API Reference

Constructs

AssignOnLaunch

Enables the “assignIpv6AddressOnCreation” attribute on selected subnets.

{@link https://github.com/aws/aws-cdk/issues/5927}

Initializers 

import { AssignOnLaunch } from 'shady-island'

new AssignOnLaunch(scope: Construct, id: string, options: AssignOnLaunchProps)
Name Type Description
scope* constructs.Construct The construct scope.
id* string The construct ID.
options* shady-island.AssignOnLaunchProps The constructor options.
scopeRequired

The construct scope.

idRequired

The construct ID.

optionsRequired

The constructor options.

Properties

Name Type Description
vpc* aws-cdk-lib.aws_ec2.IVpc The IPv6-enabled VPC.
vpcPlacement* aws-cdk-lib.aws_ec2.SelectedSubnets The chosen subnets for address assignment on ENI launch.
vpcRequired 
public readonly vpc: IVpc;

The IPv6-enabled VPC.

vpcPlacementRequired 
public readonly vpcPlacement: SelectedSubnets;

The chosen subnets for address assignment on ENI launch.

BaseDatabase

A database.

Initializers 

import { BaseDatabase } from 'shady-island'

new BaseDatabase(scope: IConstruct, id: string, props: BaseDatabaseProps)
Name Type Description
scope* constructs.IConstruct The Construct that contains this one.
id* string The identifier of this construct.
props* shady-island.BaseDatabaseProps The configuration properties for this construct.
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

propsRequired

The configuration properties for this construct.

Methods

Name Description
addUserAsOwner Declares a new database user to be assigned ownership permissions.
addUserAsReader Declares a new database user to be assigned read-only permissions.
addUserAsUnprivileged Declares a new database user with no permissions.
addUserAsOwner 
public addUserAsOwner(secret: ISecret)
secretRequired
addUserAsReader 
public addUserAsReader(secret: ISecret)
secretRequired
addUserAsUnprivileged 
public addUserAsUnprivileged(secret: ISecret)
secretRequired

Properties

Name Type Description
databaseName* string The name of the database/catalog.
endpoint* aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
trigger* aws-cdk-lib.triggers.ITrigger The CDK Trigger that kicks off the process.
databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

triggerRequired 
public readonly trigger: ITrigger;

The CDK Trigger that kicks off the process.

You can further customize when the trigger fires using executeAfter.

CidrContext

Allocates IPv6 CIDRs and routes for subnets in a VPC.

{@link https://github.com/aws/aws-cdk/issues/5927}

Initializers 

import { CidrContext } from 'shady-island'

new CidrContext(scope: Construct, id: string, options: CidrContextProps)
Name Type Description
scope* constructs.Construct The construct scope.
id* string The construct ID.
options* shady-island.CidrContextProps The constructor options.
scopeRequired

The construct scope.

idRequired

The construct ID.

optionsRequired

The constructor options.

Properties

Name Type Description
vpc* aws-cdk-lib.aws_ec2.IVpc The IPv6-enabled VPC.
vpcRequired 
public readonly vpc: IVpc;

The IPv6-enabled VPC.

ContextLoadingStage

A Stage that can load context values from a JSON file.

Initializers 

import { ContextLoadingStage } from 'shady-island'

new ContextLoadingStage(scope: Construct, id: string, props: ContextLoadingStageProps)
Name Type Description
scope* constructs.Construct The scope in which to define this construct.
id* string The scoped construct ID.
props* shady-island.ContextLoadingStageProps Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsRequired

Initialization properties for this construct.

DeploymentTierStage

A Stage whose stacks are part of a single deployment tier.

Initializers 

import { DeploymentTierStage } from 'shady-island'

new DeploymentTierStage(scope: Construct, id: string, props: DeploymentTierStageProps)
Name Type Description
scope* constructs.Construct The scope in which to define this construct.
id* string The scoped construct ID.
props* shady-island.DeploymentTierStageProps Initialization properties for this construct.
scopeRequired

The scope in which to define this construct.

idRequired

The scoped construct ID.

propsRequired

Initialization properties for this construct.

Properties

Name Type Description
inProduction* boolean Whether this stage is considered a production deployment.
tier* shady-island.Tier No description.
inProductionRequired 
public readonly inProduction: boolean;

Whether this stage is considered a production deployment.

tierRequired 
public readonly tier: Tier;

EncryptedFileSystem

An EncryptedFileSystem.

Initializers 

import { EncryptedFileSystem } from 'shady-island'

new EncryptedFileSystem(scope: IConstruct, id: string, props: EncryptedFileSystemProps)
Name Type Description
scope* constructs.IConstruct The Construct that contains this one.
id* string The identifier of this construct.
props* shady-island.EncryptedFileSystemProps The configuration properties for this construct.
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

propsRequired

The configuration properties for this construct.

Properties

Name Type Description
fileSystem* aws-cdk-lib.aws_efs.IFileSystem The EFS file system.
key* aws-cdk-lib.aws_kms.IKey The KMS encryption key.
fileSystemRequired 
public readonly fileSystem: IFileSystem;

The EFS file system.

keyRequired 
public readonly key: IKey;

The KMS encryption key.

EncryptedLogGroup

A log group encrypted by a KMS customer managed key.

Initializers 

import { EncryptedLogGroup } from 'shady-island'

new EncryptedLogGroup(scope: Construct, id: string, props: EncryptedLogGroupProps)
Name Type Description
scope* constructs.Construct No description.
id* string No description.
props* shady-island.EncryptedLogGroupProps No description.
scopeRequired
idRequired
propsRequired

Properties

Name Type Description
key* aws-cdk-lib.aws_kms.IKey The KMS encryption key.
logGroup* aws-cdk-lib.aws_logs.ILogGroup The log group.
keyRequired 
public readonly key: IKey;

The KMS encryption key.

logGroupRequired 
public readonly logGroup: ILogGroup;

The log group.

FargateTask

An FargateTask.

If vpcSubnets is blank but assignPublicIp is set, the task will launch in Public subnets, otherwise the first available one of Private, Isolated, Public, in that order.

