daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9d3a93a99817c69b2b76caffe90de14bc4e43204
agent-claw/cdk/node_modules/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.d.ts
daniel 732b00fb66 agent-claw: automated task changes
2026-05-06 18:55:16 -05:00

74 lines
3.0 KiB
TypeScript
Raw Blame History

import { Construct } from 'constructs';
import * as iam from '../../../aws-iam';
import type { IBucket, EventType, NotificationKeyFilter } from '../bucket';
import type { IBucketNotificationDestination } from '../destination';
interface NotificationsProps {
/**
* The bucket to manage notifications for.
*/
bucket: IBucket;
/**
* The role to be used by the lambda handler
*/
handlerRole?: iam.IRole;
/**
* Skips notification validation of Amazon SQS, Amazon SNS, and Lambda destinations.
*/
skipDestinationValidation: boolean;
}
/**
* A custom CloudFormation resource that updates bucket notifications for a
* bucket. The reason we need it is because the AWS::S3::Bucket notification
* configuration is defined on the bucket itself, which makes it impossible to
* provision notifications at the same time as the target (since
* PutBucketNotifications validates the targets).
*
* Since only a single BucketNotifications resource is allowed for each Bucket,
* this construct is not exported in the public API of this module. Instead, it
* is created just-in-time by `s3.Bucket.onEvent`, so a 1:1 relationship is
* ensured.
*
* @see
* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig.html
*/
export declare class BucketNotifications extends Construct {
private eventBridgeEnabled;
private readonly lambdaNotifications;
private readonly queueNotifications;
private readonly topicNotifications;
private resource?;
private readonly bucket;
private readonly handlerRole?;
private readonly skipDestinationValidation;
constructor(scope: Construct, id: string, props: NotificationsProps);
/**
* Adds a notification subscription for this bucket.
* If this is the first notification, a BucketNotification resource is added to the stack.
*
* @param event The type of event
* @param target The target construct
* @param filters A set of S3 key filters
*/
addNotification(event: EventType, target: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]): void;
enableEventBridgeNotification(): void;
private renderNotificationConfiguration;
/**
* Defines the bucket notifications resources in the stack only once.
* This is called lazily as we add notifications, so that if notifications are not added,
* there is no notifications resource.
*/
private createResourceOnce;
/**
* Add scoped permissions for managing bucket notifications to the handler's role.
*
* Grants specific IAM permissions to the bucket ARN instead of using wildcard permissions.
* This implements the principle of least privilege by limiting the handler's access to only
* the buckets it needs to manage.
*
* @param handler The notifications resource handler
* @param managed Whether this is a managed (CDK-created) bucket
*/
private addHandlerPermissions;
}
export {};
Reference in New Issue View Git Blame Copy Permalink