UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

339 lines (338 loc) 13.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
import { StackSynthesizer } from './stack-synthesizer'; import { ISynthesisSession, IReusableStackSynthesizer, IBoundStackSynthesizer } from './types'; import { DockerImageAssetLocation, DockerImageAssetSource, FileAssetLocation, FileAssetSource } from '../assets'; import { Stack } from '../stack'; export declare const BOOTSTRAP_QUALIFIER_CONTEXT = "@aws-cdk/core:bootstrapQualifier"; /** * Configuration properties for DefaultStackSynthesizer */ export interface DefaultStackSynthesizerProps { /** * Name of the S3 bucket to hold file assets * * You must supply this if you have given a non-standard name to the staging bucket. * * The placeholders `${Qualifier}`, `${AWS::AccountId}` and `${AWS::Region}` will * be replaced with the values of qualifier and the stack's account and region, * respectively. * * @default DefaultStackSynthesizer.DEFAULT_FILE_ASSETS_BUCKET_NAME */ readonly fileAssetsBucketName?: string; /** * Name of the ECR repository to hold Docker Image assets * * You must supply this if you have given a non-standard name to the ECR repository. * * The placeholders `${Qualifier}`, `${AWS::AccountId}` and `${AWS::Region}` will * be replaced with the values of qualifier and the stack's account and region, * respectively. * * @default DefaultStackSynthesizer.DEFAULT_IMAGE_ASSETS_REPOSITORY_NAME */ readonly imageAssetsRepositoryName?: string; /** * The role to use to publish file assets to the S3 bucket in this environment * * You must supply this if you have given a non-standard name to the publishing role. * * The placeholders `${Qualifier}`, `${AWS::AccountId}` and `${AWS::Region}` will * be replaced with the values of qualifier and the stack's account and region, * respectively. * * @default DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PUBLISHING_ROLE_ARN */ readonly fileAssetPublishingRoleArn?: string; /** * External ID to use when assuming role for file asset publishing * * @default - No external ID */ readonly fileAssetPublishingExternalId?: string; /** * The role to use to publish image assets to the ECR repository in this environment * * You must supply this if you have given a non-standard name to the publishing role. * * The placeholders `${Qualifier}`, `${AWS::AccountId}` and `${AWS::Region}` will * be replaced with the values of qualifier and the stack's account and region, * respectively. * * @default DefaultStackSynthesizer.DEFAULT_IMAGE_ASSET_PUBLISHING_ROLE_ARN */ readonly imageAssetPublishingRoleArn?: string; /** * The role to use to look up values from the target AWS account during synthesis * * @default - None */ readonly lookupRoleArn?: string; /** * External ID to use when assuming lookup role * * @default - No external ID */ readonly lookupRoleExternalId?: string; /** * Use the bootstrapped lookup role for (read-only) stack operations * * Use the lookup role when performing a `cdk diff`. If set to `false`, the * `deploy role` credentials will be used to perform a `cdk diff`. * * Requires bootstrap stack version 8. * * @default true */ readonly useLookupRoleForStackOperations?: boolean; /** * External ID to use when assuming role for image asset publishing * * @default - No external ID */ readonly imageAssetPublishingExternalId?: string; /** * External ID to use when assuming role for cloudformation deployments * * @default - No external ID */ readonly deployRoleExternalId?: string; /** * The role to assume to initiate a deployment in this environment * * You must supply this if you have given a non-standard name to the publishing role. * * The placeholders `${Qualifier}`, `${AWS::AccountId}` and `${AWS::Region}` will * be replaced with the values of qualifier and the stack's account and region, * respectively. * * @default DefaultStackSynthesizer.DEFAULT_DEPLOY_ROLE_ARN */ readonly deployRoleArn?: string; /** * The role CloudFormation will assume when deploying the Stack * * You must supply this if you have given a non-standard name to the execution role. * * The placeholders `${Qualifier}`, `${AWS::AccountId}` and `${AWS::Region}` will * be replaced with the values of qualifier and the stack's account and region, * respectively. * * @default DefaultStackSynthesizer.DEFAULT_CLOUDFORMATION_ROLE_ARN */ readonly cloudFormationExecutionRole?: string; /** * Qualifier to disambiguate multiple environments in the same account * * You can use this and leave the other naming properties empty if you have deployed * the bootstrap environment with standard names but only different qualifiers. * * @default - Value of context key '@aws-cdk/core:bootstrapQualifier' if set, otherwise `DefaultStackSynthesizer.DEFAULT_QUALIFIER` */ readonly qualifier?: string; /** * Whether to add a Rule to the stack template verifying the bootstrap stack version * * This generally should be left set to `true`, unless you explicitly * want to be able to deploy to an unbootstrapped environment. * * @default true */ readonly generateBootstrapVersionRule?: boolean; /** * bucketPrefix to use while storing S3 Assets * * @default - DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PREFIX */ readonly bucketPrefix?: string; /** * A prefix to use while tagging and uploading Docker images to ECR. * * This does not add any separators - the source hash will be appended to * this string directly. * * @default - DefaultStackSynthesizer.DEFAULT_DOCKER_ASSET_PREFIX */ readonly dockerTagPrefix?: string; /** * Bootstrap stack version SSM parameter. * * The placeholder `${Qualifier}` will be replaced with the value of qualifier. * * @default DefaultStackSynthesizer.DEFAULT_BOOTSTRAP_STACK_VERSION_SSM_PARAMETER */ readonly bootstrapStackVersionSsmParameter?: string; /** * Additional options to pass to STS when assuming the deploy role. * * - `RoleArn` should not be used. Use the dedicated `deployRoleArn` property instead. * - `ExternalId` should not be used. Use the dedicated `deployRoleExternalId` instead. * - `TransitiveTagKeys` defaults to use all keys (if any) specified in `Tags`. E.g, all tags are transitive by default. * * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property * @default - No additional options. */ readonly deployRoleAdditionalOptions?: { [key: string]: any; }; /** * Additional options to pass to STS when assuming the lookup role. * * - `RoleArn` should not be used. Use the dedicated `lookupRoleArn` property instead. * - `ExternalId` should not be used. Use the dedicated `lookupRoleExternalId` instead. * - `TransitiveTagKeys` defaults to use all keys (if any) specified in `Tags`. E.g, all tags are transitive by default. * * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property * @default - No additional options. */ readonly lookupRoleAdditionalOptions?: { [key: string]: any; }; /** * Additional options to pass to STS when assuming the file asset publishing. * * - `RoleArn` should not be used. Use the dedicated `fileAssetPublishingRoleArn` property instead. * - `ExternalId` should not be used. Use the dedicated `fileAssetPublishingExternalId` instead. * - `TransitiveTagKeys` defaults to use all keys (if any) specified in `Tags`. E.g, all tags are transitive by default. * * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property * @default - No additional options. */ readonly fileAssetPublishingRoleAdditionalOptions?: { [key: string]: any; }; /** * Additional options to pass to STS when assuming the image asset publishing. * * - `RoleArn` should not be used. Use the dedicated `imageAssetPublishingRoleArn` property instead. * - `ExternalId` should not be used. Use the dedicated `imageAssetPublishingExternalId` instead. * - `TransitiveTagKeys` defaults to use all keys (if any) specified in `Tags`. E.g, all tags are transitive by default. * * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property * @default - No additional options. */ readonly imageAssetPublishingRoleAdditionalOptions?: { [key: string]: any; }; } /** * Uses conventionally named roles and asset storage locations * * This synthesizer: * * - Supports cross-account deployments (the CLI can have credentials to one * account, and you can still deploy to another account by assuming roles with * well-known names in the