Initializers 

import { FargateTask } from 'shady-island'

new FargateTask(scope: Construct, id: string, props: FargateTaskProps)
Name Type Description
scope* constructs.Construct No description.
id* string No description.
props* shady-island.FargateTaskProps No description.
scopeRequired
idRequired
propsRequired

Methods

Name Description
grantRun Grants permission to invoke ecs:RunTask on this task’s cluster.
grantRun 
public grantRun(grantee: IGrantable)
granteeRequired

Properties

Name Type Description
awsVpcNetworkConfig* shady-island.FargateAwsVpcConfiguration Get the networkConfiguration.awsvpcConfiguration property to run this task.
cluster* aws-cdk-lib.aws_ecs.ICluster The name of the cluster that hosts the service.
connections* aws-cdk-lib.aws_ec2.Connections The network connections associated with this resource.
taskDefinition* aws-cdk-lib.aws_ecs.FargateTaskDefinition The task definition that can be launched.
awsVpcNetworkConfigRequired 
public readonly awsVpcNetworkConfig: FargateAwsVpcConfiguration;

Get the networkConfiguration.awsvpcConfiguration property to run this task.

clusterRequired 
public readonly cluster: ICluster;

The name of the cluster that hosts the service.

connectionsRequired 
public readonly connections: Connections;

The network connections associated with this resource.

taskDefinitionRequired 
public readonly taskDefinition: FargateTaskDefinition;

The task definition that can be launched.

MysqlDatabase

A MySQL database.

Initializers 

import { MysqlDatabase } from 'shady-island'

new MysqlDatabase(scope: IConstruct, id: string, props: MysqlDatabaseProps)
Name Type Description
scope* constructs.IConstruct The Construct that contains this one.
id* string The identifier of this construct.
props* shady-island.MysqlDatabaseProps The configuration properties for this construct.
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

propsRequired

The configuration properties for this construct.

Methods

Name Description
addUserAsOwner Declares a new database user to be assigned ownership permissions.
addUserAsReader Declares a new database user to be assigned read-only permissions.
addUserAsUnprivileged Declares a new database user with no permissions.
addUserAsOwner 
public addUserAsOwner(secret: ISecret)
secretRequired
addUserAsReader 
public addUserAsReader(secret: ISecret)
secretRequired
addUserAsUnprivileged 
public addUserAsUnprivileged(secret: ISecret)
secretRequired

Static Functions

Name Description
forCluster Create a new MysqlDatabase inside a DatabaseCluster.
forClusterFromSnapshot Create a new MysqlDatabase inside a DatabaseClusterFromSnapshot.
forInstance Create a new MysqlDatabase inside a DatabaseInstance.
forInstanceFromSnapshot Create a new MysqlDatabase inside a DatabaseInstanceFromSnapshot.
forServerlessCluster Create a new MysqlDatabase inside a DatabaseCluster.
forServerlessClusterFromSnapshot Create a new MysqlDatabase inside a DatabaseClusterFromSnapshot.
forCluster 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forCluster(scope: Construct, id: string, cluster: DatabaseCluster, options: MysqlDatabaseForClusterOptions)
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forClusterFromSnapshot 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forClusterFromSnapshot(scope: Construct, id: string, cluster: DatabaseClusterFromSnapshot, options: MysqlDatabaseForClusterOptions)
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forInstance 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forInstance(scope: Construct, id: string, instance: DatabaseInstance, options: MysqlDatabaseForClusterOptions)
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

instanceRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forInstanceFromSnapshot 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forInstanceFromSnapshot(scope: Construct, id: string, instance: DatabaseInstanceFromSnapshot, options: MysqlDatabaseForClusterOptions)
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

instanceRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forServerlessCluster 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forServerlessCluster(scope: Construct, id: string, cluster: ServerlessCluster, options: MysqlDatabaseForServerlessClusterOptions)
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forServerlessClusterFromSnapshot 
import { MysqlDatabase } from 'shady-island'

MysqlDatabase.forServerlessClusterFromSnapshot(scope: Construct, id: string, cluster: ServerlessClusterFromSnapshot, options: MysqlDatabaseForServerlessClusterOptions)
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

Properties

Name Type Description
trigger* aws-cdk-lib.triggers.ITrigger The CDK Trigger that kicks off the process.
triggerRequired 
public readonly trigger: ITrigger;

The CDK Trigger that kicks off the process.

You can further customize when the trigger fires using executeAfter.

PostgresqlDatabase

A PostgreSQL database.

Initializers 

import { PostgresqlDatabase } from 'shady-island'

new PostgresqlDatabase(scope: IConstruct, id: string, props: PostgresqlDatabaseProps)
Name Type Description
scope* constructs.IConstruct The Construct that contains this one.
id* string The identifier of this construct.
props* shady-island.PostgresqlDatabaseProps The configuration properties for this construct.
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

propsRequired

The configuration properties for this construct.

Methods

Name Description
addUserAsOwner Declares a new database user to be assigned ownership permissions.
addUserAsReader Declares a new database user to be assigned read-only permissions.
addUserAsUnprivileged Declares a new database user with no permissions.
addUserAsOwner 
public addUserAsOwner(secret: ISecret)
secretRequired
addUserAsReader 
public addUserAsReader(secret: ISecret)
secretRequired
addUserAsUnprivileged 
public addUserAsUnprivileged(secret: ISecret)
secretRequired

Static Functions

Name Description
forCluster Create a new PostgresqlDatabase inside a DatabaseCluster.
forClusterFromSnapshot Create a new PostgresqlDatabase inside a DatabaseClusterFromSnapshot.
forInstance Create a new PostgresqlDatabase inside a DatabaseInstance.
forInstanceFromSnapshot Create a new PostgresqlDatabase inside a DatabaseInstanceFromSnapshot.
forServerlessCluster Create a new PostgresqlDatabase inside a DatabaseCluster.
forServerlessClusterFromSnapshot Create a new PostgresqlDatabase inside a DatabaseClusterFromSnapshot.
forCluster 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forCluster(scope: Construct, id: string, cluster: DatabaseCluster, options: PostgresqlDatabaseForClusterOptions)
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forClusterFromSnapshot 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forClusterFromSnapshot(scope: Construct, id: string, cluster: DatabaseClusterFromSnapshot, options: PostgresqlDatabaseForClusterOptions)
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forInstance 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forInstance(scope: Construct, id: string, instance: DatabaseInstance, options: PostgresqlDatabaseForClusterOptions)
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

instanceRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forInstanceFromSnapshot 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forInstanceFromSnapshot(scope: Construct, id: string, instance: DatabaseInstanceFromSnapshot, options: PostgresqlDatabaseForClusterOptions)
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

instanceRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forServerlessCluster 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forServerlessCluster(scope: Construct, id: string, cluster: ServerlessCluster, options: PostgresqlDatabaseForServerlessClusterOptions)
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

forServerlessClusterFromSnapshot 
import { PostgresqlDatabase } from 'shady-island'

