constructs

package
v1.0.61 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 2, 2025 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PermissionRead grants read-only access
	PermissionRead = "read"
	// PermissionReadWrite grants read and write access
	PermissionReadWrite = "readwrite"
)

Permission constants for Lambda functions

Variables

This section is empty.

Functions

func AddStandardLambdaAlarms added in v1.0.58 

func AddStandardLambdaAlarms(scope constructs.Construct, namePrefix string, fn awslambda.IFunction)

AddStandardLambdaAlarms creates common Lambda alarms (errors, throttles, duration).

func CORSExposeHeaders added in v1.0.60 

func CORSExposeHeaders() *[]*string

CORSExposeHeaders returns standard CORS expose headers

func CORSHeaders added in v1.0.60 

func CORSHeaders() *[]*string

CORSHeaders returns standard CORS headers used across all API types

func CORSMethods added in v1.0.60 

func CORSMethods() []string

CORSMethods returns standard CORS methods

func CreateAPILogGroup added in v1.0.60 

func CreateAPILogGroup(scope constructs.Construct, apiName *string, existingLogGroup awslogs.ILogGroup) awslogs.ILogGroup

CreateAPILogGroup creates a CloudWatch log group for API access logs

func CreateStandardLambdaFunction added in v1.0.58 

func CreateStandardLambdaFunction(scope constructs.Construct, id string, bucket awss3.Bucket, encryptionKey awskms.Key, config LambdaFunctionConfig) awslambda.Function

CreateStandardLambdaFunction creates a Lambda function with common configurations

func EnableS3LambdaMonitoring added in v1.0.58 

func EnableS3LambdaMonitoring(scope constructs.Construct, bucketName *string, fn awslambda.IFunction)

EnableS3LambdaMonitoring adds standard alarms plus concurrency alarm for S3 processors.

func EnableStreamLambdaMonitoring added in v1.0.58 

func EnableStreamLambdaMonitoring(scope constructs.Construct, tableName *string, fn awslambda.IFunction)

EnableStreamLambdaMonitoring adds standard alarms plus iterator age for stream processors.

func GenerateCRUDHandlerCode 

func GenerateCRUDHandlerCode(operation string) string

GenerateCRUDHandlerCode generates the Lambda handler code for a CRUD operation This is exported for use in CDK constructs

func SplitPath added in v1.0.60 

func SplitPath(path string) []string

SplitPath splits a URL path into segments

Types

type APICommonProps added in v1.0.60 

type APICommonProps struct {
	// Name of the API
	Name *string
	// Description of the API
	Description *string
	// Enable CORS
	EnableCORS *bool
	// CORS allowed origins (defaults to ["*"] if not specified)
	AllowOrigins *[]*string
	// Custom domain name
	DomainName *string
	// Certificate ARN for custom domain
	CertificateArn *string
	// Enable access logging
	EnableAccessLogging *bool
	// CloudWatch log group for access logs
	AccessLogGroup awslogs.ILogGroup
	// Throttle settings
	ThrottleRateLimit  *float64
	ThrottleBurstLimit *float64
	// Stage name
	StageName *string
}

APICommonProps contains shared properties for both REST and HTTP APIs

type APIKeyAuthorizer 

type APIKeyAuthorizer struct {
	constructs.Construct
	Authorizer        awsapigatewayv2.IHttpRouteAuthorizer
	ValidatorFunction awslambda.IFunction
}

APIKeyAuthorizer provides API key authentication for HTTP APIs

func NewAPIKeyAuthorizer 

func NewAPIKeyAuthorizer(scope constructs.Construct, id *string, props *APIKeyAuthorizerProps) *APIKeyAuthorizer

NewAPIKeyAuthorizer creates a new API key authorizer

type APIKeyAuthorizerProps 

type APIKeyAuthorizerProps struct {
	// API key parameter source (header or query)
	APIKeySource *string `json:"apiKeySource"`
	// Parameter name (e.g., "X-API-Key" for header or "apiKey" for query)
	APIKeyParameter *string `json:"apiKeyParameter"`
	// Optional function to validate API keys (if not provided, creates one)
	ValidatorFunction awslambda.IFunction `json:"validatorFunction"`
	// DynamoDB table name for storing API keys (optional)
	APIKeyTableName *string `json:"apiKeyTableName"`
	// Cache results for this many seconds (0-3600)
	ResultsCacheTtl *float64 `json:"resultsCacheTtl"`
}

APIKeyAuthorizerProps defines properties for the API key authorizer

type AlarmConfig 

type AlarmConfig struct {
	// Enable error rate alarm
	EnableErrorAlarm *bool
	// Error rate threshold (percentage)
	ErrorRateThreshold *float64
	// Enable latency alarm
	EnableLatencyAlarm *bool
	// Latency threshold in milliseconds
	LatencyThreshold *float64
	// Enable throttle alarm
	EnableThrottleAlarm *bool
	// Throttle count threshold
	ThrottleThreshold *float64
	// Enable concurrent executions alarm
	EnableConcurrentAlarm *bool
	// Concurrent executions threshold
	ConcurrentThreshold *float64
	// SNS topic for alarm notifications
	AlarmTopic awssns.ITopic
}

AlarmConfig defines configuration for CloudWatch alarms

type AlarmThresholds 

type AlarmThresholds struct {
	// Error rate threshold (percentage)
	ErrorRate *float64
	// Latency threshold (milliseconds)
	LatencyP99 *float64
	// Throttle count threshold
	ThrottleCount *float64
	// Concurrent executions threshold
	ConcurrentExecutions *float64
	// Custom thresholds
	CustomThresholds *map[string]*float64
}

AlarmThresholds defines threshold configuration for alarms

type AuditLevel 

type AuditLevel string

AuditLevel defines the level of audit logging 

const (
	// AuditLevelBasic provides basic audit logging
	AuditLevelBasic AuditLevel = "BASIC"
	// AuditLevelDetailed provides detailed audit logging
	AuditLevelDetailed AuditLevel = "DETAILED"
	// AuditLevelComprehensive provides comprehensive audit logging
	AuditLevelComprehensive AuditLevel = "COMPREHENSIVE"
)

type AuditingConstruct 

type AuditingConstruct struct {
	AuditLogGroup awslogs.LogGroup
	constructs.Construct
	EncryptionKey          awskms.Key
	CloudTrail             awscloudtrail.Trail
	ApplicationLogGroup    awslogs.LogGroup
	DatabaseLogGroup       awslogs.LogGroup
	AuditBucket            awss3.Bucket
	LogProcessingFunction  awslambda.Function
	AuditDashboard         awscloudwatch.Dashboard
	FirehoseDeliveryStream awskinesisfirehose.CfnDeliveryStream
	LogStream              awskinesis.Stream
	ComplianceFunction     awslambda.Function
	IntegrityFunction      awslambda.Function
	AuditAlarms            []awscloudwatch.Alarm
}

AuditingConstruct creates comprehensive audit logging infrastructure

func NewAuditingConstruct 

func NewAuditingConstruct(scope constructs.Construct, id string, props *AuditingProps) *AuditingConstruct

NewAuditingConstruct creates a new auditing construct

func (*AuditingConstruct) AddCustomAuditRule 

func (a *AuditingConstruct) AddCustomAuditRule(ruleId string, logGroup awslogs.LogGroup, filterPattern string)

AddCustomAuditRule adds a custom audit rule

func (*AuditingConstruct) EnableSIEMIntegration 

func (a *AuditingConstruct) EnableSIEMIntegration(_ string)

EnableSIEMIntegration enables SIEM integration for audit logs

func (*AuditingConstruct) GetAuditStatus 

func (a *AuditingConstruct) GetAuditStatus() map[string]interface{}

GetAuditStatus returns the current audit status

type AuditingProps 

type AuditingProps struct {
	EncryptionKey              awskms.IKey
	AuditBucket                awss3.IBucket
	EnableComplianceReporting  *bool
	EnableImmutableLogs        *bool
	EnableDatabaseLogs         *bool
	EnableRealTimeProcessing   *bool
	EnableTamperProtection     *bool
	EnableLogAggregation       *bool
	LogRetentionDays           *float64
	EnableSIEMIntegration      *bool
	SIEMEndpoint               *string
	EnableLogAnalysis          *bool
	ComplianceFrameworks       *[]string
	EnableApplicationLogs      *bool
	AppName                    *string
	EnableCloudTrail           *bool
	EnableEncryption           *bool
	EnableCrossAccountAccess   *bool
	CrossAccountRoleArns       *[]*string
	EnableIntegrityChecking    *bool
	EnableDashboard            *bool
	EnableAlerting             *bool
	AlertTopicArn              *string
	Environment                *string
	EnableRegulatoryCompliance *bool
	AuditLevel                 AuditLevel
}

AuditingProps defines properties for the Auditing construct

type BaseManagementTableProps added in v1.0.58 

type BaseManagementTableProps struct {
	// Table name
	TableName *string
	// TTL attribute name for automatic cleanup
	TimeToLiveAttribute *string
	// Default table name if not provided
	DefaultTableName string
}

BaseManagementTableProps defines common properties for management tables

type ComplianceFramework 

type ComplianceFramework string

ComplianceFramework defines the compliance framework to implement 

const (
	// SOC2 Service Organization Control 2
	SOC2 ComplianceFramework = "SOC2"
	// HIPAA Health Insurance Portability and Accountability Act
	HIPAA ComplianceFramework = "HIPAA"
	// PCI_DSS Payment Card Industry Data Security Standard
	PCI_DSS ComplianceFramework = "PCI_DSS"
	// ISO27001 Information Security Management System
	ISO27001 ComplianceFramework = "ISO27001"
	// FedRAMP Federal Risk and Authorization Management Program
	FedRAMP ComplianceFramework = "FedRAMP"
	// GDPR General Data Protection Regulation
	GDPR ComplianceFramework = "GDPR"
)

type ComplianceStack 

type ComplianceStack struct {
	constructs.Construct
	CloudTrail         awscloudtrail.Trail
	ConfigRecorder     awsconfig.CfnConfigurationRecorder
	GuardDutyDetector  awsguardduty.CfnDetector
	SecurityHub        awssecurityhub.CfnHub
	ComplianceBucket   awss3.Bucket
	EncryptionKey      awskms.Key
	ComplianceLogGroup awslogs.LogGroup
	ComplianceFunction awslambda.Function
}

ComplianceStack creates a comprehensive compliance stack

func NewComplianceStack 

func NewComplianceStack(scope constructs.Construct, id string, props *ComplianceStackProps) *ComplianceStack

NewComplianceStack creates a new compliance stack construct

func (*ComplianceStack) AddComplianceRule 

func (c *ComplianceStack) AddComplianceRule(ruleId string, ruleName string)

AddComplianceRule adds a new compliance rule to the stack

func (*ComplianceStack) GetComplianceStatus 

func (c *ComplianceStack) GetComplianceStatus() map[string]interface{}

GetComplianceStatus returns the current compliance status

type ComplianceStackProps 

type ComplianceStackProps struct {
	// Application name for resource naming
	AppName *string

	// Compliance frameworks to implement
	ComplianceFrameworks *[]ComplianceFramework

	// Enable CloudTrail logging
	EnableCloudTrail *bool

	// Enable AWS Config rules
	EnableConfig *bool

	// Enable GuardDuty threat detection
	EnableGuardDuty *bool

	// Enable Security Hub
	EnableSecurityHub *bool

	// Enable data encryption at rest
	EnableEncryption *bool

	// Data retention period in days
	DataRetentionDays *float64

	// Enable compliance reports
	EnableComplianceReports *bool

	// S3 bucket for compliance data
	ComplianceBucket awss3.IBucket

	// KMS key for encryption
	EncryptionKey awskms.IKey

	// CloudWatch log group for compliance logs
	ComplianceLogGroup awslogs.ILogGroup

	// Enable detailed access logging
	EnableDetailedLogging *bool

	// Enable audit trail
	EnableAuditTrail *bool

	// Environment for compliance (dev, staging, prod)
	Environment *string

	// Organization ID for multi-account setup
	OrganizationId *string

	// Enable compliance automation
	EnableAutomation *bool

	// Notification topic ARN for compliance alerts
	NotificationTopicArn *string
}

ComplianceStackProps defines properties for ComplianceStack

type ConnectionTable 

type ConnectionTable struct {
	*LiftTable
	// contains filtered or unexported fields
}

