constructs

package
v1.0.83 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 6, 2026 License: Apache-2.0 Imports: 42 Imported by: 0

Documentation

Overview

Package constructs provides AWS CDK constructs for Lift applications.

This package contains high-level CDK constructs that implement Lift's best practices for AWS infrastructure. The constructs include optimized configurations for API Gateway, Lambda functions, DynamoDB tables, and other AWS services.

Package constructs provides AWS CDK constructs for Lift applications.

This package contains high-level CDK constructs that implement Lift's best practices for AWS infrastructure. The constructs include optimized configurations for API Gateway, Lambda functions, DynamoDB tables, and other AWS services.

Package constructs provides AWS CDK constructs for Lift applications.

This package contains high-level CDK constructs that implement Lift's best practices for AWS infrastructure. The constructs include optimized configurations for API Gateway, Lambda functions, DynamoDB tables, and other AWS services.

Package constructs provides AWS CDK constructs for Lift applications.

Package constructs provides AWS CDK constructs for Lift applications.

This package contains high-level CDK constructs that implement Lift's best practices for AWS infrastructure. The constructs include optimized configurations for API Gateway, Lambda functions, DynamoDB tables, and other AWS services.

Base Management Table

The base_management_table.go file provides common functionality for creating and managing DynamoDB tables used for various management purposes in Lift applications. It includes helper functions for creating tables with standard settings and granting appropriate permissions.

Package constructs provides AWS CDK constructs for Lift applications.

This package contains high-level CDK constructs that implement Lift's best practices for AWS infrastructure. The constructs include optimized configurations for API Gateway, Lambda functions, DynamoDB tables, and other AWS services.

Connection Table

The connection_table.go file provides constructs for managing WebSocket connections in Lift applications. It includes functionality for creating and managing DynamoDB tables that store WebSocket connection information and related metadata.

Index

Constants

View Source 
const (
	// PermissionRead grants read-only access
	PermissionRead = "read"
	// PermissionReadWrite grants read and write access
	PermissionReadWrite = "readwrite"
)

Permission constants for Lambda functions

Variables

This section is empty.

Functions

func AddStandardLambdaAlarms added in v1.0.58 

func AddStandardLambdaAlarms(scope constructs.Construct, namePrefix string, fn awslambda.IFunction)

AddStandardLambdaAlarms creates common Lambda alarms (errors, throttles, duration).

func CORSExposeHeaders added in v1.0.60 

func CORSExposeHeaders() *[]*string

CORSExposeHeaders returns standard CORS expose headers

func CORSHeaders added in v1.0.60 

func CORSHeaders() *[]*string

CORSHeaders returns standard CORS headers used across all API types

func CORSMethods added in v1.0.60 

func CORSMethods() []string

CORSMethods returns standard CORS methods

func CreateAPILogGroup added in v1.0.60 

func CreateAPILogGroup(scope constructs.Construct, apiName *string, existingLogGroup awslogs.ILogGroup) awslogs.ILogGroup

CreateAPILogGroup creates a CloudWatch log group for API access logs

func CreateStandardLambdaFunction added in v1.0.58 

func CreateStandardLambdaFunction(scope constructs.Construct, id string, bucket awss3.Bucket, encryptionKey awskms.Key, config LambdaFunctionConfig) awslambda.Function

CreateStandardLambdaFunction creates a Lambda function with common configurations

func EnableS3LambdaMonitoring added in v1.0.58 

func EnableS3LambdaMonitoring(scope constructs.Construct, bucketName *string, fn awslambda.IFunction)

EnableS3LambdaMonitoring adds standard alarms plus concurrency alarm for S3 processors.

func EnableStreamLambdaMonitoring added in v1.0.58 

func EnableStreamLambdaMonitoring(scope constructs.Construct, tableName *string, fn awslambda.IFunction)

EnableStreamLambdaMonitoring adds standard alarms plus iterator age for stream processors.

func GenerateCRUDHandlerCode 

func GenerateCRUDHandlerCode(operation string) string

GenerateCRUDHandlerCode generates the Lambda handler code for a CRUD operation This is exported for use in CDK constructs

func SplitPath added in v1.0.60 

func SplitPath(path string) []string

SplitPath splits a URL path into segments

Types

type APICommonProps added in v1.0.60 

type APICommonProps struct {
	// Name of the API
	Name *string
	// Description of the API
	Description *string
	// Enable CORS
	EnableCORS *bool
	// CORS allowed origins (defaults to ["*"] if not specified)
	AllowOrigins *[]*string
	// Custom domain name
	DomainName *string
	// Certificate ARN for custom domain
	CertificateArn *string
	// Enable access logging
	EnableAccessLogging *bool
	// CloudWatch log group for access logs
	AccessLogGroup awslogs.ILogGroup
	// Throttle settings
	ThrottleRateLimit  *float64
	ThrottleBurstLimit *float64
	// Stage name
	StageName *string
}

APICommonProps contains shared properties for both REST and HTTP APIs

type APIGatewayAlarmsConfig added in v1.0.76 

type APIGatewayAlarmsConfig struct {
	BaseAlarmsConfig

	// ClientErrorThreshold is the threshold for 4xx errors
	// Default: 10
	ClientErrorThreshold *float64

	// ServerErrorThreshold is the threshold for 5xx errors
	// Default: 5
	ServerErrorThreshold *float64
}

APIGatewayAlarmsConfig defines configuration for API Gateway alarms

type APIGatewayAlarmsProps added in v1.0.76 

type APIGatewayAlarmsProps struct {
	// ApiId is the API Gateway ID (required)
	ApiId *string

	// StageName is the API Gateway stage name
	// Default: "latest"
	StageName *string

	// AlarmTopic is the SNS topic for alarm notifications (required)
	AlarmTopic awssns.ITopic

	// AlarmNamePrefix is the prefix for alarm names (required)
	// Example: "merchant-application-partner-stage"
	AlarmNamePrefix *string

	// Config contains threshold configuration (optional - uses defaults if nil)
	Config *APIGatewayAlarmsConfig
}

APIGatewayAlarmsProps defines properties for creating API Gateway alarms

type APIKeyAuthorizer 

type APIKeyAuthorizer struct {
	constructs.Construct
	Authorizer        awsapigatewayv2.IHttpRouteAuthorizer
	ValidatorFunction awslambda.IFunction
}

APIKeyAuthorizer provides API key authentication for HTTP APIs.

This construct creates an API key authorizer for HTTP APIs that validates API keys against a DynamoDB table. It includes a Lambda function for validation and caching of API key validation results.

func NewAPIKeyAuthorizer 

func NewAPIKeyAuthorizer(scope constructs.Construct, id *string, props *APIKeyAuthorizerProps) *APIKeyAuthorizer

NewAPIKeyAuthorizer creates a new API key authorizer.

This function creates a new API key authorizer with the following features: - Configurable API key source (header or query parameter) - Customizable API key parameter name - Optional custom validator function - DynamoDB table for API key storage - Caching of validation results

Parameters:

  • scope: The CDK construct scope
  • id: The construct ID
  • props: Configuration properties

Returns:

  • A new APIKeyAuthorizer instance

type APIKeyAuthorizerProps 

type APIKeyAuthorizerProps struct {
	// API key parameter source (header or query)
	APIKeySource *string `json:"apiKeySource"`
	// Parameter name (e.g., "X-API-Key" for header or "apiKey" for query)
	APIKeyParameter *string `json:"apiKeyParameter"`
	// Optional function to validate API keys (if not provided, creates one)
	ValidatorFunction awslambda.IFunction `json:"validatorFunction"`
	// DynamoDB table name for storing API keys (optional)
	APIKeyTableName *string `json:"apiKeyTableName"`
	// Cache results for this many seconds (0-3600)
	ResultsCacheTtl *float64 `json:"resultsCacheTtl"`
}

APIKeyAuthorizerProps defines properties for the API key authorizer.

This struct contains all configurable properties for creating an API key authorizer for HTTP APIs. The properties include API key source and parameter configuration, validator function, DynamoDB table for API key storage, and caching settings.

type AlarmConfig 

type AlarmConfig struct {
	// Enable error rate alarm
	EnableErrorAlarm *bool
	// Error rate threshold (percentage)
	ErrorRateThreshold *float64
	// Enable latency alarm
	EnableLatencyAlarm *bool
	// Latency threshold in milliseconds
	LatencyThreshold *float64
	// Enable throttle alarm
	EnableThrottleAlarm *bool
	// Throttle count threshold
	ThrottleThreshold *float64
	// Enable concurrent executions alarm
	EnableConcurrentAlarm *bool
	// Concurrent executions threshold
	ConcurrentThreshold *float64
	// SNS topic for alarm notifications
	AlarmTopic awssns.ITopic
}

AlarmConfig defines configuration for CloudWatch alarms

This struct contains all configurable properties for CloudWatch alarms including error rate, latency, throttling, and concurrent execution alarms. It also includes configuration for SNS topic notifications.

type AlarmThresholds 

type AlarmThresholds struct {
	// Error rate threshold (percentage)
	ErrorRate *float64
	// Latency threshold (milliseconds)
	LatencyP99 *float64
	// Throttle count threshold
	ThrottleCount *float64
	// Concurrent executions threshold
	ConcurrentExecutions *float64
	// Custom thresholds
	CustomThresholds *map[string]*float64
}

AlarmThresholds defines threshold configuration for alarms

type AuditLevel 

type AuditLevel string

AuditLevel defines the level of audit logging 

const (
	// AuditLevelBasic provides basic audit logging
	AuditLevelBasic AuditLevel = "BASIC"
	// AuditLevelDetailed provides detailed audit logging
	AuditLevelDetailed AuditLevel = "DETAILED"
	// AuditLevelComprehensive provides comprehensive audit logging
	AuditLevelComprehensive AuditLevel = "COMPREHENSIVE"
)

type AuditingConstruct 

type AuditingConstruct struct {
	// AuditLogGroup is the CloudWatch log group for audit logs
	AuditLogGroup awslogs.LogGroup
	// Embedded Construct for CDK compatibility
	constructs.Construct
	// EncryptionKey is the KMS key used for encrypting logs
	EncryptionKey awskms.Key
	// CloudTrail is the CloudTrail instance for API call logging
	CloudTrail awscloudtrail.Trail
	// ApplicationLogGroup is the CloudWatch log group for application logs
	ApplicationLogGroup awslogs.LogGroup
	// DatabaseLogGroup is the CloudWatch log group for database logs
	DatabaseLogGroup awslogs.LogGroup
	// AuditBucket is the S3 bucket for storing audit logs
	AuditBucket awss3.Bucket
	// LogProcessingFunction is the Lambda function for processing logs
	LogProcessingFunction awslambda.Function
	// AuditDashboard is the CloudWatch dashboard for monitoring audit logs
	AuditDashboard awscloudwatch.Dashboard
	// FirehoseDeliveryStream is the Kinesis Firehose for log delivery
	FirehoseDeliveryStream awskinesisfirehose.CfnDeliveryStream
	// LogStream is the Kinesis stream for log collection
	LogStream awskinesis.Stream
	// ComplianceFunction is the Lambda function for compliance checking
	ComplianceFunction awslambda.Function
	// IntegrityFunction is the Lambda function for integrity checking
	IntegrityFunction awslambda.Function
	// AuditAlarms is a list of CloudWatch alarms for audit log alerting
	AuditAlarms []awscloudwatch.Alarm
}

AuditingConstruct creates comprehensive audit logging infrastructure

This construct sets up a complete audit logging infrastructure including: - CloudWatch log groups for different types of logs - KMS encryption for logs - CloudTrail for API call logging - S3 bucket for log storage - Lambda functions for log processing - CloudWatch dashboard for monitoring - Kinesis Firehose for log delivery - Kinesis stream for log collection - Lambda functions for compliance and integrity checking - CloudWatch alarms for alerting

func NewAuditingConstruct 

func NewAuditingConstruct(scope constructs.Construct, id string, props *AuditingProps) *AuditingConstruct

NewAuditingConstruct creates a new auditing construct

This function creates a new auditing construct with the following features: - Configurable audit logging level (BASIC, DETAILED, COMPREHENSIVE) - Optional encryption for logs at rest and in transit - Optional CloudTrail for API call logging - Optional SIEM integration - Optional log analysis - Optional compliance reporting - Optional dashboard and alerting

Parameters:

  • scope: The CDK construct scope
  • id: The construct ID
  • props: Configuration properties

Returns:

  • A new AuditingConstruct instance

func (*AuditingConstruct) AddCustomAuditRule 

func (a *AuditingConstruct) AddCustomAuditRule(ruleId string, logGroup awslogs.LogGroup, filterPattern string)

AddCustomAuditRule adds a custom audit rule

func (*AuditingConstruct) EnableSIEMIntegration 

func (a *AuditingConstruct) EnableSIEMIntegration(_ string)

EnableSIEMIntegration enables SIEM integration for audit logs

func (*AuditingConstruct) GetAuditStatus 

func (a *AuditingConstruct) GetAuditStatus() map[string]interface{}

GetAuditStatus returns the current audit status

type AuditingProps 

type AuditingProps struct {
	// EncryptionKey is the KMS key used for encrypting audit logs
	EncryptionKey awskms.IKey
	// AuditBucket is the S3 bucket used for storing audit logs
	AuditBucket awss3.IBucket
	// EnableComplianceReporting enables compliance reporting features
	EnableComplianceReporting *bool
	// EnableImmutableLogs makes audit logs immutable to prevent tampering
	EnableImmutableLogs *bool
	// EnableDatabaseLogs enables database query logging
	EnableDatabaseLogs *bool
	// EnableRealTimeProcessing enables real-time log processing
	EnableRealTimeProcessing *bool
	// EnableTamperProtection enables tamper protection for audit logs
	EnableTamperProtection *bool
	// EnableLogAggregation enables log aggregation from multiple sources
	EnableLogAggregation *bool
	// LogRetentionDays specifies how many days to retain logs
	LogRetentionDays *float64
	// EnableSIEMIntegration enables integration with SIEM systems
	EnableSIEMIntegration *bool
	// SIEMEndpoint is the endpoint for SIEM integration
	SIEMEndpoint *string
	// EnableLogAnalysis enables automated log analysis
	EnableLogAnalysis *bool
	// ComplianceFrameworks specifies which compliance frameworks to support
	ComplianceFrameworks *[]string
	// EnableApplicationLogs enables application-level logging
	EnableApplicationLogs *bool
	// AppName is the name of the application being audited
	AppName *string
	// EnableCloudTrail enables AWS CloudTrail for API call logging
	EnableCloudTrail *bool
	// EnableEncryption enables encryption for logs at rest and in transit
	EnableEncryption *bool
	// EnableCrossAccountAccess enables cross-account access for audit logs
	EnableCrossAccountAccess *bool
	// CrossAccountRoleArns specifies the ARNs of roles for cross-account access
	CrossAccountRoleArns *[]*string
	// EnableIntegrityChecking enables integrity checking for audit logs
	EnableIntegrityChecking *bool
	// EnableDashboard enables a CloudWatch dashboard for audit logs
	EnableDashboard *bool
	// EnableAlerting enables CloudWatch alerts for audit logs
	EnableAlerting *bool
	// AlertTopicArn is the ARN of the SNS topic for alerts
	AlertTopicArn *string
	// Environment specifies the deployment environment (dev, test, prod)
	Environment *string
	// EnableRegulatoryCompliance enables features for regulatory compliance
	EnableRegulatoryCompliance *bool
	// AuditLevel specifies the level of audit logging (BASIC, DETAILED, COMPREHENSIVE)
	AuditLevel AuditLevel
}

AuditingProps defines properties for the Auditing construct

type BaseAlarmsConfig added in v1.0.78 

type BaseAlarmsConfig struct {
	// EvaluationPeriods is the number of periods to evaluate
	EvaluationPeriods *float64

	// Period is the evaluation period in seconds
	// Default: 300 (5 minutes)
	Period *float64
}

BaseAlarmsConfig contains common alarm configuration fields

type BaseManagementTableProps added in v1.0.58 

type BaseManagementTableProps struct {
	// Table name
	TableName *string
	// TTL attribute name for automatic cleanup
	TimeToLiveAttribute *string
	// Default table name if not provided
	DefaultTableName string
}

BaseManagementTableProps defines common properties for management tables.

This struct contains properties that are common to all management tables, including table name, TTL attribute, and default table name.

type ComplianceFramework 

type ComplianceFramework string

ComplianceFramework enumerates the supported compliance frameworks that can be enabled by the `ComplianceStack`. The value is used to drive AWS Config rule creation and Security Hub standard enablement.

Example: 

fw := constructs.SOC2          // Service Organization Control 2
props := &constructs.ComplianceStackProps{
    ComplianceFrameworks: &[]constructs.ComplianceFramework{fw},
}

const (
	// SOC2 Service Organization Control 2
	SOC2 ComplianceFramework = "SOC2"
	// HIPAA Health Insurance Portability and Accountability Act
	HIPAA ComplianceFramework = "HIPAA"
	// PCI_DSS Payment Card Industry Data Security Standard
	PCI_DSS ComplianceFramework = "PCI_DSS"
	// ISO27001 Information Security Management System
	ISO27001 ComplianceFramework = "ISO27001"
	// FedRAMP Federal Risk and Authorization Management Program
	FedRAMP ComplianceFramework = "FedRAMP"
	// GDPR General Data Protection Regulation
	GDPR ComplianceFramework = "GDPR"
)

type ComplianceStack 

type ComplianceStack struct {
	constructs.Construct
	CloudTrail         awscloudtrail.Trail
	ConfigRecorder     awsconfig.CfnConfigurationRecorder
	GuardDutyDetector  awsguardduty.CfnDetector
	SecurityHub        awssecurityhub.CfnHub
	ComplianceBucket   awss3.Bucket
	EncryptionKey      awskms.Key
	ComplianceLogGroup awslogs.LogGroup
	ComplianceFunction awslambda.Function
}

ComplianceStack is the concrete CDK construct that aggregates all resources required for a compliance‑focused deployment. It exposes references to the underlying AWS services so callers can further customize or attach additional permissions.

Example: 

cs := constructs.NewComplianceStack(stack, \"MyCompliance\", props)
fmt.Println(\"CloudTrail enabled?\", cs.CloudTrail != nil)

func NewComplianceStack 

func NewComplianceStack(scope constructs.Construct, id string, props *ComplianceStackProps) *ComplianceStack

NewComplianceStack is the public constructor for the `ComplianceStack` CDK construct. It validates input and wires together all sub‑components. The returned value can be used directly or stored in a variable for later reference.

Example: 

cs := constructs.NewComplianceStack(app, \"Compliance\", &constructs.ComplianceStackProps{
    AppName: jsii.String(\"demo\"),
})

func (*ComplianceStack) AddComplianceRule 

func (c *ComplianceStack) AddComplianceRule(ruleId string, ruleName string)

AddComplianceRule creates an additional AWS Config rule and attaches it to the stack. This method is handy when custom rules need to be introduced after the initial construct creation.

