1 | import { DockerImageAssetLocation, DockerImageAssetSource, FileAssetLocation, FileAssetSource } from '../assets';
|
2 | import { ISynthesisSession } from '../construct-compat';
|
3 | import { Stack } from '../stack';
|
4 | import { StackSynthesizer } from './stack-synthesizer';
|
5 | export declare const BOOTSTRAP_QUALIFIER_CONTEXT = "@aws-cdk/core:bootstrapQualifier";
|
6 | /**
|
7 | * Configuration properties for DefaultStackSynthesizer
|
8 | */
|
9 | export interface DefaultStackSynthesizerProps {
|
10 | /**
|
11 | * Name of the S3 bucket to hold file assets
|
12 | *
|
13 | * You must supply this if you have given a non-standard name to the staging bucket.
|
14 | *
|
15 | * The placeholders `${Qualifier}`, `${AWS::AccountId}` and `${AWS::Region}` will
|
16 | * be replaced with the values of qualifier and the stack's account and region,
|
17 | * respectively.
|
18 | *
|
19 | * @default DefaultStackSynthesizer.DEFAULT_FILE_ASSETS_BUCKET_NAME
|
20 | */
|
21 | readonly fileAssetsBucketName?: string;
|
22 | /**
|
23 | * Name of the ECR repository to hold Docker Image assets
|
24 | *
|
25 | * You must supply this if you have given a non-standard name to the ECR repository.
|
26 | *
|
27 | * The placeholders `${Qualifier}`, `${AWS::AccountId}` and `${AWS::Region}` will
|
28 | * be replaced with the values of qualifier and the stack's account and region,
|
29 | * respectively.
|
30 | *
|
31 | * @default DefaultStackSynthesizer.DEFAULT_IMAGE_ASSETS_REPOSITORY_NAME
|
32 | */
|
33 | readonly imageAssetsRepositoryName?: string;
|
34 | /**
|
35 | * The role to use to publish file assets to the S3 bucket in this environment
|
36 | *
|
37 | * You must supply this if you have given a non-standard name to the publishing role.
|
38 | *
|
39 | * The placeholders `${Qualifier}`, `${AWS::AccountId}` and `${AWS::Region}` will
|
40 | * be replaced with the values of qualifier and the stack's account and region,
|
41 | * respectively.
|
42 | *
|
43 | * @default DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PUBLISHING_ROLE_ARN
|
44 | */
|
45 | readonly fileAssetPublishingRoleArn?: string;
|
46 | /**
|
47 | * External ID to use when assuming role for file asset publishing
|
48 | *
|
49 | * @default - No external ID
|
50 | */
|
51 | readonly fileAssetPublishingExternalId?: string;
|
52 | /**
|
53 | * The role to use to publish image assets to the ECR repository in this environment
|
54 | *
|
55 | * You must supply this if you have given a non-standard name to the publishing role.
|
56 | *
|
57 | * The placeholders `${Qualifier}`, `${AWS::AccountId}` and `${AWS::Region}` will
|
58 | * be replaced with the values of qualifier and the stack's account and region,
|
59 | * respectively.
|
60 | *
|
61 | * @default DefaultStackSynthesizer.DEFAULT_IMAGE_ASSET_PUBLISHING_ROLE_ARN
|
62 | */
|
63 | readonly imageAssetPublishingRoleArn?: string;
|
64 | /**
|
65 | * The role to use to look up values from the target AWS account during synthesis
|
66 | *
|
67 | * @default - None
|
68 | */
|
69 | readonly lookupRoleArn?: string;
|
70 | /**
|
71 | * External ID to use when assuming lookup role
|
72 | *
|
73 | * @default - No external ID
|
74 | */
|
75 | readonly lookupRoleExternalId?: string;
|
76 | /**
|
77 | * Use the bootstrapped lookup role for (read-only) stack operations
|
78 | *
|
79 | * Use the lookup role when performing a `cdk diff`. If set to `false`, the
|
80 | * `deploy role` credentials will be used to perform a `cdk diff`.
|
81 | *
|
82 | * Requires bootstrap stack version 8.
|
83 | *
|
84 | * @default true
|
85 | */
|
86 | readonly useLookupRoleForStackOperations?: boolean;
|
87 | /**
|
88 | * External ID to use when assuming role for image asset publishing
|
89 | *
|
90 | * @default - No external ID
|
91 | */
|
92 | readonly imageAssetPublishingExternalId?: string;
|
93 | /**
|
94 | * External ID to use when assuming role for cloudformation deployments
|
95 | *
|
96 | * @default - No external ID
|
97 | */
|
98 | readonly deployRoleExternalId?: string;
|
99 | /**
|
100 | * The role to assume to initiate a deployment in this environment
|
101 | *
|
102 | * You must supply this if you have given a non-standard name to the publishing role.