other account). * - Supports the **CDK Pipelines** library. * * Requires the environment to have been bootstrapped with Bootstrap Stack V2 * (also known as "modern bootstrap stack"). The synthesizer adds a version * check to the template, to make sure the bootstrap stack is recent enough * to support all features expected by this synthesizer. */ export declare class DefaultStackSynthesizer extends StackSynthesizer implements IReusableStackSynthesizer, IBoundStackSynthesizer { private readonly props; /** * Default ARN qualifier */ static readonly DEFAULT_QUALIFIER = "hnb659fds"; /** * Default CloudFormation role ARN. */ static readonly DEFAULT_CLOUDFORMATION_ROLE_ARN = "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-cfn-exec-role-${AWS::AccountId}-${AWS::Region}"; /** * Default deploy role ARN. */ static readonly DEFAULT_DEPLOY_ROLE_ARN = "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-deploy-role-${AWS::AccountId}-${AWS::Region}"; /** * Default asset publishing role ARN for file (S3) assets. */ static readonly DEFAULT_FILE_ASSET_PUBLISHING_ROLE_ARN = "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-file-publishing-role-${AWS::AccountId}-${AWS::Region}"; /** * Default asset publishing role ARN for image (ECR) assets. */ static readonly DEFAULT_IMAGE_ASSET_PUBLISHING_ROLE_ARN = "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-image-publishing-role-${AWS::AccountId}-${AWS::Region}"; /** * Default lookup role ARN for missing values. */ static readonly DEFAULT_LOOKUP_ROLE_ARN = "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-lookup-role-${AWS::AccountId}-${AWS::Region}"; /** * Default image assets repository name */ static readonly DEFAULT_IMAGE_ASSETS_REPOSITORY_NAME = "cdk-${Qualifier}-container-assets-${AWS::AccountId}-${AWS::Region}"; /** * Default file assets bucket name */ static readonly DEFAULT_FILE_ASSETS_BUCKET_NAME = "cdk-${Qualifier}-assets-${AWS::AccountId}-${AWS::Region}"; /** * Name of the CloudFormation Export with the asset key name */ static readonly DEFAULT_FILE_ASSET_KEY_ARN_EXPORT_NAME = "CdkBootstrap-${Qualifier}-FileAssetKeyArn"; /** * Default file asset prefix */ static readonly DEFAULT_FILE_ASSET_PREFIX = ""; /** * Default Docker asset prefix */ static readonly DEFAULT_DOCKER_ASSET_PREFIX = ""; /** * Default bootstrap stack version SSM parameter. */ static readonly DEFAULT_BOOTSTRAP_STACK_VERSION_SSM_PARAMETER = "/cdk-bootstrap/${Qualifier}/version"; private bucketName?; private repositoryName?; private _deployRoleArn?; private _cloudFormationExecutionRoleArn?; private fileAssetPublishingRoleArn?; private imageAssetPublishingRoleArn?; private lookupRoleArn?; private useLookupRoleForStackOperations; private qualifier?; private bucketPrefix?; private dockerTagPrefix?; private bootstrapStackVersionSsmParameter?; private assetManifest; constructor(props?: DefaultStackSynthesizerProps); /** * Produce a bound Stack Synthesizer for the given stack. * * This method may be called more than once on the same object. */ reusableBind(stack: Stack): IBoundStackSynthesizer; /** * The qualifier used to bootstrap this stack */ get bootstrapQualifier(): string | undefined; /** * The role used to lookup for this stack */ get lookupRole(): string | undefined; bind(stack: Stack): void; addFileAsset(asset: FileAssetSource): FileAssetLocation; addDockerImageAsset(asset: DockerImageAssetSource): DockerImageAssetLocation; /** * Synthesize the stack template to the given session, passing the configured lookup role ARN */ protected synthesizeStackTemplate(stack: Stack, session: ISynthesisSession): void; /** * Return the currently bound stack * * @deprecated Use `boundStack` instead. */ protected get stack(): Stack | undefined; /** * Synthesize the associated stack to the session */ synthesize(session: ISynthesisSession): void; private get _requiredBoostrapVersionForAssets(); private get _requiredBootstrapVersionForDeployment(); private get _requiredBootstrapVersionForLookup(); /** * Returns the ARN of the deploy Role. */ get deployRoleArn(): string; /** * Returns the ARN of the CFN execution Role. */ get cloudFormationExecutionRoleArn(): string; }