UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

341 lines (340 loc) 10 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
import { Construct } from 'constructs'; import { IConfigurationSet } from './configuration-set'; import { Grant, IGrantable } from '../../aws-iam'; import { IPublicHostedZone } from '../../aws-route53'; import * as route53 from '../../aws-route53'; import { IResource, Resource, SecretValue } from '../../core'; /** * An email identity */ export interface IEmailIdentity extends IResource { /** * The name of the email identity * * @attribute */ readonly emailIdentityName: string; /** * The ARN of the email identity * * @attribute */ readonly emailIdentityArn: string; /** * Adds an IAM policy statement associated with this email identity to an IAM principal's policy. * * @param grantee the principal (no-op if undefined) * @param actions the set of actions to allow */ grant(grantee: IGrantable, ...actions: string[]): Grant; /** * Permits an IAM principal the send email action. * * Actions: SendEmail. * * @param grantee the principal to grant access to */ grantSendEmail(grantee: IGrantable): Grant; } /** * Properties for an email identity */ export interface EmailIdentityProps { /** * The email address or domain to verify. */ readonly identity: Identity; /** * The configuration set to associate with the email identity * * @default - do not use a specific configuration set */ readonly configurationSet?: IConfigurationSet; /** * Whether the messages that are sent from the identity are signed using DKIM * * @default true */ readonly dkimSigning?: boolean; /** * The type of DKIM identity to use * * @default - Easy DKIM with a key length of 2048-bit */ readonly dkimIdentity?: DkimIdentity; /** * Whether to receive email notifications when bounce or complaint events occur. * These notifications are sent to the address that you specified in the `Return-Path` * header of the original email. * * You're required to have a method of tracking bounces and complaints. If you haven't set * up another mechanism for receiving bounce or complaint notifications (for example, by * setting up an event destination), you receive an email notification when these events * occur (even if this setting is disabled). * * @default true */ readonly feedbackForwarding?: boolean; /** * The custom MAIL FROM domain that you want the verified identity to use. The MAIL FROM domain * must meet the following criteria: * - It has to be a subdomain of the verified identity * - It can't be used to receive email * - It can't be used in a "From" address if the MAIL FROM domain is a destination for feedback * forwarding emails * * @default - use amazonses.com */ readonly mailFromDomain?: string; /** * The action to take if the required MX record for the MAIL FROM domain isn't * found when you send an email * * @default MailFromBehaviorOnMxFailure.USE_DEFAULT_VALUE */ readonly mailFromBehaviorOnMxFailure?: MailFromBehaviorOnMxFailure; } /** * Identity */ export declare abstract class Identity { /** * Verify an email address * * To complete the verification process look for an email from * no-reply-aws@amazon.com, open it and click the link. */ static email(email: string): Identity; /** * Verify a domain name * * DKIM records will have to be added manually to complete the verification * process */ static domain(domain: string): Identity; /** * Verify a public hosted zone * * DKIM and MAIL FROM records will be added automatically to the hosted * zone */ static publicHostedZone(hostedZone: IPublicHostedZone): Identity; /** * The value of the identity */ abstract readonly value: string; /** * The hosted zone associated with this identity * * @default - no hosted zone is associated and no records are created */ abstract readonly hostedZone?: IPublicHostedZone; } /** * The action to take if the required MX record for the MAIL FROM domain isn't * found */ export declare enum MailFromBehaviorOnMxFailure { /** * The mail is sent using amazonses.com as the MAIL FROM domain */ USE_DEFAULT_VALUE = "USE_DEFAULT_VALUE", /** * The Amazon SES API v2 returns a `MailFromDomainNotVerified` error and doesn't * attempt to deliver the email */ REJECT_MESSAGE = "REJECT_MESSAGE" } /** * Configuration for DKIM identity */ export interface DkimIdentityConfig { /** * A private key that's used to generate a DKIM signature * * @default - use Easy DKIM */ readonly