UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

5 lines (4 loc) 19.5 kB
1
2
3
4
5
"use strict";var __runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0},__esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.Gateway=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var gateway_base_1=()=>{var tmp=require("./gateway-base");return gateway_base_1=()=>tmp,tmp},authorizer_1=()=>{var tmp=require("./inbound-auth/authorizer");return authorizer_1=()=>tmp,tmp},interceptor_1=()=>{var tmp=require("./interceptor");return interceptor_1=()=>tmp,tmp},perms_1=()=>{var tmp=require("./perms");return perms_1=()=>tmp,tmp},protocol_1=()=>{var tmp=require("./protocol");return protocol_1=()=>tmp,tmp},bedrockagentcore=()=>{var tmp=require("../../../aws-bedrockagentcore");return bedrockagentcore=()=>tmp,tmp},cognito=()=>{var tmp=require("../../../aws-cognito");return cognito=()=>tmp,tmp},iam=()=>{var tmp=require("../../../aws-iam");return iam=()=>tmp,tmp},target_1=()=>{var tmp=require("./targets/target");return target_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},errors_1=()=>{var tmp=require("../../../core/lib/errors");return errors_1=()=>tmp,tmp},helpers_internal_1=()=>{var tmp=require("../../../core/lib/helpers-internal");return helpers_internal_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},validation_helpers_1=()=>{var tmp=require("../common/validation-helpers");return validation_helpers_1=()=>tmp,tmp};let Gateway=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=gateway_base_1().GatewayBase,_instanceExtraInitializers=[],_addLambdaTarget_decorators,_addOpenApiTarget_decorators,_addSmithyTarget_decorators,_addMcpServerTarget_decorators,_addApiGatewayTarget_decorators,_addInterceptor_decorators;var Gateway2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;_addLambdaTarget_decorators=[(0,metadata_resource_1().MethodMetadata)()],_addOpenApiTarget_decorators=[(0,metadata_resource_1().MethodMetadata)()],_addSmithyTarget_decorators=[(0,metadata_resource_1().MethodMetadata)()],_addMcpServerTarget_decorators=[(0,metadata_resource_1().MethodMetadata)()],_addApiGatewayTarget_decorators=[(0,metadata_resource_1().MethodMetadata)()],_addInterceptor_decorators=[(0,metadata_resource_1().MethodMetadata)()],__esDecorate(this,null,_addLambdaTarget_decorators,{kind:"method",name:"addLambdaTarget",static:!1,private:!1,access:{has:obj=>"addLambdaTarget"in obj,get:obj=>obj.addLambdaTarget},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_addOpenApiTarget_decorators,{kind:"method",name:"addOpenApiTarget",static:!1,private:!1,access:{has:obj=>"addOpenApiTarget"in obj,get:obj=>obj.addOpenApiTarget},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_addSmithyTarget_decorators,{kind:"method",name:"addSmithyTarget",static:!1,private:!1,access:{has:obj=>"addSmithyTarget"in obj,get:obj=>obj.addSmithyTarget},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_addMcpServerTarget_decorators,{kind:"method",name:"addMcpServerTarget",static:!1,private:!1,access:{has:obj=>"addMcpServerTarget"in obj,get:obj=>obj.addMcpServerTarget},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_addApiGatewayTarget_decorators,{kind:"method",name:"addApiGatewayTarget",static:!1,private:!1,access:{has:obj=>"addApiGatewayTarget"in obj,get:obj=>obj.addApiGatewayTarget},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_addInterceptor_decorators,{kind:"method",name:"addInterceptor",static:!1,private:!1,access:{has:obj=>"addInterceptor"in obj,get:obj=>obj.addInterceptor},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),Gateway2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_bedrockagentcore.Gateway",version:"2.257.