Example: 

cs.AddComplianceRule(\"CustomS3Encryption\", \"S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED\")

func (*ComplianceStack) GetComplianceStatus 

func (c *ComplianceStack) GetComplianceStatus() map[string]interface{}

GetComplianceStatus reports which optional services have been instantiated in the stack. The returned map contains boolean flags keyed by service name, useful for health‑checks or conditional logic in downstream constructs.

Example: 

status := cs.GetComplianceStatus()
if status[\"cloudtrail_enabled\"].(bool) {
    // do something
}

type ComplianceStackProps 

type ComplianceStackProps struct {
	// Application name for resource naming
	AppName *string

	// Compliance frameworks to implement
	ComplianceFrameworks *[]ComplianceFramework

	// Enable CloudTrail logging
	EnableCloudTrail *bool

	// Enable AWS Config rules
	EnableConfig *bool

	// Enable GuardDuty threat detection
	EnableGuardDuty *bool

	// Enable Security Hub
	EnableSecurityHub *bool

	// Enable data encryption at rest
	EnableEncryption *bool

	// Data retention period in days
	DataRetentionDays *float64

	// Enable compliance reports
	EnableComplianceReports *bool

	// S3 bucket for compliance data
	ComplianceBucket awss3.IBucket

	// KMS key for encryption
	EncryptionKey awskms.IKey

	// CloudWatch log group for compliance logs
	ComplianceLogGroup awslogs.ILogGroup

	// Enable detailed access logging
	EnableDetailedLogging *bool

	// Enable audit trail
	EnableAuditTrail *bool

	// Environment for compliance (dev, staging, prod)
	Environment *string

	// Organization ID for multi-account setup
	OrganizationId *string

	// Enable compliance automation
	EnableAutomation *bool

	// Notification topic ARN for compliance alerts
	NotificationTopicArn *string
}

ComplianceStackProps configures the behavior of a `ComplianceStack`. All fields are optional; sensible defaults are applied when values are omitted.

Example: 

props := &constructs.ComplianceStackProps{
    AppName:               jsii.String(\"myapp\"),
    EnableCloudTrail:      jsii.Bool(true),
    ComplianceFrameworks:  &[]constructs.ComplianceFramework{constructs.SOC2, constructs.HIPAA},
    DataRetentionDays:     jsii.Number(3650), // ten years
}

type ConnectionTable 

type ConnectionTable struct {
	*LiftTable
	// contains filtered or unexported fields
}

ConnectionTable is a table for managing WebSocket connections.

This struct represents a DynamoDB table specifically designed for storing and managing WebSocket connection information, including connection IDs, endpoints, and other metadata.

func NewConnectionTable 

func NewConnectionTable(scope constructs.Construct, id *string, props *ConnectionTableProps) *ConnectionTable

NewConnectionTable creates a new connection management table.

This function creates a DynamoDB table specifically designed for managing WebSocket connections. The table uses a primary key (PK) and sort key (SK) for storing connection IDs and metadata. Global Secondary Indexes (GSIs) should be defined in your DynamORM model structs for querying connections by different attributes.

Parameters:

  • scope: The CDK construct scope
  • id: The construct ID
  • props: Properties for the connection table

Returns:

  • A new ConnectionTable instance

func (*ConnectionTable) GrantConnectionManagement 

func (c *ConnectionTable) GrantConnectionManagement(grantee awsiam.IGrantable)

GrantConnectionManagement grants permissions to manage WebSocket connections.

This method grants read and write permissions on the connection table to the specified grantee, which is typically a Lambda function or other AWS service that needs to manage WebSocket connections.

Parameters:

  • grantee: The IAM principal to grant permissions to

type ConnectionTableProps 

type ConnectionTableProps struct {
	// Table name
	TableName *string
	// Enable TTL for automatic connection cleanup
	TimeToLiveAttribute *string
	// Enable default GSIs used by Lift's connection store (default: true)
	EnableConnectionIndexes *bool
}

ConnectionTableProps defines properties for the WebSocket connection table.

This struct contains properties for creating a DynamoDB table to manage WebSocket connections, including table name and TTL attribute for automatic cleanup.

type DynamORMEventStore 

type DynamORMEventStore struct {
	constructs.Construct

	// Event table for storing events
	EventTable *LiftTable

	// Snapshot table for storing snapshots
	SnapshotTable *LiftTable

	// S3 bucket for archival (if enabled)
	ArchivalBucket awss3.IBucket

	// CloudWatch metrics
	Metrics map[string]awscloudwatch.Metric

	// IAM roles for different access patterns
	EventReaderRole     awsiam.Role
	EventWriterRole     awsiam.Role
	SnapshotManagerRole awsiam.Role
	// contains filtered or unexported fields
}

DynamORMEventStore provides event sourcing capabilities using DynamORM

func NewDynamORMEventStore 

func NewDynamORMEventStore(scope constructs.Construct, id *string, props *DynamORMEventStoreProps) *DynamORMEventStore

NewDynamORMEventStore creates a new DynamORM event store construct

func (*DynamORMEventStore) GetArchivalBucket 

func (e *DynamORMEventStore) GetArchivalBucket() awss3.IBucket

GetArchivalBucket returns the archival bucket

func (*DynamORMEventStore) GetEnvironmentVariables 

func (e *DynamORMEventStore) GetEnvironmentVariables() *map[string]*string

GetEnvironmentVariables returns environment variables for Lambda functions

func (*DynamORMEventStore) GetEventReaderRole 

func (e *DynamORMEventStore) GetEventReaderRole() awsiam.Role

GetEventReaderRole returns the event reader IAM role

func (*DynamORMEventStore) GetEventStoreMetrics 

func (e *DynamORMEventStore) GetEventStoreMetrics() map[string]awscloudwatch.Metric

GetEventStoreMetrics returns event store CloudWatch metrics

func (*DynamORMEventStore) GetEventTable 

func (e *DynamORMEventStore) GetEventTable() *LiftTable

GetEventTable returns the event table

func (*DynamORMEventStore) GetEventWriterRole 

func (e *DynamORMEventStore) GetEventWriterRole() awsiam.Role

GetEventWriterRole returns the event writer IAM role

func (*DynamORMEventStore) GetSnapshotManagerRole 

func (e *DynamORMEventStore) GetSnapshotManagerRole() awsiam.Role

GetSnapshotManagerRole returns the snapshot manager IAM role

func (*DynamORMEventStore) GetSnapshotTable 

func (e *DynamORMEventStore) GetSnapshotTable() *LiftTable

GetSnapshotTable returns the snapshot table

func (*DynamORMEventStore) GrantEventReaderAccess 

func (e *DynamORMEventStore) GrantEventReaderAccess(grantee awslambda.IFunction)

GrantEventReaderAccess grants event reader access to a Lambda function

func (*DynamORMEventStore) GrantEventWriterAccess 

func (e *DynamORMEventStore) GrantEventWriterAccess(grantee awslambda.IFunction)

GrantEventWriterAccess grants event writer access to a Lambda function

func (*DynamORMEventStore) GrantFullAccess 

func (e *DynamORMEventStore) GrantFullAccess(grantee awslambda.IFunction)

GrantFullAccess grants full event store access to a Lambda function

func (*DynamORMEventStore) GrantSnapshotManagerAccess 

func (e *DynamORMEventStore) GrantSnapshotManagerAccess(grantee awslambda.IFunction)

GrantSnapshotManagerAccess grants snapshot manager access to a Lambda function

type DynamORMEventStoreProps 

type DynamORMEventStoreProps struct {
	ArchivalAfter          awscdk.Duration
	ArchivalBucket         awss3.IBucket
	EventTTL               awscdk.Duration
	SnapshotTimeInterval   awscdk.Duration
	SnapshotRetention      awscdk.Duration
	SnapshotFrequency      *int
	EnableEventEncryption  *bool
	Tags                   *map[string]*string
	EventTableName         *string
	SnapshotTableName      *string
	TenantAttribute        *string
	KMSKey                 *string
	ReadCapacity           *float64
	WriteCapacity          *float64
	EnableGSIs             *bool
	SnapshotSizeLimit      *int
	EnableMultiTenant      *bool
	EnableEventVersioning  *bool
	AlertThresholds        *EventStoreAlertThresholds
	EnableEventCompression *bool
	EventStreamEnabled     *bool
	SnapshotStreamEnabled  *bool
	EnableAutoScaling      *bool
	EnableArchival         *bool
	EnableMetrics          *bool
	EnableDetailedMetrics  *bool
	EnableEncryption       *bool
	Pattern                EventStorePattern
	SnapshotStrategy       SnapshotStrategy
	ProjectionQueries      []string
}

DynamORMEventStoreProps defines properties for DynamORM event store Memory optimized: 304 → 296 bytes (8 bytes saved)

type DynamoDBAlarmsConfig added in v1.0.76 

type DynamoDBAlarmsConfig struct {
	BaseAlarmsConfig

	// LatencyThreshold is the threshold in milliseconds for latency alarm
	// Default: 250
	LatencyThreshold *float64

	// ReadCapacityThreshold is the threshold for consumed read capacity units
	// Default: 900
	ReadCapacityThreshold *float64

	// WriteCapacityThreshold is the threshold for consumed write capacity units
	// Default: 900
	WriteCapacityThreshold *float64
}

DynamoDBAlarmsConfig defines configuration for DynamoDB alarms

type DynamoDBAlarmsProps added in v1.0.76 

type DynamoDBAlarmsProps struct {
	// TableName is the DynamoDB table name (required)
	TableName *string

	// AlarmTopic is the SNS topic for alarm notifications (required)
	AlarmTopic awssns.ITopic

	// AlarmNamePrefix is the prefix for alarm names (required)
	// Example: "merchant-application-partner-stage"
	AlarmNamePrefix *string

	// Config contains threshold configuration (optional - uses defaults if nil)
	Config *DynamoDBAlarmsConfig
}

DynamoDBAlarmsProps defines properties for creating DynamoDB alarms

type DynamoStreamProcessor 

type DynamoStreamProcessor struct {
	constructs.Construct

	// The Lambda function processing DynamoDB stream records
	Function *LiftFunction

	// The DynamORM streaming table
	StreamingTable *StreamingTable

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Event source mapping
	EventSource awslambdaeventsources.DynamoEventSource
}

DynamoStreamProcessor represents a DynamoDB table with stream processor using DynamORM

func NewDynamoStreamProcessor 

func NewDynamoStreamProcessor(scope constructs.Construct, id *string, props *DynamoStreamProcessorProps) *DynamoStreamProcessor

NewDynamoStreamProcessor creates a new DynamoDB stream processor construct using DynamORM

func (*DynamoStreamProcessor) AddEnvironmentVariable 

func (d *DynamoStreamProcessor) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*DynamoStreamProcessor) GetDeadLetterQueueUrl 

func (d *DynamoStreamProcessor) GetDeadLetterQueueUrl() *string

GetDeadLetterQueueUrl returns the DLQ URL if enabled

func (*DynamoStreamProcessor) GetStreamArn 

func (d *DynamoStreamProcessor) GetStreamArn() *string

GetStreamArn returns the DynamoDB stream ARN

func (*DynamoStreamProcessor) GetTableArn 

func (d *DynamoStreamProcessor) GetTableArn() *string

GetTableArn returns the table ARN

func (*DynamoStreamProcessor) GetTableName 

func (d *DynamoStreamProcessor) GetTableName() *string

GetTableName returns the table name

func (*DynamoStreamProcessor) GrantReadData 

func (d *DynamoStreamProcessor) GrantReadData(grantee awslambda.IFunction)

GrantReadData grants permission to read data from the table

func (*DynamoStreamProcessor) GrantReadWriteData 

func (d *DynamoStreamProcessor) GrantReadWriteData(grantee awslambda.IFunction)

GrantReadWriteData grants permission to read and write data to the table

func (*DynamoStreamProcessor) GrantStreamRead 

func (d *DynamoStreamProcessor) GrantStreamRead(grantee awslambda.IFunction)

GrantStreamRead grants permission to read from the DynamoDB stream

func (*DynamoStreamProcessor) GrantWriteData 

func (d *DynamoStreamProcessor) GrantWriteData(grantee awslambda.IFunction)

GrantWriteData grants permission to write data to the table

type DynamoStreamProcessorProps 

type DynamoStreamProcessorProps struct {
	// StreamingTableProps defines the properties of the underlying DynamORM streaming table.
	StreamingTableProps *StreamingTableProps
	// DeadLetterQueueProps configures an optional SQS dead‑letter queue for failed stream records.
	DeadLetterQueueProps *awssqs.QueueProps
	// EventSourceProps allows overriding any of the default DynamoDB event source settings.
	EventSourceProps *awslambdaeventsources.DynamoEventSourceProps

	// Optional fine‑grained tuning parameters. If nil, sensible defaults are applied.
	BatchSize               *float64 // Number of records to fetch per batch (default 10)
	RetryAttempts           *float64 // Max retry attempts for failed batches (default 10000)
	ParallelizationFactor   *float64 // Parallelism factor for batch processing (default 1)
	EnableDeadLetterQueue   *bool    // Whether to provision a dead‑letter queue (default true)
	BisectBatchOnError      *bool    // Split failing batch into smaller batches (default false)
	ReportBatchItemFailures *bool    // Report individual item failures to Lambda (default true)
	EnableTracing           *bool    // Enable X‑Ray tracing for the Lambda function
	EnableMultiTenant       *bool    // Configure the function for multi‑tenant use cases
	EnableMonitoring        *bool    // Attach CloudWatch monitoring dashboards

	// Duration settings control throttling and record retention.
	MaxBatchingWindow awscdk.Duration // Maximum time to wait before invoking the function (default 5 s)
	MaxRecordAge      awscdk.Duration // Maximum age of a stream record before it is discarded (default 24 h)
	TumblingWindow    awscdk.Duration // Optional tumbling window for aggregating records

	// FunctionProps contains the underlying Lambda configuration.
	FunctionProps awslambda.FunctionProps
	// StartingPosition specifies where the stream should start reading.
	StartingPosition awslambda.StartingPosition
}

DynamoStreamProcessorProps defines properties for a DynamoDB stream processor Memory optimized: 816 → 808 bytes (8 bytes saved)

type EnhancedMonitoring 

type EnhancedMonitoring struct {
	constructs.Construct
	Metrics       map[string]awscloudwatch.IMetric
	Alarms        map[string]awscloudwatch.IAlarm
	Dashboard     awscloudwatch.Dashboard
	LogGroup      awslogs.LogGroup
	MetricFilters map[string]awslogs.MetricFilter
}

EnhancedMonitoring provides comprehensive monitoring with real CloudWatch metrics

func NewEnhancedMonitoring 

func NewEnhancedMonitoring(scope constructs.Construct, id *string, props *EnhancedMonitoringProps) *EnhancedMonitoring

NewEnhancedMonitoring creates a comprehensive monitoring construct

func (*EnhancedMonitoring) AddCustomAlarm 

func (m *EnhancedMonitoring) AddCustomAlarm(name string, alarm awscloudwatch.IAlarm)

AddCustomAlarm adds a custom alarm to the monitoring

func (*EnhancedMonitoring) AddCustomMetric 

func (m *EnhancedMonitoring) AddCustomMetric(name string, metric awscloudwatch.IMetric)

AddCustomMetric adds a custom metric to the monitoring

func (*EnhancedMonitoring) GetAlarm 

func (m *EnhancedMonitoring) GetAlarm(name string) awscloudwatch.IAlarm

GetAlarm returns a specific alarm by name

func (*EnhancedMonitoring) GetMetric 

func (m *EnhancedMonitoring) GetMetric(name string) awscloudwatch.IMetric

GetMetric returns a specific metric by name

type EnhancedMonitoringProps 

type EnhancedMonitoringProps struct {
	// Resource to monitor
	Resource MonitorableResource
	// Custom namespace for metrics
	Namespace *string
	// Alert configuration
	AlertTopic awssns.ITopic
	// Dashboard configuration
	DashboardName *string
	// Metric configuration
	MetricConfig *MetricConfiguration
	// Alarm thresholds
	AlarmThresholds *AlarmThresholds
	// Enable real-time streaming
	EnableRealTimeStreaming *bool
	// Environment tag
	Environment *string
}

EnhancedMonitoringProps defines properties for enhanced monitoring

type EnhancedSecurity 

type EnhancedSecurity struct {
	constructs.Construct
	SecurityGroup    awsec2.SecurityGroup
	WAF              awswafv2.CfnWebACL
	Secrets          map[string]awssecretsmanager.Secret
	VPCFlowLogsGroup awslogs.LogGroup
	SecurityMetrics  map[string]awscloudwatch.IMetric
	VPCEndpoints     map[string]awsec2.InterfaceVpcEndpoint
}

EnhancedSecurity provides comprehensive security features

func NewEnhancedSecurity 

func NewEnhancedSecurity(scope constructs.Construct, id *string, props *EnhancedSecurityProps) *EnhancedSecurity

NewEnhancedSecurity creates a comprehensive security construct

func (*EnhancedSecurity) AddCustomSecurityRule 

func (s *EnhancedSecurity) AddCustomSecurityRule(rule SecurityRule, direction string)

AddCustomSecurityRule adds a custom security rule to the security group

func (*EnhancedSecurity) GetSecret 

func (s *EnhancedSecurity) GetSecret(name string) awssecretsmanager.Secret

GetSecret returns a specific secret by name

func (*EnhancedSecurity) GetSecurityGroup 

func (s *EnhancedSecurity) GetSecurityGroup() awsec2.ISecurityGroup

GetSecurityGroup returns the security group

func (*EnhancedSecurity) GetSecurityMetric 

func (s *EnhancedSecurity) GetSecurityMetric(name string) awscloudwatch.IMetric

GetSecurityMetric returns a specific security metric by name

func (*EnhancedSecurity) GetVPCEndpoint 

func (s *EnhancedSecurity) GetVPCEndpoint(name string) awsec2.InterfaceVpcEndpoint

GetVPCEndpoint returns a specific VPC endpoint by name

func (*EnhancedSecurity) GetWAF 

func (s *EnhancedSecurity) GetWAF() awswafv2.CfnWebACL

GetWAF returns the WAF Web ACL

type EnhancedSecurityProps 

type EnhancedSecurityProps struct {
	Vpc               awsec2.IVpc
	EnableWAF         *bool
	WAFConfig         *WAFRuleConfig
	EnableVPCFlowLogs *bool
	EnableGuardDuty   *bool
	EnableSecurityHub *bool
	EnableConfigRules *bool
	Environment       *string
	ApplicationName   *string
	IngressRules      []SecurityRule
	EgressRules       []SecurityRule
	Secrets           []SecretConfig
	VPCEndpointConfig *VPCEndpointConfig
}

EnhancedSecurityProps defines properties for enhanced security

type EventBridgeHandler 

type EventBridgeHandler struct {
	constructs.Construct

	// The Lambda function handling events
	Function *LiftFunction

	// The EventBridge rule
	Rule awsevents.Rule

	// The event bus (default or custom)
	EventBus awsevents.IEventBus

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Lambda target
	Target awseventstargets.LambdaFunction
}

EventBridgeHandler represents an EventBridge rule with Lambda handler

func NewEventBridgeHandler 

func NewEventBridgeHandler(scope constructs.Construct, id *string, props *EventBridgeHandlerProps) (*EventBridgeHandler, error)

