@aws-lambda-powertools/parser/lib/cjs/schemas/s3.js

The parser package for the Powertools for AWS Lambda (TypeScript) library.

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.S3ObjectLambdaEventSchema = exports.S3SqsEventNotificationSchema = exports.S3EventNotificationEventBridgeSchema = exports.S3Schema = void 0;
const zod_1 = require("zod");
const index_js_1 = require("../helpers/index.js");
const eventbridge_js_1 = require("./eventbridge.js");
const sqs_js_1 = require("./sqs.js");
const S3Identity = zod_1.z.object({
    principalId: zod_1.z.string(),
});
const S3RequestParameters = zod_1.z.object({
    sourceIPAddress: zod_1.z.union([zod_1.z.ipv4(), zod_1.z.literal('s3.amazonaws.com')]),
});
const S3ResponseElements = zod_1.z.object({
    'x-amz-request-id': zod_1.z.string(),
    'x-amz-id-2': zod_1.z.string(),
});
const S3Message = zod_1.z.object({
    s3SchemaVersion: zod_1.z.string(),
    configurationId: zod_1.z.string(),
    object: zod_1.z.object({
        key: zod_1.z.string(),
        size: zod_1.z.number().optional(),
        urlDecodedKey: zod_1.z.string().optional(),
        eTag: zod_1.z.string().optional(),
        sequencer: zod_1.z.string().optional(), // Only present in PUT and DELETE events
        versionId: zod_1.z.optional(zod_1.z.string()),
    }),
    bucket: zod_1.z.object({
        name: zod_1.z.string(),
        ownerIdentity: S3Identity,
        arn: zod_1.z.string(),
    }),
});
const S3EventRecordGlacierEventData = zod_1.z.object({
    restoreEventData: zod_1.z.object({
        lifecycleRestorationExpiryTime: zod_1.z.string(),
        lifecycleRestoreStorageClass: zod_1.z.string(),
    }),
});
const S3RecordSchema = zod_1.z.object({
    eventVersion: zod_1.z.string(),
    eventSource: zod_1.z.literal('aws:s3'),
    awsRegion: zod_1.z.string(),
    eventTime: zod_1.z.iso.datetime(),
    eventName: zod_1.z.string(),
    userIdentity: S3Identity,
    requestParameters: S3RequestParameters,
    responseElements: S3ResponseElements,
    s3: S3Message,
    glacierEventData: zod_1.z.optional(S3EventRecordGlacierEventData),
});
const S3EventNotificationEventBridgeDetailSchema = zod_1.z.object({
    version: zod_1.z.string(),
    bucket: zod_1.z.object({
        name: zod_1.z.string(),
    }),
    object: zod_1.z.object({
        key: zod_1.z.string(),
        size: zod_1.z.number().nonnegative().optional(), // not present in DeleteObject events
        etag: zod_1.z.string().optional(), // not present in DeleteObject events
        'version-id': zod_1.z.string().optional(),
        sequencer: zod_1.z.string().optional(),
    }),
    'request-id': zod_1.z.string(),
    requester: zod_1.z.string(),
    'source-ip-address': zod_1.z.ipv4().optional(),
    reason: zod_1.z.string().optional(),
    'deletion-type': zod_1.z.string().optional(),
    'restore-expiry-time': zod_1.z.string().optional(),
    'source-storage-class': zod_1.z.string().optional(),
    'destination-storage-class': zod_1.z.string().optional(),
    'destination-access-tier': zod_1.z.string().optional(),
});
/**
 * Zod schema for S3 -> EventBridge -> Lambda event notification.
