | +| id | string | *No description.* | +| props | neulabs-cdk-constructs.aws_lambda.FunctionProps | *No description.* | --- -##### `scope`Required +##### `scope`Required - *Type:* constructs.Construct --- -##### `id`Required +##### `id`Required - *Type:* string --- -##### `props`Required +##### `props`Required -- *Type:* neulabs-cdk-constructs.stacks.NewRelicStackProps +- *Type:* neulabs-cdk-constructs.aws_lambda.FunctionProps --- @@ -914,32 +914,31 @@ new stacks.NewRelicStack(scope: Construct, id: string, props: NewRelicStackProps | **Name** | **Description** | | --- | --- | -| toString | Returns a string representation of this construct. | -| addDependency | Add a dependency between this stack and another stack. | -| addMetadata | Adds an arbitary key-value pair, with information you want to record about the stack. | -| addTransform | Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template. | -| exportValue | Create a CloudFormation Export for a value. | -| formatArn | Creates an ARN from components. | -| getLogicalId | Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource. | -| regionalFact | Look up a fact value for the given fact for the region of this stack. | -| renameLogicalId | Rename a generated logical identities. | -| reportMissingContextKey | Indicate that a context key was expected. | -| resolve | Resolve a tokenized value in the context of the current stack. | -| splitArn | Splits the provided ARN into its components. | -| toJsonString | Convert an object, potentially containing tokens, to a JSON string. | -| addBaseTags | *No description.* | -| createResourcesGroup | *No description.* | -| createCloudwatchLogsStreamRole | *No description.* | -| createCloudwatchMetricStream | *No description.* | -| createFirehoseBucket | *No description.* | -| createFirehoseRole | *No description.* | -| createFirehoseStream | *No description.* | -| createNewRelicRole | *No description.* | -| createSecrets | *No description.* | - ---- - -##### `toString` +| toString | Returns a string representation of this construct. | +| applyRemovalPolicy | Apply the given removal policy to this resource. | +| addEventSource | Adds an event source to this function. | +| addEventSourceMapping | Adds an event source that maps to this AWS Lambda function. | +| addFunctionUrl | Adds a url to this lambda function. | +| addPermission | Adds a permission to the Lambda resource policy. | +| addToRolePolicy | Adds a statement to the IAM role assumed by the instance. | +| configureAsyncInvoke | Configures options for asynchronous invocation. | +| considerWarningOnInvokeFunctionPermissions | A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function. | +| grantInvoke | Grant the given identity permissions to invoke this Lambda. | +| grantInvokeUrl | Grant the given identity permissions to invoke this Lambda Function URL. | +| metric | Return the given named metric for this Function. | +| metricDuration | How long execution of this Lambda takes. | +| metricErrors | How many invocations of this Lambda fail. | +| metricInvocations | How often this Lambda is invoked. | +| metricThrottles | How often this Lambda is throttled. | +| addAlias | Defines an alias for this function. | +| addEnvironment | Adds an environment variable to this Lambda function. | +| addLayers | Adds one or more Lambda Layers to this Lambda function. | +| addBaseEnvironment | *No description.* | +| addBaseTags | *No description.* | + +--- + +##### `toString` ```typescript public toString(): string @@ -947,1032 +946,5848 @@ public toString(): string Returns a string representation of this construct. -##### `addDependency` +##### `applyRemovalPolicy` ```typescript -public addDependency(target: Stack, reason?: string): void +public applyRemovalPolicy(policy: RemovalPolicy): void ``` -Add a dependency between this stack and another stack. - -This can be used to define dependencies between any two stacks within an -app, and also supports nested stacks. - -###### `target`Required +Apply the given removal policy to this resource. -- *Type:* aws-cdk-lib.Stack +The Removal Policy controls what happens to this resource when it stops +being managed by CloudFormation, either because you've removed it from the +CDK application or because you've made a change that requires the resource +to be replaced. ---- +The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS +account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). -###### `reason`Optional +###### `policy`Required -- *Type:* string +- *Type:* aws-cdk-lib.RemovalPolicy --- -##### `addMetadata` +##### `addEventSource` ```typescript -public addMetadata(key: string, value: any): void +public addEventSource(source: IEventSource): void ``` -Adds an arbitary key-value pair, with information you want to record about the stack. +Adds an event source to this function. -These get translated to the Metadata section of the generated template. +Event sources are implemented in the @aws-cdk/aws-lambda-event-sources module. -> [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html) +The following example adds an SQS Queue as an event source: +``` +import { SqsEventSource } from '@aws-cdk/aws-lambda-event-sources'; +myFunction.addEventSource(new SqsEventSource(myQueue)); +``` -###### `key`Required +###### `source`Required -- *Type:* string +- *Type:* aws-cdk-lib.aws_lambda.IEventSource --- -###### `value`Required +##### `addEventSourceMapping` -- *Type:* any +```typescript +public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping +``` ---- +Adds an event source that maps to this AWS Lambda function. -##### `addTransform` +###### `id`Required -```typescript -public addTransform(transform: string): void -``` +- *Type:* string -Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template. +--- -Duplicate values are removed when stack is synthesized. +###### `options`Required -> [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html) +- *Type:* aws-cdk-lib.aws_lambda.EventSourceMappingOptions -*Example* +--- -```typescript -declare const stack: Stack; +##### `addFunctionUrl` -stack.addTransform('AWS::Serverless-2016-10-31') +```typescript +public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl ``` +Adds a url to this lambda function. -###### `transform`Required - -- *Type:* string +###### `options`Optional -The transform to add. +- *Type:* aws-cdk-lib.aws_lambda.FunctionUrlOptions --- -##### `exportValue` +##### `addPermission` ```typescript -public exportValue(exportedValue: any, options?: ExportValueOptions): string +public addPermission(id: string, permission: Permission): void ``` -Create a CloudFormation Export for a value. +Adds a permission to the Lambda resource policy. -Returns a string representing the corresponding `Fn.importValue()` -expression for this Export. You can control the name for the export by -passing the `name` option. +> [Permission for details.](Permission for details.) -If you don't supply a value for `name`, the value you're exporting must be -a Resource attribute (for example: `bucket.bucketName`) and it will be -given the same name as the automatic cross-stack reference that would be created -if you used the attribute in another Stack. +###### `id`Required -One of the uses for this method is to *remove* the relationship between -two Stacks established by automatic cross-stack references. It will -temporarily ensure that the CloudFormation Export still exists while you -remove the reference from the consuming stack. After that, you can remove -the resource and the manual export. +- *Type:* string -## Example +The id for the permission construct. -Here is how the process works. Let's say there are two stacks, -`producerStack` and `consumerStack`, and `producerStack` has a bucket -called `bucket`, which is referenced by `consumerStack` (perhaps because -an AWS Lambda Function writes into it, or something like that). +--- -It is not safe to remove `producerStack.bucket` because as the bucket is being -deleted, `consumerStack` might still be using it. +###### `permission`Required -Instead, the process takes two deployments: +- *Type:* aws-cdk-lib.aws_lambda.Permission -### Deployment 1: break the relationship +The permission to grant to this Lambda function. -- Make sure `consumerStack` no longer references `bucket.bucketName` (maybe the consumer - stack now uses its own bucket, or it writes to an AWS DynamoDB table, or maybe you just - remove the Lambda Function altogether). -- In the `ProducerStack` class, call `this.exportValue(this.bucket.bucketName)`. This - will make sure the CloudFormation Export continues to exist while the relationship - between the two stacks is being broken. -- Deploy (this will effectively only change the `consumerStack`, but it's safe to deploy both). +--- -### Deployment 2: remove the bucket resource +##### `addToRolePolicy` -- You are now free to remove the `bucket` resource from `producerStack`. -- Don't forget to remove the `exportValue()` call as well. -- Deploy again (this time only the `producerStack` will be changed -- the bucket will be deleted). +```typescript +public addToRolePolicy(statement: PolicyStatement): void +``` -###### `exportedValue`Required +Adds a statement to the IAM role assumed by the instance. -- *Type:* any +###### `statement`Required + +- *Type:* aws-cdk-lib.aws_iam.PolicyStatement --- -###### `options`Optional +##### `configureAsyncInvoke` -- *Type:* aws-cdk-lib.ExportValueOptions +```typescript +public configureAsyncInvoke(options: EventInvokeConfigOptions): void +``` + +Configures options for asynchronous invocation. + +###### `options`Required + +- *Type:* aws-cdk-lib.aws_lambda.EventInvokeConfigOptions --- -##### `formatArn` +##### `considerWarningOnInvokeFunctionPermissions` ```typescript -public formatArn(components: ArnComponents): string +public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void ``` -Creates an ARN from components. +A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function. -If `partition`, `region` or `account` are not specified, the stack's -partition, region and account will be used. +function.currentVersion is invoked before or after the permission is created. -If any component is the empty string, an empty string will be inserted -into the generated ARN at the location that component corresponds to. +This applies only to permissions on Lambda functions, not versions or aliases. +This function is overridden as a noOp for QualifiedFunctionBase. -The ARN will be formatted as follows: +###### `scope`Required - arn:{partition}:{service}:{region}:{account}:{resource}{sep}{resource-name} +- *Type:* constructs.Construct -The required ARN pieces that are omitted will be taken from the stack that -the 'scope' is attached to. If all ARN pieces are supplied, the supplied scope -can be 'undefined'. +--- -###### `components`Required +###### `action`Required -- *Type:* aws-cdk-lib.ArnComponents +- *Type:* string --- -##### `getLogicalId` +##### `grantInvoke` ```typescript -public getLogicalId(element: CfnElement): string +public grantInvoke(grantee: IGrantable): Grant ``` -Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource. - -This method is called when a `CfnElement` is created and used to render the -initial logical identity of resources. Logical ID renames are applied at -this stage. - -This method uses the protected method `allocateLogicalId` to render the -logical ID for an element. To modify the naming scheme, extend the `Stack` -class and override this method. - -###### `element`Required +Grant the given identity permissions to invoke this Lambda. -- *Type:* aws-cdk-lib.CfnElement +###### `grantee`Required -The CloudFormation element for which a logical identity is needed. +- *Type:* aws-cdk-lib.aws_iam.IGrantable --- -##### `regionalFact` +##### `grantInvokeUrl` ```typescript -public regionalFact(factName: string, defaultValue?: string): string +public grantInvokeUrl(grantee: IGrantable): Grant ``` -Look up a fact value for the given fact for the region of this stack. +Grant the given identity permissions to invoke this Lambda Function URL. -Will return a definite value only if the region of the current stack is resolved. -If not, a lookup map will be added to the stack and the lookup will be done at -CDK deployment time. +###### `grantee`Required -What regions will be included in the lookup map is controlled by the -`@aws-cdk/core:target-partitions` context value: it must be set to a list -of partitions, and only regions from the given partitions will be included. -If no such context key is set, all regions will be included. +- *Type:* aws-cdk-lib.aws_iam.IGrantable -This function is intended to be used by construct library authors. Application -builders can rely on the abstractions offered by construct libraries and do -not have to worry about regional facts. +--- -If `defaultValue` is not given, it is an error if the fact is unknown for -the given region. +##### `metric` -###### `factName`Required +```typescript +public metric(metricName: string, props?: MetricOptions): Metric +``` + +Return the given named metric for this Function. + +###### `metricName`Required - *Type:* string --- -###### `defaultValue`Optional +###### `props`Optional -- *Type:* string +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions --- -##### `renameLogicalId` +##### `metricDuration` ```typescript -public renameLogicalId(oldId: string, newId: string): void +public metricDuration(props?: MetricOptions): Metric ``` -Rename a generated logical identities. +How long execution of this Lambda takes. -To modify the naming scheme strategy, extend the `Stack` class and -override the `allocateLogicalId` method. +Average over 5 minutes -###### `oldId`Required +###### `props`Optional -- *Type:* string +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions --- -###### `newId`Required +##### `metricErrors` -- *Type:* string +```typescript +public metricErrors(props?: MetricOptions): Metric +``` + +How many invocations of this Lambda fail. + +Sum over 5 minutes + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions --- -##### `reportMissingContextKey` +##### `metricInvocations` ```typescript -public reportMissingContextKey(report: MissingContext): void +public metricInvocations(props?: MetricOptions): Metric ``` -Indicate that a context key was expected. - -Contains instructions which will be emitted into the cloud assembly on how -the key should be supplied. +How often this Lambda is invoked. -###### `report`Required +Sum over 5 minutes -- *Type:* aws-cdk-lib.cloud_assembly_schema.MissingContext +###### `props`Optional -The set of parameters needed to obtain the context. +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions --- -##### `resolve` +##### `metricThrottles` ```typescript -public resolve(obj: any): any +public metricThrottles(props?: MetricOptions): Metric ``` -Resolve a tokenized value in the context of the current stack. +How often this Lambda is throttled. -###### `obj`Required +Sum over 5 minutes -- *Type:* any +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions --- -##### `splitArn` +##### `addAlias` ```typescript -public splitArn(arn: string, arnFormat: ArnFormat): ArnComponents +public addAlias(aliasName: string, options?: AliasOptions): Alias ``` -Splits the provided ARN into its components. +Defines an alias for this function. -Works both if 'arn' is a string like 'arn:aws:s3:::bucket', -and a Token representing a dynamic CloudFormation expression -(in which case the returned components will also be dynamic CloudFormation expressions, -encoded as Tokens). +The alias will automatically be updated to point to the latest version of +the function as it is being updated during a deployment. -###### `arn`Required +```ts +declare const fn: lambda.Function; + +fn.addAlias('Live'); + +// Is equivalent to + +new lambda.Alias(this, 'AliasLive', { + aliasName: 'Live', + version: fn.currentVersion, +}); +``` + +###### `aliasName`Required - *Type:* string -the ARN to split into its components. +The name of the alias. --- -###### `arnFormat`Required +###### `options`Optional -- *Type:* aws-cdk-lib.ArnFormat +- *Type:* aws-cdk-lib.aws_lambda.AliasOptions -the expected format of 'arn' - depends on what format the service 'arn' represents uses. +Alias options. --- -##### `toJsonString` +##### `addEnvironment` ```typescript -public toJsonString(obj: any, space?: number): string +public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function ``` -Convert an object, potentially containing tokens, to a JSON string. - -###### `obj`Required +Adds an environment variable to this Lambda function. -- *Type:* any +If this is a ref to a Lambda function, this operation results in a no-op. ---- +###### `key`Required -###### `space`Optional +- *Type:* string -- *Type:* number +The environment variable key. --- -##### `addBaseTags` - -```typescript -public addBaseTags(model: any, props?: BaseTagProps): void -``` +###### `value`Required -###### `model`Required +- *Type:* string -- *Type:* any +The environment variable's value. --- -###### `props`Optional +###### `options`Optional -- *Type:* neulabs-cdk-constructs.utils.BaseTagProps +- *Type:* aws-cdk-lib.aws_lambda.EnvironmentOptions + +Environment variable options. --- -##### `createResourcesGroup` +##### `addLayers` + +```typescript +public addLayers(layers: ILayerVersion): void +``` + +Adds one or more Lambda Layers to this Lambda function. + +###### `layers`Required + +- *Type:* aws-cdk-lib.aws_lambda.ILayerVersion + +the layers to be added. + +--- + +##### `addBaseEnvironment` + +```typescript +public addBaseEnvironment(): void +``` + +##### `addBaseTags` + +```typescript +public addBaseTags(): void +``` + +#### Static Functions + +| **Name** | **Description** | +| --- | --- | +| isConstruct | Checks if `x` is a construct. | +| isOwnedResource | Returns true if the construct was created by CDK, and false otherwise. | +| isResource | Check whether the given construct is a Resource. | +| classifyVersionProperty | Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource. | +| fromFunctionArn | Import a lambda function into the CDK using its ARN. | +| fromFunctionAttributes | Creates a Lambda function object which represents a function not defined within this stack. | +| fromFunctionName | Import a lambda function into the CDK using its name. | +| metricAll | Return the given named metric for this Lambda. | +| metricAllConcurrentExecutions | Metric for the number of concurrent executions across all Lambdas. | +| metricAllDuration | Metric for the Duration executing all Lambdas. | +| metricAllErrors | Metric for the number of Errors executing all Lambdas. | +| metricAllInvocations | Metric for the number of invocations of all Lambdas. | +| metricAllThrottles | Metric for the number of throttled invocations of all Lambdas. | +| metricAllUnreservedConcurrentExecutions | Metric for the number of unreserved concurrent executions across all Lambdas. | + +--- + +##### `isConstruct` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.isConstruct(x: any) +``` + +Checks if `x` is a construct. + +Use this method instead of `instanceof` to properly detect `Construct` +instances, even when the construct library is symlinked. + +Explanation: in JavaScript, multiple copies of the `constructs` library on +disk are seen as independent, completely different libraries. As a +consequence, the class `Construct` in each copy of the `constructs` library +is seen as a different class, and an instance of one class will not test as +`instanceof` the other class. `npm install` will not create installations +like this, but users may manually symlink construct libraries together or +use a monorepo tool: in those cases, multiple copies of the `constructs` +library can be accidentally installed, and `instanceof` will behave +unpredictably. It is safest to avoid using `instanceof`, and using +this type-testing method instead. + +###### `x`Required + +- *Type:* any + +Any object. + +--- + +##### `isOwnedResource` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.isOwnedResource(construct: IConstruct) +``` + +Returns true if the construct was created by CDK, and false otherwise. + +###### `construct`Required + +- *Type:* constructs.IConstruct + +--- + +##### `isResource` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.isResource(construct: IConstruct) +``` + +Check whether the given construct is a Resource. + +###### `construct`Required + +- *Type:* constructs.IConstruct + +--- + +##### `classifyVersionProperty` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.classifyVersionProperty(propertyName: string, locked: boolean) +``` + +Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource. + +See 'currentVersion' section in the module README for more details. + +###### `propertyName`Required + +- *Type:* string + +The property to classify. + +--- + +###### `locked`Required + +- *Type:* boolean + +whether the property should be associated to the version or not. + +--- + +##### `fromFunctionArn` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.fromFunctionArn(scope: Construct, id: string, functionArn: string) +``` + +Import a lambda function into the CDK using its ARN. + +###### `scope`Required + +- *Type:* constructs.Construct + +--- + +###### `id`Required + +- *Type:* string + +--- + +###### `functionArn`Required + +- *Type:* string + +--- + +##### `fromFunctionAttributes` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes) +``` + +Creates a Lambda function object which represents a function not defined within this stack. + +###### `scope`Required + +- *Type:* constructs.Construct + +The parent construct. + +--- + +###### `id`Required + +- *Type:* string + +The name of the lambda construct. + +--- + +###### `attrs`Required + +- *Type:* aws-cdk-lib.aws_lambda.FunctionAttributes + +the attributes of the function to import. + +--- + +##### `fromFunctionName` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.fromFunctionName(scope: Construct, id: string, functionName: string) +``` + +Import a lambda function into the CDK using its name. + +###### `scope`Required + +- *Type:* constructs.Construct + +--- + +###### `id`Required + +- *Type:* string + +--- + +###### `functionName`Required + +- *Type:* string + +--- + +##### `metricAll` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.metricAll(metricName: string, props?: MetricOptions) +``` + +Return the given named metric for this Lambda. + +###### `metricName`Required + +- *Type:* string + +--- + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricAllConcurrentExecutions` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.metricAllConcurrentExecutions(props?: MetricOptions) +``` + +Metric for the number of concurrent executions across all Lambdas. + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricAllDuration` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.metricAllDuration(props?: MetricOptions) +``` + +Metric for the Duration executing all Lambdas. + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricAllErrors` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.metricAllErrors(props?: MetricOptions) +``` + +Metric for the number of Errors executing all Lambdas. + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricAllInvocations` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.metricAllInvocations(props?: MetricOptions) +``` + +Metric for the number of invocations of all Lambdas. + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricAllThrottles` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.metricAllThrottles(props?: MetricOptions) +``` + +Metric for the number of throttled invocations of all Lambdas. + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricAllUnreservedConcurrentExecutions` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.Function.metricAllUnreservedConcurrentExecutions(props?: MetricOptions) +``` + +Metric for the number of unreserved concurrent executions across all Lambdas. + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +#### Properties + +| **Name** | **Type** | **Description** | +| --- | --- | --- | +| node | constructs.Node | The tree node. | +| env | aws-cdk-lib.ResourceEnvironment | The environment this resource belongs to. | +| stack | aws-cdk-lib.Stack | The stack in which this resource is defined. | +| architecture | aws-cdk-lib.aws_lambda.Architecture | The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64). | +| connections | aws-cdk-lib.aws_ec2.Connections | Access the Connections object. | +| functionArn | string | ARN of this function. | +| functionName | string | Name of this function. | +| grantPrincipal | aws-cdk-lib.aws_iam.IPrincipal | The principal this Lambda Function is running as. | +| isBoundToVpc | boolean | Whether or not this Lambda function was bound to a VPC. | +| latestVersion | aws-cdk-lib.aws_lambda.IVersion | The `$LATEST` version of this function. | +| permissionsNode | constructs.Node | The construct node where permissions are attached. | +| resourceArnsForGrantInvoke | string[] | The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke(). | +| role | aws-cdk-lib.aws_iam.IRole | Execution role associated with this function. | +| currentVersion | aws-cdk-lib.aws_lambda.Version | Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes. | +| logGroup | aws-cdk-lib.aws_logs.ILogGroup | The LogGroup where the Lambda function's logs are made available. | +| runtime | aws-cdk-lib.aws_lambda.Runtime | The runtime configured for this lambda. | +| deadLetterQueue | aws-cdk-lib.aws_sqs.IQueue | The DLQ (as queue) associated with this Lambda Function (this is an optional attribute). | +| deadLetterTopic | aws-cdk-lib.aws_sns.ITopic | The DLQ (as topic) associated with this Lambda Function (this is an optional attribute). | +| timeout | aws-cdk-lib.Duration | The timeout configured for this lambda. | +| stage | string | *No description.