ConnectionTable is a table for managing WebSocket connections

func NewConnectionTable 

func NewConnectionTable(scope constructs.Construct, id *string, props *ConnectionTableProps) *ConnectionTable

NewConnectionTable creates a new connection management table The table uses pk/sk for connection_id and metadata storage GSIs should be defined in your DynamORM model structs

func (*ConnectionTable) GrantConnectionManagement 

func (c *ConnectionTable) GrantConnectionManagement(grantee awsiam.IGrantable)

GrantConnectionManagement grants permissions to manage WebSocket connections

type ConnectionTableProps 

type ConnectionTableProps struct {
	// Table name
	TableName *string
	// Enable TTL for automatic connection cleanup
	TimeToLiveAttribute *string
}

ConnectionTableProps defines properties for the WebSocket connection table

type DynamORMEventStore 

type DynamORMEventStore struct {
	constructs.Construct

	// Event table for storing events
	EventTable *LiftTable

	// Snapshot table for storing snapshots
	SnapshotTable *LiftTable

	// S3 bucket for archival (if enabled)
	ArchivalBucket awss3.IBucket

	// CloudWatch metrics
	Metrics map[string]awscloudwatch.Metric

	// IAM roles for different access patterns
	EventReaderRole     awsiam.Role
	EventWriterRole     awsiam.Role
	SnapshotManagerRole awsiam.Role
	// contains filtered or unexported fields
}

DynamORMEventStore provides event sourcing capabilities using DynamORM

func NewDynamORMEventStore 

func NewDynamORMEventStore(scope constructs.Construct, id *string, props *DynamORMEventStoreProps) *DynamORMEventStore

NewDynamORMEventStore creates a new DynamORM event store construct

func (*DynamORMEventStore) GetArchivalBucket 

func (e *DynamORMEventStore) GetArchivalBucket() awss3.IBucket

GetArchivalBucket returns the archival bucket

func (*DynamORMEventStore) GetEnvironmentVariables 

func (e *DynamORMEventStore) GetEnvironmentVariables() *map[string]*string

GetEnvironmentVariables returns environment variables for Lambda functions

func (*DynamORMEventStore) GetEventReaderRole 

func (e *DynamORMEventStore) GetEventReaderRole() awsiam.Role

GetEventReaderRole returns the event reader IAM role

func (*DynamORMEventStore) GetEventStoreMetrics 

func (e *DynamORMEventStore) GetEventStoreMetrics() map[string]awscloudwatch.Metric

GetEventStoreMetrics returns event store CloudWatch metrics

func (*DynamORMEventStore) GetEventTable 

func (e *DynamORMEventStore) GetEventTable() *LiftTable

GetEventTable returns the event table

func (*DynamORMEventStore) GetEventWriterRole 

func (e *DynamORMEventStore) GetEventWriterRole() awsiam.Role

GetEventWriterRole returns the event writer IAM role

func (*DynamORMEventStore) GetSnapshotManagerRole 

func (e *DynamORMEventStore) GetSnapshotManagerRole() awsiam.Role

GetSnapshotManagerRole returns the snapshot manager IAM role

func (*DynamORMEventStore) GetSnapshotTable 

func (e *DynamORMEventStore) GetSnapshotTable() *LiftTable

GetSnapshotTable returns the snapshot table

func (*DynamORMEventStore) GrantEventReaderAccess 

func (e *DynamORMEventStore) GrantEventReaderAccess(grantee awslambda.IFunction)

GrantEventReaderAccess grants event reader access to a Lambda function

func (*DynamORMEventStore) GrantEventWriterAccess 

func (e *DynamORMEventStore) GrantEventWriterAccess(grantee awslambda.IFunction)

GrantEventWriterAccess grants event writer access to a Lambda function

func (*DynamORMEventStore) GrantFullAccess 

func (e *DynamORMEventStore) GrantFullAccess(grantee awslambda.IFunction)

GrantFullAccess grants full event store access to a Lambda function

func (*DynamORMEventStore) GrantSnapshotManagerAccess 

func (e *DynamORMEventStore) GrantSnapshotManagerAccess(grantee awslambda.IFunction)

GrantSnapshotManagerAccess grants snapshot manager access to a Lambda function

type DynamORMEventStoreProps 

type DynamORMEventStoreProps struct {
	ArchivalAfter          awscdk.Duration
	ArchivalBucket         awss3.IBucket
	EventTTL               awscdk.Duration
	SnapshotTimeInterval   awscdk.Duration
	SnapshotRetention      awscdk.Duration
	SnapshotFrequency      *int
	EnableEventEncryption  *bool
	Tags                   *map[string]*string
	EventTableName         *string
	SnapshotTableName      *string
	TenantAttribute        *string
	KMSKey                 *string
	ReadCapacity           *float64
	WriteCapacity          *float64
	EnableGSIs             *bool
	SnapshotSizeLimit      *int
	EnableMultiTenant      *bool
	EnableEventVersioning  *bool
	AlertThresholds        *EventStoreAlertThresholds
	EnableEventCompression *bool
	EventStreamEnabled     *bool
	SnapshotStreamEnabled  *bool
	EnableAutoScaling      *bool
	EnableArchival         *bool
	EnableMetrics          *bool
	EnableDetailedMetrics  *bool
	EnableEncryption       *bool
	Pattern                EventStorePattern
	SnapshotStrategy       SnapshotStrategy
	ProjectionQueries      []string
}

DynamORMEventStoreProps defines properties for DynamORM event store Memory optimized: 304 → 296 bytes (8 bytes saved)

type DynamoStreamProcessor 

type DynamoStreamProcessor struct {
	constructs.Construct

	// The Lambda function processing DynamoDB stream records
	Function *LiftFunction

	// The DynamORM streaming table
	StreamingTable *StreamingTable

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Event source mapping
	EventSource awslambdaeventsources.DynamoEventSource
}

DynamoStreamProcessor represents a DynamoDB table with stream processor using DynamORM

func NewDynamoStreamProcessor 

func NewDynamoStreamProcessor(scope constructs.Construct, id *string, props *DynamoStreamProcessorProps) *DynamoStreamProcessor

NewDynamoStreamProcessor creates a new DynamoDB stream processor construct using DynamORM

func (*DynamoStreamProcessor) AddEnvironmentVariable 

func (d *DynamoStreamProcessor) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*DynamoStreamProcessor) GetDeadLetterQueueUrl 

func (d *DynamoStreamProcessor) GetDeadLetterQueueUrl() *string

GetDeadLetterQueueUrl returns the DLQ URL if enabled

func (*DynamoStreamProcessor) GetStreamArn 

func (d *DynamoStreamProcessor) GetStreamArn() *string

GetStreamArn returns the DynamoDB stream ARN

func (*DynamoStreamProcessor) GetTableArn 

func (d *DynamoStreamProcessor) GetTableArn() *string

GetTableArn returns the table ARN

func (*DynamoStreamProcessor) GetTableName 

func (d *DynamoStreamProcessor) GetTableName() *string

GetTableName returns the table name

func (*DynamoStreamProcessor) GrantReadData 

func (d *DynamoStreamProcessor) GrantReadData(grantee awslambda.IFunction)

GrantReadData grants permission to read data from the table

func (*DynamoStreamProcessor) GrantReadWriteData 

func (d *DynamoStreamProcessor) GrantReadWriteData(grantee awslambda.IFunction)

GrantReadWriteData grants permission to read and write data to the table

func (*DynamoStreamProcessor) GrantStreamRead 

func (d *DynamoStreamProcessor) GrantStreamRead(grantee awslambda.IFunction)

GrantStreamRead grants permission to read from the DynamoDB stream

func (*DynamoStreamProcessor) GrantWriteData 

func (d *DynamoStreamProcessor) GrantWriteData(grantee awslambda.IFunction)

GrantWriteData grants permission to write data to the table

type DynamoStreamProcessorProps 

type DynamoStreamProcessorProps struct {
	// Pointers first (8 bytes each)
	StreamingTableProps     *StreamingTableProps
	DeadLetterQueueProps    *awssqs.QueueProps
	EventSourceProps        *awslambdaeventsources.DynamoEventSourceProps
	BatchSize               *float64
	RetryAttempts           *float64
	ParallelizationFactor   *float64
	EnableDeadLetterQueue   *bool
	BisectBatchOnError      *bool
	ReportBatchItemFailures *bool
	EnableTracing           *bool
	EnableMultiTenant       *bool
	EnableMonitoring        *bool
	// Duration structs (16 bytes each)
	MaxBatchingWindow awscdk.Duration
	MaxRecordAge      awscdk.Duration
	TumblingWindow    awscdk.Duration
	// Large struct
	FunctionProps awslambda.FunctionProps
	// Medium types
	StartingPosition awslambda.StartingPosition
}

DynamoStreamProcessorProps defines properties for a DynamoDB stream processor Memory optimized: 816 → 808 bytes (8 bytes saved)

type EnhancedMonitoring 

type EnhancedMonitoring struct {
	constructs.Construct
	Metrics       map[string]awscloudwatch.IMetric
	Alarms        map[string]awscloudwatch.IAlarm
	Dashboard     awscloudwatch.Dashboard
	LogGroup      awslogs.LogGroup
	MetricFilters map[string]awslogs.MetricFilter
}

EnhancedMonitoring provides comprehensive monitoring with real CloudWatch metrics

func NewEnhancedMonitoring 

func NewEnhancedMonitoring(scope constructs.Construct, id *string, props *EnhancedMonitoringProps) *EnhancedMonitoring

NewEnhancedMonitoring creates a comprehensive monitoring construct

func (*EnhancedMonitoring) AddCustomAlarm 

func (m *EnhancedMonitoring) AddCustomAlarm(name string, alarm awscloudwatch.IAlarm)

AddCustomAlarm adds a custom alarm to the monitoring

func (*EnhancedMonitoring) AddCustomMetric 

func (m *EnhancedMonitoring) AddCustomMetric(name string, metric awscloudwatch.IMetric)

AddCustomMetric adds a custom metric to the monitoring

func (*EnhancedMonitoring) GetAlarm 

func (m *EnhancedMonitoring) GetAlarm(name string) awscloudwatch.IAlarm

GetAlarm returns a specific alarm by name

func (*EnhancedMonitoring) GetMetric 

func (m *EnhancedMonitoring) GetMetric(name string) awscloudwatch.IMetric

GetMetric returns a specific metric by name

type EnhancedMonitoringProps 

type EnhancedMonitoringProps struct {
	// Resource to monitor
	Resource MonitorableResource
	// Custom namespace for metrics
	Namespace *string
	// Alert configuration
	AlertTopic awssns.ITopic
	// Dashboard configuration
	DashboardName *string
	// Metric configuration
	MetricConfig *MetricConfiguration
	// Alarm thresholds
	AlarmThresholds *AlarmThresholds
	// Enable real-time streaming
	EnableRealTimeStreaming *bool
	// Environment tag
	Environment *string
}

EnhancedMonitoringProps defines properties for enhanced monitoring

type EnhancedSecurity 

type EnhancedSecurity struct {
	constructs.Construct
	SecurityGroup    awsec2.SecurityGroup
	WAF              awswafv2.CfnWebACL
	Secrets          map[string]awssecretsmanager.Secret
	VPCFlowLogsGroup awslogs.LogGroup
	SecurityMetrics  map[string]awscloudwatch.IMetric
	VPCEndpoints     map[string]awsec2.InterfaceVpcEndpoint
}

EnhancedSecurity provides comprehensive security features

func NewEnhancedSecurity 

func NewEnhancedSecurity(scope constructs.Construct, id *string, props *EnhancedSecurityProps) *EnhancedSecurity

NewEnhancedSecurity creates a comprehensive security construct

func (*EnhancedSecurity) AddCustomSecurityRule 

func (s *EnhancedSecurity) AddCustomSecurityRule(rule SecurityRule, direction string)

AddCustomSecurityRule adds a custom security rule to the security group

func (*EnhancedSecurity) GetSecret 

func (s *EnhancedSecurity) GetSecret(name string) awssecretsmanager.Secret

GetSecret returns a specific secret by name

func (*EnhancedSecurity) GetSecurityGroup 

func (s *EnhancedSecurity) GetSecurityGroup() awsec2.ISecurityGroup

GetSecurityGroup returns the security group

func (*EnhancedSecurity) GetSecurityMetric 

func (s *EnhancedSecurity) GetSecurityMetric(name string) awscloudwatch.IMetric

GetSecurityMetric returns a specific security metric by name

func (*EnhancedSecurity) GetVPCEndpoint 

func (s *EnhancedSecurity) GetVPCEndpoint(name string) awsec2.InterfaceVpcEndpoint

