API Reference

Submodules

The following submodules are available:

Constructs

AssignOnLaunch

Enables the “assignIpv6AddressOnCreation” attribute on selected subnets.

{@link https://github.com/aws/aws-cdk/issues/5927}

Initializers 

import { AssignOnLaunch } from 'shady-island'

new AssignOnLaunch(scope: Construct, id: string, options: AssignOnLaunchProps)
Name Type Description
scope constructs.Construct - The construct scope.
id string - The construct ID.
options AssignOnLaunchProps - The constructor options.
scopeRequired

The construct scope.

idRequired

The construct ID.

optionsRequired

The constructor options.

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { AssignOnLaunch } from 'shady-island'

AssignOnLaunch.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
vpc aws-cdk-lib.aws_ec2.IVpc The IPv6-enabled VPC.
vpcPlacement aws-cdk-lib.aws_ec2.SelectedSubnets The chosen subnets for address assignment on ENI launch.
nodeRequired 
public readonly node: Node;

The tree node.

vpcRequired 
public readonly vpc: IVpc;

The IPv6-enabled VPC.

vpcPlacementRequired 
public readonly vpcPlacement: SelectedSubnets;

The chosen subnets for address assignment on ENI launch.

BaseDatabase

A database.

Initializers 

import { BaseDatabase } from 'shady-island'

new BaseDatabase(scope: IConstruct, id: string, props: BaseDatabaseProps)
Name Type Description
scope constructs.IConstruct - The Construct that contains this one.
id string - The identifier of this construct.
props BaseDatabaseProps - The configuration properties for this construct.
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

propsRequired

The configuration properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
addUserAsOwner Declares a new database user to be assigned ownership permissions.
addUserAsReader Declares a new database user to be assigned read-only permissions.
addUserAsUnprivileged Declares a new database user with no permissions.
toString 
public toString(): string

Returns a string representation of this construct.

addUserAsOwner 
public addUserAsOwner(secret: ISecret): void

Declares a new database user to be assigned ownership permissions.

secretRequired
addUserAsReader 
public addUserAsReader(secret: ISecret): void

Declares a new database user to be assigned read-only permissions.

secretRequired
addUserAsUnprivileged 
public addUserAsUnprivileged(secret: ISecret): void

Declares a new database user with no permissions.

secretRequired

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { BaseDatabase } from 'shady-island'

BaseDatabase.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
databaseName string The name of the database/catalog.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
trigger aws-cdk-lib.triggers.ITrigger The CDK Trigger that kicks off the process.
nodeRequired 
public readonly node: Node;

The tree node.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

triggerRequired 
public readonly trigger: ITrigger;

The CDK Trigger that kicks off the process.

You can further customize when the trigger fires using executeAfter.

CidrContext

Allocates IPv6 CIDRs and routes for subnets in a VPC.

{@link https://github.com/aws/aws-cdk/issues/5927}

Initializers 

import { CidrContext } from 'shady-island'

new CidrContext(scope: Construct, id: string, options: CidrContextProps)
Name Type Description
scope constructs.Construct - The construct scope.
id string - The construct ID.
options CidrContextProps - The constructor options.
scopeRequired

The construct scope.

idRequired

The construct ID.

optionsRequired

The constructor options.

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { CidrContext } from 'shady-island'

CidrContext.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
vpc aws-cdk-lib.aws_ec2.IVpc The IPv6-enabled VPC.
nodeRequired 
public readonly node: Node;

The tree node.

vpcRequired 
public readonly vpc: IVpc;

The IPv6-enabled VPC.

ContextLoadingStage

A Stage that can load context values from a JSON file.

Initializers 

import { ContextLoadingStage } from 'shady-island'

new ContextLoadingStage(scope: Construct, id: string, props: ContextLoadingStageProps)
Name Type Description
scope constructs.Construct - The scope in which to define this construct.
id string - The scoped construct ID.
props ContextLoadingStageProps - Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsRequired

Initialization properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
synth Synthesize this stage into a cloud assembly.
toString 
public toString(): string

Returns a string representation of this construct.

synth 
public synth(options?: StageSynthesisOptions): CloudAssembly

Synthesize this stage into a cloud assembly.

Once an assembly has been synthesized, it cannot be modified. Subsequent calls will return the same assembly.

optionsOptional

Static Functions

Name Description
isConstruct Checks if x is a construct.
isStage Test whether the given construct is a stage.
of Return the stage this construct is contained with, if available.
isConstruct 
import { ContextLoadingStage } from 'shady-island'

ContextLoadingStage.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

isStage 
import { ContextLoadingStage } from 'shady-island'

ContextLoadingStage.isStage(x: any)

Test whether the given construct is a stage.

xRequired
of 
import { ContextLoadingStage } from 'shady-island'

ContextLoadingStage.of(construct: IConstruct)

Return the stage this construct is contained with, if available.

If called on a nested stage, returns its parent.

constructRequired

Properties

Name Type Description
node constructs.Node The tree node.
artifactId string Artifact ID of the assembly if it is a nested stage. The root stage (app) will return an empty string.
assetOutdir string The cloud assembly asset output directory.
outdir string The cloud assembly output directory.
policyValidationBeta1 aws-cdk-lib.IPolicyValidationPluginBeta1[] Validation plugins to run during synthesis.
stageName string The name of the stage.
account string The default account for all resources defined within this stage.
parentStage aws-cdk-lib.Stage The parent stage or undefined if this is the app.
region string The default region for all resources defined within this stage.
nodeRequired 
public readonly node: Node;

The tree node.

artifactIdRequired 
public readonly artifactId: string;

Artifact ID of the assembly if it is a nested stage. The root stage (app) will return an empty string.

Derived from the construct path.

assetOutdirRequired 
public readonly assetOutdir: string;

The cloud assembly asset output directory.

outdirRequired 
public readonly outdir: string;

The cloud assembly output directory.

policyValidationBeta1Required 
public readonly policyValidationBeta1: IPolicyValidationPluginBeta1[];

Validation plugins to run during synthesis.

If any plugin reports any violation, synthesis will be interrupted and the report displayed to the user.

stageNameRequired 
public readonly stageName: string;

The name of the stage.

Based on names of the parent stages separated by hypens.

accountOptional 
public readonly account: string;

The default account for all resources defined within this stage.

parentStageOptional 
public readonly parentStage: Stage;

The parent stage or undefined if this is the app.

*

regionOptional 
public readonly region: string;

The default region for all resources defined within this stage.

DeploymentTierStage

A Stage whose stacks are part of a single deployment tier.

Initializers 

import { DeploymentTierStage } from 'shady-island'

new DeploymentTierStage(scope: Construct, id: string, props: DeploymentTierStageProps)
Name Type Description
scope constructs.Construct - The scope in which to define this construct.
id string - The scoped construct ID.
props DeploymentTierStageProps - Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsRequired

Initialization properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
synth Synthesize this stage into a cloud assembly.
toString 
public toString(): string

Returns a string representation of this construct.

synth 
public synth(options?: StageSynthesisOptions): CloudAssembly

Synthesize this stage into a cloud assembly.

Once an assembly has been synthesized, it cannot be modified. Subsequent calls will return the same assembly.

optionsOptional

Static Functions

Name Description
isConstruct Checks if x is a construct.
isStage Test whether the given construct is a stage.
of Return the stage this construct is contained with, if available.
isConstruct 
import { DeploymentTierStage } from 'shady-island'

DeploymentTierStage.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

isStage 
import { DeploymentTierStage } from 'shady-island'

DeploymentTierStage.isStage(x: any)

Test whether the given construct is a stage.

xRequired
of 
import { DeploymentTierStage } from 'shady-island'

DeploymentTierStage.of(construct: IConstruct)

Return the stage this construct is contained with, if available.

If called on a nested stage, returns its parent.

constructRequired

Properties

Name Type Description
node constructs.Node The tree node.
artifactId string Artifact ID of the assembly if it is a nested stage. The root stage (app) will return an empty string.
assetOutdir string The cloud assembly asset output directory.
outdir string The cloud assembly output directory.
policyValidationBeta1 aws-cdk-lib.IPolicyValidationPluginBeta1[] Validation plugins to run during synthesis.
stageName string The name of the stage.
account string The default account for all resources defined within this stage.
parentStage aws-cdk-lib.Stage The parent stage or undefined if this is the app.
region string The default region for all resources defined within this stage.
inProduction boolean Whether this stage is considered a production deployment.
tier Tier No description.
nodeRequired 
public readonly node: Node;

The tree node.

artifactIdRequired 
public readonly artifactId: string;

Artifact ID of the assembly if it is a nested stage. The root stage (app) will return an empty string.

Derived from the construct path.

assetOutdirRequired 
public readonly assetOutdir: string;

The cloud assembly asset output directory.

outdirRequired 
public readonly outdir: string;

The cloud assembly output directory.

policyValidationBeta1Required 
public readonly policyValidationBeta1: IPolicyValidationPluginBeta1[];

Validation plugins to run during synthesis.

If any plugin reports any violation, synthesis will be interrupted and the report displayed to the user.

stageNameRequired 
public readonly stageName: string;

The name of the stage.

Based on names of the parent stages separated by hypens.

accountOptional 
public readonly account: string;

The default account for all resources defined within this stage.

parentStageOptional 
public readonly parentStage: Stage;

The parent stage or undefined if this is the app.

*

regionOptional 
public readonly region: string;

The default region for all resources defined within this stage.

inProductionRequired 
public readonly inProduction: boolean;

Whether this stage is considered a production deployment.

tierRequired 
public readonly tier: Tier;

EncryptedFileSystem

An EncryptedFileSystem.

