API Reference

Constructs

AssignOnLaunch

Enables the “assignIpv6AddressOnCreation” attribute on selected subnets.

{@link https://github.com/aws/aws-cdk/issues/5927}

Initializers 

import { AssignOnLaunch } from 'shady-island'

new AssignOnLaunch(scope: Construct, id: string, options: AssignOnLaunchProps)
Name Type Description
scope constructs.Construct - The construct scope.
id string - The construct ID.
options AssignOnLaunchProps - The constructor options.
scopeRequired

The construct scope.

idRequired

The construct ID.

optionsRequired

The constructor options.

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { AssignOnLaunch } from 'shady-island'

AssignOnLaunch.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
vpc aws-cdk-lib.aws_ec2.IVpc The IPv6-enabled VPC.
vpcPlacement aws-cdk-lib.aws_ec2.SelectedSubnets The chosen subnets for address assignment on ENI launch.
nodeRequired 
public readonly node: Node;

The tree node.

vpcRequired 
public readonly vpc: IVpc;

The IPv6-enabled VPC.

vpcPlacementRequired 
public readonly vpcPlacement: SelectedSubnets;

The chosen subnets for address assignment on ENI launch.

BaseDatabase

A database.

Initializers 

import { BaseDatabase } from 'shady-island'

new BaseDatabase(scope: IConstruct, id: string, props: BaseDatabaseProps)
Name Type Description
scope constructs.IConstruct - The Construct that contains this one.
id string - The identifier of this construct.
props BaseDatabaseProps - The configuration properties for this construct.
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

propsRequired

The configuration properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
addUserAsOwner Declares a new database user to be assigned ownership permissions.
addUserAsReader Declares a new database user to be assigned read-only permissions.
addUserAsUnprivileged Declares a new database user with no permissions.
toString 
public toString(): string

Returns a string representation of this construct.

addUserAsOwner 
public addUserAsOwner(secret: ISecret): void

Declares a new database user to be assigned ownership permissions.

secretRequired
addUserAsReader 
public addUserAsReader(secret: ISecret): void

Declares a new database user to be assigned read-only permissions.

secretRequired
addUserAsUnprivileged 
public addUserAsUnprivileged(secret: ISecret): void

Declares a new database user with no permissions.

secretRequired

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { BaseDatabase } from 'shady-island'

BaseDatabase.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
databaseName string The name of the database/catalog.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
trigger aws-cdk-lib.triggers.ITrigger The CDK Trigger that kicks off the process.
nodeRequired 
public readonly node: Node;

The tree node.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

triggerRequired 
public readonly trigger: ITrigger;

The CDK Trigger that kicks off the process.

You can further customize when the trigger fires using executeAfter.

CidrContext

Allocates IPv6 CIDRs and routes for subnets in a VPC.

{@link https://github.com/aws/aws-cdk/issues/5927}

Initializers 

import { CidrContext } from 'shady-island'

new CidrContext(scope: Construct, id: string, options: CidrContextProps)
Name Type Description
scope constructs.Construct - The construct scope.
id string - The construct ID.
options CidrContextProps - The constructor options.
scopeRequired

The construct scope.

idRequired

The construct ID.

optionsRequired

The constructor options.

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { CidrContext } from 'shady-island'

CidrContext.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
vpc aws-cdk-lib.aws_ec2.IVpc The IPv6-enabled VPC.
nodeRequired 
public readonly node: Node;

The tree node.

vpcRequired 
public readonly vpc: IVpc;

The IPv6-enabled VPC.

ContainerImagePipeline

Allows images pushed to an ECR repo to trigger updates to an ECS service.

This construct produces a CodePipeline pipeline using the “ECR Source” action, an “ECS Deploy” action, and a custom Lambda handler in between that transforms the JSON from the “Source” action into the JSON needed for the “Deploy” action.

Initializers 

import { automation } from 'shady-island'

new automation.ContainerImagePipeline(scope: Construct, id: string, props: ContainerImagePipelineProps)
Name Type Description
scope constructs.Construct - The scope in which to define this construct.
id string - The scoped construct ID.
props shady-island.automation.ContainerImagePipelineProps - Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsRequired

Initialization properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { automation } from 'shady-island'

automation.ContainerImagePipeline.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
pipeline aws-cdk-lib.aws_codepipeline.Pipeline The CodePipeline pipeline.
nodeRequired 
public readonly node: Node;

The tree node.

pipelineRequired 
public readonly pipeline: Pipeline;

The CodePipeline pipeline.

ContextLoadingStage

A Stage that can load context values from a JSON file.

Initializers 

import { ContextLoadingStage } from 'shady-island'

new ContextLoadingStage(scope: Construct, id: string, props: ContextLoadingStageProps)
Name Type Description
scope constructs.Construct - The scope in which to define this construct.
id string - The scoped construct ID.
props ContextLoadingStageProps - Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsRequired

Initialization properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
synth Synthesize this stage into a cloud assembly.
toString 
public toString(): string

Returns a string representation of this construct.

synth 
public synth(options?: StageSynthesisOptions): CloudAssembly

Synthesize this stage into a cloud assembly.

Once an assembly has been synthesized, it cannot be modified. Subsequent calls will return the same assembly.

optionsOptional

Static Functions

Name Description
isConstruct Checks if x is a construct.
isStage Test whether the given construct is a stage.
of Return the stage this construct is contained with, if available.
isConstruct 
import { ContextLoadingStage } from 'shady-island'

ContextLoadingStage.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

isStage 
import { ContextLoadingStage } from 'shady-island'

ContextLoadingStage.isStage(x: any)

Test whether the given construct is a stage.

xRequired
of 
import { ContextLoadingStage } from 'shady-island'

ContextLoadingStage.of(construct: IConstruct)

Return the stage this construct is contained with, if available.

If called on a nested stage, returns its parent.

constructRequired

Properties

Name Type Description
node constructs.Node The tree node.
artifactId string Artifact ID of the assembly if it is a nested stage. The root stage (app) will return an empty string.
assetOutdir string The cloud assembly asset output directory.
outdir string The cloud assembly output directory.
policyValidationBeta1 aws-cdk-lib.IPolicyValidationPluginBeta1[] Validation plugins to run during synthesis.
stageName string The name of the stage.
account string The default account for all resources defined within this stage.
parentStage aws-cdk-lib.Stage The parent stage or undefined if this is the app.
region string The default region for all resources defined within this stage.
nodeRequired 
public readonly node: Node;

The tree node.

artifactIdRequired 
public readonly artifactId: string;

Artifact ID of the assembly if it is a nested stage. The root stage (app) will return an empty string.

Derived from the construct path.

assetOutdirRequired 
public readonly assetOutdir: string;

The cloud assembly asset output directory.

outdirRequired 
public readonly outdir: string;

The cloud assembly output directory.

policyValidationBeta1Required 
public readonly policyValidationBeta1: IPolicyValidationPluginBeta1[];

Validation plugins to run during synthesis.

If any plugin reports any violation, synthesis will be interrupted and the report displayed to the user.

stageNameRequired 
public readonly stageName: string;

The name of the stage.

Based on names of the parent stages separated by hypens.

accountOptional 
public readonly account: string;

The default account for all resources defined within this stage.

parentStageOptional 
public readonly parentStage: Stage;

The parent stage or undefined if this is the app.

*

regionOptional 
public readonly region: string;

The default region for all resources defined within this stage.

DeploymentTierStage

A Stage whose stacks are part of a single deployment tier.

Initializers 

import { DeploymentTierStage } from 'shady-island'

new DeploymentTierStage(scope: Construct, id: string, props: DeploymentTierStageProps)
Name Type Description
scope constructs.Construct - The scope in which to define this construct.
id string - The scoped construct ID.
props DeploymentTierStageProps - Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsRequired

Initialization properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
synth Synthesize this stage into a cloud assembly.
toString 
public toString(): string

Returns a string representation of this construct.

synth 
public synth(options?: StageSynthesisOptions): CloudAssembly

Synthesize this stage into a cloud assembly.

Once an assembly has been synthesized, it cannot be modified. Subsequent calls will return the same assembly.

optionsOptional

Static Functions

Name Description
isConstruct Checks if x is a construct.
isStage Test whether the given construct is a stage.
of Return the stage this construct is contained with, if available.
isConstruct 
import { DeploymentTierStage } from 'shady-island'

DeploymentTierStage.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

isStage 
import { DeploymentTierStage } from 'shady-island'

DeploymentTierStage.isStage(x: any)

Test whether the given construct is a stage.

xRequired
of 
import { DeploymentTierStage } from 'shady-island'

DeploymentTierStage.of(construct: IConstruct)

Return the stage this construct is contained with, if available.

If called on a nested stage, returns its parent.

constructRequired

Properties

Name Type Description
node constructs.Node The tree node.
artifactId string Artifact ID of the assembly if it is a nested stage. The root stage (app) will return an empty string.
assetOutdir string The cloud assembly asset output directory.
outdir string The cloud assembly output directory.
policyValidationBeta1 aws-cdk-lib.IPolicyValidationPluginBeta1[] Validation plugins to run during synthesis.
stageName string The name of the stage.
account string The default account for all resources defined within this stage.
parentStage aws-cdk-lib.Stage The parent stage or undefined if this is the app.
region string The default region for all resources defined within this stage.
inProduction boolean Whether this stage is considered a production deployment.
tier Tier No description.
nodeRequired 
public readonly node: Node;

The tree node.

artifactIdRequired 
public readonly artifactId: string;

Artifact ID of the assembly if it is a nested stage. The root stage (app) will return an empty string.

Derived from the construct path.

assetOutdirRequired 
public readonly assetOutdir: string;

The cloud assembly asset output directory.

outdirRequired 
public readonly outdir: string;

The cloud assembly output directory.

policyValidationBeta1Required 
public readonly policyValidationBeta1: IPolicyValidationPluginBeta1[];

Validation plugins to run during synthesis.

If any plugin reports any violation, synthesis will be interrupted and the report displayed to the user.

stageNameRequired 
public readonly stageName: string;

The name of the stage.

Based on names of the parent stages separated by hypens.

accountOptional 
public readonly account: string;

The default account for all resources defined within this stage.

parentStageOptional 
public readonly parentStage: Stage;

The parent stage or undefined if this is the app.

*

regionOptional 
public readonly region: string;

The default region for all resources defined within this stage.

inProductionRequired 
public readonly inProduction: boolean;

Whether this stage is considered a production deployment.

tierRequired 
public readonly tier: Tier;

ElasticIp

An EC2 Elastic IP address.

Initializers 

import { networking } from 'shady-island'

new networking.ElasticIp(scope: Construct, id: string, props?: ElasticIpProps)
Name Type Description
scope constructs.Construct - The scope in which to define this construct.
id string - The scoped construct ID.
props shady-island.networking.ElasticIpProps - Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsOptional

Initialization properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
grant Grant the given identity custom permissions.
toString 
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy 
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
grant 
public grant(identity: IGrantable, actions: ...string[]): Grant

Grant the given identity custom permissions.

e.g. ec2:AssociateAddress, ec2:DisableAddressTransfer, ec2:DisassociateAddress, ec2:EnableAddressTransfer, among others.

identityRequired
actionsRequired

Static Functions

Name Description
isConstruct Checks if x is a construct.
isOwnedResource Returns true if the construct was created by CDK, and false otherwise.
isResource Check whether the given construct is a Resource.
fromAllocationId Import an existing EIP from the given allocation ID.
fromElasticIpArn Import an existing EIP from its ARN.
isConstruct 
import { networking } from 'shady-island'

networking.ElasticIp.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

isOwnedResource 
import { networking } from 'shady-island'

networking.ElasticIp.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

constructRequired
isResource 
import { networking } from 'shady-island'

networking.ElasticIp.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
fromAllocationId 
import { networking } from 'shady-island'

networking.ElasticIp.fromAllocationId(scope: Construct, id: string, allocationId: string)

Import an existing EIP from the given allocation ID.

scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

allocationIdRequired

The EIP allocation ID.

fromElasticIpArn 
import { networking } from 'shady-island'

networking.ElasticIp.fromElasticIpArn(scope: Construct, id: string, arn: string)

Import an existing EIP from its ARN.

scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

arnRequired

The EIP ARN.

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
allocationId string The allocation ID of the Elastic IP address.
elasticIpArn string The ARN of the Elastic IP address.
publicIp string The IPv4 address.
nodeRequired 
public readonly node: Node;

The tree node.

envRequired 
public readonly env: ResourceEnvironment;

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;

The stack in which this resource is defined.

allocationIdRequired 
public readonly allocationId: string;

The allocation ID of the Elastic IP address.

elasticIpArnRequired 
public readonly elasticIpArn: string;

The ARN of the Elastic IP address.

publicIpRequired 
public readonly publicIp: string;

The IPv4 address.

EncryptedFileSystem

An EncryptedFileSystem.

Initializers 

import { EncryptedFileSystem } from 'shady-island'

new EncryptedFileSystem(scope: IConstruct, id: string, props: EncryptedFileSystemProps)
Name Type Description
scope constructs.IConstruct - The Construct that contains this one.
id string - The identifier of this construct.
props EncryptedFileSystemProps - The configuration properties for this construct.
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

propsRequired

The configuration properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { EncryptedFileSystem } from 'shady-island'

EncryptedFileSystem.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
fileSystem aws-cdk-lib.aws_efs.IFileSystem The EFS file system.
key aws-cdk-lib.aws_kms.IKey The KMS encryption key.
nodeRequired 
public readonly node: Node;

The tree node.

fileSystemRequired 
public readonly fileSystem: IFileSystem;

The EFS file system.

keyRequired 
public readonly key: IKey;

The KMS encryption key.

EncryptedLogGroup

A log group encrypted by a KMS customer managed key.

Initializers 

import { EncryptedLogGroup } from 'shady-island'

new EncryptedLogGroup(scope: Construct, id: string, props: EncryptedLogGroupProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props EncryptedLogGroupProps No description.
scopeRequired
idRequired
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { EncryptedLogGroup } from 'shady-island'

EncryptedLogGroup.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
key aws-cdk-lib.aws_kms.IKey The KMS encryption key.
logGroup aws-cdk-lib.aws_logs.ILogGroup The log group.
nodeRequired 
public readonly node: Node;

The tree node.

keyRequired 
public readonly key: IKey;

The KMS encryption key.

logGroupRequired 
public readonly logGroup: ILogGroup;

The log group.

FargateTask

An ECS Fargate Task.

If vpcSubnets is blank but assignPublicIp is set, the task will launch in Public subnets, otherwise the first available one of Private, Isolated, Public, in that order.

