|
| 1 | +import { CfnWafRuleStatement, IntrinsicFunction } from './cloudFormation'; |
| 2 | + |
| 3 | +export type IamStatement = { |
| 4 | + Effect: 'Allow' | 'Deny'; |
| 5 | + Action: string[]; |
| 6 | + Resource: string | IntrinsicFunction | (string | IntrinsicFunction)[]; |
| 7 | +}; |
| 8 | + |
| 9 | +export type WafConfig = { |
| 10 | + enabled?: boolean; |
| 11 | + arn?: string; |
| 12 | + name?: string; |
| 13 | + defaultAction?: WafAction; |
| 14 | + description?: string; |
| 15 | + visibilityConfig?: VisibilityConfig; |
| 16 | + rules?: WafRule[]; |
| 17 | +}; |
| 18 | + |
| 19 | +export type WafThrottleConfig = |
| 20 | + | number |
| 21 | + | { |
| 22 | + name?: string; |
| 23 | + action?: WafAction; |
| 24 | + aggregateKeyType?: 'IP' | 'FORWARDED_IP'; |
| 25 | + limit?: number; |
| 26 | + priority?: number; |
| 27 | + forwardedIPConfig?: { |
| 28 | + headerName: string; |
| 29 | + fallbackBehavior: 'MATCH' | 'NO_MATCH'; |
| 30 | + }; |
| 31 | + scopeDownStatement?: CfnWafRuleStatement; |
| 32 | + visibilityConfig?: VisibilityConfig; |
| 33 | + }; |
| 34 | + |
| 35 | +export type WafDisableIntrospectionConfig = { |
| 36 | + name?: string; |
| 37 | + priority?: number; |
| 38 | + visibilityConfig?: VisibilityConfig; |
| 39 | +}; |
| 40 | + |
| 41 | +export type WafAction = 'Allow' | 'Block'; |
| 42 | +export type WafRuleAction = 'Allow' | 'Block' | 'Count' | 'Captcha'; |
| 43 | + |
| 44 | +export type WafRuleThrottle = { |
| 45 | + throttle: WafThrottleConfig; |
| 46 | +}; |
| 47 | + |
| 48 | +export type WafRuleCustom = { |
| 49 | + name: string; |
| 50 | + priority?: number; |
| 51 | + action?: WafRuleAction; |
| 52 | + statement: CfnWafRuleStatement; |
| 53 | + visibilityConfig?: VisibilityConfig; |
| 54 | +}; |
| 55 | + |
| 56 | +export type WafRuleDisableIntrospection = { |
| 57 | + disableIntrospection: WafDisableIntrospectionConfig; |
| 58 | +}; |
| 59 | + |
| 60 | +export type WafRule = |
| 61 | + | WafRuleThrottle |
| 62 | + | WafRuleDisableIntrospection |
| 63 | + | WafRuleCustom |
| 64 | + | 'disableIntrospection' |
| 65 | + | 'throttle'; |
| 66 | + |
| 67 | +export type ApiKeyConfig = { |
| 68 | + apiKeyId?: string; |
| 69 | + name: string; |
| 70 | + description?: string; |
| 71 | + expiresAfter?: string | number; |
| 72 | + expiresAt?: string; |
| 73 | + wafRules?: WafRule[]; |
| 74 | +}; |
| 75 | + |
| 76 | +export type CognitoAuth = { |
| 77 | + type: 'AMAZON_COGNITO_USER_POOLS'; |
| 78 | + config: { |
| 79 | + userPoolId: string | IntrinsicFunction; |
| 80 | + awsRegion?: string | IntrinsicFunction; |
| 81 | + defaultAction?: 'ALLOW' | 'DENY'; |
| 82 | + appIdClientRegex?: string | IntrinsicFunction; |
| 83 | + }; |
| 84 | +}; |
| 85 | + |
| 86 | +export type IamAuth = { |
| 87 | + type: 'AWS_IAM'; |
| 88 | +}; |
| 89 | + |
| 90 | +export type LambdaAuth = { |
| 91 | + type: 'AWS_LAMBDA'; |
| 92 | + config: LambdaConfig & { |
| 93 | + identityValidationExpression?: string; |
| 94 | + authorizerResultTtlInSeconds?: number; |
| 95 | + }; |
| 96 | +}; |
| 97 | + |
| 98 | +export type OidcAuth = { |
| 99 | + type: 'OPENID_CONNECT'; |
| 100 | + config: { |
| 101 | + issuer: string; |
| 102 | + clientId: string; |
| 103 | + iatTTL?: number; |
| 104 | + authTTL?: number; |
| 105 | + }; |
| 106 | +}; |
| 107 | + |
| 108 | +export type ApiKeyAuth = { |
| 109 | + type: 'API_KEY'; |
| 110 | +}; |
| 111 | + |
| 112 | +export type Auth = CognitoAuth | LambdaAuth | OidcAuth | ApiKeyAuth | IamAuth; |
| 113 | + |
| 114 | +export type DomainConfig = { |
| 115 | + enabled?: boolean; |
| 116 | + useCloudFormation?: boolean; |
| 117 | + retain?: boolean; |
| 118 | + name: string; |
| 119 | + certificateArn?: string; |
| 120 | + hostedZoneId?: string; |
| 121 | + hostedZoneName?: string; |
| 122 | + route53?: boolean; |
| 123 | +}; |
| 124 | + |
| 125 | +export type SyncConfig = { |
| 126 | + conflictDetection: 'VERSION' | 'NONE'; |
| 127 | + conflictHandler: 'OPTIMISTIC_CONCURRENCY' | 'AUTOMERGE' | 'LAMBDA'; |