 *
 * @example
 * ```json
 * {
 *   "version": "0",
 *   "id": "f5f1e65c-dc3a-93ca-6c1e-b1647eac7963",
 *   "detail-type": "Object Created",
 *   "source": "aws.s3",
 *   "account": "123456789012",
 *   "time": "2023-03-08T17:50:14Z",
 *   "region": "eu-west-1",
 *   "resources": [
 *     "arn:aws:s3:::example-bucket"
 *   ],
 *   "detail": {
 *     "version": "0",
 *     "bucket": {
 *       "name": "example-bucket"
 *     },
 *     "object": {
 *       "key": "IMG_m7fzo3.jpg",
 *       "size": 184662,
 *       "etag": "4e68adba0abe2dc8653dc3354e14c01d",
 *       "sequencer": "006408CAD69598B05E"
 *     },
 *     "request-id": "57H08PA84AB1JZW0",
 *     "requester": "123456789012",
 *     "source-ip-address": "34.252.34.74",
 *     "reason": "PutObject"
 *   }
 * }
 * ```
 *
 * @see {@link S3EventNotificationEventBridge | `S3EventNotificationEventBridge` }
 * @see {@link https://docs.aws.amazon.com/AmazonS3/latest/userguide/ev-events.html#ev-events-list}
 */
const S3EventNotificationEventBridgeSchema = eventbridge_js_1.EventBridgeSchema.extend({
    detail: S3EventNotificationEventBridgeDetailSchema,
});
exports.S3EventNotificationEventBridgeSchema = S3EventNotificationEventBridgeSchema;
/**
 * Zod schema for S3 event
 *
 * @example
 * ```json
 * {
 *   "Records": [
 *     {
 *       "eventVersion": "2.1",
 *       "eventSource": "aws:s3",
 *       "awsRegion": "us-east-2",
 *       "eventTime": "2019-09-03T19:37:27.192Z",
 *       "eventName": "ObjectCreated:Put",
 *       "userIdentity": {
 *         "principalId": "AWS:AIDAINPONIXQXHT3IKHL2"
 *       },
 *       "requestParameters": {
 *         "sourceIPAddress": "205.255.255.255"
 *       },
 *       "responseElements": {
 *         "x-amz-request-id": "D82B88E5F771F645",
 *         "x-amz-id-2": "vlR7PnpV2Ce81l0PRw6jlUpck7Jo5ZsQjryTjKlc5aLWGVHPZLj5NeC6qMa0emYBDXOo6QBU0Wo="
 *       },
 *       "s3": {
 *         "s3SchemaVersion": "1.0",
 *         "configurationId": "828aa6fc-f7b5-4305-8584-487c791949c1",
 *         "bucket": {
 *           "name": "lambda-artifacts-deafc19498e3f2df",
 *           "ownerIdentity": {
 *             "principalId": "A3I5XTEXAMAI3E"
 *           },
 *           "arn": "arn:aws:s3:::lambda-artifacts-deafc19498e3f2df"
 *         },
 *         "object": {
 *           "key": "b21b84d653bb07b05b1e6b33684dc11b",
 *           "size": 1305107,
 *           "eTag": "b21b84d653bb07b05b1e6b33684dc11b",
 *           "sequencer": "0C0F6F405D6ED209E1"
 *         }
 *       }
 *     }
 *   ]
 * }
 * ```
 * @see {@link S3Event | `S3Event` }
 * @see {@link https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-content-structure.html}
 */
const S3Schema = zod_1.z.object({
    Records: zod_1.z.array(S3RecordSchema).min(1),
});
exports.S3Schema = S3Schema;
const S3SqsEventNotificationRecordSchema = sqs_js_1.SqsRecordSchema.extend({
    body: (0, index_js_1.JSONStringified)(S3Schema),
});
/**
 * Zod schema for S3 -> SQS -> Lambda event notification.
 *
 * Each SQS record’s body field is automatically parsed from a JSON string
 * and then validated as an S3 event.
 *
 * @example
 * ```json
 * {
 *   "Records": [
 *     {
 *       "messageId": "ca3e7a89-c358-40e5-8aa0-5da01403c267",
 *       "receiptHandle": "AQEBE7XoI7IQRLF7SrpiW9W4BanmOWe8UtVDbv6/CEZYKf/OktSNIb4j689tQfR4k44V/LY20lZ5VpxYt2GTYCsSLKTcBalTJaRX9CKu/hVqy/23sSNiKxnP56D+VLSn+hU275+AP1h4pUL0d9gLdRB2haX8xiM+LcGfis5Jl8BBXtoxKRF60O87O9/NvCmmXLeqkJuexfyEZNyed0fFCRXFXSjbmThG0OIQgcrGI8glBRGPA8htns58VtXFsSaPYNoqP3p5n6+ewKKVLD0lfm+0DlnLKRa+mjvFBaSer9KK1ff+Aq6zJ6HynPwADj+aF70Hwimc2zImYe51SLEF/E2csYlMNZYI/2qXW0m9R7wJ/XDTV4g2+h+BMTxsKnJQ6NQd",
 *       "body": "{\"Records\":[{\"eventVersion\":\"2.1\",\"eventSource\":\"aws:s3\",\"awsRegion\":\"us-east-1\",\"eventTime\":\"2023-04-12T20:43:38.021Z\",\"eventName\":\"ObjectCreated:Put\",\"userIdentity\":{\"principalId\":\"A1YQ72UWCM96UF\"},\"requestParameters\":{\"sourceIPAddress\":\"93.108.161.96\"},\"responseElements\":{\"x-amz-request-id\":\"YMSSR8BZJ2Y99K6P\",\"x-amz-id-2\":\"6ASrUfj5xpn859fIq+6FXflOex/SKl/rjfiMd7wRzMg/zkHKR22PDpnh7KD3uq//cuOTbdX4DInN5eIs+cR0dY1z2Mc5NDP/\"},\"s3\":{\"s3SchemaVersion\":\"1.0\",\"configurationId\":\"SNS\",\"bucket\":{\"name\":\"xxx\",\"ownerIdentity\":{\"principalId\":\"A1YQ72UWCM96UF\"},\"arn\":\"arn:aws:s3:::xxx\"},\"object\":{\"key\":\"test.pdf\",\"size\":104681,\"eTag\":\"2e3ad1e983318bbd8e73b080e2997980\",\"versionId\":\"yd3d4HaWOT2zguDLvIQLU6ptDTwKBnQV\",\"sequencer\":\"00643717F9F8B85354\"}}}]}",
