constructs

package
v1.0.39 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 7, 2025 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateCRUDHandlerCode 

func GenerateCRUDHandlerCode(operation string) string

GenerateCRUDHandlerCode generates the Lambda handler code for a CRUD operation This is exported for use in CDK constructs

Types

type APIKeyAuthorizer 

type APIKeyAuthorizer struct {
	constructs.Construct
	Authorizer        awsapigatewayv2.IHttpRouteAuthorizer
	ValidatorFunction awslambda.IFunction
}

APIKeyAuthorizer provides API key authentication for HTTP APIs

func NewAPIKeyAuthorizer 

func NewAPIKeyAuthorizer(scope constructs.Construct, id *string, props *APIKeyAuthorizerProps) *APIKeyAuthorizer

NewAPIKeyAuthorizer creates a new API key authorizer

type APIKeyAuthorizerProps 

type APIKeyAuthorizerProps struct {
	// API key parameter source (header or query)
	APIKeySource *string `json:"apiKeySource"`
	// Parameter name (e.g., "X-API-Key" for header or "apiKey" for query)
	APIKeyParameter *string `json:"apiKeyParameter"`
	// Optional function to validate API keys (if not provided, creates one)
	ValidatorFunction awslambda.IFunction `json:"validatorFunction"`
	// DynamoDB table name for storing API keys (optional)
	APIKeyTableName *string `json:"apiKeyTableName"`
	// Cache results for this many seconds (0-3600)
	ResultsCacheTtl *float64 `json:"resultsCacheTtl"`
}

APIKeyAuthorizerProps defines properties for the API key authorizer

type AlarmConfig 

type AlarmConfig struct {
	// Enable error rate alarm
	EnableErrorAlarm *bool
	// Error rate threshold (percentage)
	ErrorRateThreshold *float64
	// Enable latency alarm
	EnableLatencyAlarm *bool
	// Latency threshold in milliseconds
	LatencyThreshold *float64
	// Enable throttle alarm
	EnableThrottleAlarm *bool
	// Throttle count threshold
	ThrottleThreshold *float64
	// Enable concurrent executions alarm
	EnableConcurrentAlarm *bool
	// Concurrent executions threshold
	ConcurrentThreshold *float64
	// SNS topic for alarm notifications
	AlarmTopic awssns.ITopic
}

AlarmConfig defines configuration for CloudWatch alarms

type AlarmThresholds 

type AlarmThresholds struct {
	// Error rate threshold (percentage)
	ErrorRate *float64
	// Latency threshold (milliseconds)
	LatencyP99 *float64
	// Throttle count threshold
	ThrottleCount *float64
	// Concurrent executions threshold
	ConcurrentExecutions *float64
	// Custom thresholds
	CustomThresholds *map[string]*float64
}

AlarmThresholds defines threshold configuration for alarms

type AuditLevel 

type AuditLevel string

AuditLevel defines the level of audit logging 

const (
	// AuditLevelBasic provides basic audit logging
	AuditLevelBasic AuditLevel = "BASIC"
	// AuditLevelDetailed provides detailed audit logging
	AuditLevelDetailed AuditLevel = "DETAILED"
	// AuditLevelComprehensive provides comprehensive audit logging
	AuditLevelComprehensive AuditLevel = "COMPREHENSIVE"
)

type AuditingConstruct 

type AuditingConstruct struct {
	constructs.Construct
	AuditBucket            awss3.Bucket
	EncryptionKey          awskms.Key
	CloudTrail             awscloudtrail.Trail
	ApplicationLogGroup    awslogs.LogGroup
	DatabaseLogGroup       awslogs.LogGroup
	AuditLogGroup          awslogs.LogGroup
	LogProcessingFunction  awslambda.Function
	LogStream              awskinesis.Stream
	FirehoseDeliveryStream awskinesisfirehose.CfnDeliveryStream
	AuditDashboard         awscloudwatch.Dashboard
	AuditAlarms            []awscloudwatch.Alarm
	IntegrityFunction      awslambda.Function
	ComplianceFunction     awslambda.Function
}

AuditingConstruct creates comprehensive audit logging infrastructure

func NewAuditingConstruct 

func NewAuditingConstruct(scope constructs.Construct, id string, props *AuditingProps) *AuditingConstruct

NewAuditingConstruct creates a new auditing construct

func (*AuditingConstruct) AddCustomAuditRule 

func (a *AuditingConstruct) AddCustomAuditRule(ruleId string, logGroup awslogs.LogGroup, filterPattern string)

AddCustomAuditRule adds a custom audit rule

func (*AuditingConstruct) EnableSIEMIntegration 

func (a *AuditingConstruct) EnableSIEMIntegration(endpoint string)

EnableSIEMIntegration enables SIEM integration for audit logs

func (*AuditingConstruct) GetAuditStatus 

func (a *AuditingConstruct) GetAuditStatus() map[string]interface{}

GetAuditStatus returns the current audit status

type AuditingProps 

type AuditingProps struct {
	// Application name for resource naming
	AppName *string

	// Audit level - determines the scope of audit logging
	AuditLevel AuditLevel

	// Enable CloudTrail for API audit logging
	EnableCloudTrail *bool

	// Enable application-level audit logging
	EnableApplicationLogs *bool

	// Enable database audit logging
	EnableDatabaseLogs *bool

	// Enable real-time log processing
	EnableRealTimeProcessing *bool

	// Enable tamper protection for logs
	EnableTamperProtection *bool

	// Enable log aggregation across multiple regions
	EnableLogAggregation *bool

	// Log retention period in days
	LogRetentionDays *float64

	// Enable SIEM integration
	EnableSIEMIntegration *bool

	// SIEM endpoint URL for log forwarding
	SIEMEndpoint *string

	// Enable log analysis and anomaly detection
	EnableLogAnalysis *bool

	// Enable compliance reporting
	EnableComplianceReporting *bool

	// Environment for audit logging (dev, staging, prod)
	Environment *string

	// Enable log encryption
	EnableEncryption *bool

	// Custom KMS key for encryption
	EncryptionKey awskms.IKey

	// Custom S3 bucket for audit logs
	AuditBucket awss3.IBucket

	// Enable cross-account log sharing
	EnableCrossAccountAccess *bool

	// Cross-account role ARNs for log access
	CrossAccountRoleArns *[]*string

	// Enable audit trail integrity checking
	EnableIntegrityChecking *bool

	// Enable audit dashboard
	EnableDashboard *bool

	// Enable audit alerting
	EnableAlerting *bool

	// SNS topic ARN for audit alerts
	AlertTopicArn *string

	// Enable immutable audit logs
	EnableImmutableLogs *bool

	// Enable regulatory compliance features
	EnableRegulatoryCompliance *bool

	// Compliance frameworks to support
	ComplianceFrameworks *[]string
}

AuditingProps defines properties for the Auditing construct

type AuthorizationStrategy 

type AuthorizationStrategy string

AuthorizationStrategy defines authorization approach 

const (
	AuthorizationStrategy_NONE    AuthorizationStrategy = "NONE"
	AuthorizationStrategy_API_KEY AuthorizationStrategy = "API_KEY"
	AuthorizationStrategy_JWT     AuthorizationStrategy = "JWT"
	AuthorizationStrategy_COGNITO AuthorizationStrategy = "COGNITO"
	AuthorizationStrategy_CUSTOM  AuthorizationStrategy = "CUSTOM"
)

type CRUDOperation 

type CRUDOperation string

CRUDOperation defines CRUD operations 

const (
	CRUDOperation_CREATE CRUDOperation = "CREATE"
	CRUDOperation_READ   CRUDOperation = "READ"
	CRUDOperation_UPDATE CRUDOperation = "UPDATE"
	CRUDOperation_DELETE CRUDOperation = "DELETE"
	CRUDOperation_LIST   CRUDOperation = "LIST"
	CRUDOperation_SEARCH CRUDOperation = "SEARCH"
)

type CacheAlertThresholds 

type CacheAlertThresholds struct {
	HighCacheHitRatio *float64 // Alert if hit ratio above this
	LowCacheHitRatio  *float64 // Alert if hit ratio below this
	HighEvictionRate  *float64 // Alert if eviction rate above this
	HighMemoryUsage   *float64 // Alert if memory usage above this
	HighLatency       *float64 // Alert if latency above this (ms)
}

CacheAlertThresholds defines alert thresholds for cache monitoring

type CacheInvalidationStrategy 

type CacheInvalidationStrategy string

CacheInvalidationStrategy defines how cache invalidation works 

const (
	CacheInvalidationStrategy_TTL           CacheInvalidationStrategy = "TTL"
	CacheInvalidationStrategy_WRITE_THROUGH CacheInvalidationStrategy = "WRITE_THROUGH"
	CacheInvalidationStrategy_STREAM_BASED  CacheInvalidationStrategy = "STREAM_BASED"
	CacheInvalidationStrategy_MANUAL        CacheInvalidationStrategy = "MANUAL"
)

type CacheStrategy 

type CacheStrategy string

CacheStrategy defines the caching strategy to use 

const (
	CacheStrategy_IN_MEMORY CacheStrategy = "IN_MEMORY"
	CacheStrategy_REDIS     CacheStrategy = "REDIS"
	CacheStrategy_MEMORYDB  CacheStrategy = "MEMORYDB"
	CacheStrategy_HYBRID    CacheStrategy = "HYBRID"
)

type ComplianceFramework 

type ComplianceFramework string

ComplianceFramework defines the compliance framework to implement 

const (
	// SOC2 Service Organization Control 2
	SOC2 ComplianceFramework = "SOC2"
	// HIPAA Health Insurance Portability and Accountability Act
	HIPAA ComplianceFramework = "HIPAA"
	// PCI_DSS Payment Card Industry Data Security Standard
	PCI_DSS ComplianceFramework = "PCI_DSS"
	// ISO27001 Information Security Management System
	ISO27001 ComplianceFramework = "ISO27001"
	// FedRAMP Federal Risk and Authorization Management Program
	FedRAMP ComplianceFramework = "FedRAMP"
	// GDPR General Data Protection Regulation
	GDPR ComplianceFramework = "GDPR"
)

type ComplianceStack 

type ComplianceStack struct {
	constructs.Construct
	CloudTrail         awscloudtrail.Trail
	ConfigRecorder     awsconfig.CfnConfigurationRecorder
	GuardDutyDetector  awsguardduty.CfnDetector
	SecurityHub        awssecurityhub.CfnHub
	ComplianceBucket   awss3.Bucket
	EncryptionKey      awskms.Key
	ComplianceLogGroup awslogs.LogGroup
	ComplianceFunction awslambda.Function
}

ComplianceStack creates a comprehensive compliance stack

func NewComplianceStack 

func NewComplianceStack(scope constructs.Construct, id string, props *ComplianceStackProps) *ComplianceStack

NewComplianceStack creates a new compliance stack construct

func (*ComplianceStack) AddComplianceRule 

func (c *ComplianceStack) AddComplianceRule(ruleId string, ruleName string)

AddComplianceRule adds a new compliance rule to the stack

func (*ComplianceStack) GetComplianceStatus 

func (c *ComplianceStack) GetComplianceStatus() map[string]interface{}

GetComplianceStatus returns the current compliance status

type ComplianceStackProps 

type ComplianceStackProps struct {
	// Application name for resource naming
	AppName *string

	// Compliance frameworks to implement
	ComplianceFrameworks *[]ComplianceFramework

	// Enable CloudTrail logging
	EnableCloudTrail *bool

	// Enable AWS Config rules
	EnableConfig *bool

	// Enable GuardDuty threat detection
	EnableGuardDuty *bool

	// Enable Security Hub
	EnableSecurityHub *bool

	// Enable data encryption at rest
	EnableEncryption *bool

	// Data retention period in days
	DataRetentionDays *float64

	// Enable compliance reports
	EnableComplianceReports *bool

	// S3 bucket for compliance data
	ComplianceBucket awss3.IBucket

	// KMS key for encryption
	EncryptionKey awskms.IKey

	// CloudWatch log group for compliance logs
	ComplianceLogGroup awslogs.ILogGroup

	// Enable detailed access logging
	EnableDetailedLogging *bool

	// Enable audit trail
	EnableAuditTrail *bool

	// Environment for compliance (dev, staging, prod)
	Environment *string

	// Organization ID for multi-account setup
	OrganizationId *string

	// Enable compliance automation
	EnableAutomation *bool

	// Notification topic ARN for compliance alerts
	NotificationTopicArn *string
}

ComplianceStackProps defines properties for ComplianceStack

type ConnectionTable 

type ConnectionTable struct {
	*DynamORMTable
}

ConnectionTable is a DynamORM table for managing WebSocket connections

func NewConnectionTable 

func NewConnectionTable(scope constructs.Construct, id *string, props *ConnectionTableProps) *ConnectionTable

NewConnectionTable creates a new connection management table using DynamORM

func (*ConnectionTable) GetTenantIndexName 

func (c *ConnectionTable) GetTenantIndexName() *string

GetTenantIndexName returns the name of the tenant index

func (*ConnectionTable) GetUserIndexName 

func (c *ConnectionTable) GetUserIndexName() *string

GetUserIndexName returns the name of the user index

func (*ConnectionTable) GrantConnectionManagement 

func (c *ConnectionTable) GrantConnectionManagement(grantee awsiam.IGrantable)

