API.md

API Reference

Constructs

EcsIsoServiceAutoscaler

Creates a EcsIsoServiceAutoscaler construct.

This construct allows you to scale an ECS service in an ISO region where classic ECS Autoscaling may not be available.

Initializers

import { EcsIsoServiceAutoscaler } from '@cdklabs/cdk-enterprise-iac'

new EcsIsoServiceAutoscaler(scope: Construct, id: string, props: EcsIsoServiceAutoscalerProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	EcsIsoServiceAutoscalerProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: EcsIsoServiceAutoscalerProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { EcsIsoServiceAutoscaler } from '@cdklabs/cdk-enterprise-iac'

EcsIsoServiceAutoscaler.isConstruct(x: any)

Checks if x is a construct.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.
ecsScalingManagerFunction	aws-cdk-lib.aws_lambda.Function	No description.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

ecsScalingManagerFunction^Required

public readonly ecsScalingManagerFunction: Function;

• Type: aws-cdk-lib.aws_lambda.Function

---

EnterpriseDnsResolver

Initializers

import { EnterpriseDnsResolver } from '@cdklabs/cdk-enterprise-iac'

new EnterpriseDnsResolver(scope: Construct, id: string, props: EnterpriseDnsResolverProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	EnterpriseDnsResolverProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: EnterpriseDnsResolverProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { EnterpriseDnsResolver } from '@cdklabs/cdk-enterprise-iac'

EnterpriseDnsResolver.isConstruct(x: any)

Checks if x is a construct.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

PopulateWithConfig

Populate a provided VPC with subnets based on a provided configuration.

Example

const mySubnetConfig: SubnetConfig[] = [
   {
     groupName: 'app',
     cidrRange: '172.31.0.0/27',
     availabilityZone: 'a',
     subnetType: subnetType.PUBLIC,
   },
   {
     groupName: 'app',
     cidrRange: '172.31.0.32/27',
     availabilityZone: 'b',
     subnetType: subnetType.PUBLIC,
   },
   {
     groupName: 'db',
     cidrRange: '172.31.0.64/27',
     availabilityZone: 'a',
     subnetType: subnetType.PRIVATE_WITH_EGRESS,
   },
   {
     groupName: 'db',
     cidrRange: '172.31.0.96/27',
     availabilityZone: 'b',
     subnetType: subnetType.PRIVATE_WITH_EGRESS,
   },
   {
     groupName: 'iso',
     cidrRange: '172.31.0.128/26',
     availabilityZone: 'a',
     subnetType: subnetType.PRIVATE_ISOLATED,
   },
   {
     groupName: 'iso',
     cidrRange: '172.31.0.196/26',
     availabilityZone: 'b',
     subnetType: subnetType.PRIVATE_ISOLATED,
   },
 ];
new PopulateWithConfig(this, "vpcPopulater", {
  vpcId: 'vpc-abcdefg1234567',
  privateRouteTableId: 'rt-abcdefg123456',
  localRouteTableId: 'rt-123456abcdefg',
  subnetConfig: mySubnetConfig,
})

Initializers

import { PopulateWithConfig } from '@cdklabs/cdk-enterprise-iac'

new PopulateWithConfig(scope: Construct, id: string, props: PopulateWithConfigProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	PopulateWithConfigProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: PopulateWithConfigProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { PopulateWithConfig } from '@cdklabs/cdk-enterprise-iac'

PopulateWithConfig.isConstruct(x: any)

Checks if x is a construct.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

SplitVpcEvenly

Splits a VPC evenly between a provided number of AZs (3 if not defined), and attaches a provided route table to each, and labels.

Example

// with more specific properties
new SplitVpcEvenly(this, 'evenSplitVpc', {
  vpcId: 'vpc-abcdefg123456',
  vpcCidr: '172.16.0.0/16',
  routeTableId: 'rt-abcdefgh123456',
  cidrBits: '10',
  numberOfAzs: 4,
  subnetType: subnetType.PRIVATE_ISOLATED,
});

Initializers

import { SplitVpcEvenly } from '@cdklabs/cdk-enterprise-iac'

new SplitVpcEvenly(scope: Construct, id: string, props: SplitVpcEvenlyProps)

Name	Type	Description
scope	constructs.Construct	No description.
id	string	No description.
props	SplitVpcEvenlyProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: SplitVpcEvenlyProps

---

Methods

Name	Description
toString	Returns a string representation of this construct.