* | + +--- + +##### `node`Required + +```typescript +public readonly node: Node; +``` + +- *Type:* constructs.Node + +The tree node. + +--- + +##### `env`Required + +```typescript +public readonly env: ResourceEnvironment; +``` + +- *Type:* aws-cdk-lib.ResourceEnvironment + +The environment this resource belongs to. + +For resources that are created and managed by the CDK +(generally, those created by creating new class instances like Role, Bucket, etc.), +this is always the same as the environment of the stack they belong to; +however, for imported resources +(those obtained from static methods like fromRoleArn, fromBucketName, etc.), +that might be different than the stack they were imported into. + +--- + +##### `stack`Required + +```typescript +public readonly stack: Stack; +``` + +- *Type:* aws-cdk-lib.Stack + +The stack in which this resource is defined. + +--- + +##### `architecture`Required + +```typescript +public readonly architecture: Architecture; +``` + +- *Type:* aws-cdk-lib.aws_lambda.Architecture + +The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64). + +--- + +##### `connections`Required + +```typescript +public readonly connections: Connections; +``` + +- *Type:* aws-cdk-lib.aws_ec2.Connections + +Access the Connections object. + +Will fail if not a VPC-enabled Lambda Function + +--- + +##### `functionArn`Required + +```typescript +public readonly functionArn: string; +``` + +- *Type:* string + +ARN of this function. + +--- + +##### `functionName`Required + +```typescript +public readonly functionName: string; +``` + +- *Type:* string + +Name of this function. + +--- + +##### `grantPrincipal`Required + +```typescript +public readonly grantPrincipal: IPrincipal; +``` + +- *Type:* aws-cdk-lib.aws_iam.IPrincipal + +The principal this Lambda Function is running as. + +--- + +##### `isBoundToVpc`Required + +```typescript +public readonly isBoundToVpc: boolean; +``` + +- *Type:* boolean + +Whether or not this Lambda function was bound to a VPC. + +If this is is `false`, trying to access the `connections` object will fail. + +--- + +##### `latestVersion`Required + +```typescript +public readonly latestVersion: IVersion; +``` + +- *Type:* aws-cdk-lib.aws_lambda.IVersion + +The `$LATEST` version of this function. + +Note that this is reference to a non-specific AWS Lambda version, which +means the function this version refers to can return different results in +different invocations. + +To obtain a reference to an explicit version which references the current +function configuration, use `lambdaFunction.currentVersion` instead. + +--- + +##### `permissionsNode`Required + +```typescript +public readonly permissionsNode: Node; +``` + +- *Type:* constructs.Node + +The construct node where permissions are attached. + +--- + +##### `resourceArnsForGrantInvoke`Required + +```typescript +public readonly resourceArnsForGrantInvoke: string[]; +``` + +- *Type:* string[] + +The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke(). + +--- + +##### `role`Optional + +```typescript +public readonly role: IRole; +``` + +- *Type:* aws-cdk-lib.aws_iam.IRole + +Execution role associated with this function. + +--- + +##### `currentVersion`Required + +```typescript +public readonly currentVersion: Version; +``` + +- *Type:* aws-cdk-lib.aws_lambda.Version + +Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes. + +You can specify options for this version using the `currentVersionOptions` +prop when initializing the `lambda.Function`. + +--- + +##### `logGroup`Required + +```typescript +public readonly logGroup: ILogGroup; +``` + +- *Type:* aws-cdk-lib.aws_logs.ILogGroup + +The LogGroup where the Lambda function's logs are made available. + +If either `logRetention` is set or this property is called, a CloudFormation custom resource is added to the stack that +pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention +period (never expire, by default). + +Further, if the log group already exists and the `logRetention` is not set, the custom resource will reset the log retention +to never expire even if it was configured with a different value. + +--- + +##### `runtime`Required + +```typescript +public readonly runtime: Runtime; +``` + +- *Type:* aws-cdk-lib.aws_lambda.Runtime + +The runtime configured for this lambda. + +--- + +##### `deadLetterQueue`Optional + +```typescript +public readonly deadLetterQueue: IQueue; +``` + +- *Type:* aws-cdk-lib.aws_sqs.IQueue + +The DLQ (as queue) associated with this Lambda Function (this is an optional attribute). + +--- + +##### `deadLetterTopic`Optional + +```typescript +public readonly deadLetterTopic: ITopic; +``` + +- *Type:* aws-cdk-lib.aws_sns.ITopic + +The DLQ (as topic) associated with this Lambda Function (this is an optional attribute). + +--- + +##### `timeout`Optional + +```typescript +public readonly timeout: Duration; +``` + +- *Type:* aws-cdk-lib.Duration + +The timeout configured for this lambda. + +--- + +##### `stage`Required + +```typescript +public readonly stage: string; +``` + +- *Type:* string + +--- + + +### GithubOIDCStack + +#### Initializers + +```typescript +import { stacks } from 'neulabs-cdk-constructs' + +new stacks.GithubOIDCStack(scope: Construct, id: string, props: GithubOIDCStackStackProps) +``` + +| **Name** | **Type** | **Description** | +| --- | --- | --- | +| scope | constructs.Construct | *No description.* | +| id | string | *No description.* | +| props | neulabs-cdk-constructs.stacks.GithubOIDCStackStackProps | *No description.* | + +--- + +##### `scope`Required + +- *Type:* constructs.Construct + +--- + +##### `id`Required + +- *Type:* string + +--- + +##### `props`Required + +- *Type:* neulabs-cdk-constructs.stacks.GithubOIDCStackStackProps + +--- + +#### Methods + +| **Name** | **Description** | +| --- | --- | +| toString | Returns a string representation of this construct. | +| addDependency | Add a dependency between this stack and another stack. | +| addMetadata | Adds an arbitary key-value pair, with information you want to record about the stack. | +| addTransform | Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template. | +| exportValue | Create a CloudFormation Export for a value. | +| formatArn | Creates an ARN from components. | +| getLogicalId | Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource. | +| regionalFact | Look up a fact value for the given fact for the region of this stack. | +| renameLogicalId | Rename a generated logical identities. | +| reportMissingContextKey | Indicate that a context key was expected. | +| resolve | Resolve a tokenized value in the context of the current stack. | +| splitArn | Splits the provided ARN into its components. | +| toJsonString | Convert an object, potentially containing tokens, to a JSON string. | +| addBaseTags | *No description.* | +| createResourcesGroup | *No description.* | +| createCdkBootstrapRole | *No description.* | +| createCdkDeployRole | *No description.* | +| createOidcRole | *No description.* | +| createTokenAction | *No description.* | + +--- + +##### `toString` + +```typescript +public toString(): string +``` + +Returns a string representation of this construct. + +##### `addDependency` + +```typescript +public addDependency(target: Stack, reason?: string): void +``` + +Add a dependency between this stack and another stack. + +This can be used to define dependencies between any two stacks within an +app, and also supports nested stacks. + +###### `target`Required + +- *Type:* aws-cdk-lib.Stack + +--- + +###### `reason`Optional + +- *Type:* string + +--- + +##### `addMetadata` + +```typescript +public addMetadata(key: string, value: any): void +``` + +Adds an arbitary key-value pair, with information you want to record about the stack. + +These get translated to the Metadata section of the generated template. + +> [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html) + +###### `key`Required + +- *Type:* string + +--- + +###### `value`Required + +- *Type:* any + +--- + +##### `addTransform` + +```typescript +public addTransform(transform: string): void +``` + +Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template. + +Duplicate values are removed when stack is synthesized. + +> [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html) + +*Example* + +```typescript +declare const stack: Stack; + +stack.addTransform('AWS::Serverless-2016-10-31') +``` + + +###### `transform`Required + +- *Type:* string + +The transform to add. + +--- + +##### `exportValue` + +```typescript +public exportValue(exportedValue: any, options?: ExportValueOptions): string +``` + +Create a CloudFormation Export for a value. + +Returns a string representing the corresponding `Fn.importValue()` +expression for this Export. You can control the name for the export by +passing the `name` option. + +If you don't supply a value for `name`, the value you're exporting must be +a Resource attribute (for example: `bucket.bucketName`) and it will be +given the same name as the automatic cross-stack reference that would be created +if you used the attribute in another Stack. + +One of the uses for this method is to *remove* the relationship between +two Stacks established by automatic cross-stack references. It will +temporarily ensure that the CloudFormation Export still exists while you +remove the reference from the consuming stack. After that, you can remove +the resource and the manual export. + +## Example + +Here is how the process works. Let's say there are two stacks, +`producerStack` and `consumerStack`, and `producerStack` has a bucket +called `bucket`, which is referenced by `consumerStack` (perhaps because +an AWS Lambda Function writes into it, or something like that). + +It is not safe to remove `producerStack.bucket` because as the bucket is being +deleted, `consumerStack` might still be using it. + +Instead, the process takes two deployments: + +### Deployment 1: break the relationship + +- Make sure `consumerStack` no longer references `bucket.bucketName` (maybe the consumer + stack now uses its own bucket, or it writes to an AWS DynamoDB table, or maybe you just + remove the Lambda Function altogether). +- In the `ProducerStack` class, call `this.exportValue(this.bucket.bucketName)`. This + will make sure the CloudFormation Export continues to exist while the relationship + between the two stacks is being broken. +- Deploy (this will effectively only change the `consumerStack`, but it's safe to deploy both). + +### Deployment 2: remove the bucket resource + +- You are now free to remove the `bucket` resource from `producerStack`. +- Don't forget to remove the `exportValue()` call as well. +- Deploy again (this time only the `producerStack` will be changed -- the bucket will be deleted). + +###### `exportedValue`Required + +- *Type:* any + +--- + +###### `options`Optional + +- *Type:* aws-cdk-lib.ExportValueOptions + +--- + +##### `formatArn` + +```typescript +public formatArn(components: ArnComponents): string +``` + +Creates an ARN from components. + +If `partition`, `region` or `account` are not specified, the stack's +partition, region and account will be used. + +If any component is the empty string, an empty string will be inserted +into the generated ARN at the location that component corresponds to. + +The ARN will be formatted as follows: + + arn:{partition}:{service}:{region}:{account}:{resource}{sep}{resource-name} + +The required ARN pieces that are omitted will be taken from the stack that +the 'scope' is attached to. If all ARN pieces are supplied, the supplied scope +can be 'undefined'. + +###### `components`Required + +- *Type:* aws-cdk-lib.ArnComponents + +--- + +##### `getLogicalId` + +```typescript +public getLogicalId(element: CfnElement): string +``` + +Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource. + +This method is called when a `CfnElement` is created and used to render the +initial logical identity of resources. Logical ID renames are applied at +this stage. + +This method uses the protected method `allocateLogicalId` to render the +logical ID for an element. To modify the naming scheme, extend the `Stack` +class and override this method. + +###### `element`Required + +- *Type:* aws-cdk-lib.CfnElement + +The CloudFormation element for which a logical identity is needed. + +--- + +##### `regionalFact` + +```typescript +public regionalFact(factName: string, defaultValue?: string): string +``` + +Look up a fact value for the given fact for the region of this stack. + +Will return a definite value only if the region of the current stack is resolved. +If not, a lookup map will be added to the stack and the lookup will be done at +CDK deployment time. + +What regions will be included in the lookup map is controlled by the +`@aws-cdk/core:target-partitions` context value: it must be set to a list +of partitions, and only regions from the given partitions will be included. +If no such context key is set, all regions will be included. + +This function is intended to be used by construct library authors. Application +builders can rely on the abstractions offered by construct libraries and do +not have to worry about regional facts. + +If `defaultValue` is not given, it is an error if the fact is unknown for +the given region. + +###### `factName`Required + +- *Type:* string + +--- + +###### `defaultValue`Optional + +- *Type:* string + +--- + +##### `renameLogicalId` + +```typescript +public renameLogicalId(oldId: string, newId: string): void +``` + +Rename a generated logical identities. + +To modify the naming scheme strategy, extend the `Stack` class and +override the `allocateLogicalId` method. + +###### `oldId`Required + +- *Type:* string + +--- + +###### `newId`Required + +- *Type:* string + +--- + +##### `reportMissingContextKey` + +```typescript +public reportMissingContextKey(report: MissingContext): void +``` + +Indicate that a context key was expected. + +Contains instructions which will be emitted into the cloud assembly on how +the key should be supplied. + +###### `report`Required + +- *Type:* aws-cdk-lib.cloud_assembly_schema.MissingContext + +The set of parameters needed to obtain the context. + +--- + +##### `resolve` + +```typescript +public resolve(obj: any): any +``` + +Resolve a tokenized value in the context of the current stack. + +###### `obj`Required + +- *Type:* any + +--- + +##### `splitArn` + +```typescript +public splitArn(arn: string, arnFormat: ArnFormat): ArnComponents +``` + +Splits the provided ARN into its components. + +Works both if 'arn' is a string like 'arn:aws:s3:::bucket', +and a Token representing a dynamic CloudFormation expression +(in which case the returned components will also be dynamic CloudFormation expressions, +encoded as Tokens). + +###### `arn`Required + +- *Type:* string + +the ARN to split into its components. + +--- + +###### `arnFormat`Required + +- *Type:* aws-cdk-lib.ArnFormat + +the expected format of 'arn' - depends on what format the service 'arn' represents uses. + +--- + +##### `toJsonString` + +```typescript +public toJsonString(obj: any, space?: number): string +``` + +Convert an object, potentially containing tokens, to a JSON string. + +###### `obj`Required + +- *Type:* any + +--- + +###### `space`Optional + +- *Type:* number + +--- + +##### `addBaseTags` + +```typescript +public addBaseTags(model: any, props?: BaseTagProps): void +``` + +###### `model`Required + +- *Type:* any + +--- + +###### `props`Optional + +- *Type:* neulabs-cdk-constructs.common.BaseTagProps + +--- + +##### `createResourcesGroup` + +```typescript +public createResourcesGroup(): CfnGroup +``` + +##### `createCdkBootstrapRole` + +```typescript +public createCdkBootstrapRole(): IRole +``` + +##### `createCdkDeployRole` + +```typescript +public createCdkDeployRole(managed_policies?: IManagedPolicy[], policy_statements?: PolicyStatement[]): IRole +``` + +###### `managed_policies`Optional + +- *Type:* aws-cdk-lib.aws_iam.IManagedPolicy[] + +--- + +###### `policy_statements`Optional + +- *Type:* aws-cdk-lib.aws_iam.PolicyStatement[] + +--- + +##### `createOidcRole` + +```typescript +public createOidcRole(providerUrl: string, token: string): IRole +``` + +###### `providerUrl`Required + +- *Type:* string + +--- + +###### `token`Required + +- *Type:* string + +--- + +##### `createTokenAction` + +```typescript +public createTokenAction(tokenAction: TokenActions, githubUser: string, githubRepository: string, tokenActionCustom?: string): string +``` + +###### `tokenAction`Required + +- *Type:* neulabs-cdk-constructs.stacks.TokenActions + +--- + +###### `githubUser`Required + +- *Type:* string + +--- + +###### `githubRepository`Required + +- *Type:* string + +--- + +###### `tokenActionCustom`Optional + +- *Type:* string + +--- + +#### Static Functions + +| **Name** | **Description** | +| --- | --- | +| isConstruct | Checks if `x` is a construct. | +| isStack | Return whether the given object is a Stack. | +| of | Looks up the first stack scope in which `construct` is defined. | + +--- + +##### `isConstruct` + +```typescript +import { stacks } from 'neulabs-cdk-constructs' + +stacks.GithubOIDCStack.isConstruct(x: any) +``` + +Checks if `x` is a construct. + +Use this method instead of `instanceof` to properly detect `Construct` +instances, even when the construct library is symlinked. + +Explanation: in JavaScript, multiple copies of the `constructs` library on +disk are seen as independent, completely different libraries. As a +consequence, the class `Construct` in each copy of the `constructs` library +is seen as a different class, and an instance of one class will not test as +`instanceof` the other class. `npm install` will not create installations +like this, but users may manually symlink construct libraries together or +use a monorepo tool: in those cases, multiple copies of the `constructs` +library can be accidentally installed, and `instanceof` will behave +unpredictably. It is safest to avoid using `instanceof`, and using +this type-testing method instead. + +###### `x`Required + +- *Type:* any + +Any object. + +--- + +##### `isStack` + +```typescript +import { stacks } from 'neulabs-cdk-constructs' + +stacks.GithubOIDCStack.isStack(x: any) +``` + +Return whether the given object is a Stack. + +We do attribute detection since we can't reliably use 'instanceof'. + +###### `x`Required + +- *Type:* any + +--- + +##### `of` + +```typescript +import { stacks } from 'neulabs-cdk-constructs' + +stacks.GithubOIDCStack.of(construct: IConstruct) +``` + +Looks up the first stack scope in which `construct` is defined. + +Fails if there is no stack up the tree. + +###### `construct`Required + +- *Type:* constructs.IConstruct + +The construct to start the search from. + +--- + +#### Properties + +| **Name** | **Type** | **Description** | +| --- | --- | --- | +| node | constructs.Node | The tree node. | +| account | string | The AWS account into which this stack will be deployed. | +| artifactId | string | The ID of the cloud assembly artifact for this stack. | +| availabilityZones | string[] | Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack. | +| bundlingRequired | boolean | Indicates whether the stack requires bundling or not. | +| dependencies | aws-cdk-lib.Stack[] | Return the stacks this stack depends on. | +| environment | string | The environment coordinates in which this stack is deployed. | +| nested | boolean | Indicates if this is a nested stack, in which case `parentStack` will include a reference to it's parent. | +| notificationArns | string[] | Returns the list of notification Amazon Resource Names (ARNs) for the current stack. | +| partition | string | The partition in which this stack is defined. | +| region | string | The AWS region into which this stack will be deployed (e.g. `us-west-2`). | +| stackId | string | The ID of the stack. | +| stackName | string | The concrete CloudFormation physical stack name. | +| synthesizer | aws-cdk-lib.IStackSynthesizer | Synthesis method for this stack. | +| tags | aws-cdk-lib.TagManager | Tags to be applied to the stack. | +| templateFile | string | The name of the CloudFormation template file emitted to the output directory during synthesis. | +| templateOptions | aws-cdk-lib.ITemplateOptions | Options for CloudFormation template (like version, transform, description). | +| urlSuffix | string | The Amazon domain suffix for the region in which this stack is defined. | +| nestedStackParent | aws-cdk-lib.Stack | If this is a nested stack, returns it's parent stack. | +| nestedStackResource | aws-cdk-lib.CfnResource | If this is a nested stack, this represents its `AWS::CloudFormation::Stack` resource. | +| terminationProtection | boolean | Whether termination protection is enabled for this stack. | +| stage | string | *No description.