NewEventBridgeHandler creates a new EventBridge handler construct

func (*EventBridgeHandler) AddEnvironmentVariable 

func (e *EventBridgeHandler) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*EventBridgeHandler) AddEventPattern 

func (e *EventBridgeHandler) AddEventPattern(_ *awsevents.EventPattern) error

AddEventPattern adds an event pattern to the rule Note: This method is deprecated as EventBridge patterns cannot be modified after rule creation. Create a new EventBridgeHandler with the desired pattern instead.

func (*EventBridgeHandler) DisableRule 

func (e *EventBridgeHandler) DisableRule() error

DisableRule disables the EventBridge rule Note: This method provides guidance for disabling the rule after deployment. To change rule state after deployment, use AWS CLI or AWS Console.

func (*EventBridgeHandler) EnableRule 

func (e *EventBridgeHandler) EnableRule() error

EnableRule enables the EventBridge rule Note: This method configures the rule to be enabled during deployment. To change rule state after deployment, use AWS CLI or AWS Console.

func (*EventBridgeHandler) GetEventBusArn 

func (e *EventBridgeHandler) GetEventBusArn() *string

GetEventBusArn returns the event bus ARN

func (*EventBridgeHandler) GetEventBusName 

func (e *EventBridgeHandler) GetEventBusName() *string

GetEventBusName returns the event bus name

func (*EventBridgeHandler) GetRuleArn 

func (e *EventBridgeHandler) GetRuleArn() *string

GetRuleArn returns the rule ARN

func (*EventBridgeHandler) GetRuleName 

func (e *EventBridgeHandler) GetRuleName() *string

GetRuleName returns the rule name

func (*EventBridgeHandler) GrantPutEvents 

func (e *EventBridgeHandler) GrantPutEvents(grantee awslambda.IFunction)

GrantPutEvents grants permission to put events to the event bus

type EventBridgeHandlerProps 

type EventBridgeHandlerProps struct {
	// Lambda function properties
	FunctionProps awslambda.FunctionProps

	// Event rule properties (optional - creates new rule if not provided)
	RuleProps *awsevents.RuleProps

	// Existing rule to use (optional - creates new if not provided)
	ExistingRule awsevents.Rule

	// Existing event bus to use (optional - uses default if not provided)
	ExistingEventBus awsevents.IEventBus

	// Event bus properties for creating a custom event bus
	EventBusProps *awsevents.EventBusProps

	// Event pattern for filtering events
	EventPattern *awsevents.EventPattern

	// Schedule expression for scheduled events (conflicts with EventPattern)
	ScheduleExpression *string

	// Lambda target properties
	TargetProps *awseventstargets.LambdaFunctionProps

	// Dead letter queue properties (optional)
	DeadLetterQueueProps *awssqs.QueueProps

	// Enable dead letter queue (default: true)
	EnableDeadLetterQueue *bool

	// Maximum event age in seconds (default: 3600)
	MaxEventAge awscdk.Duration

	// Retry attempts for failed invocations (default: 3)
	RetryAttempts *float64

	// Enable input transformation
	InputTransformation *awsevents.RuleTargetInput

	// Lift-specific settings
	EnableTracing     *bool
	EnableMultiTenant *bool
	EnableMonitoring  *bool

	// Cross-account event bus support
	CrossAccountEventBusArn *string
}

EventBridgeHandlerProps defines properties for an EventBridge handler

type EventBusProcessor added in v1.0.82 

type EventBusProcessor struct {
	constructs.Construct

	Function *LiftFunction
	Table    *EventBusTable

	DeadLetterQueue awssqs.IQueue
	EventSource     awslambdaeventsources.DynamoEventSource
}

EventBusProcessor wires an EventBus table stream to a Lambda function with sensible defaults.

func NewEventBusProcessor added in v1.0.82 

func NewEventBusProcessor(scope constructs.Construct, id *string, props *EventBusProcessorProps) *EventBusProcessor

NewEventBusProcessor creates a new EventBus stream processor.

type EventBusProcessorProps added in v1.0.82 

type EventBusProcessorProps struct {
	// Lambda function configuration (required).
	FunctionProps awslambda.FunctionProps

	// Existing EventBus table (optional). If omitted, a new EventBusTable is created.
	Table *EventBusTable
	// Properties for creating a new EventBus table (optional).
	TableProps *EventBusTableProps

	// Optional event source overrides.
	EventSourceProps *awslambdaeventsources.DynamoEventSourceProps

	// Optional tuning parameters (defaults are applied when nil/zero).
	BatchSize               *float64
	RetryAttempts           *float64
	ParallelizationFactor   *float64
	EnableDeadLetterQueue   *bool
	BisectBatchOnError      *bool
	ReportBatchItemFailures *bool

	DeadLetterQueueProps *awssqs.QueueProps

	// EventTypes filters stream events by `dynamodb.NewImage.event_type.S`.
	// When empty, no filter is applied (the processor will receive all stream records).
	EventTypes []string

	StartingPosition  awslambda.StartingPosition
	MaxBatchingWindow awscdk.Duration
	MaxRecordAge      awscdk.Duration
}

EventBusProcessorProps defines properties for an EventBus DynamoDB stream processor.

type EventBusScheduler added in v1.0.82 

type EventBusScheduler struct {
	constructs.Construct

	Table   *EventBusTable
	Handler *EventBridgeHandler
}

EventBusScheduler composes an EventBridge schedule with an EventBus table and grants permissions.

func NewEventBusScheduler added in v1.0.82 

func NewEventBusScheduler(scope constructs.Construct, id *string, props *EventBusSchedulerProps) *EventBusScheduler

NewEventBusScheduler creates a scheduled Lambda wired to an EventBus table.

type EventBusSchedulerProps added in v1.0.82 

type EventBusSchedulerProps struct {
	// Existing EventBus table (optional). If omitted, a new EventBusTable is created.
	Table *EventBusTable
	// Properties for creating a new EventBus table (optional).
	TableProps *EventBusTableProps

	// Required: schedule expression like "rate(1 minute)" or "cron(0/1 * * * ? *)".
	ScheduleExpression *string

	// Required: Lambda function configuration.
	FunctionProps awslambda.FunctionProps

	// Optional: EventBridge rule overrides.
	RuleProps *awsevents.RuleProps

	// Optional: EventBridge target tuning.
	MaxEventAge   awscdk.Duration
	RetryAttempts *float64
	EnableDLQ     *bool
	DLQProps      *awssqs.QueueProps

	// Optional: stable naming + runtime table resolution.
	// When AppName+Stage are provided, Lift injects APP_NAME/STAGE[/PARTNER] into the function env,
	// and uses them for deterministic resource names.
	AppName *string
	Stage   *string
	Partner *string
}

EventBusSchedulerProps defines properties for wiring an EventBridge schedule to an EventBus table.

The scheduler Lambda is expected to use DynamORM to:

  • query due scheduled items (services.EventBusDueScheduled)
  • publish events (services.DynamoDBEventBus)
  • delete scheduled items (services.EventBusDeleteScheduled)

type EventBusTable added in v1.0.71 

type EventBusTable struct {
	constructs.Construct

	// Table is the DynamoDB table
	Table awsdynamodb.Table

	// EventIDIndex is the GSI for querying by event ID (if enabled)
	EventIDIndex awsdynamodb.GlobalSecondaryIndexProps

	// StreamArn is the DynamoDB Stream ARN (if enabled)
	StreamArn *string
}

EventBusTable represents a DynamoDB table for the EventBus

func NewEventBusTable added in v1.0.71 

func NewEventBusTable(scope constructs.Construct, id *string, props *EventBusTableProps) *EventBusTable

NewEventBusTable creates a new EventBus DynamoDB table construct nolint:gocyclo // complexity is acceptable for a builder function

func (*EventBusTable) GetEnvironmentVariables added in v1.0.71 

func (e *EventBusTable) GetEnvironmentVariables() *map[string]*string

GetEnvironmentVariables returns EventBus environment variables as a map

func (*EventBusTable) GetStreamArn added in v1.0.71 

func (e *EventBusTable) GetStreamArn() *string

GetStreamArn returns the stream ARN (if enabled)

func (*EventBusTable) GetTableArn added in v1.0.71 

func (e *EventBusTable) GetTableArn() *string

GetTableArn returns the table ARN

func (*EventBusTable) GetTableName added in v1.0.71 

func (e *EventBusTable) GetTableName() *string

GetTableName returns the table name

func (*EventBusTable) GrantRead added in v1.0.71 

func (e *EventBusTable) GrantRead(function awslambda.IFunction)

GrantRead grants read-only permissions to a Lambda function

func (*EventBusTable) GrantReadWrite added in v1.0.71 

func (e *EventBusTable) GrantReadWrite(function awslambda.IFunction)

GrantReadWrite grants read and write permissions to a Lambda function

func (*EventBusTable) GrantStreamRead added in v1.0.71 

func (e *EventBusTable) GrantStreamRead(function awslambda.IFunction)

GrantStreamRead grants permissions to read from the DynamoDB stream

func (*EventBusTable) GrantWrite added in v1.0.71 

func (e *EventBusTable) GrantWrite(function awslambda.IFunction)

GrantWrite grants write-only permissions to a Lambda function

type EventBusTableProps added in v1.0.71 

type EventBusTableProps struct {
	// Pointer fields (8 bytes each)
	TableName                 *string             // DynamoDB table name - MUST be unique
	ReadCapacity              *float64            // Provisioned read capacity
	WriteCapacity             *float64            // Provisioned write capacity
	EnablePointInTimeRecovery *bool               // Enable automated backups
	TimeToLiveAttribute       *string             // TTL attribute name (default: "ttl")
	EnableStream              *bool               // Enable DynamoDB Streams
	EnableEventIDIndex        *bool               // Add GSI for event ID lookups
	Tags                      *map[string]*string // Resource tags
	EncryptionKey             awskms.IKey         // KMS encryption key (optional)

	// Value types
	BillingMode    awsdynamodb.BillingMode    // Billing mode (default: PAY_PER_REQUEST)
	RemovalPolicy  awscdk.RemovalPolicy       // Removal policy for stack deletion
	StreamViewType awsdynamodb.StreamViewType // Stream data type
}

EventBusTableProps defines properties for the EventBus DynamoDB table

type EventRoutingTable 

type EventRoutingTable struct {
	*LiftTable
	// contains filtered or unexported fields
}

EventRoutingTable is a table for managing event routing

func NewEventRoutingTable 

func NewEventRoutingTable(scope constructs.Construct, id *string, props *EventRoutingTableProps) *EventRoutingTable

NewEventRoutingTable creates a new event routing table

The table uses standard pk/sk attributes - GSIs should be defined in DynamORM models

func (*EventRoutingTable) GrantEventManagement 

func (e *EventRoutingTable) GrantEventManagement(grantee awsiam.IGrantable)

GrantEventManagement grants permissions to manage events

type EventRoutingTableProps 

type EventRoutingTableProps struct {
	// Table name
	TableName *string
	// TTL attribute name for automatic cleanup
	TimeToLiveAttribute *string
}

EventRoutingTableProps defines properties for the event routing table

type EventStoreAlertThresholds 

type EventStoreAlertThresholds struct {
	HighEventRate        *float64 // Events per second threshold
	HighErrorRate        *float64 // Error rate threshold
	HighLatency          *float64 // Latency threshold (ms)
	LowSnapshotFrequency *float64 // Minimum snapshot frequency
	HighStorageUsage     *float64 // Storage usage threshold (GB)
}

EventStoreAlertThresholds defines alert thresholds for event store monitoring

type EventStorePattern 

type EventStorePattern string

EventStorePattern defines the event store pattern to use 

const (
	EventStorePattern_SINGLE_TABLE    EventStorePattern = "SINGLE_TABLE"
	EventStorePattern_MULTI_TABLE     EventStorePattern = "MULTI_TABLE"
	EventStorePattern_AGGREGATE_TABLE EventStorePattern = "AGGREGATE_TABLE"
)

type FrontendDistribution added in v1.0.82 

type FrontendDistribution struct {
	constructs.Construct

	Bucket       awss3.Bucket
	Distribution awscloudfront.Distribution
	Certificate  awscertificatemanager.ICertificate

	WWWRedirect *HostRedirect
}

FrontendDistribution creates an S3-backed static site with API proxy behaviors.

func NewFrontendDistribution added in v1.0.82 

func NewFrontendDistribution(scope constructs.Construct, id *string, props *FrontendDistributionProps) *FrontendDistribution

NewFrontendDistribution creates a CloudFront distribution with a static S3 origin and API proxy behaviors.

type FrontendDistributionProps added in v1.0.82 

type FrontendDistributionProps struct {
	// Required: hosted zone authoritative for DomainName.
	HostedZone awsroute53.IHostedZone
	// Optional: custom domain certificate. If omitted, Lift creates a DNS-validated certificate in us-east-1.
	Certificate awscertificatemanager.ICertificate
	// Optional: override response headers policy for static content.
	ResponseHeadersPolicy awscloudfront.IResponseHeadersPolicy
	// Optional: cache policy for API behaviors.
	// Note: Authorization must be forwarded via CachePolicy (not OriginRequestPolicy).
	ApiCachePolicy awscloudfront.ICachePolicy
	// Optional: origin request policy for API behaviors (default: none).
	ApiOriginRequestPolicy awscloudfront.IOriginRequestPolicy

	// Required: apex/canonical domain (e.g., "example.com").
	DomainName *string

	// Required: API origin host (e.g., "api.example.com" or "*.execute-api.*.amazonaws.com").
	ApiOriginDomainName *string

	// Optional: stable naming inputs for deterministic bucket names.
	AppName    *string
	Stage      *string
	Partner    *string
	BucketName *string

	// Optional: bucket configuration.
	AutoDeleteObjects *bool
	Versioned         *bool

	// Optional: additional SANs to include when Lift creates a certificate.
	SubjectAlternativeNames *[]*string

	// Optional: enable www.<domain> redirect to apex (default true).
	EnableWWWRedirect *bool
	WWWDomainName     *string

	// Optional: treat site as SPA by serving /index.html for 403/404 (default false).
	SinglePageApp *bool

	// Optional: WAFv2 Web ACL ARN (global scope) to attach to the distribution.
	WebAclId *string

	// Optional: distribution tuning.
	EnableIpv6 *bool

	// Optional: cache path patterns that should receive long-lived "hashed asset" caching.
	HashedAssetPathPatterns *[]*string

	// Optional: path patterns routed to the API origin (default: ["api/*", "graphql", ".well-known/*"]).
	ApiPathPatterns *[]*string

	// Optional: tags applied to created resources.
	Tags *map[string]*string

	// Optional: bucket configuration.
	RemovalPolicy awscdk.RemovalPolicy

	// Optional: distribution tuning.
	PriceClass  awscloudfront.PriceClass
	HttpVersion awscloudfront.HttpVersion
}

FrontendDistributionProps defines properties for a multi-origin "frontend + API" distribution.

type HostRedirect added in v1.0.82 

type HostRedirect struct {
	constructs.Construct

	Distribution awscloudfront.Distribution
	Function     awscloudfront.Function
	Certificate  awscertificatemanager.ICertificate
}

HostRedirect implements a "www -> apex" (or any host -> host) redirect using CloudFront Functions.

func NewHostRedirect added in v1.0.82 

func NewHostRedirect(scope constructs.Construct, id *string, props *HostRedirectProps) *HostRedirect

NewHostRedirect creates a redirect-only CloudFront distribution returning a 308 and preserving path+query.

type HostRedirectProps added in v1.0.82 

type HostRedirectProps struct {
	// Required: source host (e.g., "www.example.com").
	FromDomainName *string
	// Required: target host (e.g., "example.com").
	ToDomainName *string
	// Required: hosted zone authoritative for FromDomainName.
	HostedZone awsroute53.IHostedZone

	// Optional: certificate for FromDomainName. If omitted, Lift creates a DNS-validated certificate in us-east-1.
	Certificate awscertificatemanager.ICertificate

	// Optional: WAFv2 Web ACL ARN (global scope).
	WebAclId *string

	// Optional: create AAAA alias record (default true).
	EnableIpv6 *bool

	// Optional: tags applied to created resources.
	Tags *map[string]*string
}

HostRedirectProps defines properties for a CloudFront Function-based host redirect.

type IdempotencyTableProps 

type IdempotencyTableProps struct {
	// Table name
	TableName *string
	// TTL attribute name for automatic cleanup
	TimeToLiveAttribute *string
}

IdempotencyTableProps defines properties for creating an idempotency table

type IdempotentFunction 

type IdempotentFunction struct {
	constructs.Construct
	Function         *LiftFunction
	IdempotencyTable *LiftTable
}

IdempotentFunction is a Lambda function with built-in idempotency support using DynamORM

func NewIdempotentFunction 

func NewIdempotentFunction(scope constructs.Construct, id *string, props *IdempotentFunctionProps) *IdempotentFunction

NewIdempotentFunction creates a Lambda function with idempotency capabilities

func (*IdempotentFunction) AddIdempotencyMetrics 

func (f *IdempotentFunction) AddIdempotencyMetrics(namespace *string)

AddIdempotencyMetrics adds CloudWatch metrics for idempotency operations

func (*IdempotentFunction) EnableTransactionSupport 

func (f *IdempotentFunction) EnableTransactionSupport()

EnableTransactionSupport adds permissions for DynamoDB transactions

func (*IdempotentFunction) GetFunction 

func (f *IdempotentFunction) GetFunction() awslambda.Function

GetFunction returns the underlying Lambda function

func (*IdempotentFunction) GetTable 

func (f *IdempotentFunction) GetTable() *LiftTable

GetTable returns the idempotency tracking table

type IdempotentFunctionProps 

type IdempotentFunctionProps struct {
	// Embedded struct first (largest)
	LiftFunctionProps
	// Pointers (8 bytes each)
	KeyField              *string
	TTLSeconds            *float64
	TableName             *string
	EnableResponseCaching *bool
	MaxResponseSizeKB     *float64
	// Smaller types last
	KeyExtractor IdempotentKeyExtractor
}

IdempotentFunctionProps extends LiftFunctionProps with idempotency configuration Memory optimized: 768 → 760 bytes (8 bytes saved)

type IdempotentKeyExtractor 

type IdempotentKeyExtractor string

IdempotentKeyExtractor defines how to extract idempotency keys 

const (
	// Extract from X-Idempotency-Key header
	IdempotentKeyHeader IdempotentKeyExtractor = "HEADER"
	// Extract from request body field
	IdempotentKeyBody IdempotentKeyExtractor = "BODY"
	// Extract from path parameter
	IdempotentKeyPath IdempotentKeyExtractor = "PATH"
	// Custom extraction logic in Lambda
	IdempotentKeyCustom IdempotentKeyExtractor = "CUSTOM"
)

type IntegrationOptions added in v1.0.60 

type IntegrationOptions struct {
	// Authorizer for this method
	Authorizer awsapigateway.IAuthorizer
	// Request validator
	RequestValidator awsapigateway.IRequestValidator
	// API key required
	ApiKeyRequired *bool
	// EnableStreaming overrides LiftRestAPIProps.EnableStreaming for this method.
	EnableStreaming *bool
	// StreamingTimeoutSeconds overrides LiftRestAPIProps.StreamingTimeout for this method.
	StreamingTimeoutSeconds *int
}