Initializers 

import { EncryptedFileSystem } from 'shady-island'

new EncryptedFileSystem(scope: IConstruct, id: string, props: EncryptedFileSystemProps)
Name Type Description
scope constructs.IConstruct - The Construct that contains this one.
id string - The identifier of this construct.
props EncryptedFileSystemProps - The configuration properties for this construct.
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

propsRequired

The configuration properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { EncryptedFileSystem } from 'shady-island'

EncryptedFileSystem.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
fileSystem aws-cdk-lib.aws_efs.IFileSystem The EFS file system.
key aws-cdk-lib.aws_kms.IKey The KMS encryption key.
nodeRequired 
public readonly node: Node;

The tree node.

fileSystemRequired 
public readonly fileSystem: IFileSystem;

The EFS file system.

keyRequired 
public readonly key: IKey;

The KMS encryption key.

EncryptedLogGroup

A log group encrypted by a KMS customer managed key.

Initializers 

import { EncryptedLogGroup } from 'shady-island'

new EncryptedLogGroup(scope: Construct, id: string, props: EncryptedLogGroupProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props EncryptedLogGroupProps No description.
scopeRequired
idRequired
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { EncryptedLogGroup } from 'shady-island'

EncryptedLogGroup.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
key aws-cdk-lib.aws_kms.IKey The KMS encryption key.
logGroup aws-cdk-lib.aws_logs.ILogGroup The log group.
nodeRequired 
public readonly node: Node;

The tree node.

keyRequired 
public readonly key: IKey;

The KMS encryption key.

logGroupRequired 
public readonly logGroup: ILogGroup;

The log group.

FargateTask

An ECS Fargate Task.

If vpcSubnets is blank but assignPublicIp is set, the task will launch in Public subnets, otherwise the first available one of Private, Isolated, Public, in that order.

Initializers 

import { FargateTask } from 'shady-island'

new FargateTask(scope: Construct, id: string, props: FargateTaskProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props FargateTaskProps No description.
scopeRequired
idRequired
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
createRuleTarget Create a new EventBridge Rule Target that launches this ECS task.
createStateMachineTask Create a new Step Functions task that launches this ECS task.
grantRun Grants permission to invoke ecs:RunTask on this task’s cluster.
toString 
public toString(): string

Returns a string representation of this construct.

createRuleTarget 
public createRuleTarget(props: EventTargetProps): EcsTask

Create a new EventBridge Rule Target that launches this ECS task.

propsRequired
createStateMachineTask 
public createStateMachineTask(id: string, props: StateMachineTaskProps): EcsRunTask

Create a new Step Functions task that launches this ECS task.

idRequired
propsRequired
grantRun 
public grantRun(grantee: IGrantable): Grant

Grants permission to invoke ecs:RunTask on this task’s cluster.

granteeRequired

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { FargateTask } from 'shady-island'

FargateTask.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
awsVpcNetworkConfig FargateAwsVpcConfiguration Get the networkConfiguration.awsvpcConfiguration property to run this task.
cluster aws-cdk-lib.aws_ecs.ICluster The name of the cluster that hosts the service.
connections aws-cdk-lib.aws_ec2.Connections The network connections associated with this resource.
taskDefinition aws-cdk-lib.aws_ecs.FargateTaskDefinition The task definition that can be launched.
nodeRequired 
public readonly node: Node;

The tree node.

awsVpcNetworkConfigRequired 
public readonly awsVpcNetworkConfig: FargateAwsVpcConfiguration;

Get the networkConfiguration.awsvpcConfiguration property to run this task.

clusterRequired 
public readonly cluster: ICluster;

The name of the cluster that hosts the service.

connectionsRequired 
public readonly connections: Connections;

The network connections associated with this resource.

taskDefinitionRequired 
public readonly taskDefinition: FargateTaskDefinition;

The task definition that can be launched.

MysqlDatabase

A MySQL database.

Initializers 

import { MysqlDatabase } from 'shady-island'

new MysqlDatabase(scope: IConstruct, id: string, props: MysqlDatabaseProps)
Name Type Description
scope constructs.IConstruct - The Construct that contains this one.
id string - The identifier of this construct.
props MysqlDatabaseProps - The configuration properties for this construct.
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

propsRequired

The configuration properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
addUserAsOwner Declares a new database user to be assigned ownership permissions.
addUserAsReader Declares a new database user to be assigned read-only permissions.
addUserAsUnprivileged Declares a new database user with no permissions.
toString 
public toString(): string

Returns a string representation of this construct.

addUserAsOwner 
public addUserAsOwner(secret: ISecret): void

Declares a new database user to be assigned ownership permissions.

secretRequired
addUserAsReader 
public addUserAsReader(secret: ISecret): void

Declares a new database user to be assigned read-only permissions.

secretRequired
addUserAsUnprivileged 
public addUserAsUnprivileged(secret: ISecret): void

Declares a new database user with no permissions.

secretRequired

Static Functions

Name Description
isConstruct Checks if x is a construct.
forCluster Create a new MysqlDatabase inside a DatabaseCluster.
forClusterFromSnapshot Create a new MysqlDatabase inside a DatabaseClusterFromSnapshot.
forInstance Create a new MysqlDatabase inside a DatabaseInstance.
forInstanceFromSnapshot Create a new MysqlDatabase inside a DatabaseInstanceFromSnapshot.
forServerlessCluster Create a new MysqlDatabase inside a DatabaseCluster.
forServerlessClusterFromSnapshot Create a new MysqlDatabase inside a DatabaseClusterFromSnapshot.
isConstruct 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

forCluster 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forCluster(scope: Construct, id: string, cluster: DatabaseCluster, options: MysqlDatabaseForClusterOptions)

Create a new MysqlDatabase inside a DatabaseCluster.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forClusterFromSnapshot 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forClusterFromSnapshot(scope: Construct, id: string, cluster: DatabaseClusterFromSnapshot, options: MysqlDatabaseForClusterOptions)

Create a new MysqlDatabase inside a DatabaseClusterFromSnapshot.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forInstance 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forInstance(scope: Construct, id: string, instance: DatabaseInstance, options: MysqlDatabaseForClusterOptions)

Create a new MysqlDatabase inside a DatabaseInstance.

This method automatically adds the instance to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

instanceRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forInstanceFromSnapshot 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forInstanceFromSnapshot(scope: Construct, id: string, instance: DatabaseInstanceFromSnapshot, options: MysqlDatabaseForClusterOptions)

Create a new MysqlDatabase inside a DatabaseInstanceFromSnapshot.

This method automatically adds the instance to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

instanceRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forServerlessCluster 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forServerlessCluster(scope: Construct, id: string, cluster: ServerlessCluster, options: MysqlDatabaseForServerlessClusterOptions)

Create a new MysqlDatabase inside a DatabaseCluster.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forServerlessClusterFromSnapshot 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forServerlessClusterFromSnapshot(scope: Construct, id: string, cluster: ServerlessClusterFromSnapshot, options: MysqlDatabaseForServerlessClusterOptions)

Create a new MysqlDatabase inside a DatabaseClusterFromSnapshot.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

Properties

Name Type Description
node constructs.Node The tree node.
databaseName string The name of the database/catalog.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
trigger aws-cdk-lib.triggers.ITrigger The CDK Trigger that kicks off the process.
nodeRequired 
public readonly node: Node;

The tree node.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

triggerRequired 
public readonly trigger: ITrigger;

The CDK Trigger that kicks off the process.

You can further customize when the trigger fires using executeAfter.

PostgresqlDatabase

A PostgreSQL database.

Initializers 

import { PostgresqlDatabase } from 'shady-island'

new PostgresqlDatabase(scope: IConstruct, id: string, props: PostgresqlDatabaseProps)
Name Type Description
scope constructs.IConstruct - The Construct that contains this one.
id string - The identifier of this construct.
props PostgresqlDatabaseProps - The configuration properties for this construct.
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

propsRequired

The configuration properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
addUserAsOwner Declares a new database user to be assigned ownership permissions.
addUserAsReader Declares a new database user to be assigned read-only permissions.
addUserAsUnprivileged Declares a new database user with no permissions.
toString 
public toString(): string

Returns a string representation of this construct.

addUserAsOwner 
public addUserAsOwner(secret: ISecret): void

Declares a new database user to be assigned ownership permissions.

secretRequired
addUserAsReader 
public addUserAsReader(secret: ISecret): void

Declares a new database user to be assigned read-only permissions.

secretRequired
addUserAsUnprivileged 
public addUserAsUnprivileged(secret: ISecret): void

Declares a new database user with no permissions.

secretRequired

Static Functions

Name Description
isConstruct Checks if x is a construct.
forCluster Create a new PostgresqlDatabase inside a DatabaseCluster.
forClusterFromSnapshot Create a new PostgresqlDatabase inside a DatabaseClusterFromSnapshot.
forInstance Create a new PostgresqlDatabase inside a DatabaseInstance.
forInstanceFromSnapshot Create a new PostgresqlDatabase inside a DatabaseInstanceFromSnapshot.
forServerlessCluster Create a new PostgresqlDatabase inside a DatabaseCluster.
forServerlessClusterFromSnapshot Create a new PostgresqlDatabase inside a DatabaseClusterFromSnapshot.
isConstruct 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

forCluster 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forCluster(scope: Construct, id: string, cluster: DatabaseCluster, options: PostgresqlDatabaseForClusterOptions)

Create a new PostgresqlDatabase inside a DatabaseCluster.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forClusterFromSnapshot 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forClusterFromSnapshot(scope: Construct, id: string, cluster: DatabaseClusterFromSnapshot, options: PostgresqlDatabaseForClusterOptions)

Create a new PostgresqlDatabase inside a DatabaseClusterFromSnapshot.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forInstance 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forInstance(scope: Construct, id: string, instance: DatabaseInstance, options: PostgresqlDatabaseForClusterOptions)

Create a new PostgresqlDatabase inside a DatabaseInstance.