---

toString

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
isConstruct	Checks if x is a construct.

---

isConstruct

import { SplitVpcEvenly } from '@cdklabs/cdk-enterprise-iac'

SplitVpcEvenly.isConstruct(x: any)

Checks if x is a construct.

x^Required

• Type: any

Any object.

---

Properties

Name	Type	Description
node	constructs.Node	The tree node.

---

node^Required

public readonly node: Node;

• Type: constructs.Node

The tree node.

---

Structs

AddCfnInitProxyProps

Properties for the proxy server to use with cfn helper commands.

Initializer

import { AddCfnInitProxyProps } from '@cdklabs/cdk-enterprise-iac'

const addCfnInitProxyProps: AddCfnInitProxyProps = { ... }

Properties

Name	Type	Description
proxyHost	string	host of your proxy.
proxyPort	number	proxy port.
proxyCredentials	aws-cdk-lib.aws_secretsmanager.ISecret	JSON secret containing user and password properties to use if your proxy requires credentials http://user:password@host:port could contain sensitive data, so using a Secret.
proxyType	ProxyType	Proxy Type.

---

proxyHost^Required

public readonly proxyHost: string;

• Type: string

host of your proxy.

---

Example

example.com

proxyPort^Required

public readonly proxyPort: number;

• Type: number

proxy port.

---

Example

8080

proxyCredentials^Optional

public readonly proxyCredentials: ISecret;

• Type: aws-cdk-lib.aws_secretsmanager.ISecret

JSON secret containing user and password properties to use if your proxy requires credentials http://user:password@host:port could contain sensitive data, so using a Secret.

Note that while the user and password won't be visible in the cloudformation template they will be in plain text inside your UserData

---

Example

const secret = new Secret(stack, 'TestSecret', {
 secretObjectValue: {
   user: SecretValue,
   password: SecretValue,
 },
});

proxyType^Optional

public readonly proxyType: ProxyType;

• Type: ProxyType
• Default: ProxyType.HTTP

Proxy Type.

---

Example

ProxyType.HTTPS

AddPermissionBoundaryProps

Properties to pass to the AddPermissionBoundary.

Initializer

import { AddPermissionBoundaryProps } from '@cdklabs/cdk-enterprise-iac'

const addPermissionBoundaryProps: AddPermissionBoundaryProps = { ... }

Properties

Name	Type	Description
permissionsBoundaryPolicyName	string	Name of Permissions Boundary Policy to add to all IAM roles.
instanceProfilePrefix	string	A prefix to prepend to the name of the IAM InstanceProfiles (Default: '').
policyPrefix	string	A prefix to prepend to the name of the IAM Policies and ManagedPolicies (Default: '').
rolePath	string	An IAM path to add to all IAM roles (Default: '').
rolePrefix	string	A prefix to prepend to the name of IAM Roles (Default: '').

---

permissionsBoundaryPolicyName^Required

public readonly permissionsBoundaryPolicyName: string;

• Type: string

Name of Permissions Boundary Policy to add to all IAM roles.

---

instanceProfilePrefix^Optional

public readonly instanceProfilePrefix: string;

• Type: string

A prefix to prepend to the name of the IAM InstanceProfiles (Default: '').

---

policyPrefix^Optional

public readonly policyPrefix: string;

• Type: string

A prefix to prepend to the name of the IAM Policies and ManagedPolicies (Default: '').

---

rolePath^Optional

public readonly rolePath: string;

• Type: string

An IAM path to add to all IAM roles (Default: '').

---

rolePrefix^Optional

public readonly rolePrefix: string;

• Type: string

A prefix to prepend to the name of IAM Roles (Default: '').