domainSigningPrivateKey?: string; /** * A string that's used to identify a public key in the DNS configuration for * a domain * * @default - use Easy DKIM */ readonly domainSigningSelector?: string; /** * The key length of the future DKIM key pair to be generated. This can be changed * at most once per day. * * @default EasyDkimSigningKeyLength.RSA_2048_BIT */ readonly nextSigningKeyLength?: EasyDkimSigningKeyLength; } /** * The identity to use for DKIM */ export declare abstract class DkimIdentity { /** * Easy DKIM * * @param signingKeyLength The length of the signing key. This can be changed at * most once per day. * * @see https://docs.aws.amazon.com/ses/latest/dg/send-email-authentication-dkim-easy.html */ static easyDkim(signingKeyLength?: EasyDkimSigningKeyLength): DkimIdentity; /** * Bring Your Own DKIM * * @param options Options for BYO DKIM * * @see https://docs.aws.amazon.com/ses/latest/dg/send-email-authentication-dkim-bring-your-own.html */ static byoDkim(options: ByoDkimOptions): DkimIdentity; /** * Binds this DKIM identity to the email identity */ abstract bind(emailIdentity: EmailIdentity, hostedZone?: route53.IPublicHostedZone): DkimIdentityConfig | undefined; } /** * Options for BYO DKIM */ export interface ByoDkimOptions { /** * The private key that's used to generate a DKIM signature */ readonly privateKey: SecretValue; /** * A string that's used to identify a public key in the DNS configuration for * a domain */ readonly selector: string; /** * The public key. If specified, a TXT record with the public key is created. * * @default - the validation TXT record with the public key is not created */ readonly publicKey?: string; } /** * The signing key length for Easy DKIM */ export declare enum EasyDkimSigningKeyLength { /** * RSA 1024-bit */ RSA_1024_BIT = "RSA_1024_BIT", /** * RSA 2048-bit */ RSA_2048_BIT = "RSA_2048_BIT" } declare abstract class EmailIdentityBase extends Resource implements IEmailIdentity { /** * The name of the email identity * * @attribute */ abstract readonly emailIdentityName: string; /** * The ARN of the email identity * * @attribute */ abstract readonly emailIdentityArn: string; /** * Adds an IAM policy statement associated with this email identity to an IAM principal's policy. * * @param grantee the principal (no-op if undefined) * @param actions the set of actions to allow */ grant(grantee: IGrantable, ...actions: string[]): Grant; /** * Permits an IAM principal the send email action. * * Actions: SendEmail, SendRawEmail. * * @param grantee the principal to grant access to */ grantSendEmail(grantee: IGrantable): Grant; } /** * An email identity */ export declare class EmailIdentity extends EmailIdentityBase { /** * Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; /** * Use an existing email identity */ static fromEmailIdentityName(scope: Construct, id: string, emailIdentityName: string): IEmailIdentity; /** * Import an email identity by ARN */ static fromEmailIdentityArn(scope: Construct, id: string, emailIdentityArn: string): IEmailIdentity; readonly emailIdentityName: string; readonly emailIdentityArn: string; /** * The host name for the first token that you have to add to the * DNS configurationfor your domain * * @attribute */ readonly dkimDnsTokenName1: string; /** * The host name for the second token that you have to add to the * DNS configuration for your domain * * @attribute */ readonly dkimDnsTokenName2: string; /** * The host name for the third token that you have to add to the * DNS configuration for your domain * * @attribute */ readonly dkimDnsTokenName3: string; /** * The record value for the first token that you have to add to the * DNS configuration for your domain * * @attribute */ readonly dkimDnsTokenValue1: string; /** * The record value for the second token that you have to add to the * DNS configuration for your domain * * @attribute */ readonly dkimDnsTokenValue2: string; /** * The record value for the third token that you have to add to the * DNS configuration for your domain * * @attribute */ readonly dkimDnsTokenValue3: string; /** * DKIM records for this identity */ readonly dkimRecords: DkimRecord[]; constructor(scope: Construct, id: string, props: EmailIdentityProps); } /** * A DKIM record */ export interface DkimRecord { /** * The name of the record */ readonly name: string; /** * The value of the record */ readonly value: string; } export {};