GetVPCEndpoint returns a specific VPC endpoint by name

func (*EnhancedSecurity) GetWAF 

func (s *EnhancedSecurity) GetWAF() awswafv2.CfnWebACL

GetWAF returns the WAF Web ACL

type EnhancedSecurityProps 

type EnhancedSecurityProps struct {
	Vpc               awsec2.IVpc
	EnableWAF         *bool
	WAFConfig         *WAFRuleConfig
	EnableVPCFlowLogs *bool
	EnableGuardDuty   *bool
	EnableSecurityHub *bool
	EnableConfigRules *bool
	Environment       *string
	ApplicationName   *string
	IngressRules      []SecurityRule
	EgressRules       []SecurityRule
	Secrets           []SecretConfig
	VPCEndpointConfig *VPCEndpointConfig
}

EnhancedSecurityProps defines properties for enhanced security

type EventBridgeHandler 

type EventBridgeHandler struct {
	constructs.Construct

	// The Lambda function handling events
	Function *LiftFunction

	// The EventBridge rule
	Rule awsevents.Rule

	// The event bus (default or custom)
	EventBus awsevents.IEventBus

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Lambda target
	Target awseventstargets.LambdaFunction
}

EventBridgeHandler represents an EventBridge rule with Lambda handler

func NewEventBridgeHandler 

func NewEventBridgeHandler(scope constructs.Construct, id *string, props *EventBridgeHandlerProps) (*EventBridgeHandler, error)

NewEventBridgeHandler creates a new EventBridge handler construct

func (*EventBridgeHandler) AddEnvironmentVariable 

func (e *EventBridgeHandler) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*EventBridgeHandler) AddEventPattern 

func (e *EventBridgeHandler) AddEventPattern(_ *awsevents.EventPattern) error

AddEventPattern adds an event pattern to the rule Note: This method is deprecated as EventBridge patterns cannot be modified after rule creation. Create a new EventBridgeHandler with the desired pattern instead.

func (*EventBridgeHandler) DisableRule 

func (e *EventBridgeHandler) DisableRule() error

DisableRule disables the EventBridge rule Note: This method provides guidance for disabling the rule after deployment. To change rule state after deployment, use AWS CLI or AWS Console.

func (*EventBridgeHandler) EnableRule 

func (e *EventBridgeHandler) EnableRule() error

EnableRule enables the EventBridge rule Note: This method configures the rule to be enabled during deployment. To change rule state after deployment, use AWS CLI or AWS Console.

func (*EventBridgeHandler) GetEventBusArn 

func (e *EventBridgeHandler) GetEventBusArn() *string

GetEventBusArn returns the event bus ARN

func (*EventBridgeHandler) GetEventBusName 

func (e *EventBridgeHandler) GetEventBusName() *string

GetEventBusName returns the event bus name

func (*EventBridgeHandler) GetRuleArn 

func (e *EventBridgeHandler) GetRuleArn() *string

GetRuleArn returns the rule ARN

func (*EventBridgeHandler) GetRuleName 

func (e *EventBridgeHandler) GetRuleName() *string

GetRuleName returns the rule name

func (*EventBridgeHandler) GrantPutEvents 

func (e *EventBridgeHandler) GrantPutEvents(grantee awslambda.IFunction)

GrantPutEvents grants permission to put events to the event bus

type EventBridgeHandlerProps 

type EventBridgeHandlerProps struct {
	// Lambda function properties
	FunctionProps awslambda.FunctionProps

	// Event rule properties (optional - creates new rule if not provided)
	RuleProps *awsevents.RuleProps

	// Existing rule to use (optional - creates new if not provided)
	ExistingRule awsevents.Rule

	// Existing event bus to use (optional - uses default if not provided)
	ExistingEventBus awsevents.IEventBus

	// Event bus properties for creating a custom event bus
	EventBusProps *awsevents.EventBusProps

	// Event pattern for filtering events
	EventPattern *awsevents.EventPattern

	// Schedule expression for scheduled events (conflicts with EventPattern)
	ScheduleExpression *string

	// Lambda target properties
	TargetProps *awseventstargets.LambdaFunctionProps

	// Dead letter queue properties (optional)
	DeadLetterQueueProps *awssqs.QueueProps

	// Enable dead letter queue (default: true)
	EnableDeadLetterQueue *bool

	// Maximum event age in seconds (default: 3600)
	MaxEventAge awscdk.Duration

	// Retry attempts for failed invocations (default: 3)
	RetryAttempts *float64

	// Enable input transformation
	InputTransformation *awsevents.RuleTargetInput

	// Lift-specific settings
	EnableTracing     *bool
	EnableMultiTenant *bool
	EnableMonitoring  *bool

	// Cross-account event bus support
	CrossAccountEventBusArn *string
}

EventBridgeHandlerProps defines properties for an EventBridge handler

type EventRoutingTable 

type EventRoutingTable struct {
	*LiftTable
	// contains filtered or unexported fields
}

EventRoutingTable is a table for managing event routing

func NewEventRoutingTable 

func NewEventRoutingTable(scope constructs.Construct, id *string, props *EventRoutingTableProps) *EventRoutingTable

NewEventRoutingTable creates a new event routing table The table uses standard pk/sk attributes - GSIs should be defined in DynamORM models

func (*EventRoutingTable) GrantEventManagement 

func (e *EventRoutingTable) GrantEventManagement(grantee awsiam.IGrantable)

GrantEventManagement grants permissions to manage events

type EventRoutingTableProps 

type EventRoutingTableProps struct {
	// Table name
	TableName *string
	// TTL attribute name for automatic cleanup
	TimeToLiveAttribute *string
}

EventRoutingTableProps defines properties for the event routing table

type EventStoreAlertThresholds 

type EventStoreAlertThresholds struct {
	HighEventRate        *float64 // Events per second threshold
	HighErrorRate        *float64 // Error rate threshold
	HighLatency          *float64 // Latency threshold (ms)
	LowSnapshotFrequency *float64 // Minimum snapshot frequency
	HighStorageUsage     *float64 // Storage usage threshold (GB)
}

EventStoreAlertThresholds defines alert thresholds for event store monitoring

type EventStorePattern 

type EventStorePattern string

EventStorePattern defines the event store pattern to use 

const (
	EventStorePattern_SINGLE_TABLE    EventStorePattern = "SINGLE_TABLE"
	EventStorePattern_MULTI_TABLE     EventStorePattern = "MULTI_TABLE"
	EventStorePattern_AGGREGATE_TABLE EventStorePattern = "AGGREGATE_TABLE"
)

type IdempotencyTableProps 

type IdempotencyTableProps struct {
	// Table name
	TableName *string
	// TTL attribute name for automatic cleanup
	TimeToLiveAttribute *string
}

IdempotencyTableProps defines properties for creating an idempotency table

type IdempotentFunction 

type IdempotentFunction struct {
	constructs.Construct
	Function         *LiftFunction
	IdempotencyTable *LiftTable
}

IdempotentFunction is a Lambda function with built-in idempotency support using DynamORM

func NewIdempotentFunction 

func NewIdempotentFunction(scope constructs.Construct, id *string, props *IdempotentFunctionProps) *IdempotentFunction

NewIdempotentFunction creates a Lambda function with idempotency capabilities

func (*IdempotentFunction) AddIdempotencyMetrics 

func (f *IdempotentFunction) AddIdempotencyMetrics(namespace *string)

AddIdempotencyMetrics adds CloudWatch metrics for idempotency operations

func (*IdempotentFunction) EnableTransactionSupport 

func (f *IdempotentFunction) EnableTransactionSupport()

EnableTransactionSupport adds permissions for DynamoDB transactions

func (*IdempotentFunction) GetFunction 

func (f *IdempotentFunction) GetFunction() awslambda.Function

GetFunction returns the underlying Lambda function

func (*IdempotentFunction) GetTable 

func (f *IdempotentFunction) GetTable() *LiftTable

GetTable returns the idempotency tracking table

type IdempotentFunctionProps 

type IdempotentFunctionProps struct {
	// Embedded struct first (largest)
	LiftFunctionProps
	// Pointers (8 bytes each)
	KeyField              *string
	TTLSeconds            *float64
	TableName             *string
	EnableResponseCaching *bool
	MaxResponseSizeKB     *float64
	// Smaller types last
	KeyExtractor IdempotentKeyExtractor
}

IdempotentFunctionProps extends LiftFunctionProps with idempotency configuration Memory optimized: 768 → 760 bytes (8 bytes saved)

type IdempotentKeyExtractor 

type IdempotentKeyExtractor string

IdempotentKeyExtractor defines how to extract idempotency keys 

const (
	// Extract from X-Idempotency-Key header
	IdempotentKeyHeader IdempotentKeyExtractor = "HEADER"
	// Extract from request body field
	IdempotentKeyBody IdempotentKeyExtractor = "BODY"
	// Extract from path parameter
	IdempotentKeyPath IdempotentKeyExtractor = "PATH"
	// Custom extraction logic in Lambda
	IdempotentKeyCustom IdempotentKeyExtractor = "CUSTOM"
)

type IntegrationOptions added in v1.0.60 

type IntegrationOptions struct {
	// Authorizer for this method
	Authorizer awsapigateway.IAuthorizer
	// Request validator
	RequestValidator awsapigateway.IRequestValidator
	// API key required
	ApiKeyRequired *bool
}

IntegrationOptions defines options for API integrations

type KinesisProcessor 

type KinesisProcessor struct {
	constructs.Construct
	Stream   awskinesis.IStream
	Function LiftFunction
	DLQ      awssqs.IQueue
	Consumer awskinesis.IStreamConsumer
}

KinesisProcessor creates a Kinesis stream with Lambda processor

func NewKinesisProcessor 

func NewKinesisProcessor(scope constructs.Construct, id *string, props *KinesisProcessorProps) *KinesisProcessor

NewKinesisProcessor creates a new Kinesis processor with Lambda function

type KinesisProcessorProps 

type KinesisProcessorProps struct {
	// The Lambda function configuration
	FunctionProps *LiftFunctionProps `field:"required"`

	// Optional: Stream configuration
	StreamProps *awskinesis.StreamProps `field:"optional"`

	// Optional: Use an existing stream instead of creating a new one
	ExistingStream awskinesis.IStream `field:"optional"`

	// Optional: Event source configuration
	EventSourceProps *awslambdaeventsources.KinesisEventSourceProps `field:"optional"`

	// Optional: Enable dead letter queue for failed records
	EnableDLQ *bool `field:"optional"`

	// Optional: DLQ configuration
	DLQProps *awssqs.QueueProps `field:"optional"`

	// Optional: Stream mode (provisioned or on-demand)
	StreamMode *awskinesis.StreamMode `field:"optional"`

	// Optional: Number of shards (for provisioned mode)
	ShardCount *float64 `field:"optional"`

	// Optional: Data retention period in hours (24-8760 hours)
	RetentionPeriodHours *float64 `field:"optional"`

	// Optional: Enable encryption
	Encryption *awskinesis.StreamEncryption `field:"optional"`

	// Optional: Enable enhanced fan-out
	EnableEnhancedFanOut *bool `field:"optional"`

	// Optional: Consumer name for enhanced fan-out
	ConsumerName *string `field:"optional"`

	// Optional: Batch size for processing (1-10000)
	BatchSize *float64 `field:"optional"`

	// Optional: Maximum batching window in seconds
	MaxBatchingWindowSeconds *float64 `field:"optional"`

	// Optional: Parallelization factor (1-10)
	ParallelizationFactor *float64 `field:"optional"`

	// Optional: Starting position
	StartingPosition *awslambda.StartingPosition `field:"optional"`

	// Optional: Maximum record age in seconds
	MaxRecordAgeSeconds *float64 `field:"optional"`

	// Optional: Bisect batch on function error
	BisectBatchOnError *bool `field:"optional"`

	// Optional: Maximum retry attempts
	RetryAttempts *float64 `field:"optional"`

	// Optional: Tumbling window in seconds
	TumblingWindowSeconds *float64 `field:"optional"`

	// Optional: Report batch item failures
	ReportBatchItemFailures *bool `field:"optional"`
}