* | +| cdkBootstrapRole | aws-cdk-lib.aws_iam.IRole | *No description.* | +| cdkDeployRole | aws-cdk-lib.aws_iam.IRole | *No description.* | +| githubRepository | string | *No description.* | +| githubUser | string | *No description.* | +| oidcRole | aws-cdk-lib.aws_iam.IRole | *No description.* | +| tokenAction | neulabs-cdk-constructs.stacks.TokenActions | *No description.* | +| cdkDeployRoleManagedPolicies | aws-cdk-lib.aws_iam.ManagedPolicy[] | *No description.* | +| cdkDeployRolePolicyStatements | aws-cdk-lib.aws_iam.PolicyStatement[] | *No description.* | + +--- + +##### `node`Required + +```typescript +public readonly node: Node; +``` + +- *Type:* constructs.Node + +The tree node. + +--- + +##### `account`Required + +```typescript +public readonly account: string; +``` + +- *Type:* string + +The AWS account into which this stack will be deployed. + +This value is resolved according to the following rules: + +1. The value provided to `env.account` when the stack is defined. This can + either be a concrete account (e.g. `585695031111`) or the + `Aws.ACCOUNT_ID` token. +3. `Aws.ACCOUNT_ID`, which represents the CloudFormation intrinsic reference + `{ "Ref": "AWS::AccountId" }` encoded as a string token. + +Preferably, you should use the return value as an opaque string and not +attempt to parse it to implement your logic. If you do, you must first +check that it is a concerete value an not an unresolved token. If this +value is an unresolved token (`Token.isUnresolved(stack.account)` returns +`true`), this implies that the user wishes that this stack will synthesize +into a **account-agnostic template**. In this case, your code should either +fail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or +implement some other region-agnostic behavior. + +--- + +##### `artifactId`Required + +```typescript +public readonly artifactId: string; +``` + +- *Type:* string + +The ID of the cloud assembly artifact for this stack. + +--- + +##### `availabilityZones`Required + +```typescript +public readonly availabilityZones: string[]; +``` + +- *Type:* string[] + +Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack. + +If the stack is environment-agnostic (either account and/or region are +tokens), this property will return an array with 2 tokens that will resolve +at deploy-time to the first two availability zones returned from CloudFormation's +`Fn::GetAZs` intrinsic function. + +If they are not available in the context, returns a set of dummy values and +reports them as missing, and let the CLI resolve them by calling EC2 +`DescribeAvailabilityZones` on the target environment. + +To specify a different strategy for selecting availability zones override this method. + +--- + +##### `bundlingRequired`Required + +```typescript +public readonly bundlingRequired: boolean; +``` + +- *Type:* boolean + +Indicates whether the stack requires bundling or not. + +--- + +##### `dependencies`Required + +```typescript +public readonly dependencies: Stack[]; +``` + +- *Type:* aws-cdk-lib.Stack[] + +Return the stacks this stack depends on. + +--- + +##### `environment`Required + +```typescript +public readonly environment: string; +``` + +- *Type:* string + +The environment coordinates in which this stack is deployed. + +In the form +`aws://account/region`. Use `stack.account` and `stack.region` to obtain +the specific values, no need to parse. + +You can use this value to determine if two stacks are targeting the same +environment. + +If either `stack.account` or `stack.region` are not concrete values (e.g. +`Aws.ACCOUNT_ID` or `Aws.REGION`) the special strings `unknown-account` and/or +`unknown-region` will be used respectively to indicate this stack is +region/account-agnostic. + +--- + +##### `nested`Required + +```typescript +public readonly nested: boolean; +``` + +- *Type:* boolean + +Indicates if this is a nested stack, in which case `parentStack` will include a reference to it's parent. + +--- + +##### `notificationArns`Required + +```typescript +public readonly notificationArns: string[]; +``` + +- *Type:* string[] + +Returns the list of notification Amazon Resource Names (ARNs) for the current stack. + +--- + +##### `partition`Required + +```typescript +public readonly partition: string; +``` + +- *Type:* string + +The partition in which this stack is defined. + +--- + +##### `region`Required + +```typescript +public readonly region: string; +``` + +- *Type:* string + +The AWS region into which this stack will be deployed (e.g. `us-west-2`). + +This value is resolved according to the following rules: + +1. The value provided to `env.region` when the stack is defined. This can + either be a concerete region (e.g. `us-west-2`) or the `Aws.REGION` + token. +3. `Aws.REGION`, which is represents the CloudFormation intrinsic reference + `{ "Ref": "AWS::Region" }` encoded as a string token. + +Preferably, you should use the return value as an opaque string and not +attempt to parse it to implement your logic. If you do, you must first +check that it is a concerete value an not an unresolved token. If this +value is an unresolved token (`Token.isUnresolved(stack.region)` returns +`true`), this implies that the user wishes that this stack will synthesize +into a **region-agnostic template**. In this case, your code should either +fail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or +implement some other region-agnostic behavior. + +--- + +##### `stackId`Required + +```typescript +public readonly stackId: string; +``` + +- *Type:* string + +The ID of the stack. + +--- + +*Example* + +```typescript +// After resolving, looks like +'arn:aws:cloudformation:us-west-2:123456789012:stack/teststack/51af3dc0-da77-11e4-872e-1234567db123' +``` + + +##### `stackName`Required + +```typescript +public readonly stackName: string; +``` + +- *Type:* string + +The concrete CloudFormation physical stack name. + +This is either the name defined explicitly in the `stackName` prop or +allocated based on the stack's location in the construct tree. Stacks that +are directly defined under the app use their construct `id` as their stack +name. Stacks that are defined deeper within the tree will use a hashed naming +scheme based on the construct path to ensure uniqueness. + +If you wish to obtain the deploy-time AWS::StackName intrinsic, +you can use `Aws.STACK_NAME` directly. + +--- + +##### `synthesizer`Required + +```typescript +public readonly synthesizer: IStackSynthesizer; +``` + +- *Type:* aws-cdk-lib.IStackSynthesizer + +Synthesis method for this stack. + +--- + +##### `tags`Required + +```typescript +public readonly tags: TagManager; +``` + +- *Type:* aws-cdk-lib.TagManager + +Tags to be applied to the stack. + +--- + +##### `templateFile`Required + +```typescript +public readonly templateFile: string; +``` + +- *Type:* string + +The name of the CloudFormation template file emitted to the output directory during synthesis. + +Example value: `MyStack.template.json` + +--- + +##### `templateOptions`Required + +```typescript +public readonly templateOptions: ITemplateOptions; +``` + +- *Type:* aws-cdk-lib.ITemplateOptions + +Options for CloudFormation template (like version, transform, description). + +--- + +##### `urlSuffix`Required + +```typescript +public readonly urlSuffix: string; +``` + +- *Type:* string + +The Amazon domain suffix for the region in which this stack is defined. + +--- + +##### `nestedStackParent`Optional + +```typescript +public readonly nestedStackParent: Stack; +``` + +- *Type:* aws-cdk-lib.Stack + +If this is a nested stack, returns it's parent stack. + +--- + +##### `nestedStackResource`Optional + +```typescript +public readonly nestedStackResource: CfnResource; +``` + +- *Type:* aws-cdk-lib.CfnResource + +If this is a nested stack, this represents its `AWS::CloudFormation::Stack` resource. + +`undefined` for top-level (non-nested) stacks. + +--- + +##### `terminationProtection`Optional + +```typescript +public readonly terminationProtection: boolean; +``` + +- *Type:* boolean + +Whether termination protection is enabled for this stack. + +--- + +##### `stage`Required + +```typescript +public readonly stage: string; +``` + +- *Type:* string + +--- + +##### `cdkBootstrapRole`Required + +```typescript +public readonly cdkBootstrapRole: IRole; +``` + +- *Type:* aws-cdk-lib.aws_iam.IRole + +--- + +##### `cdkDeployRole`Required + +```typescript +public readonly cdkDeployRole: IRole; +``` + +- *Type:* aws-cdk-lib.aws_iam.IRole + +--- + +##### `githubRepository`Required + +```typescript +public readonly githubRepository: string; +``` + +- *Type:* string + +--- + +##### `githubUser`Required + +```typescript +public readonly githubUser: string; +``` + +- *Type:* string + +--- + +##### `oidcRole`Required + +```typescript +public readonly oidcRole: IRole; +``` + +- *Type:* aws-cdk-lib.aws_iam.IRole + +--- + +##### `tokenAction`Required + +```typescript +public readonly tokenAction: TokenActions; +``` + +- *Type:* neulabs-cdk-constructs.stacks.TokenActions + +--- + +##### `cdkDeployRoleManagedPolicies`Optional + +```typescript +public readonly cdkDeployRoleManagedPolicies: ManagedPolicy[]; +``` + +- *Type:* aws-cdk-lib.aws_iam.ManagedPolicy[] + +--- + +##### `cdkDeployRolePolicyStatements`Optional + +```typescript +public readonly cdkDeployRolePolicyStatements: PolicyStatement[]; +``` + +- *Type:* aws-cdk-lib.aws_iam.PolicyStatement[] + +--- + + +### NewRelicFunction + +#### Initializers + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +new aws_lambda.NewRelicFunction(scope: Construct, id: string, props: FunctionNewRelicProps) +``` + +| **Name** | **Type** | **Description** | +| --- | --- | --- | +| scope | constructs.Construct | *No description.* | +| id | string | *No description.* | +| props | neulabs-cdk-constructs.aws_lambda.FunctionNewRelicProps | *No description.* | + +--- + +##### `scope`Required + +- *Type:* constructs.Construct + +--- + +##### `id`Required + +- *Type:* string + +--- + +##### `props`Required + +- *Type:* neulabs-cdk-constructs.aws_lambda.FunctionNewRelicProps + +--- + +#### Methods + +| **Name** | **Description** | +| --- | --- | +| toString | Returns a string representation of this construct. | +| applyRemovalPolicy | Apply the given removal policy to this resource. | +| addEventSource | Adds an event source to this function. | +| addEventSourceMapping | Adds an event source that maps to this AWS Lambda function. | +| addFunctionUrl | Adds a url to this lambda function. | +| addPermission | Adds a permission to the Lambda resource policy. | +| addToRolePolicy | Adds a statement to the IAM role assumed by the instance. | +| configureAsyncInvoke | Configures options for asynchronous invocation. | +| considerWarningOnInvokeFunctionPermissions | A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function. | +| grantInvoke | Grant the given identity permissions to invoke this Lambda. | +| grantInvokeUrl | Grant the given identity permissions to invoke this Lambda Function URL. | +| metric | Return the given named metric for this Function. | +| metricDuration | How long execution of this Lambda takes. | +| metricErrors | How many invocations of this Lambda fail. | +| metricInvocations | How often this Lambda is invoked. | +| metricThrottles | How often this Lambda is throttled. | +| addAlias | Defines an alias for this function. | +| addEnvironment | Adds an environment variable to this Lambda function. | +| addLayers | Adds one or more Lambda Layers to this Lambda function. | +| addBaseEnvironment | *No description.* | +| addBaseTags | *No description.* | + +--- + +##### `toString` + +```typescript +public toString(): string +``` + +Returns a string representation of this construct. + +##### `applyRemovalPolicy` + +```typescript +public applyRemovalPolicy(policy: RemovalPolicy): void +``` + +Apply the given removal policy to this resource. + +The Removal Policy controls what happens to this resource when it stops +being managed by CloudFormation, either because you've removed it from the +CDK application or because you've made a change that requires the resource +to be replaced. + +The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS +account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). + +###### `policy`Required + +- *Type:* aws-cdk-lib.RemovalPolicy + +--- + +##### `addEventSource` + +```typescript +public addEventSource(source: IEventSource): void +``` + +Adds an event source to this function. + +Event sources are implemented in the @aws-cdk/aws-lambda-event-sources module. + +The following example adds an SQS Queue as an event source: +``` +import { SqsEventSource } from '@aws-cdk/aws-lambda-event-sources'; +myFunction.addEventSource(new SqsEventSource(myQueue)); +``` + +###### `source`Required + +- *Type:* aws-cdk-lib.aws_lambda.IEventSource + +--- + +##### `addEventSourceMapping` + +```typescript +public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping +``` + +Adds an event source that maps to this AWS Lambda function. + +###### `id`Required + +- *Type:* string + +--- + +###### `options`Required + +- *Type:* aws-cdk-lib.aws_lambda.EventSourceMappingOptions + +--- + +##### `addFunctionUrl` + +```typescript +public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl +``` + +Adds a url to this lambda function. + +###### `options`Optional + +- *Type:* aws-cdk-lib.aws_lambda.FunctionUrlOptions + +--- + +##### `addPermission` + +```typescript +public addPermission(id: string, permission: Permission): void +``` + +Adds a permission to the Lambda resource policy. + +> [Permission for details.](Permission for details.) + +###### `id`Required + +- *Type:* string + +The id for the permission construct. + +--- + +###### `permission`Required + +- *Type:* aws-cdk-lib.aws_lambda.Permission + +The permission to grant to this Lambda function. + +--- + +##### `addToRolePolicy` + +```typescript +public addToRolePolicy(statement: PolicyStatement): void +``` + +Adds a statement to the IAM role assumed by the instance. + +###### `statement`Required + +- *Type:* aws-cdk-lib.aws_iam.PolicyStatement + +--- + +##### `configureAsyncInvoke` + +```typescript +public configureAsyncInvoke(options: EventInvokeConfigOptions): void +``` + +Configures options for asynchronous invocation. + +###### `options`Required + +- *Type:* aws-cdk-lib.aws_lambda.EventInvokeConfigOptions + +--- + +##### `considerWarningOnInvokeFunctionPermissions` + +```typescript +public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void +``` + +A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function. + +function.currentVersion is invoked before or after the permission is created. + +This applies only to permissions on Lambda functions, not versions or aliases. +This function is overridden as a noOp for QualifiedFunctionBase. + +###### `scope`Required + +- *Type:* constructs.Construct + +--- + +###### `action`Required + +- *Type:* string + +--- + +##### `grantInvoke` + +```typescript +public grantInvoke(grantee: IGrantable): Grant +``` + +Grant the given identity permissions to invoke this Lambda. + +###### `grantee`Required + +- *Type:* aws-cdk-lib.aws_iam.IGrantable + +--- + +##### `grantInvokeUrl` + +```typescript +public grantInvokeUrl(grantee: IGrantable): Grant +``` + +Grant the given identity permissions to invoke this Lambda Function URL. + +###### `grantee`Required + +- *Type:* aws-cdk-lib.aws_iam.IGrantable + +--- + +##### `metric` + +```typescript +public metric(metricName: string, props?: MetricOptions): Metric +``` + +Return the given named metric for this Function. + +###### `metricName`Required + +- *Type:* string + +--- + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricDuration` + +```typescript +public metricDuration(props?: MetricOptions): Metric +``` + +How long execution of this Lambda takes. + +Average over 5 minutes + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricErrors` + +```typescript +public metricErrors(props?: MetricOptions): Metric +``` + +How many invocations of this Lambda fail. + +Sum over 5 minutes + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricInvocations` + +```typescript +public metricInvocations(props?: MetricOptions): Metric +``` + +How often this Lambda is invoked. + +Sum over 5 minutes + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricThrottles` + +```typescript +public metricThrottles(props?: MetricOptions): Metric +``` + +How often this Lambda is throttled. + +Sum over 5 minutes + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `addAlias` + +```typescript +public addAlias(aliasName: string, options?: AliasOptions): Alias +``` + +Defines an alias for this function. + +The alias will automatically be updated to point to the latest version of +the function as it is being updated during a deployment. + +```ts +declare const fn: lambda.Function; + +fn.addAlias('Live'); + +// Is equivalent to + +new lambda.Alias(this, 'AliasLive', { + aliasName: 'Live', + version: fn.currentVersion, +}); +``` + +###### `aliasName`Required + +- *Type:* string + +The name of the alias. + +--- + +###### `options`Optional + +- *Type:* aws-cdk-lib.aws_lambda.AliasOptions + +Alias options. + +--- + +##### `addEnvironment` + +```typescript +public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function +``` + +Adds an environment variable to this Lambda function. + +If this is a ref to a Lambda function, this operation results in a no-op. + +###### `key`Required + +- *Type:* string + +The environment variable key. + +--- + +###### `value`Required + +- *Type:* string + +The environment variable's value. + +--- + +###### `options`Optional + +- *Type:* aws-cdk-lib.aws_lambda.EnvironmentOptions + +Environment variable options. + +--- + +##### `addLayers` + +```typescript +public addLayers(layers: ILayerVersion): void +``` + +Adds one or more Lambda Layers to this Lambda function. + +###### `layers`Required + +- *Type:* aws-cdk-lib.aws_lambda.ILayerVersion + +the layers to be added. + +--- + +##### `addBaseEnvironment` + +```typescript +public addBaseEnvironment(): void +``` + +##### `addBaseTags` + +```typescript +public addBaseTags(): void +``` + +#### Static Functions + +| **Name** | **Description** | +| --- | --- | +| isConstruct | Checks if `x` is a construct. | +| isOwnedResource | Returns true if the construct was created by CDK, and false otherwise. | +| isResource | Check whether the given construct is a Resource. | +| classifyVersionProperty | Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource. | +| fromFunctionArn | Import a lambda function into the CDK using its ARN. | +| fromFunctionAttributes | Creates a Lambda function object which represents a function not defined within this stack. | +| fromFunctionName | Import a lambda function into the CDK using its name. | +| metricAll | Return the given named metric for this Lambda. | +| metricAllConcurrentExecutions | Metric for the number of concurrent executions across all Lambdas. | +| metricAllDuration | Metric for the Duration executing all Lambdas. | +| metricAllErrors | Metric for the number of Errors executing all Lambdas. | +| metricAllInvocations | Metric for the number of invocations of all Lambdas. | +| metricAllThrottles | Metric for the number of throttled invocations of all Lambdas. | +| metricAllUnreservedConcurrentExecutions | Metric for the number of unreserved concurrent executions across all Lambdas. | + +--- + +##### `isConstruct` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.isConstruct(x: any) +``` + +Checks if `x` is a construct. + +Use this method instead of `instanceof` to properly detect `Construct` +instances, even when the construct library is symlinked. + +Explanation: in JavaScript, multiple copies of the `constructs` library on +disk are seen as independent, completely different libraries. As a +consequence, the class `Construct` in each copy of the `constructs` library +is seen as a different class, and an instance of one class will not test as +`instanceof` the other class. `npm install` will not create installations +like this, but users may manually symlink construct libraries together or +use a monorepo tool: in those cases, multiple copies of the `constructs` +library can be accidentally installed, and `instanceof` will behave +unpredictably. It is safest to avoid using `instanceof`, and using +this type-testing method instead. + +###### `x`Required + +- *Type:* any + +Any object. + +--- + +##### `isOwnedResource` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.isOwnedResource(construct: IConstruct) +``` + +Returns true if the construct was created by CDK, and false otherwise. + +###### `construct`Required + +- *Type:* constructs.IConstruct + +--- + +##### `isResource` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.isResource(construct: IConstruct) +``` + +Check whether the given construct is a Resource. + +###### `construct`Required + +- *Type:* constructs.IConstruct + +--- + +##### `classifyVersionProperty` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.classifyVersionProperty(propertyName: string, locked: boolean) +``` + +Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource. + +See 