|
103 | *
|
104 | * The placeholders `${Qualifier}`, `${AWS::AccountId}` and `${AWS::Region}` will
|
105 | * be replaced with the values of qualifier and the stack's account and region,
|
106 | * respectively.
|
107 | *
|
108 | * @default DefaultStackSynthesizer.DEFAULT_DEPLOY_ROLE_ARN
|
109 | */
|
110 | readonly deployRoleArn?: string;
|
111 | /**
|
112 | * The role CloudFormation will assume when deploying the Stack
|
113 | *
|
114 | * You must supply this if you have given a non-standard name to the execution role.
|
115 | *
|
116 | * The placeholders `${Qualifier}`, `${AWS::AccountId}` and `${AWS::Region}` will
|
117 | * be replaced with the values of qualifier and the stack's account and region,
|
118 | * respectively.
|
119 | *
|
120 | * @default DefaultStackSynthesizer.DEFAULT_CLOUDFORMATION_ROLE_ARN
|
121 | */
|
122 | readonly cloudFormationExecutionRole?: string;
|
123 | /**
|
124 | * Name of the CloudFormation Export with the asset key name
|
125 | *
|
126 | * You must supply this if you have given a non-standard name to the KMS key export
|
127 | *
|
128 | * The placeholders `${Qualifier}`, `${AWS::AccountId}` and `${AWS::Region}` will
|
129 | * be replaced with the values of qualifier and the stack's account and region,
|
130 | * respectively.
|
131 | *
|
132 | * @default DefaultStackSynthesizer.DEFAULT_FILE_ASSET_KEY_ARN_EXPORT_NAME
|
133 | * @deprecated This property is not used anymore
|
134 | */
|
135 | readonly fileAssetKeyArnExportName?: string;
|
136 | /**
|
137 | * Qualifier to disambiguate multiple environments in the same account
|
138 | *
|
139 | * You can use this and leave the other naming properties empty if you have deployed
|
140 | * the bootstrap environment with standard names but only differnet qualifiers.
|
141 | *
|
142 | * @default - Value of context key '@aws-cdk/core:bootstrapQualifier' if set, otherwise `DefaultStackSynthesizer.DEFAULT_QUALIFIER`
|
143 | */
|
144 | readonly qualifier?: string;
|
145 | /**
|
146 | * Whether to add a Rule to the stack template verifying the bootstrap stack version
|
147 | *
|
148 | * This generally should be left set to `true`, unless you explicitly
|
149 | * want to be able to deploy to an unbootstrapped environment.
|
150 | *
|
151 | * @default true
|
152 | */
|
153 | readonly generateBootstrapVersionRule?: boolean;
|
154 | /**
|
155 | * bucketPrefix to use while storing S3 Assets
|
156 | *
|
157 | * @default - DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PREFIX
|
158 | */
|
159 | readonly bucketPrefix?: string;
|
160 | /**
|
161 | * A prefix to use while tagging and uploading Docker images to ECR.
|
162 | *
|
163 | * This does not add any separators - the source hash will be appended to
|
164 | * this string directly.
|
165 | *
|
166 | * @default - DefaultStackSynthesizer.DEFAULT_DOCKER_ASSET_PREFIX
|
167 | */
|
168 | readonly dockerTagPrefix?: string;
|
169 | /**
|
170 | * Bootstrap stack version SSM parameter.
|
171 | *
|
172 | * The placeholder `${Qualifier}` will be replaced with the value of qualifier.
|
173 | *
|
174 | * @default DefaultStackSynthesizer.DEFAULT_BOOTSTRAP_STACK_VERSION_SSM_PARAMETER
|
175 | */
|
176 | readonly bootstrapStackVersionSsmParameter?: string;
|
177 | }
|
178 | /**
|
179 | * Uses conventionally named roles and asset storage locations
|
180 | *
|
181 | * This synthesizer:
|
182 | *
|
183 | * - Supports cross-account deployments (the CLI can have credentials to one
|
184 | * account, and you can still deploy to another account by assuming roles with
|
185 | * well-known names in the other account).
|
186 | * - Supports the **CDK Pipelines** library.
|
187 | *
|
188 | * Requires the environment to have been bootstrapped with Bootstrap Stack V2
|
189 | * (also known as "modern bootstrap stack"). The synthesizer adds a version
|
190 | * check to the template, to make sure the bootstrap stack is recent enough
|
191 | * to support all features expected by this synthesizer.