GrantConnectionManagement grants permissions to manage WebSocket connections

type ConnectionTableProps 

type ConnectionTableProps struct {
	DynamORMTableProps
	// Enable user index for user-based queries
	EnableUserIndex *bool
	// Enable tenant index for multi-tenant support
	EnableTenantIndex *bool
}

ConnectionTableProps defines properties for the WebSocket connection table

type CorsConfig 

type CorsConfig struct {
	AllowOrigins     []string
	AllowMethods     []string
	AllowHeaders     []string
	ExposeHeaders    []string
	MaxAge           awscdk.Duration
	AllowCredentials bool
}

CorsConfig defines CORS settings

type CustomDomainConfig 

type CustomDomainConfig struct {
	DomainName     string
	CertificateArn string
	BasePath       string
}

CustomDomainConfig defines custom domain settings

type DynamORMCRUDAPI 

type DynamORMCRUDAPI struct {
	constructs.Construct

	// The DynamORM table
	Table *DynamORMTable

	// API Gateway REST API
	API awsapigateway.RestApi

	// Lambda functions for different operations
	CreateFunction *LiftFunction
	ReadFunction   *LiftFunction
	UpdateFunction *LiftFunction
	DeleteFunction *LiftFunction
	ListFunction   *LiftFunction
	SearchFunction *LiftFunction

	// API Gateway resources
	EntityResource awsapigateway.Resource
	ItemResource   awsapigateway.Resource

	// Optional cache
	Cache *DynamORMCache

	// CloudWatch metrics
	Metrics map[string]awscloudwatch.Metric

	// IAM execution role
	ExecutionRole awsiam.Role
	// contains filtered or unexported fields
}

DynamORMCRUDAPI provides a complete CRUD API for DynamORM tables

func NewDynamORMCRUDAPI 

func NewDynamORMCRUDAPI(scope constructs.Construct, id *string, props *DynamORMCRUDAPIProps) *DynamORMCRUDAPI

NewDynamORMCRUDAPI creates a new DynamORM CRUD API construct

func (*DynamORMCRUDAPI) GetAPI 

func (c *DynamORMCRUDAPI) GetAPI() awsapigateway.RestApi

GetAPI returns the API Gateway REST API

func (*DynamORMCRUDAPI) GetAPIURL 

func (c *DynamORMCRUDAPI) GetAPIURL() *string

GetAPIURL returns the API Gateway URL

func (*DynamORMCRUDAPI) GetCRUDMetrics 

func (c *DynamORMCRUDAPI) GetCRUDMetrics() map[string]awscloudwatch.Metric

GetCRUDMetrics returns CRUD CloudWatch metrics

func (*DynamORMCRUDAPI) GetCache 

func (c *DynamORMCRUDAPI) GetCache() *DynamORMCache

GetCache returns the cache (if enabled)

func (*DynamORMCRUDAPI) GetEntityEndpoint 

func (c *DynamORMCRUDAPI) GetEntityEndpoint() *string

GetEntityEndpoint returns the entity endpoint URL

func (*DynamORMCRUDAPI) GetExecutionRole 

func (c *DynamORMCRUDAPI) GetExecutionRole() awsiam.Role

GetExecutionRole returns the IAM execution role

func (*DynamORMCRUDAPI) GetTable 

func (c *DynamORMCRUDAPI) GetTable() *DynamORMTable

GetTable returns the DynamORM table

type DynamORMCRUDAPIProps 

type DynamORMCRUDAPIProps struct {
	// Required: The DynamORM table for CRUD operations
	DynamORMTable *DynamORMTable

	// API configuration
	APIName        *string
	APIDescription *string
	StageName      *string

	// Entity configuration
	EntityName     *string // Name of the entity (e.g., "User", "Order")
	EntityResource *string // API resource path (e.g., "/users", "/orders")
	PrimaryKey     *string // Primary key field name
	SortKey        *string // Sort key field name (optional)

	// CRUD operations to enable
	EnabledOperations []CRUDOperation

	// Validation configuration
	ValidationStrategy ValidationStrategy
	ValidationSchema   *string  // JSON schema for validation
	RequiredFields     []string // Required fields for create/update

	// Authorization configuration
	AuthorizationStrategy AuthorizationStrategy
	CognitoUserPool       *string // Cognito User Pool ID
	JWTSecret             *string // JWT secret for validation

	// Multi-tenant configuration
	EnableMultiTenant *bool   // Enable multi-tenant support
	TenantAttribute   *string // Tenant attribute name
	TenantFromAuth    *bool   // Extract tenant from auth context

	// Pagination configuration
	EnablePagination *bool // Enable pagination for list operations
	DefaultPageSize  *int  // Default page size
	MaxPageSize      *int  // Maximum page size

	// Search configuration
	EnableSearch     *bool    // Enable search operations
	SearchableFields []string // Fields that can be searched
	SearchIndexes    []string // GSI names for search

	// Caching configuration
	EnableCaching *bool // Enable response caching
	CacheConfig   *DynamORMCacheProps

	// Monitoring configuration
	EnableMetrics         *bool // Enable CloudWatch metrics
	EnableTracing         *bool // Enable X-Ray tracing
	EnableDetailedMetrics *bool // Enable detailed monitoring

	// Performance configuration
	BatchSize      *int // Batch size for list operations
	TimeoutSeconds *int // Lambda timeout in seconds

	// CORS configuration
	EnableCORS  *bool    // Enable CORS
	CORSOrigins []string // Allowed origins
	CORSMethods []string // Allowed methods
	CORSHeaders []string // Allowed headers

	// Rate limiting
	EnableRateLimit *bool // Enable rate limiting
	RateLimit       *int  // Requests per minute
	BurstLimit      *int  // Burst limit

	// Tags
	Tags *map[string]*string
}

DynamORMCRUDAPIProps defines properties for DynamORM CRUD API

type DynamORMCache 

type DynamORMCache struct {
	constructs.Construct

	// The DynamORM table being cached
	Table *DynamORMTable

	// MemoryDB cluster (if using MemoryDB)
	MemoryDBCluster awsmemorydb.CfnCluster

	// CloudWatch metrics
	Metrics map[string]awscloudwatch.Metric

	// IAM role for cache access
	CacheAccessRole awsiam.Role
	// contains filtered or unexported fields
}

DynamORMCache provides caching capabilities for DynamORM tables

func NewDynamORMCache 

func NewDynamORMCache(scope constructs.Construct, id *string, props *DynamORMCacheProps) *DynamORMCache

NewDynamORMCache creates a new DynamORM cache construct

func (*DynamORMCache) ConfigureCacheInvalidation 

func (d *DynamORMCache) ConfigureCacheInvalidation(streamProcessor *DynamORMStreamProcessor)

ConfigureCacheInvalidation configures cache invalidation based on DynamoDB streams

func (*DynamORMCache) GetCacheAccessRole 

func (d *DynamORMCache) GetCacheAccessRole() awsiam.Role

GetCacheAccessRole returns the IAM role for cache access

func (*DynamORMCache) GetCacheMetrics 

func (d *DynamORMCache) GetCacheMetrics() map[string]awscloudwatch.Metric

GetCacheMetrics returns cache CloudWatch metrics

func (*DynamORMCache) GetEnvironmentVariables 

func (d *DynamORMCache) GetEnvironmentVariables() *map[string]*string

GetEnvironmentVariables returns environment variables for Lambda functions

func (*DynamORMCache) GetMemoryDBCluster 

func (d *DynamORMCache) GetMemoryDBCluster() awsmemorydb.CfnCluster

GetMemoryDBCluster returns the MemoryDB cluster if using MemoryDB strategy

func (*DynamORMCache) GetTable 

func (d *DynamORMCache) GetTable() *DynamORMTable

GetTable returns the DynamORM table being cached

func (*DynamORMCache) GrantCacheAccess 

func (d *DynamORMCache) GrantCacheAccess(grantee awslambda.IFunction)

GrantCacheAccess grants cache access permissions to a Lambda function

type DynamORMCacheProps 

type DynamORMCacheProps struct {
	// Required: The DynamORM table to cache
	DynamORMTable *DynamORMTable

	// Caching strategy
	CacheStrategy CacheStrategy

	// Cache invalidation strategy
	InvalidationStrategy CacheInvalidationStrategy

	// In-memory cache configuration
	InMemoryConfig *InMemoryCacheConfig

	// Redis configuration (for external Redis)
	RedisConfig *RedisCacheConfig

	// MemoryDB configuration (for AWS MemoryDB)
	MemoryDBConfig *MemoryDBCacheConfig

	// Cache behavior settings
	DefaultTTL        awscdk.Duration // Default TTL for cached items
	MaxCacheSize      *int            // Maximum cache size (in-memory only)
	EnableMetrics     *bool           // Enable cache metrics
	EnableCompression *bool           // Enable cache value compression

	// Multi-tenant settings
	EnableTenantIsolation *bool   // Enable tenant-specific caching
	TenantAttribute       *string // Tenant attribute name

	// Performance settings
	PrefetchPatterns []string // Patterns to prefetch
	WarmupQueries    []string // Queries to run on startup

	// Monitoring
	EnableDetailedMetrics *bool // Enable detailed cache metrics
	AlertThresholds       *CacheAlertThresholds
}

DynamORMCacheProps defines properties for DynamORM caching

type DynamORMEventStore 

type DynamORMEventStore struct {
	constructs.Construct

	// Event table for storing events
	EventTable *DynamORMTable

	// Snapshot table for storing snapshots
	SnapshotTable *DynamORMTable

	// S3 bucket for archival (if enabled)
	ArchivalBucket awss3.IBucket

	// CloudWatch metrics
	Metrics map[string]awscloudwatch.Metric

	// IAM roles for different access patterns
	EventReaderRole     awsiam.Role
	EventWriterRole     awsiam.Role
	SnapshotManagerRole awsiam.Role
	// contains filtered or unexported fields
}

DynamORMEventStore provides event sourcing capabilities using DynamORM

func NewDynamORMEventStore 

func NewDynamORMEventStore(scope constructs.Construct, id *string, props *DynamORMEventStoreProps) *DynamORMEventStore

NewDynamORMEventStore creates a new DynamORM event store construct

func (*DynamORMEventStore) GetArchivalBucket 

func (e *DynamORMEventStore) GetArchivalBucket() awss3.IBucket

GetArchivalBucket returns the archival bucket

func (*DynamORMEventStore) GetEnvironmentVariables 

func (e *DynamORMEventStore) GetEnvironmentVariables() *map[string]*string

GetEnvironmentVariables returns environment variables for Lambda functions

func (*DynamORMEventStore) GetEventReaderRole 

func (e *DynamORMEventStore) GetEventReaderRole() awsiam.Role

GetEventReaderRole returns the event reader IAM role

func (*DynamORMEventStore) GetEventStoreMetrics 

func (e *DynamORMEventStore) GetEventStoreMetrics() map[string]awscloudwatch.Metric

GetEventStoreMetrics returns event store CloudWatch metrics

func (*DynamORMEventStore) GetEventTable 

func (e *DynamORMEventStore) GetEventTable() *DynamORMTable

GetEventTable returns the event table

func (*DynamORMEventStore) GetEventWriterRole 

func (e *DynamORMEventStore) GetEventWriterRole() awsiam.Role

GetEventWriterRole returns the event writer IAM role

func (*DynamORMEventStore) GetSnapshotManagerRole 

func (e *DynamORMEventStore) GetSnapshotManagerRole() awsiam.Role

GetSnapshotManagerRole returns the snapshot manager IAM role

func (*DynamORMEventStore) GetSnapshotTable 

func (e *DynamORMEventStore) GetSnapshotTable() *DynamORMTable

GetSnapshotTable returns the snapshot table

func (*DynamORMEventStore) GrantEventReaderAccess 

func (e *DynamORMEventStore) GrantEventReaderAccess(grantee awslambda.IFunction)

GrantEventReaderAccess grants event reader access to a Lambda function

func (*DynamORMEventStore) GrantEventWriterAccess 

func (e *DynamORMEventStore) GrantEventWriterAccess(grantee awslambda.IFunction)

GrantEventWriterAccess grants event writer access to a Lambda function

func (*DynamORMEventStore) GrantFullAccess 

func (e *DynamORMEventStore) GrantFullAccess(grantee awslambda.IFunction)

GrantFullAccess grants full event store access to a Lambda function

func (*DynamORMEventStore) GrantSnapshotManagerAccess 

func (e *DynamORMEventStore) GrantSnapshotManagerAccess(grantee awslambda.IFunction)

GrantSnapshotManagerAccess grants snapshot manager access to a Lambda function

type DynamORMEventStoreProps 

type DynamORMEventStoreProps struct {
	// Event store pattern
	Pattern EventStorePattern

	// Table configuration
	EventTableName    *string
	SnapshotTableName *string

	// Multi-tenant configuration
	EnableMultiTenant *bool
	TenantAttribute   *string

	// Event configuration
	EnableEventVersioning  *bool
	EnableEventEncryption  *bool
	EnableEventCompression *bool
	EventTTL               awscdk.Duration // TTL for old events

	// Snapshot configuration
	SnapshotStrategy     SnapshotStrategy
	SnapshotFrequency    *int            // Number of events between snapshots
	SnapshotSizeLimit    *int            // Size limit in KB for snapshots
	SnapshotTimeInterval awscdk.Duration // Time interval for snapshots
	SnapshotRetention    awscdk.Duration // How long to keep snapshots

	// Performance configuration
	EventStreamEnabled    *bool    // Enable DynamoDB streams for events
	SnapshotStreamEnabled *bool    // Enable DynamoDB streams for snapshots
	EnableAutoScaling     *bool    // Enable auto-scaling
	ReadCapacity          *float64 // Read capacity units
	WriteCapacity         *float64 // Write capacity units