KinesisProcessorProps defines the properties for creating a Kinesis processor

type LambdaFunctionConfig added in v1.0.58 

type LambdaFunctionConfig struct {
	Environment  map[string]*string // 8 bytes (map)
	Timeout      awscdk.Duration    // 8 bytes (int64)
	FunctionName string             // 16 bytes
	Description  string             // 16 bytes
	Permissions  string             // PermissionRead or PermissionReadWrite - 16 bytes
}

LambdaFunctionConfig defines configuration for creating Lambda functions

type LiftAPI 

type LiftAPI struct {
	constructs.Construct
	HttpAPI  awsapigatewayv2.HttpApi
	Stage    awsapigatewayv2.IHttpStage
	LogGroup awslogs.ILogGroup
}

LiftAPI is an API Gateway HTTP API construct for Lift applications

func NewLiftAPI 

func NewLiftAPI(scope constructs.Construct, id *string, props *LiftAPIProps) *LiftAPI

NewLiftAPI creates a new API Gateway HTTP API optimized for Lift

func (*LiftAPI) AddLambdaRoute 

func (api *LiftAPI) AddLambdaRoute(path *string, method awsapigatewayv2.HttpMethod, fn awslambda.IFunction)

AddLambdaRoute adds a Lambda function as a route to the API

func (*LiftAPI) AddLambdaRouteWithOptions 

func (api *LiftAPI) AddLambdaRouteWithOptions(path *string, method awsapigatewayv2.HttpMethod, fn awslambda.IFunction, options *RouteOptions)

AddLambdaRouteWithOptions adds a Lambda function as a route with additional options

func (*LiftAPI) AddRoutes 

func (api *LiftAPI) AddRoutes(routes map[string]map[string]awslambda.IFunction)

AddRoutes adds multiple routes from a route definition map

func (*LiftAPI) EnableApiKeyAuth 

func (api *LiftAPI) EnableApiKeyAuth() awsapigatewayv2.IHttpRouteAuthorizer

EnableApiKeyAuth enables API key authentication for the API

func (*LiftAPI) GetArn 

func (api *LiftAPI) GetArn() *string

GetArn returns the ARN of the API

func (*LiftAPI) GetResourceName 

func (l *LiftAPI) GetResourceName() *string

GetResourceName returns the API name

func (*LiftAPI) GetUrl 

func (api *LiftAPI) GetUrl() *string

GetUrl returns the URL of the API stage

func (*LiftAPI) GrantInvoke 

func (api *LiftAPI) GrantInvoke(grantee awsiam.IGrantable) awsiam.Grant

GrantInvoke grants invoke permissions to a principal

type LiftAPIProps 

type LiftAPIProps struct {
	APICommonProps
	// API Key configuration
	RequireApiKey *bool
	// Request/Response validation models
	RequestValidators map[string]*RequestValidator
	// Default authorizer for all routes (HTTP API specific)
	DefaultAuthorizer awsapigatewayv2.IHttpRouteAuthorizer
}

LiftAPIProps defines properties for creating a Lift HTTP API Gateway (v2)

type LiftApiDomain added in v1.0.59 

type LiftApiDomain struct {
	constructs.Construct
	DomainName   awsapigatewayv2.DomainName
	ApiMapping   awsapigatewayv2.ApiMapping
	CNAMERecord  awsroute53.CnameRecord
	DomainString *string
}

LiftApiDomain provides simplified API Gateway custom domain with Route53 integration

func NewLiftApiDomain added in v1.0.59 

func NewLiftApiDomain(scope constructs.Construct, id *string, props *LiftApiDomainProps) *LiftApiDomain

NewLiftApiDomain creates API Gateway custom domain with optional Route53 integration

func (*LiftApiDomain) AddAdditionalMapping added in v1.0.59 

func (d *LiftApiDomain) AddAdditionalMapping(api awsapigatewayv2.IHttpApi, mappingKey *string) awsapigatewayv2.ApiMapping

AddAdditionalMapping adds another API mapping to the same domain

func (*LiftApiDomain) GetApiMapping added in v1.0.59 

func (d *LiftApiDomain) GetApiMapping() awsapigatewayv2.ApiMapping

GetApiMapping returns the API mapping

func (*LiftApiDomain) GetCNAMERecord added in v1.0.59 

func (d *LiftApiDomain) GetCNAMERecord() awsroute53.CnameRecord

GetCNAMERecord returns the Route53 CNAME record (may be nil)

func (*LiftApiDomain) GetDomainName added in v1.0.59 

func (d *LiftApiDomain) GetDomainName() awsapigatewayv2.IDomainName

GetDomainName returns the underlying API Gateway domain name

func (*LiftApiDomain) GetRegionalDomainName added in v1.0.59 

func (d *LiftApiDomain) GetRegionalDomainName() *string

GetRegionalDomainName returns the regional domain name for DNS records

type LiftApiDomainProps added in v1.0.59 

type LiftApiDomainProps struct {
	// Domain name for the API (e.g., "api.example.com")
	DomainName *string

	// ACM certificate for the domain (required)
	Certificate awscertificatemanager.ICertificate

	// HTTP API to map to the domain (required)
	HttpAPI awsapigatewayv2.IHttpApi

	// Optional: Stage to map (defaults to HttpAPI.DefaultStage() if not provided)
	Stage awsapigatewayv2.IStage

	// Optional: Hosted zone for creating DNS records
	// If provided, a CNAME record will be created pointing to the API Gateway domain
	HostedZone awsroute53.IHostedZone

	// Optional: Create CNAME record in Route53 (default: true if HostedZone is provided)
	CreateCNAME *bool

	// Optional: TTL for the CNAME record in seconds (default: 300)
	RecordTTL *float64

	// Optional: Security policy (default: TLS_1_2)
	SecurityPolicy awsapigatewayv2.SecurityPolicy

	// Optional: Enable mutual TLS authentication
	MutualTlsAuthentication *awsapigatewayv2.MTLSConfig

	// Optional: API mapping key (base path)
	ApiMappingKey *string
}

LiftApiDomainProps defines properties for API Gateway custom domain

type LiftCertificate added in v1.0.59 

type LiftCertificate struct {
	constructs.Construct
	Certificate awscertificatemanager.Certificate
}

LiftCertificate provides a simplified ACM certificate with DNS validation

func NewLiftCertificate added in v1.0.59 

func NewLiftCertificate(scope constructs.Construct, id *string, props *LiftCertificateProps) *LiftCertificate

NewLiftCertificate creates a new ACM certificate with DNS validation

func (*LiftCertificate) AddDependency added in v1.0.59 

func (c *LiftCertificate) AddDependency(dependency constructs.IConstruct)

AddDependency adds a dependency to the certificate (useful for NS delegation)

func (*LiftCertificate) GetCertificate added in v1.0.59 

func (c *LiftCertificate) GetCertificate() awscertificatemanager.ICertificate

GetCertificate returns the underlying ACM certificate

func (*LiftCertificate) GetCertificateArn added in v1.0.59 

func (c *LiftCertificate) GetCertificateArn() *string

GetCertificateArn returns the certificate ARN

type LiftCertificateProps added in v1.0.59 

type LiftCertificateProps struct {
	// Domain name for the certificate (e.g., "api.example.com")
	DomainName *string

	// Subject Alternative Names (SANs) for the certificate
	SubjectAlternativeNames *[]*string

	// Hosted zone for DNS validation (required)
	HostedZone awsroute53.IHostedZone

	// Optional: Override the validation zone (if different from hosted zone)
	ValidationZone awsroute53.IHostedZone

	// Optional: Enable/disable certificate transparency logging (default: true)
	TransparencyLoggingEnabled *bool

	// Optional: Certificate name for identification
	CertificateName *string
}

LiftCertificateProps defines properties for ACM certificate with DNS validation

type LiftEventSourceMapping added in v1.0.59 

type LiftEventSourceMapping struct {
	// The underlying construct
	Construct constructs.Construct

	// Event source mapping (if created directly)
	EventSourceMapping awslambda.EventSourceMapping

	// Custom resource (if using dynamic ARN lookup)
	CustomResource awscdk.CustomResource

	// Custom resource handler function (if using dynamic ARN lookup)
	CustomResourceHandler awslambda.Function
}

LiftEventSourceMapping wraps event source mapping with automatic handling for cross-region scenarios

func NewLiftEventSourceMapping added in v1.0.59 

func NewLiftEventSourceMapping(scope constructs.Construct, id *string, props *LiftEventSourceMappingProps) *LiftEventSourceMapping

NewLiftEventSourceMapping creates an event source mapping with optional custom resource for dynamic ARN lookup

type LiftEventSourceMappingProps added in v1.0.59 

type LiftEventSourceMappingProps struct {
	// Target Lambda function
	TargetFunction awslambda.IFunction

	// Event source ARN (for primary region with known ARN)
	EventSourceArn *string

	// Table name (for secondary region where ARN is discovered at runtime)
	TableName *string

	// Starting position for stream reading
	StartingPosition awslambda.StartingPosition

	// Batch size for processing
	BatchSize *float64

	// Maximum retry attempts
	RetryAttempts *float64

	// Parallelization factor
	ParallelizationFactor *float64

	// Maximum batching window
	MaxBatchingWindow awscdk.Duration

	// Bisect batch on error
	BisectBatchOnError *bool

	// Report batch item failures
	ReportBatchItemFailures *bool

	// Maximum record age
	MaxRecordAge awscdk.Duration

	// Use custom resource for dynamic ARN lookup (for secondary regions)
	UseCustomResource *bool
}

LiftEventSourceMappingProps defines properties for event source mapping

type LiftFunction 

type LiftFunction struct {
	constructs.Construct
	Function awslambda.Function
}

LiftFunction is a Lambda function construct optimized for Lift applications

func NewLiftFunction 

func NewLiftFunction(scope constructs.Construct, id *string, props *LiftFunctionProps) *LiftFunction

NewLiftFunction creates a new Lift Lambda function with optimized defaults

func (*LiftFunction) GetResourceName 

func (l *LiftFunction) GetResourceName() *string

GetResourceName returns the function name

type LiftFunctionProps 

type LiftFunctionProps struct {
	awslambda.FunctionProps
	// EnableTracing enables X-Ray tracing for the function
	EnableTracing *bool
	// EnableMetrics enables CloudWatch metrics
	EnableMetrics *bool
	// EnableMultiTenant enables multi-tenant support
	EnableMultiTenant *bool
	// ReservedConcurrentExecutions to limit concurrent executions
	ReservedConcurrentExecutions *float64
	// EnableDynamORM configures DynamORM environment variables
	EnableDynamORM *bool
	// DynamORM table name (optional - for when using DynamORM)
	DynamORMTableName *string
	// DynamORM debug mode
	DynamORMDebug *bool
}

LiftFunctionProps extends standard Lambda function properties with Lift-specific configuration

type LiftHostedZone added in v1.0.59 

type LiftHostedZone struct {
	constructs.Construct
	HostedZone   awsroute53.IHostedZone
	HostedZoneId *string
	ZoneName     *string
	IsImported   bool
}

LiftHostedZone provides simplified Route53 hosted zone creation/import

func NewLiftHostedZone added in v1.0.59 

func NewLiftHostedZone(scope constructs.Construct, id *string, props *LiftHostedZoneProps) *LiftHostedZone

NewLiftHostedZone creates or imports a Route53 hosted zone

func (*LiftHostedZone) AddCNAMERecord added in v1.0.59 

func (z *LiftHostedZone) AddCNAMERecord(recordName *string, domainName *string, ttl awscdk.Duration) awsroute53.CnameRecord

AddCNAMERecord creates a CNAME record in the zone

func (*LiftHostedZone) AddNSRecord added in v1.0.59 

func (z *LiftHostedZone) AddNSRecord(recordName *string, targetNameServers *[]*string, ttl awscdk.Duration) awsroute53.NsRecord

AddNSRecord creates NS record delegation to another zone

func (*LiftHostedZone) GetHostedZone added in v1.0.59 

func (z *LiftHostedZone) GetHostedZone() awsroute53.IHostedZone

GetHostedZone returns the underlying Route53 hosted zone

func (*LiftHostedZone) GetHostedZoneId added in v1.0.59 

func (z *LiftHostedZone) GetHostedZoneId() *string

GetHostedZoneId returns the hosted zone ID

func (*LiftHostedZone) GetNameServers added in v1.0.59 

func (z *LiftHostedZone) GetNameServers() *[]*string

GetNameServers returns the name servers for the hosted zone Only works for created zones (not imported)

func (*LiftHostedZone) GetZoneName added in v1.0.59 

func (z *LiftHostedZone) GetZoneName() *string

GetZoneName returns the zone name

type LiftHostedZoneProps added in v1.0.59 

type LiftHostedZoneProps struct {
	// Zone name (e.g., "example.com")
	ZoneName *string