|
192 | */
|
193 | export declare class DefaultStackSynthesizer extends StackSynthesizer {
|
194 | private readonly props;
|
195 | /**
|
196 | * Default ARN qualifier
|
197 | */
|
198 | static readonly DEFAULT_QUALIFIER = "hnb659fds";
|
199 | /**
|
200 | * Default CloudFormation role ARN.
|
201 | */
|
202 | static readonly DEFAULT_CLOUDFORMATION_ROLE_ARN = "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-cfn-exec-role-${AWS::AccountId}-${AWS::Region}";
|
203 | /**
|
204 | * Default deploy role ARN.
|
205 | */
|
206 | static readonly DEFAULT_DEPLOY_ROLE_ARN = "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-deploy-role-${AWS::AccountId}-${AWS::Region}";
|
207 | /**
|
208 | * Default asset publishing role ARN for file (S3) assets.
|
209 | */
|
210 | static readonly DEFAULT_FILE_ASSET_PUBLISHING_ROLE_ARN = "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-file-publishing-role-${AWS::AccountId}-${AWS::Region}";
|
211 | /**
|
212 | * Default asset publishing role ARN for image (ECR) assets.
|
213 | */
|
214 | static readonly DEFAULT_IMAGE_ASSET_PUBLISHING_ROLE_ARN = "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-image-publishing-role-${AWS::AccountId}-${AWS::Region}";
|
215 | /**
|
216 | * Default lookup role ARN for missing values.
|
217 | */
|
218 | static readonly DEFAULT_LOOKUP_ROLE_ARN = "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-lookup-role-${AWS::AccountId}-${AWS::Region}";
|
219 | /**
|
220 | * Default image assets repository name
|
221 | */
|
222 | static readonly DEFAULT_IMAGE_ASSETS_REPOSITORY_NAME = "cdk-${Qualifier}-container-assets-${AWS::AccountId}-${AWS::Region}";
|
223 | /**
|
224 | * Default file assets bucket name
|
225 | */
|
226 | static readonly DEFAULT_FILE_ASSETS_BUCKET_NAME = "cdk-${Qualifier}-assets-${AWS::AccountId}-${AWS::Region}";
|
227 | /**
|
228 | * Name of the CloudFormation Export with the asset key name
|
229 | */
|
230 | static readonly DEFAULT_FILE_ASSET_KEY_ARN_EXPORT_NAME = "CdkBootstrap-${Qualifier}-FileAssetKeyArn";
|
231 | /**
|
232 | * Default file asset prefix
|
233 | */
|
234 | static readonly DEFAULT_FILE_ASSET_PREFIX = "";
|
235 | /**
|
236 | * Default Docker asset prefix
|
237 | */
|
238 | static readonly DEFAULT_DOCKER_ASSET_PREFIX = "";
|
239 | /**
|
240 | * Default bootstrap stack version SSM parameter.
|
241 | */
|
242 | static readonly DEFAULT_BOOTSTRAP_STACK_VERSION_SSM_PARAMETER = "/cdk-bootstrap/${Qualifier}/version";
|
243 | private _stack?;
|
244 | private bucketName?;
|
245 | private repositoryName?;
|
246 | private _deployRoleArn?;
|
247 | private _cloudFormationExecutionRoleArn?;
|
248 | private fileAssetPublishingRoleArn?;
|
249 | private imageAssetPublishingRoleArn?;
|
250 | private lookupRoleArn?;
|
251 | private useLookupRoleForStackOperations;
|
252 | private qualifier?;
|
253 | private bucketPrefix?;
|
254 | private dockerTagPrefix?;
|
255 | private bootstrapStackVersionSsmParameter?;
|
256 | private assetManifest;
|
257 | constructor(props?: DefaultStackSynthesizerProps);
|
258 | bind(stack: Stack): void;
|
259 | addFileAsset(asset: FileAssetSource): FileAssetLocation;
|
260 | addDockerImageAsset(asset: DockerImageAssetSource): DockerImageAssetLocation;
|
261 | protected synthesizeStackTemplate(stack: Stack, session: ISynthesisSession): void;
|
262 | /**
|
263 | * Synthesize the associated stack to the session
|
264 | */
|
265 | synthesize(session: ISynthesisSession): void;
|
266 | /**
|
267 | * Returns the ARN of the deploy Role.
|
268 | */
|
269 | get deployRoleArn(): string;
|
270 | /**
|
271 | * Returns the ARN of the CFN execution Role.
|
272 | */
|
273 | get cloudFormationExecutionRoleArn(): string;
|
274 | protected get stack(): Stack | undefined;
|
275 | }
|