Skip to content

Breaking: [AEA-6593] - use new exports from cdk stacks #711

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
anthony-nhs merged 6 commits into from
Apr 29, 2026
Merged

Breaking: [AEA-6593] - use new exports from cdk stacks #711

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7e83ca2
move to new import names
anthony-nhs Apr 27, 2026
b747fee
Merge branch 'main' into new_imports
anthony-nhs Apr 27, 2026
08bae6d
fix deploymentUtils
anthony-nhs Apr 28, 2026
2e3900b
Merge remote-tracking branch 'refs/remotes/origin/new_imports' into n…
anthony-nhs Apr 28, 2026
61a529c
fix readme
anthony-nhs Apr 28, 2026
cd58764
change export names
anthony-nhs Apr 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 15 additions & 15 deletions packages/cdkConstructs/src/constants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,27 +5,27 @@ export const CDK_ENV_PREFIX = "CDK_CONFIG_"

/** Imported cross-stack account resource values used by constructs in this package. */
export const ACCOUNT_RESOURCES = {
CloudwatchEncryptionKMSPolicyArn: Fn.importValue("account-resources:CloudwatchEncryptionKMSPolicyArn"),
CloudwatchLogsKmsKeyArn: Fn.importValue("account-resources:CloudwatchLogsKmsKeyArn"),
CloudwatchEncryptionKMSPolicyArn: Fn.importValue("account-resources-cdk-uk:IAM:CloudwatchEncryptionKMSPolicy:Arn"),
CloudwatchLogsKmsKeyArn: Fn.importValue("account-resources-cdk-uk:KMS:CloudwatchLogsKmsKey:Arn"),
EpsDomainName: Fn.importValue("eps-route53-resources:EPS-domain"),
EpsZoneId: Fn.importValue("eps-route53-resources:EPS-ZoneID"),
LambdaAccessSecretsPolicy: Fn.importValue("account-resources:LambdaAccessSecretsPolicy"),
LambdaDecryptSecretsKMSPolicy: Fn.importValue("account-resources:LambdaDecryptSecretsKMSPolicy"),
SpinePrivateKeyARN: Fn.importValue("account-resources:SpinePrivateKey"),
SpinePublicCertificateARN: Fn.importValue("account-resources:SpinePublicCertificate"),
SpineASIDARN: Fn.importValue("account-resources:SpineASID"),
SpinePartyKeyARN: Fn.importValue("account-resources:SpinePartyKey"),
SpineCAChainARN: Fn.importValue("account-resources:SpineCAChain"),
TrustStoreBucket: Fn.importValue("account-resources:TrustStoreBucket"),
TrustStoreBucketKMSKey: Fn.importValue("account-resources:TrustStoreBucketKMSKey"),
TrustStoreDeploymentBucket: Fn.importValue("account-resources:TrustStoreDeploymentBucket")
LambdaAccessSecretsPolicy: Fn.importValue("secrets-cdk:IAM:LambdaAccessSecretsPolicy:Arn"),
LambdaDecryptSecretsKMSPolicy: Fn.importValue("secrets-cdk:IAM:LambdaDecryptSecretsKMSPolicy:Arn"),
SpinePrivateKeyARN: Fn.importValue("secrets-cdk:Secrets:SpinePrivateKey:Arn"),
SpinePublicCertificateARN: Fn.importValue("secrets-cdk:Secrets:SpinePublicCertificate:Arn"),
SpineASIDARN: Fn.importValue("secrets-cdk:Secrets:SpineASID:Arn"),
SpinePartyKeyARN: Fn.importValue("secrets-cdk:Secrets:SpinePartyKey:Arn"),
SpineCAChainARN: Fn.importValue("secrets-cdk:Secrets:SpineCAChain:Arn"),
TrustStoreBucket: Fn.importValue("account-resources-cdk-uk:Bucket:TrustStoreBucket:Arn"),
TrustStoreBucketKMSKey: Fn.importValue("account-resources-cdk-uk:KMS:TrustStoreBucketKMSKey:Arn"),
TrustStoreDeploymentBucket: Fn.importValue("account-resources-cdk-uk:Bucket:TrustStoreDeploymentBucket:Arn")
}

/** Imported shared Lambda resource values used by Lambda and API Gateway constructs. */
export const LAMBDA_RESOURCES = {
LambdaInsightsLogGroupPolicy: Fn.importValue("lambda-resources:LambdaInsightsLogGroupPolicy"),
SplunkDeliveryStream: Fn.importValue("lambda-resources:SplunkDeliveryStream"),
SplunkSubscriptionFilterRole: Fn.importValue("lambda-resources:SplunkSubscriptionFilterRole")
LambdaInsightsLogGroupPolicy: Fn.importValue("account-resources-cdk-uk:IAM:LambdaInsightsLogGroupPolicy:Arn"),
SplunkDeliveryStream: Fn.importValue("account-resources-cdk-uk:Firehose:SplunkDeliveryStream:Arn"),
SplunkSubscriptionFilterRole: Fn.importValue("account-resources-cdk-uk:IAM:SplunkSubscriptionFilterRole:Arn")
}