	// Comment for the hosted zone
	Comment *string

	// If true, attempts to import existing zone instead of creating new one
	// Requires ExistingZoneId to be provided
	ImportIfExists *bool

	// Existing zone ID (for import mode)
	ExistingZoneId *string

	// Enable SSM parameter export for zone ID
	EnableSSMExport *bool

	// SSM parameter path for zone ID (only used if EnableSSMExport is true)
	// Default: /route53/zones/{ZoneName}/id
	SSMParameterPath *string

	// Enable CloudFormation output export
	EnableCfnExport *bool

	// CloudFormation export name
	CfnExportName *string

	// Tags to apply to the hosted zone
	Tags *map[string]*string
}

LiftHostedZoneProps defines properties for Route53 hosted zone

type LiftKMSKey added in v1.0.59 

type LiftKMSKey struct {
	constructs.Construct

	// The KMS key (either direct key or replica)
	Key awskms.IKey

	// Alias for the key
	Alias awskms.Alias

	// SSM Parameter (if enabled)
	SSMParameter awsssm.StringParameter

	// Key ARN
	KeyArn *string

	// Key ID
	KeyId *string
}

LiftKMSKey represents a KMS key with multi-region support

func NewLiftKMSKey added in v1.0.59 

func NewLiftKMSKey(scope constructs.Construct, id *string, props *LiftKMSKeyProps) *LiftKMSKey

NewLiftKMSKey creates a new KMS key with Lift-optimized defaults

func (*LiftKMSKey) AddToResourcePolicy added in v1.0.59 

func (k *LiftKMSKey) AddToResourcePolicy(statement awsiam.PolicyStatement)

AddToResourcePolicy adds a statement to the key's resource policy

func (*LiftKMSKey) GetKey added in v1.0.59 

func (k *LiftKMSKey) GetKey() awskms.IKey

GetKey returns the underlying IKey

func (*LiftKMSKey) GetKeyArn added in v1.0.59 

func (k *LiftKMSKey) GetKeyArn() *string

GetKeyArn returns the key ARN

func (*LiftKMSKey) GetKeyId added in v1.0.59 

func (k *LiftKMSKey) GetKeyId() *string

GetKeyId returns the key ID

func (*LiftKMSKey) GetResourceName added in v1.0.59 

func (k *LiftKMSKey) GetResourceName() *string

GetResourceName returns the resource name for monitoring

func (*LiftKMSKey) GrantDecrypt added in v1.0.59 

func (k *LiftKMSKey) GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant

GrantDecrypt grants decrypt permissions only

func (*LiftKMSKey) GrantEncrypt added in v1.0.59 

func (k *LiftKMSKey) GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant

GrantEncrypt grants encrypt permissions only

func (*LiftKMSKey) GrantEncryptDecrypt added in v1.0.59 

func (k *LiftKMSKey) GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant

GrantEncryptDecrypt grants encrypt/decrypt permissions

func (*LiftKMSKey) GrantGenerateMac added in v1.0.59 

func (k *LiftKMSKey) GrantGenerateMac(grantee awsiam.IGrantable) awsiam.Grant

GrantGenerateMac grants GenerateMac/VerifyMac permissions (for HMAC keys)

type LiftKMSKeyProps added in v1.0.59 

type LiftKMSKeyProps struct {
	// Key configuration
	Description *string
	KeySpec     awskms.KeySpec  // e.g., HMAC_256, SYMMETRIC_DEFAULT
	KeyUsage    awskms.KeyUsage // e.g., GENERATE_VERIFY_MAC, ENCRYPT_DECRYPT

	// Alias configuration
	AliasName *string // e.g., "alias/k3/hashing-key"

	// Multi-region configuration
	MultiRegion   *bool   // Enable multi-region key (default: false)
	PrimaryKeyArn *string // For replica keys - ARN of the primary key
	IsReplicaKey  *bool   // True if this is a replica key (default: false)

	// Key policy configuration
	EnableKeyRotation *bool // Enable automatic key rotation (default: true for SYMMETRIC keys)
	AdministratorArn  *string
	CustomKeyPolicy   interface{} // Custom key policy document

	// SSM Parameter Store configuration
	EnableSSMParameter *bool   // Store key ARN in SSM (default: false)
	SSMParameterPath   *string // SSM parameter path (e.g., "/k3/partner/stage/hmac-key-arn")

	// Additional permissions
	GrantEncryptDecrypt []awsiam.IGrantable // Principals to grant encrypt/decrypt permissions
	GrantGenerateMac    []awsiam.IGrantable // Principals to grant GenerateMac/VerifyMac permissions

	// Tags
	Tags *map[string]*string

	// Advanced options
	PendingWindow  awscdk.Duration // Waiting period for key deletion (default: 30 days)
	RemovalPolicy  awscdk.RemovalPolicy
	EnabledRegions *[]*string // Regions to enable for multi-region key
}

LiftKMSKeyProps defines properties for creating a KMS key with Lift

type LiftLambdaRole added in v1.0.59 

type LiftLambdaRole struct {
	constructs.Construct
	Role awsiam.Role
}

LiftLambdaRole is a Lambda execution role construct with common permissions

func NewLiftLambdaRole added in v1.0.59 

func NewLiftLambdaRole(scope constructs.Construct, id *string, props *LiftLambdaRoleProps) *LiftLambdaRole

NewLiftLambdaRole creates a new Lambda execution role with common permissions

func (*LiftLambdaRole) AddManagedPolicy added in v1.0.59 

func (l *LiftLambdaRole) AddManagedPolicy(policy awsiam.IManagedPolicy)

AddManagedPolicy adds a managed policy to the role

func (*LiftLambdaRole) AddToPolicy added in v1.0.59 

func (l *LiftLambdaRole) AddToPolicy(statement awsiam.PolicyStatement)

AddToPolicy adds a policy statement to the role

func (*LiftLambdaRole) AsLambdaExecutionRole added in v1.0.59 

func (l *LiftLambdaRole) AsLambdaExecutionRole() awsiam.IRole

AsLambdaExecutionRole returns this role for use in Lambda function props

func (*LiftLambdaRole) GetRole added in v1.0.59 

func (l *LiftLambdaRole) GetRole() awsiam.IRole

GetRole returns the underlying IAM role

func (*LiftLambdaRole) GetRoleArn added in v1.0.59 

func (l *LiftLambdaRole) GetRoleArn() *string

GetRoleArn returns the role ARN

func (*LiftLambdaRole) GetRoleName added in v1.0.59 

func (l *LiftLambdaRole) GetRoleName() *string

GetRoleName returns the role name

func (*LiftLambdaRole) GrantDynamoDBAccess added in v1.0.59 

func (l *LiftLambdaRole) GrantDynamoDBAccess(tables ...awsdynamodb.ITable)

GrantDynamoDBAccess grants access to additional DynamoDB tables

func (*LiftLambdaRole) GrantKMSAccess added in v1.0.59 

func (l *LiftLambdaRole) GrantKMSAccess(keys ...awskms.IKey)

GrantKMSAccess grants access to additional KMS keys

func (*LiftLambdaRole) GrantPassRole added in v1.0.59 

func (l *LiftLambdaRole) GrantPassRole(grantee awsiam.IGrantable) awsiam.Grant

GrantPassRole grants permission to pass this role to a service

type LiftLambdaRoleProps added in v1.0.59 

type LiftLambdaRoleProps struct {
	// Basic configuration
	RoleName    *string
	Description *string

	// Service principal (defaults to lambda.amazonaws.com)
	ServicePrincipal *string

	// Managed policies
	ManagedPolicyArns []string

	// Enable common AWS managed policies
	EnableBasicExecution     *bool // AWSLambdaBasicExecutionRole
	EnableVPCExecution       *bool // AWSLambdaVPCAccessExecutionRole
	EnableCloudWatchInsights *bool // CloudWatchLambdaInsightsExecutionRolePolicy
	EnableXRayDaemonWrite    *bool // AWSXRayDaemonWriteAccess

	// DynamoDB access
	DynamoDBTables       []awsdynamodb.ITable
	DynamoDBTableArns    []string
	DynamoDBStreamAccess *bool // Grant stream read access
	DynamoDBFullAccess   *bool // Grant full access vs read/write

	// KMS access
	KMSKeys              []awskms.IKey
	KMSKeyArns           []string
	EnableMultiRegionKMS *bool    // Grant access to multi-region keys (mrk-*)
	KMSActions           []string // Custom KMS actions (defaults to Encrypt, Decrypt, GenerateDataKey)

	// Secrets Manager access
	SecretsManagerArns  []string
	EnableSecretsAccess *bool // Grant access to all secrets (not recommended for production)

	// SSM Parameter Store access
	SSMParameterPaths []string
	EnableSSMAccess   *bool // Grant access to all parameters

	// Payment Cryptography (AWS Payment Cryptography Service)
	EnablePaymentCrypto  *bool
	PaymentCryptoActions []string // Defaults to DecryptData, EncryptData, GetAlias

	// SQS access
	SQSQueueArns           []string
	EnableSQSSendMessage   *bool
	EnableSQSReceiveDelete *bool

	// S3 access
	S3BucketArns  []string
	EnableS3Read  *bool
	EnableS3Write *bool

	// Custom inline policies
	InlinePolicies map[string]awsiam.PolicyDocument

	// Additional policy statements
	AdditionalPolicyStatements []awsiam.PolicyStatement

	// Tags
	Tags map[string]string
}

LiftLambdaRoleProps defines properties for Lambda execution roles

type LiftRestAPI added in v1.0.60 

type LiftRestAPI struct {
	constructs.Construct
	RestAPI  awsapigateway.RestApi
	LogGroup awslogs.ILogGroup
}

LiftRestAPI is a REST API Gateway (v1) construct for Lift applications

func NewLiftRestAPI added in v1.0.60 

func NewLiftRestAPI(scope constructs.Construct, id *string, props *LiftRestAPIProps) *LiftRestAPI

NewLiftRestAPI creates a new REST API Gateway optimized for Lift

func (*LiftRestAPI) AddLambdaIntegration added in v1.0.60 

func (api *LiftRestAPI) AddLambdaIntegration(path *string, method *string, fn awslambda.IFunction)

AddLambdaIntegration adds a Lambda function as a method to the API

func (*LiftRestAPI) AddLambdaIntegrationWithOptions added in v1.0.60 

func (api *LiftRestAPI) AddLambdaIntegrationWithOptions(path *string, method *string, fn awslambda.IFunction, options *IntegrationOptions)

AddLambdaIntegrationWithOptions adds a Lambda function with additional options

func (*LiftRestAPI) CreateAPIKey added in v1.0.60 

func (api *LiftRestAPI) CreateAPIKey(name *string) awsapigateway.IApiKey

CreateAPIKey creates an API key for the REST API

func (*LiftRestAPI) CreateUsagePlan added in v1.0.60 

func (api *LiftRestAPI) CreateUsagePlan(name *string, throttle *awsapigateway.ThrottleSettings, quota *awsapigateway.QuotaSettings) awsapigateway.UsagePlan

CreateUsagePlan creates a usage plan with throttling and quota

func (*LiftRestAPI) GetArn added in v1.0.60 

func (api *LiftRestAPI) GetArn() *string

GetArn returns the ARN of the API

func (*LiftRestAPI) GetResourceName added in v1.0.60 

func (l *LiftRestAPI) GetResourceName() *string

GetResourceName returns the API name

func (*LiftRestAPI) GetStage added in v1.0.60 

func (api *LiftRestAPI) GetStage() awsapigateway.IStage

GetStage returns the deployment stage

func (*LiftRestAPI) GetUrl added in v1.0.60 

func (api *LiftRestAPI) GetUrl() *string

GetUrl returns the URL of the API

func (*LiftRestAPI) GrantInvoke added in v1.0.60 

func (api *LiftRestAPI) GrantInvoke(grantee awsiam.IGrantable) awsiam.Grant

GrantInvoke grants invoke permissions to a principal

type LiftRestAPIProps added in v1.0.60 

type LiftRestAPIProps struct {
	APICommonProps
	// Enable detailed CloudWatch metrics (REST API only)
	EnableDetailedMetrics *bool
	// API Key configuration
	RequireApiKey *bool
	// Endpoint configuration (REGIONAL, EDGE, PRIVATE)
	EndpointType awsapigateway.EndpointType
	// Default authorizer for all routes
	DefaultAuthorizer awsapigateway.IAuthorizer
}

