aws-cdk
Version:
CDK Toolkit, the command line tool for CDK apps
164 lines (163 loc) • 6.28 kB
TypeScript
import * as AWS from 'aws-sdk';
import type { ConfigurationOptions } from 'aws-sdk/lib/config-base';
import { Account } from './sdk-provider';
export interface ISDK {
/**
* The region this SDK has been instantiated for
*
* (As distinct from the `defaultRegion()` on SdkProvider which
* represents the region configured in the default config).
*/
readonly currentRegion: string;
/**
* The Account this SDK has been instantiated for
*
* (As distinct from the `defaultAccount()` on SdkProvider which
* represents the account available by using default credentials).
*/
currentAccount(): Promise<Account>;
getEndpointSuffix(region: string): string;
/**
* Appends the given string as the extra information to put into the User-Agent header for any requests invoked by this SDK.
* If the string is 'undefined', this method has no effect.
*/
appendCustomUserAgent(userAgentData?: string): void;
/**
* Removes the given string from the extra User-Agent header data used for requests invoked by this SDK.
*/
removeCustomUserAgent(userAgentData: string): void;
lambda(): AWS.Lambda;
cloudFormation(): AWS.CloudFormation;
ec2(): AWS.EC2;
iam(): AWS.IAM;
ssm(): AWS.SSM;
s3(): AWS.S3;
route53(): AWS.Route53;
ecr(): AWS.ECR;
ecs(): AWS.ECS;
elbv2(): AWS.ELBv2;
secretsManager(): AWS.SecretsManager;
kms(): AWS.KMS;
stepFunctions(): AWS.StepFunctions;
codeBuild(): AWS.CodeBuild;
cloudWatchLogs(): AWS.CloudWatchLogs;
appsync(): AWS.AppSync;
}
/**
* Additional SDK configuration options
*/
export interface SdkOptions {
/**
* Additional descriptive strings that indicate where the "AssumeRole" credentials are coming from
*
* Will be printed in an error message to help users diagnose auth problems.
*/
readonly assumeRoleCredentialsSourceDescription?: string;
}
/**
* Base functionality of SDK without credential fetching
*/
export declare class SDK implements ISDK {
private readonly _credentials;
private readonly sdkOptions;
private static readonly accountCache;
readonly currentRegion: string;
private readonly config;
/**
* Default retry options for SDK clients.
*/
private readonly retryOptions;
/**
* The more generous retry policy for CloudFormation, which has a 1 TPM limit on certain APIs,
* which are abundantly used for deployment tracking, ...
*
* So we're allowing way more retries, but waiting a bit more.
*/
private readonly cloudFormationRetryOptions;
/**
* STS is used to check credential validity, don't do too many retries.
*/
private readonly stsRetryOptions;
/**
* Whether we have proof that the credentials have not expired
*
* We need to do some manual plumbing around this because the JS SDKv2 treats `ExpiredToken`
* as retriable and we have hefty retries on CFN calls making the CLI hang for a good 15 minutes
* if the credentials have expired.
*/
private _credentialsValidated;
constructor(_credentials: AWS.Credentials, region: string, httpOptions?: ConfigurationOptions, sdkOptions?: SdkOptions);
appendCustomUserAgent(userAgentData?: string): void;
removeCustomUserAgent(userAgentData: string): void;
lambda(): AWS.Lambda;
cloudFormation(): AWS.CloudFormation;
ec2(): AWS.EC2;
iam(): AWS.IAM;
ssm(): AWS.SSM;
s3(): AWS.S3;
route53(): AWS.Route53;
ecr(): AWS.ECR;
ecs(): AWS.ECS;
elbv2(): AWS.ELBv2;
secretsManager(): AWS.SecretsManager;
kms(): AWS.KMS;
stepFunctions(): AWS.StepFunctions;
codeBuild(): AWS.CodeBuild;
cloudWatchLogs(): AWS.CloudWatchLogs;
appsync(): AWS.AppSync;
currentAccount(): Promise<Account>;
/**
* Return the current credentials
*
* Don't use -- only used to write tests around assuming roles.
*/
currentCredentials(): Promise<AWS.Credentials>;
/**
* Force retrieval of the current credentials
*
* Relevant if the current credentials are AssumeRole credentials -- do the actual
* lookup, and translate any error into a useful error message (taking into
* account credential provenance).
*/
forceCredentialRetrieval(): Promise<void>;
/**
* Make sure the the current credentials are not expired
*/
validateCredentials(): Promise<void>;
getEndpointSuffix(region: string): string;
/**
* Return a wrapping object for the underlying service object
*
* Responds to failures in the underlying service calls, in two different
* ways:
*
* - When errors are encountered, log the failing call and the error that
* it triggered (at debug level). This is necessary because the lack of
* stack traces in NodeJS otherwise makes it very hard to suss out where
* a certain AWS error occurred.
* - The JS SDK has a funny business of wrapping any credential-based error
* in a super-generic (and in our case wrong) exception. If we then use a
* 'ChainableTemporaryCredentials' and the target role doesn't exist,
* the error message that shows up by default is super misleading
* (https://github.com/aws/aws-sdk-js/issues/3272). We can fix this because
* the exception contains the "inner exception", so we unwrap and throw
* the correct error ("cannot assume role").
*
* The wrapping business below is slightly more complicated than you'd think
* because we must hook into the `promise()` method of the object that's being
* returned from the methods of the object that we wrap, so there's two
* levels of wrapping going on, and also some exceptions to the wrapping magic.
*/
private wrapServiceErrorHandling;
/**
* Extract a more detailed error out of a generic error if we can
*
* If this is an error about Assuming Roles, add in the context showing the
* chain of credentials we used to try to assume the role.
*/
private makeDetailedException;
}
/**
* Return whether an error should not be recovered from
*/
export declare function isUnrecoverableAwsError(e: Error): boolean;