Security News
Django Joins curl in Pushing Back on AI Slop Security Reports
Django has updated its security policies to reject AI-generated vulnerability reports that include fabricated or unverifiable content.
By Sarah Gooding - Jun 30, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@cuckoointernet/aws-constructs
Advanced tools
@cuckoointernet/aws-constructs
This repo contains thin wrappers for CDK constructs to ensure a consistent standard is applied to generated cloud resources and to avoid repetitive boilerplate code.
AWS Constructs
This repo contains thin wrappers for CDK constructs to ensure a consistent standard is applied to generated cloud resources and to avoid repetitive boilerplate code.
Preamble
There are a few conventions when using this library to be aware of.
- Constructs expect the CDK context values
ENVIRONMENTandCUSTOMERto be declared via the CLI: 2.ENVIRONMENT- eg:dev,stage,prodetc but you can use whatever you want 3.CUSTOMER- a string representing the end client of your software. This library is built with a SaaS mindset, where each customer can have their own configuration. If this doesn't apply to you we recommend simply using your own business name. - Your
cdk.context.jsonfile should adopt a structure of:
{
"cuckoo": {
// <--- customer(s)
"prod": {
// <--- environment(s)
"logLevel": "debug" // <--- option(s)
}
}
}
Where a more complete example might look something like:
{
"cuckoo": {
"dev": {
"logLevel": "debug"
},
"prod": {
"logLevel": "info"
}
},
"acme": {
"dev": {
"logLevel": "info",
"alarmNotificationsTopic": "acme-sns-topic-dev",
"yourCustomOptions": "foo"
},
"prod": {
"logLevel": "error",
"alarmNotificationsTopic": "acme-sns-topic-prod",
"yourCustomOptions": "bar"
}
}
}
lambda.Function
As well as the usual defaults, this construct will additionally configure the following for you:
- Function description set to
${id}-${ENVIRONMENT} - Runtime set to Node v18
- Architecture set to arm64
- Log retention set to 6 months
- X-Ray tracing set to active
- Set an environment variable called
ENVIRONMENTbased on the CDK context valueENVIRONMENT - Set an environment variable called
LOG_LEVELbased on the CDK context value<customer>.<environment>.logLevel(Default: debug) - An alarm to report when the function errors
- An alarm to report when the function execution times are approaching their max timeout (>75% threshold)
- An alarm to report when the function is repeatedly throttled
- An alarm to report when the function memory utilization is >75% (only available if
insightsVersionis configured) - Alarms that trigger will send notifications for OK or in alarm state, to an SNS topic specified via the CDK context value
<customer>.<environment>.alarmNotificationsTopic - You can override the default alarms by providing a 4th parameter to customise their configuration
- You can configure access to SSM Parameters by providing the
ssmParameterPathsproperty via the 4th parameter
Usage
import * as lambda from "aws-cdk-lib/aws-lambda";
import * as AWSConstructs from "@cuckoointernet/aws-constructs";
class ExampleFunction extends AWSConstructs.lambda.Function {
constructor(
scope: Construct,
id: string,
props: lambda.FunctionProps,
customProps?: CustomLambdaProps
) {
super(
scope,
ExampleFunction.name,
{
handler: "index.handler",
code: lambda.Code.fromAsset(path.join(__dirname, "../build")),
// To override the default behaviour of this construct you can supply your own props here...
// See: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html#construct-props
},
{
// Custom AWS Construct options
}
);
}
}
lambda.NodejsFunction
As well as the usual defaults, this construct will additionally configure the same properties as lambda.Function. This construct is specifically aimed at taking advantage of the same great defaults, but giving the option to use esbuild to build Lambda source code.
Usage
import * as lambdaNode from "aws-cdk-lib/aws-lambda-nodejs";
import * as CuckooConstructs from "@cuckoointernet/cuckoo-constructs";
class ExampleFunction extends CuckooConstructs.lambda.NodejsFunction {
constructor(
scope: Construct,
id: string,
props: lambdaNode.NodejsFunctionProps,
customProps?: CustomLambdaProps
) {
super(
scope,
ExampleFunction.name,
{
entry: "src/lambda/node-mock-handler.ts",
handler: "handleTheStuff",
// To override the default behaviour of this construct you can supply your own props here...
// See: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda.Function.html#construct-props
},
{
// Custom Cuckoo Construct options
}
);
}
}
sqs.Queue
As well as the usual defaults, this construct will additionally configure the following for you:
- Enforce SSL for data in transit.
- An alarm on the queue to report if the number of in-flight messages is close to the maximum allowed by SQS
- Alarms that trigger will send notifications to an SNS topic specified via the CDK context value
<customer>.<environment>.alarmNotificationsTopic - You can customise or disable alarms by providing a 4th parameter.
Usage
import * as AWSConstructs from "@cuckoointernet/aws-constructs";
class ExampleQueue extends AWSConstructs.sqs.Queue {
constructor(scope: Construct) {
super(
scope,
ExampleQueue.name,
{
// To override the default behaviour of this construct you can supply your own props here...