IntegrationOptions defines options for API integrations

type KinesisProcessor 

type KinesisProcessor struct {
	constructs.Construct
	Stream   awskinesis.IStream
	Function LiftFunction
	DLQ      awssqs.IQueue
	Consumer awskinesis.IStreamConsumer
}

KinesisProcessor creates a Kinesis stream with Lambda processor

func NewKinesisProcessor 

func NewKinesisProcessor(scope constructs.Construct, id *string, props *KinesisProcessorProps) *KinesisProcessor

NewKinesisProcessor creates a new Kinesis processor with Lambda function

func (*KinesisProcessor) AddEnvironmentVariable added in v1.0.62 

func (k *KinesisProcessor) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*KinesisProcessor) GetDeadLetterQueueUrl added in v1.0.62 

func (k *KinesisProcessor) GetDeadLetterQueueUrl() *string

GetDeadLetterQueueUrl returns the DLQ URL if enabled

func (*KinesisProcessor) GetStreamArn 

func (k *KinesisProcessor) GetStreamArn() *string

GetStreamArn returns the stream ARN

func (*KinesisProcessor) GetStreamName 

func (k *KinesisProcessor) GetStreamName() *string

GetStreamName returns the stream name

func (*KinesisProcessor) GrantRead 

func (k *KinesisProcessor) GrantRead(grantee awslambda.IFunction)

GrantRead grants permission to read from the Kinesis stream

func (*KinesisProcessor) GrantReadWrite 

func (k *KinesisProcessor) GrantReadWrite(grantee awslambda.IFunction)

GrantReadWrite grants permission to read and write to the Kinesis stream

func (*KinesisProcessor) GrantWrite 

func (k *KinesisProcessor) GrantWrite(grantee awslambda.IFunction)

GrantWrite grants permission to write to the Kinesis stream

type KinesisProcessorProps 

type KinesisProcessorProps struct {
	// The Lambda function configuration
	FunctionProps *LiftFunctionProps `field:"required"`

	// Optional: Stream configuration
	StreamProps *awskinesis.StreamProps `field:"optional"`

	// Optional: Use an existing stream instead of creating a new one
	ExistingStream awskinesis.IStream `field:"optional"`

	// Optional: Event source configuration
	EventSourceProps *awslambdaeventsources.KinesisEventSourceProps `field:"optional"`

	// Optional: Enable dead letter queue for failed records
	EnableDLQ *bool `field:"optional"`

	// Optional: DLQ configuration
	DLQProps *awssqs.QueueProps `field:"optional"`

	// Optional: Stream mode (provisioned or on-demand)
	StreamMode *awskinesis.StreamMode `field:"optional"`

	// Optional: Number of shards (for provisioned mode)
	ShardCount *float64 `field:"optional"`

	// Optional: Data retention period in hours (24-8760 hours)
	RetentionPeriodHours *float64 `field:"optional"`

	// Optional: Enable encryption
	Encryption *awskinesis.StreamEncryption `field:"optional"`

	// Optional: Enable enhanced fan-out
	EnableEnhancedFanOut *bool `field:"optional"`

	// Optional: Consumer name for enhanced fan-out
	ConsumerName *string `field:"optional"`

	// Optional: Batch size for processing (1-10000)
	BatchSize *float64 `field:"optional"`

	// Optional: Maximum batching window in seconds
	MaxBatchingWindowSeconds *float64 `field:"optional"`

	// Optional: Parallelization factor (1-10)
	ParallelizationFactor *float64 `field:"optional"`

	// Optional: Starting position
	StartingPosition *awslambda.StartingPosition `field:"optional"`

	// Optional: Maximum record age in seconds
	MaxRecordAgeSeconds *float64 `field:"optional"`

	// Optional: Bisect batch on function error
	BisectBatchOnError *bool `field:"optional"`

	// Optional: Maximum retry attempts
	RetryAttempts *float64 `field:"optional"`

	// Optional: Tumbling window in seconds
	TumblingWindowSeconds *float64 `field:"optional"`

	// Optional: Report batch item failures
	ReportBatchItemFailures *bool `field:"optional"`
}

KinesisProcessorProps defines the properties for creating a Kinesis processor

type LambdaAlarmsConfig added in v1.0.78 

type LambdaAlarmsConfig struct {
	BaseAlarmsConfig

	// ErrorThreshold is the threshold for Lambda errors
	// Default: 1
	ErrorThreshold *float64

	// ThrottleThreshold is the threshold for Lambda throttles
	// Default: 1
	ThrottleThreshold *float64

	// DurationThreshold is the threshold in milliseconds for duration alarm
	// Default: 30000 (30 seconds)
	DurationThreshold *float64
}

LambdaAlarmsConfig defines configuration for Lambda alarms

type LambdaAlarmsProps added in v1.0.78 

type LambdaAlarmsProps struct {
	// FunctionName is the Lambda function name (required)
	FunctionName *string

	// AlarmTopic is the SNS topic for alarm notifications (required)
	AlarmTopic awssns.ITopic

	// AlarmNamePrefix is the prefix for alarm names (required)
	// Example: "merchant-application-partner-stage-my-function"
	AlarmNamePrefix *string

	// Config contains threshold configuration (optional - uses defaults if nil)
	Config *LambdaAlarmsConfig
}

LambdaAlarmsProps defines properties for creating Lambda alarms

type LambdaFunctionConfig added in v1.0.58 

type LambdaFunctionConfig struct {
	Environment  map[string]*string // 8 bytes (map)
	Timeout      awscdk.Duration    // 8 bytes (int64)
	FunctionName string             // 16 bytes
	Description  string             // 16 bytes
	Permissions  string             // PermissionRead or PermissionReadWrite - 16 bytes
}

LambdaFunctionConfig defines configuration for creating Lambda functions

type LiftAPI 

type LiftAPI struct {
	constructs.Construct
	HttpAPI       awsapigatewayv2.HttpApi
	Stage         awsapigatewayv2.IHttpStage
	LogGroup      awslogs.ILogGroup
	VPCAuthorizer *VPCAuthorizer // Optional VPC authorizer for Cfn routes
	// contains filtered or unexported fields
}

LiftAPI is an API Gateway HTTP API construct for Lift applications.

This construct creates a complete HTTP API Gateway with Lift-optimized defaults including CORS support, access logging, custom domains, throttling, and security features. It provides methods to easily add Lambda integrations and configure API-specific features.

func NewLiftAPI 

func NewLiftAPI(scope constructs.Construct, id *string, props *LiftAPIProps) *LiftAPI

NewLiftAPI creates a new API Gateway HTTP API optimized for Lift.

This function creates a new HTTP API with all Lift-optimized features including: - CORS configuration (if enabled) - Access logging (if enabled) - Custom domain mapping (if configured) - Throttling settings (if specified) - Default authorizer (if provided)

Parameters:

  • scope: The CDK construct scope
  • id: The construct ID
  • props: Configuration properties

Returns:

  • A new LiftAPI instance

func (*LiftAPI) AddLambdaRoute 

func (api *LiftAPI) AddLambdaRoute(path *string, method awsapigatewayv2.HttpMethod, fn awslambda.IFunction)

AddLambdaRoute adds a Lambda function as a route to the API.

This method adds a new route to the API that integrates with a Lambda function. It uses the default integration settings.

Parameters:

  • path: The URL path for the route
  • method: The HTTP method (GET, POST, etc.)
  • fn: The Lambda function to integrate with

func (*LiftAPI) AddLambdaRouteWithOptions 

func (api *LiftAPI) AddLambdaRouteWithOptions(path *string, method awsapigatewayv2.HttpMethod, fn awslambda.IFunction, options *RouteOptions)

AddLambdaRouteWithOptions adds a Lambda function as a route with additional options.

This method adds a new route with custom configuration including: - Custom authorizer - Request validation - Route-specific throttling

Parameters:

  • path: The URL path for the route
  • method: The HTTP method (GET, POST, etc.)
  • fn: The Lambda function to integrate with
  • options: Additional route configuration

func (*LiftAPI) AddRoutes 

func (api *LiftAPI) AddRoutes(routes map[string]map[string]awslambda.IFunction)

AddRoutes adds multiple routes from a route definition map.

This method adds multiple routes to the API in bulk format. The routes parameter is a nested map where the outer key is the path and the inner map contains method-function pairs.

Parameters:

  • routes: A map of paths to method-function mappings

func (*LiftAPI) AddVPCAuthorizedRoute added in v1.0.67 

func (api *LiftAPI) AddVPCAuthorizedRoute(routeKey *string, fn awslambda.IFunction)

AddVPCAuthorizedRoute adds a Lambda route protected by the VPC authorizer.

This method creates a new route that requires VPC authorization. The VPC authorizer must be enabled first by calling EnableVPCAuthorizer().

The routeKey should be in the format "METHOD /path", for example: - "GET /users" - "POST /data" - "PUT /items/{id}"

Parameters:

  • routeKey: The route key in the format "METHOD /path"
  • fn: The Lambda function to integrate with

func (*LiftAPI) EnableApiKeyAuth 

func (api *LiftAPI) EnableApiKeyAuth() awsapigatewayv2.IHttpRouteAuthorizer

EnableApiKeyAuth enables API key authentication for the API.

This method configures API key authentication for the API using a Lambda authorizer. It returns the authorizer that can be used for specific routes.

Returns:

  • The API key authorizer

func (*LiftAPI) EnableVPCAuthorizer added in v1.0.67 

func (api *LiftAPI) EnableVPCAuthorizer(authorizerFunctionArn, authorizerName, authorizerCredentialsArn string)

EnableVPCAuthorizer enables VPC-based authorization for the API.

This method configures the API to use an existing Lambda authorizer function for request authorization. The caller must provide the full ARN of the authorizer function, a name for the authorizer, and the IAM role ARN.

The authorizer validates requests using the Authorization header and caches results for 5 minutes by default. Use AddVPCAuthorizedRoute() to add routes that will be protected by this authorizer.

Example usage: 

liftAPI := liftcdk.NewLiftAPI(stack, jsii.String("MyAPI"), &liftcdk.LiftAPIProps{
    APICommonProps: liftcdk.APICommonProps{
        Name: jsii.String(fmt.Sprintf("my-service-%s-%s", partner, stage)),
    },
})

// Enable VPC authorization
liftAPI.EnableVPCAuthorizer(
    fmt.Sprintf("arn:aws:lambda:%s:%s:function:vpc-authorizer-%s-%s", region, account, partner, stage),
    fmt.Sprintf("vpc-authorizer-%s-%s", partner, stage),
    fmt.Sprintf("arn:aws:iam::%s:role/vpc-authorizer-%s-%s-role", account, partner, stage),
)

// Add routes with VPC authorization
liftAPI.AddVPCAuthorizedRoute(jsii.String("POST /path"), liftFn.Function)

Parameters:

  • authorizerFunctionArn: Full ARN of the authorizer Lambda function
  • authorizerName: Name for the authorizer in API Gateway
  • authorizerCredentialsArn: IAM role ARN that API Gateway uses to invoke the Lambda

func (*LiftAPI) GetArn 

func (api *LiftAPI) GetArn() *string

GetArn returns the ARN of the API.

This method returns the ARN (Amazon Resource Name) of the API Gateway.

Returns:

  • The API ARN as a string pointer

func (*LiftAPI) GetResourceName 

func (l *LiftAPI) GetResourceName() *string

GetResourceName returns the API name.

This method returns the name of the API Gateway resource, which is useful for monitoring and identification purposes.

Returns:

  • The API name as a string pointer

func (*LiftAPI) GetUrl 

func (api *LiftAPI) GetUrl() *string

GetUrl returns the URL of the API.

This method returns the base URL of the API Gateway endpoint.

Returns:

  • The API URL as a string pointer

func (*LiftAPI) GrantInvoke 

func (api *LiftAPI) GrantInvoke(grantee awsiam.IGrantable) awsiam.Grant

GrantInvoke grants invoke permissions to a principal.

This method grants permission to invoke the API to the specified principal. It's useful for cross-service integrations.

Parameters:

  • grantee: The principal to grant invoke permissions to

Returns:

  • The IAM grant

type LiftAPIGatewayAlarms added in v1.0.76 

type LiftAPIGatewayAlarms struct {
	Construct constructs.Construct

	ClientErrorsAlarm awscloudwatch.Alarm
	ServerErrorsAlarm awscloudwatch.Alarm
}

LiftAPIGatewayAlarms contains CloudWatch alarms for API Gateway

func NewLiftAPIGatewayAlarms added in v1.0.76 

func NewLiftAPIGatewayAlarms(scope constructs.Construct, id *string, props *APIGatewayAlarmsProps) *LiftAPIGatewayAlarms

NewLiftAPIGatewayAlarms creates CloudWatch alarms for API Gateway

type LiftAPIProps 

type LiftAPIProps struct {
	APICommonProps
	// Enable detailed CloudWatch metrics for the HTTP API stage
	EnableDetailedMetrics *bool
	// API Key configuration
	RequireApiKey *bool
	// Request/Response validation models
	RequestValidators map[string]*RequestValidator
	// Default authorizer for all routes (HTTP API specific)
	DefaultAuthorizer awsapigatewayv2.IHttpRouteAuthorizer
}

LiftAPIProps defines properties for creating a Lift API Gateway.

This struct contains all configurable properties for creating a Lift-optimized API Gateway HTTP API. The properties include basic API configuration, CORS settings, custom domain configuration, access logging, throttling, and security features like API key requirements and request validation.

type LiftApiDomain added in v1.0.59 

type LiftApiDomain struct {
	constructs.Construct
	DomainName   awsapigatewayv2.DomainName
	ApiMapping   awsapigatewayv2.ApiMapping
	CNAMERecord  awsroute53.CnameRecord
	DomainString *string
}

LiftApiDomain provides simplified API Gateway custom domain with Route53 integration

func NewLiftApiDomain added in v1.0.59 

func NewLiftApiDomain(scope constructs.Construct, id *string, props *LiftApiDomainProps) *LiftApiDomain

NewLiftApiDomain creates API Gateway custom domain with optional Route53 integration

func (*LiftApiDomain) AddAdditionalMapping added in v1.0.59 

func (d *LiftApiDomain) AddAdditionalMapping(api awsapigatewayv2.IHttpApi, mappingKey *string) awsapigatewayv2.ApiMapping

AddAdditionalMapping adds another API mapping to the same domain

func (*LiftApiDomain) GetApiMapping added in v1.0.59 

func (d *LiftApiDomain) GetApiMapping() awsapigatewayv2.ApiMapping

GetApiMapping returns the API mapping

func (*LiftApiDomain) GetCNAMERecord added in v1.0.59 

func (d *LiftApiDomain) GetCNAMERecord() awsroute53.CnameRecord

GetCNAMERecord returns the Route53 CNAME record (may be nil)

func (*LiftApiDomain) GetDomainName added in v1.0.59 

func (d *LiftApiDomain) GetDomainName() awsapigatewayv2.IDomainName

GetDomainName returns the underlying API Gateway domain name

func (*LiftApiDomain) GetRegionalDomainName added in v1.0.59 

func (d *LiftApiDomain) GetRegionalDomainName() *string

GetRegionalDomainName returns the regional domain name for DNS records

type LiftApiDomainProps added in v1.0.59 

type LiftApiDomainProps struct {
	// Domain name for the API (e.g., "api.example.com")
	DomainName *string

	// Optional: API mapping key (base path)
	ApiMappingKey *string

	// ACM certificate for the domain (required)
	Certificate awscertificatemanager.ICertificate

	// HTTP API to map to the domain (required)
	HttpAPI awsapigatewayv2.IHttpApi

	// Optional: Stage to map (defaults to HttpAPI.DefaultStage() if not provided)
	Stage awsapigatewayv2.IStage

	// Optional: Hosted zone for creating DNS records
	// If provided, a CNAME record will be created pointing to the API Gateway domain
	HostedZone awsroute53.IHostedZone

	// Optional: Enable mutual TLS authentication
	MutualTlsAuthentication *awsapigatewayv2.MTLSConfig

	// Optional: TTL for the CNAME record in seconds (default: 300)
	RecordTTL *float64

	// Optional: Create CNAME record in Route53 (default: true if HostedZone is provided)
	CreateCNAME *bool

	// Optional: Security policy (default: TLS_1_2)
	SecurityPolicy awsapigatewayv2.SecurityPolicy
}

LiftApiDomainProps defines properties for API Gateway custom domain

type LiftCertificate added in v1.0.59 

type LiftCertificate struct {
	constructs.Construct
	Certificate awscertificatemanager.Certificate
}

LiftCertificate provides a simplified ACM certificate with DNS validation

func NewLiftCertificate added in v1.0.59 

func NewLiftCertificate(scope constructs.Construct, id *string, props *LiftCertificateProps) *LiftCertificate

NewLiftCertificate creates a new ACM certificate with DNS validation

func (*LiftCertificate) AddDependency added in v1.0.59 

func (c *LiftCertificate) AddDependency(dependency constructs.IConstruct)

AddDependency adds a dependency to the certificate (useful for NS delegation)

func (*LiftCertificate) GetCertificate added in v1.0.59 

func (c *LiftCertificate) GetCertificate() awscertificatemanager.ICertificate

GetCertificate returns the underlying ACM certificate

func (*LiftCertificate) GetCertificateArn added in v1.0.59 

func (c *LiftCertificate) GetCertificateArn() *string

GetCertificateArn returns the certificate ARN

type LiftCertificateProps added in v1.0.59 

type LiftCertificateProps struct {
	// Domain name for the certificate (e.g., "api.example.com")
	DomainName *string

	// Subject Alternative Names (SANs) for the certificate
	SubjectAlternativeNames *[]*string

	// Hosted zone for DNS validation (required)
	HostedZone awsroute53.IHostedZone

	// Optional: Override the validation zone (if different from hosted zone)
	ValidationZone awsroute53.IHostedZone

	// Optional: Enable/disable certificate transparency logging (default: true)
	TransparencyLoggingEnabled *bool

	// Optional: Certificate name for identification
	CertificateName *string
}

LiftCertificateProps defines properties for ACM certificate with DNS validation

type LiftDynamoDBAlarms added in v1.0.76 

type LiftDynamoDBAlarms struct {
	Construct constructs.Construct

	LatencyAlarm       awscloudwatch.Alarm
	ReadCapacityAlarm  awscloudwatch.Alarm
	WriteCapacityAlarm awscloudwatch.Alarm
}

LiftDynamoDBAlarms contains CloudWatch alarms for DynamoDB

func NewLiftDynamoDBAlarms added in v1.0.76 

func NewLiftDynamoDBAlarms(scope constructs.Construct, id *string, props *DynamoDBAlarmsProps) *LiftDynamoDBAlarms

NewLiftDynamoDBAlarms creates CloudWatch alarms for DynamoDB tables

type LiftEventSourceMapping added in v1.0.59 

type LiftEventSourceMapping struct {
	// The underlying construct
	Construct constructs.Construct