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-bedrockagentcore.Gateway";static fromGatewayAttributes(scope,id,attrs){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_GatewayAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromGatewayAttributes),error}class ImportedGateway extends gateway_base_1().GatewayBase{gatewayArn=attrs.gatewayArn;gatewayId=attrs.gatewayId;gatewayName=attrs.gatewayName;description=void 0;protocolConfiguration;authorizerConfiguration;exceptionLevel=void 0;kmsKey=void 0;role=attrs.role;gatewayUrl=void 0;status=void 0;statusReason=void 0;createdAt=void 0;updatedAt=void 0;constructor(s,i){super(s,i),this.protocolConfiguration=new(protocol_1()).McpProtocolConfiguration({supportedVersions:[protocol_1().MCPProtocolVersion.MCP_2025_03_26],searchType:protocol_1().McpGatewaySearchType.SEMANTIC,instructions:"Imported gateway"}),this.authorizerConfiguration=authorizer_1().GatewayAuthorizer.usingAwsIam()}}return new ImportedGateway(scope,id)}gatewayArn=__runInitializers(this,_instanceExtraInitializers);gatewayId;gatewayName;description;protocolConfiguration;authorizerConfiguration;exceptionLevel;kmsKey;role;gatewayUrl;status;statusReason;createdAt;updatedAt;tags;userPool;userPoolClient;requestInterceptorConfig;responseInterceptorConfig;userPoolDomain;resourceServer;tokenEndpointUrl;oauthScopes;constructor(scope,id,props={}){super(scope,id,{physicalName:props.gatewayName??core_1().Lazy.string({produce:()=>core_1().Names.uniqueResourceName(this,{maxLength:48})})});try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_GatewayProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,Gateway2),error}if((0,metadata_resource_1().addConstructMetadata)(this,props),this.gatewayName=this.physicalName,this.validateGatewayName(this.gatewayName),this.description=props.description,this.description&&this.validateDescription(this.description),this.kmsKey=props.kmsKey,this.role=props.role??this.createGatewayRole(),this.kmsKey&&this.role&&this.kmsKey.grantEncryptDecrypt(this.role),this.protocolConfiguration=props.protocolConfiguration??this.createDefaultMcpProtocolConfiguration(),props.authorizerConfiguration)this.authorizerConfiguration=props.authorizerConfiguration;else{const defaultCognitoAuth=this.createDefaultCognitoAuthorizerConfig();this.authorizerConfiguration=defaultCognitoAuth.authorizerConfig,this.tokenEndpointUrl=defaultCognitoAuth.tokenEndpointUrl,this.oauthScopes=defaultCognitoAuth.oauthScopes}if(this.authorizerConfiguration.authorizerType===authorizer_1().GatewayAuthorizerType.NONE&&core_1().Annotations.of(this).addWarningV2("aws-cdk-lib.aws-bedrockagentcore:noAuthGateway","This gateway has no inbound authorization. The endpoint will be publicly accessible without credentials. Ensure you have implemented compensating security controls such as Gateway Interceptors. See https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-inbound-auth.html#gateway-inbound-auth-none"),this.exceptionLevel=props.exceptionLevel,this.tags=props.tags??{},props.tags){for(const key of Object.keys(props.tags))if(!core_1().Token.isUnresolved(key)&&key.toLowerCase().startsWith("aws:"))throw new(errors_1()).ValidationError((0,helpers_internal_1().lit)`InvalidTagKey`,`Tag key "${key}" cannot start with "aws:" as this prefix is reserved by AWS`,this)}props.interceptorConfigurations&&this.validateAndInitializeInterceptors(props.interceptorConfigurations);const _resource=new(bedrockagentcore()).CfnGateway(this,"Resource",{authorizerConfiguration:this.authorizerConfiguration._render(),authorizerType:this.authorizerConfiguration.authorizerType,description:this.description,exceptionLevel:this.exceptionLevel?.value,interceptorConfigurations:core_1().Lazy.any({produce:()=>this.renderInterceptorConfigurations()}),kmsKeyArn:this.kmsKey?.keyArn,name:this.gatewayName,protocolConfiguration:this.protocolConfiguration._render(),protocolType:this.protocolConfiguration.protocolType,roleArn:this.role?.roleArn,tags:this.tags});this.gatewayId=_resource.attrGatewayIdentifier,this.gatewayArn=_resource.attrGatewayArn,this.gatewayUrl=_resource.attrGatewayUrl,this.status=_resource.attrStatus,this.createdAt=_resource.attrCreatedAt,this.updatedAt=_resource.attrUpdatedAt,this.statusReason=_resource.attrStatusReasons}addLambdaTarget(id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_AddLambdaTargetOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addLambdaTarget),error}const targetProps={gatewayTargetName:props.gatewayTargetName,description:props.description,gateway:this,lambdaFunction:props.lambdaFunction,toolSchema:props.toolSchema,...props.credentialProviderConfigurations&&props.credentialProviderConfigurations.length>0?