// See: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html#construct-props
},
{
// Custom AWS Construct options
}
);
}
}
sqs.DeadLetterQueue
The CDK doesn't include a DLQ construct out of the box, this is our take on what one should look like. As well as the usual defaults, this construct will additionally configure the following for you:
- Retention period of 14 days.
- Enforce SSL for data in transit.
- An alarm to report when the DLQ contains any messages
- Alarms that trigger will send notifications to an SNS topic specified via the CDK context value
<customer>.<environment>.alarmNotificationsTopic - You can customise or disable alarms by providing a 4th parameter.
Usage
import * as AWSConstructs from "@cuckoointernet/aws-constructs";
class ExampleDlq extends AWSConstructs.sqs.DeadLetterQueue {
constructor(scope: Construct) {
super(
scope,
ExampleDlq.name,
{
// To override the default behaviour of this construct you can supply your own props here...
// See: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html#construct-props
},
{
// Custom AWS Construct options
}
);
}
}
dynamodb.Table
As well as the usual defaults, this construct will additionally configure the following for you:
- (Production only) Set
pointInTimeRecoverytotrue
Usage
import * as AWSConstructs from "@cuckoointernet/aws-constructs";
class ExampleTable extends AWSConstructs.dynamodb.Table {
constructor(scope: Construct) {
super(scope, ExampleTable.name, {
partitionKey: {
name: "id",
type: AttributeType.STRING,
},
// To override the default behaviour of this construct you can supply your own props here...
// See: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_dynamodb.Table.html#construct-props
});
}
}
s3.Bucket
As well as the usual defaults, this construct will additionally configure the following for you:
- Versioning set to
true. - Public Access is blocked by default.
- Object encryption is on by default and S3 Managed.
- Encryption in transit is restricted to HTTPS
- Lifecycle rules are set by default on current & non-current object versions:
- After 3 months (90 days) the version will transition to S3 Standard Infrequent Access.
- After 6 months (180 days) the version will transition to Glacier Instant Retrieval.
Usage
import * as AWSConstructs from "@cuckoointernet/aws-constructs";
class ExampleBucket extends AWSConstructs.s3.Bucket {
constructor(scope: Construct) {
super(scope, ExampleBucket.name, {
// To override the default behaviour of this construct you can supply your own props here...
// See: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html#construct-props
});
}
}
stepfunctions.StateMachine
As well as the usual defaults, this construct will additionally configure the following for you:
- State machine type set to Express
- Timeout default to 5 minutes
- Creates a log group to capture:
-
- All log levels
-
- Execution data
-
- Note; any overriding log group must be prefixed with '/aws/vendedlogs/states/'. See https://docs.aws.amazon.com/step-functions/latest/dg/bp-cwl.html.
- X-Ray tracing enabled
- An alarm to report when an execution errors
- An alarm to report when an execution times out.
- Alarms that trigger will send notifications to an SNS topic specified via the CDK context value
<customer>.<environment>.alarmNotificationsTopic - You can override the default alarms by providing a 4th parameter to customise their configuration
Usage
import * as lambda from "aws-cdk-lib/aws-lambda";
import * as sfn from "aws-cdk-lib/aws-stepfunctions";
import * as AWSConstructs from "@cuckoointernet/aws-constructs";
class ExampleStateMachine extends AWSConstructs.stepfunctions.StateMachine {
constructor(scope: Constructid: string, props: sfn.StateMachineProps, customProps?: CustomStateMachineProps) {
const definition = new sfn.Pass(scope, "InitialPass");
super(
scope,
ExampleStateMachine.name,
{
definition,
// To override the default behaviour of this construct you can supply your own props here...
// See: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_stepfunctions.StateMachine.html#construct-props
},
{
// Custom AWS Construct options
}
);
}
}
utils.getContextByPath
A utility function that can be used to retrieve a nested value from the CDK context:
Usage
Example cdk.context.json:
{
"cuckoo": {
"prod": {
"logLevel": "debug"
}
}
}
import { utils } from "@cuckoointernet/aws-constructs";
const logLevel = utils.getContextByPath(
scope,
`cuckoo.prod.logLevel`
) as string; // => debug
Contributors
 Amir Sekhavati 💻 |  Elliot Massey 💻 |  Julian Inwood 💻 |  Georgia Georgiou 💻 |  Luke Swift 💻 |  Ben Parnell 💻 |  Dan 💻 |
FAQs
This repo contains thin wrappers for CDK constructs to ensure a consistent standard is applied to generated cloud resources and to avoid repetitive boilerplate code.
The npm package @cuckoointernet/aws-constructs receives a total of 28 weekly downloads. As such, @cuckoointernet/aws-constructs popularity was classified as not popular.
We found that @cuckoointernet/aws-constructs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 19 Feb 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ECMAScript 2025 Finalized with Iterator Helpers, Set Methods, RegExp.escape, and More
ECMAScript 2025 introduces Iterator Helpers, Set methods, JSON modules, and more in its latest spec update approved by Ecma in June 2025.
By Sarah Gooding - Jun 26, 2025
Security News
Node.js Homepage Adds Paid Support Link, Prompting Contributor Pushback
A new Node.js homepage button linking to paid support for EOL versions has sparked a heated discussion among contributors and the wider community.
By Sarah Gooding - Jun 25, 2025