	// Event source mapping (if created directly)
	EventSourceMapping awslambda.EventSourceMapping

	// Custom resource (if using dynamic ARN lookup)
	CustomResource awscdk.CustomResource

	// Custom resource handler function (if using dynamic ARN lookup)
	CustomResourceHandler awslambda.Function
}

LiftEventSourceMapping wraps event source mapping with automatic handling for cross-region scenarios

func NewLiftEventSourceMapping added in v1.0.59 

func NewLiftEventSourceMapping(scope constructs.Construct, id *string, props *LiftEventSourceMappingProps) *LiftEventSourceMapping

NewLiftEventSourceMapping creates an event source mapping with optional custom resource for dynamic ARN lookup

type LiftEventSourceMappingProps added in v1.0.59 

type LiftEventSourceMappingProps struct {
	// Target Lambda function
	TargetFunction awslambda.IFunction

	// Event source ARN (for primary region with known ARN)
	EventSourceArn *string

	// Table name (for secondary region where ARN is discovered at runtime)
	TableName *string

	// Batch size for processing
	BatchSize *float64

	// Maximum retry attempts
	RetryAttempts *float64

	// Parallelization factor
	ParallelizationFactor *float64

	// Maximum batching window
	MaxBatchingWindow awscdk.Duration

	// Maximum record age
	MaxRecordAge awscdk.Duration

	// Bisect batch on error
	BisectBatchOnError *bool

	// Report batch item failures
	ReportBatchItemFailures *bool

	// Use custom resource for dynamic ARN lookup (for secondary regions)
	UseCustomResource *bool

	// Starting position for stream reading
	StartingPosition awslambda.StartingPosition
}

LiftEventSourceMappingProps defines properties for event source mapping

type LiftFunction 

type LiftFunction struct {
	constructs.Construct
	Function awslambda.Function
}

LiftFunction is a Lambda function construct optimized for Lift applications This construct creates a Lambda function with Lift-optimized defaults including: - X-Ray tracing (if enabled) - CloudWatch metrics (if enabled) - Multi-tenant support (if enabled) - DynamORM environment variables (if enabled)

func NewLiftFunction 

func NewLiftFunction(scope constructs.Construct, id *string, props *LiftFunctionProps) *LiftFunction

NewLiftFunction creates a new Lift Lambda function with optimized defaults This function creates a new Lambda function with all Lift-optimized features including: - Default runtime (PROVIDED_AL2023) - ARM64 architecture - Memory size (512MB) - Timeout (30 seconds) - Tracing (if enabled) - Metrics (if enabled) - Multi-tenant support (if enabled) - DynamORM environment variables (if enabled)

Parameters:

  • scope: The CDK construct scope
  • id: The construct ID
  • props: Configuration properties

Returns:

  • A new LiftFunction instance

func (*LiftFunction) GetResourceName 

func (l *LiftFunction) GetResourceName() *string

GetResourceName returns the function name This method returns the name of the Lambda function. This is useful for monitoring and identification purposes.

type LiftFunctionProps 

type LiftFunctionProps struct {
	awslambda.FunctionProps
	// EnableTracing enables X-Ray tracing for the function
	EnableTracing *bool
	// EnableMetrics enables CloudWatch metrics
	EnableMetrics *bool
	// EnableMultiTenant enables multi-tenant support
	EnableMultiTenant *bool
	// ReservedConcurrentExecutions to limit concurrent executions
	ReservedConcurrentExecutions *float64
	// EnableDynamORM configures DynamORM environment variables
	EnableDynamORM *bool
	// DynamORM table name (optional - for when using DynamORM)
	DynamORMTableName *string
	// DynamORM debug mode
	DynamORMDebug *bool
}

LiftFunctionProps extends standard Lambda function properties with Lift-specific configuration This struct contains all configurable properties for creating a Lift-optimized Lambda function. It extends the standard AWS CDK Lambda function properties with additional Lift-specific features like tracing, metrics, multi-tenant support, and DynamORM configuration.

type LiftHostedZone added in v1.0.59 

type LiftHostedZone struct {
	constructs.Construct
	HostedZone   awsroute53.IHostedZone
	HostedZoneId *string
	ZoneName     *string
	IsImported   bool
}

LiftHostedZone provides simplified Route53 hosted zone creation/import

func NewLiftHostedZone added in v1.0.59 

func NewLiftHostedZone(scope constructs.Construct, id *string, props *LiftHostedZoneProps) *LiftHostedZone

NewLiftHostedZone creates or imports a Route53 hosted zone

func (*LiftHostedZone) AddCNAMERecord added in v1.0.59 

func (z *LiftHostedZone) AddCNAMERecord(recordName *string, domainName *string, ttl awscdk.Duration) awsroute53.CnameRecord

AddCNAMERecord creates a CNAME record in the zone

func (*LiftHostedZone) AddNSRecord added in v1.0.59 

func (z *LiftHostedZone) AddNSRecord(recordName *string, targetNameServers *[]*string, ttl awscdk.Duration) awsroute53.NsRecord

AddNSRecord creates NS record delegation to another zone

func (*LiftHostedZone) GetHostedZone added in v1.0.59 

func (z *LiftHostedZone) GetHostedZone() awsroute53.IHostedZone

GetHostedZone returns the underlying Route53 hosted zone

func (*LiftHostedZone) GetHostedZoneId added in v1.0.59 

func (z *LiftHostedZone) GetHostedZoneId() *string

GetHostedZoneId returns the hosted zone ID

func (*LiftHostedZone) GetNameServers added in v1.0.59 

func (z *LiftHostedZone) GetNameServers() *[]*string

GetNameServers returns the name servers for the hosted zone Only works for created zones (not imported)

func (*LiftHostedZone) GetZoneName added in v1.0.59 

func (z *LiftHostedZone) GetZoneName() *string

GetZoneName returns the zone name

type LiftHostedZoneProps added in v1.0.59 

type LiftHostedZoneProps struct {
	// Zone name (e.g., "example.com")
	ZoneName *string

	// Comment for the hosted zone
	Comment *string

	// If true, attempts to import existing zone instead of creating new one
	// Requires ExistingZoneId to be provided
	ImportIfExists *bool

	// Existing zone ID (for import mode)
	ExistingZoneId *string

	// Enable SSM parameter export for zone ID
	EnableSSMExport *bool

	// SSM parameter path for zone ID (only used if EnableSSMExport is true)
	// Default: /route53/zones/{ZoneName}/id
	SSMParameterPath *string

	// Enable CloudFormation output export
	EnableCfnExport *bool

	// CloudFormation export name
	CfnExportName *string

	// Tags to apply to the hosted zone
	Tags *map[string]*string
}

LiftHostedZoneProps defines properties for Route53 hosted zone

type LiftKMSKey added in v1.0.59 

type LiftKMSKey struct {
	constructs.Construct

	// The KMS key (either direct key or replica)
	Key awskms.IKey

	// Alias for the key
	Alias awskms.Alias

	// SSM Parameter (if enabled)
	SSMParameter awsssm.StringParameter

	// Key ARN
	KeyArn *string

	// Key ID
	KeyId *string
}

LiftKMSKey represents a KMS key with multi-region support

func NewLiftKMSKey added in v1.0.59 

func NewLiftKMSKey(scope constructs.Construct, id *string, props *LiftKMSKeyProps) *LiftKMSKey

NewLiftKMSKey creates a new KMS key with Lift-optimized defaults

func (*LiftKMSKey) AddToResourcePolicy added in v1.0.59 

func (k *LiftKMSKey) AddToResourcePolicy(statement awsiam.PolicyStatement)

AddToResourcePolicy adds a statement to the key's resource policy

func (*LiftKMSKey) GetKey added in v1.0.59 

func (k *LiftKMSKey) GetKey() awskms.IKey

GetKey returns the underlying IKey

func (*LiftKMSKey) GetKeyArn added in v1.0.59 

func (k *LiftKMSKey) GetKeyArn() *string

GetKeyArn returns the key ARN

func (*LiftKMSKey) GetKeyId added in v1.0.59 

func (k *LiftKMSKey) GetKeyId() *string

GetKeyId returns the key ID

func (*LiftKMSKey) GetResourceName added in v1.0.59 

func (k *LiftKMSKey) GetResourceName() *string

GetResourceName returns the resource name for monitoring

func (*LiftKMSKey) GrantDecrypt added in v1.0.59 

func (k *LiftKMSKey) GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant

GrantDecrypt grants decrypt permissions only

func (*LiftKMSKey) GrantEncrypt added in v1.0.59 

func (k *LiftKMSKey) GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant

GrantEncrypt grants encrypt permissions only

func (*LiftKMSKey) GrantEncryptDecrypt added in v1.0.59 

func (k *LiftKMSKey) GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant

GrantEncryptDecrypt grants encrypt/decrypt permissions

func (*LiftKMSKey) GrantGenerateMac added in v1.0.59 

func (k *LiftKMSKey) GrantGenerateMac(grantee awsiam.IGrantable) awsiam.Grant

GrantGenerateMac grants GenerateMac/VerifyMac permissions (for HMAC keys)

type LiftKMSKeyProps added in v1.0.59 

type LiftKMSKeyProps struct {
	// Key configuration
	Description *string

	// Alias configuration
	AliasName *string

	// Replica configuration
	PrimaryKeyArn    *string     // ARN of the primary key for replicas
	AdministratorArn *string     // Optional admin principal ARN
	CustomKeyPolicy  interface{} // Optional custom key policy
	SSMParameterPath *string     // Parameter Store path to store key ARN
	Tags             *map[string]*string
	EnabledRegions   *[]*string

	// Boolean flags
	MultiRegion        *bool
	IsReplicaKey       *bool
	EnableKeyRotation  *bool
	EnableSSMParameter *bool

	// Additional permissions
	GrantEncryptDecrypt []awsiam.IGrantable
	GrantGenerateMac    []awsiam.IGrantable

	// Non-pointer configuration
	KeySpec       awskms.KeySpec
	KeyUsage      awskms.KeyUsage
	PendingWindow awscdk.Duration
	RemovalPolicy awscdk.RemovalPolicy
}

LiftKMSKeyProps defines properties for creating a KMS key with Lift

type LiftLambdaAlarms added in v1.0.78 

type LiftLambdaAlarms struct {
	Construct constructs.Construct

	ErrorsAlarm    awscloudwatch.Alarm
	ThrottlesAlarm awscloudwatch.Alarm
	DurationAlarm  awscloudwatch.Alarm
}

LiftLambdaAlarms contains CloudWatch alarms for Lambda functions

func NewLiftLambdaAlarms added in v1.0.78 

func NewLiftLambdaAlarms(scope constructs.Construct, id *string, props *LambdaAlarmsProps) *LiftLambdaAlarms

NewLiftLambdaAlarms creates CloudWatch alarms for Lambda functions

type LiftLambdaRole added in v1.0.59 

type LiftLambdaRole struct {
	constructs.Construct
	Role awsiam.Role
}

LiftLambdaRole is a Lambda execution role construct with common permissions

func NewLiftLambdaRole added in v1.0.59 

func NewLiftLambdaRole(scope constructs.Construct, id *string, props *LiftLambdaRoleProps) *LiftLambdaRole

NewLiftLambdaRole creates a new Lambda execution role with common permissions

func (*LiftLambdaRole) AddManagedPolicy added in v1.0.59 

func (l *LiftLambdaRole) AddManagedPolicy(policy awsiam.IManagedPolicy)

AddManagedPolicy adds a managed policy to the role

func (*LiftLambdaRole) AddToPolicy added in v1.0.59 

func (l *LiftLambdaRole) AddToPolicy(statement awsiam.PolicyStatement)

AddToPolicy adds a policy statement to the role

func (*LiftLambdaRole) AsLambdaExecutionRole added in v1.0.59 

func (l *LiftLambdaRole) AsLambdaExecutionRole() awsiam.IRole

AsLambdaExecutionRole returns this role for use in Lambda function props

func (*LiftLambdaRole) GetRole added in v1.0.59 

func (l *LiftLambdaRole) GetRole() awsiam.IRole

GetRole returns the underlying IAM role

func (*LiftLambdaRole) GetRoleArn added in v1.0.59 

func (l *LiftLambdaRole) GetRoleArn() *string

GetRoleArn returns the role ARN

func (*LiftLambdaRole) GetRoleName added in v1.0.59 

func (l *LiftLambdaRole) GetRoleName() *string

GetRoleName returns the role name

func (*LiftLambdaRole) GrantDynamoDBAccess added in v1.0.59 

func (l *LiftLambdaRole) GrantDynamoDBAccess(tables ...awsdynamodb.ITable)

GrantDynamoDBAccess grants access to additional DynamoDB tables

func (*LiftLambdaRole) GrantKMSAccess added in v1.0.59 

func (l *LiftLambdaRole) GrantKMSAccess(keys ...awskms.IKey)

GrantKMSAccess grants access to additional KMS keys

func (*LiftLambdaRole) GrantPassRole added in v1.0.59 

func (l *LiftLambdaRole) GrantPassRole(grantee awsiam.IGrantable) awsiam.Grant

GrantPassRole grants permission to pass this role to a service

type LiftLambdaRoleProps added in v1.0.59 

type LiftLambdaRoleProps struct {
	// Basic configuration
	RoleName    *string
	Description *string

	// Service principal (defaults to lambda.amazonaws.com)
	ServicePrincipal *string

	// Managed policies
	ManagedPolicyArns []string

	// Enable common AWS managed policies
	EnableBasicExecution     *bool // AWSLambdaBasicExecutionRole
	EnableVPCExecution       *bool // AWSLambdaVPCAccessExecutionRole
	EnableCloudWatchInsights *bool // CloudWatchLambdaInsightsExecutionRolePolicy
	EnableXRayDaemonWrite    *bool // AWSXRayDaemonWriteAccess

	// DynamoDB access
	DynamoDBTables       []awsdynamodb.ITable
	DynamoDBTableArns    []string
	DynamoDBStreamAccess *bool // Grant stream read access
	DynamoDBFullAccess   *bool // Grant full access vs read/write

	// KMS access
	KMSKeys              []awskms.IKey
	KMSKeyArns           []string
	EnableMultiRegionKMS *bool    // Grant access to multi-region keys (mrk-*)
	KMSActions           []string // Custom KMS actions (defaults to Encrypt, Decrypt, GenerateDataKey)

	// Secrets Manager access
	SecretsManagerArns  []string
	EnableSecretsAccess *bool // Grant access to all secrets (not recommended for production)

	// SSM Parameter Store access
	SSMParameterPaths []string
	EnableSSMAccess   *bool // Grant access to all parameters

	// Payment Cryptography (AWS Payment Cryptography Service)
	EnablePaymentCrypto  *bool
	PaymentCryptoActions []string // Defaults to DecryptData, EncryptData, GetAlias

	// SQS access
	SQSQueueArns           []string
	EnableSQSSendMessage   *bool
	EnableSQSReceiveDelete *bool

	// S3 access
	S3BucketArns  []string
	EnableS3Read  *bool
	EnableS3Write *bool

	// Custom inline policies
	InlinePolicies map[string]awsiam.PolicyDocument

	// Additional policy statements
	AdditionalPolicyStatements []awsiam.PolicyStatement

	// Tags
	Tags map[string]string
}

LiftLambdaRoleProps defines properties for Lambda execution roles

type LiftRestAPI added in v1.0.60 

type LiftRestAPI struct {
	constructs.Construct
	RestAPI  awsapigateway.RestApi
	LogGroup awslogs.ILogGroup
	// contains filtered or unexported fields
}

LiftRestAPI is a REST API Gateway (v1) construct for Lift applications

func NewLiftRestAPI added in v1.0.60 

func NewLiftRestAPI(scope constructs.Construct, id *string, props *LiftRestAPIProps) *LiftRestAPI

NewLiftRestAPI creates a new REST API Gateway optimized for Lift

func (*LiftRestAPI) AddLambdaIntegration added in v1.0.60 

func (api *LiftRestAPI) AddLambdaIntegration(path *string, method *string, fn awslambda.IFunction)

AddLambdaIntegration adds a Lambda function as a method to the API

func (*LiftRestAPI) AddLambdaIntegrationWithOptions added in v1.0.60 

func (api *LiftRestAPI) AddLambdaIntegrationWithOptions(path *string, method *string, fn awslambda.IFunction, options *IntegrationOptions)

AddLambdaIntegrationWithOptions adds a Lambda function with additional options

func (*LiftRestAPI) CreateAPIKey added in v1.0.60 

func (api *LiftRestAPI) CreateAPIKey(name *string) awsapigateway.IApiKey

CreateAPIKey creates an API key for the REST API

func (*LiftRestAPI) CreateUsagePlan added in v1.0.60 

func (api *LiftRestAPI) CreateUsagePlan(name *string, throttle *awsapigateway.ThrottleSettings, quota *awsapigateway.QuotaSettings) awsapigateway.UsagePlan

CreateUsagePlan creates a usage plan with throttling and quota

func (*LiftRestAPI) GetArn added in v1.0.60 

func (api *LiftRestAPI) GetArn() *string

GetArn returns the ARN of the API

func (*LiftRestAPI) GetResourceName added in v1.0.60 

func (l *LiftRestAPI) GetResourceName() *string

GetResourceName returns the API name

func (*LiftRestAPI) GetStage added in v1.0.60 

func (api *LiftRestAPI) GetStage() awsapigateway.IStage

GetStage returns the deployment stage

func (*LiftRestAPI) GetUrl added in v1.0.60 

func (api *LiftRestAPI) GetUrl() *string

GetUrl returns the URL of the API

func (*LiftRestAPI) GrantInvoke added in v1.0.60 

func (api *LiftRestAPI) GrantInvoke(grantee awsiam.IGrantable) awsiam.Grant

GrantInvoke grants invoke permissions to a principal

type LiftRestAPIProps added in v1.0.60 

type LiftRestAPIProps struct {
	APICommonProps
	// AppName is an alias for Name (backwards compatible).
	AppName *string
	// EnableStreaming enables API Gateway REST API response streaming by default
	// for methods added via AddLambdaIntegration*.
	//
	// Methods can override this default via IntegrationOptions.EnableStreaming.
	EnableStreaming *bool
	// StreamingTimeout sets the default integration timeout in seconds for streaming
	// methods (up to 15 minutes).
	//
	// Methods can override this default via IntegrationOptions.StreamingTimeoutSeconds.
	StreamingTimeout *int
	// Certificate configures a custom domain when DomainName is set.
	Certificate awscertificatemanager.ICertificate
	// Enable detailed CloudWatch metrics (REST API only)
	EnableDetailedMetrics *bool
	// API Key configuration
	RequireApiKey *bool
	// Endpoint configuration (REGIONAL, EDGE, PRIVATE)
	EndpointType awsapigateway.EndpointType
	// Default authorizer for all routes
	DefaultAuthorizer awsapigateway.IAuthorizer
}