---

EcsIsoServiceAutoscalerProps

Initializer

import { EcsIsoServiceAutoscalerProps } from '@cdklabs/cdk-enterprise-iac'

const ecsIsoServiceAutoscalerProps: EcsIsoServiceAutoscalerProps = { ... }

Properties

Name	Type	Description
ecsCluster	aws-cdk-lib.aws_ecs.Cluster	The cluster the service you wish to scale resides in.
ecsService	aws-cdk-lib.aws_ecs.IService	The ECS service you wish to scale.
scaleAlarm	aws-cdk-lib.aws_cloudwatch.AlarmBase	The Cloudwatch Alarm that will cause scaling actions to be invoked, whether it's in or not in alarm will determine scale up and down actions.
maximumTaskCount	number	The maximum number of tasks that the service will scale out to.
minimumTaskCount	number	The minimum number of tasks the service will have.
role	aws-cdk-lib.aws_iam.IRole	Optional IAM role to attach to the created lambda to adjust the desired count on the ECS Service.
scaleInCooldown	aws-cdk-lib.Duration	How long will the application wait before performing another scale in action.
scaleInIncrement	number	The number of tasks that will scale in on scale in alarm status.
scaleOutCooldown	aws-cdk-lib.Duration	How long will a the application wait before performing another scale out action.
scaleOutIncrement	number	The number of tasks that will scale out on scale out alarm status.

---

ecsCluster^Required

public readonly ecsCluster: Cluster;

• Type: aws-cdk-lib.aws_ecs.Cluster

The cluster the service you wish to scale resides in.

---

ecsService^Required

public readonly ecsService: IService;

• Type: aws-cdk-lib.aws_ecs.IService

The ECS service you wish to scale.

---

scaleAlarm^Required

public readonly scaleAlarm: AlarmBase;

• Type: aws-cdk-lib.aws_cloudwatch.AlarmBase

The Cloudwatch Alarm that will cause scaling actions to be invoked, whether it's in or not in alarm will determine scale up and down actions.

Note: composite alarms can not be generated with CFN in all regions, while this allows you to pass in a composite alarm alarm creation is outside the scope of this construct

---

maximumTaskCount^Optional

public readonly maximumTaskCount: number;

• Type: number
• Default: 10

The maximum number of tasks that the service will scale out to.

Note: This does not provide any protection from scaling out above the maximum allowed in your account, set this variable and manage account quotas appropriately.

---

minimumTaskCount^Optional

public readonly minimumTaskCount: number;

• Type: number
• Default: 1

The minimum number of tasks the service will have.

---

role^Optional

public readonly role: IRole;

• Type: aws-cdk-lib.aws_iam.IRole
• Default: A role is created for you with least privilege IAM policy

Optional IAM role to attach to the created lambda to adjust the desired count on the ECS Service.

Ensure this role has appropriate privileges. Example IAM policy statements:

{
 "PolicyDocument": {
   "Statement": [
     {
       "Action": "cloudwatch:DescribeAlarms",
       "Effect": "Allow",
       "Resource": "*"
     },
     {
       "Action": [
         "ecs:DescribeServices",
         "ecs:UpdateService"
       ],
       "Condition": {
         "StringEquals": {
           "ecs:cluster": "arn:${Partition}:ecs:${Region}:${Account}:cluster/${ClusterName}"
         }
       },
       "Effect": "Allow",
       "Resource": "arn:${Partition}:ecs:${Region}:${Account}:service/${ClusterName}/${ServiceName}"
     }
   ],
   "Version": "2012-10-17"
 }
}

---

scaleInCooldown^Optional

public readonly scaleInCooldown: Duration;

• Type: aws-cdk-lib.Duration
• Default: 60 seconds

How long will the application wait before performing another scale in action.

---

scaleInIncrement^Optional

public readonly scaleInIncrement: number;

• Type: number
• Default: 1

The number of tasks that will scale in on scale in alarm status.

---

scaleOutCooldown^Optional

public readonly scaleOutCooldown: Duration;

• Type: aws-cdk-lib.Duration
• Default: 60 seconds

How long will a the application wait before performing another scale out action.

---

scaleOutIncrement^Optional

public readonly scaleOutIncrement: number;

• Type: number
• Default: 1

The number of tasks that will scale out on scale out alarm status.