'currentVersion' section in the module README for more details. + +###### `propertyName`Required + +- *Type:* string + +The property to classify. + +--- + +###### `locked`Required + +- *Type:* boolean + +whether the property should be associated to the version or not. + +--- + +##### `fromFunctionArn` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.fromFunctionArn(scope: Construct, id: string, functionArn: string) +``` + +Import a lambda function into the CDK using its ARN. + +###### `scope`Required + +- *Type:* constructs.Construct + +--- + +###### `id`Required + +- *Type:* string + +--- + +###### `functionArn`Required + +- *Type:* string + +--- + +##### `fromFunctionAttributes` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes) +``` + +Creates a Lambda function object which represents a function not defined within this stack. + +###### `scope`Required + +- *Type:* constructs.Construct + +The parent construct. + +--- + +###### `id`Required + +- *Type:* string + +The name of the lambda construct. + +--- + +###### `attrs`Required + +- *Type:* aws-cdk-lib.aws_lambda.FunctionAttributes + +the attributes of the function to import. + +--- + +##### `fromFunctionName` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.fromFunctionName(scope: Construct, id: string, functionName: string) +``` + +Import a lambda function into the CDK using its name. + +###### `scope`Required + +- *Type:* constructs.Construct + +--- + +###### `id`Required + +- *Type:* string + +--- + +###### `functionName`Required + +- *Type:* string + +--- + +##### `metricAll` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.metricAll(metricName: string, props?: MetricOptions) +``` + +Return the given named metric for this Lambda. + +###### `metricName`Required + +- *Type:* string + +--- + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricAllConcurrentExecutions` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.metricAllConcurrentExecutions(props?: MetricOptions) +``` + +Metric for the number of concurrent executions across all Lambdas. + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricAllDuration` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.metricAllDuration(props?: MetricOptions) +``` + +Metric for the Duration executing all Lambdas. + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricAllErrors` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.metricAllErrors(props?: MetricOptions) +``` + +Metric for the number of Errors executing all Lambdas. + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricAllInvocations` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.metricAllInvocations(props?: MetricOptions) +``` + +Metric for the number of invocations of all Lambdas. + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricAllThrottles` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.metricAllThrottles(props?: MetricOptions) +``` + +Metric for the number of throttled invocations of all Lambdas. + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +##### `metricAllUnreservedConcurrentExecutions` + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +aws_lambda.NewRelicFunction.metricAllUnreservedConcurrentExecutions(props?: MetricOptions) +``` + +Metric for the number of unreserved concurrent executions across all Lambdas. + +###### `props`Optional + +- *Type:* aws-cdk-lib.aws_cloudwatch.MetricOptions + +--- + +#### Properties + +| **Name** | **Type** | **Description** | +| --- | --- | --- | +| node | constructs.Node | The tree node. | +| env | aws-cdk-lib.ResourceEnvironment | The environment this resource belongs to. | +| stack | aws-cdk-lib.Stack | The stack in which this resource is defined. | +| architecture | aws-cdk-lib.aws_lambda.Architecture | The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64). | +| connections | aws-cdk-lib.aws_ec2.Connections | Access the Connections object. | +| functionArn | string | ARN of this function. | +| functionName | string | Name of this function. | +| grantPrincipal | aws-cdk-lib.aws_iam.IPrincipal | The principal this Lambda Function is running as. | +| isBoundToVpc | boolean | Whether or not this Lambda function was bound to a VPC. | +| latestVersion | aws-cdk-lib.aws_lambda.IVersion | The `$LATEST` version of this function. | +| permissionsNode | constructs.Node | The construct node where permissions are attached. | +| resourceArnsForGrantInvoke | string[] | The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke(). | +| role | aws-cdk-lib.aws_iam.IRole | Execution role associated with this function. | +| currentVersion | aws-cdk-lib.aws_lambda.Version | Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes. | +| logGroup | aws-cdk-lib.aws_logs.ILogGroup | The LogGroup where the Lambda function's logs are made available. | +| runtime | aws-cdk-lib.aws_lambda.Runtime | The runtime configured for this lambda. | +| deadLetterQueue | aws-cdk-lib.aws_sqs.IQueue | The DLQ (as queue) associated with this Lambda Function (this is an optional attribute). | +| deadLetterTopic | aws-cdk-lib.aws_sns.ITopic | The DLQ (as topic) associated with this Lambda Function (this is an optional attribute). | +| timeout | aws-cdk-lib.Duration | The timeout configured for this lambda. | +| stage | string | *No description.* | + +--- + +##### `node`Required + +```typescript +public readonly node: Node; +``` + +- *Type:* constructs.Node + +The tree node. + +--- + +##### `env`Required + +```typescript +public readonly env: ResourceEnvironment; +``` + +- *Type:* aws-cdk-lib.ResourceEnvironment + +The environment this resource belongs to. + +For resources that are created and managed by the CDK +(generally, those created by creating new class instances like Role, Bucket, etc.), +this is always the same as the environment of the stack they belong to; +however, for imported resources +(those obtained from static methods like fromRoleArn, fromBucketName, etc.), +that might be different than the stack they were imported into. + +--- + +##### `stack`Required + +```typescript +public readonly stack: Stack; +``` + +- *Type:* aws-cdk-lib.Stack + +The stack in which this resource is defined. + +--- + +##### `architecture`Required + +```typescript +public readonly architecture: Architecture; +``` + +- *Type:* aws-cdk-lib.aws_lambda.Architecture + +The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64). + +--- + +##### `connections`Required + +```typescript +public readonly connections: Connections; +``` + +- *Type:* aws-cdk-lib.aws_ec2.Connections + +Access the Connections object. + +Will fail if not a VPC-enabled Lambda Function + +--- + +##### `functionArn`Required + +```typescript +public readonly functionArn: string; +``` + +- *Type:* string + +ARN of this function. + +--- + +##### `functionName`Required + +```typescript +public readonly functionName: string; +``` + +- *Type:* string + +Name of this function. + +--- + +##### `grantPrincipal`Required + +```typescript +public readonly grantPrincipal: IPrincipal; +``` + +- *Type:* aws-cdk-lib.aws_iam.IPrincipal + +The principal this Lambda Function is running as. + +--- + +##### `isBoundToVpc`Required + +```typescript +public readonly isBoundToVpc: boolean; +``` + +- *Type:* boolean + +Whether or not this Lambda function was bound to a VPC. + +If this is is `false`, trying to access the `connections` object will fail. + +--- + +##### `latestVersion`Required + +```typescript +public readonly latestVersion: IVersion; +``` + +- *Type:* aws-cdk-lib.aws_lambda.IVersion + +The `$LATEST` version of this function. + +Note that this is reference to a non-specific AWS Lambda version, which +means the function this version refers to can return different results in +different invocations. + +To obtain a reference to an explicit version which references the current +function configuration, use `lambdaFunction.currentVersion` instead. + +--- + +##### `permissionsNode`Required + +```typescript +public readonly permissionsNode: Node; +``` + +- *Type:* constructs.Node + +The construct node where permissions are attached. + +--- + +##### `resourceArnsForGrantInvoke`Required + +```typescript +public readonly resourceArnsForGrantInvoke: string[]; +``` + +- *Type:* string[] + +The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke(). + +--- + +##### `role`Optional + +```typescript +public readonly role: IRole; +``` + +- *Type:* aws-cdk-lib.aws_iam.IRole + +Execution role associated with this function. + +--- + +##### `currentVersion`Required + +```typescript +public readonly currentVersion: Version; +``` + +- *Type:* aws-cdk-lib.aws_lambda.Version + +Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes. + +You can specify options for this version using the `currentVersionOptions` +prop when initializing the `lambda.Function`. + +--- + +##### `logGroup`Required + +```typescript +public readonly logGroup: ILogGroup; +``` + +- *Type:* aws-cdk-lib.aws_logs.ILogGroup + +The LogGroup where the Lambda function's logs are made available. + +If either `logRetention` is set or this property is called, a CloudFormation custom resource is added to the stack that +pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention +period (never expire, by default). + +Further, if the log group already exists and the `logRetention` is not set, the custom resource will reset the log retention +to never expire even if it was configured with a different value. + +--- + +##### `runtime`Required + +```typescript +public readonly runtime: Runtime; +``` + +- *Type:* aws-cdk-lib.aws_lambda.Runtime + +The runtime configured for this lambda. + +--- + +##### `deadLetterQueue`Optional + +```typescript +public readonly deadLetterQueue: IQueue; +``` + +- *Type:* aws-cdk-lib.aws_sqs.IQueue + +The DLQ (as queue) associated with this Lambda Function (this is an optional attribute). + +--- + +##### `deadLetterTopic`Optional + +```typescript +public readonly deadLetterTopic: ITopic; +``` + +- *Type:* aws-cdk-lib.aws_sns.ITopic + +The DLQ (as topic) associated with this Lambda Function (this is an optional attribute). + +--- + +##### `timeout`Optional + +```typescript +public readonly timeout: Duration; +``` + +- *Type:* aws-cdk-lib.Duration + +The timeout configured for this lambda. + +--- + +##### `stage`Required + +```typescript +public readonly stage: string; +``` + +- *Type:* string + +--- + + +### NewRelicStack + +#### Initializers + +```typescript +import { stacks } from 'neulabs-cdk-constructs' + +new stacks.NewRelicStack(scope: Construct, id: string, props: NewRelicStackProps) +``` + +| **Name** | **Type** | **Description** | +| --- | --- | --- | +| scope | constructs.Construct | *No description.* | +| id | string | *No description.* | +| props | neulabs-cdk-constructs.stacks.NewRelicStackProps | *No description.* | + +--- + +##### `scope`Required + +- *Type:* constructs.Construct + +--- + +##### `id`Required + +- *Type:* string + +--- + +##### `props`Required + +- *Type:* neulabs-cdk-constructs.stacks.NewRelicStackProps + +--- + +#### Methods + +| **Name** | **Description** | +| --- | --- | +| toString | Returns a string representation of this construct. | +| addDependency | Add a dependency between this stack and another stack. | +| addMetadata | Adds an arbitary key-value pair, with information you want to record about the stack. | +| addTransform | Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template. | +| exportValue | Create a CloudFormation Export for a value. | +| formatArn | Creates an ARN from components. | +| getLogicalId | Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource. | +| regionalFact | Look up a fact value for the given fact for the region of this stack. | +| renameLogicalId | Rename a generated logical identities. | +| reportMissingContextKey | Indicate that a context key was expected. | +| resolve | Resolve a tokenized value in the context of the current stack. | +| splitArn | Splits the provided ARN into its components. | +| toJsonString | Convert an object, potentially containing tokens, to a JSON string. | +| addBaseTags | *No description.* | +| createResourcesGroup | *No description.* | +| createCloudwatchLogsStreamRole | *No description.* | +| createCloudwatchMetricStream | *No description.* | +| createFirehoseBucket | *No description.* | +| createFirehoseRole | *No description.* | +| createFirehoseStream | *No description.* | +| createNewRelicRole | *No description.* | +| createSecrets | *No description.* | + +--- + +##### `toString` + +```typescript +public toString(): string +``` + +Returns a string representation of this construct. + +##### `addDependency` + +```typescript +public addDependency(target: Stack, reason?: string): void +``` + +Add a dependency between this stack and another stack. + +This can be used to define dependencies between any two stacks within an +app, and also supports nested stacks. + +###### `target`Required + +- *Type:* aws-cdk-lib.Stack + +--- + +###### `reason`Optional + +- *Type:* string + +--- + +##### `addMetadata` + +```typescript +public addMetadata(key: string, value: any): void +``` + +Adds an arbitary key-value pair, with information you want to record about the stack. + +These get translated to the Metadata section of the generated template. + +> [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html) + +###### `key`Required + +- *Type:* string + +--- + +###### `value`Required + +- *Type:* any + +--- + +##### `addTransform` + +```typescript +public addTransform(transform: string): void +``` + +Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template. + +Duplicate values are removed when stack is synthesized. + +> [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html) + +*Example* + +```typescript +declare const stack: Stack; + +stack.addTransform('AWS::Serverless-2016-10-31') +``` + + +###### `transform`Required + +- *Type:* string + +The transform to add. + +--- + +##### `exportValue` + +```typescript +public exportValue(exportedValue: any, options?: ExportValueOptions): string +``` + +Create a CloudFormation Export for a value. + +Returns a string representing the corresponding `Fn.importValue()` +expression for this Export. You can control the name for the export by +passing the `name` option. + +If you don't supply a value for `name`, the value you're exporting must be +a Resource attribute (for example: `bucket.bucketName`) and it will be +given the same name as the automatic cross-stack reference that would be created +if you used the attribute in another Stack. + +One of the uses for this method is to *remove* the relationship between +two Stacks established by automatic cross-stack references. It will +temporarily ensure that the CloudFormation Export still exists while you +remove the reference from the consuming stack. After that, you can remove +the resource and the manual export. + +## Example + +Here is how the process works. Let's say there are two stacks, +`producerStack` and `consumerStack`, and `producerStack` has a bucket +called `bucket`, which is referenced by `consumerStack` (perhaps because +an AWS Lambda Function writes into it, or something like that). + +It is not safe to remove `producerStack.bucket` because as the bucket is being +deleted, `consumerStack` might still be using it. + +Instead, the process takes two deployments: + +### Deployment 1: break the relationship + +- Make sure `consumerStack` no longer references `bucket.bucketName` (maybe the consumer + stack now uses its own bucket, or it writes to an AWS DynamoDB table, or maybe you just + remove the Lambda Function altogether). +- In the `ProducerStack` class, call `this.exportValue(this.bucket.bucketName)`. This + will make sure the CloudFormation Export continues to exist while the relationship + between the two stacks is being broken. +- Deploy (this will effectively only change the `consumerStack`, but it's safe to deploy both). + +### Deployment 2: remove the bucket resource + +- You are now free to remove the `bucket` resource from `producerStack`. +- Don't forget to remove the `exportValue()` call as well. +- Deploy again (this time only the `producerStack` will be changed -- the bucket will be deleted). + +###### `exportedValue`Required + +- *Type:* any + +--- + +###### `options`Optional + +- *Type:* aws-cdk-lib.ExportValueOptions + +--- + +##### `formatArn` + +```typescript +public formatArn(components: ArnComponents): string +``` + +Creates an ARN from components. + +If `partition`, `region` or `account` are not specified, the stack's +partition, region and account will be used. + +If any component is the empty string, an empty string will be inserted +into the generated ARN at the location that component corresponds to. + +The ARN will be formatted as follows: + + arn:{partition}:{service}:{region}:{account}:{resource}{sep}{resource-name} + +The required ARN pieces that are omitted will be taken from the stack that +the 'scope' is attached to. If all ARN pieces are supplied, the supplied scope +can be 'undefined'. + +###### `components`Required + +- *Type:* aws-cdk-lib.ArnComponents + +--- + +##### `getLogicalId` + +```typescript +public getLogicalId(element: CfnElement): string +``` + +Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource. + +This method is called when a `CfnElement` is created and used to render the +initial logical identity of resources. Logical ID renames are applied at +this stage. + +This method uses the protected method `allocateLogicalId` to render the +logical ID for an element. To modify the naming scheme, extend the `Stack` +class and override this method. + +###### `element`Required + +- *Type:* aws-cdk-lib.CfnElement + +The CloudFormation element for which a logical identity is needed. + +--- + +##### `regionalFact` + +```typescript +public regionalFact(factName: string, defaultValue?: string): string +``` + +Look up a fact value for the given fact for the region of this stack. + +Will return a definite value only if the region of the current stack is resolved. +If not, a lookup map will be added to the stack and the lookup will be done at +CDK deployment time. + +What regions will be included in the lookup map is controlled by the +`@aws-cdk/core:target-partitions` context value: it must be set to a list +of partitions, and only regions from the given partitions will be included. +If no such context key is set, all regions will be included. + +This function is intended to be used by construct library authors. Application +builders can rely on the abstractions offered by construct libraries and do +not have to worry about regional facts. + +If `defaultValue` is not given, it is an error if the fact is unknown for +the given region. + +###### `factName`Required + +- *Type:* string + +--- + +###### `defaultValue`Optional + +- *Type:* string + +--- + +##### `renameLogicalId` + +```typescript +public renameLogicalId(oldId: string, newId: string): void +``` + +Rename a generated logical identities. + +To modify the naming scheme strategy, extend the `Stack` class and +override the `allocateLogicalId` method. + +###### `oldId`Required + +- *Type:* string + +--- + +###### `newId`Required + +- *Type:* string + +--- + +##### `reportMissingContextKey` + +```typescript +public reportMissingContextKey(report: MissingContext): void +``` + +Indicate that a context key was expected. + +Contains instructions which will be emitted into the cloud assembly on how +the key should be supplied. + +###### `report`Required + +- *Type:* aws-cdk-lib.cloud_assembly_schema.MissingContext + +The set of parameters needed to obtain the context. + +--- + +##### `resolve` + +```typescript +public resolve(obj: any): any +``` + +Resolve a tokenized value in the context of the current stack. + +###### `obj`Required + +- *Type:* any + +--- + +##### `splitArn` + +```typescript +public splitArn(arn: string, arnFormat: ArnFormat): ArnComponents +``` + +Splits the provided ARN into its components. + +Works both if 'arn' is a string like 'arn:aws:s3:::bucket', +and a Token representing a dynamic CloudFormation expression +(in which case the returned components will also be dynamic CloudFormation expressions, +encoded as Tokens). + +###### `arn`Required + +- *Type:* string + +the ARN to split into its components. + +--- + +###### `arnFormat`Required + +- *Type:* aws-cdk-lib.ArnFormat + +the expected format of 'arn' - depends on what format the service 'arn' represents uses. + +--- + +##### `toJsonString` + +```typescript +public toJsonString(obj: any, space?: number): string +``` + +Convert an object, potentially containing tokens, to a JSON string. + +###### `obj`Required + +- *Type:* any + +--- + +###### `space`Optional + +- *Type:* number + +--- + +##### `addBaseTags` + +```typescript +public addBaseTags(model: any, props?: BaseTagProps): void +``` + +###### `model`Required + +- *Type:* any + +--- + +###### `props`Optional + +- *Type:* neulabs-cdk-constructs.common.BaseTagProps + +--- + +##### `createResourcesGroup` ```typescript public createResourcesGroup(): CfnGroup ``` -##### `createCloudwatchLogsStreamRole` +##### `createCloudwatchLogsStreamRole` + +```typescript +public createCloudwatchLogsStreamRole(): IRole +``` + +##### `createCloudwatchMetricStream` + +```typescript +public createCloudwatchMetricStream(roleArn: string, firehoseArn: string): CfnMetricStream +``` + +###### `roleArn`Required + +- *Type:* string + +--- + +###### `firehoseArn`Required + +- *Type:* string + +--- + +##### `createFirehoseBucket` + +```typescript +public createFirehoseBucket(newRelicBucketName: string): IBucket +``` + +###### `newRelicBucketName`Required + +- *Type:* string + +--- + +##### `createFirehoseRole` + +```typescript +public createFirehoseRole(newRelicFirehoseBucket: IBucket): IRole +``` + +###### `newRelicFirehoseBucket`Required + +- *Type:* aws-cdk-lib.aws_s3.IBucket + +--- + +##### `createFirehoseStream` + +```typescript +public createFirehoseStream(newRelicBucket: IBucket, role: IRole, endpointType: EndpointType, endpointUrl: string, newRelicLicenseLey: string): CfnDeliveryStream +``` + +###### `newRelicBucket`Required + +- *Type:* aws-cdk-lib.aws_s3.IBucket + +--- + +###### `role`Required + +- *Type:* aws-cdk-lib.aws_iam.IRole + +--- + +###### `endpointType`Required + +- *Type:* neulabs-cdk-constructs.stacks.EndpointType + +--- + +###### `endpointUrl`Required + +- *Type:* string + +--- + +###### `newRelicLicenseLey`Required + +- *Type:* string + +--- + +##### `createNewRelicRole` + +```typescript +public createNewRelicRole(newRelicAccountId: string): IRole +``` + +###### `newRelicAccountId`Required + +- *Type:* string + +--- + +##### `createSecrets` + +```typescript +public createSecrets(newRelicAccountId: string, newRelicLicenseLey: string): Secret +``` + +###### `newRelicAccountId`Required + +- *Type:* string + +--- + +###### `newRelicLicenseLey`Required + +- *Type:* string + +--- + +#### Static Functions + +| **Name** | **Description** | +| --- | --- | +| isConstruct | Checks if `x` is a construct. | +| isStack | Return whether the given object is a Stack. | +| of | Looks up the first stack scope in which `construct` is defined. | + +--- + +##### `isConstruct` + +```typescript +import { stacks } from 'neulabs-cdk-constructs' + +stacks.NewRelicStack.isConstruct(x: any) +``` + +Checks if `x` is a construct. + +Use this method instead of `instanceof` to properly detect `Construct` +instances, even when the construct library is symlinked. + +Explanation: in JavaScript, multiple copies of the `constructs` library on +disk are seen as independent, completely different libraries. As a +consequence, the class `Construct` in each copy of the `constructs` library +is seen as a different class, and an instance of one class will not test as +`instanceof` the other class. `npm install` will not create installations +like this, but users may manually symlink construct libraries together or +use a monorepo tool: in those cases, multiple copies of the `constructs` +library can be accidentally installed, and `instanceof` will behave +unpredictably. It is safest to avoid using `instanceof`, and using +this type-testing method instead. + +###### `x`Required + +- *Type:* any + +Any object. + +--- + +##### `isStack` + +```typescript +import { stacks } from 'neulabs-cdk-constructs' + +stacks.NewRelicStack.isStack(x: any) +``` + +Return whether the given object is a Stack. + +We do attribute detection since we can't reliably use 'instanceof'. + +###### `x`Required + +- *Type:* any + +--- + +##### `of` + +```typescript +import { stacks } from 'neulabs-cdk-constructs' + +stacks.NewRelicStack.of(construct: IConstruct) +``` + +Looks up the first stack scope in which `construct` is defined. + +Fails if there is no stack up the tree. + +###### `construct`Required + +- *Type:* constructs.IConstruct + +The construct to start the search from. + +--- + +#### Properties + +| **Name** | **Type** | **Description** | +| --- | --- | --- | +| node | constructs.Node | The tree node. | +| account | string | The AWS account into which this stack will be deployed. | +| artifactId | string | The ID of the cloud assembly artifact for this stack. | +| availabilityZones | string[] | Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack. | +| bundlingRequired | boolean | Indicates whether the stack requires bundling or not. | +| dependencies | aws-cdk-lib.Stack[] | Return the stacks this stack depends on. | +| environment | string | The environment coordinates in which this stack is deployed. | +| nested | boolean | Indicates if this is a nested stack, in which case `parentStack` will include a reference to it's parent. | +| notificationArns | string[] | Returns the list of notification Amazon Resource Names (ARNs) for the current stack. | +| partition | string | The partition in which this stack is defined. | +| region | string | The AWS region into which this stack will be deployed (e.g. `us-west-2`). | +| stackId | string | The ID of the stack. | +| stackName | string | The concrete CloudFormation physical stack name. | +| synthesizer | aws-cdk-lib.IStackSynthesizer | Synthesis method for this stack. | +| tags | aws-cdk-lib.TagManager | Tags to be applied to the stack. | +| templateFile | string | The name of the CloudFormation template file emitted to the output directory during synthesis. | +| templateOptions | aws-cdk-lib.ITemplateOptions | Options for CloudFormation template (like version, transform, description). | +| urlSuffix | string | The Amazon domain suffix for the region in which this stack is defined. | +| nestedStackParent | aws-cdk-lib.Stack | If this is a nested stack, returns it's parent stack. | +| nestedStackResource | aws-cdk-lib.CfnResource | If this is a nested stack, this represents its `AWS::CloudFormation::Stack` resource. | +| terminationProtection | boolean | Whether termination protection is enabled for this stack. | +| stage | string | *No description.* | +| newRelicBucket | aws-cdk-lib.aws_s3.IBucket | *No description.* | +| newRelicFirehoseRole | aws-cdk-lib.aws_iam.IRole | *No description.* | +| newRelicIntegrationRole | aws-cdk-lib.aws_iam.IRole | *No description.* | +| newRelicSecret | aws-cdk-lib.aws_secretsmanager.ISecret | *No description.* | +| newRelicCloudwatchLogsStreamRole | aws-cdk-lib.aws_iam.IRole | *No description.* | +| newRelicFirehoseLogs | aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream | *No description.* | +| newRelicFirehoseMetrics | aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream | *No description.* | + +--- + +##### `node`Required + +```typescript +public readonly node: Node; +``` + +- *Type:* constructs.Node + +The tree node. + +--- + +##### `account`Required + +```typescript +public readonly account: string; +``` + +- *Type:* string + +The AWS account into which this stack will be deployed. + +This value is resolved according to the following rules: + +1. The value provided to `env.account` when the stack is defined. This can + either be a concrete account (e.g. `585695031111`) or the + `Aws.ACCOUNT_ID` token. +3. `Aws.ACCOUNT_ID`, which represents the CloudFormation intrinsic reference + `{ "Ref": "AWS::AccountId" }` encoded as a string token. + +Preferably, you should use the return value as an opaque string and not +attempt to parse it to implement your logic. If you do, you must first +check that it is a concerete value an not an unresolved token. If this +value is an unresolved token (`Token.isUnresolved(stack.account)` returns +`true`), this implies that the user wishes that this stack will synthesize +into a **account-agnostic template**. In this case, your code should either +fail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or +implement some other region-agnostic behavior. + +--- + +##### `artifactId`Required + +```typescript +public readonly artifactId: string; +``` + +- *Type:* string + +The ID of the cloud assembly artifact for this stack. + +--- + +##### `availabilityZones`Required + +```typescript +public readonly availabilityZones: string[]; +``` + +- *Type:* string[] + +Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack. + +If the stack is environment-agnostic (either account and/or region are +tokens), this property will return an array with 2 tokens that will resolve +at deploy-time to the first two availability zones returned from CloudFormation's +`Fn::GetAZs` intrinsic function. + +If they are not available in the context, returns a set of dummy values and +reports them as missing, and let the CLI resolve them by calling EC2 +`DescribeAvailabilityZones` on the target environment. + +To specify a different strategy for selecting availability zones override this method. + +--- + +##### `bundlingRequired`Required + +```typescript +public readonly bundlingRequired: boolean; +``` + +- *Type:* boolean + +Indicates whether the stack requires bundling or not. + +--- + +##### `dependencies`Required + +```typescript +public readonly dependencies: Stack[]; +``` + +- *Type:* aws-cdk-lib.Stack[] + +Return the stacks this stack depends on. + +--- + +##### `environment`Required + +```typescript +public readonly environment: string; +``` + +- *Type:* string + +The environment coordinates in which this stack is deployed. + +In the form +`aws://account/region`. Use `stack.account` and `stack.region` to obtain +the specific values, no need to parse. + +You can use this value to determine if two stacks are targeting the same +environment. + +If either `stack.account` or `stack.region` are not concrete values (e.g. +`Aws.ACCOUNT_ID` or `Aws.REGION`) the special strings `unknown-account` and/or +`unknown-region` will be used respectively to indicate this stack is +region/account-agnostic. + +--- + +##### `nested`Required + +```typescript +public readonly nested: boolean; +``` + +- *Type:* boolean + +Indicates if this is a nested stack, in which case `parentStack` will include a reference to it's parent. + +--- + +##### `notificationArns`Required + +```typescript +public readonly notificationArns: string[]; +``` + +- *Type:* string[] + +Returns the list of notification Amazon Resource Names (ARNs) for the current stack. + +--- + +##### `partition`Required + +```typescript +public readonly partition: string; +``` + +- *Type:* string + +The partition in which this stack is defined. + +--- + +##### `region`Required + +```typescript +public readonly region: string; +``` + +- *Type:* string + +The AWS region into which this stack will be deployed (e.g. `us-west-2`). + +This value is resolved according to the following rules: + +1. The value provided to `env.region` when the stack is defined. This can + either be a concerete region (e.g. `us-west-2`) or the `Aws.REGION` + token. +3. `Aws.REGION`, which is represents the CloudFormation intrinsic reference + `{ "Ref": "AWS::Region" }` encoded as a string token. + +Preferably, you should use the return value as an opaque string and not +attempt to parse it to implement your logic. If you do, you must first +check that it is a concerete value an not an unresolved token. If this +value is an unresolved token (`Token.isUnresolved(stack.region)` returns +`true`), this implies that the user wishes that this stack will synthesize +into a **region-agnostic template**. In this case, your code should either +fail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or +implement some other region-agnostic behavior. + +--- + +##### `stackId`Required + +```typescript +public readonly stackId: string; +``` + +- *Type:* string + +The ID of the stack. + +--- + +*Example* + +```typescript +// After resolving, looks like +'arn:aws:cloudformation:us-west-2:123456789012:stack/teststack/51af3dc0-da77-11e4-872e-1234567db123' +``` + + +##### `stackName`Required + +```typescript +public readonly stackName: string; +``` + +- *Type:* string + +The concrete CloudFormation physical stack name. + +This is either the name defined explicitly in the `stackName` prop or +allocated based on the stack's location in the construct tree. Stacks that +are directly defined under the app use their construct `id` as their stack +name. Stacks that are defined deeper within the tree will use a hashed naming +scheme based on the construct path to ensure uniqueness. + +If you wish to obtain the deploy-time AWS::StackName intrinsic, +you can use `Aws.STACK_NAME` directly. + +--- + +##### `synthesizer`Required + +```typescript +public readonly synthesizer: IStackSynthesizer; +``` + +- *Type:* aws-cdk-lib.IStackSynthesizer + +Synthesis method for this stack. + +--- + +##### `tags`Required + +```typescript +public readonly tags: TagManager; +``` + +- *Type:* aws-cdk-lib.TagManager + +Tags to be applied to the stack. + +--- + +##### `templateFile`Required + +```typescript +public readonly templateFile: string; +``` + +- *Type:* string + +The name of the CloudFormation template file emitted to the output directory during synthesis. + +Example value: `MyStack.template.json` + +--- + +##### `templateOptions`Required + +```typescript +public readonly templateOptions: ITemplateOptions; +``` + +- *Type:* aws-cdk-lib.ITemplateOptions + +Options for CloudFormation template (like version, transform, description). + +--- + +##### `urlSuffix`Required + +```typescript +public readonly urlSuffix: string; +``` + +- *Type:* string + +The Amazon domain suffix for the region in which this stack is defined. + +--- + +##### `nestedStackParent`Optional + +```typescript +public readonly nestedStackParent: Stack; +``` + +- *Type:* aws-cdk-lib.Stack + +If this is a nested stack, returns it's parent stack. + +--- + +##### `nestedStackResource`Optional + +```typescript +public readonly nestedStackResource: CfnResource; +``` + +- *Type:* aws-cdk-lib.CfnResource + +If this is a nested stack, this represents its `AWS::CloudFormation::Stack` resource. + +`undefined` for top-level (non-nested) stacks. + +--- + +##### `terminationProtection`Optional + +```typescript +public readonly terminationProtection: boolean; +``` + +- *Type:* boolean + +Whether termination protection is enabled for this stack. + +--- + +##### `stage`Required + +```typescript +public readonly stage: string; +``` + +- *Type:* string + +--- + +##### `newRelicBucket`Required + +```typescript +public readonly newRelicBucket: IBucket; +``` + +- *Type:* aws-cdk-lib.aws_s3.IBucket + +--- + +##### `newRelicFirehoseRole`Required + +```typescript +public readonly newRelicFirehoseRole: IRole; +``` + +- *Type:* aws-cdk-lib.aws_iam.IRole + +--- + +##### `newRelicIntegrationRole`Required + +```typescript +public readonly newRelicIntegrationRole: IRole; +``` + +- *Type:* aws-cdk-lib.aws_iam.IRole + +--- + +##### `newRelicSecret`Required + +```typescript +public readonly newRelicSecret: ISecret; +``` + +- *Type:* aws-cdk-lib.aws_secretsmanager.ISecret + +--- + +##### `newRelicCloudwatchLogsStreamRole`Optional + +```typescript +public readonly newRelicCloudwatchLogsStreamRole: IRole; +``` + +- *Type:* aws-cdk-lib.aws_iam.IRole + +--- + +##### `newRelicFirehoseLogs`Optional + +```typescript +public readonly newRelicFirehoseLogs: CfnDeliveryStream; +``` + +- *Type:* aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream + +--- + +##### `newRelicFirehoseMetrics`Optional + +```typescript +public readonly newRelicFirehoseMetrics: CfnDeliveryStream; +``` + +- *Type:* aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream + +--- + + +## Structs + +### BaseStackProps + +#### Initializer + +```typescript +import { stacks } from 'neulabs-cdk-constructs' + +const baseStackProps: stacks.BaseStackProps = { ... } +``` + +#### Properties + +| **Name** | **Type** | **Description** | +| --- | --- | --- | +| analyticsReporting | boolean | Include runtime versioning information in this Stack. | +| crossRegionReferences | boolean | Enable this flag to allow native cross region stack references. | +| description | string | A description of the stack. | +| env | aws-cdk-lib.Environment | The AWS environment (account/region) where this stack will be deployed. | +| stackName | string | Name to deploy the stack with. | +| synthesizer | aws-cdk-lib.IStackSynthesizer | Synthesis method to use while deploying this stack. | +| tags | {[ key: string ]: string} | Stack tags that will be applied to all the taggable resources and the stack itself. | +| terminationProtection | boolean | Whether to enable termination protection for this stack. | +| stage | string | *No description.* | + +--- + +##### `analyticsReporting`Optional + +```typescript +public readonly analyticsReporting: boolean; +``` + +- *Type:* boolean +- *Default:* `analyticsReporting` setting of containing `App`, or value of 'aws:cdk:version-reporting' context key + +Include runtime versioning information in this Stack. + +--- + +##### `crossRegionReferences`Optional + +```typescript +public readonly crossRegionReferences: boolean; +``` + +- *Type:* boolean +- *Default:* false + +Enable this flag to allow native cross region stack references. + +Enabling this will create a CloudFormation custom resource +in both the producing stack and consuming stack in order to perform the export/import + +This feature is currently experimental + +--- + +##### `description`Optional + +```typescript +public readonly description: string; +``` + +- *Type:* string +- *Default:* No description. + +A description of the stack. + +--- + +##### `env`Optional + +```typescript +public readonly env: Environment; +``` + +- *Type:* aws-cdk-lib.Environment +- *Default:* The environment of the containing `Stage` if available, otherwise create the stack will be environment-agnostic. + +The AWS environment (account/region) where this stack will be deployed. + +Set the `region`/`account` fields of `env` to either a concrete value to +select the indicated environment (recommended for production stacks), or to +the values of environment variables +`CDK_DEFAULT_REGION`/`CDK_DEFAULT_ACCOUNT` to let the target environment +depend on the AWS credentials/configuration that the CDK CLI is executed +under (recommended for development stacks). + +If the `Stack` is instantiated inside a `Stage`, any undefined +`region`/`account` fields from `env` will default to the same field on the +encompassing `Stage`, if configured there. + +If either `region` or `account` are not set nor inherited from `Stage`, the +Stack will be considered "*environment-agnostic*"". Environment-agnostic +stacks can be deployed to any environment but may not be able to take +advantage of all features of the CDK. For example, they will not be able to +use environmental context lookups such as `ec2.Vpc.fromLookup` and will not +automatically translate Service Principals to the right format based on the +environment's AWS partition, and other such enhancements. + +--- + +*Example* + +```typescript +// Use a concrete account and region to deploy this stack to: +// `.account` and `.region` will simply return these values. +new Stack(app, 'Stack1', { + env: { + account: '123456789012', + region: 'us-east-1' + }, +}); + +// Use the CLI's current credentials to determine the target environment: +// `.account` and `.region` will reflect the account+region the CLI +// is configured to use (based on the user CLI credentials) +new Stack(app, 'Stack2', { + env: { + account: process.env.CDK_DEFAULT_ACCOUNT, + region: process.env.CDK_DEFAULT_REGION + }, +}); + +// Define multiple stacks stage associated with an environment +const myStage = new Stage(app, 'MyStage', { + env: { + account: '123456789012', + region: 'us-east-1' + } +}); + +// both of these stacks will use the stage's account/region: +// `.account` and `.region` will resolve to the concrete values as above +new MyStack(myStage, 'Stack1'); +new YourStack(myStage, 'Stack2'); + +// Define an environment-agnostic stack: +// `.account` and `.region` will resolve to `{ "Ref": "AWS::AccountId" }` and `{ "Ref": "AWS::Region" }` respectively. +// which will only resolve to actual values by CloudFormation during deployment. +new MyStack(app, 'Stack1'); +``` + + +##### `stackName`Optional + +```typescript +public readonly stackName: string; +``` + +- *Type:* string +- *Default:* Derived from construct path. + +Name to deploy the stack with. + +--- + +##### `synthesizer`Optional + +```typescript +public readonly synthesizer: IStackSynthesizer; +``` + +- *Type:* aws-cdk-lib.IStackSynthesizer +- *Default:* `DefaultStackSynthesizer` if the `@aws-cdk/core:newStyleStackSynthesis` feature flag is set, `LegacyStackSynthesizer` otherwise. + +Synthesis method to use while deploying this stack. + +--- + +##### `tags`Optional + +```typescript +public readonly tags: {[ key: string ]: string}; +``` + +- *Type:* {[ key: string ]: string} +- *Default:* {} + +Stack tags that will be applied to all the taggable resources and the stack itself. + +--- + +##### `terminationProtection`Optional + +```typescript +public readonly terminationProtection: boolean; +``` + +- *Type:* boolean +- *Default:* false + +Whether to enable termination protection for this stack. + +--- + +##### `stage`Required + +```typescript +public readonly stage: string; +``` + +- *Type:* string + +--- + +### BaseTagProps + +#### Initializer + +```typescript +import { common } from 'neulabs-cdk-constructs' + +const baseTagProps: common.BaseTagProps = { ... } +``` + +#### Properties + +| **Name** | **Type** | **Description** | +| --- | --- | --- | +| businessUnit | string | *No description.* | +| domain | string | *No description.* | +| repositoryName | string | *No description.* | +| repositoryVersion | string | *No description.* | + +--- + +##### `businessUnit`Optional + +```typescript +public readonly businessUnit: string; +``` + +- *Type:* string + +--- + +##### `domain`Optional + +```typescript +public readonly domain: string; +``` + +- *Type:* string + +--- + +##### `repositoryName`Optional + +```typescript +public readonly repositoryName: string; +``` + +- *Type:* string + +--- + +##### `repositoryVersion`Optional + +```typescript +public readonly repositoryVersion: string; +``` + +- *Type:* string + +--- + +### FunctionNewRelicProps + +#### Initializer + +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' + +const functionNewRelicProps: aws_lambda.FunctionNewRelicProps = { ... } +``` + +#### Properties + +| **Name** | **Type** | **Description** | +| --- | --- | --- | +| maxEventAge | aws-cdk-lib.Duration | The maximum age of a request that Lambda sends to a function for processing. | +| onFailure | aws-cdk-lib.aws_lambda.IDestination | The destination for failed invocations. | +| onSuccess | aws-cdk-lib.aws_lambda.IDestination | The destination for successful invocations. | +| retryAttempts | number | The maximum number of times to retry when the function returns an error. | +| allowAllOutbound | boolean | Whether to allow the Lambda to send all network traffic. | +| allowPublicSubnet | boolean | Lambda Functions in a public subnet can NOT access the internet. | +| architecture | aws-cdk-lib.aws_lambda.Architecture | The system architectures compatible with this lambda function. | +| codeSigningConfig | aws-cdk-lib.aws_lambda.ICodeSigningConfig | Code signing config associated with this function. | +| currentVersionOptions | aws-cdk-lib.aws_lambda.VersionOptions | Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method. | +| deadLetterQueue | aws-cdk-lib.aws_sqs.IQueue | The SQS queue to use if DLQ is enabled. | +| deadLetterQueueEnabled | boolean | Enabled DLQ. | +| deadLetterTopic | aws-cdk-lib.aws_sns.ITopic | The SNS topic to use as a DLQ. | +| description | string | A description of the function. | +| environment | {[ key: string ]: string} | Key-value pairs that Lambda caches and makes available for your Lambda functions. | +| environmentEncryption | aws-cdk-lib.aws_kms.IKey | The AWS KMS key that's used to encrypt your function's environment variables. | +| ephemeralStorageSize | aws-cdk-lib.Size | The size of the function’s /tmp directory in MiB. | +| events | aws-cdk-lib.aws_lambda.IEventSource[] | Event sources for this function. | +| filesystem | aws-cdk-lib.aws_lambda.FileSystem | The filesystem configuration for the lambda function. | +| functionName | string | A name for the function. | +| initialPolicy | aws-cdk-lib.aws_iam.PolicyStatement[] | Initial policy statements to add to the created Lambda Role. | +| insightsVersion | aws-cdk-lib.aws_lambda.LambdaInsightsVersion | Specify the version of CloudWatch Lambda insights to use for monitoring. | +| layers | aws-cdk-lib.aws_lambda.ILayerVersion[] | A list of layers to add to the function's execution environment. | +| logRetention | aws-cdk-lib.aws_logs.RetentionDays | The number of days log events are kept in CloudWatch Logs. | +| logRetentionRetryOptions | aws-cdk-lib.aws_lambda.LogRetentionRetryOptions | When log retention is specified, a custom resource attempts to create the CloudWatch log group. | +| logRetentionRole | aws-cdk-lib.aws_iam.IRole | The IAM role for the Lambda function associated with the custom resource that sets the retention policy. | +| memorySize | number | The amount of memory, in MB, that is allocated to your Lambda function. | +| profiling | boolean | Enable profiling. | +| profilingGroup | aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup | Profiling Group. | +| reservedConcurrentExecutions | number | The maximum of concurrent executions you want to reserve for the function. | +| role | aws-cdk-lib.aws_iam.IRole | Lambda execution role. | +| securityGroups | aws-cdk-lib.aws_ec2.ISecurityGroup[] | The list of security groups to associate with the Lambda's network interfaces. | +| timeout | aws-cdk-lib.Duration | The function execution time (in seconds) after which Lambda terminates the function. | +| tracing | aws-cdk-lib.aws_lambda.Tracing | Enable AWS X-Ray Tracing for Lambda Function. | +| vpc | aws-cdk-lib.aws_ec2.IVpc | VPC network to place Lambda network interfaces. | +| vpcSubnets | aws-cdk-lib.aws_ec2.SubnetSelection | Where to place the network interfaces within the VPC. | +| code | aws-cdk-lib.aws_lambda.Code | The source code of your Lambda function. | +| handler | string | The name of the method within your code that Lambda calls to execute your function. | +| runtime | aws-cdk-lib.aws_lambda.Runtime | The runtime environment for the Lambda function that you are uploading. | +| stage | string | *No description.