	// Archival configuration
	EnableArchival *bool           // Enable event archival to S3
	ArchivalBucket awss3.IBucket   // S3 bucket for archival
	ArchivalAfter  awscdk.Duration // Archive events after this duration

	// Monitoring configuration
	EnableMetrics         *bool // Enable CloudWatch metrics
	EnableDetailedMetrics *bool // Enable detailed monitoring
	AlertThresholds       *EventStoreAlertThresholds

	// Security configuration
	EnableEncryption *bool   // Enable encryption at rest
	KMSKey           *string // KMS key for encryption

	// Query optimization
	EnableGSIs        *bool    // Enable Global Secondary Indexes
	ProjectionQueries []string // Queries for projection views

	// Tags
	Tags *map[string]*string
}

DynamORMEventStoreProps defines properties for DynamORM event store

type DynamORMModelSpec 

type DynamORMModelSpec struct {
	ModelName    string
	PartitionKey string
	SortKey      string
	GSIs         []GSISpec
	TTLAttribute string
	Attributes   map[string]string
}

DynamORMModelSpec defines expected model structure

type DynamORMStreamProcessor 

type DynamORMStreamProcessor struct {
	constructs.Construct

	// The Lambda function processing DynamoDB stream records
	Function *LiftFunction

	// The DynamORM table
	Table *DynamORMTable

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Event source mapping
	EventSource awslambdaeventsources.DynamoEventSource

	// SNS topic for alerts
	AlertTopic awssns.ITopic
	// contains filtered or unexported fields
}

DynamORMStreamProcessor represents a DynamORM table with stream processor

func NewDynamORMStreamProcessor 

func NewDynamORMStreamProcessor(scope constructs.Construct, id *string, props *DynamORMStreamProcessorProps) *DynamORMStreamProcessor

NewDynamORMStreamProcessor creates a new DynamORM stream processor construct

func (*DynamORMStreamProcessor) AddEnvironmentVariable 

func (d *DynamORMStreamProcessor) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*DynamORMStreamProcessor) AddEventFilter 

func (d *DynamORMStreamProcessor) AddEventFilter(filter StreamEventFilter)

AddEventFilter adds an event filter to the stream processor

func (*DynamORMStreamProcessor) ConfigureMultiTenantStreaming 

func (d *DynamORMStreamProcessor) ConfigureMultiTenantStreaming(tenantAttribute string)

ConfigureMultiTenantStreaming configures multi-tenant streaming patterns

func (*DynamORMStreamProcessor) EnableXRayTracing 

func (d *DynamORMStreamProcessor) EnableXRayTracing(serviceName string)

EnableXRayTracing enables X-Ray tracing for the stream processor

func (*DynamORMStreamProcessor) GetAlertTopic 

func (d *DynamORMStreamProcessor) GetAlertTopic() awssns.ITopic

GetAlertTopic returns the SNS alert topic

func (*DynamORMStreamProcessor) GetDeadLetterQueueUrl 

func (d *DynamORMStreamProcessor) GetDeadLetterQueueUrl() *string

GetDeadLetterQueueUrl returns the DLQ URL if enabled

func (*DynamORMStreamProcessor) GetDynamORMTable 

func (d *DynamORMStreamProcessor) GetDynamORMTable() *DynamORMTable

GetDynamORMTable returns the DynamORM table

func (*DynamORMStreamProcessor) GetFunction 

func (d *DynamORMStreamProcessor) GetFunction() *LiftFunction

GetFunction returns the Lambda function

func (*DynamORMStreamProcessor) GetStreamArn 

func (d *DynamORMStreamProcessor) GetStreamArn() *string

GetStreamArn returns the DynamoDB stream ARN

func (*DynamORMStreamProcessor) GetTableArn 

func (d *DynamORMStreamProcessor) GetTableArn() *string

GetTableArn returns the table ARN

func (*DynamORMStreamProcessor) GetTableName 

func (d *DynamORMStreamProcessor) GetTableName() *string

GetTableName returns the table name

func (*DynamORMStreamProcessor) GrantDynamORMAccess 

func (d *DynamORMStreamProcessor) GrantDynamORMAccess(grantee awslambda.IFunction)

GrantDynamORMAccess grants comprehensive DynamORM access to the stream processor

func (*DynamORMStreamProcessor) GrantStreamRead 

func (d *DynamORMStreamProcessor) GrantStreamRead(grantee awslambda.IFunction)

GrantStreamRead grants permission to read from the DynamoDB stream

func (*DynamORMStreamProcessor) GrantTenantIsolatedAccess 

func (d *DynamORMStreamProcessor) GrantTenantIsolatedAccess(grantee awslambda.IFunction, tenantAttribute string)

GrantTenantIsolatedAccess grants tenant-isolated access to the stream processor

func (*DynamORMStreamProcessor) SetupComprehensiveStreamProcessing 

func (d *DynamORMStreamProcessor) SetupComprehensiveStreamProcessing(serviceName string, enableXRay bool, customMetrics []string)

SetupComprehensiveStreamProcessing sets up all stream processing features

type DynamORMStreamProcessorProps 

type DynamORMStreamProcessorProps struct {
	// Lambda function properties
	FunctionProps awslambda.FunctionProps

	// DynamORMTable to attach stream processor to (required)
	DynamORMTable *DynamORMTable

	// Dead letter queue properties (optional)
	DeadLetterQueueProps *awssqs.QueueProps

	// Enable dead letter queue (default: true)
	EnableDeadLetterQueue *bool

	// DynamoDB Streams event source configuration
	EventSourceProps *awslambdaeventsources.DynamoEventSourceProps

	// Additional DynamoDB stream processor settings
	BatchSize               *float64                   // Default: 10
	MaxBatchingWindow       awscdk.Duration            // Default: 5 seconds
	StartingPosition        awslambda.StartingPosition // Default: LATEST
	MaxRecordAge            awscdk.Duration            // Default: 24 hours
	BisectBatchOnError      *bool                      // Default: false
	RetryAttempts           *float64                   // Default: 10000
	ReportBatchItemFailures *bool                      // Default: true
	TumblingWindow          awscdk.Duration            // For tumbling window processing
	ParallelizationFactor   *float64                   // Default: 1

	// DynamORM-specific settings
	EnableTracing     *bool
	EnableMultiTenant *bool
	EnableMonitoring  *bool
	TenantAttribute   *string // Default: "TenantID"

	// Event filtering and routing
	EventFilters   []StreamEventFilter  // Custom event filters
	ProcessingMode StreamProcessingMode // Default: SEQUENTIAL

	// Performance optimization
	EnableMetricsCollection *bool    // Default: true
	CustomMetrics           []string // Custom metrics to track
}

DynamORMStreamProcessorProps defines properties for a DynamORM stream processor

type DynamORMTable 

type DynamORMTable struct {
	Table awsdynamodb.Table
	// contains filtered or unexported fields
}

DynamORMTable is a DynamoDB table construct optimized for DynamORM

func NewDynamORMTable 

func NewDynamORMTable(scope constructs.Construct, id *string, props *DynamORMTableProps) *DynamORMTable

NewDynamORMTable creates a new DynamoDB table for DynamORM with standard configurations

func NewIdempotencyTable 

func NewIdempotencyTable(scope constructs.Construct, id *string, props *IdempotencyTableProps) *DynamORMTable

NewIdempotencyTable creates a DynamoDB table optimized for idempotency with DynamORM

func NewRateLimitTable 

func NewRateLimitTable(scope constructs.Construct, id *string, props *RateLimitTableProps) *DynamORMTable

NewRateLimitTable creates a DynamoDB table optimized for rate limiting with DynamORM

func (*DynamORMTable) AddCloudWatchAlarms 

func (t *DynamORMTable) AddCloudWatchAlarms(snsTopicArn *string) map[string]awscloudwatch.Alarm

AddCloudWatchAlarms adds comprehensive CloudWatch alarms for DynamORM table monitoring

func (*DynamORMTable) AddCloudWatchMetrics 

func (t *DynamORMTable) AddCloudWatchMetrics()

AddCloudWatchMetrics adds comprehensive CloudWatch metrics for DynamORM table monitoring

func (*DynamORMTable) AddDynamORMIndex 

func (t *DynamORMTable) AddDynamORMIndex(indexName string, pkAttr, skAttr *awsdynamodb.Attribute)

AddDynamORMIndex adds an index following DynamORM naming conventions

func (*DynamORMTable) AddDynamORMPermissions 

func (t *DynamORMTable) AddDynamORMPermissions(grantee awsiam.IGrantable)

AddDynamORMPermissions adds specific permissions required by DynamORM

func (*DynamORMTable) AddGSI 

func (t *DynamORMTable) AddGSI(props *GSIProps)

AddGSI adds a Global Secondary Index to the table with full attribute definitions

func (*DynamORMTable) AddTags 

func (t *DynamORMTable) AddTags(tags *map[string]*string)

AddTags adds tags to the table

func (*DynamORMTable) AddTenantEntityGSI 

func (t *DynamORMTable) AddTenantEntityGSI(tenantAttribute, entityType string)

AddTenantEntityGSI adds a GSI for efficient entity queries within tenant boundaries

func (*DynamORMTable) AddTenantScopedGSI 

func (t *DynamORMTable) AddTenantScopedGSI(indexName, tenantAttribute, entityAttribute string)

AddTenantScopedGSI adds a GSI with tenant isolation built-in

func (*DynamORMTable) AddTenantStatusGSI 

func (t *DynamORMTable) AddTenantStatusGSI(statusAttribute, tenantAttribute string)

AddTenantStatusGSI adds a GSI for status-based queries within tenant boundaries

func (*DynamORMTable) AddTenantTimeSeriesGSI 

func (t *DynamORMTable) AddTenantTimeSeriesGSI(tenantAttribute, timeAttribute string)

AddTenantTimeSeriesGSI adds a GSI for time-series queries within tenant boundaries

func (*DynamORMTable) AddXRayPermissions 

func (t *DynamORMTable) AddXRayPermissions(grantee awsiam.IGrantable)

AddXRayPermissions adds X-Ray permissions to a grantee

func (*DynamORMTable) AttachTenantBoundaryPolicy 

func (t *DynamORMTable) AttachTenantBoundaryPolicy(role awsiam.Role, tenantAttribute string)

AttachTenantBoundaryPolicy attaches a tenant boundary policy to a role

func (*DynamORMTable) ConfigureComprehensiveXRayTracing 

func (t *DynamORMTable) ConfigureComprehensiveXRayTracing(serviceName string, enableDebug bool)

ConfigureComprehensiveXRayTracing sets up complete X-Ray tracing

func (*DynamORMTable) ConfigureForDynamORM 

func (t *DynamORMTable) ConfigureForDynamORM()

ConfigureForDynamORM sets up standard DynamORM patterns

func (*DynamORMTable) ConfigureMultiTenant 

func (t *DynamORMTable) ConfigureMultiTenant(tenantAttribute string)

ConfigureMultiTenant sets up multi-tenant patterns with enhanced isolation

func (*DynamORMTable) ConfigureTenantMetrics 

func (t *DynamORMTable) ConfigureTenantMetrics(tenantAttribute string)

ConfigureTenantMetrics adds CloudWatch metrics with tenant dimensions

func (*DynamORMTable) ConfigureXRayServiceMap 

func (t *DynamORMTable) ConfigureXRayServiceMap(serviceName string)

ConfigureXRayServiceMap configures X-Ray service map for DynamORM

func (*DynamORMTable) CreateDynamORMAlarmDashboard 

func (t *DynamORMTable) CreateDynamORMAlarmDashboard(dashboardName string) awscloudwatch.Dashboard

CreateDynamORMAlarmDashboard creates a comprehensive CloudWatch dashboard for DynamORM table

func (*DynamORMTable) CreateTenantAdminPolicy 

func (t *DynamORMTable) CreateTenantAdminPolicy(tenantAttribute string) awsiam.PolicyDocument

CreateTenantAdminPolicy creates an admin IAM policy for tenant isolation

func (*DynamORMTable) CreateTenantBoundaryPolicy 

func (t *DynamORMTable) CreateTenantBoundaryPolicy(tenantAttribute string) awsiam.PolicyDocument

CreateTenantBoundaryPolicy creates a comprehensive IAM policy for tenant isolation

func (*DynamORMTable) CreateTenantReadOnlyPolicy 

func (t *DynamORMTable) CreateTenantReadOnlyPolicy(tenantAttribute string) awsiam.PolicyDocument

CreateTenantReadOnlyPolicy creates a read-only IAM policy for tenant isolation

func (*DynamORMTable) EnableAutoScaling 

func (t *DynamORMTable) EnableAutoScaling(minCapacity *float64, maxCapacity *float64, targetUtilization *float64)

EnableAutoScaling configures auto-scaling for the table

func (*DynamORMTable) EnableXRayTracing 

func (t *DynamORMTable) EnableXRayTracing()

