aws-cdk-lib
Version:
Version 2 of the AWS Cloud Development Kit library
2 lines (1 loc) • 9.96 kB
JavaScript
;var __runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0},__esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.BackupVault=exports.BackupVaultEvents=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var backup_generated_1=()=>{var tmp=require("./backup.generated");return backup_generated_1=()=>tmp,tmp},iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},BackupVaultEvents;(function(BackupVaultEvents2){BackupVaultEvents2.BACKUP_JOB_STARTED="BACKUP_JOB_STARTED",BackupVaultEvents2.BACKUP_JOB_COMPLETED="BACKUP_JOB_COMPLETED",BackupVaultEvents2.BACKUP_JOB_SUCCESSFUL="BACKUP_JOB_SUCCESSFUL",BackupVaultEvents2.BACKUP_JOB_FAILED="BACKUP_JOB_FAILED",BackupVaultEvents2.BACKUP_JOB_EXPIRED="BACKUP_JOB_EXPIRED",BackupVaultEvents2.RESTORE_JOB_STARTED="RESTORE_JOB_STARTED",BackupVaultEvents2.RESTORE_JOB_COMPLETED="RESTORE_JOB_COMPLETED",BackupVaultEvents2.RESTORE_JOB_SUCCESSFUL="RESTORE_JOB_SUCCESSFUL",BackupVaultEvents2.RESTORE_JOB_FAILED="RESTORE_JOB_FAILED",BackupVaultEvents2.COPY_JOB_STARTED="COPY_JOB_STARTED",BackupVaultEvents2.COPY_JOB_SUCCESSFUL="COPY_JOB_SUCCESSFUL",BackupVaultEvents2.COPY_JOB_FAILED="COPY_JOB_FAILED",BackupVaultEvents2.RECOVERY_POINT_MODIFIED="RECOVERY_POINT_MODIFIED",BackupVaultEvents2.BACKUP_PLAN_CREATED="BACKUP_PLAN_CREATED",BackupVaultEvents2.BACKUP_PLAN_MODIFIED="BACKUP_PLAN_MODIFIED",BackupVaultEvents2.S3_BACKUP_OBJECT_FAILED="S3_BACKUP_OBJECT_FAILED",BackupVaultEvents2.S3_RESTORE_OBJECT_FAILED="S3_RESTORE_OBJECT_FAILED"})(BackupVaultEvents||(exports.BackupVaultEvents=BackupVaultEvents={}));class BackupVaultBase extends core_1().Resource{grant(grantee,...actions){for(const action of actions)if(action.indexOf("*")>=0)throw new(core_1()).ValidationError("AWS Backup access policies don't support a wildcard in the Action key.",this);return iam().Grant.addToPrincipal({grantee,actions,resourceArns:[this.backupVaultArn]})}}let BackupVault=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=BackupVaultBase,_instanceExtraInitializers=[],_addToAccessPolicy_decorators,_blockRecoveryPointDeletion_decorators;var BackupVault2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;_addToAccessPolicy_decorators=[(0,metadata_resource_1().MethodMetadata)()],_blockRecoveryPointDeletion_decorators=[(0,metadata_resource_1().MethodMetadata)()],__esDecorate(this,null,_addToAccessPolicy_decorators,{kind:"method",name:"addToAccessPolicy",static:!1,private:!1,access:{has:obj=>"addToAccessPolicy"in obj,get:obj=>obj.addToAccessPolicy},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_blockRecoveryPointDeletion_decorators,{kind:"method",name:"blockRecoveryPointDeletion",static:!1,private:!1,access:{has:obj=>"blockRecoveryPointDeletion"in obj,get:obj=>obj.blockRecoveryPointDeletion},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),BackupVault2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_backup.BackupVault",version:"2.233.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-backup.BackupVault";static fromBackupVaultName(scope,id,backupVaultName){const backupVaultArn=core_1().Stack.of(scope).formatArn({service:"backup",resource:"backup-vault",resourceName:backupVaultName,arnFormat:core_1().ArnFormat.COLON_RESOURCE_NAME});return BackupVault2.fromBackupVaultArn(scope,id,backupVaultArn)}static fromBackupVaultArn(scope,id,backupVaultArn){const parsedArn=core_1().Stack.of(scope).splitArn(backupVaultArn,core_1().ArnFormat.COLON_RESOURCE_NAME);if(parsedArn.arnFormat!==core_1().ArnFormat.COLON_RESOURCE_NAME)throw new(core_1()).ValidationError(`Backup Vault Arn ${backupVaultArn} has the wrong format, expected ${core_1().ArnFormat.COLON_RESOURCE_NAME}.