/** Shared cfn-guard rule identifiers used for metadata suppressions. */
Expand Down
8 changes: 4 additions & 4 deletions packages/cdkConstructs/tests/constructs/RestApiGateway.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,16 +48,16 @@ describe("RestApiGateway without mTLS", () => {
test("creates CloudWatch log group with correct properties", () => {
template.hasResourceProperties("AWS::Logs::LogGroup", {
LogGroupName: "/aws/apigateway/test-stack-apigw",
KmsKeyId: {"Fn::ImportValue": "account-resources:CloudwatchLogsKmsKeyArn"},
KmsKeyId: {"Fn::ImportValue": "account-resources-cdk-uk:KMS:CloudwatchLogsKmsKey:Arn"},
RetentionInDays: 30
})
})

test("creates Splunk subscription filter", () => {
template.hasResourceProperties("AWS::Logs::SubscriptionFilter", {
FilterPattern: "",
RoleArn: {"Fn::ImportValue": "lambda-resources:SplunkSubscriptionFilterRole"},
DestinationArn: {"Fn::ImportValue": "lambda-resources:SplunkDeliveryStream"}
RoleArn: {"Fn::ImportValue": "account-resources-cdk-uk:IAM:SplunkSubscriptionFilterRole:Arn"},
DestinationArn: {"Fn::ImportValue": "account-resources-cdk-uk:Firehose:SplunkDeliveryStream:Arn"}
})
})

Expand Down Expand Up @@ -269,7 +269,7 @@ describe("RestApiGateway with mTLS", () => {
test("creates trust store deployment log group", () => {
template.hasResourceProperties("AWS::Logs::LogGroup", {
LogGroupName: "/aws/lambda/test-stack-truststore-deployment",
KmsKeyId: {"Fn::ImportValue": "account-resources:CloudwatchLogsKmsKeyArn"},
KmsKeyId: {"Fn::ImportValue": "account-resources-cdk-uk:KMS:CloudwatchLogsKmsKey:Arn"},
RetentionInDays: 30
})
})
Expand Down
14 changes: 7 additions & 7 deletions packages/cdkConstructs/tests/constructs/pythonLambdaFunctionConstruct.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ describe("pythonFunctionConstruct works correctly", () => {
test("it has the correct log group", () => {
template.hasResourceProperties("AWS::Logs::LogGroup", {
LogGroupName: "/aws/lambda/testPythonLambda",
KmsKeyId: {"Fn::ImportValue": "account-resources:CloudwatchLogsKmsKeyArn"},
KmsKeyId: {"Fn::ImportValue": "account-resources-cdk-uk:KMS:CloudwatchLogsKmsKey:Arn"},
RetentionInDays: 30
})
})
Expand All @@ -92,8 +92,8 @@ describe("pythonFunctionConstruct works correctly", () => {
template.hasResourceProperties("AWS::Logs::SubscriptionFilter", {
LogGroupName: {"Ref": lambdaLogGroupResource.Ref},
FilterPattern: "",
RoleArn: {"Fn::ImportValue": "lambda-resources:SplunkSubscriptionFilterRole"},
DestinationArn: {"Fn::ImportValue": "lambda-resources:SplunkDeliveryStream"}
RoleArn: {"Fn::ImportValue": "account-resources-cdk-uk:IAM:SplunkSubscriptionFilterRole:Arn"},
DestinationArn: {"Fn::ImportValue": "account-resources-cdk-uk:Firehose:SplunkDeliveryStream:Arn"}
})
})