EnableXRayTracing enables X-Ray tracing for DynamORM operations

func (*DynamORMTable) GetConstruct 

func (t *DynamORMTable) GetConstruct() constructs.Construct

GetConstruct returns the underlying CDK construct

func (*DynamORMTable) GetEnvironmentVariables 

func (t *DynamORMTable) GetEnvironmentVariables() *map[string]*string

GetEnvironmentVariables returns environment variables for Lambda functions

func (*DynamORMTable) GetResourceName 

func (d *DynamORMTable) GetResourceName() *string

GetResourceName returns the table name

func (*DynamORMTable) GetStreamArn 

func (t *DynamORMTable) GetStreamArn() *string

GetStreamArn returns the DynamoDB stream ARN if streams are enabled

func (*DynamORMTable) GetTable 

func (t *DynamORMTable) GetTable() awsdynamodb.Table

GetTable returns the underlying DynamoDB table

func (*DynamORMTable) GetTableArn 

func (t *DynamORMTable) GetTableArn() *string

GetTableArn returns the table ARN

func (*DynamORMTable) GetTableMetrics 

func (t *DynamORMTable) GetTableMetrics() map[string]awscloudwatch.Metric

GetTableMetrics returns CloudWatch metrics for the table

func (*DynamORMTable) GetTableName 

func (t *DynamORMTable) GetTableName() *string

GetTableName returns the table name

func (*DynamORMTable) GetTenantMetrics 

func (t *DynamORMTable) GetTenantMetrics() map[string]awscloudwatch.Metric

GetTenantMetrics returns tenant-specific CloudWatch metrics

func (*DynamORMTable) GetXRayEnvironmentVariables 

func (t *DynamORMTable) GetXRayEnvironmentVariables() *map[string]*string

GetXRayEnvironmentVariables returns environment variables for X-Ray tracing

func (*DynamORMTable) GetXRayPermissions 

func (t *DynamORMTable) GetXRayPermissions() awsiam.PolicyDocument

GetXRayPermissions returns IAM permissions needed for X-Ray tracing

func (*DynamORMTable) GrantRead 

func (t *DynamORMTable) GrantRead(grantee awsiam.IGrantable) awsiam.Grant

GrantRead grants read permissions to a grantee

func (*DynamORMTable) GrantReadWrite 

func (t *DynamORMTable) GrantReadWrite(grantee awsiam.IGrantable) awsiam.Grant

GrantReadWrite grants read/write permissions to a grantee

func (*DynamORMTable) GrantStream 

func (t *DynamORMTable) GrantStream(grantee awsiam.IGrantable) awsiam.Grant

GrantStream grants stream read permissions to a grantee

func (*DynamORMTable) GrantTenantAdminAccess 

func (t *DynamORMTable) GrantTenantAdminAccess(grantee awsiam.IGrantable, tenantAttribute string)

GrantTenantAdminAccess grants admin access within tenant boundaries

func (*DynamORMTable) GrantTenantIsolatedAccess 

func (t *DynamORMTable) GrantTenantIsolatedAccess(grantee awsiam.IGrantable, tenantAttribute string)

GrantTenantIsolatedAccess grants access with strict tenant isolation

func (*DynamORMTable) GrantTenantReadOnlyAccess 

func (t *DynamORMTable) GrantTenantReadOnlyAccess(grantee awsiam.IGrantable, tenantAttribute string)

GrantTenantReadOnlyAccess grants read-only access with tenant isolation

func (*DynamORMTable) GrantWrite 

func (t *DynamORMTable) GrantWrite(grantee awsiam.IGrantable) awsiam.Grant

GrantWrite grants write permissions to a grantee

func (*DynamORMTable) SetupComprehensiveMonitoring 

func (t *DynamORMTable) SetupComprehensiveMonitoring(snsTopicArn *string, dashboardName string) map[string]interface{}

SetupComprehensiveMonitoring sets up all monitoring features at once

func (*DynamORMTable) ValidateModelCompatibility 

func (t *DynamORMTable) ValidateModelCompatibility(spec DynamORMModelSpec) error

ValidateModelCompatibility checks if table matches DynamORM model

func (*DynamORMTable) ValidateTenantIsolation 

func (t *DynamORMTable) ValidateTenantIsolation(tenantAttribute string) error

ValidateTenantIsolation validates that tenant isolation is properly configured

type DynamORMTableProps 

type DynamORMTableProps struct {
	// Required
	PartitionKey *awsdynamodb.Attribute
	SortKey      *awsdynamodb.Attribute // Optional but common

	// Table configuration
	TableName           *string
	BillingMode         awsdynamodb.BillingMode
	PointInTimeRecovery *bool
	Stream              awsdynamodb.StreamViewType
	TimeToLiveAttribute *string
	DeletionProtection  *bool
	RemovalPolicy       awscdk.RemovalPolicy

	// DynamORM specific
	EnableMultiTenant *bool
	TenantAttribute   *string
	EnableVersioning  *bool
	EnableTimestamps  *bool

	// Capacity (for provisioned mode)
	ReadCapacity      *float64
	WriteCapacity     *float64
	EnableAutoScaling *bool

	// Tags
	Tags *map[string]*string
}

DynamORMTableProps extends DynamoDB table properties for DynamORM compatibility

type DynamoStreamProcessor 

type DynamoStreamProcessor struct {
	constructs.Construct

	// The Lambda function processing DynamoDB stream records
	Function *LiftFunction

	// The DynamORM streaming table
	StreamingTable *StreamingTable

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Event source mapping
	EventSource awslambdaeventsources.DynamoEventSource
}

DynamoStreamProcessor represents a DynamoDB table with stream processor using DynamORM

func NewDynamoStreamProcessor 

func NewDynamoStreamProcessor(scope constructs.Construct, id *string, props *DynamoStreamProcessorProps) *DynamoStreamProcessor

NewDynamoStreamProcessor creates a new DynamoDB stream processor construct using DynamORM

func (*DynamoStreamProcessor) AddEnvironmentVariable 

func (d *DynamoStreamProcessor) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*DynamoStreamProcessor) GetDeadLetterQueueUrl 

func (d *DynamoStreamProcessor) GetDeadLetterQueueUrl() *string

GetDeadLetterQueueUrl returns the DLQ URL if enabled

func (*DynamoStreamProcessor) GetStreamArn 

func (d *DynamoStreamProcessor) GetStreamArn() *string

GetStreamArn returns the DynamoDB stream ARN

func (*DynamoStreamProcessor) GetTableArn 

func (d *DynamoStreamProcessor) GetTableArn() *string

GetTableArn returns the table ARN

func (*DynamoStreamProcessor) GetTableName 

func (d *DynamoStreamProcessor) GetTableName() *string

GetTableName returns the table name

func (*DynamoStreamProcessor) GrantReadData 

func (d *DynamoStreamProcessor) GrantReadData(grantee awslambda.IFunction)

GrantReadData grants permission to read data from the table

func (*DynamoStreamProcessor) GrantReadWriteData 

func (d *DynamoStreamProcessor) GrantReadWriteData(grantee awslambda.IFunction)

GrantReadWriteData grants permission to read and write data to the table using DynamORM

func (*DynamoStreamProcessor) GrantStreamRead 

func (d *DynamoStreamProcessor) GrantStreamRead(grantee awslambda.IFunction)

GrantStreamRead grants permission to read from the DynamoDB stream

func (*DynamoStreamProcessor) GrantWriteData 

func (d *DynamoStreamProcessor) GrantWriteData(grantee awslambda.IFunction)

GrantWriteData grants permission to write data to the table

type DynamoStreamProcessorProps 

type DynamoStreamProcessorProps struct {
	// Lambda function properties
	FunctionProps awslambda.FunctionProps

	// DynamORM Streaming table properties (creates new table if not provided)
	StreamingTableProps *StreamingTableProps

	// Dead letter queue properties (optional)
	DeadLetterQueueProps *awssqs.QueueProps

	// Enable dead letter queue (default: true)
	EnableDeadLetterQueue *bool

	// DynamoDB Streams event source configuration
	EventSourceProps *awslambdaeventsources.DynamoEventSourceProps

	// Additional DynamoDB stream processor settings
	BatchSize               *float64                   // Default: 10
	MaxBatchingWindow       awscdk.Duration            // Default: 5 seconds
	StartingPosition        awslambda.StartingPosition // Default: LATEST
	MaxRecordAge            awscdk.Duration            // Default: 24 hours
	BisectBatchOnError      *bool                      // Default: false
	RetryAttempts           *float64                   // Default: 10000
	ReportBatchItemFailures *bool                      // Default: true
	TumblingWindow          awscdk.Duration            // For tumbling window processing
	ParallelizationFactor   *float64                   // Default: 1

	// Lift-specific settings
	EnableTracing     *bool
	EnableMultiTenant *bool
	EnableMonitoring  *bool
}

DynamoStreamProcessorProps defines properties for a DynamoDB stream processor

type EnhancedMonitoring 

type EnhancedMonitoring struct {
	constructs.Construct
	Metrics       map[string]awscloudwatch.IMetric
	Alarms        map[string]awscloudwatch.IAlarm
	Dashboard     awscloudwatch.Dashboard
	LogGroup      awslogs.LogGroup
	MetricFilters map[string]awslogs.MetricFilter
}

EnhancedMonitoring provides comprehensive monitoring with real CloudWatch metrics

func NewEnhancedMonitoring 

func NewEnhancedMonitoring(scope constructs.Construct, id *string, props *EnhancedMonitoringProps) *EnhancedMonitoring

NewEnhancedMonitoring creates a comprehensive monitoring construct

func (*EnhancedMonitoring) AddCustomAlarm 

func (m *EnhancedMonitoring) AddCustomAlarm(name string, alarm awscloudwatch.IAlarm)

AddCustomAlarm adds a custom alarm to the monitoring

func (*EnhancedMonitoring) AddCustomMetric 

func (m *EnhancedMonitoring) AddCustomMetric(name string, metric awscloudwatch.IMetric)

AddCustomMetric adds a custom metric to the monitoring

func (*EnhancedMonitoring) GetAlarm 

func (m *EnhancedMonitoring) GetAlarm(name string) awscloudwatch.IAlarm

GetAlarm returns a specific alarm by name

func (*EnhancedMonitoring) GetMetric 

func (m *EnhancedMonitoring) GetMetric(name string) awscloudwatch.IMetric

GetMetric returns a specific metric by name

type EnhancedMonitoringProps 

type EnhancedMonitoringProps struct {
	// Resource to monitor
	Resource MonitorableResource
	// Custom namespace for metrics
	Namespace *string
	// Alert configuration
	AlertTopic awssns.ITopic
	// Dashboard configuration
	DashboardName *string
	// Metric configuration
	MetricConfig *MetricConfiguration
	// Alarm thresholds
	AlarmThresholds *AlarmThresholds
	// Enable real-time streaming
	EnableRealTimeStreaming *bool
	// Environment tag
	Environment *string
}

EnhancedMonitoringProps defines properties for enhanced monitoring

type EnhancedSecurity 

type EnhancedSecurity struct {
	constructs.Construct
	SecurityGroup    awsec2.SecurityGroup
	WAF              awswafv2.CfnWebACL
	Secrets          map[string]awssecretsmanager.Secret
	VPCFlowLogsGroup awslogs.LogGroup
	SecurityMetrics  map[string]awscloudwatch.IMetric
	VPCEndpoints     map[string]awsec2.InterfaceVpcEndpoint
}

EnhancedSecurity provides comprehensive security features

func NewEnhancedSecurity 

func NewEnhancedSecurity(scope constructs.Construct, id *string, props *EnhancedSecurityProps) *EnhancedSecurity

NewEnhancedSecurity creates a comprehensive security construct

func (*EnhancedSecurity) AddCustomSecurityRule 

func (s *EnhancedSecurity) AddCustomSecurityRule(rule SecurityRule, direction string)

AddCustomSecurityRule adds a custom security rule to the security group

func (*EnhancedSecurity) GetSecret 

func (s *EnhancedSecurity) GetSecret(name string) awssecretsmanager.Secret

GetSecret returns a specific secret by name

func (*EnhancedSecurity) GetSecurityGroup 

func (s *EnhancedSecurity) GetSecurityGroup() awsec2.ISecurityGroup

GetSecurityGroup returns the security group

func (*EnhancedSecurity) GetSecurityMetric 

func (s *EnhancedSecurity) GetSecurityMetric(name string) awscloudwatch.IMetric

GetSecurityMetric returns a specific security metric by name

func (*EnhancedSecurity) GetVPCEndpoint 

func (s *EnhancedSecurity) GetVPCEndpoint(name string) awsec2.InterfaceVpcEndpoint

GetVPCEndpoint returns a specific VPC endpoint by name

func (*EnhancedSecurity) GetWAF 

func (s *EnhancedSecurity) GetWAF() awswafv2.CfnWebACL

GetWAF returns the WAF Web ACL

type EnhancedSecurityProps 

type EnhancedSecurityProps struct {
	// VPC configuration
	Vpc awsec2.IVpc
	// Allowed ingress rules
	IngressRules []SecurityRule
	// Allowed egress rules
	EgressRules []SecurityRule
	// WAF configuration
	EnableWAF *bool
	WAFConfig *WAFRuleConfig
	// Secrets to create
	Secrets []SecretConfig
	// Enable VPC Flow Logs
	EnableVPCFlowLogs *bool
	// Enable GuardDuty integration
	EnableGuardDuty *bool
	// Enable Security Hub integration
	EnableSecurityHub *bool
	// Enable Config rules
	EnableConfigRules *bool
	// Environment tag
	Environment *string
	// Application name
	ApplicationName *string
}

EnhancedSecurityProps defines properties for enhanced security

type EventBridgeHandler 

type EventBridgeHandler struct {
	constructs.Construct

	// The Lambda function handling events
	Function *LiftFunction

	// The EventBridge rule
	Rule awsevents.Rule

	// The event bus (default or custom)
	EventBus awsevents.IEventBus

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Lambda target
	Target awseventstargets.LambdaFunction
}