LiftRestAPIProps defines properties for creating a Lift REST API Gateway (v1)

type LiftSQSAlarms added in v1.0.76 

type LiftSQSAlarms struct {
	Construct constructs.Construct

	// Main queue alarms
	VisibleMessagesAlarm    awscloudwatch.Alarm
	NotVisibleMessagesAlarm awscloudwatch.Alarm
	OldestMessageAlarm      awscloudwatch.Alarm

	// DLQ alarms
	DLQVisibleMessagesAlarm    awscloudwatch.Alarm
	DLQNotVisibleMessagesAlarm awscloudwatch.Alarm
	DLQOldestMessageAlarm      awscloudwatch.Alarm
}

LiftSQSAlarms contains CloudWatch alarms for SQS queues

func NewLiftSQSAlarms added in v1.0.76 

func NewLiftSQSAlarms(scope constructs.Construct, id *string, props *SQSAlarmsProps) *LiftSQSAlarms

NewLiftSQSAlarms creates CloudWatch alarms for SQS queues

type LiftSQSQueue added in v1.0.59 

type LiftSQSQueue struct {
	constructs.Construct

	// The SQS queue
	Queue awssqs.Queue

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.Queue

	// Event source mapping (if enabled)
	EventSource awslambdaeventsources.SqsEventSource

	// SSM Parameter (if enabled)
	SSMParameter awsssm.StringParameter
}

LiftSQSQueue represents an SQS queue attached to an existing Lambda function

func NewLiftSQSQueue added in v1.0.59 

func NewLiftSQSQueue(scope constructs.Construct, id *string, props *LiftSQSQueueProps) *LiftSQSQueue

NewLiftSQSQueue creates a new SQS queue and attaches it to an existing Lambda function

func (*LiftSQSQueue) GetDeadLetterQueueUrl added in v1.0.59 

func (q *LiftSQSQueue) GetDeadLetterQueueUrl() *string

GetDeadLetterQueueUrl returns the DLQ URL (if enabled)

func (*LiftSQSQueue) GetQueueArn added in v1.0.59 

func (q *LiftSQSQueue) GetQueueArn() *string

GetQueueArn returns the queue ARN

func (*LiftSQSQueue) GetQueueName added in v1.0.59 

func (q *LiftSQSQueue) GetQueueName() *string

GetQueueName returns the queue name

func (*LiftSQSQueue) GetQueueUrl added in v1.0.59 

func (q *LiftSQSQueue) GetQueueUrl() *string

GetQueueUrl returns the queue URL

func (*LiftSQSQueue) GrantConsumeMessages added in v1.0.59 

func (q *LiftSQSQueue) GrantConsumeMessages(grantee awslambda.Function)

GrantConsumeMessages grants additional permission to consume messages from the queue

func (*LiftSQSQueue) GrantSendMessages added in v1.0.59 

func (q *LiftSQSQueue) GrantSendMessages(grantee awslambda.Function)

GrantSendMessages grants additional permission to send messages to the queue

type LiftSQSQueueProps added in v1.0.59 

type LiftSQSQueueProps struct {
	// Required: Existing Lambda function to attach this queue to
	Function awslambda.Function

	// Queue configuration
	QueueName              *string
	VisibilityTimeout      awscdk.Duration // Default: 5 minutes
	MessageRetentionPeriod awscdk.Duration // Default: 14 days
	ReceiveMessageWaitTime awscdk.Duration // For long polling, default: 20 seconds

	// Dead letter queue configuration
	EnableDeadLetterQueue *bool           // Default: true
	DeadLetterQueueName   *string         // Default: {QueueName}-dlq
	MaxReceiveCount       *float64        // Default: 3
	DLQRetentionPeriod    awscdk.Duration // Default: 14 days

	// Encryption configuration
	EncryptionMasterKey awskms.IKey     // Required for K3 - partner-specific KMS key
	DataKeyReuse        awscdk.Duration // Default: 300 seconds

	// Event source configuration
	EnableEventSource       *bool           // Default: true
	BatchSize               *float64        // Default: 10
	MaxBatchingWindow       awscdk.Duration // Default: 5 seconds
	ReportBatchItemFailures *bool           // Default: true
	MaxConcurrency          *float64        // Default: 5

	// Environment variable configuration
	QueueUrlEnvVar *string // Custom env var name for queue URL (e.g., "K3_PROCESSOR_INSTRUMENT_QUEUE_URL")
	DLQUrlEnvVar   *string // Custom env var name for DLQ URL (optional)

	// SSM Parameter Store configuration
	EnableSSMParameter *bool   // Default: false
	SSMParameterName   *string // SSM parameter name to store queue URL
	SSMDescription     *string // SSM parameter description

	// FIFO queue configuration
	FifoQueue                       *bool
	EnableContentBasedDeduplication *bool

	// Additional permissions
	GrantSendMessages    *bool // Default: true - grant Lambda permission to send messages
	GrantConsumeMessages *bool // Default: true - grant Lambda permission to consume messages
}

LiftSQSQueueProps defines properties for attaching an SQS queue to an existing Lambda function

type LiftTable 

type LiftTable struct {
	constructs.Construct
	Table awsdynamodb.Table
	GSIs  map[string]*awsdynamodb.GlobalSecondaryIndexProps
}

LiftTable is a DynamoDB table construct optimized for Lift applications

This construct creates a DynamoDB table with Lift-optimized defaults including: - Point-in-time recovery (if enabled) - DynamoDB streams (if enabled) - Auto-scaling (if enabled) - TTL (if configured)

The table is configured with sensible defaults for production workloads.

func NewIdempotencyTable 

func NewIdempotencyTable(scope constructs.Construct, id *string, props *IdempotencyTableProps) *LiftTable

NewIdempotencyTable creates a DynamoDB table for idempotency tracking The table uses standard pk/sk attributes - GSIs should be defined in DynamORM models

func NewLiftTable 

func NewLiftTable(scope constructs.Construct, id *string, props *LiftTableProps) *LiftTable

NewLiftTable creates a new DynamoDB table with Lift-optimized defaults

This function creates a new DynamoDB table with all Lift-optimized features including: - Appropriate billing mode (provisioned or pay-per-request) - Point-in-time recovery (if enabled) - DynamoDB streams (if enabled) - Auto-scaling (if enabled) - TTL (if configured)

Parameters:

  • scope: The CDK construct scope
  • id: The construct ID
  • props: Configuration properties

Returns:

  • A new LiftTable instance

func NewRateLimitTable 

func NewRateLimitTable(scope constructs.Construct, id *string, props *RateLimitTableProps) *LiftTable

NewRateLimitTable creates a DynamoDB table for rate limiting

The table uses standard pk/sk attributes - GSIs should be defined in DynamORM models

func (*LiftTable) AddGlobalSecondaryIndex added in v1.0.59 

func (t *LiftTable) AddGlobalSecondaryIndex(props *awsdynamodb.GlobalSecondaryIndexProps)

AddGlobalSecondaryIndex adds a GSI after table creation (note: requires table update)

func (*LiftTable) GetEnvironmentVariables added in v1.0.59 

func (t *LiftTable) GetEnvironmentVariables() map[string]*string

GetEnvironmentVariables returns environment variables for DynamORM integration

func (*LiftTable) GetResourceName added in v1.0.42 

func (t *LiftTable) GetResourceName() *string

GetResourceName returns the resource name for monitoring

This method returns the resource name for monitoring purposes. It implements the MonitorableResource interface.

Returns:

  • The resource name (table name)

func (*LiftTable) GetStreamArn added in v1.0.42 

func (t *LiftTable) GetStreamArn() *string

GetStreamArn returns the DynamoDB stream ARN if streams are enabled

This method returns the ARN of the DynamoDB stream if streams are enabled on the table. This is useful for setting up event-driven architectures.

Returns:

  • The stream ARN, or nil if streams are not enabled

func (*LiftTable) GetTableArn added in v1.0.42 

func (t *LiftTable) GetTableArn() *string

GetTableArn returns the table ARN

This method returns the ARN (Amazon Resource Name) of the DynamoDB table. This is useful for cross-service integrations and IAM permissions.

Returns:

  • The table ARN

func (*LiftTable) GetTableName added in v1.0.42 

func (t *LiftTable) GetTableName() *string

GetTableName returns the table name

This method returns the name of the DynamoDB table. This is useful for configuration and when setting up environment variables for applications that need to access the table.

Returns:

  • The table name

func (*LiftTable) GrantReadData added in v1.0.59 

func (t *LiftTable) GrantReadData(grantee awsiam.IGrantable) awsiam.Grant

GrantReadData grants read-only permissions to any IAM grantee

func (*LiftTable) GrantReadWrite 

func (t *LiftTable) GrantReadWrite(fn awslambda.IFunction)

GrantReadWrite grants read/write permissions to a Lambda function

This method grants the specified Lambda function read and write permissions to the DynamoDB table. This is typically used to allow Lambda functions to perform CRUD operations on the table.

Parameters:

  • fn: The Lambda function to grant permissions to

func (*LiftTable) GrantReadWriteData added in v1.0.59 

func (t *LiftTable) GrantReadWriteData(grantee awsiam.IGrantable) awsiam.Grant

GrantReadWriteData grants read/write permissions to any IAM grantee

func (*LiftTable) GrantStreamRead added in v1.0.59 

func (t *LiftTable) GrantStreamRead(grantee awsiam.IGrantable) awsiam.Grant

GrantStreamRead grants permissions to read from the DynamoDB stream

func (*LiftTable) GrantWriteData added in v1.0.59 

func (t *LiftTable) GrantWriteData(grantee awsiam.IGrantable) awsiam.Grant

GrantWriteData grants write-only permissions to any IAM grantee

type LiftTableProps 

type LiftTableProps struct {
	TableName           *string
	PartitionKeyName    *string
	SortKeyName         *string
	TimeToLiveAttribute *string

	// Billing configuration
	ReadCapacity  *float64
	WriteCapacity *float64

	// Feature flags
	EnablePointInTimeRecovery *bool
	EnableStreams             *bool
	EnableAutoScaling         *bool
	DeletionProtection        *bool

	// Auto-scaling configuration
	MinReadCapacity   *float64
	MaxReadCapacity   *float64
	MinWriteCapacity  *float64
	MaxWriteCapacity  *float64
	TargetUtilization *float64

	// Global Secondary Indexes
	GlobalSecondaryIndexes *[]*awsdynamodb.GlobalSecondaryIndexProps

	// GSI Auto-scaling configuration
	GSIMinReadCapacity  *float64
	GSIMaxReadCapacity  *float64
	GSIMinWriteCapacity *float64
	GSIMaxWriteCapacity *float64

	// Replication and tagging
	ReplicationRegions *[]*string
	Tags               *map[string]*string

	// Non-pointer configuration values
	StreamViewType awsdynamodb.StreamViewType
	RemovalPolicy  awscdk.RemovalPolicy
	Encryption     awsdynamodb.TableEncryption
}

LiftTableProps extends DynamoDB table properties with Lift-specific configuration

This struct contains all configurable properties for creating a Lift-optimized DynamoDB table. The properties include basic table configuration, advanced features like point-in-time recovery, streams, auto-scaling, and TTL settings.

type ManagementTableConfig added in v1.0.58 

type ManagementTableConfig struct {
	DefaultTableName string
	PermissionMethod string // e.g., "GrantConnectionManagement", "GrantEventManagement"
}

ManagementTableConfig defines configuration for creating management tables.

This struct contains configuration options for creating different types of management tables, including default table names and permission methods.

type MediaCDN added in v1.0.82 

type MediaCDN struct {
	constructs.Construct

	Bucket       awss3.Bucket
	Distribution awscloudfront.Distribution
	Certificate  awscertificatemanager.ICertificate

	// Only set when EnablePrivateMedia is true.
	PublicKey awscloudfront.PublicKey
	KeyGroup  awscloudfront.KeyGroup
}

MediaCDN creates an S3 + CloudFront distribution tuned for media delivery.

func NewMediaCDN added in v1.0.82 

func NewMediaCDN(scope constructs.Construct, id *string, props *MediaCDNProps) *MediaCDN

NewMediaCDN creates a media distribution backed by a private S3 bucket with OAC.

type MediaCDNProps added in v1.0.82 

type MediaCDNProps struct {
	// Required: hosted zone authoritative for DomainName.
	HostedZone awsroute53.IHostedZone
	// Optional: custom domain certificate. If omitted, Lift creates a DNS-validated certificate in us-east-1.
	Certificate awscertificatemanager.ICertificate
	// Optional: override response headers policy.
	ResponseHeadersPolicy awscloudfront.IResponseHeadersPolicy

	// Required: domain name (e.g., "media.example.com").
	DomainName *string

	// Optional: stable naming inputs for deterministic bucket names.
	AppName    *string
	Stage      *string
	Partner    *string
	BucketName *string

	// Optional: bucket configuration.
	AutoDeleteObjects *bool
	Versioned         *bool

	// Optional: additional SANs to include when Lift creates a certificate.
	SubjectAlternativeNames *[]*string

	// Optional: enable private media via CloudFront Key Groups (signed URLs/cookies).
	EnablePrivateMedia *bool

	// Required when EnablePrivateMedia is true: PEM-encoded public key used by CloudFront for validation.
	PublicKeyEncoded *string

	// Optional: path patterns that require signed URLs/cookies (default: ["private/*"]).
	PrivatePathPatterns *[]*string

	// Optional: WAFv2 Web ACL ARN (global scope) to attach to the distribution.
	WebAclId *string

	// Optional: distribution tuning.
	EnableIpv6 *bool

	// Optional: tags applied to created resources.
	Tags *map[string]*string

	// Optional: bucket configuration.
	RemovalPolicy awscdk.RemovalPolicy

	// Optional: distribution tuning.
	PriceClass  awscloudfront.PriceClass
	HttpVersion awscloudfront.HttpVersion
}

MediaCDNProps defines properties for a media-focused CloudFront distribution.

type MetricConfiguration 

type MetricConfiguration struct {
	// Enable detailed metrics
	DetailedMetrics *bool
	// Custom dimensions
	Dimensions *map[string]*string
	// Metric resolution (1 or 60 seconds)
	Resolution *float64
	// Percentiles to track
	Percentiles *[]*float64
	// Enable custom business metrics
	EnableBusinessMetrics *bool
}

MetricConfiguration defines advanced metric configuration

type MonitorableResource 

type MonitorableResource interface {
	// GetResourceName returns the name of the resource.
	// Returns:
	//   - A pointer to the name of the resource
	GetResourceName() *string
}

MonitorableResource interface for resources that can be monitored

type MonitoredFunction 

type MonitoredFunction struct {
	constructs.Construct
	Function  *LiftFunction
	Dashboard awscloudwatch.Dashboard
	Alarms    map[string]awscloudwatch.Alarm
}

MonitoredFunction is a Lambda function with comprehensive monitoring

This construct creates a Lambda function with comprehensive monitoring features including CloudWatch dashboard, alarms, Lambda Insights, and Log Insights queries. It provides methods to add custom metrics and log queries.

func NewMonitoredFunction 

func NewMonitoredFunction(scope constructs.Construct, id *string, props *MonitoredFunctionProps) *MonitoredFunction

NewMonitoredFunction creates a Lambda function with comprehensive monitoring

This function creates a Lambda function with all monitoring features configured:

- Creates a CloudWatch dashboard with default widgets - Configures CloudWatch alarms for errors, latency, throttling, and concurrency - Enables Lambda Insights if requested - Sets up environment variables for monitoring

Parameters:

  • scope: The CDK construct scope
  • id: The construct ID
  • props: Configuration properties

Returns:

  • A new MonitoredFunction instance

func (*MonitoredFunction) AddCommonLogInsightsQueries 

func (f *MonitoredFunction) AddCommonLogInsightsQueries()

This method adds a set of common CloudWatch Logs Insights queries to the dashboard. The queries include:

- Recent errors - Performance metrics - Cold start analysis - Memory usage - Request patterns - Slow requests - Error rate by status code - Tenant activity (for multi-tenant apps)

func (*MonitoredFunction) AddCustomMetric 

func (f *MonitoredFunction) AddCustomMetric(metricName *string, namespace *string, dimensions *map[string]*string) awscloudwatch.Metric

AddCustomMetric adds a custom metric to the dashboard

This method adds a custom CloudWatch metric to the dashboard. It creates a graph widget with the specified metric.

Parameters:

  • metricName: The name of the metric
  • namespace: The CloudWatch namespace
  • dimensions: The metric dimensions

Returns:

  • The created CloudWatch metric

func (*MonitoredFunction) AddLogInsightsQuery 

func (f *MonitoredFunction) AddLogInsightsQuery(queryName *string, queryString *string)

AddLogInsightsQuery adds a CloudWatch Logs Insights query to the dashboard

This method adds a CloudWatch Logs Insights query widget to the dashboard. It allows you to create custom log queries for analyzing Lambda function logs.

Parameters:

  • queryName: The name of the query
  • queryString: The Logs Insights query string

func (*MonitoredFunction) GetAlarm 

func (f *MonitoredFunction) GetAlarm(name string) awscloudwatch.Alarm

GetAlarm returns a specific alarm by name

This method returns a specific CloudWatch alarm by name. The available alarms include "errors", "latency", "throttles", and "concurrent".