Initializers 

import { FargateTask } from 'shady-island'

new FargateTask(scope: Construct, id: string, props: FargateTaskProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props FargateTaskProps No description.
scopeRequired
idRequired
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
createRuleTarget Create a new EventBridge Rule Target that launches this ECS task.
createStateMachineTask Create a new Step Functions task that launches this ECS task.
grantRun Grants permission to invoke ecs:RunTask on this task’s cluster.
toString 
public toString(): string

Returns a string representation of this construct.

createRuleTarget 
public createRuleTarget(props: EventTargetProps): EcsTask

Create a new EventBridge Rule Target that launches this ECS task.

propsRequired
createStateMachineTask 
public createStateMachineTask(id: string, props: StateMachineTaskProps): EcsRunTask

Create a new Step Functions task that launches this ECS task.

idRequired
propsRequired
grantRun 
public grantRun(grantee: IGrantable): Grant

Grants permission to invoke ecs:RunTask on this task’s cluster.

granteeRequired

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { FargateTask } from 'shady-island'

FargateTask.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
awsVpcNetworkConfig FargateAwsVpcConfiguration Get the networkConfiguration.awsvpcConfiguration property to run this task.
cluster aws-cdk-lib.aws_ecs.ICluster The name of the cluster that hosts the service.
connections aws-cdk-lib.aws_ec2.Connections The network connections associated with this resource.
taskDefinition aws-cdk-lib.aws_ecs.FargateTaskDefinition The task definition that can be launched.
nodeRequired 
public readonly node: Node;

The tree node.

awsVpcNetworkConfigRequired 
public readonly awsVpcNetworkConfig: FargateAwsVpcConfiguration;

Get the networkConfiguration.awsvpcConfiguration property to run this task.

clusterRequired 
public readonly cluster: ICluster;

The name of the cluster that hosts the service.

connectionsRequired 
public readonly connections: Connections;

The network connections associated with this resource.

taskDefinitionRequired 
public readonly taskDefinition: FargateTaskDefinition;

The task definition that can be launched.

MysqlDatabase

A MySQL database.

Initializers 

import { MysqlDatabase } from 'shady-island'

new MysqlDatabase(scope: IConstruct, id: string, props: MysqlDatabaseProps)
Name Type Description
scope constructs.IConstruct - The Construct that contains this one.
id string - The identifier of this construct.
props MysqlDatabaseProps - The configuration properties for this construct.
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

propsRequired

The configuration properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
addUserAsOwner Declares a new database user to be assigned ownership permissions.
addUserAsReader Declares a new database user to be assigned read-only permissions.
addUserAsUnprivileged Declares a new database user with no permissions.
toString 
public toString(): string

Returns a string representation of this construct.

addUserAsOwner 
public addUserAsOwner(secret: ISecret): void

Declares a new database user to be assigned ownership permissions.

secretRequired
addUserAsReader 
public addUserAsReader(secret: ISecret): void

Declares a new database user to be assigned read-only permissions.

secretRequired
addUserAsUnprivileged 
public addUserAsUnprivileged(secret: ISecret): void

Declares a new database user with no permissions.

secretRequired

Static Functions

Name Description
isConstruct Checks if x is a construct.
forCluster Create a new MysqlDatabase inside a DatabaseCluster.
forClusterFromSnapshot Create a new MysqlDatabase inside a DatabaseClusterFromSnapshot.
forInstance Create a new MysqlDatabase inside a DatabaseInstance.
forInstanceFromSnapshot Create a new MysqlDatabase inside a DatabaseInstanceFromSnapshot.
forServerlessCluster Create a new MysqlDatabase inside a DatabaseCluster.
forServerlessClusterFromSnapshot Create a new MysqlDatabase inside a DatabaseClusterFromSnapshot.
isConstruct 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

forCluster 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forCluster(scope: Construct, id: string, cluster: DatabaseCluster, options: MysqlDatabaseForClusterOptions)

Create a new MysqlDatabase inside a DatabaseCluster.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forClusterFromSnapshot 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forClusterFromSnapshot(scope: Construct, id: string, cluster: DatabaseClusterFromSnapshot, options: MysqlDatabaseForClusterOptions)

Create a new MysqlDatabase inside a DatabaseClusterFromSnapshot.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forInstance 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forInstance(scope: Construct, id: string, instance: DatabaseInstance, options: MysqlDatabaseForClusterOptions)

Create a new MysqlDatabase inside a DatabaseInstance.

This method automatically adds the instance to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

instanceRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forInstanceFromSnapshot 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forInstanceFromSnapshot(scope: Construct, id: string, instance: DatabaseInstanceFromSnapshot, options: MysqlDatabaseForClusterOptions)

Create a new MysqlDatabase inside a DatabaseInstanceFromSnapshot.

This method automatically adds the instance to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

instanceRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forServerlessCluster 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forServerlessCluster(scope: Construct, id: string, cluster: ServerlessCluster, options: MysqlDatabaseForServerlessClusterOptions)

Create a new MysqlDatabase inside a DatabaseCluster.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forServerlessClusterFromSnapshot 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forServerlessClusterFromSnapshot(scope: Construct, id: string, cluster: ServerlessClusterFromSnapshot, options: MysqlDatabaseForServerlessClusterOptions)

Create a new MysqlDatabase inside a DatabaseClusterFromSnapshot.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

Properties

Name Type Description
node constructs.Node The tree node.
databaseName string The name of the database/catalog.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
trigger aws-cdk-lib.triggers.ITrigger The CDK Trigger that kicks off the process.
nodeRequired 
public readonly node: Node;

The tree node.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

triggerRequired 
public readonly trigger: ITrigger;

The CDK Trigger that kicks off the process.

You can further customize when the trigger fires using executeAfter.

NetworkInterface

A Network Interface.

Initializers 

import { networking } from 'shady-island'

new networking.NetworkInterface(scope: Construct, id: string, props: NetworkInterfaceProps)
Name Type Description
scope constructs.Construct - The scope in which to define this construct.
id string - The scoped construct ID.
props shady-island.networking.NetworkInterfaceProps - Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsRequired

Initialization properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
toString 
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy 
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired

Static Functions

Name Description
isConstruct Checks if x is a construct.
isOwnedResource Returns true if the construct was created by CDK, and false otherwise.
isResource Check whether the given construct is a Resource.
fromNetworkInterfaceAttributes Import an existing Network Interface from the given attributes.
isConstruct 
import { networking } from 'shady-island'

networking.NetworkInterface.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

isOwnedResource 
import { networking } from 'shady-island'

networking.NetworkInterface.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

constructRequired
isResource 
import { networking } from 'shady-island'

networking.NetworkInterface.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
fromNetworkInterfaceAttributes 
import { networking } from 'shady-island'

networking.NetworkInterface.fromNetworkInterfaceAttributes(scope: Construct, id: string, attribs: NetworkInterfaceAttributes)

Import an existing Network Interface from the given attributes.

scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

attribsRequired

The Network Interface attributes.

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
connections aws-cdk-lib.aws_ec2.Connections The network connections associated with this resource.
ipv6Address string No description.
networkInterfaceId string The ID of this Network Interface.
privateIpv4Address string No description.
subnet aws-cdk-lib.aws_ec2.ISubnet The subnet of this Network Interface.
nodeRequired 
public readonly node: Node;

The tree node.

envRequired 
public readonly env: ResourceEnvironment;

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;

The stack in which this resource is defined.

connectionsRequired 
public readonly connections: Connections;

The network connections associated with this resource.

ipv6AddressRequired 
public readonly ipv6Address: string;
networkInterfaceIdRequired 
public readonly networkInterfaceId: string;

The ID of this Network Interface.

privateIpv4AddressRequired 
public readonly privateIpv4Address: string;
subnetRequired 
public readonly subnet: ISubnet;

The subnet of this Network Interface.

PostgresqlDatabase

A PostgreSQL database.

Initializers 

import { PostgresqlDatabase } from 'shady-island'

new PostgresqlDatabase(scope: IConstruct, id: string, props: PostgresqlDatabaseProps)
Name Type Description
scope constructs.IConstruct - The Construct that contains this one.
id string - The identifier of this construct.
props PostgresqlDatabaseProps - The configuration properties for this construct.
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

propsRequired

The configuration properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
addUserAsOwner Declares a new database user to be assigned ownership permissions.
addUserAsReader Declares a new database user to be assigned read-only permissions.
addUserAsUnprivileged Declares a new database user with no permissions.
toString 
public toString(): string

Returns a string representation of this construct.

addUserAsOwner 
public addUserAsOwner(secret: ISecret): void

Declares a new database user to be assigned ownership permissions.

secretRequired
addUserAsReader 
public addUserAsReader(secret: ISecret): void

Declares a new database user to be assigned read-only permissions.

secretRequired
addUserAsUnprivileged 
public addUserAsUnprivileged(secret: ISecret): void

Declares a new database user with no permissions.

secretRequired

Static Functions

Name Description
isConstruct Checks if x is a construct.
forCluster Create a new PostgresqlDatabase inside a DatabaseCluster.
forClusterFromSnapshot Create a new PostgresqlDatabase inside a DatabaseClusterFromSnapshot.
forInstance Create a new PostgresqlDatabase inside a DatabaseInstance.
forInstanceFromSnapshot Create a new PostgresqlDatabase inside a DatabaseInstanceFromSnapshot.
forServerlessCluster Create a new PostgresqlDatabase inside a DatabaseCluster.
forServerlessClusterFromSnapshot Create a new PostgresqlDatabase inside a DatabaseClusterFromSnapshot.
isConstruct 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

forCluster 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forCluster(scope: Construct, id: string, cluster: DatabaseCluster, options: PostgresqlDatabaseForClusterOptions)

Create a new PostgresqlDatabase inside a DatabaseCluster.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forClusterFromSnapshot 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forClusterFromSnapshot(scope: Construct, id: string, cluster: DatabaseClusterFromSnapshot, options: PostgresqlDatabaseForClusterOptions)

Create a new PostgresqlDatabase inside a DatabaseClusterFromSnapshot.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forInstance 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forInstance(scope: Construct, id: string, instance: DatabaseInstance, options: PostgresqlDatabaseForClusterOptions)

Create a new PostgresqlDatabase inside a DatabaseInstance.

This method automatically adds the instance to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

instanceRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forInstanceFromSnapshot 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forInstanceFromSnapshot(scope: Construct, id: string, instance: DatabaseInstanceFromSnapshot, options: PostgresqlDatabaseForClusterOptions)

Create a new PostgresqlDatabase inside a DatabaseInstanceFromSnapshot.

This method automatically adds the instance to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

instanceRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forServerlessCluster 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forServerlessCluster(scope: Construct, id: string, cluster: ServerlessCluster, options: PostgresqlDatabaseForServerlessClusterOptions)

Create a new PostgresqlDatabase inside a DatabaseCluster.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forServerlessClusterFromSnapshot 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forServerlessClusterFromSnapshot(scope: Construct, id: string, cluster: ServerlessClusterFromSnapshot, options: PostgresqlDatabaseForServerlessClusterOptions)

Create a new PostgresqlDatabase inside a DatabaseClusterFromSnapshot.

This method automatically adds the cluster to the CloudFormation dependencies of the CDK Trigger.

scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

Properties

Name Type Description
node constructs.Node The tree node.
databaseName string The name of the database/catalog.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
trigger aws-cdk-lib.triggers.ITrigger The CDK Trigger that kicks off the process.
nodeRequired 
public readonly node: Node;

The tree node.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

triggerRequired 
public readonly trigger: ITrigger;

The CDK Trigger that kicks off the process.

You can further customize when the trigger fires using executeAfter.

RunnableFargateTask

An RunnableFargateTask construct.

Initializers 

import { RunnableFargateTask } from 'shady-island'

new RunnableFargateTask(scope: Construct, id: string, props: RunnableFargateTaskProps)
Name Type Description
scope constructs.Construct - The scope in which to define this construct.
id string - The scoped construct ID.
props RunnableFargateTaskProps - Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsRequired

Initialization properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { RunnableFargateTask } from 'shady-island'

RunnableFargateTask.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
task IFargateTask The FargateTask in this construct.
taskDefinition aws-cdk-lib.aws_ecs.FargateTaskDefinition The FargateTaskDefinition in this construct.
nodeRequired 
public readonly node: Node;

The tree node.

taskRequired 
public readonly task: IFargateTask;

The FargateTask in this construct.

taskDefinitionRequired 
public readonly taskDefinition: FargateTaskDefinition;

The FargateTaskDefinition in this construct.

SecretHttpHeader

Configure a secret header an ALB can require for every request.

Initializers 

import { networking } from 'shady-island'

new networking.SecretHttpHeader(scope: Construct, id: string, props?: SecretHttpHeaderProps)
Name Type Description
scope constructs.Construct - The parent scope.
id string - The construct identifier.
props shady-island.networking.SecretHttpHeaderProps - The configuration properties.
scopeRequired

The parent scope.

idRequired

The construct identifier.

propsOptional

The configuration properties.

Methods

Name Description
toString Returns a string representation of this construct.
createListenerCondition No description.
createOriginCustomHeaders No description.
toString 
public toString(): string

Returns a string representation of this construct.

createListenerCondition 
public createListenerCondition(): ListenerCondition
createOriginCustomHeaders 
public createOriginCustomHeaders(): {[ key: string ]: string}

Static Functions

Name Description
isConstruct Checks if x is a construct.
fromSecret Create a SecretHttpHeader from an existing Secrets Manager secret.
isConstruct 
import { networking } from 'shady-island'

networking.SecretHttpHeader.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

fromSecret 
import { networking } from 'shady-island'

networking.SecretHttpHeader.fromSecret(scope: Construct, id: string, secret: ISecret)

Create a SecretHttpHeader from an existing Secrets Manager secret.

The secret must be in JSON format and have two fields: name and value.

scopeRequired

The parent scope.

idRequired

The ID for the new construct.

secretRequired

The existing Secrets Manager secret.

Properties

Name Type Description
node constructs.Node The tree node.
defaultHeaderName string Gets the default header name.
headerName string No description.
headerValue aws-cdk-lib.SecretValue No description.
secret aws-cdk-lib.aws_secretsmanager.ISecret The Secrets Manager secret that contains the name and value of the header.
nodeRequired 
public readonly node: Node;

The tree node.

defaultHeaderNameRequired 
public readonly defaultHeaderName: string;

Gets the default header name.

headerNameRequired 
public readonly headerName: string;
headerValueRequired 
public readonly headerValue: SecretValue;
secretRequired 
public readonly secret: ISecret;

The Secrets Manager secret that contains the name and value of the header.

SingletonLaunchTemplate

A launch template bound to a single Elastic Network Interface.

Initializers 

import { networking } from 'shady-island'

new networking.SingletonLaunchTemplate(scope: Construct, id: string, props: SingletonLaunchTemplateProps)
Name Type Description
scope constructs.Construct - The scope in which to define this construct.
id string - The scoped construct ID.
props shady-island.networking.SingletonLaunchTemplateProps - Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsRequired

Initialization properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
addSecurityGroup Add the security group to the instance.
createAutoScalingGroup Creates an auto-scaling group for this launch template.
toString 
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy 
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
addSecurityGroup 
public addSecurityGroup(securityGroup: ISecurityGroup): void

Add the security group to the instance.

securityGroupRequired
createAutoScalingGroup 
public createAutoScalingGroup(id: string, props: AutoScalingGroupProps): AutoScalingGroup

Creates an auto-scaling group for this launch template.