LiftRestAPIProps defines properties for creating a Lift REST API Gateway (v1)

type LiftSQSQueue added in v1.0.59 

type LiftSQSQueue struct {
	constructs.Construct

	// The SQS queue
	Queue awssqs.Queue

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.Queue

	// Event source mapping (if enabled)
	EventSource awslambdaeventsources.SqsEventSource

	// SSM Parameter (if enabled)
	SSMParameter awsssm.StringParameter
}

LiftSQSQueue represents an SQS queue attached to an existing Lambda function

func NewLiftSQSQueue added in v1.0.59 

func NewLiftSQSQueue(scope constructs.Construct, id *string, props *LiftSQSQueueProps) *LiftSQSQueue

NewLiftSQSQueue creates a new SQS queue and attaches it to an existing Lambda function

func (*LiftSQSQueue) GetDeadLetterQueueUrl added in v1.0.59 

func (q *LiftSQSQueue) GetDeadLetterQueueUrl() *string

GetDeadLetterQueueUrl returns the DLQ URL (if enabled)

func (*LiftSQSQueue) GetQueueArn added in v1.0.59 

func (q *LiftSQSQueue) GetQueueArn() *string

GetQueueArn returns the queue ARN

func (*LiftSQSQueue) GetQueueName added in v1.0.59 

func (q *LiftSQSQueue) GetQueueName() *string

GetQueueName returns the queue name

func (*LiftSQSQueue) GetQueueUrl added in v1.0.59 

func (q *LiftSQSQueue) GetQueueUrl() *string

GetQueueUrl returns the queue URL

func (*LiftSQSQueue) GrantConsumeMessages added in v1.0.59 

func (q *LiftSQSQueue) GrantConsumeMessages(grantee awslambda.Function)

GrantConsumeMessages grants additional permission to consume messages from the queue

func (*LiftSQSQueue) GrantSendMessages added in v1.0.59 

func (q *LiftSQSQueue) GrantSendMessages(grantee awslambda.Function)

GrantSendMessages grants additional permission to send messages to the queue

type LiftSQSQueueProps added in v1.0.59 

type LiftSQSQueueProps struct {
	// Required: Existing Lambda function to attach this queue to
	Function awslambda.Function

	// Queue configuration
	QueueName              *string
	VisibilityTimeout      awscdk.Duration // Default: 5 minutes
	MessageRetentionPeriod awscdk.Duration // Default: 14 days
	ReceiveMessageWaitTime awscdk.Duration // For long polling, default: 20 seconds

	// Dead letter queue configuration
	EnableDeadLetterQueue *bool           // Default: true
	DeadLetterQueueName   *string         // Default: {QueueName}-dlq
	MaxReceiveCount       *float64        // Default: 3
	DLQRetentionPeriod    awscdk.Duration // Default: 14 days

	// Encryption configuration
	EncryptionMasterKey awskms.IKey     // Required for K3 - partner-specific KMS key
	DataKeyReuse        awscdk.Duration // Default: 300 seconds

	// Event source configuration
	EnableEventSource       *bool           // Default: true
	BatchSize               *float64        // Default: 10
	MaxBatchingWindow       awscdk.Duration // Default: 5 seconds
	ReportBatchItemFailures *bool           // Default: true
	MaxConcurrency          *float64        // Default: 5

	// Environment variable configuration
	QueueUrlEnvVar *string // Custom env var name for queue URL (e.g., "K3_PROCESSOR_INSTRUMENT_QUEUE_URL")
	DLQUrlEnvVar   *string // Custom env var name for DLQ URL (optional)

	// SSM Parameter Store configuration
	EnableSSMParameter *bool   // Default: false
	SSMParameterName   *string // SSM parameter name to store queue URL
	SSMDescription     *string // SSM parameter description

	// FIFO queue configuration
	FifoQueue                       *bool
	EnableContentBasedDeduplication *bool

	// Additional permissions
	GrantSendMessages    *bool // Default: true - grant Lambda permission to send messages
	GrantConsumeMessages *bool // Default: true - grant Lambda permission to consume messages
}

LiftSQSQueueProps defines properties for attaching an SQS queue to an existing Lambda function

type LiftTable 

type LiftTable struct {
	constructs.Construct
	Table awsdynamodb.Table
	GSIs  map[string]*awsdynamodb.GlobalSecondaryIndexProps
}

LiftTable is a DynamoDB table construct optimized for Lift applications

func NewIdempotencyTable 

func NewIdempotencyTable(scope constructs.Construct, id *string, props *IdempotencyTableProps) *LiftTable

NewIdempotencyTable creates a DynamoDB table for idempotency tracking The table uses standard pk/sk attributes - GSIs should be defined in DynamORM models

func NewLiftTable 

func NewLiftTable(scope constructs.Construct, id *string, props *LiftTableProps) *LiftTable

NewLiftTable creates a new DynamoDB table with Lift-optimized defaults

func NewRateLimitTable 

func NewRateLimitTable(scope constructs.Construct, id *string, props *RateLimitTableProps) *LiftTable

NewRateLimitTable creates a DynamoDB table for rate limiting The table uses standard pk/sk attributes - GSIs should be defined in DynamORM models

func (*LiftTable) AddGlobalSecondaryIndex added in v1.0.59 

func (t *LiftTable) AddGlobalSecondaryIndex(props *awsdynamodb.GlobalSecondaryIndexProps)

AddGlobalSecondaryIndex adds a GSI after table creation (note: requires table update)

func (*LiftTable) GetEnvironmentVariables added in v1.0.59 

func (t *LiftTable) GetEnvironmentVariables() map[string]*string

GetEnvironmentVariables returns environment variables for DynamORM integration

func (*LiftTable) GetResourceName added in v1.0.42 

func (t *LiftTable) GetResourceName() *string

GetResourceName returns the resource name for monitoring (implements MonitorableResource interface)

func (*LiftTable) GetStreamArn added in v1.0.42 

func (t *LiftTable) GetStreamArn() *string

GetStreamArn returns the DynamoDB stream ARN if streams are enabled

func (*LiftTable) GetTableArn added in v1.0.42 

func (t *LiftTable) GetTableArn() *string

GetTableArn returns the table ARN

func (*LiftTable) GetTableName added in v1.0.42 

func (t *LiftTable) GetTableName() *string

GetTableName returns the table name

func (*LiftTable) GrantReadData added in v1.0.59 

func (t *LiftTable) GrantReadData(grantee awsiam.IGrantable) awsiam.Grant

GrantReadData grants read-only permissions to any IAM grantee

func (*LiftTable) GrantReadWrite 

func (t *LiftTable) GrantReadWrite(fn awslambda.IFunction)

GrantReadWrite grants read/write permissions to a Lambda function

func (*LiftTable) GrantReadWriteData added in v1.0.59 

func (t *LiftTable) GrantReadWriteData(grantee awsiam.IGrantable) awsiam.Grant

GrantReadWriteData grants read/write permissions to any IAM grantee

func (*LiftTable) GrantStreamRead added in v1.0.59 

func (t *LiftTable) GrantStreamRead(grantee awsiam.IGrantable) awsiam.Grant

GrantStreamRead grants permissions to read from the DynamoDB stream

func (*LiftTable) GrantWriteData added in v1.0.59 

func (t *LiftTable) GrantWriteData(grantee awsiam.IGrantable) awsiam.Grant

GrantWriteData grants write-only permissions to any IAM grantee

type LiftTableProps 

type LiftTableProps struct {
	TableName                 *string
	PartitionKeyName          *string
	SortKeyName               *string
	EnablePointInTimeRecovery *bool
	EnableStreams             *bool
	TimeToLiveAttribute       *string
	StreamViewType            awsdynamodb.StreamViewType

	// Billing configuration
	ReadCapacity  *float64
	WriteCapacity *float64

	// Auto-scaling configuration
	EnableAutoScaling *bool
	MinReadCapacity   *float64
	MaxReadCapacity   *float64
	MinWriteCapacity  *float64
	MaxWriteCapacity  *float64
	TargetUtilization *float64

	// Global Secondary Indexes
	GlobalSecondaryIndexes *[]*awsdynamodb.GlobalSecondaryIndexProps

	// GSI Auto-scaling configuration
	GSIMinReadCapacity  *float64
	GSIMaxReadCapacity  *float64
	GSIMinWriteCapacity *float64
	GSIMaxWriteCapacity *float64

	// Advanced features
	DeletionProtection *bool
	RemovalPolicy      awscdk.RemovalPolicy
	Encryption         awsdynamodb.TableEncryption
	ReplicationRegions *[]*string

	// Tags
	Tags *map[string]*string
}

LiftTableProps extends DynamoDB table properties with Lift-specific configuration

type ManagementTableConfig added in v1.0.58 

type ManagementTableConfig struct {
	DefaultTableName string
	PermissionMethod string // e.g., "GrantConnectionManagement", "GrantEventManagement"
}

ManagementTableConfig defines configuration for creating management tables

type MetricConfiguration 

type MetricConfiguration struct {
	// Enable detailed metrics
	DetailedMetrics *bool
	// Custom dimensions
	Dimensions *map[string]*string
	// Metric resolution (1 or 60 seconds)
	Resolution *float64
	// Percentiles to track
	Percentiles *[]*float64
	// Enable custom business metrics
	EnableBusinessMetrics *bool
}

MetricConfiguration defines advanced metric configuration

type MonitorableResource 

type MonitorableResource interface {
	// GetResourceName returns the name of the resource
	GetResourceName() *string
}

MonitorableResource interface for resources that can be monitored

type MonitoredFunction 

type MonitoredFunction struct {
	constructs.Construct
	Function  *LiftFunction
	Dashboard awscloudwatch.Dashboard
	Alarms    map[string]awscloudwatch.Alarm
}

MonitoredFunction is a Lambda function with comprehensive monitoring

func NewMonitoredFunction 

func NewMonitoredFunction(scope constructs.Construct, id *string, props *MonitoredFunctionProps) *MonitoredFunction

NewMonitoredFunction creates a Lambda function with comprehensive monitoring

func (*MonitoredFunction) AddCommonLogInsightsQueries 

func (f *MonitoredFunction) AddCommonLogInsightsQueries()

AddCommonLogInsightsQueries adds common CloudWatch Logs Insights queries

func (*MonitoredFunction) AddCustomMetric 

func (f *MonitoredFunction) AddCustomMetric(metricName *string, namespace *string, dimensions *map[string]*string) awscloudwatch.Metric

AddCustomMetric adds a custom metric to the dashboard

func (*MonitoredFunction) AddLogInsightsQuery 

func (f *MonitoredFunction) AddLogInsightsQuery(queryName *string, queryString *string)

AddLogInsightsQuery adds a CloudWatch Logs Insights query to the dashboard

func (*MonitoredFunction) GetAlarm 

func (f *MonitoredFunction) GetAlarm(name string) awscloudwatch.Alarm

GetAlarm returns a specific alarm by name

func (*MonitoredFunction) GetDashboard 

func (f *MonitoredFunction) GetDashboard() awscloudwatch.Dashboard

GetDashboard returns the CloudWatch dashboard

func (*MonitoredFunction) GetFunction 

func (f *MonitoredFunction) GetFunction() awslambda.Function

GetFunction returns the underlying Lambda function

type MonitoredFunctionProps 

type MonitoredFunctionProps struct {
	LiftFunctionProps
	// Enable CloudWatch dashboard
	EnableDashboard *bool
	// Dashboard name (optional - will generate if not provided)
	DashboardName *string
	// Alarm configuration
	AlarmConfig *AlarmConfig
	// Custom metrics namespace
	MetricsNamespace *string
	// Enable enhanced monitoring (Lambda Insights)
	EnableLambdaInsights *bool
	// Log level (ERROR, WARN, INFO, DEBUG)
	LogLevel *string
	// Enable CloudWatch Logs Insights queries
	EnableLogInsightsQueries *bool
}