EventBridgeHandler represents an EventBridge rule with Lambda handler

func NewEventBridgeHandler 

func NewEventBridgeHandler(scope constructs.Construct, id *string, props *EventBridgeHandlerProps) (*EventBridgeHandler, error)

NewEventBridgeHandler creates a new EventBridge handler construct

func (*EventBridgeHandler) AddEnvironmentVariable 

func (e *EventBridgeHandler) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*EventBridgeHandler) AddEventPattern 

func (e *EventBridgeHandler) AddEventPattern(eventPattern *awsevents.EventPattern) error

AddEventPattern adds an event pattern to the rule Note: This method is deprecated as EventBridge patterns cannot be modified after rule creation. Create a new EventBridgeHandler with the desired pattern instead.

func (*EventBridgeHandler) DisableRule 

func (e *EventBridgeHandler) DisableRule() error

DisableRule disables the EventBridge rule Note: This method provides guidance for disabling the rule after deployment. To change rule state after deployment, use AWS CLI or AWS Console.

func (*EventBridgeHandler) EnableRule 

func (e *EventBridgeHandler) EnableRule() error

EnableRule enables the EventBridge rule Note: This method configures the rule to be enabled during deployment. To change rule state after deployment, use AWS CLI or AWS Console.

func (*EventBridgeHandler) GetEventBusArn 

func (e *EventBridgeHandler) GetEventBusArn() *string

GetEventBusArn returns the event bus ARN

func (*EventBridgeHandler) GetEventBusName 

func (e *EventBridgeHandler) GetEventBusName() *string

GetEventBusName returns the event bus name

func (*EventBridgeHandler) GetRuleArn 

func (e *EventBridgeHandler) GetRuleArn() *string

GetRuleArn returns the rule ARN

func (*EventBridgeHandler) GetRuleName 

func (e *EventBridgeHandler) GetRuleName() *string

GetRuleName returns the rule name

func (*EventBridgeHandler) GrantPutEvents 

func (e *EventBridgeHandler) GrantPutEvents(grantee awslambda.IFunction)

GrantPutEvents grants permission to put events to the event bus

type EventBridgeHandlerProps 

type EventBridgeHandlerProps struct {
	// Lambda function properties
	FunctionProps awslambda.FunctionProps

	// Event rule properties (optional - creates new rule if not provided)
	RuleProps *awsevents.RuleProps

	// Existing rule to use (optional - creates new if not provided)
	ExistingRule awsevents.Rule

	// Existing event bus to use (optional - uses default if not provided)
	ExistingEventBus awsevents.IEventBus

	// Event bus properties for creating a custom event bus
	EventBusProps *awsevents.EventBusProps

	// Event pattern for filtering events
	EventPattern *awsevents.EventPattern

	// Schedule expression for scheduled events (conflicts with EventPattern)
	ScheduleExpression *string

	// Lambda target properties
	TargetProps *awseventstargets.LambdaFunctionProps

	// Dead letter queue properties (optional)
	DeadLetterQueueProps *awssqs.QueueProps

	// Enable dead letter queue (default: true)
	EnableDeadLetterQueue *bool

	// Maximum event age in seconds (default: 3600)
	MaxEventAge awscdk.Duration

	// Retry attempts for failed invocations (default: 3)
	RetryAttempts *float64

	// Enable input transformation
	InputTransformation *awsevents.RuleTargetInput

	// Lift-specific settings
	EnableTracing     *bool
	EnableMultiTenant *bool
	EnableMonitoring  *bool

	// Cross-account event bus support
	CrossAccountEventBusArn *string
}

EventBridgeHandlerProps defines properties for an EventBridge handler

type EventRoutingTable 

type EventRoutingTable struct {
	*DynamORMTable
}

EventRoutingTable is a DynamORM table for managing event routing

func NewEventRoutingTable 

func NewEventRoutingTable(scope constructs.Construct, id *string, props *EventRoutingTableProps) *EventRoutingTable

NewEventRoutingTable creates a new event routing table using DynamORM

func (*EventRoutingTable) GetDateIndexName 

func (e *EventRoutingTable) GetDateIndexName() *string

GetDateIndexName returns the name of the date index

func (*EventRoutingTable) GetSourceIndexName 

func (e *EventRoutingTable) GetSourceIndexName() *string

GetSourceIndexName returns the name of the source index

func (*EventRoutingTable) GetStatusIndexName 

func (e *EventRoutingTable) GetStatusIndexName() *string

GetStatusIndexName returns the name of the status index

func (*EventRoutingTable) GrantEventManagement 

func (e *EventRoutingTable) GrantEventManagement(grantee awsiam.IGrantable)

GrantEventManagement grants permissions to manage events

type EventRoutingTableProps 

type EventRoutingTableProps struct {
	DynamORMTableProps
	// Enable source index for querying by event source
	EnableSourceIndex *bool
	// Enable status index for querying by processing status
	EnableStatusIndex *bool
	// Enable date index for time-based queries
	EnableDateIndex *bool
}

EventRoutingTableProps defines properties for the event routing table

type EventStoreAlertThresholds 

type EventStoreAlertThresholds struct {
	HighEventRate        *float64 // Events per second threshold
	HighErrorRate        *float64 // Error rate threshold
	HighLatency          *float64 // Latency threshold (ms)
	LowSnapshotFrequency *float64 // Minimum snapshot frequency
	HighStorageUsage     *float64 // Storage usage threshold (GB)
}

EventStoreAlertThresholds defines alert thresholds for event store monitoring

type EventStorePattern 

type EventStorePattern string

EventStorePattern defines the event store pattern to use 

const (
	EventStorePattern_SINGLE_TABLE    EventStorePattern = "SINGLE_TABLE"
	EventStorePattern_MULTI_TABLE     EventStorePattern = "MULTI_TABLE"
	EventStorePattern_AGGREGATE_TABLE EventStorePattern = "AGGREGATE_TABLE"
)

type GSIProps 

type GSIProps struct {
	// Index name
	IndexName *string
	// Partition key attribute definition
	PartitionKey *awsdynamodb.Attribute
	// Sort key attribute definition (optional)
	SortKey *awsdynamodb.Attribute
	// Projection type (defaults to ALL)
	ProjectionType awsdynamodb.ProjectionType
	// For composite keys
	CompositeFields []string // For dynamorm composite key support
}

GSIProps defines a Global Secondary Index for DynamORM

type GSISpec 

type GSISpec struct {
	IndexName    string
	PartitionKey string
	SortKey      string
}

GSISpec defines a GSI specification

type IdempotencyTableProps 

type IdempotencyTableProps struct {
	DynamORMTableProps
}

IdempotencyTableProps defines properties for creating a DynamORM-compatible idempotency table

type IdempotentFunction 

type IdempotentFunction struct {
	constructs.Construct
	Function         *LiftFunction
	IdempotencyTable *DynamORMTable
}

IdempotentFunction is a Lambda function with built-in idempotency support using DynamORM

func NewIdempotentFunction 

func NewIdempotentFunction(scope constructs.Construct, id *string, props *IdempotentFunctionProps) *IdempotentFunction

NewIdempotentFunction creates a Lambda function with idempotency capabilities

func (*IdempotentFunction) AddIdempotencyMetrics 

func (f *IdempotentFunction) AddIdempotencyMetrics(namespace *string)

AddIdempotencyMetrics adds CloudWatch metrics for idempotency operations

func (*IdempotentFunction) EnableTransactionSupport 

func (f *IdempotentFunction) EnableTransactionSupport()

EnableTransactionSupport adds permissions for DynamoDB transactions

func (*IdempotentFunction) GetFunction 

func (f *IdempotentFunction) GetFunction() awslambda.Function

GetFunction returns the underlying Lambda function

func (*IdempotentFunction) GetTable 

func (f *IdempotentFunction) GetTable() *DynamORMTable

GetTable returns the idempotency tracking DynamORM table

type IdempotentFunctionProps 

type IdempotentFunctionProps struct {
	LiftFunctionProps
	// How to extract the idempotency key
	KeyExtractor IdempotentKeyExtractor
	// Field name for key extraction (e.g., header name, body field, path param)
	KeyField *string
	// TTL for idempotency records in seconds (default 24 hours)
	TTLSeconds *float64
	// DynamoDB table name for idempotency tracking (optional - will create if not provided)
	TableName *string
	// Enable response caching
	EnableResponseCaching *bool
	// Maximum response size to cache in KB (default 400KB)
	MaxResponseSizeKB *float64
}

IdempotentFunctionProps extends LiftFunctionProps with idempotency configuration

type IdempotentKeyExtractor 

type IdempotentKeyExtractor string

IdempotentKeyExtractor defines how to extract idempotency keys 

const (
	// Extract from X-Idempotency-Key header
	IdempotentKeyHeader IdempotentKeyExtractor = "HEADER"
	// Extract from request body field
	IdempotentKeyBody IdempotentKeyExtractor = "BODY"
	// Extract from path parameter
	IdempotentKeyPath IdempotentKeyExtractor = "PATH"
	// Custom extraction logic in Lambda
	IdempotentKeyCustom IdempotentKeyExtractor = "CUSTOM"
)

type InMemoryCacheConfig 

type InMemoryCacheConfig struct {
	MaxSize          *int            // Maximum number of items
	TTL              awscdk.Duration // Time to live
	EvictionPolicy   *string         // LRU, LFU, FIFO
	ConcurrencyLevel *int            // Concurrency level for map
	EnableStatistics *bool           // Enable cache statistics
}

InMemoryCacheConfig defines in-memory cache configuration

type KinesisProcessor 

type KinesisProcessor struct {
	constructs.Construct
	Stream   awskinesis.IStream
	Function LiftFunction
	DLQ      awssqs.IQueue
	Consumer awskinesis.IStreamConsumer
}

KinesisProcessor creates a Kinesis stream with Lambda processor

func NewKinesisProcessor 

func NewKinesisProcessor(scope constructs.Construct, id *string, props *KinesisProcessorProps) *KinesisProcessor

NewKinesisProcessor creates a new Kinesis processor with Lambda function

func (*KinesisProcessor) AddConsumer 

func (k *KinesisProcessor) AddConsumer(id *string, consumerName *string) awskinesis.IStreamConsumer

AddConsumer adds an enhanced fan-out consumer to the stream

func (*KinesisProcessor) GetDLQUrl 

func (k *KinesisProcessor) GetDLQUrl() *string

GetDLQUrl returns the DLQ URL if DLQ is enabled

func (*KinesisProcessor) GetStreamArn 

func (k *KinesisProcessor) GetStreamArn() *string

GetStreamArn returns the Kinesis stream ARN

func (*KinesisProcessor) GetStreamName 

func (k *KinesisProcessor) GetStreamName() *string

GetStreamName returns the Kinesis stream name

func (*KinesisProcessor) GrantRead 

func (k *KinesisProcessor) GrantRead(grantee awsiam.IGrantable) awsiam.Grant

GrantRead grants read permissions to the stream

func (*KinesisProcessor) GrantReadWrite 

func (k *KinesisProcessor) GrantReadWrite(grantee awsiam.IGrantable) awsiam.Grant

GrantReadWrite grants read and write permissions to the stream

func (*KinesisProcessor) GrantWrite 

func (k *KinesisProcessor) GrantWrite(grantee awsiam.IGrantable) awsiam.Grant

GrantWrite grants write permissions to the stream

func (*KinesisProcessor) Metric 

func (k *KinesisProcessor) Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric

Metric returns a metric for the stream

func (*KinesisProcessor) MetricGetRecords 

func (k *KinesisProcessor) MetricGetRecords(props *awscloudwatch.MetricOptions) awscloudwatch.Metric

MetricGetRecords returns the GetRecords metric

func (*KinesisProcessor) MetricPutRecords 

func (k *KinesisProcessor) MetricPutRecords(props *awscloudwatch.MetricOptions) awscloudwatch.Metric

MetricPutRecords returns the PutRecords metric

type KinesisProcessorProps 

type KinesisProcessorProps struct {
	// The Lambda function configuration
	FunctionProps *LiftFunctionProps `field:"required"`

	// Optional: Stream configuration
	StreamProps *awskinesis.StreamProps `field:"optional"`

	// Optional: Use an existing stream instead of creating a new one
	ExistingStream awskinesis.IStream `field:"optional"`

	// Optional: Event source configuration
	EventSourceProps *awslambdaeventsources.KinesisEventSourceProps `field:"optional"`

	// Optional: Enable dead letter queue for failed records
	EnableDLQ *bool `field:"optional"`

	// Optional: DLQ configuration
	DLQProps *awssqs.QueueProps `field:"optional"`

	// Optional: Stream mode (provisioned or on-demand)
	StreamMode *awskinesis.StreamMode `field:"optional"`

	// Optional: Number of shards (for provisioned mode)
	ShardCount *float64 `field:"optional"`

	// Optional: Data retention period in hours (24-8760 hours)
	RetentionPeriodHours *float64 `field:"optional"`

	// Optional: Enable encryption
	Encryption *awskinesis.StreamEncryption `field:"optional"`

	// Optional: Enable enhanced fan-out
	EnableEnhancedFanOut *bool `field:"optional"`

	// Optional: Consumer name for enhanced fan-out
	ConsumerName *string `field:"optional"`

	// Optional: Batch size for processing (1-10000)
	BatchSize *float64 `field:"optional"`