The following properties are ignored (if specified): launchTemplate, minCapacity, and maxCapacity.

idRequired

The ID of the auto-scaling group.

propsRequired

Constructor properties of the AutoScalingGroup.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isOwnedResource Returns true if the construct was created by CDK, and false otherwise.
isResource Check whether the given construct is a Resource.
fromLaunchTemplateAttributes Import an existing LaunchTemplate.
isConstruct 
import { networking } from 'shady-island'

networking.SingletonLaunchTemplate.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

isOwnedResource 
import { networking } from 'shady-island'

networking.SingletonLaunchTemplate.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

constructRequired
isResource 
import { networking } from 'shady-island'

networking.SingletonLaunchTemplate.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
fromLaunchTemplateAttributes 
import { networking } from 'shady-island'

networking.SingletonLaunchTemplate.fromLaunchTemplateAttributes(scope: Construct, id: string, attrs: LaunchTemplateAttributes)

Import an existing LaunchTemplate.

scopeRequired
idRequired
attrsRequired

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
connections aws-cdk-lib.aws_ec2.Connections Allows specifying security group connections for the instance.
defaultVersionNumber string The default version for the launch template.
grantPrincipal aws-cdk-lib.aws_iam.IPrincipal Principal to grant permissions to.
latestVersionNumber string The latest version of the launch template.
versionNumber string The version number of this launch template to use.
imageId string The AMI ID of the image to use.
instanceType aws-cdk-lib.aws_ec2.InstanceType Type of instance to launch.
launchTemplateId string The identifier of the Launch Template.
launchTemplateName string The name of the Launch Template.
osType aws-cdk-lib.aws_ec2.OperatingSystemType The type of OS the instance is running.
role aws-cdk-lib.aws_iam.IRole IAM Role assumed by instances that are launched from this template.
userData aws-cdk-lib.aws_ec2.UserData UserData executed by instances that are launched from this template.
networkInterface shady-island.networking.INetworkInterface The network interface used by this launch template.
nodeRequired 
public readonly node: Node;

The tree node.

envRequired 
public readonly env: ResourceEnvironment;

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;

The stack in which this resource is defined.

connectionsRequired 
public readonly connections: Connections;

Allows specifying security group connections for the instance.

defaultVersionNumberRequired 
public readonly defaultVersionNumber: string;

The default version for the launch template.

grantPrincipalRequired 
public readonly grantPrincipal: IPrincipal;

Principal to grant permissions to.

latestVersionNumberRequired 
public readonly latestVersionNumber: string;

The latest version of the launch template.

versionNumberRequired 
public readonly versionNumber: string;

The version number of this launch template to use.

imageIdOptional 
public readonly imageId: string;

The AMI ID of the image to use.

instanceTypeOptional 
public readonly instanceType: InstanceType;

Type of instance to launch.

launchTemplateIdOptional 
public readonly launchTemplateId: string;

The identifier of the Launch Template.

Exactly one of launchTemplateId and launchTemplateName will be set.

launchTemplateNameOptional 
public readonly launchTemplateName: string;

The name of the Launch Template.

Exactly one of launchTemplateId and launchTemplateName will be set.

osTypeOptional 
public readonly osType: OperatingSystemType;

The type of OS the instance is running.

roleOptional 
public readonly role: IRole;

IAM Role assumed by instances that are launched from this template.

userDataOptional 
public readonly userData: UserData;

UserData executed by instances that are launched from this template.

networkInterfaceRequired 
public readonly networkInterface: INetworkInterface;

The network interface used by this launch template.

WebLoadBalancing

A utility for creating a public-facing Application Load Balancer.

Initializers 

import { networking } from 'shady-island'

new networking.WebLoadBalancing(scope: Construct, id: string, props: WebLoadBalancingProps)
Name Type Description
scope constructs.Construct - The scope in which to define this construct.
id string - The scoped construct ID.
props shady-island.networking.WebLoadBalancingProps - Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsRequired

Initialization properties for this construct.

Methods

Name Description
toString Returns a string representation of this construct.
addTarget Adds a target to the listener.
toString 
public toString(): string

Returns a string representation of this construct.

addTarget 
public addTarget(id: string, target: IApplicationLoadBalancerTarget, options?: TargetOptions): IApplicationTargetGroup

Adds a target to the listener.

If the following options are left undefined, these defaults will be used.

idRequired

The ID of the new target group.

targetRequired

The load balancing target to receive traffic.

optionsOptional

The target group options.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { networking } from 'shady-island'

networking.WebLoadBalancing.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
listener aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationListener The HTTPS listener.
loadBalancer aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationLoadBalancer The load balancer itself.
secretHeader shady-island.networking.ISecretHttpHeader The secret header (if requireSecretHeader was set to true).
nodeRequired 
public readonly node: Node;

The tree node.

listenerRequired 
public readonly listener: IApplicationListener;

The HTTPS listener.

loadBalancerRequired 
public readonly loadBalancer: IApplicationLoadBalancer;

The load balancer itself.

secretHeaderOptional 
public readonly secretHeader: ISecretHttpHeader;

The secret header (if requireSecretHeader was set to true).

Workload

A collection of Stacks in an Environment representing a deployment Tier.

Consider deriving a subclass of Workload and creating your Stack objects within its constructor.

The difference between this class and a Stage is that a Stage is meant to be deployed with CDK Pipelines. This class can be used with cdk deploy. This class also provides context loading capabilities.

It is an anti-pattern to provide a Workload instance as the parent scope to the aws-cdk-lib.Stack constructor. You should either use the createStack() method, create your own sub-class of Stack and provide a Workload instance as the parent scope, or use the import() method to essentially import a Stack and its constructs into a Workload without changing its scope.

Initializers 

import { Workload } from 'shady-island'

new Workload(scope: Construct, id: string, props: WorkloadProps)
Name Type Description
scope constructs.Construct - The construct scope.
id string - The construct ID.
props WorkloadProps - The constructor options.
scopeRequired

The construct scope.

idRequired

The construct ID.

propsRequired

The constructor options.

Methods

Name Description
toString Returns a string representation of this construct.
createStack Adds a stack to the Workload.
import Forces a return value for Workload.of for one or more Stack objects.
toString 
public toString(): string

Returns a string representation of this construct.

createStack 
public createStack(id: string, props?: StackProps): Stack

Adds a stack to the Workload.

This method will return a Stack with this Workload as its scope. By default, the stackName property provided to the Stack will be this Workload’s workloadName, its tier, and the value of the id parameter separated by hyphens, all in lowercase.

Example

const exampleDev = new Workload(app, 'Example', {
  tier: Tier.DEVELOPMENT,
  env: { account: '123456789012', region: 'us-east-1' },
});
const networkStack = exampleDev.createStack('Network', {});
assert.strictEqual(networkStack.stackName, 'example-dev-network').

You can override the `env` and `stackName` properties in the `props`
argument if desired.

The stack will have a `DeploymentTier` tag added, set to the tier label.
idRequired

The Stack construct id (e.g. “Network”).

propsOptional

The new Stack properties.

import 
public import(stacks: ...Stack[]): void

Forces a return value for Workload.of for one or more Stack objects.

Normally, a construct must be within the scope of the Workload instance, such as a construct that is a descendant of a Stack returned from createStack().

That means that any Stack instances you created in your CDK application before installing the shady-island library would not be able to be part of a Workload unless you changed the scope argument of the Stack constructor from the App or Stage to the desired Workload instance. However, that’s bad news for a Stack that has already been deployed to CloudFormation because the resource identifier of persistent child constructs (e.g. RDS databases, S3 buckets) would change.

A successful call to this method will register the provided Stack objects and all their construct descendants as members of that Workload instance. Calling Workload.of() with any of the provided Stack objects or their descendant constructs will return that Workload instance.

If any of the Stack objects provided to this method already belong to a different Workload object, or whose parent scope is not identical to the parent scope of this Workload (i.e. the Stage or the App), an error will be thrown.

stacksRequired

The Stack instances to import to this Workload.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isWorkload Test whether the given construct is a Workload.
of Return the Workload the construct is contained within, fails if there is no workload up the tree.
isConstruct 
import { Workload } from 'shady-island'

Workload.isConstruct(x: any)

Checks if x is a construct.

xRequired

Any object.

isWorkload 
import { Workload } from 'shady-island'

Workload.isWorkload(x: any)

Test whether the given construct is a Workload.

xRequired

The value to test.

of 
import { Workload } from 'shady-island'

Workload.of(construct: IConstruct)

Return the Workload the construct is contained within, fails if there is no workload up the tree.

constructRequired

The construct whose parent nodes will be searched.

Properties

Name Type Description
node constructs.Node The tree node.
stacks aws-cdk-lib.Stack[] No description.
tier Tier The deployment tier.
workloadName string The prefix used in the default stackName provided to child Stacks.
account string The default account for all resources defined within this workload.
publicDomainName string The domain name to use for resources that expose public endpoints.
region string The default region for all resources defined within this workload.
nodeRequired 
public readonly node: Node;

The tree node.

stacksRequired 
public readonly stacks: Stack[];
tierRequired 
public readonly tier: Tier;

The deployment tier.

workloadNameRequired 
public readonly workloadName: string;

The prefix used in the default stackName provided to child Stacks.

accountOptional 
public readonly account: string;

The default account for all resources defined within this workload.

publicDomainNameOptional 
public readonly publicDomainName: string;

The domain name to use for resources that expose public endpoints.

You can use Workload.of(this).publicDomainName as the zoneName of a Route 53 hosted zone.

Any construct that creates public DNS resources (e.g. those of API Gateway, Application Load Balancing, CloudFront) can use this property to format a FQDN for itself by adding a subdomain.

Example

const app = new App();
const workload = new Workload(app, "Foobar", {
  tier: Tier.PRODUCTION,
  baseDomainName: 'example.com'
});
assert.strictEqual(workload.publicDomainName, 'prod.foobar.example.com');
const stack = workload.createStack("DNS");
const hostedZone = new HostedZone(stack, "HostedZone", {
  zoneName: `${workload.publicDomainName}`
});
const api = new RestApi(stack, "API", {
  restApiName: "foobar",
  domainName: { domainName: `api.${workload.publicDomainName}` },
});
regionOptional 
public readonly region: string;

The default region for all resources defined within this workload.

Structs

AddDirectoryOptions

Options for the ShellCommands.addDirectory method.

Initializer 

import { configuration } from 'shady-island'

const addDirectoryOptions: configuration.AddDirectoryOptions = { ... }

Properties

Name Type Description
group string The group name or numeric group ID to assign as the directory group.
mode string The file mode, e.g. 2755, 0400.
owner string The username or numeric user ID to assign as the directory owner.
groupOptional 
public readonly group: string;

The group name or numeric group ID to assign as the directory group.

modeOptional 
public readonly mode: string;

The file mode, e.g. 2755, 0400.

ownerOptional 
public readonly owner: string;

The username or numeric user ID to assign as the directory owner.

AssignOnLaunchProps

Properties for creating a new {@link AssignOnLaunch}.

Initializer 

import { AssignOnLaunchProps } from 'shady-island'

const assignOnLaunchProps: AssignOnLaunchProps = { ... }

Properties

Name Type Description
vpc aws-cdk-lib.aws_ec2.IVpc The VPC whose subnets will be configured.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection Which subnets to assign IPv6 addresses upon ENI creation.
vpcRequired 
public readonly vpc: IVpc;

The VPC whose subnets will be configured.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

Which subnets to assign IPv6 addresses upon ENI creation.

BaseDatabaseOptions

These options cannot be determined from existing Database constructs.

Initializer 

import { BaseDatabaseOptions } from 'shady-island'

const baseDatabaseOptions: BaseDatabaseOptions = { ... }

Properties

Name Type Description
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

BaseDatabaseProps

The properties for a database.

Initializer 

import { BaseDatabaseProps } from 'shady-island'

const baseDatabaseProps: BaseDatabaseProps = { ... }

Properties

Name Type Description
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
target aws-cdk-lib.aws_ec2.IConnectable The target service or database.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretRequired 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

targetRequired 
public readonly target: IConnectable;

The target service or database.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

BaseFargateTaskProps

Common parameters for Fargate Tasks.

Initializer 

import { BaseFargateTaskProps } from 'shady-island'

const baseFargateTaskProps: BaseFargateTaskProps = { ... }

Properties

Name Type Description
assignPublicIp boolean Specifies whether the task’s elastic network interface receives a public IP address.
securityGroups aws-cdk-lib.aws_ec2.ISecurityGroup[] Existing security groups to use for your task.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The subnets to associate with the task.
assignPublicIpOptional 
public readonly assignPublicIp: boolean;

Specifies whether the task’s elastic network interface receives a public IP address.

If true, the task will receive a public IP address.

securityGroupsOptional 
public readonly securityGroups: ISecurityGroup[];

Existing security groups to use for your task.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The subnets to associate with the task.

CidrContextProps

Properties for creating a new {@link CidrContext}.

Initializer 

import { CidrContextProps } from 'shady-island'

const cidrContextProps: CidrContextProps = { ... }

Properties

Name Type Description
vpc aws-cdk-lib.aws_ec2.IVpc The VPC whose subnets will be configured.
addressPool string The ID of a BYOIP IPv6 address pool from which to allocate the CIDR block.
assignAddressOnLaunch boolean Whether this VPC should auto-assign an IPv6 address to launched ENIs.
cidrBlock string An IPv6 CIDR block from the IPv6 address pool to use for this VPC.
cidrCount number Split the CIDRs into this many groups (by default one for each subnet).
vpcRequired 
public readonly vpc: IVpc;

The VPC whose subnets will be configured.

addressPoolOptional 
public readonly addressPool: string;

The ID of a BYOIP IPv6 address pool from which to allocate the CIDR block.

If this parameter is not specified or is undefined, the CIDR block will be provided by AWS.

assignAddressOnLaunchOptional 
public readonly assignAddressOnLaunch: boolean;

Whether this VPC should auto-assign an IPv6 address to launched ENIs.

True by default.

cidrBlockOptional 
public readonly cidrBlock: string;

An IPv6 CIDR block from the IPv6 address pool to use for this VPC.

The {@link EnableIpv6Props#addressPool } attribute is required if this parameter is specified.

cidrCountOptional 
public readonly cidrCount: number;

Split the CIDRs into this many groups (by default one for each subnet).

ContainerImagePipelineProps

Properties for the ContainerImagePipeline constructor.

Initializer 

import { automation } from 'shady-island'

const containerImagePipelineProps: automation.ContainerImagePipelineProps = { ... }

Properties

Name Type Description
container string The name of the container in the task definition to update.
repository aws-cdk-lib.aws_ecr.IRepository The ECR repository where images will be pushed.
service aws-cdk-lib.aws_ecs.IBaseService The ECS service to update when an image is pushed to the ECR repository.
artifactBucket aws-cdk-lib.aws_s3.IBucket A custom bucket for artifacts.
pipelineType aws-cdk-lib.aws_codepipeline.PipelineType The pipeline type (V1 or V2).
tag string The container image tag to observe for changes in the ECR repository.
containerRequired 
public readonly container: string;

The name of the container in the task definition to update.

repositoryRequired 
public readonly repository: IRepository;

The ECR repository where images will be pushed.

serviceRequired 
public readonly service: IBaseService;

The ECS service to update when an image is pushed to the ECR repository.

artifactBucketOptional 
public readonly artifactBucket: IBucket;

A custom bucket for artifacts.

pipelineTypeOptional 
public readonly pipelineType: PipelineType;

The pipeline type (V1 or V2).

tagOptional 
public readonly tag: string;

The container image tag to observe for changes in the ECR repository.

ContextLoadingStageProps

Constructor properties for ContextLoadingStage.

Initializer 

import { ContextLoadingStageProps } from 'shady-island'

const contextLoadingStageProps: ContextLoadingStageProps = { ... }

Properties

Name Type Description
env aws-cdk-lib.Environment Default AWS environment (account/region) for Stacks in this Stage.
outdir string The output directory into which to emit synthesized artifacts.
permissionsBoundary aws-cdk-lib.PermissionsBoundary Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.
policyValidationBeta1 aws-cdk-lib.IPolicyValidationPluginBeta1[] Validation plugins to run during synthesis.
stageName string Name of this stage.
contextFile string The filesystem path to a JSON file that contains context values to load.
envOptional 
public readonly env: Environment;

Default AWS environment (account/region) for Stacks in this Stage.