PostgresqlDatabase.forServerlessClusterFromSnapshot(scope: Construct, id: string, cluster: ServerlessClusterFromSnapshot, options: PostgresqlDatabaseForServerlessClusterOptions)
scopeRequired

The Construct that contains this one.

idRequired

The identifier of this construct.

clusterRequired

The database cluster construct.

optionsRequired

The configuration properties for this construct.

Properties

Name Type Description
trigger* aws-cdk-lib.triggers.ITrigger The CDK Trigger that kicks off the process.
triggerRequired 
public readonly trigger: ITrigger;

The CDK Trigger that kicks off the process.

You can further customize when the trigger fires using executeAfter.

Workload

A collection of Stacks in an Environment representing a deployment Tier.

Consider deriving a subclass of Workload and creating your Stack objects within its constructor. The difference between this class and a Stage is that a Stage is meant to be deployed with CDK Pipelines. This class can be used with cdk deploy. This class also provides context loading capabilities. It is an anti-pattern to provide a Workload instance as the parent scope to the aws-cdk-lib.Stack constructor. You should either use the createStack() method, create your own sub-class of Stack and provide a Workload instance as the parent scope, or use the import() method to essentially import a Stack and its constructs into a Workload without changing its scope.

Initializers 

import { Workload } from 'shady-island'

new Workload(scope: Construct, id: string, props: WorkloadProps)
Name Type Description
scope* constructs.Construct The construct scope.
id* string The construct ID.
props* shady-island.WorkloadProps The constructor options.
scopeRequired

The construct scope.

idRequired

The construct ID.

propsRequired

The constructor options.

Methods

Name Description
createStack Adds a stack to the Workload.
import Forces a return value for Workload.of for one or more Stack objects.
createStack 
public createStack(id: string, props?: StackProps)
idRequired

The Stack construct id (e.g. “Network”).

propsOptional

The new Stack properties.

import 
public import(stacks: Stack)
stacksRequired

The Stack instances to import to this Workload.

Static Functions

Name Description
isWorkload Test whether the given construct is a Workload.
of Return the Workload the construct is contained within, fails if there is no workload up the tree.
isWorkload 
import { Workload } from 'shady-island'

Workload.isWorkload(x: any)
xRequired

The value to test.

of 
import { Workload } from 'shady-island'

Workload.of(construct: IConstruct)
constructRequired

The construct whose parent nodes will be searched.

Properties

Name Type Description
stacks* aws-cdk-lib.Stack[] No description.
tier* shady-island.Tier The deployment tier.
workloadName* string The prefix used in the default stackName provided to child Stacks.
account string The default account for all resources defined within this workload.
publicDomainName string The domain name to use for resources that expose public endpoints.
region string The default region for all resources defined within this workload.
stacksRequired 
public readonly stacks: Stack[];
tierRequired 
public readonly tier: Tier;

The deployment tier.

workloadNameRequired 
public readonly workloadName: string;

The prefix used in the default stackName provided to child Stacks.

accountOptional 
public readonly account: string;

The default account for all resources defined within this workload.

publicDomainNameOptional 
public readonly publicDomainName: string;

The domain name to use for resources that expose public endpoints.

You can use Workload.of(this).publicDomainName as the zoneName of a Route 53 hosted zone. Any construct that creates public DNS resources (e.g. those of API Gateway, Application Load Balancing, CloudFront) can use this property to format a FQDN for itself by adding a subdomain.

regionOptional 
public readonly region: string;

The default region for all resources defined within this workload.

Structs

AssignOnLaunchProps

Properties for creating a new {@link AssignOnLaunch}.

Initializer 

import { AssignOnLaunchProps } from 'shady-island'

const assignOnLaunchProps: AssignOnLaunchProps = { ... }

Properties

Name Type Description
vpc* aws-cdk-lib.aws_ec2.IVpc The VPC whose subnets will be configured.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection Which subnets to assign IPv6 addresses upon ENI creation.
vpcRequired 
public readonly vpc: IVpc;

The VPC whose subnets will be configured.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

Which subnets to assign IPv6 addresses upon ENI creation.

BaseDatabaseOptions

These options cannot be determined from existing Database constructs.

Initializer 

import { BaseDatabaseOptions } from 'shady-island'

const baseDatabaseOptions: BaseDatabaseOptions = { ... }

Properties

Name Type Description
databaseName* string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

BaseDatabaseProps

The properties for a database.

Initializer 

import { BaseDatabaseProps } from 'shady-island'

const baseDatabaseProps: BaseDatabaseProps = { ... }

Properties

Name Type Description
databaseName* string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret* aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
endpoint* aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
target* aws-cdk-lib.aws_ec2.IConnectable The target service or database.
vpc* aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretRequired 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

targetRequired 
public readonly target: IConnectable;

The target service or database.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

CidrContextProps

Properties for creating a new {@link CidrContext}.

Initializer 

import { CidrContextProps } from 'shady-island'

const cidrContextProps: CidrContextProps = { ... }

Properties

Name Type Description
vpc* aws-cdk-lib.aws_ec2.IVpc The VPC whose subnets will be configured.
addressPool string The ID of a BYOIP IPv6 address pool from which to allocate the CIDR block.
assignAddressOnLaunch boolean Whether this VPC should auto-assign an IPv6 address to launched ENIs.
cidrBlock string An IPv6 CIDR block from the IPv6 address pool to use for this VPC.
cidrCount number Split the CIDRs into this many groups (by default one for each subnet).
vpcRequired 
public readonly vpc: IVpc;

The VPC whose subnets will be configured.

addressPoolOptional 
public readonly addressPool: string;

The ID of a BYOIP IPv6 address pool from which to allocate the CIDR block.