 *       "attributes": {
 *         "ApproximateReceiveCount": "1",
 *         "SentTimestamp": "1681332219270",
 *         "SenderId": "AIDAJHIPRHEMV73VRJEBU",
 *         "ApproximateFirstReceiveTimestamp": "1681332239270"
 *       },
 *       "messageAttributes": {
 *       },
 *       "md5OfBody": "16f4460f4477d8d693a5abe94fdbbd73",
 *       "eventSource": "aws:sqs",
 *       "eventSourceARN": "arn:aws:sqs:us-east-1:123456789012:SQS",
 *       "awsRegion": "us-east-1"
 *     }
 *   ]
 * }
 * ```
 *
 * @see {@link S3SqsEventNotification | `S3SqsEventNotification` }
 */
const S3SqsEventNotificationSchema = zod_1.z.object({
    Records: zod_1.z.array(S3SqsEventNotificationRecordSchema).nonempty(),
});
exports.S3SqsEventNotificationSchema = S3SqsEventNotificationSchema;
const S3ObjectContext = zod_1.z.object({
    inputS3Url: zod_1.z.string(),
    outputRoute: zod_1.z.string(),
    outputToken: zod_1.z.string(),
});
const S3ObjectConfiguration = zod_1.z.object({
    accessPointArn: zod_1.z.string(),
    supportingAccessPointArn: zod_1.z.string(),
    payload: zod_1.z.union([zod_1.z.string(), zod_1.z.object({})]),
});
const S3ObjectUserRequest = zod_1.z.object({
    url: zod_1.z.string(),
    headers: zod_1.z.record(zod_1.z.string(), zod_1.z.string()),
});
const S3ObjectSessionContext = zod_1.z.object({
    sessionIssuer: zod_1.z.object({
        type: zod_1.z.string(),
        userName: zod_1.z.string().optional(),
        principalId: zod_1.z.string(),
        arn: zod_1.z.string(),
        accountId: zod_1.z.string(),
    }),
    attributes: zod_1.z.object({
        creationDate: zod_1.z.string(),
        mfaAuthenticated: zod_1.z
            .union([zod_1.z.boolean(), zod_1.z.literal('true'), zod_1.z.literal('false')])
            .transform((value) => value === true || value === 'true'),
    }),
});
const S3ObjectUserIdentity = zod_1.z.object({
    type: zod_1.z.string(),
    accountId: zod_1.z.string(),
    accessKeyId: zod_1.z.string(),
    userName: zod_1.z.string().optional(),
    principalId: zod_1.z.string(),
    arn: zod_1.z.string(),
    sessionContext: S3ObjectSessionContext.optional(),
});
/**
 * Zod schema for S3 IAM Access Point Lambda event notification.
 *
 * @example
 * ```json
 * {
 *     "xAmzRequestId": "1a5ed718-5f53-471d-b6fe-5cf62d88d02a",
 *     "getObjectContext": {
 *         "inputS3Url": "https://myap-123412341234.s3-accesspoint.us-east-1.amazonaws.com/s3.txt?X-Amz-Security-Token=...",
 *         "outputRoute": "io-iad-cell001",
 *         "outputToken": "..."
 *     },
 *     "configuration": {
 *         "accessPointArn": "arn:aws:s3-object-lambda:us-east-1:123412341234:accesspoint/myolap",
 *         "supportingAccessPointArn": "arn:aws:s3:us-east-1:123412341234:accesspoint/myap",
 *         "payload": "test"
 *     },
 *     "userRequest": {
 *         "url": "/s3.txt",
 *         "headers": {
 *             "Host": "myolap-123412341234.s3-object-lambda.us-east-1.amazonaws.com",
 *             "Accept-Encoding": "identity",
 *             "X-Amz-Content-SHA256": "e3b0c44297fc1c149afbf4c8995fb92427ae41e4649b934ca495991b7852b855"
 *         }
 *     },
 *     "userIdentity": {
 *         "type": "IAMUser",
 *         "principalId": "...",
 *         "arn": "arn:aws:iam::123412341234:user/myuser",
 *         "accountId": "123412341234",
 *         "accessKeyId": "...",
 *         "userName": "Alice"
 *     },
 *     "protocolVersion": "1.00"
 * }
 * ```
 *
 * @see {@link S3ObjectLambdaEvent | `S3ObjectLambdaEvent` }
 * @see {@link https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-event-context.html}
 */
const S3ObjectLambdaEventSchema = zod_1.z.object({
    xAmzRequestId: zod_1.z.string(),
    getObjectContext: S3ObjectContext,
    configuration: S3ObjectConfiguration,
    userRequest: S3ObjectUserRequest,
    userIdentity: S3ObjectUserIdentity,
    protocolVersion: zod_1.z.string(),
});
exports.S3ObjectLambdaEventSchema = S3ObjectLambdaEventSchema;