Stacks defined inside this Stage with either region or account missing from its env will use the corresponding field given here.

If either region or accountis is not configured for Stack (either on the Stack itself or on the containing Stage), the Stack will be environment-agnostic.

Environment-agnostic stacks can be deployed to any environment, may not be able to take advantage of all features of the CDK. For example, they will not be able to use environmental context lookups, will not automatically translate Service Principals to the right format based on the environment’s AWS partition, and other such enhancements.

Example

// Use a concrete account and region to deploy this Stage to
new Stage(app, 'Stage1', {
  env: { account: '123456789012', region: 'us-east-1' },
});

// Use the CLI's current credentials to determine the target environment
new Stage(app, 'Stage2', {
  env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
});
outdirOptional 
public readonly outdir: string;

The output directory into which to emit synthesized artifacts.

Can only be specified if this stage is the root stage (the app). If this is specified and this stage is nested within another stage, an error will be thrown.

permissionsBoundaryOptional 
public readonly permissionsBoundary: PermissionsBoundary;

Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.

policyValidationBeta1Optional 
public readonly policyValidationBeta1: IPolicyValidationPluginBeta1[];

Validation plugins to run during synthesis.

If any plugin reports any violation, synthesis will be interrupted and the report displayed to the user.

stageNameOptional 
public readonly stageName: string;

Name of this stage.

contextFileOptional 
public readonly contextFile: string;

The filesystem path to a JSON file that contains context values to load.

Using this property allows you to load different context values within each Stage, directly from a file you can check into source control.

DeploymentTierStageProps

Constructor properties for DeploymentTierStage.

Initializer 

import { DeploymentTierStageProps } from 'shady-island'

const deploymentTierStageProps: DeploymentTierStageProps = { ... }

Properties

Name Type Description
env aws-cdk-lib.Environment Default AWS environment (account/region) for Stacks in this Stage.
outdir string The output directory into which to emit synthesized artifacts.
permissionsBoundary aws-cdk-lib.PermissionsBoundary Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.
policyValidationBeta1 aws-cdk-lib.IPolicyValidationPluginBeta1[] Validation plugins to run during synthesis.
stageName string Name of this stage.
contextFile string The filesystem path to a JSON file that contains context values to load.
tier Tier The deployment tier.
addTag boolean Whether a DeploymentTier tag is added to nested constructs.
envOptional 
public readonly env: Environment;

Default AWS environment (account/region) for Stacks in this Stage.

Stacks defined inside this Stage with either region or account missing from its env will use the corresponding field given here.

If either region or accountis is not configured for Stack (either on the Stack itself or on the containing Stage), the Stack will be environment-agnostic.

Environment-agnostic stacks can be deployed to any environment, may not be able to take advantage of all features of the CDK. For example, they will not be able to use environmental context lookups, will not automatically translate Service Principals to the right format based on the environment’s AWS partition, and other such enhancements.

Example

// Use a concrete account and region to deploy this Stage to
new Stage(app, 'Stage1', {
  env: { account: '123456789012', region: 'us-east-1' },
});

// Use the CLI's current credentials to determine the target environment
new Stage(app, 'Stage2', {
  env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
});
outdirOptional 
public readonly outdir: string;

The output directory into which to emit synthesized artifacts.

Can only be specified if this stage is the root stage (the app). If this is specified and this stage is nested within another stage, an error will be thrown.

permissionsBoundaryOptional 
public readonly permissionsBoundary: PermissionsBoundary;

Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.

policyValidationBeta1Optional 
public readonly policyValidationBeta1: IPolicyValidationPluginBeta1[];

Validation plugins to run during synthesis.

If any plugin reports any violation, synthesis will be interrupted and the report displayed to the user.

stageNameOptional 
public readonly stageName: string;

Name of this stage.

contextFileOptional 
public readonly contextFile: string;

The filesystem path to a JSON file that contains context values to load.

Using this property allows you to load different context values within each Stage, directly from a file you can check into source control.

tierRequired 
public readonly tier: Tier;

The deployment tier.

addTagOptional 
public readonly addTag: boolean;

Whether a DeploymentTier tag is added to nested constructs.

ElasticIpProps

Constructor properties for ElasticIp.

Initializer 

import { networking } from 'shady-island'

const elasticIpProps: networking.ElasticIpProps = { ... }

Properties

Name Type Description
removalPolicy aws-cdk-lib.RemovalPolicy The removal policy for this resource.
removalPolicyOptional 
public readonly removalPolicy: RemovalPolicy;

The removal policy for this resource.

EncryptedFileSystemProps

Constructor parameters for EncryptedFileSystem.

The encrypted argument is ignored.

Initializer 

import { EncryptedFileSystemProps } from 'shady-island'

const encryptedFileSystemProps: EncryptedFileSystemProps = { ... }

Properties

Name Type Description
vpc aws-cdk-lib.aws_ec2.IVpc VPC to launch the file system in.
allowAnonymousAccess boolean Allow access from anonymous client that doesn’t use IAM authentication.
enableAutomaticBackups boolean Whether to enable automatic backups for the file system.
encrypted boolean Defines if the data at rest in the file system is encrypted or not.
fileSystemName string The file system’s name.
fileSystemPolicy aws-cdk-lib.aws_iam.PolicyDocument File system policy is an IAM resource policy used to control NFS access to an EFS file system.
kmsKey aws-cdk-lib.aws_kms.IKey The KMS key used for encryption.
lifecyclePolicy aws-cdk-lib.aws_efs.LifecyclePolicy A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class.
oneZone boolean Whether this is a One Zone file system.
outOfInfrequentAccessPolicy aws-cdk-lib.aws_efs.OutOfInfrequentAccessPolicy A policy used by EFS lifecycle management to transition files from Infrequent Access (IA) storage class to primary storage class.
performanceMode aws-cdk-lib.aws_efs.PerformanceMode The performance mode that the file system will operate under.
provisionedThroughputPerSecond aws-cdk-lib.Size Provisioned throughput for the file system.
removalPolicy aws-cdk-lib.RemovalPolicy The removal policy to apply to the file system.
replicationOverwriteProtection aws-cdk-lib.aws_efs.ReplicationOverwriteProtection Whether to enable the filesystem’s replication overwrite protection or not.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup Security Group to assign to this file system.
throughputMode aws-cdk-lib.aws_efs.ThroughputMode Enum to mention the throughput mode of the file system.
transitionToArchivePolicy aws-cdk-lib.aws_efs.LifecyclePolicy The number of days after files were last accessed in primary storage (the Standard storage class) at which to move them to Archive storage.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection Which subnets to place the mount target in the VPC.
vpcRequired 
public readonly vpc: IVpc;

VPC to launch the file system in.

allowAnonymousAccessOptional 
public readonly allowAnonymousAccess: boolean;

Allow access from anonymous client that doesn’t use IAM authentication.

enableAutomaticBackupsOptional 
public readonly enableAutomaticBackups: boolean;

Whether to enable automatic backups for the file system.

encryptedOptional 
public readonly encrypted: boolean;

Defines if the data at rest in the file system is encrypted or not.

https://docs.aws.amazon.com/cdk/latest/guide/featureflags.html

fileSystemNameOptional 
public readonly fileSystemName: string;

The file system’s name.

fileSystemPolicyOptional 
public readonly fileSystemPolicy: PolicyDocument;

File system policy is an IAM resource policy used to control NFS access to an EFS file system.

kmsKeyOptional 
public readonly kmsKey: IKey;

The KMS key used for encryption.

This is required to encrypt the data at rest if

lifecyclePolicyOptional 
public readonly lifecyclePolicy: LifecyclePolicy;

A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class.

oneZoneOptional 
public readonly oneZone: boolean;

Whether this is a One Zone file system.

If enabled, performanceMode must be set to GENERAL_PURPOSE and vpcSubnets cannot be set.

https://docs.aws.amazon.com/efs/latest/ug/availability-durability.html#file-system-type

outOfInfrequentAccessPolicyOptional 
public readonly outOfInfrequentAccessPolicy: OutOfInfrequentAccessPolicy;

A policy used by EFS lifecycle management to transition files from Infrequent Access (IA) storage class to primary storage class.

performanceModeOptional 
public readonly performanceMode: PerformanceMode;

The performance mode that the file system will operate under.

An Amazon EFS file system’s performance mode can’t be changed after the file system has been created. Updating this property will replace the file system.

provisionedThroughputPerSecondOptional 
public readonly provisionedThroughputPerSecond: Size;

Provisioned throughput for the file system.

This is a required property if the throughput mode is set to PROVISIONED. Must be at least 1MiB/s.

removalPolicyOptional 
public readonly removalPolicy: RemovalPolicy;

The removal policy to apply to the file system.

replicationOverwriteProtectionOptional 
public readonly replicationOverwriteProtection: ReplicationOverwriteProtection;

Whether to enable the filesystem’s replication overwrite protection or not.

Set false if you want to create a read-only filesystem for use as a replication destination.

https://docs.aws.amazon.com/efs/latest/ug/replication-use-cases.html#replicate-existing-destination

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

Security Group to assign to this file system.

throughputModeOptional 
public readonly throughputMode: ThroughputMode;

Enum to mention the throughput mode of the file system.

transitionToArchivePolicyOptional 
public readonly transitionToArchivePolicy: LifecyclePolicy;

The number of days after files were last accessed in primary storage (the Standard storage class) at which to move them to Archive storage.

Metadata operations such as listing the contents of a directory don’t count as file access events.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

Which subnets to place the mount target in the VPC.

EncryptedLogGroupProps

Constructor properties for EncryptedLogGroup.

Initializer 

import { EncryptedLogGroupProps } from 'shady-island'

const encryptedLogGroupProps: EncryptedLogGroupProps = { ... }

Properties

Name Type Description
logGroupName string Name of the log group.
encryptionKey aws-cdk-lib.aws_kms.IKey The KMS Key to encrypt the log group with.
removalPolicy aws-cdk-lib.RemovalPolicy Whether the key and group should be retained when they are removed from the Stack.
retention aws-cdk-lib.aws_logs.RetentionDays How long, in days, the log contents will be retained.
logGroupNameRequired 
public readonly logGroupName: string;

Name of the log group.

We need a log group name ahead of time because otherwise the key policy would create a cyclical dependency.

encryptionKeyOptional 
public readonly encryptionKey: IKey;

The KMS Key to encrypt the log group with.

removalPolicyOptional 
public readonly removalPolicy: RemovalPolicy;

Whether the key and group should be retained when they are removed from the Stack.

retentionOptional 
public readonly retention: RetentionDays;

How long, in days, the log contents will be retained.

EventTargetProps

Properties to create a new EventBridge Rule Target.

Initializer 

import { EventTargetProps } from 'shady-island'

const eventTargetProps: EventTargetProps = { ... }

Properties

Name Type Description
deadLetterQueue aws-cdk-lib.aws_sqs.IQueue The SQS queue to be used as deadLetterQueue. Check out the considerations for using a dead-letter queue.
maxEventAge aws-cdk-lib.Duration The maximum age of a request that Lambda sends to a function for processing.
retryAttempts number The maximum number of times to retry when the function returns an error.
containerOverrides aws-cdk-lib.aws_events_targets.ContainerOverride[] Container setting overrides.
enableExecuteCommand boolean Whether or not to enable the execute command functionality for the containers in this task.
launchType aws-cdk-lib.aws_ecs.LaunchType Specifies the launch type on which your task is running.
propagateTags aws-cdk-lib.aws_ecs.PropagatedTagSource Specifies whether to propagate the tags from the task definition to the task.
role aws-cdk-lib.aws_iam.IRole Existing IAM role to run the ECS task.
tags aws-cdk-lib.aws_events_targets.Tag[] The metadata that you apply to the task to help you categorize and organize them.
taskCount number How many tasks should be started when this event is triggered.
deadLetterQueueOptional 
public readonly deadLetterQueue: IQueue;

The SQS queue to be used as deadLetterQueue. Check out the considerations for using a dead-letter queue.

The events not successfully delivered are automatically retried for a specified period of time, depending on the retry policy of the target. If an event is not delivered before all retry attempts are exhausted, it will be sent to the dead letter queue.

maxEventAgeOptional 
public readonly maxEventAge: Duration;

The maximum age of a request that Lambda sends to a function for processing.

Minimum value of 60. Maximum value of 86400.

retryAttemptsOptional 
public readonly retryAttempts: number;

The maximum number of times to retry when the function returns an error.

Minimum value of 0. Maximum value of 185.

containerOverridesOptional 
public readonly containerOverrides: ContainerOverride[];

Container setting overrides.

Key is the name of the container to override, value is the values you want to override.

enableExecuteCommandOptional 
public readonly enableExecuteCommand: boolean;

Whether or not to enable the execute command functionality for the containers in this task.

If true, this enables execute command functionality on all containers in the task.

launchTypeOptional 
public readonly launchType: LaunchType;

Specifies the launch type on which your task is running.

The launch type that you specify here must match one of the launch type (compatibilities) of the target task.

propagateTagsOptional 
public readonly propagateTags: PropagatedTagSource;

Specifies whether to propagate the tags from the task definition to the task.

If no value is specified, the tags are not propagated.

roleOptional 
public readonly role: IRole;

Existing IAM role to run the ECS task.

tagsOptional 
public readonly tags: Tag[];

The metadata that you apply to the task to help you categorize and organize them.

Each tag consists of a key and an optional value, both of which you define.

taskCountOptional 
public readonly taskCount: number;

How many tasks should be started when this event is triggered.

FargateAwsVpcConfiguration

The networkConfiguration.awsvpcConfiguration values for ecs.RunTask.

Initializer 

import { FargateAwsVpcConfiguration } from 'shady-island'

const fargateAwsVpcConfiguration: FargateAwsVpcConfiguration = { ... }

Properties

Name Type Description
assignPublicIp string Whether the task’s elastic network interface receives a public IP address.
securityGroups string[] The IDs of the security groups associated with the task or service.
subnets string[] The IDs of the subnets associated with the task or service.
assignPublicIpOptional 
public readonly assignPublicIp: string;

Whether the task’s elastic network interface receives a public IP address.

The default value is DISABLED .

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html#cfn-ecs-service-awsvpcconfiguration-assignpublicip

securityGroupsOptional 
public readonly securityGroups: string[];

The IDs of the security groups associated with the task or service.

If you don’t specify a security group, the default security group for the VPC is used. There’s a limit of 5 security groups that can be specified per AwsVpcConfiguration .

All specified security groups must be from the same VPC.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html#cfn-ecs-service-awsvpcconfiguration-securitygroups

subnetsOptional 
public readonly subnets: string[];

The IDs of the subnets associated with the task or service.

There’s a limit of 16 subnets that can be specified per AwsVpcConfiguration .

All specified subnets must be from the same VPC.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html#cfn-ecs-service-awsvpcconfiguration-subnets

FargateTaskImageOptions

The properties for the FargateTask using an image.