| 128 | +} & LambdaConfig; |
| 129 | + |
| 130 | +export type Substitutions = Record<string, string | IntrinsicFunction>; |
| 131 | + |
| 132 | +export type DsDynamoDBConfig = { |
| 133 | + type: 'AMAZON_DYNAMODB'; |
| 134 | + config: { |
| 135 | + tableName: string | IntrinsicFunction; |
| 136 | + useCallerCredentials?: boolean; |
| 137 | + serviceRoleArn?: string | IntrinsicFunction; |
| 138 | + region?: string | IntrinsicFunction; |
| 139 | + iamRoleStatements?: IamStatement[]; |
| 140 | + versioned?: boolean; |
| 141 | + deltaSyncConfig?: { |
| 142 | + deltaSyncTableName: string; |
| 143 | + baseTableTTL?: number; |
| 144 | + deltaSyncTableTTL?: number; |
| 145 | + }; |
| 146 | + }; |
| 147 | +}; |
| 148 | + |
| 149 | +export type DsEventBridgeConfig = { |
| 150 | + type: 'AMAZON_EVENTBRIDGE'; |
| 151 | + config: { |
| 152 | + serviceRoleArn?: string | IntrinsicFunction; |
| 153 | + iamRoleStatements?: IamStatement[]; |
| 154 | + eventBusArn: string | IntrinsicFunction; |
| 155 | + }; |
| 156 | +}; |
| 157 | + |
| 158 | +export type DsRelationalDbConfig = { |
| 159 | + type: 'RELATIONAL_DATABASE'; |
| 160 | + config: { |
| 161 | + region?: string; |
| 162 | + relationalDatabaseSourceType?: 'RDS_HTTP_ENDPOINT'; |
| 163 | + serviceRoleArn?: string | IntrinsicFunction; |
| 164 | + dbClusterIdentifier: string | IntrinsicFunction; |
| 165 | + databaseName?: string | IntrinsicFunction; |
| 166 | + schema?: string; |
| 167 | + awsSecretStoreArn: string | IntrinsicFunction; |
| 168 | + iamRoleStatements?: IamStatement[]; |
| 169 | + }; |
| 170 | +}; |
| 171 | + |
| 172 | +export type DsOpenSearchConfig = { |
| 173 | + type: 'AMAZON_OPENSEARCH_SERVICE'; |
| 174 | + config: { |
| 175 | + domain?: string; |
| 176 | + endpoint?: string | IntrinsicFunction; |
| 177 | + region?: string | IntrinsicFunction; |
| 178 | + serviceRoleArn?: string | IntrinsicFunction; |
| 179 | + iamRoleStatements?: IamStatement[]; |
| 180 | + }; |
| 181 | +}; |
| 182 | + |
| 183 | +export type LambdaConfig = |
| 184 | + | { |
| 185 | + functionName: string; |
| 186 | + functionAlias?: string; |
| 187 | + } |
| 188 | + | { |
| 189 | + functionArn: string | IntrinsicFunction; |
| 190 | + } |
| 191 | + | { |
| 192 | + function: Record<string, unknown>; |
| 193 | + }; |
| 194 | + |
| 195 | +export type DsLambdaConfig = { |
| 196 | + type: 'AWS_LAMBDA'; |
| 197 | + config: { |
| 198 | + serviceRoleArn?: string | IntrinsicFunction; |
| 199 | + iamRoleStatements?: IamStatement[]; |
| 200 | + } & LambdaConfig; |
| 201 | +}; |
| 202 | + |
| 203 | +export type DsHttpConfig = { |
| 204 | + type: 'HTTP'; |
| 205 | + config: { |
| 206 | + endpoint: string | IntrinsicFunction; |
| 207 | + serviceRoleArn?: string | IntrinsicFunction; |
| 208 | + iamRoleStatements?: IamStatement[]; |
| 209 | + authorizationConfig?: { |
| 210 | + authorizationType: 'AWS_IAM'; |
| 211 | + awsIamConfig: { |
| 212 | + signingRegion: string | IntrinsicFunction; |
| 213 | + signingServiceName?: string | IntrinsicFunction; |
| 214 | + }; |
| 215 | + }; |
| 216 | + }; |
| 217 | +}; |
| 218 | + |
| 219 | +export type DsNone = { |
| 220 | + type: 'NONE'; |
| 221 | +}; |
| 222 | + |
| 223 | +export type VisibilityConfig = { |
| 224 | + name?: string; |
| 225 | + cloudWatchMetricsEnabled?: boolean; |
| 226 | + sampledRequestsEnabled?: boolean; |
| 227 | +}; |
| 228 | + |
| 229 | +export type LoggingConfig = { |
| 230 | + level: 'ERROR' | 'NONE' | 'ALL'; |
| 231 | + enabled?: boolean; |
| 232 | + excludeVerboseContent?: boolean; |
| 233 | + retentionInDays?: number; |
| 234 | + roleArn?: string | IntrinsicFunction; |
| 235 | +}; |
| 236 | + |
| 237 | +export type CachingConfig = { |
| 238 | + enabled?: boolean; |
| 239 | + behavior: 'FULL_REQUEST_CACHING' | 'PER_RESOLVER_CACHING'; |
| 240 | + type?: string; |
| 241 | + ttl?: number; |
| 242 | + atRestEncryption?: boolean; |
| 243 | + transitEncryption?: boolean; |
| 244 | +}; |
0 commit comments