	// Optional: Maximum batching window in seconds
	MaxBatchingWindowSeconds *float64 `field:"optional"`

	// Optional: Parallelization factor (1-10)
	ParallelizationFactor *float64 `field:"optional"`

	// Optional: Starting position
	StartingPosition *awslambda.StartingPosition `field:"optional"`

	// Optional: Maximum record age in seconds
	MaxRecordAgeSeconds *float64 `field:"optional"`

	// Optional: Bisect batch on function error
	BisectBatchOnError *bool `field:"optional"`

	// Optional: Maximum retry attempts
	RetryAttempts *float64 `field:"optional"`

	// Optional: Tumbling window in seconds
	TumblingWindowSeconds *float64 `field:"optional"`

	// Optional: Report batch item failures
	ReportBatchItemFailures *bool `field:"optional"`
}

KinesisProcessorProps defines the properties for creating a Kinesis processor

type LiftAPI 

type LiftAPI struct {
	constructs.Construct
	HttpAPI  awsapigatewayv2.HttpApi
	Stage    awsapigatewayv2.IHttpStage
	LogGroup awslogs.ILogGroup
}

LiftAPI is an API Gateway HTTP API construct for Lift applications

func NewLiftAPI 

func NewLiftAPI(scope constructs.Construct, id *string, props *LiftAPIProps) *LiftAPI

NewLiftAPI creates a new API Gateway HTTP API optimized for Lift

func (*LiftAPI) AddLambdaRoute 

func (api *LiftAPI) AddLambdaRoute(path *string, method awsapigatewayv2.HttpMethod, fn awslambda.IFunction)

AddLambdaRoute adds a Lambda function as a route to the API

func (*LiftAPI) AddLambdaRouteWithOptions 

func (api *LiftAPI) AddLambdaRouteWithOptions(path *string, method awsapigatewayv2.HttpMethod, fn awslambda.IFunction, options *RouteOptions)

AddLambdaRouteWithOptions adds a Lambda function as a route with additional options

func (*LiftAPI) AddRoutes 

func (api *LiftAPI) AddRoutes(routes map[string]map[string]awslambda.IFunction)

AddRoutes adds multiple routes from a route definition map

func (*LiftAPI) EnableApiKeyAuth 

func (api *LiftAPI) EnableApiKeyAuth() awsapigatewayv2.IHttpRouteAuthorizer

EnableApiKeyAuth enables API key authentication for the API

func (*LiftAPI) GetArn 

func (api *LiftAPI) GetArn() *string

GetArn returns the ARN of the API

func (*LiftAPI) GetResourceName 

func (l *LiftAPI) GetResourceName() *string

GetResourceName returns the API name

func (*LiftAPI) GetUrl 

func (api *LiftAPI) GetUrl() *string

GetUrl returns the URL of the API

func (*LiftAPI) GrantInvoke 

func (api *LiftAPI) GrantInvoke(grantee awsiam.IGrantable) awsiam.Grant

GrantInvoke grants invoke permissions to a principal

type LiftAPIProps 

type LiftAPIProps struct {
	// Name of the API
	Name *string
	// Description of the API
	Description *string
	// Enable CORS
	EnableCORS *bool
	// Custom domain name
	DomainName *string
	// Certificate ARN for custom domain
	CertificateArn *string
	// Enable access logging
	EnableAccessLogging *bool
	// CloudWatch log group for access logs
	AccessLogGroup awslogs.ILogGroup
	// Throttle settings
	ThrottleRateLimit  *float64
	ThrottleBurstLimit *float64
	// Stage name (defaults to $default)
	StageName *string
	// Enable detailed CloudWatch metrics
	EnableDetailedMetrics *bool
	// API Key configuration
	RequireApiKey *bool
	// Request/Response validation models
	RequestValidators map[string]*RequestValidator
	// Default authorizer for all routes
	DefaultAuthorizer awsapigatewayv2.IHttpRouteAuthorizer
}

LiftAPIProps defines properties for creating a Lift API Gateway

type LiftFunction 

type LiftFunction struct {
	constructs.Construct
	Function        awslambda.Function
	LogGroup        awslogs.LogGroup
	DeadLetterQueue awssqs.IQueue
}

LiftFunction is a Lambda function construct optimized for Lift applications

func NewLiftFunction 

func NewLiftFunction(scope constructs.Construct, id *string, props *LiftFunctionProps) *LiftFunction

NewLiftFunction creates a new Lift Lambda function with optimized defaults

func (*LiftFunction) AddEnvironment 

func (f *LiftFunction) AddEnvironment(key *string, value *string)

AddEnvironment adds an environment variable to the function

func (*LiftFunction) AddEventSource 

func (f *LiftFunction) AddEventSource(source awslambda.IEventSource)

AddEventSource adds an event source to the function

func (*LiftFunction) AddToRolePolicy 

func (f *LiftFunction) AddToRolePolicy(statement awsiam.PolicyStatement)

AddToRolePolicy adds a policy statement to the function's role

func (*LiftFunction) ConfigureDynamORM 

func (f *LiftFunction) ConfigureDynamORM(tableName *string, debug *bool)

ConfigureDynamORM adds DynamORM environment variables to an existing function

func (*LiftFunction) GetDeadLetterQueue 

func (f *LiftFunction) GetDeadLetterQueue() awssqs.IQueue

GetDeadLetterQueue returns the dead letter queue if configured

func (*LiftFunction) GetFunction 

func (f *LiftFunction) GetFunction() awslambda.Function

GetFunction returns the underlying Lambda function

func (*LiftFunction) GetLogGroup 

func (f *LiftFunction) GetLogGroup() awslogs.LogGroup

GetLogGroup returns the CloudWatch log group

func (*LiftFunction) GetResourceName 

func (l *LiftFunction) GetResourceName() *string

GetResourceName returns the function name

func (*LiftFunction) GrantInvoke 

func (f *LiftFunction) GrantInvoke(grantee awsiam.IGrantable) awsiam.Grant

GrantInvoke grants invoke permissions to the given principal

func (*LiftFunction) Metric 

func (f *LiftFunction) Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric

Metric returns a CloudWatch metric for this function

type LiftFunctionProps 

type LiftFunctionProps struct {
	awslambda.FunctionProps
	// EnableTracing enables X-Ray tracing for the function
	EnableTracing *bool
	// EnableMetrics enables CloudWatch metrics
	EnableMetrics *bool
	// EnableMultiTenant enables multi-tenant support
	EnableMultiTenant *bool
	// EnableDeadLetterQueue creates a DLQ for failed invocations
	EnableDeadLetterQueue *bool
	// DeadLetterQueue to use (optional - will create if not provided)
	DeadLetterQueue awssqs.IQueue
	// DeadLetterQueueMaxReceiveCount before sending to DLQ (default: 3)
	DeadLetterQueueMaxReceiveCount *float64
	// LogRetentionDays for CloudWatch Logs (default: 30)
	LogRetentionDays *float64
	// ReservedConcurrentExecutions to limit concurrent executions
	ReservedConcurrentExecutions *float64
	// EnableDynamORM configures DynamORM environment variables
	EnableDynamORM *bool
	// DynamORM table name (optional - for when using DynamORM)
	DynamORMTableName *string
	// DynamORM debug mode
	DynamORMDebug *bool
}

LiftFunctionProps extends standard Lambda function properties with Lift-specific configuration

type LiftTable 

type LiftTable struct {
	constructs.Construct
	Table awsdynamodb.Table
}

LiftTable is a DynamoDB table construct optimized for Lift applications

func NewLiftTable 

func NewLiftTable(scope constructs.Construct, id *string, props *LiftTableProps) *LiftTable

NewLiftTable creates a new DynamoDB table with Lift-optimized defaults

func (*LiftTable) GrantReadWrite 

func (t *LiftTable) GrantReadWrite(fn awslambda.IFunction)

GrantReadWrite grants read/write permissions to a Lambda function

type LiftTableProps 

type LiftTableProps struct {
	// Table name
	TableName *string
	// Enable multi-tenant partitioning
	EnableMultiTenant *bool
	// Enable point-in-time recovery
	EnablePointInTimeRecovery *bool
	// Enable DynamoDB Streams
	EnableStreams *bool
	// Stream view type
	StreamViewType awsdynamodb.StreamViewType
	// Time to live attribute name
	TimeToLiveAttribute *string
	// Enable auto-scaling
	EnableAutoScaling *bool
	// Read capacity (for provisioned mode)
	ReadCapacity *float64
	// Write capacity (for provisioned mode)
	WriteCapacity *float64
}

LiftTableProps extends DynamoDB table properties with Lift-specific configuration

type MemoryDBCacheConfig 

type MemoryDBCacheConfig struct {
	ClusterName      *string    // MemoryDB cluster name
	NodeType         *string    // Node type (e.g., db.t4g.small)
	NumShards        *int       // Number of shards
	ReplicasPerShard *int       // Replicas per shard
	ParameterGroup   *string    // Parameter group
	SecurityGroupIds *[]*string // Security group IDs
	SubnetGroupName  *string    // Subnet group name
}

MemoryDBCacheConfig defines AWS MemoryDB configuration

type MetricConfiguration 

type MetricConfiguration struct {
	// Enable detailed metrics
	DetailedMetrics *bool
	// Custom dimensions
	Dimensions *map[string]*string
	// Metric resolution (1 or 60 seconds)
	Resolution *float64
	// Percentiles to track
	Percentiles *[]*float64
	// Enable custom business metrics
	EnableBusinessMetrics *bool
}

MetricConfiguration defines advanced metric configuration

type MonitorableResource 

type MonitorableResource interface {
	// GetResourceName returns the name of the resource
	GetResourceName() *string
}

MonitorableResource interface for resources that can be monitored

type MonitoredFunction 

type MonitoredFunction struct {
	constructs.Construct
	Function  *LiftFunction
	LogGroup  awslogs.LogGroup
	Dashboard awscloudwatch.Dashboard
	Alarms    map[string]awscloudwatch.Alarm
}

MonitoredFunction is a Lambda function with comprehensive monitoring

func NewMonitoredFunction 

func NewMonitoredFunction(scope constructs.Construct, id *string, props *MonitoredFunctionProps) *MonitoredFunction

NewMonitoredFunction creates a Lambda function with comprehensive monitoring

func (*MonitoredFunction) AddCommonLogInsightsQueries 

func (f *MonitoredFunction) AddCommonLogInsightsQueries()

AddCommonLogInsightsQueries adds common CloudWatch Logs Insights queries

func (*MonitoredFunction) AddCustomMetric 

func (f *MonitoredFunction) AddCustomMetric(metricName *string, namespace *string, dimensions *map[string]*string) awscloudwatch.Metric

AddCustomMetric adds a custom metric to the dashboard

func (*MonitoredFunction) AddLogInsightsQuery 

func (f *MonitoredFunction) AddLogInsightsQuery(queryName *string, queryString *string)

AddLogInsightsQuery adds a CloudWatch Logs Insights query to the dashboard

func (*MonitoredFunction) GetAlarm 

func (f *MonitoredFunction) GetAlarm(name string) awscloudwatch.Alarm

GetAlarm returns a specific alarm by name

func (*MonitoredFunction) GetDashboard 

func (f *MonitoredFunction) GetDashboard() awscloudwatch.Dashboard

GetDashboard returns the CloudWatch dashboard

func (*MonitoredFunction) GetFunction 

func (f *MonitoredFunction) GetFunction() awslambda.Function

GetFunction returns the underlying Lambda function

func (*MonitoredFunction) GetLogGroup 

func (f *MonitoredFunction) GetLogGroup() awslogs.LogGroup

GetLogGroup returns the CloudWatch log group

type MonitoredFunctionProps 

type MonitoredFunctionProps struct {
	LiftFunctionProps
	// CloudWatch Logs retention in days
	LogRetentionDays *float64
	// Enable CloudWatch dashboard
	EnableDashboard *bool
	// Dashboard name (optional - will generate if not provided)
	DashboardName *string
	// Alarm configuration
	AlarmConfig *AlarmConfig
	// Custom metrics namespace
	MetricsNamespace *string
	// Enable enhanced monitoring (Lambda Insights)
	EnableLambdaInsights *bool
	// Log level (ERROR, WARN, INFO, DEBUG)
	LogLevel *string
	// Enable CloudWatch Logs Insights queries
	EnableLogInsightsQueries *bool
}

MonitoredFunctionProps extends LiftFunctionProps with monitoring configuration

type MultiTenantAPI 

type MultiTenantAPI struct {
	constructs.Construct
	API            awsapigatewayv2.HttpApi
	Function       *LiftFunction
	TenantTable    awsdynamodb.Table
	RateLimitTable awsdynamodb.Table
	WebACL         awswafv2.CfnWebACL
}

MultiTenantAPI creates an API Gateway with multi-tenant support

func NewMultiTenantAPI 

func NewMultiTenantAPI(scope constructs.Construct, id string, props *MultiTenantAPIProps) *MultiTenantAPI

NewMultiTenantAPI creates a new multi-tenant API construct

func (*MultiTenantAPI) AddTenantMetrics 

func (m *MultiTenantAPI) AddTenantMetrics(tenantId string)