* | +| withBaseEnvironment | boolean | *No description.* | +| withBaseTags | boolean | *No description.* | +| newRelicAccountId | string | *No description.* | +| newRelicLayerName | string | *No description.* | +| newRelicLayerVersion | number | *No description.* | +| newRelicwithExtensionSendLogs | boolean | *No description.* | + +--- + +##### `maxEventAge`Optional + +```typescript +public readonly maxEventAge: Duration; +``` + +- *Type:* aws-cdk-lib.Duration +- *Default:* Duration.hours(6) + +The maximum age of a request that Lambda sends to a function for processing. + +Minimum: 60 seconds +Maximum: 6 hours + +--- + +##### `onFailure`Optional + +```typescript +public readonly onFailure: IDestination; +``` + +- *Type:* aws-cdk-lib.aws_lambda.IDestination +- *Default:* no destination + +The destination for failed invocations. + +--- + +##### `onSuccess`Optional + +```typescript +public readonly onSuccess: IDestination; +``` + +- *Type:* aws-cdk-lib.aws_lambda.IDestination +- *Default:* no destination + +The destination for successful invocations. + +--- + +##### `retryAttempts`Optional + +```typescript +public readonly retryAttempts: number; +``` + +- *Type:* number +- *Default:* 2 + +The maximum number of times to retry when the function returns an error. + +Minimum: 0 +Maximum: 2 + +--- + +##### `allowAllOutbound`Optional + +```typescript +public readonly allowAllOutbound: boolean; +``` + +- *Type:* boolean +- *Default:* true + +Whether to allow the Lambda to send all network traffic. + +If set to false, you must individually add traffic rules to allow the +Lambda to connect to network targets. + +--- + +##### `allowPublicSubnet`Optional + +```typescript +public readonly allowPublicSubnet: boolean; +``` + +- *Type:* boolean +- *Default:* false + +Lambda Functions in a public subnet can NOT access the internet. + +Use this property to acknowledge this limitation and still place the function in a public subnet. + +> [https://stackoverflow.com/questions/52992085/why-cant-an-aws-lambda-function-inside-a-public-subnet-in-a-vpc-connect-to-the/52994841#52994841](https://stackoverflow.com/questions/52992085/why-cant-an-aws-lambda-function-inside-a-public-subnet-in-a-vpc-connect-to-the/52994841#52994841) + +--- + +##### `architecture`Optional + +```typescript +public readonly architecture: Architecture; +``` + +- *Type:* aws-cdk-lib.aws_lambda.Architecture +- *Default:* Architecture.X86_64 + +The system architectures compatible with this lambda function. + +--- + +##### `codeSigningConfig`Optional + +```typescript +public readonly codeSigningConfig: ICodeSigningConfig; +``` + +- *Type:* aws-cdk-lib.aws_lambda.ICodeSigningConfig +- *Default:* Not Sign the Code + +Code signing config associated with this function. + +--- + +##### `currentVersionOptions`Optional + +```typescript +public readonly currentVersionOptions: VersionOptions; +``` + +- *Type:* aws-cdk-lib.aws_lambda.VersionOptions +- *Default:* default options as described in `VersionOptions` + +Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method. + +--- + +##### `deadLetterQueue`Optional + +```typescript +public readonly deadLetterQueue: IQueue; +``` + +- *Type:* aws-cdk-lib.aws_sqs.IQueue +- *Default:* SQS queue with 14 day retention period if `deadLetterQueueEnabled` is `true` + +The SQS queue to use if DLQ is enabled. + +If SNS topic is desired, specify `deadLetterTopic` property instead. + +--- + +##### `deadLetterQueueEnabled`Optional + +```typescript +public readonly deadLetterQueueEnabled: boolean; +``` + +- *Type:* boolean +- *Default:* false unless `deadLetterQueue` is set, which implies DLQ is enabled. + +Enabled DLQ. + +If `deadLetterQueue` is undefined, +an SQS queue with default options will be defined for your Function. + +--- + +##### `deadLetterTopic`Optional + +```typescript +public readonly deadLetterTopic: ITopic; +``` + +- *Type:* aws-cdk-lib.aws_sns.ITopic +- *Default:* no SNS topic + +The SNS topic to use as a DLQ. + +Note that if `deadLetterQueueEnabled` is set to `true`, an SQS queue will be created +rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly. + +--- + +##### `description`Optional + +```typescript +public readonly description: string; +``` + +- *Type:* string +- *Default:* No description. + +A description of the function. + +--- + +##### `environment`Optional + +```typescript +public readonly environment: {[ key: string ]: string}; +``` + +- *Type:* {[ key: string ]: string} +- *Default:* No environment variables. + +Key-value pairs that Lambda caches and makes available for your Lambda functions. + +Use environment variables to apply configuration changes, such +as test and production environment configurations, without changing your +Lambda function source code. + +--- + +##### `environmentEncryption`Optional + +```typescript +public readonly environmentEncryption: IKey; +``` + +- *Type:* aws-cdk-lib.aws_kms.IKey +- *Default:* AWS Lambda creates and uses an AWS managed customer master key (CMK). + +The AWS KMS key that's used to encrypt your function's environment variables. + +--- + +##### `ephemeralStorageSize`Optional + +```typescript +public readonly ephemeralStorageSize: Size; +``` + +- *Type:* aws-cdk-lib.Size +- *Default:* 512 MiB + +The size of the function’s /tmp directory in MiB. + +--- + +##### `events`Optional + +```typescript +public readonly events: IEventSource[]; +``` + +- *Type:* aws-cdk-lib.aws_lambda.IEventSource[] +- *Default:* No event sources. + +Event sources for this function. + +You can also add event sources using `addEventSource`. + +--- + +##### `filesystem`Optional + +```typescript +public readonly filesystem: FileSystem; +``` + +- *Type:* aws-cdk-lib.aws_lambda.FileSystem +- *Default:* will not mount any filesystem + +The filesystem configuration for the lambda function. + +--- + +##### `functionName`Optional + +```typescript +public readonly functionName: string; +``` + +- *Type:* string +- *Default:* AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type. + +A name for the function. + +--- + +##### `initialPolicy`Optional + +```typescript +public readonly initialPolicy: PolicyStatement[]; +``` + +- *Type:* aws-cdk-lib.aws_iam.PolicyStatement[] +- *Default:* No policy statements are added to the created Lambda role. + +Initial policy statements to add to the created Lambda Role. + +You can call `addToRolePolicy` to the created lambda to add statements post creation. + +--- + +##### `insightsVersion`Optional + +```typescript +public readonly insightsVersion: LambdaInsightsVersion; +``` + +- *Type:* aws-cdk-lib.aws_lambda.LambdaInsightsVersion +- *Default:* No Lambda Insights + +Specify the version of CloudWatch Lambda insights to use for monitoring. + +> [https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-Getting-Started-docker.html](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-Getting-Started-docker.html) + +--- + +##### `layers`Optional + +```typescript +public readonly layers: ILayerVersion[]; +``` + +- *Type:* aws-cdk-lib.aws_lambda.ILayerVersion[] +- *Default:* No layers. + +A list of layers to add to the function's execution environment. + +You can configure your Lambda function to pull in +additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies +that can be used by multiple functions. + +--- + +##### `logRetention`Optional + +```typescript +public readonly logRetention: RetentionDays; +``` + +- *Type:* aws-cdk-lib.aws_logs.RetentionDays +- *Default:* logs.RetentionDays.INFINITE + +The number of days log events are kept in CloudWatch Logs. + +When updating +this property, unsetting it doesn't remove the log retention policy. To +remove the retention policy, set the value to `INFINITE`. + +--- + +##### `logRetentionRetryOptions`Optional + +```typescript +public readonly logRetentionRetryOptions: LogRetentionRetryOptions; +``` + +- *Type:* aws-cdk-lib.aws_lambda.LogRetentionRetryOptions +- *Default:* Default AWS SDK retry options. + +When log retention is specified, a custom resource attempts to create the CloudWatch log group. + +These options control the retry policy when interacting with CloudWatch APIs. + +--- + +##### `logRetentionRole`Optional + +```typescript +public readonly logRetentionRole: IRole; +``` + +- *Type:* aws-cdk-lib.aws_iam.IRole +- *Default:* A new role is created. + +The IAM role for the Lambda function associated with the custom resource that sets the retention policy. + +--- + +##### `memorySize`Optional + +```typescript +public readonly memorySize: number; +``` + +- *Type:* number +- *Default:* 128 + +The amount of memory, in MB, that is allocated to your Lambda function. + +Lambda uses this value to proportionally allocate the amount of CPU +power. For more information, see Resource Model in the AWS Lambda +Developer Guide. + +--- + +##### `profiling`Optional + +```typescript +public readonly profiling: boolean; +``` + +- *Type:* boolean +- *Default:* No profiling. + +Enable profiling. + +> [https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html](https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html) + +--- + +##### `profilingGroup`Optional + +```typescript +public readonly profilingGroup: IProfilingGroup; +``` + +- *Type:* aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup +- *Default:* A new profiling group will be created if `profiling` is set. + +Profiling Group. + +> [https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html](https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html) + +--- + +##### `reservedConcurrentExecutions`Optional + +```typescript +public readonly reservedConcurrentExecutions: number; +``` + +- *Type:* number +- *Default:* No specific limit - account limit. + +The maximum of concurrent executions you want to reserve for the function. + +> [https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html](https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html) + +--- + +##### `role`Optional + +```typescript +public readonly role: IRole; +``` + +- *Type:* aws-cdk-lib.aws_iam.IRole +- *Default:* A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling `addToRolePolicy`. + +Lambda execution role. + +This is the role that will be assumed by the function upon execution. +It controls the permissions that the function will have. The Role must +be assumable by the 'lambda.amazonaws.com' service principal. + +The default Role automatically has permissions granted for Lambda execution. If you +provide a Role, you must add the relevant AWS managed policies yourself. + +The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and +"service-role/AWSLambdaVPCAccessExecutionRole". + +--- + +##### `securityGroups`Optional + +```typescript +public readonly securityGroups: ISecurityGroup[]; +``` + +- *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup[] +- *Default:* If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function. + +The list of security groups to associate with the Lambda's network interfaces. + +Only used if 'vpc' is supplied. + +--- + +##### `timeout`Optional + +```typescript +public readonly timeout: Duration; +``` + +- *Type:* aws-cdk-lib.Duration +- *Default:* Duration.seconds(3) + +The function execution time (in seconds) after which Lambda terminates the function. + +Because the execution time affects cost, set this value +based on the function's expected execution time. + +--- + +##### `tracing`Optional + +```typescript +public readonly tracing: Tracing; +``` + +- *Type:* aws-cdk-lib.aws_lambda.Tracing +- *Default:* Tracing.Disabled + +Enable AWS X-Ray Tracing for Lambda Function. + +--- + +##### `vpc`Optional + +```typescript +public readonly vpc: IVpc; +``` + +- *Type:* aws-cdk-lib.aws_ec2.IVpc +- *Default:* Function is not placed within a VPC. + +VPC network to place Lambda network interfaces. + +Specify this if the Lambda function needs to access resources in a VPC. +This is required when `vpcSubnets` is specified. + +--- + +##### `vpcSubnets`Optional + +```typescript +public readonly vpcSubnets: SubnetSelection; +``` + +- *Type:* aws-cdk-lib.aws_ec2.SubnetSelection +- *Default:* the Vpc default strategy if not specified + +Where to place the network interfaces within the VPC. + +This requires `vpc` to be specified in order for interfaces to actually be +placed in the subnets. If `vpc` is not specify, this will raise an error. + +Note: Internet access for Lambda Functions requires a NAT Gateway, so picking +public subnets is not allowed (unless `allowPublicSubnet` is set to `true`). + +--- + +##### `code`Required + +```typescript +public readonly code: Code; +``` + +- *Type:* aws-cdk-lib.aws_lambda.Code + +The source code of your Lambda function. + +You can point to a file in an +Amazon Simple Storage Service (Amazon S3) bucket or specify your source +code as inline text. + +--- + +##### `handler`Required + +```typescript +public readonly handler: string; +``` + +- *Type:* string + +The name of the method within your code that Lambda calls to execute your function. + +The format includes the file name. It can also include +namespaces and other qualifiers, depending on the runtime. +For more information, see https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html. + +Use `Handler.FROM_IMAGE` when defining a function from a Docker image. + +NOTE: If you specify your source code as inline text by specifying the +ZipFile property within the Code property, specify index.function_name as +the handler. + +--- + +##### `runtime`Required + +```typescript +public readonly runtime: Runtime; +``` + +- *Type:* aws-cdk-lib.aws_lambda.Runtime + +The runtime environment for the Lambda function that you are uploading. + +For valid values, see the Runtime property in the AWS Lambda Developer +Guide. + +Use `Runtime.FROM_IMAGE` when defining a function from a Docker image. + +--- + +##### `stage`Required ```typescript -public createCloudwatchLogsStreamRole(): IRole +public readonly stage: string; ``` -##### `createCloudwatchMetricStream` +- *Type:* string + +--- + +##### `withBaseEnvironment`Optional ```typescript -public createCloudwatchMetricStream(roleArn: string, firehoseArn: string): CfnMetricStream +public readonly withBaseEnvironment: boolean; ``` -###### `roleArn`Required +- *Type:* boolean -- *Type:* string +--- + +##### `withBaseTags`Optional + +```typescript +public readonly withBaseTags: boolean; +``` + +- *Type:* boolean --- -###### `firehoseArn`Required +##### `newRelicAccountId`Required + +```typescript +public readonly newRelicAccountId: string; +``` - *Type:* string --- -##### `createFirehoseBucket` +##### `newRelicLayerName`Required ```typescript -public createFirehoseBucket(newRelicBucketName: string): IBucket +public readonly newRelicLayerName: string; ``` -###### `newRelicBucketName`Required - - *Type:* string --- -##### `createFirehoseRole` +##### `newRelicLayerVersion`Required ```typescript -public createFirehoseRole(newRelicFirehoseBucket: IBucket): IRole +public readonly newRelicLayerVersion: number; ``` -###### `newRelicFirehoseBucket`Required - -- *Type:* aws-cdk-lib.aws_s3.IBucket +- *Type:* number --- -##### `createFirehoseStream` +##### `newRelicwithExtensionSendLogs`Optional ```typescript -public createFirehoseStream(newRelicBucket: IBucket, role: IRole, endpointType: EndpointType, endpointUrl: string, newRelicLicenseLey: string): CfnDeliveryStream +public readonly newRelicwithExtensionSendLogs: boolean; ``` -###### `newRelicBucket`Required - -- *Type:* aws-cdk-lib.aws_s3.IBucket +- *Type:* boolean --- -###### `role`Required +### FunctionProps -- *Type:* aws-cdk-lib.aws_iam.IRole +#### Initializer ---- +```typescript +import { aws_lambda } from 'neulabs-cdk-constructs' -###### `endpointType`Required +const functionProps: aws_lambda.FunctionProps = { ... } +``` -- *Type:* neulabs-cdk-constructs.stacks.EndpointType +#### Properties + +| **Name** | **Type** | **Description** | +| --- | --- | --- | +| maxEventAge | aws-cdk-lib.Duration | The maximum age of a request that Lambda sends to a function for processing. | +| onFailure | aws-cdk-lib.aws_lambda.IDestination | The destination for failed invocations. | +| onSuccess | aws-cdk-lib.aws_lambda.IDestination | The destination for successful invocations. | +| retryAttempts | number | The maximum number of times to retry when the function returns an error. | +| allowAllOutbound | boolean | Whether to allow the Lambda to send all network traffic. | +| allowPublicSubnet | boolean | Lambda Functions in a public subnet can NOT access the internet. | +| architecture | aws-cdk-lib.aws_lambda.Architecture | The system architectures compatible with this lambda function. | +| codeSigningConfig | aws-cdk-lib.aws_lambda.ICodeSigningConfig | Code signing config associated with this function. | +| currentVersionOptions | aws-cdk-lib.aws_lambda.VersionOptions | Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method. | +| deadLetterQueue | aws-cdk-lib.aws_sqs.IQueue | The SQS queue to use if DLQ is enabled. | +| deadLetterQueueEnabled | boolean | Enabled DLQ. | +| deadLetterTopic | aws-cdk-lib.aws_sns.ITopic | The SNS topic to use as a DLQ. | +| description | string | A description of the function. | +| environment | {[ key: string ]: string} | Key-value pairs that Lambda caches and makes available for your Lambda functions. | +| environmentEncryption | aws-cdk-lib.aws_kms.IKey | The AWS KMS key that's used to encrypt your function's environment variables. | +| ephemeralStorageSize | aws-cdk-lib.Size | The size of the function’s /tmp directory in MiB. | +| events | aws-cdk-lib.aws_lambda.IEventSource[] | Event sources for this function. | +| filesystem | aws-cdk-lib.aws_lambda.FileSystem | The filesystem configuration for the lambda function. | +| functionName | string | A name for the function. | +| initialPolicy | aws-cdk-lib.aws_iam.PolicyStatement[] | Initial policy statements to add to the created Lambda Role. | +| insightsVersion | aws-cdk-lib.aws_lambda.LambdaInsightsVersion | Specify the version of CloudWatch Lambda insights to use for monitoring. | +| layers | aws-cdk-lib.aws_lambda.ILayerVersion[] | A list of layers to add to the function's execution environment. | +| logRetention | aws-cdk-lib.aws_logs.RetentionDays | The number of days log events are kept in CloudWatch Logs. | +| logRetentionRetryOptions | aws-cdk-lib.aws_lambda.LogRetentionRetryOptions | When log retention is specified, a custom resource attempts to create the CloudWatch log group. | +| logRetentionRole | aws-cdk-lib.aws_iam.IRole | The IAM role for the Lambda function associated with the custom resource that sets the retention policy. | +| memorySize | number | The amount of memory, in MB, that is allocated to your Lambda function. | +| profiling | boolean | Enable profiling. | +| profilingGroup | aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup | Profiling Group. | +| reservedConcurrentExecutions | number | The maximum of concurrent executions you want to reserve for the function. | +| role | aws-cdk-lib.aws_iam.IRole | Lambda execution role. | +| securityGroups | aws-cdk-lib.aws_ec2.ISecurityGroup[] | The list of security groups to associate with the Lambda's network interfaces. | +| timeout | aws-cdk-lib.Duration | The function execution time (in seconds) after which Lambda terminates the function. | +| tracing | aws-cdk-lib.aws_lambda.Tracing | Enable AWS X-Ray Tracing for Lambda Function. | +| vpc | aws-cdk-lib.aws_ec2.IVpc | VPC network to place Lambda network interfaces. | +| vpcSubnets | aws-cdk-lib.aws_ec2.SubnetSelection | Where to place the network interfaces within the VPC. | +| code | aws-cdk-lib.aws_lambda.Code | The source code of your Lambda function. | +| handler | string | The name of the method within your code that Lambda calls to execute your function. | +| runtime | aws-cdk-lib.aws_lambda.Runtime | The runtime environment for the Lambda function that you are uploading. | +| stage | string | *No description.* | +| withBaseEnvironment | boolean | *No description.* | +| withBaseTags | boolean | *No description.