If this parameter is not specified or is undefined, the CIDR block will be provided by AWS.

assignAddressOnLaunchOptional 
public readonly assignAddressOnLaunch: boolean;

Whether this VPC should auto-assign an IPv6 address to launched ENIs.

True by default.

cidrBlockOptional 
public readonly cidrBlock: string;

An IPv6 CIDR block from the IPv6 address pool to use for this VPC.

The {@link EnableIpv6Props#addressPool} attribute is required if this parameter is specified.

cidrCountOptional 
public readonly cidrCount: number;

Split the CIDRs into this many groups (by default one for each subnet).

ContextLoadingStageProps

Constructor properties for ContextLoadingStage.

Initializer 

import { ContextLoadingStageProps } from 'shady-island'

const contextLoadingStageProps: ContextLoadingStageProps = { ... }

Properties

Name Type Description
env aws-cdk-lib.Environment Default AWS environment (account/region) for Stacks in this Stage.
outdir string The output directory into which to emit synthesized artifacts.
permissionsBoundary aws-cdk-lib.PermissionsBoundary Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.
policyValidationBeta1 aws-cdk-lib.IPolicyValidationPluginBeta1[] Validation plugins to run during synthesis.
stageName string Name of this stage.
contextFile string The filesystem path to a JSON file that contains context values to load.
envOptional 
public readonly env: Environment;

Default AWS environment (account/region) for Stacks in this Stage.

Stacks defined inside this Stage with either region or account missing from its env will use the corresponding field given here. If either region or accountis is not configured for Stack (either on the Stack itself or on the containing Stage), the Stack will be environment-agnostic. Environment-agnostic stacks can be deployed to any environment, may not be able to take advantage of all features of the CDK. For example, they will not be able to use environmental context lookups, will not automatically translate Service Principals to the right format based on the environment’s AWS partition, and other such enhancements.

outdirOptional 
public readonly outdir: string;

The output directory into which to emit synthesized artifacts.

Can only be specified if this stage is the root stage (the app). If this is specified and this stage is nested within another stage, an error will be thrown.

permissionsBoundaryOptional 
public readonly permissionsBoundary: PermissionsBoundary;

Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.

policyValidationBeta1Optional 
public readonly policyValidationBeta1: IPolicyValidationPluginBeta1[];

Validation plugins to run during synthesis.

If any plugin reports any violation, synthesis will be interrupted and the report displayed to the user.

stageNameOptional 
public readonly stageName: string;

Name of this stage.

contextFileOptional 
public readonly contextFile: string;

The filesystem path to a JSON file that contains context values to load.

Using this property allows you to load different context values within each Stage, directly from a file you can check into source control.

DeploymentTierStageProps

Constructor properties for DeploymentTierStage.

Initializer 

import { DeploymentTierStageProps } from 'shady-island'

const deploymentTierStageProps: DeploymentTierStageProps = { ... }

Properties

Name Type Description
env aws-cdk-lib.Environment Default AWS environment (account/region) for Stacks in this Stage.
outdir string The output directory into which to emit synthesized artifacts.
permissionsBoundary aws-cdk-lib.PermissionsBoundary Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.
policyValidationBeta1 aws-cdk-lib.IPolicyValidationPluginBeta1[] Validation plugins to run during synthesis.
stageName string Name of this stage.
contextFile string The filesystem path to a JSON file that contains context values to load.
tier* shady-island.Tier The deployment tier.
addTag boolean Whether a DeploymentTier tag is added to nested constructs.
envOptional 
public readonly env: Environment;

Default AWS environment (account/region) for Stacks in this Stage.

Stacks defined inside this Stage with either region or account missing from its env will use the corresponding field given here. If either region or accountis is not configured for Stack (either on the Stack itself or on the containing Stage), the Stack will be environment-agnostic. Environment-agnostic stacks can be deployed to any environment, may not be able to take advantage of all features of the CDK. For example, they will not be able to use environmental context lookups, will not automatically translate Service Principals to the right format based on the environment’s AWS partition, and other such enhancements.

outdirOptional 
public readonly outdir: string;

The output directory into which to emit synthesized artifacts.

Can only be specified if this stage is the root stage (the app). If this is specified and this stage is nested within another stage, an error will be thrown.

permissionsBoundaryOptional 
public readonly permissionsBoundary: PermissionsBoundary;

Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.

policyValidationBeta1Optional 
public readonly policyValidationBeta1: IPolicyValidationPluginBeta1[];

Validation plugins to run during synthesis.

If any plugin reports any violation, synthesis will be interrupted and the report displayed to the user.

stageNameOptional 
public readonly stageName: string;

Name of this stage.

contextFileOptional 
public readonly contextFile: string;

The filesystem path to a JSON file that contains context values to load.

Using this property allows you to load different context values within each Stage, directly from a file you can check into source control.

tierRequired 
public readonly tier: Tier;

The deployment tier.

addTagOptional 
public readonly addTag: boolean;

Whether a DeploymentTier tag is added to nested constructs.

EncryptedFileSystemProps

Constructor parameters for EncryptedFileSystem.

The encrypted argument is ignored.