This method automatically adds the instance to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

instanceRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forInstanceFromSnapshot 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forInstanceFromSnapshot(scope: Construct, id: string, instance: DatabaseInstanceFromSnapshot, options: PostgresqlDatabaseForClusterOptions)

Create a new PostgresqlDatabase inside a DatabaseInstanceFromSnapshot.

This method automatically adds the instance to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

instanceRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forServerlessCluster 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forServerlessCluster(scope: Construct, id: string, cluster: ServerlessCluster, options: PostgresqlDatabaseForServerlessClusterOptions)

Create a new PostgresqlDatabase inside a DatabaseCluster.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forServerlessClusterFromSnapshot 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forServerlessClusterFromSnapshot(scope: Construct, id: string, cluster: ServerlessClusterFromSnapshot, options: PostgresqlDatabaseForServerlessClusterOptions)

Create a new PostgresqlDatabase inside a DatabaseClusterFromSnapshot.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

Properties

Name Type Description
node constructs.Node The tree node.
databaseName string The name of the database/catalog.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
trigger aws-cdk-lib.triggers.ITrigger The CDK Trigger that kicks off the process.
nodeRequired 
public readonly node: Node;

The tree node.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

triggerRequired 
public readonly trigger: ITrigger;

The CDK Trigger that kicks off the process.

You can further customize when the trigger fires using executeAfter.

RunnableFargateTask

An RunnableFargateTask construct.

Initializers 

import { RunnableFargateTask } from 'shady-island'

new RunnableFargateTask(scope: Construct, id: string, props: RunnableFargateTaskProps)
Name Type Description
scope constructs.Construct - The scope in which to define this construct.
id string - The scoped construct ID.
props RunnableFargateTaskProps - Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsRequired

Initialization properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { RunnableFargateTask } from 'shady-island'

RunnableFargateTask.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
task IFargateTask The FargateTask in this construct.
taskDefinition aws-cdk-lib.aws_ecs.FargateTaskDefinition The FargateTaskDefinition in this construct.
nodeRequired 
public readonly node: Node;

The tree node.

taskRequired 
public readonly task: IFargateTask;

The FargateTask in this construct.

taskDefinitionRequired 
public readonly taskDefinition: FargateTaskDefinition;

The FargateTaskDefinition in this construct.

Workload

A collection of Stacks in an Environment representing a deployment Tier.

Consider deriving a subclass of Workload and creating your Stack objects within its constructor.

The difference between this class and a Stage is that a Stage is meant to be deployed with CDK Pipelines. This class can be used with cdk deploy. This class also provides context loading capabilities.

It is an anti-pattern to provide a Workload instance as the parent scope to the aws-cdk-lib.Stack constructor. You should either use the createStack() method, create your own sub-class of Stack and provide a Workload instance as the parent scope, or use the import() method to essentially import a Stack and its constructs into a Workload without changing its scope.

Initializers 

import { Workload } from 'shady-island'

new Workload(scope: Construct, id: string, props: WorkloadProps)
Name Type Description
scope constructs.Construct - The construct scope.
id string - The construct ID.
props WorkloadProps - The constructor options.
scopeRequired

The construct scope.

idRequired

The construct ID.

propsRequired

The constructor options.

Methods

Name Description
toString Returns a string representation of this construct.
createStack Adds a stack to the Workload.
import Forces a return value for Workload.of for one or more Stack objects.
toString 
public toString(): string

Returns a string representation of this construct.

createStack 
public createStack(id: string, props?: StackProps): Stack

Adds a stack to the Workload.

This method will return a Stack with this Workload as its scope. By default, the stackName property provided to the Stack will be this Workload’s workloadName, its tier, and the value of the id parameter separated by hyphens, all in lowercase.

Example

const exampleDev = new Workload(app, 'Example', {
  tier: Tier.DEVELOPMENT,
  env: { account: '123456789012', region: 'us-east-1' },
});
const networkStack = exampleDev.createStack('Network', {});
assert.strictEqual(networkStack.stackName, 'example-dev-network').

You can override the `env` and `stackName` properties in the `props`
argument if desired.

The stack will have a `DeploymentTier` tag added, set to the tier label.
idRequired

The Stack construct id (e.g. “Network”).

propsOptional

The new Stack properties.

import 
public import(stacks: ...Stack[]): void

Forces a return value for Workload.of for one or more Stack objects.

Normally, a construct must be within the scope of the Workload instance, such as a construct that is a descendant of a Stack returned from createStack().

That means that any Stack instances you created in your CDK application before installing the shady-island library would not be able to be part of a Workload unless you changed the scope argument of the Stack constructor from the App or Stage to the desired Workload instance. However, that’s bad news for a Stack that has already been deployed to CloudFormation because the resource identifier of persistent child constructs (e.g. RDS databases, S3 buckets) would change.

A successful call to this method will register the provided Stack objects and all their construct descendants as members of that Workload instance. Calling Workload.of() with any of the provided Stack objects or their descendant constructs will return that Workload instance.

If any of the Stack objects provided to this method already belong to a different Workload object, or whose parent scope is not identical to the parent scope of this Workload (i.e. the Stage or the App), an error will be thrown.

stacksRequired

The Stack instances to import to this Workload.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isWorkload Test whether the given construct is a Workload.
of Return the Workload the construct is contained within, fails if there is no workload up the tree.
isConstruct 
import { Workload } from 'shady-island'

Workload.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

isWorkload 
import { Workload } from 'shady-island'

Workload.isWorkload(x: any)

Test whether the given construct is a Workload.

xRequired

The value to test.

of 
import { Workload } from 'shady-island'

Workload.of(construct: IConstruct)

Return the Workload the construct is contained within, fails if there is no workload up the tree.

constructRequired

The construct whose parent nodes will be searched.

Properties

Name Type Description
node constructs.Node The tree node.
stacks aws-cdk-lib.Stack[] No description.
tier Tier The deployment tier.
workloadName string The prefix used in the default stackName provided to child Stacks.
account string The default account for all resources defined within this workload.
publicDomainName string The domain name to use for resources that expose public endpoints.
region string The default region for all resources defined within this workload.
nodeRequired 
public readonly node: Node;

The tree node.

stacksRequired 
public readonly stacks: Stack[];
tierRequired 
public readonly tier: Tier;

The deployment tier.

workloadNameRequired 
public readonly workloadName: string;

The prefix used in the default stackName provided to child Stacks.

accountOptional 
public readonly account: string;

The default account for all resources defined within this workload.

publicDomainNameOptional 
public readonly publicDomainName: string;

The domain name to use for resources that expose public endpoints.

You can use Workload.of(this).publicDomainName as the zoneName of a Route 53 hosted zone.

Any construct that creates public DNS resources (e.g. those of API Gateway, Application Load Balancing, CloudFront) can use this property to format a FQDN for itself by adding a subdomain.

Example

const app = new App();
const workload = new Workload(app, "Foobar", {
  tier: Tier.PRODUCTION,
  baseDomainName: 'example.com'
});
assert.strictEqual(workload.publicDomainName, 'prod.foobar.example.com');
const stack = workload.createStack("DNS");
const hostedZone = new HostedZone(stack, "HostedZone", {
  zoneName: `${workload.publicDomainName}`
});
const api = new RestApi(stack, "API", {
  restApiName: "foobar",
  domainName: { domainName: `api.${workload.publicDomainName}` },
});
regionOptional 
public readonly region: string;

The default region for all resources defined within this workload.

Structs

AssignOnLaunchProps

Properties for creating a new {@link AssignOnLaunch}.

Initializer 

import { AssignOnLaunchProps } from 'shady-island'

const assignOnLaunchProps: AssignOnLaunchProps = { ... }

Properties

Name Type Description
vpc aws-cdk-lib.aws_ec2.IVpc The VPC whose subnets will be configured.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection Which subnets to assign IPv6 addresses upon ENI creation.
vpcRequired 
public readonly vpc: IVpc;

The VPC whose subnets will be configured.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

Which subnets to assign IPv6 addresses upon ENI creation.

BaseDatabaseOptions

These options cannot be determined from existing Database constructs.

Initializer 

import { BaseDatabaseOptions } from 'shady-island'

const baseDatabaseOptions: BaseDatabaseOptions = { ... }

Properties

Name Type Description
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

BaseDatabaseProps

The properties for a database.

Initializer 

import { BaseDatabaseProps } from 'shady-island'

const baseDatabaseProps: BaseDatabaseProps = { ... }

Properties

Name Type Description
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
target aws-cdk-lib.aws_ec2.IConnectable The target service or database.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretRequired 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

targetRequired 
public readonly target: IConnectable;

The target service or database.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

BaseFargateTaskProps

Common parameters for Fargate Tasks.

Initializer 

import { BaseFargateTaskProps } from 'shady-island'

const baseFargateTaskProps: BaseFargateTaskProps = { ... }

Properties

Name Type Description
assignPublicIp boolean Specifies whether the task’s elastic network interface receives a public IP address.
securityGroups aws-cdk-lib.aws_ec2.ISecurityGroup[] Existing security groups to use for your task.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The subnets to associate with the task.
assignPublicIpOptional 
public readonly assignPublicIp: boolean;

Specifies whether the task’s elastic network interface receives a public IP address.

If true, the task will receive a public IP address.

securityGroupsOptional 
public readonly securityGroups: ISecurityGroup[];

Existing security groups to use for your task.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The subnets to associate with the task.

CidrContextProps

Properties for creating a new {@link CidrContext}.