* | --- -###### `endpointUrl`Required +##### `maxEventAge`Optional -- *Type:* string +```typescript +public readonly maxEventAge: Duration; +``` ---- +- *Type:* aws-cdk-lib.Duration +- *Default:* Duration.hours(6) -###### `newRelicLicenseLey`Required +The maximum age of a request that Lambda sends to a function for processing. -- *Type:* string +Minimum: 60 seconds +Maximum: 6 hours --- -##### `createNewRelicRole` +##### `onFailure`Optional ```typescript -public createNewRelicRole(newRelicAccountId: string): IRole +public readonly onFailure: IDestination; ``` -###### `newRelicAccountId`Required +- *Type:* aws-cdk-lib.aws_lambda.IDestination +- *Default:* no destination -- *Type:* string +The destination for failed invocations. --- -##### `createSecrets` +##### `onSuccess`Optional ```typescript -public createSecrets(newRelicAccountId: string, newRelicLicenseLey: string): Secret +public readonly onSuccess: IDestination; ``` -###### `newRelicAccountId`Required +- *Type:* aws-cdk-lib.aws_lambda.IDestination +- *Default:* no destination -- *Type:* string +The destination for successful invocations. --- -###### `newRelicLicenseLey`Required +##### `retryAttempts`Optional -- *Type:* string +```typescript +public readonly retryAttempts: number; +``` ---- +- *Type:* number +- *Default:* 2 -#### Static Functions +The maximum number of times to retry when the function returns an error. -| **Name** | **Description** | -| --- | --- | -| isConstruct | Checks if `x` is a construct. | -| isStack | Return whether the given object is a Stack. | -| of | Looks up the first stack scope in which `construct` is defined. | +Minimum: 0 +Maximum: 2 --- -##### `isConstruct` +##### `allowAllOutbound`Optional ```typescript -import { stacks } from 'neulabs-cdk-constructs' - -stacks.NewRelicStack.isConstruct(x: any) +public readonly allowAllOutbound: boolean; ``` -Checks if `x` is a construct. - -Use this method instead of `instanceof` to properly detect `Construct` -instances, even when the construct library is symlinked. - -Explanation: in JavaScript, multiple copies of the `constructs` library on -disk are seen as independent, completely different libraries. As a -consequence, the class `Construct` in each copy of the `constructs` library -is seen as a different class, and an instance of one class will not test as -`instanceof` the other class. `npm install` will not create installations -like this, but users may manually symlink construct libraries together or -use a monorepo tool: in those cases, multiple copies of the `constructs` -library can be accidentally installed, and `instanceof` will behave -unpredictably. It is safest to avoid using `instanceof`, and using -this type-testing method instead. - -###### `x`Required +- *Type:* boolean +- *Default:* true -- *Type:* any +Whether to allow the Lambda to send all network traffic. -Any object. +If set to false, you must individually add traffic rules to allow the +Lambda to connect to network targets. --- -##### `isStack` +##### `allowPublicSubnet`Optional ```typescript -import { stacks } from 'neulabs-cdk-constructs' - -stacks.NewRelicStack.isStack(x: any) +public readonly allowPublicSubnet: boolean; ``` -Return whether the given object is a Stack. +- *Type:* boolean +- *Default:* false -We do attribute detection since we can't reliably use 'instanceof'. +Lambda Functions in a public subnet can NOT access the internet. -###### `x`Required +Use this property to acknowledge this limitation and still place the function in a public subnet. -- *Type:* any +> [https://stackoverflow.com/questions/52992085/why-cant-an-aws-lambda-function-inside-a-public-subnet-in-a-vpc-connect-to-the/52994841#52994841](https://stackoverflow.com/questions/52992085/why-cant-an-aws-lambda-function-inside-a-public-subnet-in-a-vpc-connect-to-the/52994841#52994841) --- -##### `of` +##### `architecture`Optional ```typescript -import { stacks } from 'neulabs-cdk-constructs' - -stacks.NewRelicStack.of(construct: IConstruct) +public readonly architecture: Architecture; ``` -Looks up the first stack scope in which `construct` is defined. +- *Type:* aws-cdk-lib.aws_lambda.Architecture +- *Default:* Architecture.X86_64 -Fails if there is no stack up the tree. +The system architectures compatible with this lambda function. -###### `construct`Required +--- -- *Type:* constructs.IConstruct +##### `codeSigningConfig`Optional -The construct to start the search from. +```typescript +public readonly codeSigningConfig: ICodeSigningConfig; +``` + +- *Type:* aws-cdk-lib.aws_lambda.ICodeSigningConfig +- *Default:* Not Sign the Code + +Code signing config associated with this function. --- -#### Properties +##### `currentVersionOptions`Optional -| **Name** | **Type** | **Description** | -| --- | --- | --- | -| node | constructs.Node | The tree node. | -| account | string | The AWS account into which this stack will be deployed. | -| artifactId | string | The ID of the cloud assembly artifact for this stack. | -| availabilityZones | string[] | Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack. | -| bundlingRequired | boolean | Indicates whether the stack requires bundling or not. | -| dependencies | aws-cdk-lib.Stack[] | Return the stacks this stack depends on. | -| environment | string | The environment coordinates in which this stack is deployed. | -| nested | boolean | Indicates if this is a nested stack, in which case `parentStack` will include a reference to it's parent. | -| notificationArns | string[] | Returns the list of notification Amazon Resource Names (ARNs) for the current stack. | -| partition | string | The partition in which this stack is defined. | -| region | string | The AWS region into which this stack will be deployed (e.g. `us-west-2`). | -| stackId | string | The ID of the stack. | -| stackName | string | The concrete CloudFormation physical stack name. | -| synthesizer | aws-cdk-lib.IStackSynthesizer | Synthesis method for this stack. | -| tags | aws-cdk-lib.TagManager | Tags to be applied to the stack. | -| templateFile | string | The name of the CloudFormation template file emitted to the output directory during synthesis. | -| templateOptions | aws-cdk-lib.ITemplateOptions | Options for CloudFormation template (like version, transform, description). | -| urlSuffix | string | The Amazon domain suffix for the region in which this stack is defined. | -| nestedStackParent | aws-cdk-lib.Stack | If this is a nested stack, returns it's parent stack. | -| nestedStackResource | aws-cdk-lib.CfnResource | If this is a nested stack, this represents its `AWS::CloudFormation::Stack` resource. | -| terminationProtection | boolean | Whether termination protection is enabled for this stack. | -| stage | string | *No description.* | -| newRelicBucket | aws-cdk-lib.aws_s3.IBucket | *No description.* | -| newRelicFirehoseRole | aws-cdk-lib.aws_iam.IRole | *No description.* | -| newRelicIntegrationRole | aws-cdk-lib.aws_iam.IRole | *No description.* | -| newRelicSecret | aws-cdk-lib.aws_secretsmanager.ISecret | *No description.* | -| newRelicCloudwatchLogsStreamRole | aws-cdk-lib.aws_iam.IRole | *No description.* | -| newRelicFirehoseLogs | aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream | *No description.* | -| newRelicFirehoseMetrics | aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream | *No description.* | +```typescript +public readonly currentVersionOptions: VersionOptions; +``` + +- *Type:* aws-cdk-lib.aws_lambda.VersionOptions +- *Default:* default options as described in `VersionOptions` + +Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method. --- -##### `node`Required +##### `deadLetterQueue`Optional ```typescript -public readonly node: Node; +public readonly deadLetterQueue: IQueue; ``` -- *Type:* constructs.Node +- *Type:* aws-cdk-lib.aws_sqs.IQueue +- *Default:* SQS queue with 14 day retention period if `deadLetterQueueEnabled` is `true` -The tree node. +The SQS queue to use if DLQ is enabled. + +If SNS topic is desired, specify `deadLetterTopic` property instead. --- -##### `account`Required +##### `deadLetterQueueEnabled`Optional ```typescript -public readonly account: string; +public readonly deadLetterQueueEnabled: boolean; ``` -- *Type:* string +- *Type:* boolean +- *Default:* false unless `deadLetterQueue` is set, which implies DLQ is enabled. -The AWS account into which this stack will be deployed. +Enabled DLQ. -This value is resolved according to the following rules: +If `deadLetterQueue` is undefined, +an SQS queue with default options will be defined for your Function. -1. The value provided to `env.account` when the stack is defined. This can - either be a concrete account (e.g. `585695031111`) or the - `Aws.ACCOUNT_ID` token. -3. `Aws.ACCOUNT_ID`, which represents the CloudFormation intrinsic reference - `{ "Ref": "AWS::AccountId" }` encoded as a string token. +--- -Preferably, you should use the return value as an opaque string and not -attempt to parse it to implement your logic. If you do, you must first -check that it is a concerete value an not an unresolved token. If this -value is an unresolved token (`Token.isUnresolved(stack.account)` returns -`true`), this implies that the user wishes that this stack will synthesize -into a **account-agnostic template**. In this case, your code should either -fail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or -implement some other region-agnostic behavior. +##### `deadLetterTopic`Optional + +```typescript +public readonly deadLetterTopic: ITopic; +``` + +- *Type:* aws-cdk-lib.aws_sns.ITopic +- *Default:* no SNS topic + +The SNS topic to use as a DLQ. + +Note that if `deadLetterQueueEnabled` is set to `true`, an SQS queue will be created +rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly. --- -##### `artifactId`Required +##### `description`Optional ```typescript -public readonly artifactId: string; +public readonly description: string; ``` - *Type:* string +- *Default:* No description. -The ID of the cloud assembly artifact for this stack. +A description of the function. --- -##### `availabilityZones`Required +##### `environment`Optional ```typescript -public readonly availabilityZones: string[]; +public readonly environment: {[ key: string ]: string}; ``` -- *Type:* string[] +- *Type:* {[ key: string ]: string} +- *Default:* No environment variables. -Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack. +Key-value pairs that Lambda caches and makes available for your Lambda functions. -If the stack is environment-agnostic (either account and/or region are -tokens), this property will return an array with 2 tokens that will resolve -at deploy-time to the first two availability zones returned from CloudFormation's -`Fn::GetAZs` intrinsic function. +Use environment variables to apply configuration changes, such +as test and production environment configurations, without changing your +Lambda function source code. -If they are not available in the context, returns a set of dummy values and -reports them as missing, and let the CLI resolve them by calling EC2 -`DescribeAvailabilityZones` on the target environment. +--- -To specify a different strategy for selecting availability zones override this method. +##### `environmentEncryption`Optional + +```typescript +public readonly environmentEncryption: IKey; +``` + +- *Type:* aws-cdk-lib.aws_kms.IKey +- *Default:* AWS Lambda creates and uses an AWS managed customer master key (CMK). + +The AWS KMS key that's used to encrypt your function's environment variables. --- -##### `bundlingRequired`Required +##### `ephemeralStorageSize`Optional ```typescript -public readonly bundlingRequired: boolean; +public readonly ephemeralStorageSize: Size; ``` -- *Type:* boolean +- *Type:* aws-cdk-lib.Size +- *Default:* 512 MiB -Indicates whether the stack requires bundling or not. +The size of the function’s /tmp directory in MiB. --- -##### `dependencies`Required +##### `events`Optional ```typescript -public readonly dependencies: Stack[]; +public readonly events: IEventSource[]; ``` -- *Type:* aws-cdk-lib.Stack[] +- *Type:* aws-cdk-lib.aws_lambda.IEventSource[] +- *Default:* No event sources. -Return the stacks this stack depends on. +Event sources for this function. + +You can also add event sources using `addEventSource`. --- -##### `environment`Required +##### `filesystem`Optional ```typescript -public readonly environment: string; +public readonly filesystem: FileSystem; ``` -- *Type:* string +- *Type:* aws-cdk-lib.aws_lambda.FileSystem +- *Default:* will not mount any filesystem -The environment coordinates in which this stack is deployed. +The filesystem configuration for the lambda function. -In the form -`aws://account/region`. Use `stack.account` and `stack.region` to obtain -the specific values, no need to parse. +--- -You can use this value to determine if two stacks are targeting the same -environment. +##### `functionName`Optional -If either `stack.account` or `stack.region` are not concrete values (e.g. -`Aws.ACCOUNT_ID` or `Aws.REGION`) the special strings `unknown-account` and/or -`unknown-region` will be used respectively to indicate this stack is -region/account-agnostic. +```typescript +public readonly functionName: string; +``` + +- *Type:* string +- *Default:* AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type. + +A name for the function. --- -##### `nested`Required +##### `initialPolicy`Optional ```typescript -public readonly nested: boolean; +public readonly initialPolicy: PolicyStatement[]; ``` -- *Type:* boolean +- *Type:* aws-cdk-lib.aws_iam.PolicyStatement[] +- *Default:* No policy statements are added to the created Lambda role. -Indicates if this is a nested stack, in which case `parentStack` will include a reference to it's parent. +Initial policy statements to add to the created Lambda Role. + +You can call `addToRolePolicy` to the created lambda to add statements post creation. --- -##### `notificationArns`Required +##### `insightsVersion`Optional ```typescript -public readonly notificationArns: string[]; +public readonly insightsVersion: LambdaInsightsVersion; ``` -- *Type:* string[] +- *Type:* aws-cdk-lib.aws_lambda.LambdaInsightsVersion +- *Default:* No Lambda Insights -Returns the list of notification Amazon Resource Names (ARNs) for the current stack. +Specify the version of CloudWatch Lambda insights to use for monitoring. + +> [https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-Getting-Started-docker.html](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-Getting-Started-docker.html) --- -##### `partition`Required +##### `layers`Optional ```typescript -public readonly partition: string; +public readonly layers: ILayerVersion[]; ``` -- *Type:* string +- *Type:* aws-cdk-lib.aws_lambda.ILayerVersion[] +- *Default:* No layers. -The partition in which this stack is defined. +A list of layers to add to the function's execution environment. + +You can configure your Lambda function to pull in +additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies +that can be used by multiple functions. --- -##### `region`Required +##### `logRetention`Optional ```typescript -public readonly region: string; +public readonly logRetention: RetentionDays; ``` -- *Type:* string - -The AWS region into which this stack will be deployed (e.g. `us-west-2`). - -This value is resolved according to the following rules: +- *Type:* aws-cdk-lib.aws_logs.RetentionDays +- *Default:* logs.RetentionDays.INFINITE -1. The value provided to `env.region` when the stack is defined. This can - either be a concerete region (e.g. `us-west-2`) or the `Aws.REGION` - token. -3. `Aws.REGION`, which is represents the CloudFormation intrinsic reference - `{ "Ref": "AWS::Region" }` encoded as a string token. +The number of days log events are kept in CloudWatch Logs. -Preferably, you should use the return value as an opaque string and not -attempt to parse it to implement your logic. If you do, you must first -check that it is a concerete value an not an unresolved token. If this -value is an unresolved token (`Token.isUnresolved(stack.region)` returns -`true`), this implies that the user wishes that this stack will synthesize -into a **region-agnostic template**. In this case, your code should either -fail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or -implement some other region-agnostic behavior. +When updating +this property, unsetting it doesn't remove the log retention policy. To +remove the retention policy, set the value to `INFINITE`. --- -##### `stackId`Required +##### `logRetentionRetryOptions`Optional ```typescript -public readonly stackId: string; +public readonly logRetentionRetryOptions: LogRetentionRetryOptions; ``` -- *Type:* string +- *Type:* aws-cdk-lib.aws_lambda.LogRetentionRetryOptions +- *Default:* Default AWS SDK retry options. -The ID of the stack. +When log retention is specified, a custom resource attempts to create the CloudWatch log group. + +These options control the retry policy when interacting with CloudWatch APIs. --- -*Example* +##### `logRetentionRole`Optional ```typescript -// After resolving, looks like -'arn:aws:cloudformation:us-west-2:123456789012:stack/teststack/51af3dc0-da77-11e4-872e-1234567db123' +public readonly logRetentionRole: IRole; ``` +- *Type:* aws-cdk-lib.aws_iam.IRole +- *Default:* A new role is created. + +The IAM role for the Lambda function associated with the custom resource that sets the retention policy. -##### `stackName`Required +--- + +##### `memorySize`Optional ```typescript -public readonly stackName: string; +public readonly memorySize: number; ``` -- *Type:* string - -The concrete CloudFormation physical stack name. +- *Type:* number +- *Default:* 128 -This is either the name defined explicitly in the `stackName` prop or -allocated based on the stack's location in the construct tree. Stacks that -are directly defined under the app use their construct `id` as their stack -name. Stacks that are defined deeper within the tree will use a hashed naming -scheme based on the construct path to ensure uniqueness. +The amount of memory, in MB, that is allocated to your Lambda function. -If you wish to obtain the deploy-time AWS::StackName intrinsic, -you can use `Aws.STACK_NAME` directly. +Lambda uses this value to proportionally allocate the amount of CPU +power. For more information, see Resource Model in the AWS Lambda +Developer Guide. --- -##### `synthesizer`Required +##### `profiling`Optional ```typescript -public readonly synthesizer: IStackSynthesizer; +public readonly profiling: boolean; ``` -- *Type:* aws-cdk-lib.IStackSynthesizer +- *Type:* boolean +- *Default:* No profiling. -Synthesis method for this stack. +Enable profiling. + +> [https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html](https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html) --- -##### `tags`Required +##### `profilingGroup`Optional ```typescript -public readonly tags: TagManager; +public readonly profilingGroup: IProfilingGroup; ``` -- *Type:* aws-cdk-lib.TagManager +- *Type:* aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup +- *Default:* A new profiling group will be created if `profiling` is set. -Tags to be applied to the stack. +Profiling Group. + +> [https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html](https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html) --- -##### `templateFile`Required +##### `reservedConcurrentExecutions`Optional ```typescript -public readonly templateFile: string; +public readonly reservedConcurrentExecutions: number; ``` -- *Type:* string +- *Type:* number +- *Default:* No specific limit - account limit. -The name of the CloudFormation template file emitted to the output directory during synthesis. +The maximum of concurrent executions you want to reserve for the function. -Example value: `MyStack.template.json` +> [https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html](https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html) --- -##### `templateOptions`Required +##### `role`Optional ```typescript -public readonly templateOptions: ITemplateOptions; +public readonly role: IRole; ``` -- *Type:* aws-cdk-lib.ITemplateOptions +- *Type:* aws-cdk-lib.aws_iam.IRole +- *Default:* A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling `addToRolePolicy`. -Options for CloudFormation template (like version, transform, description). +Lambda execution role. + +This is the role that will be assumed by the function upon execution. +It controls the permissions that the function will have. The Role must +be assumable by the 'lambda.amazonaws.com' service principal. + +The default Role automatically has permissions granted for Lambda execution. If you +provide a Role, you must add the relevant AWS managed policies yourself. + +The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and +"service-role/AWSLambdaVPCAccessExecutionRole". --- -##### `urlSuffix`Required +##### `securityGroups`Optional ```typescript -public readonly urlSuffix: string; +public readonly securityGroups: ISecurityGroup[]; ``` -- *Type:* string +- *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup[] +- *Default:* If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function. -The Amazon domain suffix for the region in which this stack is defined. +The list of security groups to associate with the Lambda's network interfaces. + +Only used if 'vpc' is supplied. --- -##### `nestedStackParent`Optional +##### `timeout`Optional ```typescript -public readonly nestedStackParent: Stack; +public readonly timeout: Duration; ``` -- *Type:* aws-cdk-lib.Stack +- *Type:* aws-cdk-lib.Duration +- *Default:* Duration.seconds(3) -If this is a nested stack, returns it's parent stack. +The function execution time (in seconds) after which Lambda terminates the function. + +Because the execution time affects cost, set this value +based on the function's expected execution time. --- -##### `nestedStackResource`Optional +##### `tracing`Optional ```typescript -public readonly nestedStackResource: CfnResource; +public readonly tracing: Tracing; ``` -- *Type:* aws-cdk-lib.CfnResource - -If this is a nested stack, this represents its `AWS::CloudFormation::Stack` resource. +- *Type:* aws-cdk-lib.aws_lambda.Tracing +- *Default:* Tracing.Disabled -`undefined` for top-level (non-nested) stacks. +Enable AWS X-Ray Tracing for Lambda Function. --- -##### `terminationProtection`Optional +##### `vpc`Optional ```typescript -public readonly terminationProtection: boolean; +public readonly vpc: IVpc; ``` -- *Type:* boolean +- *Type:* aws-cdk-lib.aws_ec2.IVpc +- *Default:* Function is not placed within a VPC. -Whether termination protection is enabled for this stack. +VPC network to place Lambda network interfaces. + +Specify this if the Lambda function needs to access resources in a VPC. +This is required when `vpcSubnets` is specified. --- -##### `stage`Required +##### `vpcSubnets`Optional ```typescript -public readonly stage: string; +public readonly vpcSubnets: SubnetSelection; ``` -- *Type:* string +- *Type:* aws-cdk-lib.aws_ec2.SubnetSelection +- *Default:* the Vpc default strategy if not specified + +Where to place the