Initializer 

import { FargateTaskImageOptions } from 'shady-island'

const fargateTaskImageOptions: FargateTaskImageOptions = { ... }

Properties

Name Type Description
image aws-cdk-lib.aws_ecs.ContainerImage The image used to start a container.
command string[] The command that’s passed to the container.
containerName string The container name value to be specified in the task definition.
containerPort number The port number on the container that is bound to the user-specified or automatically assigned host port.
dockerLabels {[ key: string ]: string} A key/value map of labels to add to the container.
enableLogging boolean Flag to indicate whether to enable logging.
entryPoint string[] The entry point that’s passed to the container.
environment {[ key: string ]: string} The environment variables to pass to the container.
executionRole aws-cdk-lib.aws_iam.IRole The name of the task execution IAM role that grants the Amazon ECS container agent permission to call AWS APIs on your behalf.
family string The name of a family that this task definition is registered to.
logDriver aws-cdk-lib.aws_ecs.LogDriver The log driver to use.
secrets {[ key: string ]: aws-cdk-lib.aws_ecs.Secret} The secret to expose to the container as an environment variable.
taskRole aws-cdk-lib.aws_iam.IRole The name of the task IAM role that grants containers in the task permission to call AWS APIs on your behalf.
imageRequired 
public readonly image: ContainerImage;

The image used to start a container.

Image or taskDefinition must be specified, not both.

commandOptional 
public readonly command: string[];

The command that’s passed to the container.

If there are multiple arguments, make sure that each argument is a separated string in the array.

This parameter maps to Cmd in the Create a container section of the Docker Remote API and the COMMAND parameter to docker run.

For more information about the Docker CMD parameter, see https://docs.docker.com/engine/reference/builder/#cmd.

containerNameOptional 
public readonly containerName: string;

The container name value to be specified in the task definition.

containerPortOptional 
public readonly containerPort: number;

The port number on the container that is bound to the user-specified or automatically assigned host port.

If you are using containers in a task with the awsvpc or host network mode, exposed ports should be specified using containerPort. If you are using containers in a task with the bridge network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range.

Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.

For more information, see hostPort.

dockerLabelsOptional 
public readonly dockerLabels: {[ key: string ]: string};

A key/value map of labels to add to the container.

enableLoggingOptional 
public readonly enableLogging: boolean;

Flag to indicate whether to enable logging.

entryPointOptional 
public readonly entryPoint: string[];

The entry point that’s passed to the container.

This parameter maps to Entrypoint in the Create a container section of the Docker Remote API and the --entrypoint option to docker run.

For more information about the Docker ENTRYPOINT parameter, see https://docs.docker.com/engine/reference/builder/#entrypoint.

environmentOptional 
public readonly environment: {[ key: string ]: string};

The environment variables to pass to the container.

executionRoleOptional 
public readonly executionRole: IRole;

The name of the task execution IAM role that grants the Amazon ECS container agent permission to call AWS APIs on your behalf.

familyOptional 
public readonly family: string;

The name of a family that this task definition is registered to.

A family groups multiple versions of a task definition.

logDriverOptional 
public readonly logDriver: LogDriver;

The log driver to use.

secretsOptional 
public readonly secrets: {[ key: string ]: Secret};

The secret to expose to the container as an environment variable.

taskRoleOptional 
public readonly taskRole: IRole;

The name of the task IAM role that grants containers in the task permission to call AWS APIs on your behalf.

FargateTaskProps

Constructor parameters for FargateTask.

Initializer 

import { FargateTaskProps } from 'shady-island'

const fargateTaskProps: FargateTaskProps = { ... }

Properties

Name Type Description
assignPublicIp boolean Specifies whether the task’s elastic network interface receives a public IP address.
securityGroups aws-cdk-lib.aws_ec2.ISecurityGroup[] Existing security groups to use for your task.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The subnets to associate with the task.
cluster aws-cdk-lib.aws_ecs.ICluster The name of the cluster that hosts the service.
taskDefinition aws-cdk-lib.aws_ecs.FargateTaskDefinition The task definition that can be launched.
assignPublicIpOptional 
public readonly assignPublicIp: boolean;

Specifies whether the task’s elastic network interface receives a public IP address.

If true, the task will receive a public IP address.

securityGroupsOptional 
public readonly securityGroups: ISecurityGroup[];

Existing security groups to use for your task.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The subnets to associate with the task.

clusterRequired 
public readonly cluster: ICluster;

The name of the cluster that hosts the service.

taskDefinitionRequired 
public readonly taskDefinition: FargateTaskDefinition;

The task definition that can be launched.

MysqlDatabaseForClusterOptions

Properties to specify when using MysqlDatabase.forCluster().

Initializer 

import { MysqlDatabaseForClusterOptions } from 'shady-island'

const mysqlDatabaseForClusterOptions: MysqlDatabaseForClusterOptions = { ... }

Properties

Name Type Description
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
characterSet string The database default character set to use.
collation string The database default collation to use.
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

characterSetOptional 
public readonly characterSet: string;

The database default character set to use.

collationOptional 
public readonly collation: string;

The database default collation to use.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretOptional 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

MysqlDatabaseForServerlessClusterOptions

Properties to specify when using MysqlDatabase.forServerlessCluster().

Initializer 

import { MysqlDatabaseForServerlessClusterOptions } from 'shady-island'

const mysqlDatabaseForServerlessClusterOptions: MysqlDatabaseForServerlessClusterOptions = { ... }

Properties

Name Type Description
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
characterSet string The database default character set to use.
collation string The database default collation to use.
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

characterSetOptional 
public readonly characterSet: string;

The database default character set to use.

collationOptional 
public readonly collation: string;

The database default collation to use.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretOptional 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

MysqlDatabaseOptions

MySQL-specific options.

Initializer 

import { MysqlDatabaseOptions } from 'shady-island'

const mysqlDatabaseOptions: MysqlDatabaseOptions = { ... }

Properties

Name Type Description
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
characterSet string The database default character set to use.
collation string The database default collation to use.
certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

characterSetOptional 
public readonly characterSet: string;

The database default character set to use.

collationOptional 
public readonly collation: string;

The database default collation to use.

MysqlDatabaseProps

Constructor properties for MysqlDatabase.

Initializer 

import { MysqlDatabaseProps } from 'shady-island'

const mysqlDatabaseProps: MysqlDatabaseProps = { ... }

Properties

Name Type Description
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
target aws-cdk-lib.aws_ec2.IConnectable The target service or database.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
characterSet string The database default character set to use.
collation string The database default collation to use.
databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretRequired 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

targetRequired 
public readonly target: IConnectable;

The target service or database.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

characterSetOptional 
public readonly characterSet: string;

The database default character set to use.

collationOptional 
public readonly collation: string;

The database default collation to use.

NetworkInterfaceAttributes

Attributes to import an existing Network Interface.

Initializer 

import { networking } from 'shady-island'

const networkInterfaceAttributes: networking.NetworkInterfaceAttributes = { ... }

Properties

Name Type Description
networkInterfaceId string The ID of this Network Interface.
securityGroups aws-cdk-lib.aws_ec2.ISecurityGroup[] The security groups assigned to the Network Interface.
subnet aws-cdk-lib.aws_ec2.ISubnet The subnet where this Network Interface will be created.
networkInterfaceIdRequired 
public readonly networkInterfaceId: string;

The ID of this Network Interface.

securityGroupsRequired 
public readonly securityGroups: ISecurityGroup[];

The security groups assigned to the Network Interface.

subnetRequired 
public readonly subnet: ISubnet;

The subnet where this Network Interface will be created.

NetworkInterfaceProps

Constructor properties for NetworkInterface.

Initializer 

import { networking } from 'shady-island'

const networkInterfaceProps: networking.NetworkInterfaceProps = { ... }

Properties

Name Type Description
subnet aws-cdk-lib.aws_ec2.ISubnet The subnet where this Network Interface will be created.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where this Network Interface will be created.
description string A description for this Network Interface.
elasticIp shady-island.networking.IElasticIp An Elastic IP Address to associate with this Network Interface.
enableSourceDestCheck boolean Enable the source/destination check.
interfaceType shady-island.networking.InterfaceType The type of interface (i.e. interface, efa, trunk).
ipv4 shady-island.networking.AddressingV4 How to assign IPv4 addresses.
ipv6 shady-island.networking.AddressingV6 How to assign IPv6 addresses.
removalPolicy aws-cdk-lib.RemovalPolicy The removal policy for this resource.
securityGroups aws-cdk-lib.aws_ec2.ISecurityGroup[] The security groups to assign to the Network Interface.
subnetRequired 
public readonly subnet: ISubnet;

The subnet where this Network Interface will be created.

vpcRequired 
public readonly vpc: IVpc;

The VPC where this Network Interface will be created.

descriptionOptional 
public readonly description: string;

A description for this Network Interface.

elasticIpOptional 
public readonly elasticIp: IElasticIp;

An Elastic IP Address to associate with this Network Interface.

Provding an Elastic IP

enableSourceDestCheckOptional 
public readonly enableSourceDestCheck: boolean;

Enable the source/destination check.

interfaceTypeOptional 
public readonly interfaceType: InterfaceType;

The type of interface (i.e. interface, efa, trunk).

ipv4Optional 
public readonly ipv4: AddressingV4;

How to assign IPv4 addresses.

The default behavior depends on the VPC. If it’s a dual stack VPC, EC2 will allocate a single private IP address from the VPC IPv4 CIDR range. If it’s IPv6-only, EC2 won’t allocate an IPv4 address.

ipv6Optional 
public readonly ipv6: AddressingV6;

How to assign IPv6 addresses.

The default behavior depends on the VPC. If there are no IPv6 CIDRs defined for the VPC, EC2 won’t allocate an IPv6 address. If it’s a dual stack or an IPv6-only VPC, EC2 will allocate an IPv6 address if the subnet auto-assigns one.

removalPolicyOptional 
public readonly removalPolicy: RemovalPolicy;

The removal policy for this resource.

securityGroupsOptional 
public readonly securityGroups: ISecurityGroup[];

The security groups to assign to the Network Interface.

OutputFileOptions

Options for the ShellCommands.outputFile method.

Initializer 

import { configuration } from 'shady-island'

const outputFileOptions: configuration.OutputFileOptions = { ... }

Properties

Name Type Description
delimiter string The bash heredoc delimiter.
substitution boolean Use true to enable variable and command substitution inside the heredoc.
delimiterOptional 
public readonly delimiter: string;

The bash heredoc delimiter.

substitutionOptional 
public readonly substitution: boolean;

Use true to enable variable and command substitution inside the heredoc.

PostgresqlDatabaseForClusterOptions

Properties to specify when using PostgresqlDatabase.forCluster().

Initializer 

import { PostgresqlDatabaseForClusterOptions } from 'shady-island'

const postgresqlDatabaseForClusterOptions: PostgresqlDatabaseForClusterOptions = { ... }

Properties

Name Type Description
ownerSecret aws-cdk-lib.aws_secretsmanager.ISecret The Secrets Manager secret for the owner of the schema.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
encoding string The database default encoding set to use.
locale string The database default locale to use.
schemaName string The name of the schema to create.
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
ownerSecretRequired 
public readonly ownerSecret: ISecret;

The Secrets Manager secret for the owner of the schema.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

encodingOptional 
public readonly encoding: string;

The database default encoding set to use.

localeOptional 
public readonly locale: string;

The database default locale to use.

schemaNameOptional 
public readonly schemaName: string;

The name of the schema to create.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretOptional 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

PostgresqlDatabaseForServerlessClusterOptions

Properties to specify when using PostgresqlDatabase.forServerlessCluster().

Initializer 

import { PostgresqlDatabaseForServerlessClusterOptions } from 'shady-island'

const postgresqlDatabaseForServerlessClusterOptions: PostgresqlDatabaseForServerlessClusterOptions = { ... }

Properties

Name Type Description
ownerSecret aws-cdk-lib.aws_secretsmanager.ISecret The Secrets Manager secret for the owner of the schema.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
encoding string The database default encoding set to use.
locale string The database default locale to use.
schemaName string The name of the schema to create.
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
ownerSecretRequired 
public readonly ownerSecret: ISecret;

The Secrets Manager secret for the owner of the schema.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

encodingOptional 
public readonly encoding: string;

The database default encoding set to use.

localeOptional 
public readonly locale: string;

The database default locale to use.

schemaNameOptional 
public readonly schemaName: string;

The name of the schema to create.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretOptional 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

PostgresqlDatabaseOptions

PostgreSQL-specific options.

Initializer 

import { PostgresqlDatabaseOptions } from 'shady-island'

const postgresqlDatabaseOptions: PostgresqlDatabaseOptions = { ... }

Properties

Name Type Description
ownerSecret aws-cdk-lib.aws_secretsmanager.ISecret The Secrets Manager secret for the owner of the schema.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
encoding string The database default encoding set to use.
locale string The database default locale to use.
schemaName string The name of the schema to create.
ownerSecretRequired 
public readonly ownerSecret: ISecret;

The Secrets Manager secret for the owner of the schema.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

encodingOptional 
public readonly encoding: string;

The database default encoding set to use.

localeOptional 
public readonly locale: string;

The database default locale to use.

schemaNameOptional 
public readonly schemaName: string;

The name of the schema to create.

PostgresqlDatabaseProps

Constructor properties for PostgresqlDatabase.

Initializer 

import { PostgresqlDatabaseProps } from 'shady-island'

const postgresqlDatabaseProps: PostgresqlDatabaseProps = { ... }

Properties

Name Type Description
databaseName string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
target aws-cdk-lib.aws_ec2.IConnectable The target service or database.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
ownerSecret aws-cdk-lib.aws_secretsmanager.ISecret The Secrets Manager secret for the owner of the schema.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
encoding string The database default encoding set to use.
locale string The database default locale to use.
schemaName string The name of the schema to create.
databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretRequired 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

targetRequired 
public readonly target: IConnectable;

The target service or database.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

ownerSecretRequired 
public readonly ownerSecret: ISecret;

The Secrets Manager secret for the owner of the schema.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

encodingOptional 
public readonly encoding: string;

The database default encoding set to use.

localeOptional 
public readonly locale: string;

The database default locale to use.

schemaNameOptional 
public readonly schemaName: string;

The name of the schema to create.

PrioritizedLines

A container for lines of a User Data script, sortable by priority.

Initializer 

import { PrioritizedLines } from 'shady-island'

const prioritizedLines: PrioritizedLines = { ... }

Properties

Name Type Description
lines string[] The command lines.
priority number The priority for this set of commands.
linesRequired 
public readonly lines: string[];

The command lines.

priorityRequired 
public readonly priority: number;

The priority for this set of commands.

RunnableFargateTaskProps

Constructor properties for RunnableFargateTask.

Initializer 

import { RunnableFargateTaskProps } from 'shady-island'

const runnableFargateTaskProps: RunnableFargateTaskProps = { ... }

Properties

Name Type Description
assignPublicIp boolean Specifies whether the task’s elastic network interface receives a public IP address.
securityGroups aws-cdk-lib.aws_ec2.ISecurityGroup[] Existing security groups to use for your task.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The subnets to associate with the task.
cpu number The number of cpu units used by the task.
memoryLimitMiB number The amount (in MiB) of memory used by the task.
platformVersion aws-cdk-lib.aws_ecs.FargatePlatformVersion The platform version on which to run your service.
runtimePlatform aws-cdk-lib.aws_ecs.RuntimePlatform The runtime platform of the task definition.
taskDefinition aws-cdk-lib.aws_ecs.FargateTaskDefinition The task definition to use for tasks in the service. TaskDefinition or TaskImageOptions must be specified, but not both.
cluster aws-cdk-lib.aws_ecs.ICluster The cluster that hosts the service.
taskImageOptions FargateTaskImageOptions The properties to define if the construct is to create a TaskDefinition.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where the container instances will be launched or the elastic network interfaces (ENIs) will be deployed.
assignPublicIpOptional 
public readonly assignPublicIp: boolean;

Specifies whether the task’s elastic network interface receives a public IP address.