---

EnterpriseDnsResolverProps

Initializer

import { EnterpriseDnsResolverProps } from '@cdklabs/cdk-enterprise-iac'

const enterpriseDnsResolverProps: EnterpriseDnsResolverProps = { ... }

Properties

Name	Type	Description
enterpriseDnsIpAddresses	string[]	List of IPs for enterprise DNS servers.
vpc	aws-cdk-lib.aws_ec2.Vpc | aws-cdk-lib.aws_ec2.IVpc	Vpc or IVpc to associate resolver rules with.

---

enterpriseDnsIpAddresses^Required

public readonly enterpriseDnsIpAddresses: string[];

• Type: string[]

List of IPs for enterprise DNS servers.

---

vpc^Required

public readonly vpc: Vpc | IVpc;

• Type: aws-cdk-lib.aws_ec2.Vpc | aws-cdk-lib.aws_ec2.IVpc

Vpc or IVpc to associate resolver rules with.

---

PopulateWithConfigProps

Initializer

import { PopulateWithConfigProps } from '@cdklabs/cdk-enterprise-iac'

const populateWithConfigProps: PopulateWithConfigProps = { ... }

Properties

Name	Type	Description
localRouteTableId	string	Local route table ID, with routes only to local VPC.
privateRouteTableId	string	Route table ID for a provided route table with routes to enterprise network.
subnetConfig	SubnetConfig[]	List of Subnet configs to provision to provision.
vpcId	string	ID of the VPC provided that needs to be populated.

---

localRouteTableId^Required

public readonly localRouteTableId: string;

• Type: string

Local route table ID, with routes only to local VPC.

---

privateRouteTableId^Required

public readonly privateRouteTableId: string;

• Type: string

Route table ID for a provided route table with routes to enterprise network.

Both subnetType.PUBLIC and subnetType.PRIVATE_WITH_EGRESS will use this property

---

subnetConfig^Required

public readonly subnetConfig: SubnetConfig[];

• Type: SubnetConfig[]

List of Subnet configs to provision to provision.

---

vpcId^Required

public readonly vpcId: string;

• Type: string

ID of the VPC provided that needs to be populated.

---

RemoveTagsProps

Initializer

import { RemoveTagsProps } from '@cdklabs/cdk-enterprise-iac'

const removeTagsProps: RemoveTagsProps = { ... }

Properties

Name	Type	Description
cloudformationResource	string	Name of Cloudformation resource Type (e.g. 'AWS::Lambda::Function').
tagPropertyName	string	Name of the tag property to remove from the resource.

---

cloudformationResource^Required

public readonly cloudformationResource: string;

• Type: string

Name of Cloudformation resource Type (e.g. 'AWS::Lambda::Function').

---

tagPropertyName^Optional

public readonly tagPropertyName: string;

• Type: string
• Default: Tags

Name of the tag property to remove from the resource.

---

ResourceExtractorProps

Initializer

import { ResourceExtractorProps } from '@cdklabs/cdk-enterprise-iac'

const resourceExtractorProps: ResourceExtractorProps = { ... }

Properties

Name	Type	Description
extractDestinationStack	aws-cdk-lib.Stack	Stack to move found extracted resources into.
resourceTypesToExtract	string[]	List of resource types to extract, ex: AWS::IAM::Role.
stackArtifacts	aws-cdk-lib.cx_api.CloudFormationStackArtifact[]	Synthed stack artifacts from your CDK app.
additionalTransforms	{[ key: string ]: string}	Additional resource transformations.
valueShareMethod	ResourceExtractorShareMethod	The sharing method to use when passing exported resources from the "Extracted Stack" into the original stack(s).

---

extractDestinationStack^Required

public readonly extractDestinationStack: Stack;

• Type: aws-cdk-lib.Stack

Stack to move found extracted resources into.

---

resourceTypesToExtract^Required

public readonly resourceTypesToExtract: string[];

• Type: string[]

List of resource types to extract, ex: AWS::IAM::Role.

---

stackArtifacts^Required

public readonly stackArtifacts: CloudFormationStackArtifact[];

• Type: aws-cdk-lib.cx_api.CloudFormationStackArtifact[]

Synthed stack artifacts from your CDK app.