network interfaces within the VPC. + +This requires `vpc` to be specified in order for interfaces to actually be +placed in the subnets. If `vpc` is not specify, this will raise an error. + +Note: Internet access for Lambda Functions requires a NAT Gateway, so picking +public subnets is not allowed (unless `allowPublicSubnet` is set to `true`). --- -##### `newRelicBucket`Required +##### `code`Required ```typescript -public readonly newRelicBucket: IBucket; +public readonly code: Code; ``` -- *Type:* aws-cdk-lib.aws_s3.IBucket +- *Type:* aws-cdk-lib.aws_lambda.Code + +The source code of your Lambda function. + +You can point to a file in an +Amazon Simple Storage Service (Amazon S3) bucket or specify your source +code as inline text. --- -##### `newRelicFirehoseRole`Required +##### `handler`Required ```typescript -public readonly newRelicFirehoseRole: IRole; +public readonly handler: string; ``` -- *Type:* aws-cdk-lib.aws_iam.IRole +- *Type:* string ---- +The name of the method within your code that Lambda calls to execute your function. -##### `newRelicIntegrationRole`Required +The format includes the file name. It can also include +namespaces and other qualifiers, depending on the runtime. +For more information, see https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html. -```typescript -public readonly newRelicIntegrationRole: IRole; -``` +Use `Handler.FROM_IMAGE` when defining a function from a Docker image. -- *Type:* aws-cdk-lib.aws_iam.IRole +NOTE: If you specify your source code as inline text by specifying the +ZipFile property within the Code property, specify index.function_name as +the handler. --- -##### `newRelicSecret`Required +##### `runtime`Required ```typescript -public readonly newRelicSecret: ISecret; +public readonly runtime: Runtime; ``` -- *Type:* aws-cdk-lib.aws_secretsmanager.ISecret +- *Type:* aws-cdk-lib.aws_lambda.Runtime + +The runtime environment for the Lambda function that you are uploading. + +For valid values, see the Runtime property in the AWS Lambda Developer +Guide. + +Use `Runtime.FROM_IMAGE` when defining a function from a Docker image. --- -##### `newRelicCloudwatchLogsStreamRole`Optional +##### `stage`Required ```typescript -public readonly newRelicCloudwatchLogsStreamRole: IRole; +public readonly stage: string; ``` -- *Type:* aws-cdk-lib.aws_iam.IRole +- *Type:* string --- -##### `newRelicFirehoseLogs`Optional +##### `withBaseEnvironment`Optional ```typescript -public readonly newRelicFirehoseLogs: CfnDeliveryStream; +public readonly withBaseEnvironment: boolean; ``` -- *Type:* aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream +- *Type:* boolean --- -##### `newRelicFirehoseMetrics`Optional +##### `withBaseTags`Optional ```typescript -public readonly newRelicFirehoseMetrics: CfnDeliveryStream; +public readonly withBaseTags: boolean; ``` -- *Type:* aws-cdk-lib.aws_kinesisfirehose.CfnDeliveryStream +- *Type:* boolean --- +### GithubOIDCStackStackProps -## Structs - -### BaseStackProps - -#### Initializer +#### Initializer ```typescript import { stacks } from 'neulabs-cdk-constructs' -const baseStackProps: stacks.BaseStackProps = { ... } +const githubOIDCStackStackProps: stacks.GithubOIDCStackStackProps = { ... } ``` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | -| analyticsReporting | boolean | Include runtime versioning information in this Stack. | -| crossRegionReferences | boolean | Enable this flag to allow native cross region stack references. | -| description | string | A description of the stack. | -| env | aws-cdk-lib.Environment | The AWS environment (account/region) where this stack will be deployed. | -| stackName | string | Name to deploy the stack with. | -| synthesizer | aws-cdk-lib.IStackSynthesizer | Synthesis method to use while deploying this stack. | -| tags | {[ key: string ]: string} | Stack tags that will be applied to all the taggable resources and the stack itself. | -| terminationProtection | boolean | Whether to enable termination protection for this stack. | -| stage | string | *No description.* | +| analyticsReporting | boolean | Include runtime versioning information in this Stack. | +| crossRegionReferences | boolean | Enable this flag to allow native cross region stack references. | +| description | string | A description of the stack. | +| env | aws-cdk-lib.Environment | The AWS environment (account/region) where this stack will be deployed. | +| stackName | string | Name to deploy the stack with. | +| synthesizer | aws-cdk-lib.IStackSynthesizer | Synthesis method to use while deploying this stack. | +| tags | {[ key: string ]: string} | Stack tags that will be applied to all the taggable resources and the stack itself. | +| terminationProtection | boolean | Whether to enable termination protection for this stack. | +| stage | string | *No description.* | +| githubRepository | string | *No description.* | +| githubUser | string | *No description.* | +| tokenAction | neulabs-cdk-constructs.stacks.TokenActions | *No description.* | +| cdkDeployRoleManagedPolicies | aws-cdk-lib.aws_iam.ManagedPolicy[] | *No description.* | +| cdkDeployRolePolicyStatements | aws-cdk-lib.aws_iam.PolicyStatement[] | *No description.* | +| tokenActionCustom | string | *No description.* | --- -##### `analyticsReporting`Optional +##### `analyticsReporting`Optional ```typescript public readonly analyticsReporting: boolean; @@ -1985,7 +6800,7 @@ Include runtime versioning information in this Stack. --- -##### `crossRegionReferences`Optional +##### `crossRegionReferences`Optional ```typescript public readonly crossRegionReferences: boolean; @@ -2003,7 +6818,7 @@ This feature is currently experimental --- -##### `description`Optional +##### `description`Optional ```typescript public readonly description: string; @@ -2016,7 +6831,7 @@ A description of the stack. --- -##### `env`Optional +##### `env`Optional ```typescript public readonly env: Environment; @@ -2090,7 +6905,7 @@ new MyStack(app, 'Stack1'); ``` -##### `stackName`Optional +##### `stackName`Optional ```typescript public readonly stackName: string; @@ -2103,7 +6918,7 @@ Name to deploy the stack with. --- -##### `synthesizer`Optional +##### `synthesizer`Optional ```typescript public readonly synthesizer: IStackSynthesizer; @@ -2116,7 +6931,7 @@ Synthesis method to use while deploying this stack. --- -##### `tags`Optional +##### `tags`Optional ```typescript public readonly tags: {[ key: string ]: string}; @@ -2129,7 +6944,7 @@ Stack tags that will be applied to all the taggable resources and the stack itse --- -##### `terminationProtection`Optional +##### `terminationProtection`Optional ```typescript public readonly terminationProtection: boolean; @@ -2142,7 +6957,7 @@ Whether to enable termination protection for this stack. --- -##### `stage`Required +##### `stage`Required ```typescript public readonly stage: string; @@ -2152,64 +6967,135 @@ public readonly stage: string; --- -### BaseTagProps +##### `githubRepository`Required + +```typescript +public readonly githubRepository: string; +``` + +- *Type:* string + +--- + +##### `githubUser`Required + +```typescript +public readonly githubUser: string; +``` + +- *Type:* string + +--- + +##### `tokenAction`Required + +```typescript +public readonly tokenAction: TokenActions; +``` + +- *Type:* neulabs-cdk-constructs.stacks.TokenActions + +--- + +##### `cdkDeployRoleManagedPolicies`Optional + +```typescript +public readonly cdkDeployRoleManagedPolicies: ManagedPolicy[]; +``` + +- *Type:* aws-cdk-lib.aws_iam.ManagedPolicy[] + +--- + +##### `cdkDeployRolePolicyStatements`Optional + +```typescript +public readonly cdkDeployRolePolicyStatements: PolicyStatement[]; +``` + +- *Type:* aws-cdk-lib.aws_iam.PolicyStatement[] + +--- + +##### `tokenActionCustom`Optional + +```typescript +public readonly tokenActionCustom: string; +``` + +- *Type:* string + +--- + +### NewRelicProps -#### Initializer +#### Initializer ```typescript -import { utils } from 'neulabs-cdk-constructs' +import { aws_lambda } from 'neulabs-cdk-constructs' -const baseTagProps: utils.BaseTagProps = { ... } +const newRelicProps: aws_lambda.NewRelicProps = { ... } ``` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | -| businessUnit | string | *No description.* | -| domain | string | *No description.* | -| repositoryName | string | *No description.* | -| repositoryVersion | string | *No description.* | +| handler | string | *No description.* | +| newRelicAccountId | string | *No description.* | +| newRelicLayerName | string | *No description.* | +| newRelicLayerVersion | number | *No description.* | +| newRelicwithExtensionSendLogs | boolean | *No description.* | --- -##### `businessUnit`Optional +##### `handler`Required ```typescript -public readonly businessUnit: string; +public readonly handler: string; ``` - *Type:* string --- -##### `domain`Optional +##### `newRelicAccountId`Required ```typescript -public readonly domain: string; +public readonly newRelicAccountId: string; ``` - *Type:* string --- -##### `repositoryName`Optional +##### `newRelicLayerName`Required ```typescript -public readonly repositoryName: string; +public readonly newRelicLayerName: string; ``` - *Type:* string --- -##### `repositoryVersion`Optional +##### `newRelicLayerVersion`Required ```typescript -public readonly repositoryVersion: string; +public readonly newRelicLayerVersion: number; ``` -- *Type:* string +- *Type:* number + +--- + +##### `newRelicwithExtensionSendLogs`Optional + +```typescript +public readonly newRelicwithExtensionSendLogs: boolean; +``` + +- *Type:* boolean --- @@ -2541,47 +7427,95 @@ public readonly newRelicLicenseKey: string; --- -### TagsKey +### ProviderUrl + +#### Members + +| **Name** | **Description** | +| --- | --- | +| GITHUB | *No description.* | + +--- + +##### `GITHUB` + +--- + + +### TagsKey #### Members | **Name** | **Description** | | --- | --- | -| ENVIRONMENT | *No description.* | -| TIMESTAMP_DEPLOY_CDK | *No description.* | -| BUSINESS_UNIT | *No description.* | -| DOMAIN | *No description.* | -| REPOSITORY_NAME | *No description.* | -| REPOSITORY_VERSION | *No description.* | +| ENVIRONMENT | *No description.* | +| TIMESTAMP_DEPLOY_CDK | *No description.* | +| BUSINESS_UNIT | *No description.* | +| DOMAIN | *No description.* | +| REPOSITORY_NAME | *No description.* | +| REPOSITORY_VERSION | *No description.* | + +--- + +##### `ENVIRONMENT` + +--- + + +##### `TIMESTAMP_DEPLOY_CDK` + +--- + + +##### `BUSINESS_UNIT` + +--- + + +##### `DOMAIN` --- -##### `ENVIRONMENT` + +##### `REPOSITORY_NAME` --- -##### `TIMESTAMP_DEPLOY_CDK` +##### `REPOSITORY_VERSION` --- -##### `BUSINESS_UNIT` +### TokenActions + +#### Members + +| **Name** | **Description** | +| --- | --- | +| ALL | *No description.* | +| ALL_BRANCH | *No description.* | +| ALL_TAGS | *No description.* | +| CUSTOM | *No description.* | + +--- + +##### `ALL` --- -##### `DOMAIN` +##### `ALL_BRANCH` --- -##### `REPOSITORY_NAME` +##### `ALL_TAGS` --- -##### `REPOSITORY_VERSION` +##### `CUSTOM` --- diff --git a/src/common/env.ts b/src/common/env.ts index 0e9276a..e941e75 100644 --- a/src/common/env.ts +++ b/src/common/env.ts @@ -1,4 +1,3 @@ -/* eslint-disable @typescript-eslint/no-shadow */ export const CDK_REGION = process.env.CDK_DEFAULT_REGION ?? ''; export const CDK_ACCOUNT_ID = process.env.CDK_DEFAULT_ACCOUNT ?? ''; export const ENVIRONMENT = process.env.ENVIRONMENT ?? ''; diff --git a/src/common/index.ts b/src/common/index.ts new file mode 100644 index 0000000..1374c5b --- /dev/null +++ b/src/common/index.ts @@ -0,0 +1,3 @@ +export * from './env'; +export * from './utils'; +// export * from './constants'; \ No newline at end of file diff --git a/src/constructs/.gitkeep b/src/constructs/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/src/constructs/aws-lambda/index.ts b/src/constructs/aws-lambda/index.ts index babb7dc..f892208 100644 --- a/src/constructs/aws-lambda/index.ts +++ b/src/constructs/aws-lambda/index.ts @@ -1,119 +1 @@ -import * as iam from 'aws-cdk-lib/aws-iam'; -import * as lambda from 'aws-cdk-lib/aws-lambda'; -import { Construct } from 'constructs'; -import { CDK_ACCOUNT_ID, CDK_REGION } from '../../common/env'; -import * as env from '../../common/env'; -import { addBaseTags } from '../../common/utils'; - -export const NEW_RELIC_LAYERS_ACCOUNT_ID = '451483290750'; // AWS account id of NewRelic where exposed layers https://layers.newrelic-external.com/ - -export interface FunctionProps extends lambda.FunctionProps { - readonly stage: string; - readonly withBaseEnvironment?: boolean; - readonly withBaseTags?: boolean; -} - -export interface FunctionNewRelicProps extends FunctionProps { - readonly newRelicLayerName: string; - readonly newRelicLayerVersion: number; - readonly newRelicAccountId: string; - readonly newRelicwithExtensionSendLogs?: boolean; -} - -export interface NewRelicProps { - readonly handler: string; - readonly newRelicLayerName: string; - readonly newRelicLayerVersion: number; - readonly newRelicAccountId: string; - readonly newRelicwithExtensionSendLogs?: boolean; -} - -export function getNewRelicLayer(scope: Construct, functionName:string, layerName: string, layerVersion: number, region: string) { - return lambda.LayerVersion.fromLayerVersionArn( - scope, - `new-relic-layer-${functionName}`, - `arn:aws:lambda:${region}:${NEW_RELIC_LAYERS_ACCOUNT_ID}:layer:${layerName}:${layerVersion}`, - ); -} - -export function addNewRelicLayer(scope: Construct, lambdaFunction: lambda.Function, props: NewRelicProps) { - lambdaFunction.addToRolePolicy( - new iam.PolicyStatement({ - actions: ['secretsmanager:GetSecretValue'], - resources: [`arn:aws:secretsmanager:eu-west-1:${CDK_ACCOUNT_ID}:secret:NEW_RELIC_LICENSE_KEY-??????`], - }), - ); - - lambdaFunction.addEnvironment('NEW_RELIC_ACCOUNT_ID', props.newRelicAccountId); - lambdaFunction.addEnvironment('NEW_RELIC_LAMBDA_HANDLER', props.handler); - lambdaFunction.addEnvironment('NEW_RELIC_LAMBDA_EXTENSION_ENABLED', 'true'); - if (props.newRelicwithExtensionSendLogs) { - lambdaFunction.addEnvironment('NEW_RELIC_EXTENSION_SEND_FUNCTION_LOGS', 'true'); - } - - const layer = getNewRelicLayer( - scope, - lambdaFunction.functionName, - props.newRelicLayerName, - props.newRelicLayerVersion, - CDK_REGION, - ); - - lambdaFunction.addLayers(layer); -} - -export class Function extends lambda.Function { - public readonly stage: string; - - constructor(scope: Construct, id: string, props: FunctionProps) { - super(scope, id, props); - this.stage = props.stage; - - if (props.withBaseEnvironment) { - this.addBaseEnvironment(); - } - - if (props.withBaseTags) { - this.addBaseTags(); - } - } - - addBaseTags() { - addBaseTags(this); - } - - addBaseEnvironment() { - this.addEnvironment('ENVIRONMENT', this.stage); - this.addEnvironment('TIMESTAMP_DEPLOY_CDK', env.TIMESTAMP_DEPLOY_CDK); - - if (env.BUSINESS_UNIT) { - this.addEnvironment('BUSINESS_UNIT', env.BUSINESS_UNIT); - } - if (env.DOMAIN) { - this.addEnvironment('DOMAIN', env.DOMAIN); - } - if (env.REPOSITORY_NAME) { - this.addEnvironment('REPOSITORY_NAME', env.REPOSITORY_NAME); - } - if (env.REPOSITORY_VERSION) { - this.addEnvironment('REPOSITORY_VERSION', env.REPOSITORY_VERSION); - } - } -} - -export class NewRelicFunction extends Function { - constructor(scope: Construct, id: string, props: FunctionNewRelicProps) { - const app_handler = props.handler; - const handler = 'newrelic_lambda_wrapper.handler'; - - super(scope, id, { ...props, handler }); - - addNewRelicLayer(scope, this, { - handler: app_handler, - newRelicLayerName: props.newRelicLayerName, - newRelicLayerVersion: props.newRelicLayerVersion, - newRelicAccountId: props.newRelicAccountId, - newRelicwithExtensionSendLogs: props.newRelicwithExtensionSendLogs, - }); - } -} +export * from './lambda-extension'; \ No newline at end of file diff --git a/src/constructs/aws-lambda/lambda-extension.ts b/src/constructs/aws-lambda/lambda-extension.ts new file mode 100644 index 0000000..babb7dc --- /dev/null +++ b/src/constructs/aws-lambda/lambda-extension.ts @@ -0,0 +1,119 @@ +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as lambda from 'aws-cdk-lib/aws-lambda'; +import { Construct } from 'constructs'; +import { CDK_ACCOUNT_ID, CDK_REGION } from '../../common/env'; +import * as env from '../../common/env'; +import { addBaseTags } from '../../common/utils'; + +export const NEW_RELIC_LAYERS_ACCOUNT_ID = '451483290750'; // AWS account id of NewRelic where exposed layers https://layers.newrelic-external.com/ + +export interface FunctionProps extends lambda.FunctionProps { + readonly stage: string; + readonly withBaseEnvironment?: boolean; + readonly withBaseTags?: boolean; +} + +export interface FunctionNewRelicProps extends FunctionProps { + readonly newRelicLayerName: string; + readonly newRelicLayerVersion: number; + readonly newRelicAccountId: string; + readonly newRelicwithExtensionSendLogs?: boolean; +} + +export interface NewRelicProps { + readonly handler: string; + readonly newRelicLayerName: string; + readonly newRelicLayerVersion: number; + readonly newRelicAccountId: string; + readonly newRelicwithExtensionSendLogs?: boolean; +} + +export function getNewRelicLayer(scope: Construct, functionName:string, layerName: string, layerVersion: number, region: string) { + return lambda.LayerVersion.fromLayerVersionArn( + scope, + `new-relic-layer-${functionName}`, + `arn:aws:lambda:${region}:${NEW_RELIC_LAYERS_ACCOUNT_ID}:layer:${layerName}:${layerVersion}`, + ); +} + +export function addNewRelicLayer(scope: Construct, lambdaFunction: lambda.Function, props: NewRelicProps) { + lambdaFunction.addToRolePolicy( + new iam.PolicyStatement({ + actions: ['secretsmanager:GetSecretValue'], + resources: [`arn:aws:secretsmanager:eu-west-1:${CDK_ACCOUNT_ID}:secret:NEW_RELIC_LICENSE_KEY-??????`], + }), + ); + + lambdaFunction.addEnvironment('NEW_RELIC_ACCOUNT_ID', props.newRelicAccountId); + lambdaFunction.addEnvironment('NEW_RELIC_LAMBDA_HANDLER', props.handler); + lambdaFunction.addEnvironment('NEW_RELIC_LAMBDA_EXTENSION_ENABLED', 'true'); + if (props.newRelicwithExtensionSendLogs) { + lambdaFunction.addEnvironment('NEW_RELIC_EXTENSION_SEND_FUNCTION_LOGS', 'true'); + } + + const layer = getNewRelicLayer( + scope, + lambdaFunction.functionName, + props.newRelicLayerName, + props.newRelicLayerVersion, + CDK_REGION, + ); + + lambdaFunction.addLayers(layer); +} + +export class Function extends lambda.Function { + public readonly stage: string; + + constructor(scope: Construct, id: string, props: FunctionProps) { + super(scope, id, props); + this.stage = props.stage; + + if (props.withBaseEnvironment) { + this.addBaseEnvironment(); + } + + if (props.withBaseTags) { + this.addBaseTags(); + } + } + + addBaseTags() { + addBaseTags(this); + } + + addBaseEnvironment() { + this.addEnvironment('ENVIRONMENT', this.stage); + this.addEnvironment('TIMESTAMP_DEPLOY_CDK', env.TIMESTAMP_DEPLOY_CDK); + + if (env.BUSINESS_UNIT) { + this.addEnvironment('BUSINESS_UNIT', env.BUSINESS_UNIT); + } + if (env.DOMAIN) { + this.addEnvironment('DOMAIN', env.DOMAIN); + } + if (env.REPOSITORY_NAME) { + this.addEnvironment('REPOSITORY_NAME', env.REPOSITORY_NAME); + } + if (env.REPOSITORY_VERSION) { + this.addEnvironment('REPOSITORY_VERSION', env.REPOSITORY_VERSION); + } + } +} + +export class NewRelicFunction extends Function { + constructor(scope: Construct, id: string, props: FunctionNewRelicProps) { + const app_handler = props.handler; + const handler = 'newrelic_lambda_wrapper.handler'; + + super(scope, id, { ...props, handler }); + + addNewRelicLayer(scope, this, { + handler: app_handler, + newRelicLayerName: props.newRelicLayerName, + newRelicLayerVersion: props.newRelicLayerVersion, + newRelicAccountId: props.newRelicAccountId, + newRelicwithExtensionSendLogs: props.newRelicwithExtensionSendLogs, + }); + } +} diff --git a/src/constructs/index.ts b/src/constructs/index.ts deleted file mode 100644 index 0ea9679..0000000 --- a/src/constructs/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * as aws_lambda from './aws-lambda'; \ No newline at end of file diff --git a/src/index.ts b/src/index.ts index 714d08d..55e0d09 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,4 +1,3 @@ export * as stacks from './stacks'; -export * as constructs from './constructs'; -export * as env from './common/env'; -export * as utils from './common/utils'; +export * as aws_lambda from './constructs/aws-lambda'; +export * as common from './common'; diff --git a/src/stacks/index.ts b/src/stacks/index.ts index 841c312..2158cbb 100644 --- a/src/stacks/index.ts +++ b/src/stacks/index.ts @@ -1,3 +1,3 @@ export * from './base'; -export * as monitoring from './monitoring'; -export * as oidc from './oidc'; +export * from './newrelic'; +export * from './oidc'; diff --git a/src/stacks/monitoring/index.ts b/src/stacks/monitoring/index.ts deleted file mode 100644 index ba03fda..0000000 --- a/src/stacks/monitoring/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * as newrelic from './newrelic'; diff --git a/src/stacks/monitoring/newrelic.ts b/src/stacks/newrelic.ts similarity index 98% rename from src/stacks/monitoring/newrelic.ts rename to src/stacks/newrelic.ts index 7ce63cd..41ab469 100644 --- a/src/stacks/monitoring/newrelic.ts +++ b/src/stacks/newrelic.ts @@ -5,8 +5,8 @@ import * as firehose from 'aws-cdk-lib/aws-kinesisfirehose'; import * as s3 from 'aws-cdk-lib/aws-s3'; import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager'; import { Construct } from 'constructs'; -import { addBaseTags } from '../../common/utils'; -import { BaseStack, BaseStackProps } from '../base'; +import { BaseStack, BaseStackProps } from './base'; +import { addBaseTags } from '../common/utils'; export const NEW_RELIC_AWS_ACCOUNT_ID = '754728514883'; diff --git a/src/stacks/oidc/github.ts b/src/stacks/oidc.ts similarity index 98% rename from src/stacks/oidc/github.ts rename to src/stacks/oidc.ts index 82dfee0..8bb244f 100644 --- a/src/stacks/oidc/github.ts +++ b/src/stacks/oidc.ts @@ -1,8 +1,8 @@ import { CfnOutput } from 'aws-cdk-lib'; import * as iam from 'aws-cdk-lib/aws-iam'; import { Construct } from 'constructs'; -import { addBaseTags } from '../../common/utils'; -import { BaseStack, BaseStackProps } from '../base'; +import { BaseStack, BaseStackProps } from './base'; +import { addBaseTags } from '../common/utils'; export enum ProviderUrl { GITHUB = 'https://token.actions.githubusercontent.com' diff --git a/src/stacks/oidc/index.ts b/src/stacks/oidc/index.ts deleted file mode 100644 index 6b02683..0000000 --- a/src/stacks/oidc/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * as github from './github';