Initializer 

import { EncryptedFileSystemProps } from 'shady-island'

const encryptedFileSystemProps: EncryptedFileSystemProps = { ... }

Properties

Name Type Description
vpc* aws-cdk-lib.aws_ec2.IVpc VPC to launch the file system in.
allowAnonymousAccess boolean Allow access from anonymous client that doesn’t use IAM authentication.
enableAutomaticBackups boolean Whether to enable automatic backups for the file system.
encrypted boolean Defines if the data at rest in the file system is encrypted or not.
fileSystemName string The file system’s name.
fileSystemPolicy aws-cdk-lib.aws_iam.PolicyDocument File system policy is an IAM resource policy used to control NFS access to an EFS file system.
kmsKey aws-cdk-lib.aws_kms.IKey The KMS key used for encryption.
lifecyclePolicy aws-cdk-lib.aws_efs.LifecyclePolicy A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class.
outOfInfrequentAccessPolicy aws-cdk-lib.aws_efs.OutOfInfrequentAccessPolicy A policy used by EFS lifecycle management to transition files from Infrequent Access (IA) storage class to primary storage class.
performanceMode aws-cdk-lib.aws_efs.PerformanceMode The performance mode that the file system will operate under.
provisionedThroughputPerSecond aws-cdk-lib.Size Provisioned throughput for the file system.
removalPolicy aws-cdk-lib.RemovalPolicy The removal policy to apply to the file system.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup Security Group to assign to this file system.
throughputMode aws-cdk-lib.aws_efs.ThroughputMode Enum to mention the throughput mode of the file system.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection Which subnets to place the mount target in the VPC.
vpcRequired 
public readonly vpc: IVpc;

VPC to launch the file system in.

allowAnonymousAccessOptional 
public readonly allowAnonymousAccess: boolean;

Allow access from anonymous client that doesn’t use IAM authentication.

enableAutomaticBackupsOptional 
public readonly enableAutomaticBackups: boolean;

Whether to enable automatic backups for the file system.

encryptedOptional 
public readonly encrypted: boolean;

Defines if the data at rest in the file system is encrypted or not.

https://docs.aws.amazon.com/cdk/latest/guide/featureflags.html

fileSystemNameOptional 
public readonly fileSystemName: string;

The file system’s name.

fileSystemPolicyOptional 
public readonly fileSystemPolicy: PolicyDocument;

File system policy is an IAM resource policy used to control NFS access to an EFS file system.

kmsKeyOptional 
public readonly kmsKey: IKey;

The KMS key used for encryption.

This is required to encrypt the data at rest if

lifecyclePolicyOptional 
public readonly lifecyclePolicy: LifecyclePolicy;

A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class.

outOfInfrequentAccessPolicyOptional 
public readonly outOfInfrequentAccessPolicy: OutOfInfrequentAccessPolicy;

A policy used by EFS lifecycle management to transition files from Infrequent Access (IA) storage class to primary storage class.

performanceModeOptional 
public readonly performanceMode: PerformanceMode;

The performance mode that the file system will operate under.

An Amazon EFS file system’s performance mode can’t be changed after the file system has been created. Updating this property will replace the file system.

provisionedThroughputPerSecondOptional 
public readonly provisionedThroughputPerSecond: Size;

Provisioned throughput for the file system.

This is a required property if the throughput mode is set to PROVISIONED. Must be at least 1MiB/s.

removalPolicyOptional 
public readonly removalPolicy: RemovalPolicy;

The removal policy to apply to the file system.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

Security Group to assign to this file system.

throughputModeOptional 
public readonly throughputMode: ThroughputMode;

Enum to mention the throughput mode of the file system.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

Which subnets to place the mount target in the VPC.

EncryptedLogGroupProps

Constructor properties for EncryptedLogGroup.

Initializer 

import { EncryptedLogGroupProps } from 'shady-island'

const encryptedLogGroupProps: EncryptedLogGroupProps = { ... }

Properties

Name Type Description
logGroupName* string Name of the log group.
encryptionKey aws-cdk-lib.aws_kms.IKey The KMS Key to encrypt the log group with.
removalPolicy aws-cdk-lib.RemovalPolicy Whether the key and group should be retained when they are removed from the Stack.
retention aws-cdk-lib.aws_logs.RetentionDays How long, in days, the log contents will be retained.
logGroupNameRequired 
public readonly logGroupName: string;

Name of the log group.

We need a log group name ahead of time because otherwise the key policy would create a cyclical dependency.

encryptionKeyOptional 
public readonly encryptionKey: IKey;

The KMS Key to encrypt the log group with.

removalPolicyOptional 
public readonly removalPolicy: RemovalPolicy;

Whether the key and group should be retained when they are removed from the Stack.

retentionOptional 
public readonly retention: RetentionDays;

How long, in days, the log contents will be retained.

FargateAwsVpcConfiguration

The networkConfiguration.awsvpcConfiguration values for ecs.RunTask.

Initializer 

import { FargateAwsVpcConfiguration } from 'shady-island'

const fargateAwsVpcConfiguration: FargateAwsVpcConfiguration = { ... }

Properties

Name Type Description
assignPublicIp string Whether the task’s elastic network interface receives a public IP address.
securityGroups string[] The IDs of the security groups associated with the task or service.
subnets string[] The IDs of the subnets associated with the task or service.
assignPublicIpOptional 
public readonly assignPublicIp: string;

Whether the task’s elastic network interface receives a public IP address.

The default value is DISABLED .

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html#cfn-ecs-service-awsvpcconfiguration-assignpublicip

securityGroupsOptional 
public readonly securityGroups: string[];

The IDs of the security groups associated with the task or service.

If you don’t specify a security group, the default security group for the VPC is used. There’s a limit of 5 security groups that can be specified per AwsVpcConfiguration . > All specified security groups must be from the same VPC.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html#cfn-ecs-service-awsvpcconfiguration-securitygroups

subnetsOptional 
public readonly subnets: string[];

The IDs of the subnets associated with the task or service.

There’s a limit of 16 subnets that can be specified per AwsVpcConfiguration . > All specified subnets must be from the same VPC.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html#cfn-ecs-service-awsvpcconfiguration-subnets

FargateTaskProps

Constructor parameters for FargateTask.

Initializer 

import { FargateTaskProps } from 'shady-island'

const fargateTaskProps: FargateTaskProps = { ... }

Properties

Name Type Description
cluster* aws-cdk-lib.aws_ecs.ICluster The name of the cluster that hosts the service.
taskDefinition* aws-cdk-lib.aws_ecs.FargateTaskDefinition The task definition that can be launched.
assignPublicIp boolean Specifies whether the task’s elastic network interface receives a public IP address.
securityGroups aws-cdk-lib.aws_ec2.ISecurityGroup[] Existing security groups to use for your task.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The subnets to associate with the task.
clusterRequired 
public readonly cluster: ICluster;

The name of the cluster that hosts the service.

taskDefinitionRequired 
public readonly taskDefinition: FargateTaskDefinition;

The task definition that can be launched.

assignPublicIpOptional 
public readonly assignPublicIp: boolean;

Specifies whether the task’s elastic network interface receives a public IP address.