If true, the task will receive a public IP address.

securityGroupsOptional 
public readonly securityGroups: ISecurityGroup[];

Existing security groups to use for your task.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The subnets to associate with the task.

cpuOptional 
public readonly cpu: number;

The number of cpu units used by the task.

Valid values, which determines your range of valid values for the memory parameter:

256 (.25 vCPU) - Available memory values: 0.5GB, 1GB, 2GB

512 (.5 vCPU) - Available memory values: 1GB, 2GB, 3GB, 4GB

1024 (1 vCPU) - Available memory values: 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB

2048 (2 vCPU) - Available memory values: Between 4GB and 16GB in 1GB increments

4096 (4 vCPU) - Available memory values: Between 8GB and 30GB in 1GB increments

8192 (8 vCPU) - Available memory values: Between 16GB and 60GB in 4GB increments

16384 (16 vCPU) - Available memory values: Between 32GB and 120GB in 8GB increments

This default is set in the underlying FargateTaskDefinition construct.

memoryLimitMiBOptional 
public readonly memoryLimitMiB: number;

The amount (in MiB) of memory used by the task.

This field is required and you must use one of the following values, which determines your range of valid values for the cpu parameter:

512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU)

1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU)

2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU)

Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU)

Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU)

Between 16384 (16 GB) and 61440 (60 GB) in increments of 4096 (4 GB) - Available cpu values: 8192 (8 vCPU)

Between 32768 (32 GB) and 122880 (120 GB) in increments of 8192 (8 GB) - Available cpu values: 16384 (16 vCPU)

This default is set in the underlying FargateTaskDefinition construct.

platformVersionOptional 
public readonly platformVersion: FargatePlatformVersion;

The platform version on which to run your service.

If one is not specified, the LATEST platform version is used by default. For more information, see AWS Fargate Platform Versions in the Amazon Elastic Container Service Developer Guide.

runtimePlatformOptional 
public readonly runtimePlatform: RuntimePlatform;

The runtime platform of the task definition.

taskDefinitionOptional 
public readonly taskDefinition: FargateTaskDefinition;

The task definition to use for tasks in the service. TaskDefinition or TaskImageOptions must be specified, but not both.

[disable-awslint:ref-via-interface]

clusterOptional 
public readonly cluster: ICluster;

The cluster that hosts the service.

If a cluster is specified, the vpc construct should be omitted. Alternatively, you can omit both cluster and vpc.

taskImageOptionsOptional 
public readonly taskImageOptions: FargateTaskImageOptions;

The properties to define if the construct is to create a TaskDefinition.

taskDefinition or image must be defined, but not both.

vpcOptional 
public readonly vpc: IVpc;

The VPC where the container instances will be launched or the elastic network interfaces (ENIs) will be deployed.

If a vpc is specified, the cluster construct should be omitted. Alternatively, you can omit both vpc and cluster.

SecretHttpHeaderProps

Properties for the SecretHttpHeader constructor.

Initializer 

import { networking } from 'shady-island'

const secretHttpHeaderProps: networking.SecretHttpHeaderProps = { ... }

Properties

Name Type Description
headerName string The name of the secret HTTP header.
headerNameOptional 
public readonly headerName: string;

The name of the secret HTTP header.

SingletonLaunchTemplateProps

Constructor properties for SingletonLaunchTemplate.

Initializer 

import { networking } from 'shady-island'

const singletonLaunchTemplateProps: networking.SingletonLaunchTemplateProps = { ... }

Properties

Name Type Description
associatePublicIpAddress boolean Whether instances should have a public IP addresses associated with them.
blockDevices aws-cdk-lib.aws_ec2.BlockDevice[] Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes.
cpuCredits aws-cdk-lib.aws_ec2.CpuCredits CPU credit type for burstable EC2 instance types.
detailedMonitoring boolean If set to true, then detailed monitoring will be enabled on instances created with this launch template.
disableApiTermination boolean If you set this parameter to true, you cannot terminate the instances launched with this launch template using the Amazon EC2 console, CLI, or API;
ebsOptimized boolean Indicates whether the instances are optimized for Amazon EBS I/O.
hibernationConfigured boolean If you set this parameter to true, the instance is enabled for hibernation.
httpEndpoint boolean Enables or disables the HTTP metadata endpoint on your instances.
httpProtocolIpv6 boolean Enables or disables the IPv6 endpoint for the instance metadata service.
httpPutResponseHopLimit number The desired HTTP PUT response hop limit for instance metadata requests.
httpTokens aws-cdk-lib.aws_ec2.LaunchTemplateHttpTokens The state of token usage for your instance metadata requests.
instanceInitiatedShutdownBehavior aws-cdk-lib.aws_ec2.InstanceInitiatedShutdownBehavior Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).
instanceMetadataTags boolean Set to enabled to allow access to instance tags from the instance metadata.
instanceProfile aws-cdk-lib.aws_iam.IInstanceProfile The instance profile used to pass role information to EC2 instances.
instanceType aws-cdk-lib.aws_ec2.InstanceType Type of instance to launch.
keyName string Name of SSH keypair to grant access to instance.
keyPair aws-cdk-lib.aws_ec2.IKeyPair The SSH keypair to grant access to the instance.
launchTemplateName string Name for this launch template.
machineImage aws-cdk-lib.aws_ec2.IMachineImage The AMI that will be used by instances.
nitroEnclaveEnabled boolean If this parameter is set to true, the instance is enabled for AWS Nitro Enclaves;
requireImdsv2 boolean Whether IMDSv2 should be required on launched instances.
role aws-cdk-lib.aws_iam.IRole An IAM role to associate with the instance profile that is used by instances.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup Security group to assign to instances created with the launch template.
spotOptions aws-cdk-lib.aws_ec2.LaunchTemplateSpotOptions If this property is defined, then the Launch Template’s InstanceMarketOptions will be set to use Spot instances, and the options for the Spot instances will be as defined.
userData aws-cdk-lib.aws_ec2.UserData The AMI that will be used by instances.
networkInterface shady-island.networking.INetworkInterface The Elastic Network Interface to use.
associatePublicIpAddressOptional 
public readonly associatePublicIpAddress: boolean;

Whether instances should have a public IP addresses associated with them.

blockDevicesOptional 
public readonly blockDevices: BlockDevice[];

Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes.

Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html

cpuCreditsOptional 
public readonly cpuCredits: CpuCredits;

CPU credit type for burstable EC2 instance types.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html

detailedMonitoringOptional 
public readonly detailedMonitoring: boolean;

If set to true, then detailed monitoring will be enabled on instances created with this launch template.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html

disableApiTerminationOptional 
public readonly disableApiTermination: boolean;

If you set this parameter to true, you cannot terminate the instances launched with this launch template using the Amazon EC2 console, CLI, or API;

otherwise, you can.

ebsOptimizedOptional 
public readonly ebsOptimized: boolean;

Indicates whether the instances are optimized for Amazon EBS I/O.

This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn’t available with all instance types. Additional usage charges apply when using an EBS-optimized instance.

hibernationConfiguredOptional 
public readonly hibernationConfigured: boolean;

If you set this parameter to true, the instance is enabled for hibernation.

httpEndpointOptional 
public readonly httpEndpoint: boolean;

Enables or disables the HTTP metadata endpoint on your instances.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-httpendpoint

httpProtocolIpv6Optional 
public readonly httpProtocolIpv6: boolean;

Enables or disables the IPv6 endpoint for the instance metadata service.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-httpprotocolipv6

httpPutResponseHopLimitOptional 
public readonly httpPutResponseHopLimit: number;

The desired HTTP PUT response hop limit for instance metadata requests.

The larger the number, the further instance metadata requests can travel.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-httpputresponsehoplimit

httpTokensOptional 
public readonly httpTokens: LaunchTemplateHttpTokens;

The state of token usage for your instance metadata requests.

The default state is optional if not specified. However, if requireImdsv2 is true, the state must be required.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-httptokens

instanceInitiatedShutdownBehaviorOptional 
public readonly instanceInitiatedShutdownBehavior: InstanceInitiatedShutdownBehavior;

Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior

instanceMetadataTagsOptional 
public readonly instanceMetadataTags: boolean;

Set to enabled to allow access to instance tags from the instance metadata.

Set to disabled to turn off access to instance tags from the instance metadata.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-metadataoptions.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions-instancemetadatatags

instanceProfileOptional 
public readonly instanceProfile: IInstanceProfile;

The instance profile used to pass role information to EC2 instances.

Note: You can provide an instanceProfile or a role, but not both.

instanceTypeOptional 
public readonly instanceType: InstanceType;

Type of instance to launch.

keyNameOptional 
public readonly keyName: string;

Name of SSH keypair to grant access to instance.

keyPairOptional 
public readonly keyPair: IKeyPair;

The SSH keypair to grant access to the instance.

launchTemplateNameOptional 
public readonly launchTemplateName: string;

Name for this launch template.

machineImageOptional 
public readonly machineImage: IMachineImage;

The AMI that will be used by instances.

nitroEnclaveEnabledOptional 
public readonly nitroEnclaveEnabled: boolean;

If this parameter is set to true, the instance is enabled for AWS Nitro Enclaves;

otherwise, it is not enabled for AWS Nitro Enclaves.

requireImdsv2Optional 
public readonly requireImdsv2: boolean;

Whether IMDSv2 should be required on launched instances.

roleOptional 
public readonly role: IRole;

An IAM role to associate with the instance profile that is used by instances.

The role must be assumable by the service principal ec2.amazonaws.com. Note: You can provide an instanceProfile or a role, but not both.

Example

const role = new iam.Role(this, 'MyRole', {
  assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com')
});
securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

Security group to assign to instances created with the launch template.

spotOptionsOptional 
public readonly spotOptions: LaunchTemplateSpotOptions;

If this property is defined, then the Launch Template’s InstanceMarketOptions will be set to use Spot instances, and the options for the Spot instances will be as defined.

userDataOptional 
public readonly userData: UserData;

The AMI that will be used by instances.

networkInterfaceRequired 
public readonly networkInterface: INetworkInterface;

The Elastic Network Interface to use.

StateMachineTaskProps

Properties to create a new State Machine EcsRunTask step.

Initializer 

import { StateMachineTaskProps } from 'shady-island'

const stateMachineTaskProps: StateMachineTaskProps = { ... }

Properties

Name Type Description
comment string An optional description for this state.
credentials aws-cdk-lib.aws_stepfunctions.Credentials Credentials for an IAM Role that the State Machine assumes for executing the task.
heartbeat aws-cdk-lib.Duration Timeout for the heartbeat.
heartbeatTimeout aws-cdk-lib.aws_stepfunctions.Timeout Timeout for the heartbeat.
inputPath string JSONPath expression to select part of the state to be the input to this state.
integrationPattern aws-cdk-lib.aws_stepfunctions.IntegrationPattern AWS Step Functions integrates with services directly in the Amazon States Language.
outputPath string JSONPath expression to select select a portion of the state output to pass to the next state.
resultPath string JSONPath expression to indicate where to inject the state’s output.
resultSelector {[ key: string ]: any} The JSON that will replace the state’s raw result and become the effective result before ResultPath is applied.
stateName string Optional name for this state.
taskTimeout aws-cdk-lib.aws_stepfunctions.Timeout Timeout for the task.
timeout aws-cdk-lib.Duration Timeout for the task.
containerOverrides aws-cdk-lib.aws_stepfunctions_tasks.ContainerOverride[] Container setting overrides.
enableExecuteCommand boolean Whether ECS Exec should be enabled.
propagatedTagSource aws-cdk-lib.aws_ecs.PropagatedTagSource Specifies whether to propagate the tags from the task definition to the task.
revisionNumber number The revision number of ECS task definition family.
commentOptional 
public readonly comment: string;

An optional description for this state.

credentialsOptional 
public readonly credentials: Credentials;

Credentials for an IAM Role that the State Machine assumes for executing the task.

This enables cross-account resource invocations.

https://docs.aws.amazon.com/step-functions/latest/dg/concepts-access-cross-acct-resources.html

heartbeatOptional 
public readonly heartbeat: Duration;

Timeout for the heartbeat.

heartbeatTimeoutOptional 
public readonly heartbeatTimeout: Timeout;

Timeout for the heartbeat.

[disable-awslint:duration-prop-type] is needed because all props interface in aws-stepfunctions-tasks extend this interface

inputPathOptional 
public readonly inputPath: string;

JSONPath expression to select part of the state to be the input to this state.

May also be the special value JsonPath.DISCARD, which will cause the effective input to be the empty object {}.

integrationPatternOptional 
public readonly integrationPattern: IntegrationPattern;

AWS Step Functions integrates with services directly in the Amazon States Language.

You can control these AWS services using service integration patterns.

Depending on the AWS Service, the Service Integration Pattern availability will vary.

https://docs.aws.amazon.com/step-functions/latest/dg/connect-supported-services.html

outputPathOptional 
public readonly outputPath: string;

JSONPath expression to select select a portion of the state output to pass to the next state.

May also be the special value JsonPath.DISCARD, which will cause the effective output to be the empty object {}.

resultPathOptional 
public readonly resultPath: string;

JSONPath expression to indicate where to inject the state’s output.

May also be the special value JsonPath.DISCARD, which will cause the state’s input to become its output.

resultSelectorOptional 
public readonly resultSelector: {[ key: string ]: any};

The JSON that will replace the state’s raw result and become the effective result before ResultPath is applied.

You can use ResultSelector to create a payload with values that are static or selected from the state’s raw result.

https://docs.aws.amazon.com/step-functions/latest/dg/input-output-inputpath-params.html#input-output-resultselector

stateNameOptional 
public readonly stateName: string;

Optional name for this state.

taskTimeoutOptional 
public readonly taskTimeout: Timeout;

Timeout for the task.

[disable-awslint:duration-prop-type] is needed because all props interface in aws-stepfunctions-tasks extend this interface

timeoutOptional 
public readonly timeout: Duration;

Timeout for the task.

containerOverridesOptional 
public readonly containerOverrides: ContainerOverride[];

Container setting overrides.

Specify the container to use and the overrides to apply.

enableExecuteCommandOptional 
public readonly enableExecuteCommand: boolean;

Whether ECS Exec should be enabled.

https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html#ECS-RunTask-request-enableExecuteCommand

propagatedTagSourceOptional 
public readonly propagatedTagSource: PropagatedTagSource;

Specifies whether to propagate the tags from the task definition to the task.

An error will be received if you specify the SERVICE option when running a task.

https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html#ECS-RunTask-request-propagateTags

revisionNumberOptional 
public readonly revisionNumber: number;

The revision number of ECS task definition family.

TargetOptions

Options for adding a new target group.