---

additionalTransforms^Optional

public readonly additionalTransforms: {[ key: string ]: string};

• Type: {[ key: string ]: string}

Additional resource transformations.

---

valueShareMethod^Optional

public readonly valueShareMethod: ResourceExtractorShareMethod;

• Type: ResourceExtractorShareMethod

The sharing method to use when passing exported resources from the "Extracted Stack" into the original stack(s).

---

SetApiGatewayEndpointConfigurationProps

Initializer

import { SetApiGatewayEndpointConfigurationProps } from '@cdklabs/cdk-enterprise-iac'

const setApiGatewayEndpointConfigurationProps: SetApiGatewayEndpointConfigurationProps = { ... }

Properties

Name	Type	Description
endpointType	aws-cdk-lib.aws_apigateway.EndpointType	API Gateway endpoint type to override to.

---

endpointType^Optional

public readonly endpointType: EndpointType;

• Type: aws-cdk-lib.aws_apigateway.EndpointType
• Default: EndpointType.REGIONAL

API Gateway endpoint type to override to.

Defaults to EndpointType.REGIONAL

---

SplitVpcEvenlyProps

Initializer

import { SplitVpcEvenlyProps } from '@cdklabs/cdk-enterprise-iac'

const splitVpcEvenlyProps: SplitVpcEvenlyProps = { ... }

Properties

Name	Type	Description
routeTableId	string	Route Table ID that will be attached to each subnet created.
vpcCidr	string	CIDR range of the VPC you're populating.
vpcId	string	ID of the existing VPC you're trying to populate.
cidrBits	string	cidrBits argument for the Fn::Cidr Cloudformation intrinsic function.
numberOfAzs	number	Number of AZs to evenly split into.
subnetType	aws-cdk-lib.aws_ec2.SubnetType	No description.

---

routeTableId^Required

public readonly routeTableId: string;

• Type: string

Route Table ID that will be attached to each subnet created.

---

vpcCidr^Required

public readonly vpcCidr: string;

• Type: string

CIDR range of the VPC you're populating.

---

vpcId^Required

public readonly vpcId: string;

• Type: string

ID of the existing VPC you're trying to populate.

---

cidrBits^Optional

public readonly cidrBits: string;

• Type: string
• Default: '6'

cidrBits argument for the Fn::Cidr Cloudformation intrinsic function.

---

numberOfAzs^Optional

public readonly numberOfAzs: number;

• Type: number
• Default: 3

Number of AZs to evenly split into.

---

subnetType^Optional

public readonly subnetType: SubnetType;

• Type: aws-cdk-lib.aws_ec2.SubnetType
• Default: subnetType.PRIVATE

---

SubnetConfig

Initializer

import { SubnetConfig } from '@cdklabs/cdk-enterprise-iac'

const subnetConfig: SubnetConfig = { ... }

Properties

Name	Type	Description
availabilityZone	string	Which availability zone the subnet should be in.
cidrRange	string	Cidr range of the subnet to create.
groupName	string	Logical group name of a subnet.
subnetType	aws-cdk-lib.aws_ec2.SubnetType	What SubnetType to use.

---

availabilityZone^Required

public readonly availabilityZone: string;

• Type: string

Which availability zone the subnet should be in.

---

cidrRange^Required

public readonly cidrRange: string;

• Type: string

Cidr range of the subnet to create.

---

groupName^Required

public readonly groupName: string;

• Type: string

Logical group name of a subnet.

---

Example

db

subnetType^Required

public readonly subnetType: SubnetType;

• Type: aws-cdk-lib.aws_ec2.SubnetType

What SubnetType to use.

This will govern the aws-cdk:subnet-type tag on the subnet

SubnetType	aws-cdk:subnet-type tag value
PRIVATE_ISOLATED	'Isolated'
PRIVATE_WITH_EGRESS	'Private'
PUBLIC	'Public'

---

Classes

AddCfnInitProxy

• Implements: aws-cdk-lib.IAspect

Add proxy configuration to Cloudformation helper functions.