Expand All @@ -108,8 +108,8 @@ describe("pythonFunctionConstruct works correctly", () => {
}]
},
ManagedPolicyArns: Match.arrayWith([
{"Fn::ImportValue": "lambda-resources:LambdaInsightsLogGroupPolicy"},
{"Fn::ImportValue": "account-resources:CloudwatchEncryptionKMSPolicyArn"}
{"Fn::ImportValue": "account-resources-cdk-uk:IAM:LambdaInsightsLogGroupPolicy:Arn"},
{"Fn::ImportValue": "account-resources-cdk-uk:IAM:CloudwatchEncryptionKMSPolicy:Arn"}
])
})
})
Expand Down Expand Up @@ -215,8 +215,8 @@ describe("pythonFunctionConstruct works correctly with additional policies", ()
test("it has the correct policies in the role", () => {
template.hasResourceProperties("AWS::IAM::Role", {
ManagedPolicyArns: Match.arrayWith([
{"Fn::ImportValue": "lambda-resources:LambdaInsightsLogGroupPolicy"},
{"Fn::ImportValue": "account-resources:CloudwatchEncryptionKMSPolicyArn"},
{"Fn::ImportValue": "account-resources-cdk-uk:IAM:LambdaInsightsLogGroupPolicy:Arn"},
{"Fn::ImportValue": "account-resources-cdk-uk:IAM:CloudwatchEncryptionKMSPolicy:Arn"},
{Ref: testPolicyResource.Ref}
])
})
Expand Down
4 changes: 2 additions & 2 deletions packages/cdkConstructs/tests/constructs/stateMachineConstruct.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,15 +36,15 @@ describe("ExpressStateMachine construct", () => {
test("creates CloudWatch log group with correct name and KMS key", () => {
template.hasResourceProperties("AWS::Logs::LogGroup", {
LogGroupName: "/aws/stepfunctions/test-state-machine",
KmsKeyId: {"Fn::ImportValue": "account-resources:CloudwatchLogsKmsKeyArn"},
KmsKeyId: {"Fn::ImportValue": "account-resources-cdk-uk:KMS:CloudwatchLogsKmsKey:Arn"},
RetentionInDays: 30
})
})

test("creates Splunk subscription filter by default", () => {
template.hasResourceProperties("AWS::Logs::SubscriptionFilter", {
FilterPattern: "",
RoleArn: {"Fn::ImportValue": "lambda-resources:SplunkSubscriptionFilterRole"}
RoleArn: {"Fn::ImportValue": "account-resources-cdk-uk:IAM:SplunkSubscriptionFilterRole:Arn"}
})
})

Expand Down
14 changes: 7 additions & 7 deletions packages/cdkConstructs/tests/constructs/typescriptFunctionConstruct.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ describe("TypescriptLambdaFunctionConstruct works correctly", () => {
test("it has the correct log group", () => {
template.hasResourceProperties("AWS::Logs::LogGroup", {
LogGroupName: "/aws/lambda/testLambda",
KmsKeyId: {"Fn::ImportValue": "account-resources:CloudwatchLogsKmsKeyArn"},
KmsKeyId: {"Fn::ImportValue": "account-resources-cdk-uk:KMS:CloudwatchLogsKmsKey:Arn"},
RetentionInDays: 30
})
})
Expand All @@ -97,8 +97,8 @@ describe("TypescriptLambdaFunctionConstruct works correctly", () => {
template.hasResourceProperties("AWS::Logs::SubscriptionFilter", {
LogGroupName: {"Ref": lambdaLogGroupResource.Ref},
FilterPattern: "",
RoleArn: {"Fn::ImportValue": "lambda-resources:SplunkSubscriptionFilterRole"},
DestinationArn: {"Fn::ImportValue": "lambda-resources:SplunkDeliveryStream"}
RoleArn: {"Fn::ImportValue": "account-resources-cdk-uk:IAM:SplunkSubscriptionFilterRole:Arn"},
DestinationArn: {"Fn::ImportValue": "account-resources-cdk-uk:Firehose:SplunkDeliveryStream:Arn"}
})
})

Expand All @@ -117,8 +117,8 @@ describe("TypescriptLambdaFunctionConstruct works correctly", () => {
"Version": "2012-10-17"
},
"ManagedPolicyArns": Match.arrayWith([
{"Fn::ImportValue": "lambda-resources:LambdaInsightsLogGroupPolicy"},
{"Fn::ImportValue": "account-resources:CloudwatchEncryptionKMSPolicyArn"}
{"Fn::ImportValue": "account-resources-cdk-uk:IAM:LambdaInsightsLogGroupPolicy:Arn"},
{"Fn::ImportValue": "account-resources-cdk-uk:IAM:CloudwatchEncryptionKMSPolicy:Arn"}
])
})
})
Expand Down Expand Up @@ -223,8 +223,8 @@ describe("functionConstruct works correctly with additional policies", () => {
test("it has the correct policies in the role", () => {
template.hasResourceProperties("AWS::IAM::Role", {
"ManagedPolicyArns": Match.arrayWith([
{"Fn::ImportValue": "lambda-resources:LambdaInsightsLogGroupPolicy"},
{"Fn::ImportValue": "account-resources:CloudwatchEncryptionKMSPolicyArn"},
{"Fn::ImportValue": "account-resources-cdk-uk:IAM:LambdaInsightsLogGroupPolicy:Arn"},
{"Fn::ImportValue": "account-resources-cdk-uk:IAM:CloudwatchEncryptionKMSPolicy:Arn"},
{Ref: testPolicyResource.Ref}
])
})
Expand Down