UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 9.77 kB
1
2
"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__setModuleDefault=exports&&exports.__setModuleDefault||(Object.create?(function(o,v){Object.defineProperty(o,"default",{enumerable:!0,value:v})}):function(o,v){o.default=v}),__importStar=exports&&exports.__importStar||(function(){var ownKeys=function(o){return ownKeys=Object.getOwnPropertyNames||function(o2){var ar=[];for(var k in o2)Object.prototype.hasOwnProperty.call(o2,k)&&(ar[ar.length]=k);return ar},ownKeys(o)};return function(mod){if(mod&&mod.__esModule)return mod;var result={};if(mod!=null)for(var k=ownKeys(mod),i=0;i<k.length;i++)k[i]!=="default"&&__createBinding(result,mod,k[i]);return __setModuleDefault(result,mod),result}})();Object.defineProperty(exports,"__esModule",{value:!0}),exports.SecretRotation=exports.SecretRotationApplication=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},ec2=()=>{var tmp=__importStar(require("../../aws-ec2"));return ec2=()=>tmp,tmp},lambda=()=>{var tmp=__importStar(require("../../aws-lambda"));return lambda=()=>tmp,tmp},serverless=()=>{var tmp=__importStar(require("../../aws-sam"));return serverless=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class SecretRotationApplication{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_secretsmanager.SecretRotationApplication",version:"2.259.0"};static MARIADB_ROTATION_SINGLE_USER=new SecretRotationApplication("SecretsManagerRDSMariaDBRotationSingleUser","1.1.670",{additionalSemanticVersions:{"aws-cn":"1.1.442","aws-us-gov":"1.1.399"}});static MARIADB_ROTATION_MULTI_USER=new SecretRotationApplication("SecretsManagerRDSMariaDBRotationMultiUser","1.1.670",{additionalSemanticVersions:{"aws-cn":"1.1.441","aws-us-gov":"1.1.398"}});static MYSQL_ROTATION_SINGLE_USER=new SecretRotationApplication("SecretsManagerRDSMySQLRotationSingleUser","1.1.671",{additionalSemanticVersions:{"aws-cn":"1.1.440","aws-us-gov":"1.1.397"}});static MYSQL_ROTATION_MULTI_USER=new SecretRotationApplication("SecretsManagerRDSMySQLRotationMultiUser","1.1.671",{additionalSemanticVersions:{"aws-cn":"1.1.440","aws-us-gov":"1.1.397"}});static ORACLE_ROTATION_SINGLE_USER=new SecretRotationApplication("SecretsManagerRDSOracleRotationSingleUser","1.1.671",{additionalSemanticVersions:{"aws-cn":"1.1.441","aws-us-gov":"1.1.398"}});static ORACLE_ROTATION_MULTI_USER=new SecretRotationApplication("SecretsManagerRDSOracleRotationMultiUser","1.1.671",{additionalSemanticVersions:{"aws-cn":"1.1.441","aws-us-gov":"1.1.398"}});static POSTGRES_ROTATION_SINGLE_USER=new SecretRotationApplication("SecretsManagerRDSPostgreSQLRotationSingleUser","1.1.671",{additionalSemanticVersions:{"aws-cn":"1.1.440","aws-us-gov":"1.1.397"}});static POSTGRES_ROTATION_MULTI_USER=new SecretRotationApplication("SecretsManagerRDSPostgreSQLRotationMultiUser","1.1.671",{additionalSemanticVersions:{"aws-cn":"1.1.440","aws-us-gov":"1.1.397"}});static SQLSERVER_ROTATION_SINGLE_USER=new SecretRotationApplication("SecretsManagerRDSSQLServerRotationSingleUser","1.1.670",{additionalSemanticVersions:{"aws-cn":"1.1.441","aws-us-gov":"1.1.398"}});static SQLSERVER_ROTATION_MULTI_USER=new SecretRotationApplication("SecretsManagerRDSSQLServerRotationMultiUser","1.1.671",{additionalSemanticVersions:{"aws-cn":"1.1.441","aws-us-gov":"1.1.398"}});static REDSHIFT_ROTATION_SINGLE_USER=new SecretRotationApplication("SecretsManagerRedshiftRotationSingleUser","1.1.671",{additionalSemanticVersions:{"aws-cn":"1.1.441","aws-us-gov":"1.1.398"}});static REDSHIFT_ROTATION_MULTI_USER=new SecretRotationApplication("SecretsManagerRedshiftRotationMultiUser","1.1.671",{additionalSemanticVersions:{"aws-cn":"1.1.440","aws-us-gov":"1.1.397"}});static MONGODB_ROTATION_SINGLE_USER=new SecretRotationApplication("SecretsManagerMongoDBRotationSingleUser","1.1.671",{additionalSemanticVersions:{"aws-cn":"1.1.440","aws-us-gov":"1.1.397"}});static MONGODB_ROTATION_MULTI_USER=new SecretRotationApplication("SecretsManagerMongoDBRotationMultiUser","1.1.671",{additionalSemanticVersions:{"aws-cn":"1.1.441","aws-us-gov":"1.1.398"}});static DB2_ROTATION_SINGLE_USER=new SecretRotationApplication("SecretsManagerRDSDb2RotationSingleUser","1.1.271",{additionalSemanticVersions:{"aws-cn":"1.1.242","aws-us-gov":"1.1.199"}});static DB2_ROTATION_MULTI_USER=new SecretRotationApplication("SecretsManagerRDSDb2RotationMultiUser","1.1.272",{additionalSemanticVersions:{"aws-cn":"1.1.240","aws-us-gov":"1.1.197"}});applicationId;semanticVersion;isMultiUser;applicationName;partitionalSemanticVersions;constructor(applicationName,awsSemanticVersion,options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_secretsmanager_SecretRotationApplicationOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,SecretRotationApplication),error}this.applicationName=applicationName,this.isMultiUser=options?.isMultiUser??applicationName.endsWith("MultiUser"),this.partitionalSemanticVersions={aws:awsSemanticVersion,...options?.additionalSemanticVersions??