If true, the task will receive a public IP address.

securityGroupsOptional 
public readonly securityGroups: ISecurityGroup[];

Existing security groups to use for your task.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The subnets to associate with the task.

MysqlDatabaseForClusterOptions

Properties to specify when using MysqlDatabase.forCluster().

Initializer 

import { MysqlDatabaseForClusterOptions } from 'shady-island'

const mysqlDatabaseForClusterOptions: MysqlDatabaseForClusterOptions = { ... }

Properties

Name Type Description
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
characterSet string The database default character set to use.
collation string The database default collation to use.
databaseName* string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

characterSetOptional 
public readonly characterSet: string;

The database default character set to use.

collationOptional 
public readonly collation: string;

The database default collation to use.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretOptional 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

MysqlDatabaseForServerlessClusterOptions

Properties to specify when using MysqlDatabase.forServerlessCluster().

Initializer 

import { MysqlDatabaseForServerlessClusterOptions } from 'shady-island'

const mysqlDatabaseForServerlessClusterOptions: MysqlDatabaseForServerlessClusterOptions = { ... }

Properties

Name Type Description
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
characterSet string The database default character set to use.
collation string The database default collation to use.
databaseName* string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
vpc* aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

characterSetOptional 
public readonly characterSet: string;

The database default character set to use.

collationOptional 
public readonly collation: string;

The database default collation to use.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretOptional 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

MysqlDatabaseOptions

MySQL-specific options.

Initializer 

import { MysqlDatabaseOptions } from 'shady-island'

const mysqlDatabaseOptions: MysqlDatabaseOptions = { ... }

Properties

Name Type Description
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
characterSet string The database default character set to use.
collation string The database default collation to use.
certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

characterSetOptional 
public readonly characterSet: string;

The database default character set to use.

collationOptional 
public readonly collation: string;

The database default collation to use.

MysqlDatabaseProps

Constructor properties for MysqlDatabase.

Initializer 

import { MysqlDatabaseProps } from 'shady-island'

const mysqlDatabaseProps: MysqlDatabaseProps = { ... }

Properties

Name Type Description
databaseName* string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret* aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
endpoint* aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
target* aws-cdk-lib.aws_ec2.IConnectable The target service or database.
vpc* aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
characterSet string The database default character set to use.
collation string The database default collation to use.
databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretRequired 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

targetRequired 
public readonly target: IConnectable;

The target service or database.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

characterSetOptional 
public readonly characterSet: string;

The database default character set to use.

collationOptional 
public readonly collation: string;

The database default collation to use.

PostgresqlDatabaseForClusterOptions

Properties to specify when using PostgresqlDatabase.forCluster().

Initializer 

import { PostgresqlDatabaseForClusterOptions } from 'shady-island'

const postgresqlDatabaseForClusterOptions: PostgresqlDatabaseForClusterOptions = { ... }

Properties

Name Type Description
ownerSecret* aws-cdk-lib.aws_secretsmanager.ISecret The Secrets Manager secret for the owner of the schema.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
encoding string The database default encoding set to use.
locale string The database default locale to use.
schemaName string The name of the schema to create.
databaseName* string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
ownerSecretRequired 
public readonly ownerSecret: ISecret;

The Secrets Manager secret for the owner of the schema.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

encodingOptional 
public readonly encoding: string;

The database default encoding set to use.

localeOptional 
public readonly locale: string;

The database default locale to use.

schemaNameOptional 
public readonly schemaName: string;

The name of the schema to create.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretOptional 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

PostgresqlDatabaseForServerlessClusterOptions

Properties to specify when using PostgresqlDatabase.forServerlessCluster().

Initializer 

import { PostgresqlDatabaseForServerlessClusterOptions } from 'shady-island'

const postgresqlDatabaseForServerlessClusterOptions: PostgresqlDatabaseForServerlessClusterOptions = { ... }

Properties

Name Type Description
ownerSecret* aws-cdk-lib.aws_secretsmanager.ISecret The Secrets Manager secret for the owner of the schema.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
encoding string The database default encoding set to use.
locale string The database default locale to use.
schemaName string The name of the schema to create.
databaseName* string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
vpc* aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
ownerSecretRequired 
public readonly ownerSecret: ISecret;

The Secrets Manager secret for the owner of the schema.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

encodingOptional 
public readonly encoding: string;

The database default encoding set to use.

localeOptional 
public readonly locale: string;

The database default locale to use.

schemaNameOptional 
public readonly schemaName: string;

The name of the schema to create.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretOptional 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

PostgresqlDatabaseOptions

PostgreSQL-specific options.

Initializer 

import { PostgresqlDatabaseOptions } from 'shady-island'

const postgresqlDatabaseOptions: PostgresqlDatabaseOptions = { ... }

Properties

Name Type Description
ownerSecret* aws-cdk-lib.aws_secretsmanager.ISecret The Secrets Manager secret for the owner of the schema.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
encoding string The database default encoding set to use.
locale string The database default locale to use.
schemaName string The name of the schema to create.
ownerSecretRequired 
public readonly ownerSecret: ISecret;

The Secrets Manager secret for the owner of the schema.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

encodingOptional 
public readonly encoding: string;

The database default encoding set to use.

localeOptional 
public readonly locale: string;

The database default locale to use.

schemaNameOptional 
public readonly schemaName: string;

The name of the schema to create.

PostgresqlDatabaseProps

Constructor properties for PostgresqlDatabase.