MonitoredFunctionProps extends LiftFunctionProps with monitoring configuration

type RateLimitTableProps 

type RateLimitTableProps struct {
	// Table name
	TableName *string
	// TTL attribute name for automatic cleanup
	TimeToLiveAttribute *string
}

RateLimitTableProps defines properties for creating a rate limit table

type RateLimitType 

type RateLimitType string

RateLimitType defines the type of rate limiting 

const (
	RateLimitTypeIP     RateLimitType = "IP"
	RateLimitTypeUser   RateLimitType = "USER"
	RateLimitTypeTenant RateLimitType = "TENANT"
)

type RateLimitedFunction 

type RateLimitedFunction struct {
	constructs.Construct
	Function  *LiftFunction
	RateTable *LiftTable
	// contains filtered or unexported fields
}

RateLimitedFunction is a Lambda function with built-in rate limiting using DynamORM

func NewRateLimitedFunction 

func NewRateLimitedFunction(scope constructs.Construct, id *string, props *RateLimitedFunctionProps) *RateLimitedFunction

NewRateLimitedFunction creates a Lambda function with rate limiting capabilities

func (*RateLimitedFunction) AddRateLimitAlarm 

func (f *RateLimitedFunction) AddRateLimitAlarm(alarmName *string, threshold *float64) awscloudwatch.IAlarm

AddRateLimitAlarm adds a CloudWatch alarm for rate limit violations

func (*RateLimitedFunction) GetFunction 

func (f *RateLimitedFunction) GetFunction() awslambda.Function

GetFunction returns the underlying Lambda function

func (*RateLimitedFunction) GetTable 

func (f *RateLimitedFunction) GetTable() *LiftTable

GetTable returns the rate limiting table

type RateLimitedFunctionProps 

type RateLimitedFunctionProps struct {
	// Embedded struct first (largest)
	LiftFunctionProps
	// Pointers (8 bytes each)
	WindowSeconds *float64
	Limit         *float64
	TableName     *string
	EnableMetrics *bool
	// Smaller types last
	RateLimitType RateLimitType
}

RateLimitedFunctionProps extends LiftFunctionProps with rate limiting configuration Memory optimized: 760 → 752 bytes (8 bytes saved)

type RequestTrackingTable 

type RequestTrackingTable struct {
	*LiftTable
	// contains filtered or unexported fields
}

RequestTrackingTable is a table for tracking API requests and their async processing

func NewRequestTrackingTable 

func NewRequestTrackingTable(scope constructs.Construct, id *string, props *RequestTrackingTableProps) *RequestTrackingTable

NewRequestTrackingTable creates a new request tracking table The table uses standard pk/sk attributes - GSIs should be defined in DynamORM models

type RequestTrackingTableProps 

type RequestTrackingTableProps struct {
	// Table name
	TableName *string
	// TTL attribute name for automatic cleanup
	TimeToLiveAttribute *string
}

RequestTrackingTableProps defines properties for the request tracking table

type RequestValidator 

type RequestValidator struct {
	// Validate request body
	ValidateBody *bool
	// Validate request parameters
	ValidateParameters *bool
	// JSON schema for body validation
	BodySchema interface{}
}

RequestValidator defines validation rules for API requests

type RouteOptions 

type RouteOptions struct {
	// Authorizer for this route
	Authorizer awsapigatewayv2.IHttpRouteAuthorizer
	// Request validation
	RequestValidator *RequestValidator
	// Route-specific throttling
	ThrottleRateLimit  *float64
	ThrottleBurstLimit *float64
}

RouteOptions defines options for API routes

type S3EventFilter 

type S3EventFilter struct {
	Prefix *string
	Suffix *string
}

S3EventFilter defines event filtering options

type S3Processor 

type S3Processor struct {
	constructs.Construct

	// The Lambda function processing S3 events
	Function *LiftFunction

	// The S3 bucket
	Bucket awss3.IBucket

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Event source mapping
	EventSource awslambdaeventsources.S3EventSource

	// Replication bucket (if cross-region replication is enabled)
	ReplicationBucket awss3.IBucket
}

S3Processor represents an S3 bucket with Lambda processor

func NewS3Processor 

func NewS3Processor(scope constructs.Construct, id *string, props *S3ProcessorProps) *S3Processor

NewS3Processor creates a new S3 processor construct

func (*S3Processor) AddCorsRule 

func (s *S3Processor) AddCorsRule(rule *awss3.CorsRule)

AddCorsRule adds a CORS rule to the bucket

func (*S3Processor) AddEnvironmentVariable 

func (s *S3Processor) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*S3Processor) EnableCORS 

func (s *S3Processor) EnableCORS(rules []*awss3.CorsRule)

EnableCORS enables CORS on the bucket

func (*S3Processor) GetBucketArn 

func (s *S3Processor) GetBucketArn() *string

GetBucketArn returns the bucket ARN

func (*S3Processor) GetBucketDomainName 

func (s *S3Processor) GetBucketDomainName() *string

GetBucketDomainName returns the bucket domain name

func (*S3Processor) GetBucketName 

func (s *S3Processor) GetBucketName() *string

GetBucketName returns the bucket name

func (*S3Processor) GrantDelete 

func (s *S3Processor) GrantDelete(grantee awslambda.IFunction)

GrantDelete grants permission to delete objects from the bucket

func (*S3Processor) GrantRead 

func (s *S3Processor) GrantRead(grantee awslambda.IFunction)

GrantRead grants permission to read from the bucket

func (*S3Processor) GrantReadWrite 

func (s *S3Processor) GrantReadWrite(grantee awslambda.IFunction)

GrantReadWrite grants permission to read and write to the bucket

func (*S3Processor) GrantWrite 

func (s *S3Processor) GrantWrite(grantee awslambda.IFunction)

GrantWrite grants permission to write to the bucket

func (*S3Processor) SetBucketPolicy 

func (s *S3Processor) SetBucketPolicy(policy map[string]interface{})

SetBucketPolicy sets a bucket policy

type S3ProcessorProps 

type S3ProcessorProps struct {
	// Lambda function properties
	FunctionProps awslambda.FunctionProps

	// S3 bucket properties (optional - creates new bucket if not provided)
	BucketProps *awss3.BucketProps

	// Existing bucket to use (optional - creates new if not provided)
	ExistingBucket awss3.IBucket

	// S3 event types to process (default: ObjectCreated)
	EventTypes *[]awss3.EventType

	// Key prefix filter for S3 events (optional)
	KeyPrefix *string

	// Key suffix filter for S3 events (optional)
	KeySuffix *string

	// Dead letter queue properties (optional)
	DeadLetterQueueProps *awssqs.QueueProps

	// Enable dead letter queue (default: true)
	EnableDeadLetterQueue *bool

	// S3 event source configuration
	EventSourceProps *awslambdaeventsources.S3EventSourceProps

	// Additional S3 processor settings
	BatchSize         *float64        // Default: 10
	MaxBatchingWindow awscdk.Duration // Default: 5 seconds

	// Multi-region support
	CrossRegionReplication *bool
	ReplicationBucket      awss3.IBucket

	// Lifecycle rules
	EnableLifecycleRules *bool
	LifecycleRules       *[]*awss3.LifecycleRule

	// External bucket support
	ExternalBucket awss3.IBucket

	// Event filtering
	EventFilter *S3EventFilter

	// Access logging
	EnableAccessLogging *bool
	AccessLogsBucket    awss3.IBucket
	AccessLogsPrefix    *string

	// Versioning and backup
	EnableVersioning *bool
	EnableBackup     *bool

	// Lift-specific settings
	EnableTracing     *bool
	EnableMultiTenant *bool
	EnableMonitoring  *bool
}

S3ProcessorProps defines properties for an S3 processor

type SNSProcessor 

type SNSProcessor struct {
	constructs.Construct
	Topic    awssns.ITopic
	Function LiftFunction
	DLQ      awssqs.IQueue
}

SNSProcessor creates an SNS topic with Lambda processor and optional DLQ

func NewSNSProcessor 

func NewSNSProcessor(scope constructs.Construct, id *string, props *SNSProcessorProps) *SNSProcessor

NewSNSProcessor creates a new SNS processor with Lambda function

func (*SNSProcessor) AddSubscription 

func (s *SNSProcessor) AddSubscription(subscription awssns.ITopicSubscription) awssns.Subscription

AddSubscription adds a new subscription to the topic

func (*SNSProcessor) GetDLQUrl 

func (s *SNSProcessor) GetDLQUrl() *string

GetDLQUrl returns the DLQ URL if DLQ is enabled

func (*SNSProcessor) GetTopicArn 

func (s *SNSProcessor) GetTopicArn() *string

GetTopicArn returns the SNS topic ARN

func (*SNSProcessor) GetTopicName 

func (s *SNSProcessor) GetTopicName() *string

GetTopicName returns the SNS topic name

func (*SNSProcessor) GrantPublish 

func (s *SNSProcessor) GrantPublish(grantee awsiam.IGrantable) awsiam.Grant

GrantPublish grants SNS publish permissions to a principal

func (*SNSProcessor) GrantSubscribe 

func (s *SNSProcessor) GrantSubscribe(grantee awsiam.IGrantable) awsiam.Grant

GrantSubscribe grants SNS subscribe permissions to a principal

type SNSProcessorProps 

type SNSProcessorProps struct {
	// The Lambda function configuration
	FunctionProps *LiftFunctionProps `field:"required"`

	// Optional: Topic configuration
	TopicProps *awssns.TopicProps `field:"optional"`

	// Optional: Use an existing topic instead of creating a new one
	ExistingTopic awssns.ITopic `field:"optional"`

	// Optional: SNS subscription configuration
	SubscriptionProps *awslambdaeventsources.SnsEventSourceProps `field:"optional"`

	// Optional: Enable dead letter queue for failed messages
	EnableDLQ *bool `field:"optional"`

	// Optional: DLQ configuration
	DLQProps *awssqs.QueueProps `field:"optional"`

	// Optional: Message filtering policy
	FilterPolicy *map[string]awssns.SubscriptionFilter `field:"optional"`

	// Optional: Enable FIFO topic
	EnableFifo *bool `field:"optional"`

	// Optional: Enable content-based deduplication
	ContentBasedDeduplication *bool `field:"optional"`

	// Optional: Message retention period in seconds (1 hour to 14 days)
	MessageRetentionSeconds *float64 `field:"optional"`

	// Optional: Display name for the topic
	DisplayName *string `field:"optional"`

	// Optional: Subscription protocol (defaults to lambda)
	Protocol *string `field:"optional"`

	// Optional: Raw message delivery
	RawMessageDelivery *bool `field:"optional"`
}

SNSProcessorProps defines the properties for creating an SNS processor

type SQSProcessor 

type SQSProcessor struct {
	constructs.Construct

	// The Lambda function processing SQS messages
	Function *LiftFunction

	// The SQS queue
	Queue awssqs.IQueue

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Event source mapping
	EventSource awslambdaeventsources.SqsEventSource
}

SQSProcessor represents an SQS queue with Lambda processor

func NewSQSProcessor 

func NewSQSProcessor(scope constructs.Construct, id *string, props *SQSProcessorProps) *SQSProcessor

NewSQSProcessor creates a new SQS processor construct

func (*SQSProcessor) AddEnvironmentVariable 

func (s *SQSProcessor) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*SQSProcessor) GetQueueArn 

func (s *SQSProcessor) GetQueueArn() *string

GetQueueArn returns the queue ARN

func (*SQSProcessor) GetQueueName 

func (s *SQSProcessor) GetQueueName() *string

GetQueueName returns the queue name

func (*SQSProcessor) GetQueueUrl 

func (s *SQSProcessor) GetQueueUrl() *string

GetQueueUrl returns the queue URL

func (*SQSProcessor) GrantConsumeMessages 

func (s *SQSProcessor) GrantConsumeMessages(grantee awslambda.IFunction)

GrantConsumeMessages grants permission to consume messages from the queue

func (*SQSProcessor) GrantSendMessages 

func (s *SQSProcessor) GrantSendMessages(grantee awslambda.IFunction)

GrantSendMessages grants permission to send messages to the queue

type SQSProcessorProps 

type SQSProcessorProps struct {
	// Lambda function properties
	FunctionProps awslambda.FunctionProps

	// SQS queue properties (optional - creates new queue if not provided)
	QueueProps *awssqs.QueueProps