Initializer 

import { networking } from 'shady-island'

const targetOptions: networking.TargetOptions = { ... }

Properties

Name Type Description
deregistrationDelay aws-cdk-lib.Duration The amount of time for Elastic Load Balancing to wait before deregistering a target.
healthCheck aws-cdk-lib.aws_elasticloadbalancingv2.HealthCheck Health check configuration.
targetGroupName string The name of the target group.
targetType aws-cdk-lib.aws_elasticloadbalancingv2.TargetType The type of targets registered to this TargetGroup, either IP or Instance.
vpc aws-cdk-lib.aws_ec2.IVpc The virtual private cloud (VPC).
loadBalancingAlgorithmType aws-cdk-lib.aws_elasticloadbalancingv2.TargetGroupLoadBalancingAlgorithmType The load balancing algorithm to select targets for routing requests.
port number The port on which the target receives traffic.
protocol aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationProtocol The protocol used for communication with the target.
protocolVersion aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationProtocolVersion The protocol version to use.
slowStart aws-cdk-lib.Duration The time period during which the load balancer sends a newly registered target a linearly increasing share of the traffic to the target group.
stickinessCookieDuration aws-cdk-lib.Duration The stickiness cookie expiration period.
stickinessCookieName string The name of an application-based stickiness cookie.
targets aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationLoadBalancerTarget[] The targets to add to this target group.
hostnames string[] The hostnames on which traffic is served.
priority number The priority of the listener rule.
deregistrationDelayOptional 
public readonly deregistrationDelay: Duration;

The amount of time for Elastic Load Balancing to wait before deregistering a target.

The range is 0-3600 seconds.

healthCheckOptional 
public readonly healthCheck: HealthCheck;

Health check configuration.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#aws-resource-elasticloadbalancingv2-targetgroup-properties

targetGroupNameOptional 
public readonly targetGroupName: string;

The name of the target group.

This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.

targetTypeOptional 
public readonly targetType: TargetType;

The type of targets registered to this TargetGroup, either IP or Instance.

All targets registered into the group must be of this type. If you register targets to the TargetGroup in the CDK app, the TargetType is determined automatically.

vpcOptional 
public readonly vpc: IVpc;

The virtual private cloud (VPC).

only if TargetType is Ip or InstanceId

loadBalancingAlgorithmTypeOptional 
public readonly loadBalancingAlgorithmType: TargetGroupLoadBalancingAlgorithmType;

The load balancing algorithm to select targets for routing requests.

portOptional 
public readonly port: number;

The port on which the target receives traffic.

This is not applicable for Lambda targets.

protocolOptional 
public readonly protocol: ApplicationProtocol;

The protocol used for communication with the target.

This is not applicable for Lambda targets.

protocolVersionOptional 
public readonly protocolVersion: ApplicationProtocolVersion;

The protocol version to use.

slowStartOptional 
public readonly slowStart: Duration;

The time period during which the load balancer sends a newly registered target a linearly increasing share of the traffic to the target group.

The range is 30-900 seconds (15 minutes).

stickinessCookieDurationOptional 
public readonly stickinessCookieDuration: Duration;

The stickiness cookie expiration period.

Setting this value enables load balancer stickiness.

After this period, the cookie is considered stale. The minimum value is 1 second and the maximum value is 7 days (604800 seconds).

stickinessCookieNameOptional 
public readonly stickinessCookieName: string;

The name of an application-based stickiness cookie.

Names that start with the following prefixes are not allowed: AWSALB, AWSALBAPP, and AWSALBTG; they’re reserved for use by the load balancer.

Note: stickinessCookieName parameter depends on the presence of stickinessCookieDuration parameter. If stickinessCookieDuration is not set, stickinessCookieName will be omitted.

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html

targetsOptional 
public readonly targets: IApplicationLoadBalancerTarget[];

The targets to add to this target group.

Can be Instance, IPAddress, or any self-registering load balancing target. If you use either Instance or IPAddress as targets, all target must be of the same type.

hostnamesOptional 
public readonly hostnames: string[];

The hostnames on which traffic is served.

priorityOptional 
public readonly priority: number;

The priority of the listener rule.

WebLoadBalancingProps

Constructor properties for WebLoadBalancing.

Initializer 

import { networking } from 'shady-island'

const webLoadBalancingProps: networking.WebLoadBalancingProps = { ... }

Properties

Name Type Description
certificates aws-cdk-lib.aws_certificatemanager.ICertificate[] The certificate to attach to the load balancer and CloudFront distribution.
vpc aws-cdk-lib.aws_ec2.IVpc The VPC where these resources should be deployed.
idleTimeout aws-cdk-lib.Duration The load balancer idle timeout, in seconds.
ipAddressType aws-cdk-lib.aws_elasticloadbalancingv2.IpAddressType The type of IP addresses to use (IPv4 or Dual Stack).
requireKnownHostname boolean Forbid requests that ask for an unknown hostname.
requireSecretHeader boolean Forbid requests that are missing an HTTP header with a specific value.
secretHeaderName string The name of the secret HTTP header.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup A security group for the load balancer itself.
certificatesRequired 
public readonly certificates: ICertificate[];

The certificate to attach to the load balancer and CloudFront distribution.

vpcRequired 
public readonly vpc: IVpc;

The VPC where these resources should be deployed.

idleTimeoutOptional 
public readonly idleTimeout: Duration;

The load balancer idle timeout, in seconds.

If you have a reverse proxy in front of this load balancer, such as CloudFront, this number should be less than the reverse proxy’s request timeout.

ipAddressTypeOptional 
public readonly ipAddressType: IpAddressType;

The type of IP addresses to use (IPv4 or Dual Stack).

requireKnownHostnameOptional 
public readonly requireKnownHostname: boolean;

Forbid requests that ask for an unknown hostname.

Requests for an unknown hostname will receive an HTTP 421 status response.

requireSecretHeaderOptional 
public readonly requireSecretHeader: boolean;

Forbid requests that are missing an HTTP header with a specific value.

If this option is set to true, this construct will provide a new SecretHttpHeader accessible on the secretHeader property.

Requests without the correct header name and value will receive an HTTP 421 status response.

secretHeaderNameOptional 
public readonly secretHeaderName: string;

The name of the secret HTTP header.

Providing this option implies that requireSecretHeader is true.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

A security group for the load balancer itself.

WorkloadProps

Constructor properties for a Workload.

Initializer 

import { WorkloadProps } from 'shady-island'

const workloadProps: WorkloadProps = { ... }

Properties

Name Type Description
tier Tier The deployment tier.
baseDomainName string The base domain name used to create the FQDN for public resources.
contextFile string The filesystem path to a JSON file that contains context values to load.
env aws-cdk-lib.Environment The AWS environment (account/region) where this stack will be deployed.
workloadName string The machine identifier for this workload.
tierRequired 
public readonly tier: Tier;

The deployment tier.

baseDomainNameOptional 
public readonly baseDomainName: string;

The base domain name used to create the FQDN for public resources.

contextFileOptional 
public readonly contextFile: string;

The filesystem path to a JSON file that contains context values to load.

Using this property allows you to load different context values within each instantiated Workload, directly from a file you can check into source control.

envOptional 
public readonly env: Environment;

The AWS environment (account/region) where this stack will be deployed.

workloadNameOptional 
public readonly workloadName: string;

The machine identifier for this workload.

This value will be used to create the publicDomainName property.

By default, the stackName property used to create Stack constructs in the createStack method will begin with this Workload’s workloadName and its tier separated by hyphens.

Consider providing a constant workloadName value to the superclass constructor in your derived class.

Example

class MyWorkload extends Workload {
  constructor(scope: Construct, id: string, props: WorkloadProps) {
    super(scope, id, { ...props, workloadName: 'my-workload' });
  }
}

Classes

Address

An IPv4 or IPv6 address (or range of addresses).

Methods

Name Description
isAny Whether this address represents everything in the addressing space.
isIpv4 Whether this address is an IPv4 address.
isIpv6 Whether this address is an IPv6 address.
toString No description.
isAny 
public isAny(): boolean

Whether this address represents everything in the addressing space.

isIpv4 
public isIpv4(): boolean

Whether this address is an IPv4 address.

isIpv6 
public isIpv6(): boolean

Whether this address is an IPv6 address.

toString 
public toString(): string

Static Functions

Name Description
anyIpv4 Creates an address that represents the entire IPv4 addressing space.
anyIpv6 Creates an address that represents the entire IPv4 addressing space.
ipv4 Creates an IPv4 network address (either a single address or a range).
ipv6 Creates an IPv6 network address (either a single address or a range).
anyIpv4 
import { networking } from 'shady-island'

networking.Address.anyIpv4()

Creates an address that represents the entire IPv4 addressing space.

anyIpv6 
import { networking } from 'shady-island'

networking.Address.anyIpv6()

Creates an address that represents the entire IPv4 addressing space.

ipv4 
import { networking } from 'shady-island'

networking.Address.ipv4(address: string)

Creates an IPv4 network address (either a single address or a range).

addressRequired

The IP address (with optional netmask).

ipv6 
import { networking } from 'shady-island'

networking.Address.ipv6(address: string)

Creates an IPv6 network address (either a single address or a range).

addressRequired

The IP address (with optional prefix length).

AddressingV4

Used to assign IPv4 addresses to a Network Interface.

Static Functions

Name Description
prefixCount Specify a number of IPv4 delegated prefixes to automatically assign.
prefixes Specify one or more IPv4 delegated prefixes to assign.
privateAddress Specify a private IPv4 address.
privateAddressAndSecondaryCount Specify a primary IPv4 address and a number of secondary addresses.
privateAddresses Specify a primary IPv4 address and one or more secondary IPv4 addresses.
prefixCount 
import { networking } from 'shady-island'

networking.AddressingV4.prefixCount(count: number)

Specify a number of IPv4 delegated prefixes to automatically assign.

countRequired

The number of automatic IPv4 delegated prefixes.

prefixes 
import { networking } from 'shady-island'

networking.AddressingV4.prefixes(prefixes: string[])

Specify one or more IPv4 delegated prefixes to assign.

IPv4 prefixes must be within a CIDR of /28.

prefixesRequired

The IPv4 delegated prefixes.

privateAddress 
import { networking } from 'shady-island'

networking.AddressingV4.privateAddress(ip: string)

Specify a private IPv4 address.

ipRequired

The actual IP address.

privateAddressAndSecondaryCount 
import { networking } from 'shady-island'

networking.AddressingV4.privateAddressAndSecondaryCount(primary: string, count: number)

Specify a primary IPv4 address and a number of secondary addresses.

primaryRequired

The primary address.

countRequired

The number of secondary addresses.

privateAddresses 
import { networking } from 'shady-island'

networking.AddressingV4.privateAddresses(primary: string, secondary: ...string[])

Specify a primary IPv4 address and one or more secondary IPv4 addresses.

primaryRequired

The primary address.

secondaryRequired

Any secondary addresses.

Properties

Name Type Description
props {[ key: string ]: any} No description.
propsRequired 
public readonly props: {[ key: string ]: any};

AddressingV6

Used to assign IPv6 addresses to a Network Interface.

Static Functions

Name Description
addressCount Specify a number of IPv6 addresses to automatically assign.
addresses Specify one or more IPv6 addresses to assign.
prefixCount Specify a number of IPv6 delegated prefixes to automatically assign.
prefixes Specify one or more IPv6 delegated prefixes to assign.
addressCount 
import { networking } from 'shady-island'

networking.AddressingV6.addressCount(count: number, enablePrimary?: boolean)

Specify a number of IPv6 addresses to automatically assign.

countRequired

The number of automatic IPv6 addresses.

enablePrimaryOptional

Whether to enable a primary IPv6 GUA (default: no).

addresses 
import { networking } from 'shady-island'

networking.AddressingV6.addresses(ips: string[], enablePrimary?: boolean)

Specify one or more IPv6 addresses to assign.

ipsRequired

The IPv6 addresses.

enablePrimaryOptional

Whether to enable a primary IPv6 GUA (default: no).

prefixCount 
import { networking } from 'shady-island'

networking.AddressingV6.prefixCount(count: number, enablePrimary?: boolean)

Specify a number of IPv6 delegated prefixes to automatically assign.

countRequired

The number of automatic IPv6 delegated prefixes.

enablePrimaryOptional

Whether to enable a primary IPv6 GUA (default: no).

prefixes 
import { networking } from 'shady-island'

networking.AddressingV6.prefixes(prefixes: string[], enablePrimary?: boolean)

Specify one or more IPv6 delegated prefixes to assign.

IPv6 prefixes must be within a CIDR of /80.

prefixesRequired

The IPv6 delegated prefixes.

enablePrimaryOptional

Whether to enable a primary IPv6 GUA (default: no).

Properties

Name Type Description
props {[ key: string ]: any} No description.
propsRequired 
public readonly props: {[ key: string ]: any};

ContextLoader

A utility to load context values into a construct node.

If you want to use this utility in your own construct, make sure to invoke it before you create any child constructs.

Initializers 

import { ContextLoader } from 'shady-island'

new ContextLoader()

| Name | Type | Description | | — | — | — |

Static Functions

Name Description
loadContext Parses JSON file contents, then provides the values to a Node’s context.
loadContext 
import { ContextLoader } from 'shady-island'

ContextLoader.loadContext(filename: string, node: Node)

Parses JSON file contents, then provides the values to a Node’s context.

filenameRequired

The JSON file with an object to use as context values.

nodeRequired

The constructs node to receive the context values.

InstanceFirewall

Produces the appropriate commands to configure an on-instance firewall.

Initializers 

import { configuration } from 'shady-island'

new configuration.InstanceFirewall()

| Name | Type | Description | | — | — | — |

Static Functions

Name Description
iptables Define an instance firewall using iptables/ip6tables.
iptables 
import { configuration } from 'shady-island'

configuration.InstanceFirewall.iptables()

Define an instance firewall using iptables/ip6tables.

ShellCommands

A utility class that provides POSIX shell commands for User Data scripts.

Initializers 

import { configuration } from 'shady-island'

new configuration.ShellCommands()

| Name | Type | Description | | — | — | — |

Static Functions

Name Description
addDirectory Uses either mkdir or install to create a directory.
changeOwnership Gets a command to change the ownership and/or group membership of a file.
disableUnattendedUpgrades Gets a command to disable unattended package upgrades on Debian/Ubuntu.
downloadSecret Gets the command to download a Secrets Manager secret to the filesystem.
mountElasticFileSystem Gets the command to mount an EFS filesystem to a destination path.
outputFile Writes the literal contents of a string to a destination file.
syncFromBucket Gets commands to synchronize objects from an S3 bucket to the filesystem.
addDirectory 
import { configuration } from 'shady-island'

configuration.ShellCommands.addDirectory(name: string, options?: AddDirectoryOptions)

Uses either mkdir or install to create a directory.

nameRequired

The name of the directory to create.

optionsOptional

Configuration options.

changeOwnership 
import { configuration } from 'shady-island'

configuration.ShellCommands.changeOwnership(filename: string, uid?: string, gid?: string)

Gets a command to change the ownership and/or group membership of a file.

If both uid and gid are provided, this method returns a single chown command to set both values. If just uid is provided, this method returns a single chown command that sets the owner. If just gid is provided, this method returns a single chgrp command. If neither are provided, this method returns an empty array.

filenameRequired

The local filesystem path to the file or directory.

uidOptional

Optional.

The owner username or uid.

gidOptional

Optional.

The group name or gid.

disableUnattendedUpgrades 
import { configuration } from 'shady-island'

configuration.ShellCommands.disableUnattendedUpgrades()

Gets a command to disable unattended package upgrades on Debian/Ubuntu.

downloadSecret 
import { configuration } from 'shady-island'

configuration.ShellCommands.downloadSecret(secret: ISecret, destination: string)

Gets the command to download a Secrets Manager secret to the filesystem.