Parameters:

  • name: The name of the alarm to retrieve

Returns:

  • The CloudWatch alarm

func (*MonitoredFunction) GetDashboard 

func (f *MonitoredFunction) GetDashboard() awscloudwatch.Dashboard

This method returns the CloudWatch dashboard that was created for monitoring the Lambda function. This is useful when you need to add additional widgets or customize the dashboard.

func (*MonitoredFunction) GetFunction 

func (f *MonitoredFunction) GetFunction() awslambda.Function

This method returns the underlying Lambda function that was created with the monitoring enhancements. This is useful when you need to access the standard Lambda function properties and methods.

type MonitoredFunctionProps 

type MonitoredFunctionProps struct {
	LiftFunctionProps
	// Enable CloudWatch dashboard
	EnableDashboard *bool
	// Dashboard name (optional - will generate if not provided)
	DashboardName *string
	// Alarm configuration
	AlarmConfig *AlarmConfig
	// Custom metrics namespace
	MetricsNamespace *string
	// Enable enhanced monitoring (Lambda Insights)
	EnableLambdaInsights *bool
	// Log level (ERROR, WARN, INFO, DEBUG)
	LogLevel *string
	// Enable CloudWatch Logs Insights queries
	EnableLogInsightsQueries *bool
}

MonitoredFunctionProps extends LiftFunctionProps with monitoring configuration

This struct contains all configurable properties for creating a monitored Lambda function. It extends LiftFunctionProps with additional monitoring configuration like CloudWatch dashboard, alarms, Lambda Insights, and Log Insights queries.

type PathRoutedFrontendDistribution added in v1.0.82 

type PathRoutedFrontendDistribution struct {
	constructs.Construct

	ClientBucket awss3.Bucket
	AuthBucket   awss3.Bucket

	Distribution awscloudfront.Distribution
	Certificate  awscertificatemanager.ICertificate

	RewriteFunction awscloudfront.Function
}

PathRoutedFrontendDistribution creates a single CloudFront distribution for a stage domain that: - routes all unmatched requests to the API origin (default behavior) - serves a client SPA under /<clientPrefix>/* - serves an auth SPA under /<authPrefix>/* - reserves /<authPrefix>/wallet/* for the API origin

func NewPathRoutedFrontendDistribution added in v1.0.82 

func NewPathRoutedFrontendDistribution(scope constructs.Construct, id *string, props *PathRoutedFrontendDistributionProps) *PathRoutedFrontendDistribution

type PathRoutedFrontendDistributionProps added in v1.0.82 

type PathRoutedFrontendDistributionProps struct {
	// Required: hosted zone authoritative for DomainName.
	HostedZone awsroute53.IHostedZone
	// Optional: custom domain certificate. If omitted, Lift creates a DNS-validated certificate in us-east-1.
	Certificate awscertificatemanager.ICertificate

	// Optional: cache policy for API behavior (default: Lift API cache policy with TTL 0).
	ApiCachePolicy awscloudfront.ICachePolicy
	// Optional: origin request policy for API behavior (default: none).
	ApiOriginRequestPolicy awscloudfront.IOriginRequestPolicy

	// Optional: override response headers policy for static content.
	StaticResponseHeadersPolicy awscloudfront.IResponseHeadersPolicy

	// Required: apex/canonical domain (e.g., "dev.example.com").
	DomainName *string
	// Required: API origin host (e.g., "api.dev.example.com" or "*.execute-api.*.amazonaws.com").
	ApiOriginDomainName *string

	// Required: S3 bucket name for the client SPA served under ClientPathPrefix.
	ClientBucketName *string
	// Required: S3 bucket name for the auth SPA served under AuthPathPrefix.
	AuthBucketName *string

	// Optional: path prefix for client SPA (default: "l").
	ClientPathPrefix *string
	// Optional: path prefix for auth SPA (default: "auth").
	AuthPathPrefix *string
	// Optional: API path pattern that must bypass the auth SPA (default: "<authPrefix>/wallet/*").
	AuthWalletApiPathPattern *string
	// Optional: treat client UI as an SPA by rewriting extensionless routes to /index.html (default true).
	ClientSinglePageApp *bool
	// Optional: treat auth UI as an SPA by rewriting extensionless routes to /index.html (default true).
	// If false, extensionless routes rewrite to "<path>/index.html" to support multi-page static outputs.
	AuthSinglePageApp *bool

	// Optional: stable naming inputs for deterministic resource naming.
	AppName *string
	Stage   *string
	Partner *string

	// Optional: tags applied to created resources.
	Tags *map[string]*string

	// Optional: bucket configuration.
	AutoDeleteObjects *bool
	Versioned         *bool
	RemovalPolicy     awscdk.RemovalPolicy

	// Optional: WAFv2 Web ACL ARN (global scope) to attach to the distribution.
	WebAclId *string

	// Optional: distribution tuning.
	EnableIpv6  *bool
	PriceClass  awscloudfront.PriceClass
	HttpVersion awscloudfront.HttpVersion
}

PathRoutedFrontendDistributionProps defines properties for a single-domain distribution that routes API traffic to an origin by default while serving one or more SPAs under path prefixes.

type RateLimitTableProps 

type RateLimitTableProps struct {
	// Table name
	TableName *string
	// TTL attribute name for automatic cleanup
	TimeToLiveAttribute *string
}

RateLimitTableProps defines properties for creating a rate limit table

type RateLimitType 

type RateLimitType string

RateLimitType defines the type of rate limiting 

const (
	RateLimitTypeIP     RateLimitType = "IP"
	RateLimitTypeUser   RateLimitType = "USER"
	RateLimitTypeTenant RateLimitType = "TENANT"
)

type RateLimitedFunction 

type RateLimitedFunction struct {
	constructs.Construct
	Function  *LiftFunction
	RateTable *LiftTable
	// contains filtered or unexported fields
}

RateLimitedFunction is a Lambda function with built-in rate limiting using DynamORM

func NewRateLimitedFunction 

func NewRateLimitedFunction(scope constructs.Construct, id *string, props *RateLimitedFunctionProps) *RateLimitedFunction

NewRateLimitedFunction creates a Lambda function with rate limiting capabilities

func (*RateLimitedFunction) AddRateLimitAlarm 

func (f *RateLimitedFunction) AddRateLimitAlarm(alarmName *string, threshold *float64) awscloudwatch.IAlarm

AddRateLimitAlarm adds a CloudWatch alarm for rate limit violations

func (*RateLimitedFunction) GetFunction 

func (f *RateLimitedFunction) GetFunction() awslambda.Function

GetFunction returns the underlying Lambda function

func (*RateLimitedFunction) GetTable 

func (f *RateLimitedFunction) GetTable() *LiftTable

GetTable returns the rate limiting table

type RateLimitedFunctionProps 

type RateLimitedFunctionProps struct {
	// Embedded struct first (largest)
	LiftFunctionProps
	// Pointers (8 bytes each)
	WindowSeconds *float64
	Limit         *float64
	TableName     *string
	EnableMetrics *bool
	// Smaller types last
	RateLimitType RateLimitType
}

RateLimitedFunctionProps extends LiftFunctionProps with rate limiting configuration Memory optimized: 760 → 752 bytes (8 bytes saved)

type RequestTrackingTable 

type RequestTrackingTable struct {
	*LiftTable
	// contains filtered or unexported fields
}

RequestTrackingTable is a table for tracking API requests and their async processing

func NewRequestTrackingTable 

func NewRequestTrackingTable(scope constructs.Construct, id *string, props *RequestTrackingTableProps) *RequestTrackingTable

NewRequestTrackingTable creates a new request tracking table The table uses standard pk/sk attributes - GSIs should be defined in DynamORM models

type RequestTrackingTableProps 

type RequestTrackingTableProps struct {
	// Table name
	TableName *string
	// TTL attribute name for automatic cleanup
	TimeToLiveAttribute *string
}

RequestTrackingTableProps defines properties for the request tracking table

type RequestValidator 

type RequestValidator struct {
	// Validate request body
	ValidateBody *bool
	// Validate request parameters
	ValidateParameters *bool
	// JSON schema for body validation
	BodySchema interface{}
}

RequestValidator defines validation rules for API requests.

This struct specifies how to validate incoming API requests, including body validation against a JSON schema and parameter validation.

type RouteOptions 

type RouteOptions struct {
	// Authorizer for this route
	Authorizer awsapigatewayv2.IHttpRouteAuthorizer
	// Request validation
	RequestValidator *RequestValidator
	// Route-specific throttling
	ThrottleRateLimit  *float64
	ThrottleBurstLimit *float64
}

RouteOptions defines options for API routes.

This struct contains optional configuration for API routes including: - Custom authorizer - Request validation - Route-specific throttling

type S3EventFilter 

type S3EventFilter struct {
	Prefix *string
	Suffix *string
}

S3EventFilter defines event filtering options

type S3Processor 

type S3Processor struct {
	constructs.Construct

	// The Lambda function processing S3 events
	Function *LiftFunction

	// The S3 bucket
	Bucket awss3.IBucket

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Event source mapping
	EventSource awslambdaeventsources.S3EventSource

	// Replication bucket (if cross-region replication is enabled)
	ReplicationBucket awss3.IBucket
}

S3Processor represents an S3 bucket with Lambda processor

func NewS3Processor 

func NewS3Processor(scope constructs.Construct, id *string, props *S3ProcessorProps) *S3Processor

NewS3Processor creates a new S3 processor construct

func (*S3Processor) AddCorsRule 

func (s *S3Processor) AddCorsRule(rule *awss3.CorsRule)

AddCorsRule adds a CORS rule to the bucket

func (*S3Processor) AddEnvironmentVariable 

func (s *S3Processor) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*S3Processor) EnableCORS 

func (s *S3Processor) EnableCORS(rules []*awss3.CorsRule)

EnableCORS enables CORS on the bucket

func (*S3Processor) GetBucketArn 

func (s *S3Processor) GetBucketArn() *string

GetBucketArn returns the bucket ARN

func (*S3Processor) GetBucketDomainName 

func (s *S3Processor) GetBucketDomainName() *string

GetBucketDomainName returns the bucket domain name

func (*S3Processor) GetBucketName 

func (s *S3Processor) GetBucketName() *string

GetBucketName returns the bucket name

func (*S3Processor) GrantDelete 

func (s *S3Processor) GrantDelete(grantee awslambda.IFunction)

GrantDelete grants permission to delete objects from the bucket

func (*S3Processor) GrantRead 

func (s *S3Processor) GrantRead(grantee awslambda.IFunction)

GrantRead grants permission to read from the bucket

func (*S3Processor) GrantReadWrite 

func (s *S3Processor) GrantReadWrite(grantee awslambda.IFunction)

GrantReadWrite grants permission to read and write to the bucket

func (*S3Processor) GrantWrite 

func (s *S3Processor) GrantWrite(grantee awslambda.IFunction)

GrantWrite grants permission to write to the bucket

func (*S3Processor) SetBucketPolicy 

func (s *S3Processor) SetBucketPolicy(policy map[string]interface{})

SetBucketPolicy sets a bucket policy

type S3ProcessorProps 

type S3ProcessorProps struct {
	// Lambda function properties
	FunctionProps awslambda.FunctionProps

	// S3 bucket properties (optional - creates new bucket if not provided)
	BucketProps *awss3.BucketProps

	// Existing bucket to use (optional - creates new if not provided)
	ExistingBucket awss3.IBucket

	// S3 event types to process (default: ObjectCreated)
	EventTypes *[]awss3.EventType

	// Key prefix filter for S3 events (optional)
	KeyPrefix *string

	// Key suffix filter for S3 events (optional)
	KeySuffix *string

	// Dead letter queue properties (optional)
	DeadLetterQueueProps *awssqs.QueueProps

	// Enable dead letter queue (default: true)
	EnableDeadLetterQueue *bool

	// S3 event source configuration
	EventSourceProps *awslambdaeventsources.S3EventSourceProps

	// Additional S3 processor settings
	BatchSize         *float64        // Default: 10
	MaxBatchingWindow awscdk.Duration // Default: 5 seconds

	// Multi-region support
	CrossRegionReplication *bool
	ReplicationBucket      awss3.IBucket

	// Lifecycle rules
	EnableLifecycleRules *bool
	LifecycleRules       *[]*awss3.LifecycleRule

	// External bucket support
	ExternalBucket awss3.IBucket

	// Event filtering
	EventFilter *S3EventFilter

	// Access logging
	EnableAccessLogging *bool
	AccessLogsBucket    awss3.IBucket
	AccessLogsPrefix    *string

	// Versioning and backup
	EnableVersioning *bool
	EnableBackup     *bool

	// Lift-specific settings
	EnableTracing     *bool
	EnableMultiTenant *bool
	EnableMonitoring  *bool
}

S3ProcessorProps defines properties for an S3 processor

type SNSProcessor 

type SNSProcessor struct {
	constructs.Construct
	Topic    awssns.ITopic
	Function LiftFunction
	DLQ      awssqs.IQueue
}

SNSProcessor creates an SNS topic with Lambda processor and optional DLQ

func NewSNSProcessor 

func NewSNSProcessor(scope constructs.Construct, id *string, props *SNSProcessorProps) *SNSProcessor

NewSNSProcessor creates a new SNS processor with Lambda function

func (*SNSProcessor) AddSubscription 

func (s *SNSProcessor) AddSubscription(subscription awssns.ITopicSubscription) awssns.Subscription

AddSubscription adds a new subscription to the topic

func (*SNSProcessor) GetDLQUrl 

func (s *SNSProcessor) GetDLQUrl() *string

GetDLQUrl returns the DLQ URL if DLQ is enabled

func (*SNSProcessor) GetTopicArn 

func (s *SNSProcessor) GetTopicArn() *string

GetTopicArn returns the SNS topic ARN

func (*SNSProcessor) GetTopicName 

func (s *SNSProcessor) GetTopicName() *string

GetTopicName returns the SNS topic name

func (*SNSProcessor) GrantPublish 

func (s *SNSProcessor) GrantPublish(grantee awsiam.IGrantable) awsiam.Grant

GrantPublish grants SNS publish permissions to a principal

func (*SNSProcessor) GrantSubscribe 

func (s *SNSProcessor) GrantSubscribe(grantee awsiam.IGrantable) awsiam.Grant

GrantSubscribe grants SNS subscribe permissions to a principal

type SNSProcessorProps 

type SNSProcessorProps struct {
	// The Lambda function configuration
	FunctionProps *LiftFunctionProps `field:"required"`

	// Optional: Topic configuration
	TopicProps *awssns.TopicProps `field:"optional"`

	// Optional: Use an existing topic instead of creating a new one
	ExistingTopic awssns.ITopic `field:"optional"`

	// Optional: SNS subscription configuration
	SubscriptionProps *awslambdaeventsources.SnsEventSourceProps `field:"optional"`

	// Optional: Enable dead letter queue for failed messages
	EnableDLQ *bool `field:"optional"`

	// Optional: DLQ configuration
	DLQProps *awssqs.QueueProps `field:"optional"`

	// Optional: Message filtering policy
	FilterPolicy *map[string]awssns.SubscriptionFilter `field:"optional"`

	// Optional: Enable FIFO topic
	EnableFifo *bool `field:"optional"`

	// Optional: Enable content-based deduplication
	ContentBasedDeduplication *bool `field:"optional"`

	// Optional: Message retention period in seconds (1 hour to 14 days)
	MessageRetentionSeconds *float64 `field:"optional"`

	// Optional: Display name for the topic
	DisplayName *string `field:"optional"`

	// Optional: Subscription protocol (defaults to lambda)
	Protocol *string `field:"optional"`

	// Optional: Raw message delivery
	RawMessageDelivery *bool `field:"optional"`
}

SNSProcessorProps defines the properties for creating an SNS processor

type SQSAlarmsConfig added in v1.0.76 

type SQSAlarmsConfig struct {
	BaseAlarmsConfig

	// VisibleMessagesThreshold is the threshold for visible messages alarm
	// Default: 2
	VisibleMessagesThreshold *float64

	// NotVisibleMessagesThreshold is the threshold for not visible messages alarm
	// Default: 2
	NotVisibleMessagesThreshold *float64

	// OldestMessageAgeThreshold is the threshold in seconds for oldest message alarm
	// Default: 900 (15 minutes)
	OldestMessageAgeThreshold *float64

	// DLQOldestMessageAgeThreshold is the threshold in seconds for DLQ oldest message alarm
	// Default: 1 (alert immediately when any message hits DLQ)
	DLQOldestMessageAgeThreshold *float64
}

SQSAlarmsConfig defines configuration for SQS alarms

type SQSAlarmsProps added in v1.0.76 

type SQSAlarmsProps struct {
	// Queue is the main SQS queue to monitor (required)
	Queue awssqs.IQueue

	// DeadLetterQueue is the DLQ to monitor (optional)
	DeadLetterQueue awssqs.IQueue

	// AlarmTopic is the SNS topic for alarm notifications (required)
	AlarmTopic awssns.ITopic

	// AlarmNamePrefix is the prefix for alarm names (required)
	// Example: "merchant-application-partner-stage"
	AlarmNamePrefix *string

	// Config contains threshold configuration (optional - uses defaults if nil)
	Config *SQSAlarmsConfig
}

SQSAlarmsProps defines properties for creating SQS alarms

type SQSLargePayloadProps added in v1.0.83 

type SQSLargePayloadProps struct {
	// Enabled toggles large payload support. When nil, defaults to true when
	// LargePayload is provided.
	Enabled *bool

	// ExistingBucket uses an existing bucket for payload storage (optional).
	// When provided, BucketProps is ignored.
	ExistingBucket awss3.IBucket

	// BucketProps creates a new bucket for payload storage when ExistingBucket is nil.
	// If BucketProps.BucketName is omitted, Lift will derive a deterministic name
	// when stable naming context is available (see milestone 2).
	BucketProps *awss3.BucketProps

	// Prefix scopes object storage to a per-queue prefix within the bucket.
	// If omitted, Lift derives a prefix from the queue name (see milestone 2).
	Prefix *string

	// Expiration is the S3 lifecycle expiration for payload objects (TTL fallback).
	// When nil, defaults to 7 days.
	Expiration awscdk.Duration
}

SQSLargePayloadProps configures S3-backed "extended payloads" for an SQSProcessor.

type SQSProcessor 

type SQSProcessor struct {
	constructs.Construct

	// The Lambda function processing SQS messages
	Function *LiftFunction

	// The SQS queue
	Queue awssqs.IQueue

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Event source mapping
	EventSource awslambdaeventsources.SqsEventSource

	// LargePayloadBucket stores oversized SQS message bodies (optional).
	LargePayloadBucket awss3.IBucket

	// LargePayloadPrefix scopes object keys + IAM permissions (optional).
	LargePayloadPrefix *string
}

SQSProcessor represents an SQS queue with Lambda processor

func NewSQSProcessor 

func NewSQSProcessor(scope constructs.Construct, id *string, props *SQSProcessorProps) *SQSProcessor

NewSQSProcessor creates a new SQS processor construct

func (*SQSProcessor) AddEnvironmentVariable 

func (s *SQSProcessor) AddEnvironmentVariable(key string, value string)

AddEnvironmentVariable adds an environment variable to the Lambda function

func (*SQSProcessor) GetQueueArn 

func (s *SQSProcessor) GetQueueArn() *string

GetQueueArn returns the queue ARN

func (*SQSProcessor) GetQueueName 

func (s *SQSProcessor) GetQueueName() *string

GetQueueName returns the queue name

func (*SQSProcessor) GetQueueUrl 

func (s *SQSProcessor) GetQueueUrl() *string

GetQueueUrl returns the queue URL

func (*SQSProcessor) GrantConsumeMessages 

func (s *SQSProcessor) GrantConsumeMessages(grantee awslambda.IFunction)

GrantConsumeMessages grants permission to consume messages from the queue

func (*SQSProcessor) GrantLargePayloadConsume added in v1.0.83 

func (s *SQSProcessor) GrantLargePayloadConsume(grantee awslambda.IFunction)

GrantLargePayloadConsume grants permission to read and delete large payload objects from the payload bucket.

func (*SQSProcessor) GrantLargePayloadPublish added in v1.0.83 

func (s *SQSProcessor) GrantLargePayloadPublish(grantee awslambda.IFunction)

GrantLargePayloadPublish grants permission to write large payload objects to the payload bucket.

func (*SQSProcessor) GrantSendMessages 

func (s *SQSProcessor) GrantSendMessages(grantee awslambda.IFunction)

GrantSendMessages grants permission to send messages to the queue

type SQSProcessorProps 

type SQSProcessorProps struct {
	// Lambda function properties
	FunctionProps awslambda.FunctionProps

	// SQS queue properties (optional - creates new queue if not provided)
	QueueProps *awssqs.QueueProps

	// Existing queue to use (optional - creates new if not provided)
	ExistingQueue awssqs.IQueue

	// Dead letter queue properties (optional)
	DeadLetterQueueProps *awssqs.QueueProps

	// Enable dead letter queue (default: true)
	EnableDeadLetterQueue *bool

	// SQS event source configuration
	EventSourceProps *awslambdaeventsources.SqsEventSourceProps