{credentialProviderConfigurations:props.credentialProviderConfigurations}:{}};return target_1().GatewayTarget.forLambda(this,id,targetProps)}addOpenApiTarget(id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_AddOpenApiTargetOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addOpenApiTarget),error}return target_1().GatewayTarget.forOpenApi(this,id,{gatewayTargetName:props.gatewayTargetName,description:props.description,gateway:this,apiSchema:props.apiSchema,validateOpenApiSchema:props.validateOpenApiSchema,credentialProviderConfigurations:props.credentialProviderConfigurations})}addSmithyTarget(id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_AddSmithyTargetOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addSmithyTarget),error}const targetProps={gatewayTargetName:props.gatewayTargetName,description:props.description,gateway:this,smithyModel:props.smithyModel,...props.credentialProviderConfigurations&&props.credentialProviderConfigurations.length>0?{credentialProviderConfigurations:props.credentialProviderConfigurations}:{}};return target_1().GatewayTarget.forSmithy(this,id,targetProps)}addMcpServerTarget(id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_AddMcpServerTargetOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addMcpServerTarget),error}const targetProps={gatewayTargetName:props.gatewayTargetName,description:props.description,gateway:this,endpoint:props.endpoint,...props.credentialProviderConfigurations&&props.credentialProviderConfigurations.length>0?{credentialProviderConfigurations:props.credentialProviderConfigurations}:{}};return target_1().GatewayTarget.forMcpServer(this,id,targetProps)}addApiGatewayTarget(id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_AddApiGatewayTargetOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addApiGatewayTarget),error}return target_1().GatewayTarget.forApiGateway(this,id,{gatewayTargetName:props.gatewayTargetName,description:props.description,gateway:this,restApi:props.restApi,stage:props.stage,apiGatewayToolConfiguration:props.apiGatewayToolConfiguration,credentialProviderConfigurations:props.credentialProviderConfigurations,metadataConfiguration:props.metadataConfiguration})}createGatewayRole(){const role=new(iam()).Role(this,"ServiceRole",{assumedBy:new(iam()).ServicePrincipal("bedrock-agentcore.amazonaws.com"),description:`Service role for Bedrock AgentCore Gateway ${this.gatewayName}`}),region=core_1().Stack.of(this).region,account=core_1().Stack.of(this).account,partition=core_1().Stack.of(this).partition;return role.assumeRolePolicy?.addStatements(new(iam()).PolicyStatement({effect:iam().Effect.ALLOW,principals:[new(iam()).ServicePrincipal("bedrock-agentcore.amazonaws.com")],actions:perms_1().GATEWAY_ASSUME_ROLE,conditions:{StringEquals:{"aws:SourceAccount":account},ArnLike:{"aws:SourceArn":`arn:${partition}:bedrock-agentcore:${region}:${account}:gateway/${this.gatewayName}*`}}})),this.kmsKey&&role.addToPolicy(new(iam()).PolicyStatement({effect:iam().Effect.ALLOW,actions:perms_1().GATEWAY_KMS_KEY_PERMS,resources:[this.kmsKey.keyArn]})),role}validateGatewayName(name){if(core_1().Token.isUnresolved(name))return;const lengthErrors=(0,validation_helpers_1().validateStringFieldLength)({value:name,minLength:1,maxLength:48,fieldName:"Gateway name"});if(lengthErrors.length>0)throw new(errors_1()).ValidationError((0,helpers_internal_1().lit)`GatewayNameLengthInvalid`,lengthErrors.join(` `),this);const patternErrors=(0,validation_helpers_1().validateFieldPattern)(name,"Gateway name",/^([0-9a-zA-Z][-]?){1,48}$/,"Gateway name must contain only alphanumeric characters and hyphens, with hyphens only between characters");if(patternErrors.length>0)throw new(errors_1()).ValidationError((0,helpers_internal_1().lit)`GatewayNamePatternInvalid`,patternErrors.join(` `),this)}validateDescription(description){if(core_1().Token.isUnresolved(description))return;const