Initializer 

import { CidrContextProps } from 'shady-island'

const cidrContextProps: CidrContextProps = { ... }

Properties

Name Type Description
vpc aws-cdk-lib.aws_ec2.IVpc The VPC whose subnets will be configured.
addressPool string The ID of a BYOIP IPv6 address pool from which to allocate the CIDR block.
assignAddressOnLaunch boolean Whether this VPC should auto-assign an IPv6 address to launched ENIs.
cidrBlock string An IPv6 CIDR block from the IPv6 address pool to use for this VPC.
cidrCount number Split the CIDRs into this many groups (by default one for each subnet).
vpcRequired 
public readonly vpc: IVpc;

The VPC whose subnets will be configured.

addressPoolOptional 
public readonly addressPool: string;

The ID of a BYOIP IPv6 address pool from which to allocate the CIDR block.

If this parameter is not specified or is undefined, the CIDR block will be provided by AWS.

assignAddressOnLaunchOptional 
public readonly assignAddressOnLaunch: boolean;

Whether this VPC should auto-assign an IPv6 address to launched ENIs.

True by default.

cidrBlockOptional 
public readonly cidrBlock: string;

An IPv6 CIDR block from the IPv6 address pool to use for this VPC.

The {@link EnableIpv6Props#addressPool } attribute is required if this parameter is specified.

cidrCountOptional 
public readonly cidrCount: number;

Split the CIDRs into this many groups (by default one for each subnet).

ContextLoadingStageProps

Constructor properties for ContextLoadingStage.

Initializer 

import { ContextLoadingStageProps } from 'shady-island'

const contextLoadingStageProps: ContextLoadingStageProps = { ... }

Properties

Name Type Description
env aws-cdk-lib.Environment Default AWS environment (account/region) for Stacks in this Stage.
outdir string The output directory into which to emit synthesized artifacts.
permissionsBoundary aws-cdk-lib.PermissionsBoundary Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.
policyValidationBeta1 aws-cdk-lib.IPolicyValidationPluginBeta1[] Validation plugins to run during synthesis.
stageName string Name of this stage.
contextFile string The filesystem path to a JSON file that contains context values to load.
envOptional 
public readonly env: Environment;

Default AWS environment (account/region) for Stacks in this Stage.

Stacks defined inside this Stage with either region or account missing from its env will use the corresponding field given here.

If either region or accountis is not configured for Stack (either on the Stack itself or on the containing Stage), the Stack will be environment-agnostic.

Environment-agnostic stacks can be deployed to any environment, may not be able to take advantage of all features of the CDK. For example, they will not be able to use environmental context lookups, will not automatically translate Service Principals to the right format based on the environment’s AWS partition, and other such enhancements.

Example

// Use a concrete account and region to deploy this Stage to
new Stage(app, 'Stage1', {
  env: { account: '123456789012', region: 'us-east-1' },
});

// Use the CLI's current credentials to determine the target environment
new Stage(app, 'Stage2', {
  env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
});
outdirOptional 
public readonly outdir: string;

The output directory into which to emit synthesized artifacts.

Can only be specified if this stage is the root stage (the app). If this is specified and this stage is nested within another stage, an error will be thrown.

permissionsBoundaryOptional 
public readonly permissionsBoundary: PermissionsBoundary;

Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.

policyValidationBeta1Optional 
public readonly policyValidationBeta1: IPolicyValidationPluginBeta1[];

Validation plugins to run during synthesis.

If any plugin reports any violation, synthesis will be interrupted and the report displayed to the user.

stageNameOptional 
public readonly stageName: string;

Name of this stage.

contextFileOptional 
public readonly contextFile: string;

The filesystem path to a JSON file that contains context values to load.

Using this property allows you to load different context values within each Stage, directly from a file you can check into source control.

DeploymentTierStageProps

Constructor properties for DeploymentTierStage.

Initializer 

import { DeploymentTierStageProps } from 'shady-island'

const deploymentTierStageProps: DeploymentTierStageProps = { ... }

Properties

Name Type Description
env aws-cdk-lib.Environment Default AWS environment (account/region) for Stacks in this Stage.
outdir string The output directory into which to emit synthesized artifacts.
permissionsBoundary aws-cdk-lib.PermissionsBoundary Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.
policyValidationBeta1 aws-cdk-lib.IPolicyValidationPluginBeta1[] Validation plugins to run during synthesis.
stageName string Name of this stage.
contextFile string The filesystem path to a JSON file that contains context values to load.
tier Tier The deployment tier.
addTag boolean Whether a DeploymentTier tag is added to nested constructs.
envOptional 
public readonly env: Environment;

Default AWS environment (account/region) for Stacks in this Stage.

Stacks defined inside this Stage with either region or account missing from its env will use the corresponding field given here.

If either region or accountis is not configured for Stack (either on the Stack itself or on the containing Stage), the Stack will be environment-agnostic.

Environment-agnostic stacks can be deployed to any environment, may not be able to take advantage of all features of the CDK. For example, they will not be able to use environmental context lookups, will not automatically translate Service Principals to the right format based on the environment’s AWS partition, and other such enhancements.

Example

// Use a concrete account and region to deploy this Stage to
new Stage(app, 'Stage1', {
  env: { account: '123456789012', region: 'us-east-1' },
});

// Use the CLI's current credentials to determine the target environment
new Stage(app, 'Stage2', {
  env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
});
outdirOptional 
public readonly outdir: string;

The output directory into which to emit synthesized artifacts.

Can only be specified if this stage is the root stage (the app). If this is specified and this stage is nested within another stage, an error will be thrown.

permissionsBoundaryOptional 
public readonly permissionsBoundary: PermissionsBoundary;

Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.

policyValidationBeta1Optional 
public readonly policyValidationBeta1: IPolicyValidationPluginBeta1[];

Validation plugins to run during synthesis.

If any plugin reports any violation, synthesis will be interrupted and the report displayed to the user.

stageNameOptional 
public readonly stageName: string;

Name of this stage.

contextFileOptional 
public readonly contextFile: string;

The filesystem path to a JSON file that contains context values to load.

Using this property allows you to load different context values within each Stage, directly from a file you can check into source control.

tierRequired 
public readonly tier: Tier;

The deployment tier.

addTagOptional 
public readonly addTag: boolean;

Whether a DeploymentTier tag is added to nested constructs.

EncryptedFileSystemProps

Constructor parameters for EncryptedFileSystem.

The encrypted argument is ignored.

Initializer 

import { EncryptedFileSystemProps } from 'shady-island'

const encryptedFileSystemProps: EncryptedFileSystemProps = { ... }

Properties

Name Type Description
vpc aws-cdk-lib.aws_ec2.IVpc VPC to launch the file system in.
allowAnonymousAccess boolean Allow access from anonymous client that doesn’t use IAM authentication.
enableAutomaticBackups boolean Whether to enable automatic backups for the file system.
encrypted boolean Defines if the data at rest in the file system is encrypted or not.
fileSystemName string The file system’s name.
fileSystemPolicy aws-cdk-lib.aws_iam.PolicyDocument File system policy is an IAM resource policy used to control NFS access to an EFS file system.
kmsKey aws-cdk-lib.aws_kms.IKey The KMS key used for encryption.
lifecyclePolicy aws-cdk-lib.aws_efs.LifecyclePolicy A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class.
oneZone boolean Whether this is a One Zone file system.
outOfInfrequentAccessPolicy aws-cdk-lib.aws_efs.OutOfInfrequentAccessPolicy A policy used by EFS lifecycle management to transition files from Infrequent Access (IA) storage class to primary storage class.
performanceMode aws-cdk-lib.aws_efs.PerformanceMode The performance mode that the file system will operate under.
provisionedThroughputPerSecond aws-cdk-lib.Size Provisioned throughput for the file system.
removalPolicy aws-cdk-lib.RemovalPolicy The removal policy to apply to the file system.
replicationOverwriteProtection aws-cdk-lib.aws_efs.ReplicationOverwriteProtection Whether to enable the filesystem’s replication overwrite protection or not.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup Security Group to assign to this file system.
throughputMode aws-cdk-lib.aws_efs.ThroughputMode Enum to mention the throughput mode of the file system.
transitionToArchivePolicy aws-cdk-lib.aws_efs.LifecyclePolicy The number of days after files were last accessed in primary storage (the Standard storage class) at which to move them to Archive storage.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection Which subnets to place the mount target in the VPC.
vpcRequired 
public readonly vpc: IVpc;

VPC to launch the file system in.

allowAnonymousAccessOptional 
public readonly allowAnonymousAccess: boolean;

Allow access from anonymous client that doesn’t use IAM authentication.

enableAutomaticBackupsOptional 
public readonly enableAutomaticBackups: boolean;

Whether to enable automatic backups for the file system.

encryptedOptional 
public readonly encrypted: boolean;

Defines if the data at rest in the file system is encrypted or not.

https://docs.aws.amazon.com/cdk/latest/guide/featureflags.html

fileSystemNameOptional 
public readonly fileSystemName: string;

The file system’s name.

fileSystemPolicyOptional 
public readonly fileSystemPolicy: PolicyDocument;

File system policy is an IAM resource policy used to control NFS access to an EFS file system.

kmsKeyOptional 
public readonly kmsKey: IKey;

The KMS key used for encryption.

This is required to encrypt the data at rest if

lifecyclePolicyOptional 
public readonly lifecyclePolicy: LifecyclePolicy;

A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class.

oneZoneOptional 
public readonly oneZone: boolean;

Whether this is a One Zone file system.

If enabled, performanceMode must be set to GENERAL_PURPOSE and vpcSubnets cannot be set.

https://docs.aws.amazon.com/efs/latest/ug/availability-durability.html#file-system-type

outOfInfrequentAccessPolicyOptional 
public readonly outOfInfrequentAccessPolicy: OutOfInfrequentAccessPolicy;

A policy used by EFS lifecycle management to transition files from Infrequent Access (IA) storage class to primary storage class.

performanceModeOptional 
public readonly performanceMode: PerformanceMode;

The performance mode that the file system will operate under.