{}},this.semanticVersion=this.semanticVersionForPartition("aws"),this.applicationId=this.applicationArnForPartition("aws")}applicationArnForPartition(partition){if(partition==="aws")return`arn:aws:serverlessrepo:us-east-1:297356227824:applications/${this.applicationName}`;if(partition==="aws-cn")return`arn:aws-cn:serverlessrepo:cn-north-1:193023089310:applications/${this.applicationName}`;if(partition==="aws-us-gov")return`arn:aws-us-gov:serverlessrepo:us-gov-west-1:023102451235:applications/${this.applicationName}`;throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`UnsupportedPartition`,`unsupported partition: ${partition}`)}semanticVersionForPartition(partition){if(this.partitionalSemanticVersions.hasOwnProperty(partition))return this.partitionalSemanticVersions[partition];throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`UnsupportedPartition`,`unsupported partition: ${partition}`)}}exports.SecretRotationApplication=SecretRotationApplication;class SecretRotation extends constructs_1().Construct{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_secretsmanager.SecretRotation",version:"2.259.0"};constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_secretsmanager_SecretRotationProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,SecretRotation),error}if(!props.target.connections.defaultPort)throw new(core_1()).ValidationError((0,literal_string_1().lit)`ConnectionsDefaultPortRange`,"The `target` connections must have a default port range.",this);if(props.application.isMultiUser&&!props.masterSecret)throw new(core_1()).ValidationError((0,literal_string_1().lit)`MustBeSpecifiedApplicationUsing`,"The `masterSecret` must be specified for application using the multi user scheme.",this);const uniqueId=core_1().Names.uniqueId(this),rotationFunctionName=uniqueId.substring(Math.max(uniqueId.length-64,0),uniqueId.length),securityGroup=props.securityGroup||new(ec2()).SecurityGroup(this,"SecurityGroup",{vpc:props.vpc});props.target.connections.allowDefaultPortFrom(securityGroup);const parameters={endpoint:`https://${props.endpoint?`${props.endpoint.vpcEndpointId}.`:""}secretsmanager.${core_1().Stack.of(this).region}.${core_1().Stack.of(this).urlSuffix}`,functionName:rotationFunctionName,vpcSubnetIds:props.vpc.selectSubnets(props.vpcSubnets).subnetIds.join(","),vpcSecurityGroupIds:securityGroup.securityGroupId};props.excludeCharacters!==void 0&&(parameters.excludeCharacters=props.excludeCharacters),props.secret.encryptionKey&&(parameters.kmsKeyArn=props.secret.encryptionKey.keyArn),props.masterSecret&&(parameters.masterSecretArn=props.masterSecret.secretArn,props.masterSecret.encryptionKey&&(parameters.masterSecretKmsKeyArn=props.masterSecret.encryptionKey.keyArn));const sarMapping=new(core_1()).CfnMapping(this,"SARMapping",{mapping:{aws:{applicationId:props.application.applicationArnForPartition("aws"),semanticVersion:props.application.semanticVersionForPartition("aws")},"aws-cn":{applicationId:props.application.applicationArnForPartition("aws-cn"),semanticVersion:props.application.semanticVersionForPartition("aws-cn")},"aws-us-gov":{applicationId:props.application.applicationArnForPartition("aws-us-gov"),semanticVersion:props.application.semanticVersionForPartition("aws-us-gov")}}}),application=new(serverless()).CfnApplication(this,"Resource",{location:{applicationId:sarMapping.findInMap(core_1().Aws.PARTITION,"applicationId"),semanticVersion:sarMapping.findInMap(core_1().Aws.PARTITION,"semanticVersion")},parameters});application.applyRemovalPolicy(core_1().RemovalPolicy.DESTROY);const rotationLambda=lambda().Function.fromFunctionArn(this,"RotationLambda",application.getAtt("Outputs.RotationLambdaARN").toString());props.secret.addRotationSchedule("RotationSchedule",{rotationLambda,automaticallyAfter:props.automaticallyAfter,rotateImmediatelyOnUpdate:props.rotateImmediatelyOnUpdate}),props.masterSecret&&props.masterSecret.denyAccountRootDelete()}}exports.SecretRotation=SecretRotation;