AddTenantMetrics adds CloudWatch metrics for tenant usage

func (*MultiTenantAPI) GrantInvoke 

func (m *MultiTenantAPI) GrantInvoke(grantee awsiam.IGrantable) awsiam.Grant

GrantInvoke grants invoke permissions to the API

type MultiTenantAPIProps 

type MultiTenantAPIProps struct {
	// API name
	APIName *string

	// Lambda function code
	Code awslambda.Code

	// Lambda function handler
	Handler *string

	// Lambda function runtime
	Runtime awslambda.Runtime

	// Lambda function memory size
	MemorySize *float64

	// Lambda function timeout
	Timeout awscdk.Duration

	// Cognito user pool for authentication
	UserPool awscognito.IUserPool

	// Optional user pool client
	UserPoolClient awscognito.IUserPoolClient

	// Enable per-tenant rate limiting
	EnableTenantRateLimiting *bool

	// Rate limit per tenant (requests per 5 minutes)
	TenantRateLimit *float64

	// Enable tenant isolation via JWT claims
	EnableJWTTenantIsolation *bool

	// JWT claim for tenant ID
	TenantIDClaim *string

	// Enable header-based tenant isolation
	EnableHeaderTenantIsolation *bool

	// Header name for tenant ID
	TenantIDHeader *string

	// Enable path-based tenant isolation
	EnablePathTenantIsolation *bool

	// Enable WAF protection
	EnableWAF *bool

	// Enable detailed CloudWatch logging
	EnableDetailedLogging *bool

	// Enable request/response logging
	EnableAccessLogging *bool

	// Custom domain configuration
	CustomDomain *CustomDomainConfig

	// CORS configuration
	CorsConfig *CorsConfig

	// Throttling configuration
	ThrottleConfig *ThrottleConfig

	// Environment variables to pass to Lambda
	Environment map[string]*string
}

MultiTenantAPIProps defines properties for MultiTenantAPI

type RateLimitTableProps 

type RateLimitTableProps struct {
	DynamORMTableProps
}

RateLimitTableProps defines properties for creating a DynamORM-compatible rate limit table

type RateLimitType 

type RateLimitType string

RateLimitType defines the type of rate limiting 

const (
	RateLimitTypeIP     RateLimitType = "IP"
	RateLimitTypeUser   RateLimitType = "USER"
	RateLimitTypeTenant RateLimitType = "TENANT"
)

type RateLimitedFunction 

type RateLimitedFunction struct {
	constructs.Construct
	Function  *LiftFunction
	RateTable *DynamORMTable
	// contains filtered or unexported fields
}

RateLimitedFunction is a Lambda function with built-in rate limiting using DynamORM

func NewRateLimitedFunction 

func NewRateLimitedFunction(scope constructs.Construct, id *string, props *RateLimitedFunctionProps) *RateLimitedFunction

NewRateLimitedFunction creates a Lambda function with rate limiting capabilities

func (*RateLimitedFunction) AddRateLimitAlarm 

func (f *RateLimitedFunction) AddRateLimitAlarm(alarmName *string, threshold *float64) awscloudwatch.IAlarm

AddRateLimitAlarm adds a CloudWatch alarm for rate limit violations

func (*RateLimitedFunction) GetFunction 

func (f *RateLimitedFunction) GetFunction() awslambda.Function

GetFunction returns the underlying Lambda function

func (*RateLimitedFunction) GetTable 

func (f *RateLimitedFunction) GetTable() *DynamORMTable

GetTable returns the rate limiting DynamORM table

type RateLimitedFunctionProps 

type RateLimitedFunctionProps struct {
	LiftFunctionProps
	// Type of rate limiting (IP, User, or Tenant based)
	RateLimitType RateLimitType
	// Rate limit window in seconds
	WindowSeconds *float64
	// Maximum requests allowed in the window
	Limit *float64
	// DynamoDB table name for rate tracking (optional - will create if not provided)
	TableName *string
	// Enable CloudWatch metrics for rate limiting
	EnableMetrics *bool
}

RateLimitedFunctionProps extends LiftFunctionProps with rate limiting configuration

type RedisCacheConfig 

type RedisCacheConfig struct {
	Host              *string         // Redis host
	Port              *int            // Redis port
	Password          *string         // Redis password
	Database          *int            // Redis database number
	MaxConnections    *int            // Maximum connections
	ConnectionTimeout awscdk.Duration // Connection timeout
	EnableTLS         *bool           // Enable TLS
}

RedisCacheConfig defines Redis cache configuration

type RequestTrackingTable 

type RequestTrackingTable struct {
	*DynamORMTable
}

RequestTrackingTable is a DynamORM table for tracking API requests and their async processing

func NewRequestTrackingTable 

func NewRequestTrackingTable(scope constructs.Construct, id *string, props *RequestTrackingTableProps) *RequestTrackingTable

NewRequestTrackingTable creates a new request tracking table using DynamORM

func (*RequestTrackingTable) GetCorrelationIndexName 

func (r *RequestTrackingTable) GetCorrelationIndexName() *string

GetCorrelationIndexName returns the name of the correlation index

func (*RequestTrackingTable) GetStatusIndexName 

func (r *RequestTrackingTable) GetStatusIndexName() *string

GetStatusIndexName returns the name of the status index

func (*RequestTrackingTable) GetTimestampIndexName 

func (r *RequestTrackingTable) GetTimestampIndexName() *string

GetTimestampIndexName returns the name of the timestamp index

func (*RequestTrackingTable) GetUserIndexName 

func (r *RequestTrackingTable) GetUserIndexName() *string

GetUserIndexName returns the name of the user index

type RequestTrackingTableProps 

type RequestTrackingTableProps struct {
	DynamORMTableProps
	// Enable correlation index for querying by correlation ID
	EnableCorrelationIndex *bool
	// Enable status index for querying by request status
	EnableStatusIndex *bool
	// Enable user index for querying by user ID
	EnableUserIndex *bool
	// Enable timestamp index for time-based queries
	EnableTimestampIndex *bool
}

RequestTrackingTableProps defines properties for the request tracking table

type RequestValidator 

type RequestValidator struct {
	// Validate request body
	ValidateBody *bool
	// Validate request parameters
	ValidateParameters *bool
	// JSON schema for body validation
	BodySchema interface{}
}

RequestValidator defines validation rules for API requests

type RouteOptions 

type RouteOptions struct {
	// Authorizer for this route
	Authorizer awsapigatewayv2.IHttpRouteAuthorizer
	// Request validation
	RequestValidator *RequestValidator
	// Route-specific throttling
	ThrottleRateLimit  *float64
	ThrottleBurstLimit *float64
}

RouteOptions defines options for API routes

type S3EventFilter 

type S3EventFilter struct {
	Prefix *string
	Suffix *string
}

S3EventFilter defines event filtering options

type S3Processor 

type S3Processor struct {
	constructs.Construct

	// The Lambda function processing S3 events
	Function *LiftFunction

	// The S3 bucket
	Bucket awss3.IBucket

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Event source mapping
	EventSource awslambdaeventsources.S3EventSource

	// Replication bucket (if cross-region replication is enabled)
	ReplicationBucket awss3.IBucket
}

S3Processor represents an S3 bucket with Lambda processor

func NewS3Processor 

func NewS3Processor(scope constructs.Construct, id *string, props *S3ProcessorProps) *S3Processor

NewS3Processor creates a new S3 processor construct

func (*S3Processor) AddCorsRule 

func (s *S3Processor) AddCorsRule(rule *awss3.CorsRule)

AddCorsRule adds a CORS rule to the bucket

func (*S3Processor) AddEnvironmentVariable 

func (s *S3Processor) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*S3Processor) EnableCORS 

func (s *S3Processor) EnableCORS(rules []*awss3.CorsRule)

EnableCORS enables CORS on the bucket

func (*S3Processor) GetBucketArn 

func (s *S3Processor) GetBucketArn() *string

GetBucketArn returns the bucket ARN

func (*S3Processor) GetBucketDomainName 

func (s *S3Processor) GetBucketDomainName() *string

GetBucketDomainName returns the bucket domain name

func (*S3Processor) GetBucketName 

func (s *S3Processor) GetBucketName() *string

GetBucketName returns the bucket name

func (*S3Processor) GrantDelete 

func (s *S3Processor) GrantDelete(grantee awslambda.IFunction)

GrantDelete grants permission to delete objects from the bucket

func (*S3Processor) GrantRead 

func (s *S3Processor) GrantRead(grantee awslambda.IFunction)

GrantRead grants permission to read from the bucket

func (*S3Processor) GrantReadWrite 

func (s *S3Processor) GrantReadWrite(grantee awslambda.IFunction)

GrantReadWrite grants permission to read and write to the bucket

func (*S3Processor) GrantWrite 

func (s *S3Processor) GrantWrite(grantee awslambda.IFunction)

GrantWrite grants permission to write to the bucket

func (*S3Processor) SetBucketPolicy 

func (s *S3Processor) SetBucketPolicy(policy map[string]interface{})

SetBucketPolicy sets a bucket policy

type S3ProcessorProps 

type S3ProcessorProps struct {
	// Lambda function properties
	FunctionProps awslambda.FunctionProps

	// S3 bucket properties (optional - creates new bucket if not provided)
	BucketProps *awss3.BucketProps

	// Existing bucket to use (optional - creates new if not provided)
	ExistingBucket awss3.IBucket

	// S3 event types to process (default: ObjectCreated)
	EventTypes *[]awss3.EventType

	// Key prefix filter for S3 events (optional)
	KeyPrefix *string

	// Key suffix filter for S3 events (optional)
	KeySuffix *string

	// Dead letter queue properties (optional)
	DeadLetterQueueProps *awssqs.QueueProps

	// Enable dead letter queue (default: true)
	EnableDeadLetterQueue *bool

	// S3 event source configuration
	EventSourceProps *awslambdaeventsources.S3EventSourceProps

	// Additional S3 processor settings
	BatchSize         *float64        // Default: 10
	MaxBatchingWindow awscdk.Duration // Default: 5 seconds

	// Multi-region support
	CrossRegionReplication *bool
	ReplicationBucket      awss3.IBucket

	// Lifecycle rules
	EnableLifecycleRules *bool
	LifecycleRules       *[]*awss3.LifecycleRule

	// External bucket support
	ExternalBucket awss3.IBucket

	// Event filtering
	EventFilter *S3EventFilter

	// Access logging
	EnableAccessLogging *bool
	AccessLogsBucket    awss3.IBucket
	AccessLogsPrefix    *string

	// Versioning and backup
	EnableVersioning *bool
	EnableBackup     *bool

	// Lift-specific settings
	EnableTracing     *bool
	EnableMultiTenant *bool
	EnableMonitoring  *bool
}

S3ProcessorProps defines properties for an S3 processor

type SNSProcessor 

type SNSProcessor struct {
	constructs.Construct
	Topic    awssns.ITopic
	Function LiftFunction
	DLQ      awssqs.IQueue
}

SNSProcessor creates an SNS topic with Lambda processor and optional DLQ

func NewSNSProcessor 

func NewSNSProcessor(scope constructs.Construct, id *string, props *SNSProcessorProps) *SNSProcessor

NewSNSProcessor creates a new SNS processor with Lambda function

func (*SNSProcessor) AddSubscription 

func (s *SNSProcessor) AddSubscription(subscription awssns.ITopicSubscription) awssns.Subscription

AddSubscription adds a new subscription to the topic

func (*SNSProcessor) GetDLQUrl 

func (s *SNSProcessor) GetDLQUrl() *string

GetDLQUrl returns the DLQ URL if DLQ is enabled

func (*SNSProcessor) GetTopicArn 

func (s *SNSProcessor) GetTopicArn() *string

GetTopicArn returns the SNS topic ARN

func (*SNSProcessor) GetTopicName 

func (s *SNSProcessor) GetTopicName() *string

GetTopicName returns the SNS topic name

func (*SNSProcessor) GrantPublish 

func (s *SNSProcessor) GrantPublish(grantee awsiam.IGrantable) awsiam.Grant

GrantPublish grants SNS publish permissions to a principal

func (*SNSProcessor) GrantSubscribe 

func (s *SNSProcessor) GrantSubscribe(grantee awsiam.IGrantable) awsiam.Grant

GrantSubscribe grants SNS subscribe permissions to a principal

type SNSProcessorProps 

type SNSProcessorProps struct {
	// The Lambda function configuration
	FunctionProps *LiftFunctionProps `field:"required"`

	// Optional: Topic configuration
	TopicProps *awssns.TopicProps `field:"optional"`

	// Optional: Use an existing topic instead of creating a new one
	ExistingTopic awssns.ITopic `field:"optional"`

	// Optional: SNS subscription configuration
	SubscriptionProps *awslambdaeventsources.SnsEventSourceProps `field:"optional"`

	// Optional: Enable dead letter queue for failed messages
	EnableDLQ *bool `field:"optional"`

	// Optional: DLQ configuration
	DLQProps *awssqs.QueueProps `field:"optional"`

	// Optional: Message filtering policy
	FilterPolicy *map[string]awssns.SubscriptionFilter `field:"optional"`

	// Optional: Enable FIFO topic
	EnableFifo *bool `field:"optional"`

	// Optional: Enable content-based deduplication
	ContentBasedDeduplication *bool `field:"optional"`

	// Optional: Message retention period in seconds (1 hour to 14 days)
	MessageRetentionSeconds *float64 `field:"optional"`

	// Optional: Display name for the topic
	DisplayName *string `field:"optional"`

	// Optional: Subscription protocol (defaults to lambda)
	Protocol *string `field:"optional"`