An Amazon EFS file system’s performance mode can’t be changed after the file system has been created. Updating this property will replace the file system.

provisionedThroughputPerSecondOptional 
public readonly provisionedThroughputPerSecond: Size;

Provisioned throughput for the file system.

This is a required property if the throughput mode is set to PROVISIONED. Must be at least 1MiB/s.

removalPolicyOptional 
public readonly removalPolicy: RemovalPolicy;

The removal policy to apply to the file system.

replicationOverwriteProtectionOptional 
public readonly replicationOverwriteProtection: ReplicationOverwriteProtection;

Whether to enable the filesystem’s replication overwrite protection or not.

Set false if you want to create a read-only filesystem for use as a replication destination.

https://docs.aws.amazon.com/efs/latest/ug/replication-use-cases.html#replicate-existing-destination

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

Security Group to assign to this file system.

throughputModeOptional 
public readonly throughputMode: ThroughputMode;

Enum to mention the throughput mode of the file system.

transitionToArchivePolicyOptional 
public readonly transitionToArchivePolicy: LifecyclePolicy;

The number of days after files were last accessed in primary storage (the Standard storage class) at which to move them to Archive storage.

Metadata operations such as listing the contents of a directory don’t count as file access events.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

Which subnets to place the mount target in the VPC.

EncryptedLogGroupProps

Constructor properties for EncryptedLogGroup.

Initializer 

import { EncryptedLogGroupProps } from 'shady-island'

const encryptedLogGroupProps: EncryptedLogGroupProps = { ... }

Properties

Name Type Description
logGroupName string Name of the log group.
encryptionKey aws-cdk-lib.aws_kms.IKey The KMS Key to encrypt the log group with.
removalPolicy aws-cdk-lib.RemovalPolicy Whether the key and group should be retained when they are removed from the Stack.
retention aws-cdk-lib.aws_logs.RetentionDays How long, in days, the log contents will be retained.
logGroupNameRequired 
public readonly logGroupName: string;

Name of the log group.

We need a log group name ahead of time because otherwise the key policy would create a cyclical dependency.

encryptionKeyOptional 
public readonly encryptionKey: IKey;

The KMS Key to encrypt the log group with.

removalPolicyOptional 
public readonly removalPolicy: RemovalPolicy;

Whether the key and group should be retained when they are removed from the Stack.

retentionOptional 
public readonly retention: RetentionDays;

How long, in days, the log contents will be retained.

EventTargetProps

Properties to create a new EventBridge Rule Target.

Initializer 

import { EventTargetProps } from 'shady-island'

const eventTargetProps: EventTargetProps = { ... }

Properties

Name Type Description
deadLetterQueue aws-cdk-lib.aws_sqs.IQueue The SQS queue to be used as deadLetterQueue. Check out the considerations for using a dead-letter queue.
maxEventAge aws-cdk-lib.Duration The maximum age of a request that Lambda sends to a function for processing.
retryAttempts number The maximum number of times to retry when the function returns an error.
containerOverrides aws-cdk-lib.aws_events_targets.ContainerOverride[] Container setting overrides.
enableExecuteCommand boolean Whether or not to enable the execute command functionality for the containers in this task.
launchType aws-cdk-lib.aws_ecs.LaunchType Specifies the launch type on which your task is running.
propagateTags aws-cdk-lib.aws_ecs.PropagatedTagSource Specifies whether to propagate the tags from the task definition to the task.
role aws-cdk-lib.aws_iam.IRole Existing IAM role to run the ECS task.
tags aws-cdk-lib.aws_events_targets.Tag[] The metadata that you apply to the task to help you categorize and organize them.
taskCount number How many tasks should be started when this event is triggered.
deadLetterQueueOptional 
public readonly deadLetterQueue: IQueue;

The SQS queue to be used as deadLetterQueue. Check out the considerations for using a dead-letter queue.

The events not successfully delivered are automatically retried for a specified period of time, depending on the retry policy of the target. If an event is not delivered before all retry attempts are exhausted, it will be sent to the dead letter queue.

maxEventAgeOptional 
public readonly maxEventAge: Duration;

The maximum age of a request that Lambda sends to a function for processing.

Minimum value of 60. Maximum value of 86400.

retryAttemptsOptional 
public readonly retryAttempts: number;

The maximum number of times to retry when the function returns an error.

Minimum value of 0. Maximum value of 185.

containerOverridesOptional 
public readonly containerOverrides: ContainerOverride[];

Container setting overrides.

Key is the name of the container to override, value is the values you want to override.

enableExecuteCommandOptional 
public readonly enableExecuteCommand: boolean;

Whether or not to enable the execute command functionality for the containers in this task.

If true, this enables execute command functionality on all containers in the task.

launchTypeOptional 
public readonly launchType: LaunchType;

Specifies the launch type on which your task is running.

The launch type that you specify here must match one of the launch type (compatibilities) of the target task.

propagateTagsOptional 
public readonly propagateTags: PropagatedTagSource;

Specifies whether to propagate the tags from the task definition to the task.

If no value is specified, the tags are not propagated.

roleOptional 
public readonly role: IRole;

Existing IAM role to run the ECS task.

tagsOptional 
public readonly tags: Tag[];

The metadata that you apply to the task to help you categorize and organize them.

Each tag consists of a key and an optional value, both of which you define.

taskCountOptional 
public readonly taskCount: number;

How many tasks should be started when this event is triggered.

FargateAwsVpcConfiguration

The networkConfiguration.awsvpcConfiguration values for ecs.RunTask.

Initializer 

import { FargateAwsVpcConfiguration } from 'shady-island'

const fargateAwsVpcConfiguration: FargateAwsVpcConfiguration = { ... }

Properties

Name Type Description
assignPublicIp string Whether the task’s elastic network interface receives a public IP address.
securityGroups string[] The IDs of the security groups associated with the task or service.
subnets string[] The IDs of the subnets associated with the task or service.
assignPublicIpOptional 
public readonly assignPublicIp: string;

Whether the task’s elastic network interface receives a public IP address.

The default value is DISABLED .

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html#cfn-ecs-service-awsvpcconfiguration-assignpublicip

securityGroupsOptional 
public readonly securityGroups: string[];

The IDs of the security groups associated with the task or service.

If you don’t specify a security group, the default security group for the VPC is used. There’s a limit of 5 security groups that can be specified per AwsVpcConfiguration .

All specified security groups must be from the same VPC.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html#cfn-ecs-service-awsvpcconfiguration-securitygroups

subnetsOptional 
public readonly subnets: string[];

The IDs of the subnets associated with the task or service.

There’s a limit of 16 subnets that can be specified per AwsVpcConfiguration .

All specified subnets must be from the same VPC.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html#cfn-ecs-service-awsvpcconfiguration-subnets

FargateTaskImageOptions

The properties for the FargateTask using an image.

Initializer 

import { FargateTaskImageOptions } from 'shady-island'

const fargateTaskImageOptions: FargateTaskImageOptions = { ... }

Properties

Name Type Description
image aws-cdk-lib.aws_ecs.ContainerImage The image used to start a container.
command string[] The command that’s passed to the container.
containerName string The container name value to be specified in the task definition.
containerPort number The port number on the container that is bound to the user-specified or automatically assigned host port.
dockerLabels {[ key: string ]: string} A key/value map of labels to add to the container.
enableLogging boolean Flag to indicate whether to enable logging.
entryPoint string[] The entry point that’s passed to the container.
environment {[ key: string ]: string} The environment variables to pass to the container.
executionRole aws-cdk-lib.aws_iam.IRole The name of the task execution IAM role that grants the Amazon ECS container agent permission to call AWS APIs on your behalf.
family string The name of a family that this task definition is registered to.
logDriver aws-cdk-lib.aws_ecs.LogDriver The log driver to use.
secrets {[ key: string ]: aws-cdk-lib.aws_ecs.Secret} The secret to expose to the container as an environment variable.
taskRole aws-cdk-lib.aws_iam.IRole The name of the task IAM role that grants containers in the task permission to call AWS APIs on your behalf.
imageRequired 
public readonly image: ContainerImage;

The image used to start a container.

Image or taskDefinition must be specified, not both.

commandOptional 
public readonly command: string[];

The command that’s passed to the container.

If there are multiple arguments, make sure that each argument is a separated string in the array.

This parameter maps to Cmd in the Create a container section of the Docker Remote API and the COMMAND parameter to docker run.

For more information about the Docker CMD parameter, see https://docs.docker.com/engine/reference/builder/#cmd.

containerNameOptional 
public readonly containerName: string;

The container name value to be specified in the task definition.

containerPortOptional 
public readonly containerPort: number;

The port number on the container that is bound to the user-specified or automatically assigned host port.

If you are using containers in a task with the awsvpc or host network mode, exposed ports should be specified using containerPort. If you are using containers in a task with the bridge network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range.

Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.

For more information, see hostPort.

dockerLabelsOptional 
public readonly dockerLabels: {[ key: string ]: string};

A key/value map of labels to add to the container.

enableLoggingOptional 
public readonly enableLogging: boolean;

Flag to indicate whether to enable logging.

entryPointOptional 
public readonly entryPoint: string[];

The entry point that’s passed to the container.

This parameter maps to Entrypoint in the Create a container section of the Docker Remote API and the --entrypoint option to docker run.

For more information about the Docker ENTRYPOINT parameter, see https://docs.docker.com/engine/reference/builder/#entrypoint.

environmentOptional 
public readonly environment: {[ key: string ]: string};

The environment variables to pass to the container.

executionRoleOptional 
public readonly executionRole: IRole;

The name of the task execution IAM role that grants the Amazon ECS container agent permission to call AWS APIs on your behalf.

familyOptional 
public readonly family: string;

The name of a family that this task definition is registered to.