Initializer 

import { PostgresqlDatabaseProps } from 'shady-island'

const postgresqlDatabaseProps: PostgresqlDatabaseProps = { ... }

Properties

Name Type Description
databaseName* string The name of the database/catalog to create.
securityGroup aws-cdk-lib.aws_ec2.ISecurityGroup The security group for the Lambda function.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection The type of subnets in the VPC where the Lambda function will run.
adminSecret* aws-cdk-lib.aws_secretsmanager.ISecret A Secrets Manager secret that contains administrative credentials.
endpoint* aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
target* aws-cdk-lib.aws_ec2.IConnectable The target service or database.
vpc* aws-cdk-lib.aws_ec2.IVpc The VPC where the Lambda function will run.
ownerSecret* aws-cdk-lib.aws_secretsmanager.ISecret The Secrets Manager secret for the owner of the schema.
certificateAuthoritiesUrl string The URL to the PEM-encoded Certificate Authority file.
encoding string The database default encoding set to use.
locale string The database default locale to use.
schemaName string The name of the schema to create.
databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog to create.

securityGroupOptional 
public readonly securityGroup: ISecurityGroup;

The security group for the Lambda function.

vpcSubnetsOptional 
public readonly vpcSubnets: SubnetSelection;

The type of subnets in the VPC where the Lambda function will run.

adminSecretRequired 
public readonly adminSecret: ISecret;

A Secrets Manager secret that contains administrative credentials.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

targetRequired 
public readonly target: IConnectable;

The target service or database.

vpcRequired 
public readonly vpc: IVpc;

The VPC where the Lambda function will run.

ownerSecretRequired 
public readonly ownerSecret: ISecret;

The Secrets Manager secret for the owner of the schema.

certificateAuthoritiesUrlOptional 
public readonly certificateAuthoritiesUrl: string;

The URL to the PEM-encoded Certificate Authority file.

Normally, we would just assume the Lambda runtime has the certificates to trust already installed. Since the current Lambda runtime environments lack the newer RDS certificate authority certificates, this option can be used to specify a URL to a remote file containing the CAs.

https://github.com/aws/aws-lambda-base-images/issues/123

encodingOptional 
public readonly encoding: string;

The database default encoding set to use.

localeOptional 
public readonly locale: string;

The database default locale to use.

schemaNameOptional 
public readonly schemaName: string;

The name of the schema to create.

PrioritizedLines

A container for lines of a User Data script, sortable by priority.

Initializer 

import { PrioritizedLines } from 'shady-island'

const prioritizedLines: PrioritizedLines = { ... }

Properties

Name Type Description
lines* string[] The command lines.
priority* number The priority for this set of commands.
linesRequired 
public readonly lines: string[];

The command lines.

priorityRequired 
public readonly priority: number;

The priority for this set of commands.

WorkloadProps

Constructor properties for a Workload.

Initializer 

import { WorkloadProps } from 'shady-island'

const workloadProps: WorkloadProps = { ... }

Properties

Name Type Description
tier* shady-island.Tier The deployment tier.
baseDomainName string The base domain name used to create the FQDN for public resources.
contextFile string The filesystem path to a JSON file that contains context values to load.
env aws-cdk-lib.Environment The AWS environment (account/region) where this stack will be deployed.
workloadName string The machine identifier for this workload.
tierRequired 
public readonly tier: Tier;

The deployment tier.

baseDomainNameOptional 
public readonly baseDomainName: string;

The base domain name used to create the FQDN for public resources.

contextFileOptional 
public readonly contextFile: string;

The filesystem path to a JSON file that contains context values to load.

Using this property allows you to load different context values within each instantiated Workload, directly from a file you can check into source control.

envOptional 
public readonly env: Environment;

The AWS environment (account/region) where this stack will be deployed.

workloadNameOptional 
public readonly workloadName: string;

The machine identifier for this workload.

This value will be used to create the publicDomainName property. By default, the stackName property used to create Stack constructs in the createStack method will begin with this Workload’s workloadName and its tier separated by hyphens. Consider providing a constant workloadName value to the superclass constructor in your derived class.

Classes

ContextLoader

A utility to load context values into a construct node.

If you want to use this utility in your own construct, make sure to invoke it before you create any child constructs.

Initializers 

import { ContextLoader } from 'shady-island'

new ContextLoader()

| Name | Type | Description | | — | — | — |

Static Functions

Name Description
loadContext Parses JSON file contents, then provides the values to a Node’s context.
loadContext 
import { ContextLoader } from 'shady-island'

ContextLoader.loadContext(filename: string, node: Node)
filenameRequired

The JSON file with an object to use as context values.

nodeRequired

The constructs node to receive the context values.

Tier

A deployment environment with a specific purpose and audience.

You can create any Tier you like, but we include those explained by DTAP.

https://en.wikipedia.org/wiki/Development,_testing,_acceptance_and_production

Initializers 

import { Tier } from 'shady-island'

new Tier(id: string, label: string)
Name Type Description
id* string The machine-readable identifier for this tier (e.g. prod).
label* string The human-readable label for this tier (e.g. Production).
idRequired

The machine-readable identifier for this tier (e.g. prod).

labelRequired

The human-readable label for this tier (e.g. Production).

Methods

Name Description
applyTags Adds the label of this tier as a tag to the provided construct.
assignTo Assigns this tier to a construct.
matches Compares this tier to the provided value and tests for equality.
applyTags 
public applyTags(construct: IConstruct)
constructRequired
assignTo 
public assignTo(construct: IConstruct)
constructRequired

The construct to receive the tier assignment.

matches 
public matches(other: Tier)
otherRequired

The value to compare.

Static Functions

Name Description
of Finds the deployment tier of the given construct.
parse Return the deployment tier that corresponds to the provided value.
of 
import { Tier } from 'shady-island'

Tier.of(construct: IConstruct)
constructRequired

The construct to inspect.

parse 
import { Tier } from 'shady-island'

Tier.parse(value: string)
valueRequired

The value to parse, case-insensitive.

Properties

Name Type Description
id* string The machine-readable identifier for this tier (e.g. prod).
label* string The human-readable label for this tier (e.g. Production).
idRequired 
public readonly id: string;

The machine-readable identifier for this tier (e.g. prod).

labelRequired 
public readonly label: string;

The human-readable label for this tier (e.g. Production).

Constants

Name Type Description
ACCEPTANCE* shady-island.Tier A tier that represents an acceptance environment.
DEVELOPMENT* shady-island.Tier A tier that represents a development environment.
PRODUCTION* shady-island.Tier A tier that represents a production environment.
TESTING* shady-island.Tier A tier that represents a testing environment.
ACCEPTANCE

A tier that represents an acceptance environment.

DEVELOPMENT

A tier that represents a development environment.

PRODUCTION

A tier that represents a production environment.