`,scope);if(!parsedArn.resourceName)throw new(core_1()).ValidationError(`Backup Vault Arn ${backupVaultArn} does not have a resource name.`,scope);class Import extends BackupVaultBase{backupVaultName=parsedArn.resourceName;backupVaultArn=backupVaultArn}return new Import(scope,id,{account:parsedArn.account,region:parsedArn.region})}backupVaultName=__runInitializers(this,_instanceExtraInitializers);backupVaultArn;accessPolicy;constructor(scope,id,props={}){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_backup_BackupVaultProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,BackupVault2),error}if((0,metadata_resource_1().addConstructMetadata)(this,props),props.backupVaultName&&!core_1().Token.isUnresolved(props.backupVaultName)&&!/^[a-zA-Z0-9\-_]{2,50}$/.test(props.backupVaultName))throw new(core_1()).ValidationError("Expected vault name to match pattern `^[a-zA-Z0-9-_]{2,50}$`",this);let notifications;props.notificationTopic&&(notifications={backupVaultEvents:props.notificationEvents||Object.values(BackupVaultEvents),snsTopicArn:props.notificationTopic.topicArn},props.notificationTopic.grantPublish(new(iam()).ServicePrincipal("backup.amazonaws.com"))),this.accessPolicy=props.accessPolicy??new(iam()).PolicyDocument,props.blockRecoveryPointDeletion&&this.blockRecoveryPointDeletion();const vault=new(backup_generated_1()).CfnBackupVault(this,"Resource",{backupVaultName:props.backupVaultName||this.uniqueVaultName(),accessPolicy:core_1().Lazy.any({produce:()=>this.accessPolicy.toJSON()}),encryptionKeyArn:props.encryptionKey&&props.encryptionKey.keyRef.keyArn,notifications,lockConfiguration:renderLockConfiguration(this,props.lockConfiguration)});vault.applyRemovalPolicy(props.removalPolicy),this.backupVaultName=vault.attrBackupVaultName,this.backupVaultArn=vault.attrBackupVaultArn}addToAccessPolicy(statement){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_PolicyStatement(statement)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addToAccessPolicy),error}this.accessPolicy.addStatements(statement)}blockRecoveryPointDeletion(){this.addToAccessPolicy(new(iam()).PolicyStatement({effect:iam().Effect.DENY,actions:["backup:DeleteRecoveryPoint","backup:UpdateRecoveryPointLifecycle"],principals:[new(iam()).AnyPrincipal],resources:["*"]}))}uniqueVaultName(){const id=core_1().Names.uniqueId(this);return id.substring(Math.max(id.length-50,0),id.length)}static{__runInitializers(_classThis,_classExtraInitializers)}};return BackupVault2=_classThis})();exports.BackupVault=BackupVault;function renderLockConfiguration(scope,config){if(config){if(config.changeableFor&&config.changeableFor.toHours()<72)throw new(core_1()).ValidationError(`AWS Backup enforces a 72-hour cooling-off period before Vault Lock takes effect and becomes immutable, got ${config.changeableFor.toHours()} hours`,scope);if(config.maxRetention){if(config.maxRetention.toDays()>36500)throw new(core_1()).ValidationError(`The longest maximum retention period you can specify is 36500 days, got ${config.maxRetention.toDays()} days`,scope);if(config.maxRetention.toDays()<=config.minRetention.toDays())throw new(core_1()).ValidationError(`The maximum retention period (${config.maxRetention.toDays()} days) must be greater than the minimum retention period (${config.minRetention.toDays()} days)`,scope)}if(config.minRetention.toHours()<24)throw new(core_1()).ValidationError(`The shortest minimum retention period you can specify is 1 day, got ${config.minRetention.toHours()} hours`,scope);return{minRetentionDays:config.minRetention.toDays(),maxRetentionDays:config.maxRetention?.toDays(),changeableForDays:config.changeableFor?.toDays()}}}