A family groups multiple versions of a task definition.

logDriverOptional 
public readonly logDriver: LogDriver;

The log driver to use.

secretsOptional 
public readonly secrets: {[ key: string ]: Secret};

The secret to expose to the container as an environment variable.

taskRoleOptional 
public readonly taskRole: IRole;

The name of the task IAM role that grants containers in the task permission to call AWS APIs on your behalf.

FargateTaskProps

Constructor parameters for FargateTask.

Initializer 

import { FargateTaskProps } from 'shady-island'

const fargateTaskProps: FargateTaskProps = { ... }

Properties

Name Type Description
assignPublicIp boolean Specifies whether the task’s elastic network interface receives a public IP address.
securityGroups aws-cdk-lib.aws_ec2.ISecurityGroup[] Existing security groups to use for your task.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The subnets to associate with the task.
cluster aws-cdk-lib.aws_ecs.ICluster The name of the cluster that hosts the service.
taskDefinition aws-cdk-lib.aws_ecs.FargateTaskDefinition The task definition that can be launched.
assignPublicIpOptional 
public readonly assignPublicIp: boolean;

Specifies whether the task’s elastic network interface receives a public IP address.

If true, the task will receive a public IP address.

securityGroupsOptional 
public readonly securityGroups: ISecurityGroup[];

Existing security groups to use for your task.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The subnets to associate with the task.

clusterRequired 
public readonly cluster: ICluster;

The name of the cluster that hosts the service.

taskDefinitionRequired 
public readonly taskDefinition: FargateTaskDefinition;

The task definition that can be launched.

MysqlDatabaseForClusterOptions

Properties to specify when using MysqlDatabase.forCluster().

Initializer 

import { MysqlDatabaseForClusterOptions } from 'shady-island'

const mysqlDatabaseForClusterOptions: MysqlDatabaseForClusterOptions = { ... }

Properties

Name Type Description
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
characterSet string The database default character set to use.
collation string The database default collation to use.
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

characterSetOptional 
public readonly characterSet: string;

The database default character set to use.

collationOptional 
public readonly collation: string;

The database default collation to use.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretOptional 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

MysqlDatabaseForServerlessClusterOptions

Properties to specify when using MysqlDatabase.forServerlessCluster().

Initializer 

import { MysqlDatabaseForServerlessClusterOptions } from 'shady-island'

const mysqlDatabaseForServerlessClusterOptions: MysqlDatabaseForServerlessClusterOptions = { ... }

Properties

Name Type Description
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
characterSet string The database default character set to use.
collation string The database default collation to use.
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

characterSetOptional 
public readonly characterSet: string;

The database default character set to use.

collationOptional 
public readonly collation: string;

The database default collation to use.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretOptional 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

MysqlDatabaseOptions

MySQL-specific options.

Initializer 

import { MysqlDatabaseOptions } from 'shady-island'

const mysqlDatabaseOptions: MysqlDatabaseOptions = { ... }

Properties

Name Type Description
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
characterSet string The database default character set to use.
collation string The database default collation to use.
certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

characterSetOptional 
public readonly characterSet: string;

The database default character set to use.

collationOptional 
public readonly collation: string;

The database default collation to use.

MysqlDatabaseProps

Constructor properties for MysqlDatabase.

Initializer 

import { MysqlDatabaseProps } from 'shady-island'

const mysqlDatabaseProps: MysqlDatabaseProps = { ... }

Properties

Name Type Description
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
target aws-cdk-lib.aws_ec2.IConnectable The target service or database.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
characterSet string The database default character set to use.
collation string The database default collation to use.
databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretRequired 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

targetRequired 
public readonly target: IConnectable;

The target service or database.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

characterSetOptional 
public readonly characterSet: string;

The database default character set to use.

collationOptional 
public readonly collation: string;

The database default collation to use.

PostgresqlDatabaseForClusterOptions

Properties to specify when using PostgresqlDatabase.forCluster().

Initializer 

import { PostgresqlDatabaseForClusterOptions } from 'shady-island'

const postgresqlDatabaseForClusterOptions: PostgresqlDatabaseForClusterOptions = { ... }

Properties

Name Type Description
ownerSecret aws-cdk-lib.aws_secretsmanager.ISecret The Secrets Manager secret for the owner of the schema.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
encoding string The database default encoding set to use.
locale string The database default locale to use.
schemaName string The name of the schema to create.
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
ownerSecretRequired 
public readonly ownerSecret: ISecret;

The Secrets Manager secret for the owner of the schema.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

encodingOptional 
public readonly encoding: string;

The database default encoding set to use.

localeOptional 
public readonly locale: string;

The database default locale to use.

schemaNameOptional 
public readonly schemaName: string;

The name of the schema to create.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretOptional 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

PostgresqlDatabaseForServerlessClusterOptions

Properties to specify when using PostgresqlDatabase.forServerlessCluster().

Initializer 

import { PostgresqlDatabaseForServerlessClusterOptions } from 'shady-island'

const postgresqlDatabaseForServerlessClusterOptions: PostgresqlDatabaseForServerlessClusterOptions = { ... }

Properties

Name Type Description
ownerSecret aws-cdk-lib.aws_secretsmanager.ISecret The Secrets Manager secret for the owner of the schema.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
encoding string The database default encoding set to use.
locale string The database default locale to use.
schemaName string The name of the schema to create.
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
ownerSecretRequired 
public readonly ownerSecret: ISecret;

The Secrets Manager secret for the owner of the schema.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

encodingOptional 
public readonly encoding: string;

The database default encoding set to use.

localeOptional 
public readonly locale: string;

The database default locale to use.

schemaNameOptional 
public readonly schemaName: string;

The name of the schema to create.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretOptional 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

PostgresqlDatabaseOptions

PostgreSQL-specific options.

Initializer 

import { PostgresqlDatabaseOptions } from 'shady-island'

const postgresqlDatabaseOptions: PostgresqlDatabaseOptions = { ... }

Properties

Name Type Description
ownerSecret aws-cdk-lib.aws_secretsmanager.ISecret The Secrets Manager secret for the owner of the schema.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
encoding string The database default encoding set to use.
locale string The database default locale to use.
schemaName string The name of the schema to create.
ownerSecretRequired 
public readonly ownerSecret: ISecret;

The Secrets Manager secret for the owner of the schema.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

encodingOptional 
public readonly encoding: string;

The database default encoding set to use.

localeOptional 
public readonly locale: string;

The database default locale to use.

schemaNameOptional 
public readonly schemaName: string;

The name of the schema to create.

PostgresqlDatabaseProps

Constructor properties for PostgresqlDatabase.

Initializer 

import { PostgresqlDatabaseProps } from 'shady-island'

const postgresqlDatabaseProps: PostgresqlDatabaseProps = { ... }

Properties

Name Type Description
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
target aws-cdk-lib.aws_ec2.IConnectable The target service or database.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
ownerSecret aws-cdk-lib.aws_secretsmanager.ISecret The Secrets Manager secret for the owner of the schema.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
encoding string The database default encoding set to use.
locale string The database default locale to use.
schemaName string The name of the schema to create.
databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretRequired 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

targetRequired 
public readonly target: IConnectable;

The target service or database.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

ownerSecretRequired 
public readonly ownerSecret: ISecret;

The Secrets Manager secret for the owner of the schema.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

encodingOptional 
public readonly encoding: string;

The database default encoding set to use.

localeOptional 
public readonly locale: string;

The database default locale to use.

schemaNameOptional 
public readonly schemaName: string;

The name of the schema to create.

PrioritizedLines

A container for lines of a User Data script, sortable by priority.

Initializer 

import { PrioritizedLines } from 'shady-island'

const prioritizedLines: PrioritizedLines = { ... }

Properties

Name Type Description
lines string[] The command lines.
priority number The priority for this set of commands.
linesRequired 
public readonly lines: string[];

The command lines.

priorityRequired 
public readonly priority: number;

The priority for this set of commands.

RunnableFargateTaskProps

Constructor properties for RunnableFargateTask.

Initializer 

import { RunnableFargateTaskProps } from 'shady-island'

const runnableFargateTaskProps: RunnableFargateTaskProps = { ... }

Properties

Name Type Description
assignPublicIp boolean Specifies whether the task’s elastic network interface receives a public IP address.
securityGroups aws-cdk-lib.aws_ec2.ISecurityGroup[] Existing security groups to use for your task.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The subnets to associate with the task.
cpu number The number of cpu units used by the task.
memoryLimitMiB number The amount (in MiB) of memory used by the task.
platformVersion aws-cdk-lib.aws_ecs.FargatePlatformVersion The platform version on which to run your service.
runtimePlatform aws-cdk-lib.aws_ecs.RuntimePlatform The runtime platform of the task definition.
taskDefinition aws-cdk-lib.aws_ecs.FargateTaskDefinition The task definition to use for tasks in the service. TaskDefinition or TaskImageOptions must be specified, but not both.
cluster aws-cdk-lib.aws_ecs.ICluster The cluster that hosts the service.
taskImageOptions FargateTaskImageOptions The properties to define if the construct is to create a TaskDefinition.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where the container instances will be launched or the elastic network interfaces (ENIs) will be deployed.
assignPublicIpOptional 
public readonly assignPublicIp: boolean;

Specifies whether the task’s elastic network interface receives a public IP address.

If true, the task will receive a public IP address.

securityGroupsOptional 
public readonly securityGroups: ISecurityGroup[];

Existing security groups to use for your task.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The subnets to associate with the task.

cpuOptional 
public readonly cpu: number;

The number of cpu units used by the task.