	// Existing queue to use (optional - creates new if not provided)
	ExistingQueue awssqs.IQueue

	// Dead letter queue properties (optional)
	DeadLetterQueueProps *awssqs.QueueProps

	// Enable dead letter queue (default: true)
	EnableDeadLetterQueue *bool

	// SQS event source configuration
	EventSourceProps *awslambdaeventsources.SqsEventSourceProps

	// Additional SQS processor settings
	BatchSize                       *float64        // Default: 10
	MaxBatchingWindow               awscdk.Duration // Default: 5 seconds
	VisibilityTimeout               awscdk.Duration // Default: 6 times function timeout
	MessageRetentionPeriod          awscdk.Duration // Default: 14 days
	MaxReceiveCount                 *float64        // Default: 3
	EnableContentBasedDeduplication *bool           // For FIFO queues
	FifoQueue                       *bool           // Default: false
	ReceiveMessageWaitTimeSeconds   *float64        // For long polling (0-20)

	// Lift-specific settings
	EnableTracing     *bool
	EnableMultiTenant *bool
	EnableMonitoring  *bool
}

SQSProcessorProps defines properties for an SQS processor

type SecretConfig 

type SecretConfig struct {
	RotationLambda   awslambda.IFunction
	RotationSchedule *awssecretsmanager.RotationScheduleOptions
	Name             string
	Description      string
	Template         string
	GenerateKey      string
	ExcludeChars     string
	Length           float64
	EnableRotation   bool
}

SecretConfig defines configuration for secrets

type SecureFunction 

type SecureFunction struct {
	constructs.Construct
	Function      *LiftFunction
	SecurityGroup awsec2.ISecurityGroup
	KmsKey        awskms.IKey
	Vpc           awsec2.IVpc
	VpcEndpoints  map[string]awsec2.InterfaceVpcEndpoint
}

SecureFunction is a Lambda function with enhanced security features

func NewSecureFunction 

func NewSecureFunction(scope constructs.Construct, id *string, props *SecureFunctionProps) *SecureFunction

NewSecureFunction creates a Lambda function with enhanced security

func (*SecureFunction) AddVPCEndpoint 

func (f *SecureFunction) AddVPCEndpoint(service awsec2.InterfaceVpcEndpointAwsService) awsec2.InterfaceVpcEndpoint

AddVPCEndpoint adds a VPC endpoint for an AWS service

func (*SecureFunction) EnableSecretsManagerAccess 

func (f *SecureFunction) EnableSecretsManagerAccess()

EnableSecretsManagerAccess adds VPC endpoint and permissions for Secrets Manager

func (*SecureFunction) GetFunction 

func (f *SecureFunction) GetFunction() awslambda.Function

GetFunction returns the underlying Lambda function

func (*SecureFunction) GetKmsKey 

func (f *SecureFunction) GetKmsKey() awskms.IKey

GetKmsKey returns the KMS key used for encryption

func (*SecureFunction) GetSecurityGroup 

func (f *SecureFunction) GetSecurityGroup() awsec2.ISecurityGroup

GetSecurityGroup returns the security group

func (*SecureFunction) RestrictInboundAccess 

func (f *SecureFunction) RestrictInboundAccess()

RestrictInboundAccess removes all inbound rules from the security group

type SecureFunctionProps 

type SecureFunctionProps struct {
	LiftFunctionProps
	// VPC to deploy the function in (optional - will create if not provided)
	Vpc awsec2.IVpc
	// VPC subnets to use (defaults to private subnets)
	VpcSubnets *awsec2.SubnetSelection
	// Security group IDs to attach
	SecurityGroupIds *[]*string
	// Enable KMS encryption for environment variables
	EnableKMSEncryption *bool
	// KMS key for encryption (optional - will create if not provided)
	KmsKey awskms.IKey
	// Secrets to inject from Secrets Manager
	Secrets *map[string]awssecretsmanager.ISecret
	// Enable private endpoints only (no internet access)
	PrivateOnly *bool
	// Additional security policies to attach
	AdditionalPolicies *[]awsiam.PolicyStatement
}

SecureFunctionProps extends LiftFunctionProps with security configuration

type SecurityRule 

type SecurityRule struct {
	Source      awsec2.IPeer
	Protocol    awsec2.Protocol
	Description string
	RuleAction  string
	Port        float64
}

SecurityRule defines a network security rule

type SnapshotStrategy 

type SnapshotStrategy string

SnapshotStrategy defines how snapshots are handled 

const (
	SnapshotStrategy_DISABLED   SnapshotStrategy = "DISABLED"
	SnapshotStrategy_FREQUENCY  SnapshotStrategy = "FREQUENCY"
	SnapshotStrategy_SIZE_BASED SnapshotStrategy = "SIZE_BASED"
	SnapshotStrategy_TIME_BASED SnapshotStrategy = "TIME_BASED"
)

type StreamProcessor added in v1.0.42 

type StreamProcessor struct {
	constructs.Construct

	// The Lambda function processing the stream
	Function *LiftFunction

	// The table with streams
	Table *StreamingTable

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Event source mapping
	EventSource awslambdaeventsources.DynamoEventSource
}

StreamProcessor processes DynamoDB streams with Lambda

func NewStreamProcessor added in v1.0.42 

func NewStreamProcessor(scope constructs.Construct, id *string, props *StreamProcessorProps) *StreamProcessor

NewStreamProcessor creates a new stream processor construct

type StreamProcessorProps added in v1.0.42 

type StreamProcessorProps struct {
	// Pointers first (8 bytes each)
	StreamingTable          *StreamingTable
	DeadLetterQueueProps    *awssqs.QueueProps
	EventSourceProps        *awslambdaeventsources.DynamoEventSourceProps
	BatchSize               *float64
	RetryAttempts           *float64
	ParallelizationFactor   *float64
	EnableDeadLetterQueue   *bool
	BisectBatchOnError      *bool
	ReportBatchItemFailures *bool
	// Duration structs (16 bytes each)
	MaxBatchingWindow awscdk.Duration
	MaxRecordAge      awscdk.Duration
	TumblingWindow    awscdk.Duration
	// Large struct
	FunctionProps awslambda.FunctionProps
	// Medium types
	StartingPosition awslambda.StartingPosition
}

StreamProcessorProps defines properties for a stream processor Memory optimized: 792 → 784 bytes (8 bytes saved)

type StreamingTable 

type StreamingTable struct {
	*LiftTable
	// contains filtered or unexported fields
}

StreamingTable is a table with DynamoDB Streams enabled

func NewStreamingTable 

func NewStreamingTable(scope constructs.Construct, id *string, props *StreamingTableProps) *StreamingTable

NewStreamingTable creates a new DynamoDB table with streams The table uses standard pk/sk attributes - GSIs should be defined in DynamORM models

func (*StreamingTable) GetResourceName added in v1.0.42 

func (s *StreamingTable) GetResourceName() *string

GetResourceName returns the resource name for monitoring (implements MonitorableResource interface)

func (*StreamingTable) GetStreamArn 

func (s *StreamingTable) GetStreamArn() *string

GetStreamArn returns the DynamoDB stream ARN

func (*StreamingTable) GetTableArn added in v1.0.42 

func (s *StreamingTable) GetTableArn() *string

GetTableArn returns the table ARN

func (*StreamingTable) GetTableName added in v1.0.42 

func (s *StreamingTable) GetTableName() *string

GetTableName returns the table name

func (*StreamingTable) GrantStreamRead 

func (s *StreamingTable) GrantStreamRead(grantee awsiam.IGrantable) awsiam.Grant

GrantStreamRead grants stream read permissions

type StreamingTableProps 

type StreamingTableProps struct {
	// Pointers first (8 bytes each)
	TableName           *string
	TimeToLiveAttribute *string
	ReadCapacity        *float64
	WriteCapacity       *float64
	EnableAutoScaling   *bool
	// Enum last
	StreamViewType awsdynamodb.StreamViewType
}

StreamingTableProps defines properties for creating a streaming table Memory optimized: 56 → 48 bytes (8 bytes saved)

type VPCEndpointConfig added in v1.0.59 

type VPCEndpointConfig struct {
	EnableSecretsManager       *bool
	EnableCloudWatchLogs       *bool
	EnableXRay                 *bool
	EnableKMS                  *bool
	EnableCloudWatchMonitoring *bool
	PrivateDNSEnabled          *bool // Default true, set false to avoid conflicts in shared VPCs
}

VPCEndpointConfig defines which VPC endpoints to create

type WAFCustomRule 

type WAFCustomRule struct {
	Name        string
	Statement   string
	Action      string
	Description string
	Priority    float64
}

WAFCustomRule defines a custom WAF rule

type WAFRuleConfig 

type WAFRuleConfig struct {
	EnableRateLimit      *bool
	RateLimit            *float64
	EnableSQLiProtection *bool
	EnableXSSProtection  *bool
	EnableKnownBadInputs *bool
	CustomRules          *[]WAFCustomRule
	IPWhitelist          *[]*string
	IPBlacklist          *[]*string
	GeoBlocking          *[]string
}

WAFRuleConfig defines WAF rule configuration

type WebSocketAPI 

type WebSocketAPI struct {
	constructs.Construct

	// The WebSocket API
	WebSocketApi awsapigatewayv2.WebSocketApi

	// The stage
	Stage awsapigatewayv2.WebSocketStage

	// Connection management table (DynamORM-based)
	ConnectionTable *ConnectionTable

	// Routes map
	Routes map[string]awsapigatewayv2.WebSocketRoute

	// Access log group
	AccessLogGroup awslogs.ILogGroup
}

WebSocketAPI represents a WebSocket API Gateway with Lambda integration

func NewWebSocketAPI 

func NewWebSocketAPI(scope constructs.Construct, id *string, props *WebSocketAPIProps) *WebSocketAPI

NewWebSocketAPI creates a new WebSocket API construct using DynamORM

func (*WebSocketAPI) AddRoute 

func (w *WebSocketAPI) AddRoute(routeKey string, function awslambda.IFunction, config *WebSocketRouteConfig) awsapigatewayv2.WebSocketRoute

AddRoute adds a new route to the WebSocket API

func (*WebSocketAPI) GetConnectionTableName 

func (w *WebSocketAPI) GetConnectionTableName() *string

GetConnectionTableName returns the connection table name

func (*WebSocketAPI) GetWebSocketURL 

func (w *WebSocketAPI) GetWebSocketURL() *string

GetWebSocketURL returns the WebSocket URL

func (*WebSocketAPI) GrantApiInvoke 

func (w *WebSocketAPI) GrantApiInvoke(grantee awsiam.IGrantable) awsiam.Grant

GrantApiInvoke grants permission to invoke the WebSocket API

func (*WebSocketAPI) GrantConnectionManagement 

func (w *WebSocketAPI) GrantConnectionManagement(grantee awsiam.IGrantable) awsiam.Grant

GrantConnectionManagement grants permissions to manage WebSocket connections

type WebSocketAPIProps 

type WebSocketAPIProps struct {
	AccessLogGroup             awslogs.ILogGroup
	DefaultAuthorizer          awsapigatewayv2.IWebSocketRouteAuthorizer
	DefaultRouteFunction       awslambda.IFunction
	ConnectRouteFunction       awslambda.IFunction
	DisconnectRouteFunction    awslambda.IFunction
	StageName                  *string
	ThrottleBurstLimit         *float64
	ApiName                    *string
	Description                *string
	RouteSelectionExpression   *string
	EnableDeadLetterQueue      *bool
	ThrottleRateLimit          *float64
	ConnectionTableProps       *ConnectionTableProps
	EnableConnectionManagement *bool
	AutoDeploy                 *bool
	EnableAccessLogging        *bool
	EnableTracing              *bool
	EnableMultiTenant          *bool
	EnableMonitoring           *bool
	Routes                     []*WebSocketRouteConfig
}

WebSocketAPIProps defines properties for a WebSocket API Memory optimized: 216 → 200 bytes (16 bytes saved)

type WebSocketRouteConfig 

type WebSocketRouteConfig struct {
	// Route key (e.g., "$connect", "$disconnect", defaultRoute, "custom")
	RouteKey *string
	// Lambda function for this route
	Function awslambda.IFunction
	// Whether this route requires authorization
	RequireAuthorization *bool
	// Custom authorizer for this route
	Authorizer awsapigatewayv2.IWebSocketRouteAuthorizer
}

WebSocketRouteConfig defines configuration for WebSocket routes

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.