errors=(0,validation_helpers_1().validateStringFieldLength)({value:description,minLength:1,maxLength:200,fieldName:"Description"});if(errors.length>0)throw new(errors_1()).ValidationError((0,helpers_internal_1().lit)`GatewayDescriptionInvalid`,errors.join(` `),this)}createDefaultCognitoAuthorizerConfig(){const userPool=new(cognito()).UserPool(this,"UserPool",{signInCaseSensitive:!1}),resourceServer=userPool.addResourceServer("ResourceServer",{identifier:core_1().Names.uniqueResourceName(this,{maxLength:256,separator:"-"}),scopes:[{scopeName:"read",scopeDescription:"Read access to gateway tools"},{scopeName:"write",scopeDescription:"Write access to gateway tools"}]}),oauthScopes=[cognito().OAuthScope.resourceServer(resourceServer,{scopeName:"read",scopeDescription:"Read access to gateway tools"}),cognito().OAuthScope.resourceServer(resourceServer,{scopeName:"write",scopeDescription:"Write access to gateway tools"})],userPoolClient=userPool.addClient("DefaultClient",{generateSecret:!0,oAuth:{flows:{clientCredentials:!0},scopes:oauthScopes}}),domainPrefix=core_1().Names.uniqueResourceName(this,{maxLength:63,separator:"-"}).toLowerCase(),userPoolDomain=userPool.addDomain("Domain",{cognitoDomain:{domainPrefix}});return this.userPool=userPool,this.userPoolClient=userPoolClient,this.userPoolDomain=userPoolDomain,this.resourceServer=resourceServer,{authorizerConfig:authorizer_1().GatewayAuthorizer.usingCognito({userPool,allowedClients:[userPoolClient]}),tokenEndpointUrl:`https://${userPoolDomain.domainName}.auth.${core_1().Stack.of(this).region}.amazoncognito.com/oauth2/token`,oauthScopes:oauthScopes.map(scope=>scope.scopeName)}}createDefaultMcpProtocolConfiguration(){return new(protocol_1()).McpProtocolConfiguration({supportedVersions:[protocol_1().MCPProtocolVersion.MCP_2025_03_26],searchType:protocol_1().McpGatewaySearchType.SEMANTIC,instructions:"Default gateway to connect to external MCP tools"})}addInterceptor(interceptor){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_bedrockagentcore_IInterceptor(interceptor)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addInterceptor),error}const interceptionPoint=interceptor.interceptionPoint;if(interceptionPoint===interceptor_1().InterceptionPoint.REQUEST){if(this.requestInterceptorConfig)throw new(errors_1()).ValidationError((0,helpers_internal_1().lit)`RequestInterceptorAlreadyExists`,"Gateway already has a REQUEST interceptor configured. A gateway can have at most one REQUEST interceptor.",this);this.requestInterceptorConfig=interceptor.bind(this,this)}else if(interceptionPoint===interceptor_1().InterceptionPoint.RESPONSE){if(this.responseInterceptorConfig)throw new(errors_1()).ValidationError((0,helpers_internal_1().lit)`ResponseInterceptorAlreadyExists`,"Gateway already has a RESPONSE interceptor configured. A gateway can have at most one RESPONSE interceptor.",this);this.responseInterceptorConfig=interceptor.bind(this,this)}}validateAndInitializeInterceptors(interceptors){const requestCount=interceptors.filter(i=>i.interceptionPoint===interceptor_1().InterceptionPoint.REQUEST).length,responseCount=interceptors.filter(i=>i.interceptionPoint===interceptor_1().InterceptionPoint.RESPONSE).length;if(requestCount>1)throw new(errors_1()).ValidationError((0,helpers_internal_1().lit)`TooManyRequestInterceptors`,`Gateway can have at most one REQUEST interceptor. Found ${requestCount} REQUEST interceptors.`,this);if(responseCount>1)throw new(errors_1()).ValidationError((0,helpers_internal_1().lit)`TooManyResponseInterceptors`,`Gateway can have at most one RESPONSE interceptor. Found ${responseCount} RESPONSE interceptors.`,this);for(const interceptor of interceptors)this.addInterceptor(interceptor)}renderInterceptorConfigurations(){const configs=[];return this.requestInterceptorConfig&&configs.push(this.requestInterceptorConfig.configuration),this.responseInterceptorConfig&&configs.push(this.responseInterceptorConfig.configuration),configs.length>0?configs:void 0}static{__runInitializers(_classThis,_classExtraInitializers)}};return Gateway2=_classThis})();exports.Gateway=Gateway;