Valid values, which determines your range of valid values for the memory parameter:

256 (.25 vCPU) - Available memory values: 0.5GB, 1GB, 2GB

512 (.5 vCPU) - Available memory values: 1GB, 2GB, 3GB, 4GB

1024 (1 vCPU) - Available memory values: 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB

2048 (2 vCPU) - Available memory values: Between 4GB and 16GB in 1GB increments

4096 (4 vCPU) - Available memory values: Between 8GB and 30GB in 1GB increments

8192 (8 vCPU) - Available memory values: Between 16GB and 60GB in 4GB increments

16384 (16 vCPU) - Available memory values: Between 32GB and 120GB in 8GB increments

This default is set in the underlying FargateTaskDefinition construct.

memoryLimitMiBOptional 
public readonly memoryLimitMiB: number;

The amount (in MiB) of memory used by the task.

This field is required and you must use one of the following values, which determines your range of valid values for the cpu parameter:

512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU)

1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU)

2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU)

Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU)

Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU)

Between 16384 (16 GB) and 61440 (60 GB) in increments of 4096 (4 GB) - Available cpu values: 8192 (8 vCPU)

Between 32768 (32 GB) and 122880 (120 GB) in increments of 8192 (8 GB) - Available cpu values: 16384 (16 vCPU)

This default is set in the underlying FargateTaskDefinition construct.

platformVersionOptional 
public readonly platformVersion: FargatePlatformVersion;

The platform version on which to run your service.

If one is not specified, the LATEST platform version is used by default. For more information, see AWS Fargate Platform Versions in the Amazon Elastic Container Service Developer Guide.

runtimePlatformOptional 
public readonly runtimePlatform: RuntimePlatform;

The runtime platform of the task definition.

taskDefinitionOptional 
public readonly taskDefinition: FargateTaskDefinition;

The task definition to use for tasks in the service. TaskDefinition or TaskImageOptions must be specified, but not both.

[disable-awslint:ref-via-interface]

clusterOptional 
public readonly cluster: ICluster;

The cluster that hosts the service.

If a cluster is specified, the vpc construct should be omitted. Alternatively, you can omit both cluster and vpc.

taskImageOptionsOptional 
public readonly taskImageOptions: FargateTaskImageOptions;

The properties to define if the construct is to create a TaskDefinition.

taskDefinition or image must be defined, but not both.

vpcOptional 
public readonly vpc: IVpc;

The VPC where the container instances will be launched or the elastic network interfaces (ENIs) will be deployed.

If a vpc is specified, the cluster construct should be omitted. Alternatively, you can omit both vpc and cluster.

StateMachineTaskProps

Properties to create a new State Machine EcsRunTask step.

Initializer 

import { StateMachineTaskProps } from 'shady-island'

const stateMachineTaskProps: StateMachineTaskProps = { ... }

Properties

Name Type Description
comment string An optional description for this state.
credentials aws-cdk-lib.aws_stepfunctions.Credentials Credentials for an IAM Role that the State Machine assumes for executing the task.
heartbeat aws-cdk-lib.Duration Timeout for the heartbeat.
heartbeatTimeout aws-cdk-lib.aws_stepfunctions.Timeout Timeout for the heartbeat.
inputPath string JSONPath expression to select part of the state to be the input to this state.
integrationPattern aws-cdk-lib.aws_stepfunctions.IntegrationPattern AWS Step Functions integrates with services directly in the Amazon States Language.
outputPath string JSONPath expression to select select a portion of the state output to pass to the next state.
resultPath string JSONPath expression to indicate where to inject the state’s output.
resultSelector {[ key: string ]: any} The JSON that will replace the state’s raw result and become the effective result before ResultPath is applied.
stateName string Optional name for this state.
taskTimeout aws-cdk-lib.aws_stepfunctions.Timeout Timeout for the task.
timeout aws-cdk-lib.Duration Timeout for the task.
containerOverrides aws-cdk-lib.aws_stepfunctions_tasks.ContainerOverride[] Container setting overrides.
enableExecuteCommand boolean Whether ECS Exec should be enabled.
propagatedTagSource aws-cdk-lib.aws_ecs.PropagatedTagSource Specifies whether to propagate the tags from the task definition to the task.
revisionNumber number The revision number of ECS task definition family.
commentOptional 
public readonly comment: string;

An optional description for this state.

credentialsOptional 
public readonly credentials: Credentials;

Credentials for an IAM Role that the State Machine assumes for executing the task.

This enables cross-account resource invocations.

https://docs.aws.amazon.com/step-functions/latest/dg/concepts-access-cross-acct-resources.html

heartbeatOptional 
public readonly heartbeat: Duration;

Timeout for the heartbeat.

heartbeatTimeoutOptional 
public readonly heartbeatTimeout: Timeout;

Timeout for the heartbeat.

[disable-awslint:duration-prop-type] is needed because all props interface in aws-stepfunctions-tasks extend this interface

inputPathOptional 
public readonly inputPath: string;

JSONPath expression to select part of the state to be the input to this state.

May also be the special value JsonPath.DISCARD, which will cause the effective input to be the empty object {}.

integrationPatternOptional 
public readonly integrationPattern: IntegrationPattern;

AWS Step Functions integrates with services directly in the Amazon States Language.

You can control these AWS services using service integration patterns.

Depending on the AWS Service, the Service Integration Pattern availability will vary.

https://docs.aws.amazon.com/step-functions/latest/dg/connect-supported-services.html

outputPathOptional 
public readonly outputPath: string;

JSONPath expression to select select a portion of the state output to pass to the next state.

May also be the special value JsonPath.DISCARD, which will cause the effective output to be the empty object {}.

resultPathOptional 
public readonly resultPath: string;

JSONPath expression to indicate where to inject the state’s output.

May also be the special value JsonPath.DISCARD, which will cause the state’s input to become its output.

resultSelectorOptional 
public readonly resultSelector: {[ key: string ]: any};

The JSON that will replace the state’s raw result and become the effective result before ResultPath is applied.

You can use ResultSelector to create a payload with values that are static or selected from the state’s raw result.

https://docs.aws.amazon.com/step-functions/latest/dg/input-output-inputpath-params.html#input-output-resultselector

stateNameOptional 
public readonly stateName: string;

Optional name for this state.

taskTimeoutOptional 
public readonly taskTimeout: Timeout;

Timeout for the task.

[disable-awslint:duration-prop-type] is needed because all props interface in aws-stepfunctions-tasks extend this interface

timeoutOptional 
public readonly timeout: Duration;

Timeout for the task.

containerOverridesOptional 
public readonly containerOverrides: ContainerOverride[];

Container setting overrides.

Specify the container to use and the overrides to apply.

enableExecuteCommandOptional 
public readonly enableExecuteCommand: boolean;

Whether ECS Exec should be enabled.

https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html#ECS-RunTask-request-enableExecuteCommand

propagatedTagSourceOptional 
public readonly propagatedTagSource: PropagatedTagSource;

Specifies whether to propagate the tags from the task definition to the task.

An error will be received if you specify the SERVICE option when running a task.

https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html#ECS-RunTask-request-propagateTags

revisionNumberOptional 
public readonly revisionNumber: number;

The revision number of ECS task definition family.

WorkloadProps

Constructor properties for a Workload.

Initializer 

import { WorkloadProps } from 'shady-island'

const workloadProps: WorkloadProps = { ... }

Properties

Name Type Description
tier Tier The deployment tier.
baseDomainName string The base domain name used to create the FQDN for public resources.
contextFile string The filesystem path to a JSON file that contains context values to load.
env aws-cdk-lib.Environment The AWS environment (account/region) where this stack will be deployed.
workloadName string The machine identifier for this workload.
tierRequired 
public readonly tier: Tier;

The deployment tier.

baseDomainNameOptional 
public readonly baseDomainName: string;

The base domain name used to create the FQDN for public resources.

contextFileOptional 
public readonly contextFile: string;

The filesystem path to a JSON file that contains context values to load.

Using this property allows you to load different context values within each instantiated Workload, directly from a file you can check into source control.

envOptional 
public readonly env: Environment;

The AWS environment (account/region) where this stack will be deployed.

workloadNameOptional 
public readonly workloadName: string;

The machine identifier for this workload.

This value will be used to create the publicDomainName property.

By default, the stackName property used to create Stack constructs in the createStack method will begin with this Workload’s workloadName and its tier separated by hyphens.

Consider providing a constant workloadName value to the superclass constructor in your derived class.

Example

class MyWorkload extends Workload {
  constructor(scope: Construct, id: string, props: WorkloadProps) {
    super(scope, id, { ...props, workloadName: 'my-workload' });
  }
}

Classes

ContextLoader

A utility to load context values into a construct node.

If you want to use this utility in your own construct, make sure to invoke it before you create any child constructs.

Initializers 

import { ContextLoader } from 'shady-island'

new ContextLoader()

| Name | Type | Description | | — | — | — |

Static Functions

Name Description
loadContext Parses JSON file contents, then provides the values to a Node’s context.
loadContext 
import { ContextLoader } from 'shady-island'

ContextLoader.loadContext(filename: string, node: Node)

Parses JSON file contents, then provides the values to a Node’s context.

filenameRequired

The JSON file with an object to use as context values.

nodeRequired

The constructs node to receive the context values.

Tier

A deployment environment with a specific purpose and audience.

You can create any Tier you like, but we include those explained by DTAP.

https://en.wikipedia.org/wiki/Development,_testing,_acceptance_and_production

Initializers 

import { Tier } from 'shady-island'

new Tier(id: string, label: string)
Name Type Description
id string - The machine-readable identifier for this tier (e.g. prod).
label string - The human-readable label for this tier (e.g. Production).
idRequired

The machine-readable identifier for this tier (e.g. prod).

labelRequired

The human-readable label for this tier (e.g. Production).