Initializers

import { AddCfnInitProxy } from '@cdklabs/cdk-enterprise-iac'

new AddCfnInitProxy(props: AddCfnInitProxyProps)

Name	Type	Description
props	AddCfnInitProxyProps	No description.

---

props^Required

• Type: AddCfnInitProxyProps

---

Methods

Name	Description
visit	All aspects can visit an IConstruct.

---

visit

public visit(node: IConstruct): void

All aspects can visit an IConstruct.

node^Required

• Type: constructs.IConstruct

---

AddLambdaEnvironmentVariables

• Implements: aws-cdk-lib.IAspect

Add one or more environment variables to all lambda functions within a scope.

Initializers

import { AddLambdaEnvironmentVariables } from '@cdklabs/cdk-enterprise-iac'

new AddLambdaEnvironmentVariables(props: {[ key: string ]: string})

Name	Type	Description
props	{[ key: string ]: string}	: string} props - Key Value pair(s) for environment variables to add to all lambda functions.

---

props^Required

• Type: {[ key: string ]: string}

: string} props - Key Value pair(s) for environment variables to add to all lambda functions.

---

Methods

Name	Description
visit	All aspects can visit an IConstruct.

---

visit

public visit(node: IConstruct): void

All aspects can visit an IConstruct.

node^Required

• Type: constructs.IConstruct

---

AddPermissionBoundary

• Implements: aws-cdk-lib.IAspect

A patch for Adding Permissions Boundaries to all IAM roles.

Additional options for adding prefixes to IAM role, policy and instance profile names

Can account for non commercial partitions (e.g. aws-gov, aws-cn)

Initializers

import { AddPermissionBoundary } from '@cdklabs/cdk-enterprise-iac'

new AddPermissionBoundary(props: AddPermissionBoundaryProps)

Name	Type	Description
props	AddPermissionBoundaryProps	No description.

---

props^Required

• Type: AddPermissionBoundaryProps

---

Methods

Name	Description
checkAndOverride	No description.
visit	All aspects can visit an IConstruct.

---

checkAndOverride

public checkAndOverride(node: CfnResource, prefix: string, length: number, cfnProp: string, cdkProp?: string): void

node^Required

• Type: aws-cdk-lib.CfnResource

---

prefix^Required

• Type: string

---

length^Required

• Type: number

---

cfnProp^Required

• Type: string

---

cdkProp^Optional

• Type: string

---

visit

public visit(node: IConstruct): void

All aspects can visit an IConstruct.

node^Required

• Type: constructs.IConstruct

---

ConvertInlinePoliciesToManaged

• Implements: aws-cdk-lib.IAspect

Patch for turning all Policies into ConvertInlinePoliciesToManaged.

Some users have policies in place that make it impossible to create inline policies. Instead, they must use managed policies.

Note that order matters with this aspect. Specifically, it should generally be added first. This is because other aspects may add overrides that would be lost if applied before this aspect since the original aspect is removed and replaced.

Example

// Replace all AWS::IAM::Policy resources with equivalent AWS::IAM::ManagedPolicy
Aspects.of(stack).add(new ConvertInlinePoliciesToManaged())

Initializers

import { ConvertInlinePoliciesToManaged } from '@cdklabs/cdk-enterprise-iac'

new ConvertInlinePoliciesToManaged()

Name	Type	Description

---

Methods

Name	Description
visit	All aspects can visit an IConstruct.

---

visit

public visit(node: IConstruct): void

All aspects can visit an IConstruct.

node^Required

• Type: constructs.IConstruct

---

RemovePublicAccessBlockConfiguration

• Implements: aws-cdk-lib.IAspect

Looks for S3 Buckets, and removes the PublicAccessBlockConfiguration property.

For use in regions where Cloudformation doesn't support this property

Initializers

import { RemovePublicAccessBlockConfiguration } from '@cdklabs/cdk-enterprise-iac'

new RemovePublicAccessBlockConfiguration()

Name	Type	Description

---

Methods

Name	Description
visit	All aspects can visit an IConstruct.

---

visit

public visit(node: IConstruct): void

All aspects can visit an IConstruct.

node^Required

• Type: constructs.IConstruct

---

RemoveTags

• Implements: aws-cdk-lib.IAspect

Patch for removing tags from a specific Cloudformation Resource.