TESTING

A tier that represents a testing environment.

TierTagger

A CDK Aspect to apply the DeploymentTier tag to Stacks.

Initializers 

import { TierTagger } from 'shady-island'

new TierTagger(tier: Tier)
Name Type Description
tier* shady-island.Tier The deployment tier.
tierRequired

The deployment tier.

Methods

Name Description
visit All aspects can visit an IConstruct.
visit 
public visit(node: IConstruct)
nodeRequired

UserDataBuilder

A utility class to assist with composing instance User Data.

This class allows multiple observers in code to add lines to the same end result UserData without clobbering each other. Just like conf.d directories with priority number prefixes, you can declare the proper execution order of your UserData commands without having to add them in that order.

Initializers 

import { UserDataBuilder } from 'shady-island'

new UserDataBuilder()

| Name | Type | Description | | — | — | — |

Methods

Name Description
addCommands Add one or more commands to the user data with a priority of 0.
buildUserData Produces the User Data script with all lines sorted in priority order.
insertCommands Add one or more commands to the user data at a specific priority.
addCommands 
public addCommands(commands: string)
commandsRequired

The lines to add.

buildUserData 
public buildUserData()
insertCommands 
public insertCommands(priority: number, commands: string)
priorityRequired

The priority of these lines (lower executes earlier).

commandsRequired

The lines to add.

Static Functions

Name Description
forLinux Returns a user data builder for GNU/Linux operating systems.
forWindows Returns a user data builder for Windows operating systems.
forLinux 
import { UserDataBuilder } from 'shady-island'

UserDataBuilder.forLinux(options?: LinuxUserDataOptions)
optionsOptional

The Linux UserData constructor options.

forWindows 
import { UserDataBuilder } from 'shady-island'

UserDataBuilder.forWindows()

Protocols

IAssignOnLaunch

Interface for the AssignOnLaunch class.

Properties

Name Type Description
vpc* aws-cdk-lib.aws_ec2.IVpc The IPv6-enabled VPC.
vpcPlacement* aws-cdk-lib.aws_ec2.SelectedSubnets The chosen subnets for address assignment on ENI launch.
vpcRequired 
public readonly vpc: IVpc;

The IPv6-enabled VPC.

vpcPlacementRequired 
public readonly vpcPlacement: SelectedSubnets;

The chosen subnets for address assignment on ENI launch.

ICidrContext

Interface for the CidrContext class.

Properties

Name Type Description
vpc* aws-cdk-lib.aws_ec2.IVpc The IPv6-enabled VPC.
vpcRequired 
public readonly vpc: IVpc;

The IPv6-enabled VPC.

IDatabase

The definition used to create a database.

Methods

Name Description
addUserAsOwner Declares a new database user to be assigned ownership permissions.
addUserAsReader Declares a new database user to be assigned read-only permissions.
addUserAsUnprivileged Declares a new database user with no permissions.
addUserAsOwner 
public addUserAsOwner(secret: ISecret)
secretRequired

The Secrets Manager secret containing credentials.

addUserAsReader 
public addUserAsReader(secret: ISecret)
secretRequired

The Secrets Manager secret containing credentials.

addUserAsUnprivileged 
public addUserAsUnprivileged(secret: ISecret)
secretRequired

The Secrets Manager secret containing credentials.

Properties

Name Type Description
node* constructs.Node The tree node.
databaseName* string The name of the database/catalog.
endpoint* aws-cdk-lib.aws_rds.Endpoint The cluster or instance endpoint.
trigger* aws-cdk-lib.triggers.ITrigger The CDK Trigger that kicks off the process.
nodeRequired 
public readonly node: Node;

The tree node.

databaseNameRequired 
public readonly databaseName: string;

The name of the database/catalog.

endpointRequired 
public readonly endpoint: Endpoint;

The cluster or instance endpoint.

triggerRequired 
public readonly trigger: ITrigger;

The CDK Trigger that kicks off the process.

You can further customize when the trigger fires using executeAfter.

IEncryptedFileSystem

Interface for EncryptedFileSystem.

Properties

Name Type Description
node* constructs.Node The tree node.
fileSystem* aws-cdk-lib.aws_efs.IFileSystem The EFS file system.
key* aws-cdk-lib.aws_kms.IKey The KMS encryption key.
nodeRequired 
public readonly node: Node;

The tree node.

fileSystemRequired 
public readonly fileSystem: IFileSystem;

The EFS file system.

keyRequired 
public readonly key: IKey;

The KMS encryption key.

IEncryptedLogGroup

A log group encrypted by a KMS customer managed key.

Properties

Name Type Description
key* aws-cdk-lib.aws_kms.IKey The KMS encryption key.
logGroup* aws-cdk-lib.aws_logs.ILogGroup The log group.
keyRequired 
public readonly key: IKey;

The KMS encryption key.

logGroupRequired 
public readonly logGroup: ILogGroup;

The log group.

IFargateTask

Interface for FargateTask.

Methods

Name Description
grantRun Grants permission to invoke ecs:RunTask on this task’s cluster.
grantRun 
public grantRun(grantee: IGrantable)
granteeRequired

The recipient of the permissions.

Properties

Name Type Description
connections* aws-cdk-lib.aws_ec2.Connections The network connections associated with this resource.
node* constructs.Node The tree node.
awsVpcNetworkConfig* shady-island.FargateAwsVpcConfiguration Get the networkConfiguration.awsvpcConfiguration property to run this task.
cluster* aws-cdk-lib.aws_ecs.ICluster The name of the cluster that hosts the service.
taskDefinition* aws-cdk-lib.aws_ecs.FargateTaskDefinition The task definition that can be launched.
connectionsRequired 
public readonly connections: Connections;

The network connections associated with this resource.

nodeRequired 
public readonly node: Node;

The tree node.

awsVpcNetworkConfigRequired 
public readonly awsVpcNetworkConfig: FargateAwsVpcConfiguration;

Get the networkConfiguration.awsvpcConfiguration property to run this task.

clusterRequired 
public readonly cluster: ICluster;

The name of the cluster that hosts the service.

taskDefinitionRequired 
public readonly taskDefinition: FargateTaskDefinition;

The task definition that can be launched.