Methods

Name Description
applyTags Adds the label of this tier as a tag to the provided construct.
assignTo Assigns this tier to a construct.
matches Compares this tier to the provided value and tests for equality.
applyTags 
public applyTags(construct: IConstruct): void

Adds the label of this tier as a tag to the provided construct.

constructRequired
assignTo 
public assignTo(construct: IConstruct): void

Assigns this tier to a construct.

This method will register an error annotation on the construct if any of the constructs in its parent scopes have a different tier assigned.

constructRequired

The construct to receive the tier assignment.

matches 
public matches(other: Tier): boolean

Compares this tier to the provided value and tests for equality.

otherRequired

The value to compare.

Static Functions

Name Description
of Finds the deployment tier of the given construct.
parse Return the deployment tier that corresponds to the provided value.
of 
import { Tier } from 'shady-island'

Tier.of(construct: IConstruct)

Finds the deployment tier of the given construct.

constructRequired

The construct to inspect.

parse 
import { Tier } from 'shady-island'

Tier.parse(value: string)

Return the deployment tier that corresponds to the provided value.

Production: “live”, “prod”, or “production”. Acceptance: “uat”, “stage”, “staging”, or “acceptance”. Testing: “qc”, “qa”, “test”, or “testing”. Development: anything else.

valueRequired

The value to parse, case-insensitive.

Properties

Name Type Description
id string The machine-readable identifier for this tier (e.g. prod).
label string The human-readable label for this tier (e.g. Production).
idRequired 
public readonly id: string;

The machine-readable identifier for this tier (e.g. prod).

labelRequired 
public readonly label: string;

The human-readable label for this tier (e.g. Production).

Constants

Name Type Description
ACCEPTANCE Tier A tier that represents an acceptance environment.
DEVELOPMENT Tier A tier that represents a development environment.
PRODUCTION Tier A tier that represents a production environment.
TESTING Tier A tier that represents a testing environment.
ACCEPTANCERequired 
public readonly ACCEPTANCE: Tier;

A tier that represents an acceptance environment.

DEVELOPMENTRequired 
public readonly DEVELOPMENT: Tier;

A tier that represents a development environment.

PRODUCTIONRequired 
public readonly PRODUCTION: Tier;

A tier that represents a production environment.

TESTINGRequired 
public readonly TESTING: Tier;

A tier that represents a testing environment.

TierTagger

A CDK Aspect to apply the DeploymentTier tag to Stacks.

Initializers 

import { TierTagger } from 'shady-island'

new TierTagger(tier: Tier)
Name Type Description
tier Tier - The deployment tier.
tierRequired

The deployment tier.

Methods

Name Description
visit All aspects can visit an IConstruct.
visit 
public visit(node: IConstruct): void

All aspects can visit an IConstruct.

nodeRequired

UserDataBuilder

A utility class to assist with composing instance User Data.

This class allows multiple observers in code to add lines to the same end result UserData without clobbering each other. Just like conf.d directories with priority number prefixes, you can declare the proper execution order of your UserData commands without having to add them in that order.

Initializers 

import { UserDataBuilder } from 'shady-island'

new UserDataBuilder()

| Name | Type | Description | | — | — | — |

Methods

Name Description
addCommands Add one or more commands to the user data with a priority of 0.
buildUserData Produces the User Data script with all lines sorted in priority order.
insertCommands Add one or more commands to the user data at a specific priority.
addCommands 
public addCommands(commands: ...string[]): void

Add one or more commands to the user data with a priority of 0.

commandsRequired

The lines to add.

buildUserData 
public buildUserData(): UserData

Produces the User Data script with all lines sorted in priority order.

insertCommands 
public insertCommands(priority: number, commands: ...string[]): void

Add one or more commands to the user data at a specific priority.

priorityRequired

The priority of these lines (lower executes earlier).

commandsRequired

The lines to add.

Static Functions

Name Description
forLinux Returns a user data builder for GNU/Linux operating systems.
forWindows Returns a user data builder for Windows operating systems.
forLinux 
import { UserDataBuilder } from 'shady-island'

UserDataBuilder.forLinux(options?: LinuxUserDataOptions)

Returns a user data builder for GNU/Linux operating systems.

optionsOptional

The Linux UserData constructor options.

forWindows 
import { UserDataBuilder } from 'shady-island'

UserDataBuilder.forWindows()

Returns a user data builder for Windows operating systems.

Protocols

IAssignOnLaunch

Interface for the AssignOnLaunch class.

Properties

Name Type Description
vpc aws-cdk-lib.aws_ec2.IVpc The IPv6-enabled VPC.
vpcPlacement aws-cdk-lib.aws_ec2.SelectedSubnets The chosen subnets for address assignment on ENI launch.
vpcRequired 
public readonly vpc: IVpc;

The IPv6-enabled VPC.

vpcPlacementRequired 
public readonly vpcPlacement: SelectedSubnets;

The chosen subnets for address assignment on ENI launch.

ICidrContext

Interface for the CidrContext class.

Properties

Name Type Description
vpc aws-cdk-lib.aws_ec2.IVpc The IPv6-enabled VPC.
vpcRequired 
public readonly vpc: IVpc;

The IPv6-enabled VPC.

IDatabase

The definition used to create a database.

Methods

Name Description
addUserAsOwner Declares a new database user to be assigned ownership permissions.
addUserAsReader Declares a new database user to be assigned read-only permissions.
addUserAsUnprivileged Declares a new database user with no permissions.
addUserAsOwner 
public addUserAsOwner(secret: ISecret): void

Declares a new database user to be assigned ownership permissions.

secretRequired

The Secrets Manager secret containing credentials.

addUserAsReader 
public addUserAsReader(secret: ISecret): void

Declares a new database user to be assigned read-only permissions.

secretRequired

The Secrets Manager secret containing credentials.

addUserAsUnprivileged 
public addUserAsUnprivileged(secret: ISecret): void

Declares a new database user with no permissions.

secretRequired

The Secrets Manager secret containing credentials.

Properties

Name Type Description
node constructs.Node The tree node.
databaseName string The name of the database/catalog.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
trigger aws-cdk-lib.triggers.ITrigger The CDK Trigger that kicks off the process.
nodeRequired 
public readonly node: Node;

The tree node.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

triggerRequired 
public readonly trigger: ITrigger;

The CDK Trigger that kicks off the process.

You can further customize when the trigger fires using executeAfter.

IEncryptedFileSystem

Interface for EncryptedFileSystem.

Properties

Name Type Description
node constructs.Node The tree node.
fileSystem aws-cdk-lib.aws_efs.IFileSystem The EFS file system.
key aws-cdk-lib.aws_kms.IKey The KMS encryption key.
nodeRequired 
public readonly node: Node;

The tree node.

fileSystemRequired 
public readonly fileSystem: IFileSystem;

The EFS file system.

keyRequired 
public readonly key: IKey;

The KMS encryption key.

IEncryptedLogGroup

A log group encrypted by a KMS customer managed key.

Properties

Name Type Description
key aws-cdk-lib.aws_kms.IKey The KMS encryption key.
logGroup aws-cdk-lib.aws_logs.ILogGroup The log group.
keyRequired 
public readonly key: IKey;

The KMS encryption key.

logGroupRequired 
public readonly logGroup: ILogGroup;

The log group.

IFargateTask

Interface for FargateTask.

Methods

Name Description
createRuleTarget Create a new EventBridge Rule Target that launches this ECS task.
createStateMachineTask Create a new Step Functions task that launches this ECS task.
grantRun Grants permission to invoke ecs:RunTask on this task’s cluster.
createRuleTarget 
public createRuleTarget(props: EventTargetProps): EcsTask

Create a new EventBridge Rule Target that launches this ECS task.

propsRequired

The properties to create the EcsTask object.

createStateMachineTask 
public createStateMachineTask(id: string, props: StateMachineTaskProps): EcsRunTask

Create a new Step Functions task that launches this ECS task.

idRequired

The construct ID.

propsRequired

The properties to create the EcsRunTask object.

grantRun 
public grantRun(grantee: IGrantable): Grant

Grants permission to invoke ecs:RunTask on this task’s cluster.

granteeRequired

The recipient of the permissions.

Properties

Name Type Description
connections aws-cdk-lib.aws_ec2.Connections The network connections associated with this resource.
node constructs.Node The tree node.
awsVpcNetworkConfig FargateAwsVpcConfiguration Get the networkConfiguration.awsvpcConfiguration property to run this task.
cluster aws-cdk-lib.aws_ecs.ICluster The name of the cluster that hosts the service.
taskDefinition aws-cdk-lib.aws_ecs.FargateTaskDefinition The task definition that can be launched.
connectionsRequired 
public readonly connections: Connections;

The network connections associated with this resource.

nodeRequired 
public readonly node: Node;

The tree node.

awsVpcNetworkConfigRequired 
public readonly awsVpcNetworkConfig: FargateAwsVpcConfiguration;

Get the networkConfiguration.awsvpcConfiguration property to run this task.

clusterRequired 
public readonly cluster: ICluster;

The name of the cluster that hosts the service.

taskDefinitionRequired 
public readonly taskDefinition: FargateTaskDefinition;

The task definition that can be launched.

IRunnableFargateTask

Interface for RunnableFargateTask.

Properties

Name Type Description
node constructs.Node The tree node.
task IFargateTask The FargateTask in this construct.
taskDefinition aws-cdk-lib.aws_ecs.FargateTaskDefinition The FargateTaskDefinition in this construct.
nodeRequired 
public readonly node: Node;

The tree node.

taskRequired 
public readonly task: IFargateTask;

The FargateTask in this construct.

taskDefinitionRequired 
public readonly taskDefinition: FargateTaskDefinition;

The FargateTaskDefinition in this construct.