In some regions, the 'Tags' property isn't supported in Cloudformation. This patch makes it easy to remove

Example

// Remove tags on a resource
Aspects.of(stack).add(new RemoveTags({
  cloudformationResource: 'AWS::ECS::Cluster',
}));
// Remove tags without the standard 'Tags' name
Aspects.of(stack).add(new RemoveTags({
  cloudformationResource: 'AWS::Backup::BackupPlan',
   tagPropertyName: 'BackupPlanTags',
}));

Initializers

import { RemoveTags } from '@cdklabs/cdk-enterprise-iac'

new RemoveTags(props: RemoveTagsProps)

Name	Type	Description
props	RemoveTagsProps	No description.

---

props^Required

• Type: RemoveTagsProps

---

Methods

Name	Description
visit	All aspects can visit an IConstruct.

---

visit

public visit(node: IConstruct): void

All aspects can visit an IConstruct.

node^Required

• Type: constructs.IConstruct

---

ResourceExtractor

• Implements: aws-cdk-lib.IAspect

This Aspect takes a CDK application, all synthesized CloudFormationStackArtifact, a value share method, and a list of Cloudformation resources that should be pulled out of the main CDK application, which should be synthesized to a cloudformation template that an external team (e.g. security team) to deploy, and adjusting the CDK application to reference pre-created resources already pulled out.

Example

 const app = App()
 const stack = new Stack(app, 'MyStack');
 extractedStack = new Stack(app, 'ExtractedStack');
 const synthedApp = app.synth();

 Aspects.of(app).add(new ResourceExtractor({
   extractDestinationStack: extractedStack,
   stackArtifacts: synthedApp.stacks,
   valueShareMethod: ResourceExtractorShareMethod.CFN_OUTPUT,
   resourceTypesToExtract: [
     'AWS::IAM::Role',
     'AWS::IAM::Policy',
     'AWS::IAM::ManagedPolicy',
     'AWS::IAM::InstanceProfile',
   ],
 });
 app.synth({ force: true });

Initializers

import { ResourceExtractor } from '@cdklabs/cdk-enterprise-iac'

new ResourceExtractor(props: ResourceExtractorProps)

Name	Type	Description
props	ResourceExtractorProps	No description.

---

props^Required

• Type: ResourceExtractorProps

---

Methods

Name	Description
visit	Entrypoint.

---

visit

public visit(node: IConstruct): void

Entrypoint.

node^Required

• Type: constructs.IConstruct

---

SetApiGatewayEndpointConfiguration

• Implements: aws-cdk-lib.IAspect

Override RestApis to use a set endpoint configuration.

Some regions don't support EDGE endpoints, and some enterprises require specific endpoint types for RestApis

Initializers

import { SetApiGatewayEndpointConfiguration } from '@cdklabs/cdk-enterprise-iac'

new SetApiGatewayEndpointConfiguration(props?: SetApiGatewayEndpointConfigurationProps)

Name	Type	Description
props	SetApiGatewayEndpointConfigurationProps	No description.

---

props^Optional

• Type: SetApiGatewayEndpointConfigurationProps

---

Methods

Name	Description
visit	All aspects can visit an IConstruct.

---

visit

public visit(node: IConstruct): void

All aspects can visit an IConstruct.

node^Required

• Type: constructs.IConstruct

---

Enums

ProxyType

Whether an http-proxy or https-proxy.

Members

Name	Description
HTTP	--http-proxy.
HTTPS	--https-proxy.

---

HTTP

-http-proxy.

---

HTTPS

-https-proxy.

---

ResourceExtractorShareMethod

The available value sharing methods to pass values from the extracted stack onto the original stack(s).

Members

Name	Description
CFN_OUTPUT	No description.
SSM_PARAMETER	No description.
API_LOOKUP	No description.

---

CFN_OUTPUT

---

SSM_PARAMETER

---

API_LOOKUP

---

ResourceTransform

Members

Name	Description
STACK_NAME	No description.
LOGICAL_ID	No description.

---

STACK_NAME

---

LOGICAL_ID

---