	// Optional: Raw message delivery
	RawMessageDelivery *bool `field:"optional"`
}

SNSProcessorProps defines the properties for creating an SNS processor

type SQSProcessor 

type SQSProcessor struct {
	constructs.Construct

	// The Lambda function processing SQS messages
	Function *LiftFunction

	// The SQS queue
	Queue awssqs.IQueue

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Event source mapping
	EventSource awslambdaeventsources.SqsEventSource
}

SQSProcessor represents an SQS queue with Lambda processor

func NewSQSProcessor 

func NewSQSProcessor(scope constructs.Construct, id *string, props *SQSProcessorProps) *SQSProcessor

NewSQSProcessor creates a new SQS processor construct

func (*SQSProcessor) AddEnvironmentVariable 

func (s *SQSProcessor) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*SQSProcessor) GetQueueArn 

func (s *SQSProcessor) GetQueueArn() *string

GetQueueArn returns the queue ARN

func (*SQSProcessor) GetQueueName 

func (s *SQSProcessor) GetQueueName() *string

GetQueueName returns the queue name

func (*SQSProcessor) GetQueueUrl 

func (s *SQSProcessor) GetQueueUrl() *string

GetQueueUrl returns the queue URL

func (*SQSProcessor) GrantConsumeMessages 

func (s *SQSProcessor) GrantConsumeMessages(grantee awslambda.IFunction)

GrantConsumeMessages grants permission to consume messages from the queue

func (*SQSProcessor) GrantSendMessages 

func (s *SQSProcessor) GrantSendMessages(grantee awslambda.IFunction)

GrantSendMessages grants permission to send messages to the queue

type SQSProcessorProps 

type SQSProcessorProps struct {
	// Lambda function properties
	FunctionProps awslambda.FunctionProps

	// SQS queue properties (optional - creates new queue if not provided)
	QueueProps *awssqs.QueueProps

	// Existing queue to use (optional - creates new if not provided)
	ExistingQueue awssqs.IQueue

	// Dead letter queue properties (optional)
	DeadLetterQueueProps *awssqs.QueueProps

	// Enable dead letter queue (default: true)
	EnableDeadLetterQueue *bool

	// SQS event source configuration
	EventSourceProps *awslambdaeventsources.SqsEventSourceProps

	// Additional SQS processor settings
	BatchSize                       *float64        // Default: 10
	MaxBatchingWindow               awscdk.Duration // Default: 5 seconds
	VisibilityTimeout               awscdk.Duration // Default: 6 times function timeout
	MessageRetentionPeriod          awscdk.Duration // Default: 14 days
	MaxReceiveCount                 *float64        // Default: 3
	EnableContentBasedDeduplication *bool           // For FIFO queues
	FifoQueue                       *bool           // Default: false
	ReceiveMessageWaitTimeSeconds   *float64        // For long polling (0-20)

	// Lift-specific settings
	EnableTracing     *bool
	EnableMultiTenant *bool
	EnableMonitoring  *bool
}

SQSProcessorProps defines properties for an SQS processor

type SecretConfig 

type SecretConfig struct {
	Name             string
	Description      string
	Template         string
	GenerateKey      string
	ExcludeChars     string
	Length           float64
	EnableRotation   bool
	RotationLambda   awslambda.IFunction
	RotationSchedule *awssecretsmanager.RotationScheduleOptions
}

SecretConfig defines configuration for secrets

type SecureFunction 

type SecureFunction struct {
	constructs.Construct
	Function      *LiftFunction
	SecurityGroup awsec2.ISecurityGroup
	KmsKey        awskms.IKey
	Vpc           awsec2.IVpc
	VpcEndpoints  map[string]awsec2.InterfaceVpcEndpoint
}

SecureFunction is a Lambda function with enhanced security features

func NewSecureFunction 

func NewSecureFunction(scope constructs.Construct, id *string, props *SecureFunctionProps) *SecureFunction

NewSecureFunction creates a Lambda function with enhanced security

func (*SecureFunction) AddVPCEndpoint 

func (f *SecureFunction) AddVPCEndpoint(service awsec2.InterfaceVpcEndpointAwsService) awsec2.InterfaceVpcEndpoint

AddVPCEndpoint adds a VPC endpoint for an AWS service

func (*SecureFunction) EnableSecretsManagerAccess 

func (f *SecureFunction) EnableSecretsManagerAccess()

EnableSecretsManagerAccess adds VPC endpoint and permissions for Secrets Manager

func (*SecureFunction) GetFunction 

func (f *SecureFunction) GetFunction() awslambda.Function

GetFunction returns the underlying Lambda function

func (*SecureFunction) GetKmsKey 

func (f *SecureFunction) GetKmsKey() awskms.IKey

GetKmsKey returns the KMS key used for encryption

func (*SecureFunction) GetSecurityGroup 

func (f *SecureFunction) GetSecurityGroup() awsec2.ISecurityGroup

GetSecurityGroup returns the security group

func (*SecureFunction) RestrictInboundAccess 

func (f *SecureFunction) RestrictInboundAccess()

RestrictInboundAccess removes all inbound rules from the security group

type SecureFunctionProps 

type SecureFunctionProps struct {
	LiftFunctionProps
	// VPC to deploy the function in (optional - will create if not provided)
	Vpc awsec2.IVpc
	// VPC subnets to use (defaults to private subnets)
	VpcSubnets *awsec2.SubnetSelection
	// Security group IDs to attach
	SecurityGroupIds *[]*string
	// Enable KMS encryption for environment variables
	EnableKMSEncryption *bool
	// KMS key for encryption (optional - will create if not provided)
	KmsKey awskms.IKey
	// Secrets to inject from Secrets Manager
	Secrets *map[string]awssecretsmanager.ISecret
	// Enable private endpoints only (no internet access)
	PrivateOnly *bool
	// Additional security policies to attach
	AdditionalPolicies *[]awsiam.PolicyStatement
}

SecureFunctionProps extends LiftFunctionProps with security configuration

type SecurityRule 

type SecurityRule struct {
	Port        float64
	Protocol    awsec2.Protocol
	Source      awsec2.IPeer
	Description string
	RuleAction  string // "allow" or "deny"
}

SecurityRule defines a network security rule

type SnapshotStrategy 

type SnapshotStrategy string

SnapshotStrategy defines how snapshots are handled 

const (
	SnapshotStrategy_DISABLED   SnapshotStrategy = "DISABLED"
	SnapshotStrategy_FREQUENCY  SnapshotStrategy = "FREQUENCY"
	SnapshotStrategy_SIZE_BASED SnapshotStrategy = "SIZE_BASED"
	SnapshotStrategy_TIME_BASED SnapshotStrategy = "TIME_BASED"
)

type StreamEventFilter 

type StreamEventFilter struct {
	EventName        *string           // INSERT, MODIFY, REMOVE
	AttributeFilters map[string]string // Attribute filters
	TenantFilter     *string           // Filter by tenant ID
}

StreamEventFilter defines event filtering criteria

type StreamProcessingMode 

type StreamProcessingMode string

StreamProcessingMode defines how events are processed 

const (
	StreamProcessingMode_SEQUENTIAL StreamProcessingMode = "SEQUENTIAL"
	StreamProcessingMode_PARALLEL   StreamProcessingMode = "PARALLEL"
	StreamProcessingMode_BATCHED    StreamProcessingMode = "BATCHED"
)

type StreamingTable 

type StreamingTable struct {
	*DynamORMTable
}

StreamingTable is a DynamORM table with DynamoDB Streams enabled

func NewStreamingTable 

func NewStreamingTable(scope constructs.Construct, id *string, props *StreamingTableProps) *StreamingTable

NewStreamingTable creates a new DynamoDB table with streams using DynamORM

func (*StreamingTable) GetStreamArn 

func (s *StreamingTable) GetStreamArn() *string

GetStreamArn returns the DynamoDB stream ARN

func (*StreamingTable) GrantStreamRead 

func (s *StreamingTable) GrantStreamRead(grantee awsiam.IGrantable) awsiam.Grant

GrantStreamRead grants stream read permissions using DynamORM methods

type StreamingTableProps 

type StreamingTableProps struct {
	DynamORMTableProps
	// Stream view type (NEW_IMAGE, OLD_IMAGE, NEW_AND_OLD_IMAGES, KEYS_ONLY)
	StreamViewType awsdynamodb.StreamViewType
	// Enable stream encryption (defaults to true)
	EnableStreamEncryption *bool
}

StreamingTableProps extends DynamORMTableProps for streaming tables

type ThrottleConfig 

type ThrottleConfig struct {
	RateLimit  float64
	BurstLimit float64
}

ThrottleConfig defines throttling settings

type ValidationStrategy 

type ValidationStrategy string

ValidationStrategy defines validation approach 

const (
	ValidationStrategy_STRICT     ValidationStrategy = "STRICT"
	ValidationStrategy_PERMISSIVE ValidationStrategy = "PERMISSIVE"
	ValidationStrategy_CUSTOM     ValidationStrategy = "CUSTOM"
)

type WAFCustomRule 

type WAFCustomRule struct {
	Name        string
	Priority    float64
	Statement   string
	Action      string
	Description string
}

WAFCustomRule defines a custom WAF rule

type WAFRuleConfig 

type WAFRuleConfig struct {
	EnableRateLimit      *bool
	RateLimit            *float64
	EnableSQLiProtection *bool
	EnableXSSProtection  *bool
	EnableKnownBadInputs *bool
	CustomRules          *[]WAFCustomRule
	IPWhitelist          *[]*string
	IPBlacklist          *[]*string
	GeoBlocking          *[]string
}

WAFRuleConfig defines WAF rule configuration

type WebSocketAPI 

type WebSocketAPI struct {
	constructs.Construct

	// The WebSocket API
	WebSocketApi awsapigatewayv2.WebSocketApi

	// The stage
	Stage awsapigatewayv2.WebSocketStage

	// Lambda functions for different routes
	ConnectFunction    *LiftFunction
	DisconnectFunction *LiftFunction
	DefaultFunction    *LiftFunction

	// Connection management table (DynamORM-based)
	ConnectionTable *ConnectionTable

	// Routes map
	Routes map[string]awsapigatewayv2.WebSocketRoute

	// Access log group
	AccessLogGroup awslogs.ILogGroup
}

WebSocketAPI represents a WebSocket API Gateway with Lambda integration

func NewWebSocketAPI 

func NewWebSocketAPI(scope constructs.Construct, id *string, props *WebSocketAPIProps) *WebSocketAPI

NewWebSocketAPI creates a new WebSocket API construct using DynamORM

func (*WebSocketAPI) AddEnvironmentVariable 

func (w *WebSocketAPI) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to all WebSocket functions

func (*WebSocketAPI) AddRoute 

func (w *WebSocketAPI) AddRoute(routeKey string, function awslambda.IFunction, config *WebSocketRouteConfig) awsapigatewayv2.WebSocketRoute

AddRoute adds a new route to the WebSocket API

func (*WebSocketAPI) GetConnectionTableName 

func (w *WebSocketAPI) GetConnectionTableName() *string

GetConnectionTableName returns the connection table name

func (*WebSocketAPI) GetWebSocketURL 

func (w *WebSocketAPI) GetWebSocketURL() *string

GetWebSocketURL returns the WebSocket URL

func (*WebSocketAPI) GrantApiInvoke 

func (w *WebSocketAPI) GrantApiInvoke(grantee awsiam.IGrantable) awsiam.Grant

GrantApiInvoke grants permission to invoke the WebSocket API

func (*WebSocketAPI) GrantConnectionManagement 

func (w *WebSocketAPI) GrantConnectionManagement(grantee awsiam.IGrantable) awsiam.Grant

GrantConnectionManagement grants permissions to manage WebSocket connections

type WebSocketAPIProps 

type WebSocketAPIProps struct {
	// API name
	ApiName *string
	// API description
	Description *string
	// Route selection expression (default: "$request.body.action")
	RouteSelectionExpression *string

	// Lambda function properties for handlers
	FunctionProps awslambda.FunctionProps

	// Connection management table properties (uses DynamORM)
	ConnectionTableProps *ConnectionTableProps
	// Enable automatic connection management
	EnableConnectionManagement *bool

	// WebSocket route configurations
	Routes []*WebSocketRouteConfig

	// Default route function (for unmatched routes)
	DefaultRouteFunction awslambda.IFunction

	// Connect route function ($connect)
	ConnectRouteFunction awslambda.IFunction

	// Disconnect route function ($disconnect)
	DisconnectRouteFunction awslambda.IFunction

	// Stage configuration
	StageName *string
	// Auto deploy stage
	AutoDeploy *bool

	// Access logging
	EnableAccessLogging *bool
	AccessLogGroup      awslogs.ILogGroup

	// Throttling
	ThrottleRateLimit  *float64
	ThrottleBurstLimit *float64

	// Default authorizer for all routes
	DefaultAuthorizer awsapigatewayv2.IWebSocketRouteAuthorizer

	// Lift-specific settings
	EnableTracing         *bool
	EnableMultiTenant     *bool
	EnableMonitoring      *bool
	EnableDeadLetterQueue *bool
}

WebSocketAPIProps defines properties for a WebSocket API

type WebSocketRouteConfig 

type WebSocketRouteConfig struct {
	// Route key (e.g., "$connect", "$disconnect", "$default", "custom")
	RouteKey *string
	// Lambda function for this route
	Function awslambda.IFunction
	// Whether this route requires authorization
	RequireAuthorization *bool
	// Custom authorizer for this route
	Authorizer awsapigatewayv2.IWebSocketRouteAuthorizer
}

WebSocketRouteConfig defines configuration for WebSocket routes

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.