UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

138 lines (137 loc) 5.69 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
import type { Construct } from 'constructs'; import type { IGateway } from './gateway-base'; import type { IFunction } from '../../../aws-lambda'; /****************************************************************************** * Enums *****************************************************************************/ /** * The interception point where the interceptor will be invoked */ export declare enum InterceptionPoint { /** * Execute before the gateway makes a call to the target * Useful for request validation, transformation, or custom authorization */ REQUEST = "REQUEST", /** * Execute after the target responds but before the gateway sends the response back * Useful for response transformation, filtering, or adding custom headers */ RESPONSE = "RESPONSE" } /****************************************************************************** * Interfaces *****************************************************************************/ /** * Options for configuring an interceptor */ export interface InterceptorOptions { /** * Whether to pass request headers to the interceptor Lambda function * * **Security Warning**: Request headers can contain sensitive information such as * authentication tokens and credentials. Only enable this if your interceptor needs * access to headers and you have verified that sensitive information is not logged * or exposed. * * @default false - Headers are not passed to interceptor for security */ readonly passRequestHeaders?: boolean; } /** * Represents an interceptor that can be bound to a Gateway * * Interceptors allow custom code execution at specific points in the gateway request/response flow. */ export interface IInterceptor { /** * The interception point where this interceptor will be invoked */ readonly interceptionPoint: InterceptionPoint; /** * Binds this interceptor to a Gateway * * This method is called when the interceptor is added to a gateway. It should: * 1. Grant any necessary permissions (e.g., Lambda invoke permissions) * 2. Perform any required setup * 3. Return the CloudFormation configuration * * @param scope The construct scope for creating any required resources * @param gateway The gateway this interceptor is being bound to [disable-awslint:prefer-ref-interface] * @returns Configuration that will be rendered to CloudFormation */ bind(scope: Construct, gateway: IGateway): InterceptorBindConfig; } /** * Configuration returned from binding an interceptor to a Gateway */ export interface InterceptorBindConfig { /** * The CloudFormation configuration for this interceptor */ readonly configuration: any; } /****************************************************************************** * Classes *****************************************************************************/ /** * A Lambda-based interceptor for Gateway * * Interceptors allow you to run custom code during each invocation of your gateway: * - REQUEST interceptors execute before calling the target * - RESPONSE interceptors execute after the target responds * @see https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-interceptors.html */ export declare class LambdaInterceptor implements IInterceptor { /** * Create a REQUEST interceptor that executes before the gateway calls the target * * **Important:** When this interceptor is added to a gateway, the gateway's IAM role * will automatically be granted `lambda:InvokeFunction` permission on the specified * Lambda function. * * @param lambdaFunction The Lambda function to invoke * @param options Optional configuration for the interceptor * @returns A configured LambdaInterceptor for request interception */ static forRequest(lambdaFunction: IFunction, options?: InterceptorOptions): LambdaInterceptor; /** * Create a RESPONSE interceptor that executes after the target responds * * **Important:** When this interceptor is added to a gateway, the gateway's IAM role * will automatically be granted `lambda:InvokeFunction` permission on the specified * Lambda function. * * @param lambdaFunction The Lambda function to invoke * @param options Optional configuration for the interceptor * @returns A configured LambdaInterceptor for response interception */ static forResponse(lambdaFunction: IFunction, options?: InterceptorOptions): LambdaInterceptor; /** * The interception point (REQUEST or RESPONSE) */ readonly interceptionPoint: InterceptionPoint; /** * The Lambda function to invoke for this interceptor */ private readonly lambdaFunction; /** * Whether to pass request headers to the interceptor * * @default false - Headers are not passed for security */ private readonly passRequestHeaders; private constructor(); /** * Binds this Lambda interceptor to a Gateway * * This method: * 1. Grants the Gateway's IAM role permission to invoke the Lambda function * 2. Returns the CloudFormation configuration for this interceptor * * @param _scope The construct scope (currently unused, reserved for future extensions) * @param gateway The gateway this interceptor is being bound to * @returns Configuration for CloudFormation rendering */ bind(_scope: Construct, gateway: IGateway): InterceptorBindConfig; }