	// Additional SQS processor settings
	BatchSize                       *float64        // Default: 10
	MaxBatchingWindow               awscdk.Duration // Default: 5 seconds
	VisibilityTimeout               awscdk.Duration // Default: 6 times function timeout
	MessageRetentionPeriod          awscdk.Duration // Default: 14 days
	MaxReceiveCount                 *float64        // Default: 3
	EnableContentBasedDeduplication *bool           // For FIFO queues
	FifoQueue                       *bool           // Default: false
	ReceiveMessageWaitTimeSeconds   *float64        // For long polling (0-20)

	// Lift-specific settings
	EnableTracing     *bool
	EnableMultiTenant *bool
	EnableMonitoring  *bool

	// Large payload support (optional).
	//
	// When enabled, Lift provisions (or attaches) an S3 bucket that can store
	// payloads larger than SQS's 256KB limit. Producers publish a small pointer
	// envelope to SQS containing the S3 bucket + key. Consumers hydrate the full
	// payload from S3 and delete it on success (with lifecycle TTL as a fallback).
	LargePayload *SQSLargePayloadProps
}

SQSProcessorProps defines properties for an SQS processor

type SecretConfig 

type SecretConfig struct {
	RotationLambda   awslambda.IFunction
	RotationSchedule *awssecretsmanager.RotationScheduleOptions
	Name             string
	Description      string
	Template         string
	GenerateKey      string
	ExcludeChars     string
	Length           float64
	EnableRotation   bool
}

SecretConfig defines configuration for secrets

type SecureFunction 

type SecureFunction struct {
	constructs.Construct
	Function      *LiftFunction
	SecurityGroup awsec2.ISecurityGroup
	KmsKey        awskms.IKey
	Vpc           awsec2.IVpc
	VpcEndpoints  map[string]awsec2.InterfaceVpcEndpoint
}

SecureFunction is a Lambda function with enhanced security features

This construct creates a Lambda function with enhanced security features including:

- VPC deployment (with optional private subnets) - KMS encryption for environment variables - Secrets Manager integration - Custom security groups - Private endpoint support - Additional IAM policies

The construct provides methods to add VPC endpoints and configure security settings.

func NewSecureFunction 

func NewSecureFunction(scope constructs.Construct, id *string, props *SecureFunctionProps) *SecureFunction

NewSecureFunction creates a Lambda function with enhanced security

This function creates a Lambda function with all security features configured:

- Creates or uses existing VPC - Configures appropriate subnets (private or public) - Creates and configures security groups - Sets up KMS encryption if enabled - Applies additional IAM policies - Configures environment variables

Parameters:

  • scope: The CDK construct scope
  • id: The construct ID
  • props: Configuration properties

Returns:

  • A new SecureFunction instance

func (*SecureFunction) AddVPCEndpoint 

func (f *SecureFunction) AddVPCEndpoint(service awsec2.InterfaceVpcEndpointAwsService) awsec2.InterfaceVpcEndpoint

AddVPCEndpoint adds a VPC endpoint for an AWS service

This method creates a VPC endpoint for the specified AWS service and configures the necessary security group rules to allow the Lambda function to access it.

Parameters:

  • service: The AWS service to create an endpoint for

Returns:

  • The created VPC endpoint

func (*SecureFunction) EnableSecretsManagerAccess 

func (f *SecureFunction) EnableSecretsManagerAccess()

EnableSecretsManagerAccess adds VPC endpoint and permissions for Secrets Manager

This method configures the Lambda function to access Secrets Manager by: - Creating a VPC endpoint for Secrets Manager - Adding the necessary IAM permissions to read secrets

This is useful when your Lambda function needs to access secrets stored in AWS Secrets Manager.

func (*SecureFunction) GetFunction 

func (f *SecureFunction) GetFunction() awslambda.Function

GetFunction returns the underlying Lambda function

This method returns the underlying Lambda function that was created with the security enhancements. This is useful when you need to access the standard Lambda function properties and methods.

func (*SecureFunction) GetKmsKey 

func (f *SecureFunction) GetKmsKey() awskms.IKey

GetKmsKey returns the KMS key used for encryption

This method returns the KMS key that is used for encrypting environment variables. This is useful when you need to grant additional permissions or reference the key in other resources.

func (*SecureFunction) GetSecurityGroup 

func (f *SecureFunction) GetSecurityGroup() awsec2.ISecurityGroup

GetSecurityGroup returns the security group

This method returns the security group that was created for the Lambda function. This is useful when you need to configure additional security group rules or reference the security group in other resources.

func (*SecureFunction) RestrictInboundAccess 

func (f *SecureFunction) RestrictInboundAccess()

RestrictInboundAccess removes all inbound rules from the security group

This method removes all inbound rules from the security group, effectively preventing any inbound traffic to the Lambda function. This is useful for creating highly secure Lambda functions that don't need to receive incoming network connections.

type SecureFunctionProps 

type SecureFunctionProps struct {
	LiftFunctionProps
	// VPC to deploy the function in (optional - will create if not provided)
	Vpc awsec2.IVpc
	// VPC subnets to use (defaults to private subnets)
	VpcSubnets *awsec2.SubnetSelection
	// Security group IDs to attach
	SecurityGroupIds *[]*string
	// Enable KMS encryption for environment variables
	EnableKMSEncryption *bool
	// KMS key for encryption (optional - will create if not provided)
	KmsKey awskms.IKey
	// Secrets to inject from Secrets Manager
	Secrets *map[string]awssecretsmanager.ISecret
	// Enable private endpoints only (no internet access)
	PrivateOnly *bool
	// Additional security policies to attach
	AdditionalPolicies *[]awsiam.PolicyStatement
}

SecureFunctionProps extends LiftFunctionProps with security configuration

This struct contains all configurable properties for creating a secure Lambda function with enhanced security features. It extends LiftFunctionProps with additional security configuration like VPC settings, KMS encryption, secrets management, and IAM policies.

type SecurityRule 

type SecurityRule struct {
	Source      awsec2.IPeer
	Protocol    awsec2.Protocol
	Description string
	RuleAction  string
	Port        float64
}

SecurityRule defines a network security rule

type SnapshotStrategy 

type SnapshotStrategy string

SnapshotStrategy defines how snapshots are handled 

const (
	SnapshotStrategy_DISABLED   SnapshotStrategy = "DISABLED"
	SnapshotStrategy_FREQUENCY  SnapshotStrategy = "FREQUENCY"
	SnapshotStrategy_SIZE_BASED SnapshotStrategy = "SIZE_BASED"
	SnapshotStrategy_TIME_BASED SnapshotStrategy = "TIME_BASED"
)

type StaticSite added in v1.0.82 

type StaticSite struct {
	constructs.Construct

	Bucket       awss3.Bucket
	Distribution awscloudfront.Distribution
	Certificate  awscertificatemanager.ICertificate

	// WWWRedirect is set when EnableWWWRedirect is true.
	WWWRedirect *HostRedirect
}

StaticSite creates an S3 + CloudFront + Route53 static site with OAC and safe defaults.

func NewStaticSite added in v1.0.82 

func NewStaticSite(scope constructs.Construct, id *string, props *StaticSiteProps) *StaticSite

NewStaticSite creates a CloudFront distribution backed by a private S3 bucket.

type StaticSiteProps added in v1.0.82 

type StaticSiteProps struct {
	// Required: hosted zone authoritative for DomainName.
	HostedZone awsroute53.IHostedZone
	// Optional: enable access logs (log bucket auto-created unless provided).
	AccessLogsBucket awss3.IBucket
	// Optional: custom domain certificate. If omitted, Lift creates a DNS-validated certificate in us-east-1.
	Certificate awscertificatemanager.ICertificate
	// Optional: override response headers policy.
	ResponseHeadersPolicy awscloudfront.IResponseHeadersPolicy

	// Required: apex/canonical domain (e.g., "example.com").
	DomainName *string

	// Optional: stable naming inputs for deterministic bucket names.
	AppName    *string
	Stage      *string
	Partner    *string
	BucketName *string

	// Optional: bucket configuration.
	AutoDeleteObjects *bool
	Versioned         *bool

	// Optional: enable access logs (log bucket auto-created unless provided).
	EnableAccessLogs *bool
	AccessLogsPrefix *string

	// Optional: additional SANs to include when Lift creates a certificate.
	SubjectAlternativeNames *[]*string

	// Optional: enable www.<domain> redirect to apex (default true).
	EnableWWWRedirect *bool
	WWWDomainName     *string

	// Optional: treat site as SPA by serving /index.html for 403/404 (default false).
	SinglePageApp *bool

	// Optional: WAFv2 Web ACL ARN (global scope) to attach to the distribution.
	WebAclId *string

	// Optional: distribution tuning.
	EnableIpv6 *bool

	// Optional: cache path patterns that should receive long-lived "hashed asset" caching.
	HashedAssetPathPatterns *[]*string

	// Optional: tags applied to created resources.
	Tags *map[string]*string

	// Optional: bucket configuration.
	RemovalPolicy awscdk.RemovalPolicy

	// Optional: distribution tuning.
	PriceClass  awscloudfront.PriceClass
	HttpVersion awscloudfront.HttpVersion
}

StaticSiteProps defines properties for a CloudFront-backed static site.

type StreamProcessor added in v1.0.42 

type StreamProcessor struct {
	constructs.Construct

	// The Lambda function processing the stream
	Function *LiftFunction

	// The table with streams
	Table *StreamingTable

	// Dead letter queue (if enabled)
	DeadLetterQueue awssqs.IQueue

	// Event source mapping
	EventSource awslambdaeventsources.DynamoEventSource
}

StreamProcessor processes DynamoDB streams with Lambda

func NewStreamProcessor added in v1.0.42 

func NewStreamProcessor(scope constructs.Construct, id *string, props *StreamProcessorProps) *StreamProcessor

NewStreamProcessor creates a new stream processor construct

type StreamProcessorProps added in v1.0.42 

type StreamProcessorProps struct {
	// Pointers first (8 bytes each)
	StreamingTable          *StreamingTable
	DeadLetterQueueProps    *awssqs.QueueProps
	EventSourceProps        *awslambdaeventsources.DynamoEventSourceProps
	BatchSize               *float64
	RetryAttempts           *float64
	ParallelizationFactor   *float64
	EnableDeadLetterQueue   *bool
	BisectBatchOnError      *bool
	ReportBatchItemFailures *bool
	// Duration structs (16 bytes each)
	MaxBatchingWindow awscdk.Duration
	MaxRecordAge      awscdk.Duration
	TumblingWindow    awscdk.Duration
	// Large struct
	FunctionProps awslambda.FunctionProps
	// Medium types
	StartingPosition awslambda.StartingPosition
}

StreamProcessorProps defines properties for a stream processor Memory optimized: 792 → 784 bytes (8 bytes saved)

type StreamingTable 

type StreamingTable struct {
	*LiftTable
	// contains filtered or unexported fields
}

StreamingTable is a table with DynamoDB Streams enabled

func NewStreamingTable 

func NewStreamingTable(scope constructs.Construct, id *string, props *StreamingTableProps) *StreamingTable

NewStreamingTable creates a new DynamoDB table with streams The table uses standard pk/sk attributes - GSIs should be defined in DynamORM models

func (*StreamingTable) GetResourceName added in v1.0.42 

func (s *StreamingTable) GetResourceName() *string

GetResourceName returns the resource name for monitoring (implements MonitorableResource interface)

func (*StreamingTable) GetStreamArn 

func (s *StreamingTable) GetStreamArn() *string

GetStreamArn returns the DynamoDB stream ARN

func (*StreamingTable) GetTableArn added in v1.0.42 

func (s *StreamingTable) GetTableArn() *string

GetTableArn returns the table ARN

func (*StreamingTable) GetTableName added in v1.0.42 

func (s *StreamingTable) GetTableName() *string

GetTableName returns the table name

func (*StreamingTable) GrantStreamRead 

func (s *StreamingTable) GrantStreamRead(grantee awsiam.IGrantable) awsiam.Grant

GrantStreamRead grants stream read permissions

type StreamingTableProps 

type StreamingTableProps struct {
	// Pointers first (8 bytes each)
	TableName           *string
	TimeToLiveAttribute *string
	ReadCapacity        *float64
	WriteCapacity       *float64
	EnableAutoScaling   *bool
	// Enum last
	StreamViewType awsdynamodb.StreamViewType
}

StreamingTableProps defines properties for creating a streaming table Memory optimized: 56 → 48 bytes (8 bytes saved)

type VPCAuthorizer added in v1.0.67 

type VPCAuthorizer struct {
	CfnAuthorizer awsapigatewayv2.CfnAuthorizer
	// contains filtered or unexported fields
}

VPCAuthorizer is a wrapper for a CloudFormation API Gateway authorizer.

This struct references an existing Lambda authorizer function. The authorizer validates requests using the Authorization header and returns simple responses for HTTP API Gateway v2.

func NewVPCAuthorizer added in v1.0.67 

func NewVPCAuthorizer(scope constructs.Construct, id *string, props *VPCAuthorizerProps) *VPCAuthorizer

NewVPCAuthorizer creates a new VPC authorizer construct.

This function creates a Lambda authorizer that references an existing Lambda authorizer function. The caller must provide the full ARN of the authorizer function, the authorizer name, and the IAM role ARN.

The authorizer is configured with: - REQUEST authorizer type (validates entire request) - Simple response format (for HTTP API v2) - Authorization header as identity source - 5-minute cache TTL by default

Parameters:

  • scope: The CDK construct scope
  • id: The construct ID
  • props: Configuration properties including AuthorizerFunctionArn, AuthorizerName, and AuthorizerCredentialsArn

Returns:

  • A new VPCAuthorizer instance

type VPCAuthorizerProps added in v1.0.67 

type VPCAuthorizerProps struct {
	// AuthorizerFunctionArn is the full ARN of the authorizer Lambda function (required)
	// Example: "arn:aws:lambda:us-east-1:123456789:function:my-authorizer"
	AuthorizerFunctionArn *string

	// AuthorizerName is the name for the authorizer in API Gateway (required)
	// Example: "my-vpc-authorizer"
	AuthorizerName *string

	// AuthorizerCredentialsArn is the IAM role ARN that API Gateway uses to invoke the Lambda (required)
	// Example: "arn:aws:iam::123456789:role/my-authorizer-role"
	AuthorizerCredentialsArn *string

	// API ID to attach the authorizer to (required)
	ApiId *string

	// Identity source for the authorizer (default: "$request.header.Authorization")
	IdentitySource *[]*string

	// TTL for authorization cache in seconds (default: 300)
	ResultsCacheTtl *float64
}

VPCAuthorizerProps defines properties for creating a VPC authorizer.

This struct contains configuration for the VPC authorizer that references an existing Lambda authorizer function.

type VPCEndpointConfig added in v1.0.59 

type VPCEndpointConfig struct {
	EnableSecretsManager       *bool
	EnableCloudWatchLogs       *bool
	EnableXRay                 *bool
	EnableKMS                  *bool
	EnableCloudWatchMonitoring *bool
	PrivateDNSEnabled          *bool // Default true, set false to avoid conflicts in shared VPCs
}

VPCEndpointConfig defines which VPC endpoints to create

type WAFCustomRule 

type WAFCustomRule struct {
	Name        string
	Statement   string
	Action      string
	Description string
	Priority    float64
}

WAFCustomRule defines a custom WAF rule

type WAFRuleConfig 

type WAFRuleConfig struct {
	EnableRateLimit      *bool
	RateLimit            *float64
	EnableSQLiProtection *bool
	EnableXSSProtection  *bool
	EnableKnownBadInputs *bool
	CustomRules          *[]WAFCustomRule
	IPWhitelist          *[]*string
	IPBlacklist          *[]*string
	GeoBlocking          *[]string
}

WAFRuleConfig defines WAF rule configuration

type WebSocketAPI 

type WebSocketAPI struct {
	constructs.Construct

	// The WebSocket API
	WebSocketApi awsapigatewayv2.WebSocketApi

	// The stage
	Stage awsapigatewayv2.WebSocketStage

	// Connection management table (DynamORM-based)
	ConnectionTable *ConnectionTable

	// Routes map
	Routes map[string]awsapigatewayv2.WebSocketRoute

	// Access log group
	AccessLogGroup awslogs.ILogGroup
}

WebSocketAPI represents a WebSocket API Gateway with Lambda integration

func NewWebSocketAPI 

func NewWebSocketAPI(scope constructs.Construct, id *string, props *WebSocketAPIProps) *WebSocketAPI

NewWebSocketAPI creates a new WebSocket API construct using DynamORM

func (*WebSocketAPI) AddRoute 

func (w *WebSocketAPI) AddRoute(routeKey string, function awslambda.IFunction, config *WebSocketRouteConfig) awsapigatewayv2.WebSocketRoute

AddRoute adds a new route to the WebSocket API

func (*WebSocketAPI) GetConnectionTableName 

func (w *WebSocketAPI) GetConnectionTableName() *string

GetConnectionTableName returns the connection table name

func (*WebSocketAPI) GetWebSocketURL 

func (w *WebSocketAPI) GetWebSocketURL() *string

GetWebSocketURL returns the WebSocket URL

func (*WebSocketAPI) GrantApiInvoke 

func (w *WebSocketAPI) GrantApiInvoke(grantee awsiam.IGrantable) awsiam.Grant

GrantApiInvoke grants permission to invoke the WebSocket API

func (*WebSocketAPI) GrantConnectionManagement 

func (w *WebSocketAPI) GrantConnectionManagement(grantee awsiam.IGrantable) awsiam.Grant

GrantConnectionManagement grants permissions to manage WebSocket connections

type WebSocketAPIProps 

type WebSocketAPIProps struct {
	AccessLogGroup             awslogs.ILogGroup
	DefaultAuthorizer          awsapigatewayv2.IWebSocketRouteAuthorizer
	DefaultRouteFunction       awslambda.IFunction
	ConnectRouteFunction       awslambda.IFunction
	DisconnectRouteFunction    awslambda.IFunction
	StageName                  *string
	ThrottleBurstLimit         *float64
	ApiName                    *string
	Description                *string
	RouteSelectionExpression   *string
	EnableDeadLetterQueue      *bool
	ThrottleRateLimit          *float64
	ConnectionTableProps       *ConnectionTableProps
	EnableConnectionManagement *bool
	AutoDeploy                 *bool
	EnableAccessLogging        *bool
	EnableTracing              *bool
	EnableMultiTenant          *bool
	EnableMonitoring           *bool
	Routes                     []*WebSocketRouteConfig
}

WebSocketAPIProps defines properties for a WebSocket API Memory optimized: 216 → 200 bytes (16 bytes saved)

type WebSocketRouteConfig 

type WebSocketRouteConfig struct {
	// Route key (e.g., "$connect", "$disconnect", defaultRoute, "custom")
	RouteKey *string
	// Lambda function for this route
	Function awslambda.IFunction
	// Whether this route requires authorization
	RequireAuthorization *bool
	// Custom authorizer for this route
	Authorizer awsapigatewayv2.IWebSocketRouteAuthorizer
}

WebSocketRouteConfig defines configuration for WebSocket routes

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.