Be sure to grant your autoscaling group or EC2 instance read access.

secretRequired

The secret to download.

destinationRequired

The local filesystem path where the secret is stored.

mountElasticFileSystem 
import { configuration } from 'shady-island'

configuration.ShellCommands.mountElasticFileSystem(filesystem: IFileSystem, destination: string)

Gets the command to mount an EFS filesystem to a destination path.

Be sure to grant your autoscaling group or EC2 instance network access.

filesystemRequired

The EFS filesystem.

destinationRequired

The local filesystem path for the mount point.

outputFile 
import { configuration } from 'shady-island'

configuration.ShellCommands.outputFile(contents: string, destination: string, options?: OutputFileOptions)

Writes the literal contents of a string to a destination file.

contentsRequired

The file contents.

destinationRequired

The filename to output.

optionsOptional

Configuration options.

syncFromBucket 
import { configuration } from 'shady-island'

configuration.ShellCommands.syncFromBucket(bucket: IBucket, destinations: {[ key: string ]: string})

Gets commands to synchronize objects from an S3 bucket to the filesystem.

e.g. syncFromBucket(bucket, {"nginx-config": "/etc/nginx"}).

Be sure to grant your autoscaling group or EC2 instance read access.

bucketRequired

The source bucket.

destinationsRequired

Record with S3 object keys to filesystem path values.

Tier

A deployment environment with a specific purpose and audience.

You can create any Tier you like, but we include those explained by DTAP.

https://en.wikipedia.org/wiki/Development,_testing,_acceptance_and_production

Initializers 

import { Tier } from 'shady-island'

new Tier(id: string, label: string)
Name Type Description
id string - The machine-readable identifier for this tier (e.g. prod).
label string - The human-readable label for this tier (e.g. Production).
idRequired

The machine-readable identifier for this tier (e.g. prod).

labelRequired

The human-readable label for this tier (e.g. Production).

Methods

Name Description
applyTags Adds the label of this tier as a tag to the provided construct.
assignTo Assigns this tier to a construct.
matches Compares this tier to the provided value and tests for equality.
applyTags 
public applyTags(construct: IConstruct): void

Adds the label of this tier as a tag to the provided construct.

constructRequired
assignTo 
public assignTo(construct: IConstruct): void

Assigns this tier to a construct.

This method will register an error annotation on the construct if any of the constructs in its parent scopes have a different tier assigned.

constructRequired

The construct to receive the tier assignment.

matches 
public matches(other: Tier): boolean

Compares this tier to the provided value and tests for equality.

otherRequired

The value to compare.

Static Functions

Name Description
of Finds the deployment tier of the given construct.
parse Return the deployment tier that corresponds to the provided value.
of 
import { Tier } from 'shady-island'

Tier.of(construct: IConstruct)

Finds the deployment tier of the given construct.

constructRequired

The construct to inspect.

parse 
import { Tier } from 'shady-island'

Tier.parse(value: string)

Return the deployment tier that corresponds to the provided value.

Production: “live”, “prod”, or “production”. Acceptance: “uat”, “stage”, “staging”, or “acceptance”. Testing: “qc”, “qa”, “test”, or “testing”. Development: anything else.

valueRequired

The value to parse, case-insensitive.

Properties

Name Type Description
id string The machine-readable identifier for this tier (e.g. prod).
label string The human-readable label for this tier (e.g. Production).
idRequired 
public readonly id: string;

The machine-readable identifier for this tier (e.g. prod).

labelRequired 
public readonly label: string;

The human-readable label for this tier (e.g. Production).

Constants

Name Type Description
ACCEPTANCE Tier A tier that represents an acceptance environment.
DEVELOPMENT Tier A tier that represents a development environment.
PRODUCTION Tier A tier that represents a production environment.
TESTING Tier A tier that represents a testing environment.
ACCEPTANCERequired 
public readonly ACCEPTANCE: Tier;

A tier that represents an acceptance environment.

DEVELOPMENTRequired 
public readonly DEVELOPMENT: Tier;

A tier that represents a development environment.

PRODUCTIONRequired 
public readonly PRODUCTION: Tier;

A tier that represents a production environment.

TESTINGRequired 
public readonly TESTING: Tier;

A tier that represents a testing environment.

TierTagger

A CDK Aspect to apply the DeploymentTier tag to Stacks.

Initializers 

import { TierTagger } from 'shady-island'

new TierTagger(tier: Tier)
Name Type Description
tier Tier - The deployment tier.
tierRequired

The deployment tier.

Methods

Name Description
visit All aspects can visit an IConstruct.
visit 
public visit(node: IConstruct): void

All aspects can visit an IConstruct.

nodeRequired

UserDataBuilder

A utility class to assist with composing instance User Data.

This class allows multiple observers in code to add lines to the same end result UserData without clobbering each other. Just like conf.d directories with priority number prefixes, you can declare the proper execution order of your UserData commands without having to add them in that order.

Initializers 

import { UserDataBuilder } from 'shady-island'

new UserDataBuilder()

| Name | Type | Description | | — | — | — |

Methods

Name Description
addCommands Add one or more commands to the user data with a priority of 0.
buildUserData Produces the User Data script with all lines sorted in priority order.
insertCommands Add one or more commands to the user data at a specific priority.
addCommands 
public addCommands(commands: ...string[]): void

Add one or more commands to the user data with a priority of 0.

commandsRequired

The lines to add.

buildUserData 
public buildUserData(): UserData

Produces the User Data script with all lines sorted in priority order.

insertCommands 
public insertCommands(priority: number, commands: ...string[]): void

Add one or more commands to the user data at a specific priority.

priorityRequired

The priority of these lines (lower executes earlier).

commandsRequired

The lines to add.

Static Functions

Name Description
forLinux Returns a user data builder for GNU/Linux operating systems.
forWindows Returns a user data builder for Windows operating systems.
forLinux 
import { UserDataBuilder } from 'shady-island'

UserDataBuilder.forLinux(options?: LinuxUserDataOptions)

Returns a user data builder for GNU/Linux operating systems.

optionsOptional

The Linux UserData constructor options.

forWindows 
import { UserDataBuilder } from 'shady-island'

UserDataBuilder.forWindows()

Returns a user data builder for Windows operating systems.

Protocols

IAssignOnLaunch

Interface for the AssignOnLaunch class.

Properties

Name Type Description
vpc aws-cdk-lib.aws_ec2.IVpc The IPv6-enabled VPC.
vpcPlacement aws-cdk-lib.aws_ec2.SelectedSubnets The chosen subnets for address assignment on ENI launch.
vpcRequired 
public readonly vpc: IVpc;

The IPv6-enabled VPC.

vpcPlacementRequired 
public readonly vpcPlacement: SelectedSubnets;

The chosen subnets for address assignment on ENI launch.

ICidrContext

Interface for the CidrContext class.

Properties

Name Type Description
vpc aws-cdk-lib.aws_ec2.IVpc The IPv6-enabled VPC.
vpcRequired 
public readonly vpc: IVpc;

The IPv6-enabled VPC.

IDatabase

The definition used to create a database.

Methods

Name Description
addUserAsOwner Declares a new database user to be assigned ownership permissions.
addUserAsReader Declares a new database user to be assigned read-only permissions.
addUserAsUnprivileged Declares a new database user with no permissions.
addUserAsOwner 
public addUserAsOwner(secret: ISecret): void

Declares a new database user to be assigned ownership permissions.

secretRequired

The Secrets Manager secret containing credentials.

addUserAsReader 
public addUserAsReader(secret: ISecret): void

Declares a new database user to be assigned read-only permissions.

secretRequired

The Secrets Manager secret containing credentials.

addUserAsUnprivileged 
public addUserAsUnprivileged(secret: ISecret): void

Declares a new database user with no permissions.

secretRequired

The Secrets Manager secret containing credentials.

Properties

Name Type Description
node constructs.Node The tree node.
databaseName string The name of the database/catalog.
endpoint aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
trigger aws-cdk-lib.triggers.ITrigger The CDK Trigger that kicks off the process.
nodeRequired 
public readonly node: Node;

The tree node.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

triggerRequired 
public readonly trigger: ITrigger;

The CDK Trigger that kicks off the process.

You can further customize when the trigger fires using executeAfter.

IElasticIp

An EC2 Elastic IP address.

Methods

Name Description
grant Grant the given identity custom permissions.
grant 
public grant(identity: IGrantable, actions: ...string[]): Grant

Grant the given identity custom permissions.

e.g. ec2:AssociateAddress, ec2:DisableAddressTransfer, ec2:DisassociateAddress, ec2:EnableAddressTransfer, among others.

identityRequired

The resource with a grantPrincipal property.

actionsRequired

The IAM actions to allow.

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
allocationId string The allocation ID of the Elastic IP address.
elasticIpArn string The ARN of the Elastic IP address.
nodeRequired 
public readonly node: Node;

The tree node.

envRequired 
public readonly env: ResourceEnvironment;

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;

The stack in which this resource is defined.

allocationIdRequired 
public readonly allocationId: string;

The allocation ID of the Elastic IP address.

elasticIpArnRequired 
public readonly elasticIpArn: string;

The ARN of the Elastic IP address.

IEncryptedFileSystem

Interface for EncryptedFileSystem.

Properties

Name Type Description
node constructs.Node The tree node.
fileSystem aws-cdk-lib.aws_efs.IFileSystem The EFS file system.
key aws-cdk-lib.aws_kms.IKey The KMS encryption key.
nodeRequired 
public readonly node: Node;

The tree node.

fileSystemRequired 
public readonly fileSystem: IFileSystem;

The EFS file system.

keyRequired 
public readonly key: IKey;

The KMS encryption key.

IEncryptedLogGroup

A log group encrypted by a KMS customer managed key.

Properties

Name Type Description
key aws-cdk-lib.aws_kms.IKey The KMS encryption key.
logGroup aws-cdk-lib.aws_logs.ILogGroup The log group.
keyRequired 
public readonly key: IKey;

The KMS encryption key.

logGroupRequired 
public readonly logGroup: ILogGroup;

The log group.

IFargateTask

Interface for FargateTask.

Methods

Name Description
createRuleTarget Create a new EventBridge Rule Target that launches this ECS task.
createStateMachineTask Create a new Step Functions task that launches this ECS task.
grantRun Grants permission to invoke ecs:RunTask on this task’s cluster.
createRuleTarget 
public createRuleTarget(props: EventTargetProps): EcsTask

Create a new EventBridge Rule Target that launches this ECS task.

propsRequired

The properties to create the EcsTask object.

createStateMachineTask 
public createStateMachineTask(id: string, props: StateMachineTaskProps): EcsRunTask

Create a new Step Functions task that launches this ECS task.

idRequired

The construct ID.

propsRequired

The properties to create the EcsRunTask object.

grantRun 
public grantRun(grantee: IGrantable): Grant

Grants permission to invoke ecs:RunTask on this task’s cluster.

granteeRequired

The recipient of the permissions.

Properties

Name Type Description
connections aws-cdk-lib.aws_ec2.Connections The network connections associated with this resource.
node constructs.Node The tree node.
awsVpcNetworkConfig FargateAwsVpcConfiguration Get the networkConfiguration.awsvpcConfiguration property to run this task.
cluster aws-cdk-lib.aws_ecs.ICluster The name of the cluster that hosts the service.
taskDefinition aws-cdk-lib.aws_ecs.FargateTaskDefinition The task definition that can be launched.
connectionsRequired 
public readonly connections: Connections;

The network connections associated with this resource.

nodeRequired 
public readonly node: Node;

The tree node.

awsVpcNetworkConfigRequired 
public readonly awsVpcNetworkConfig: FargateAwsVpcConfiguration;

Get the networkConfiguration.awsvpcConfiguration property to run this task.

clusterRequired 
public readonly cluster: ICluster;

The name of the cluster that hosts the service.

taskDefinitionRequired 
public readonly taskDefinition: FargateTaskDefinition;

The task definition that can be launched.

IFirewallRules

Used to configure on-instance firewall rules (e.g. iptables, firewalld).

Methods

Name Description
buildCommands Retrieves the shell commands used to configure the instance firewall.
inbound Declare an inbound rule.
outbound Declare an outbound rule.
buildCommands 
public buildCommands(): string[]

Retrieves the shell commands used to configure the instance firewall.

inbound 
public inbound(port: Port, address?: Address): IFirewallRules

Declare an inbound rule.

Only the following protocols are allowed: TCP, UDP, ICMP, and ICMPv6. The address can be a single address or a range of addresses in CIDR notation.

portRequired

The ingress port.

addressOptional

The source address (default: all IPv4 addresses).

outbound 
public outbound(port: Port, address?: Address): IFirewallRules

Declare an outbound rule.

Only the following protocols are allowed: TCP, UDP, ICMP, and ICMPv6. The address can be a single address or a range of addresses in CIDR notation.

portRequired

The egress port.

addressOptional

The target address (default: all IPv4 addresses).

INetworkInterface

An Elastic Network Interface.

Properties

Name Type Description
node constructs.Node The tree node.
connections aws-cdk-lib.aws_ec2.Connections The network connections associated with this resource.
networkInterfaceId string The ID of this Network Interface.
subnet aws-cdk-lib.aws_ec2.ISubnet The subnet of this Network Interface.
nodeRequired 
public readonly node: Node;

The tree node.

connectionsRequired 
public readonly connections: Connections;

The network connections associated with this resource.

networkInterfaceIdRequired 
public readonly networkInterfaceId: string;

The ID of this Network Interface.

subnetRequired 
public readonly subnet: ISubnet;

The subnet of this Network Interface.

IRunnableFargateTask

Interface for RunnableFargateTask.

Properties

Name Type Description
node constructs.Node The tree node.
task IFargateTask The FargateTask in this construct.
taskDefinition aws-cdk-lib.aws_ecs.FargateTaskDefinition The FargateTaskDefinition in this construct.
nodeRequired 
public readonly node: Node;

The tree node.

taskRequired 
public readonly task: IFargateTask;

The FargateTask in this construct.

taskDefinitionRequired 
public readonly taskDefinition: FargateTaskDefinition;

The FargateTaskDefinition in this construct.

ISecretHttpHeader

Interface for SecretHttpHeader.

Methods

Name Description
createListenerCondition Get a ListenerCondition that represents this secret header.
createOriginCustomHeaders Gets the custom headers for a CloudFront origin configuration.
createListenerCondition 
public createListenerCondition(): ListenerCondition

Get a ListenerCondition that represents this secret header.

createOriginCustomHeaders 
public createOriginCustomHeaders(): {[ key: string ]: string}

Gets the custom headers for a CloudFront origin configuration.

Properties

Name Type Description
node constructs.Node The tree node.
headerName string The name of the secret header.
headerValue aws-cdk-lib.SecretValue The value of the secret header.
nodeRequired 
public readonly node: Node;

The tree node.

headerNameRequired 
public readonly headerName: string;

The name of the secret header.

headerValueRequired 
public readonly headerValue: SecretValue;

The value of the secret header.

Enums

InterfaceType

The type of Network Interface.

Members

Name Description
INTERFACE A standard ENI.
EFA An Elastic Fabric Adapter ENI.
TRUNK An ENI for use with ECS awsvpc trunking.
INTERFACE

A standard ENI.

EFA

An Elastic Fabric Adapter ENI.

TRUNK

An ENI for use with ECS awsvpc trunking.